You are on page 1of 456

Windchill Installation and Configuration Guide

Windchill 10.1 M040 April 2013

Copyright
Copyright 2013 PTC Inc. and/or and/or Its Subsidiary Companies. All Rights Reserved. User and training guides and related documentation from PTC Inc. and its subsidiary companies (collectively "PTC") are subject to the copyright laws of the United States and other countries and are provided under a license agreement that restricts copying, disclosure, and use of such documentation. PTC hereby grants to the licensed software user the right to make copies in printed form of this documentation if provided on software media, but only for internal/personal use and in accordance with the license agreement under which the applicable software is licensed. Any copy made shall include the PTC copyright notice and any other proprietary notice provided by PTC. Training materials may not be copied without the express written consent of PTC. This documentation may not be disclosed, transferred, modified, or reduced to any form, including electronic media, or transmitted or made publicly available by any means without the prior written consent of PTC and no authorization is granted to make copies for such purposes. Information described herein is furnished for general information only, is subject to change without notice, and should not be construed as a warranty or commitment by PTC. PTC assumes no responsibility or liability for any errors or inaccuracies that may appear in this document. The software described in this document is provided under written license agreement, contains valuable trade secrets and proprietary information, and is protected by the copyright laws of the United States and other countries. It may not be copied or distributed in any form or medium, disclosed to third parties, or used in any manner not provided for in the software licenses agreement except with written prior approval from PTC. UNAUTHORIZED USE OF SOFTWARE OR ITS DOCUMENTATION CAN RESULT IN CIVIL DAMAGES AND CRIMINAL PROSECUTION. PTC regards software piracy as the crime it is, and we view offenders accordingly. We do not tolerate the piracy of PTC software products, and we pursue (both civilly and criminally) those who do so using all legal means available, including public and private surveillance resources. As part of these efforts, PTC uses data monitoring and scouring technologies to obtain and transmit data on users of illegal copies of our software. This data collection is not performed on users of legally licensed software from PTC and its authorized distributors. If you are using an illegal copy of our software and do not consent to the collection and transmission of such data (including to the United States), cease using the illegal version, and contact PTC to obtain a legally licensed copy. Important Copyright, Trademark, Patent, and Licensing Information: See the About Box, or copyright notice, of your PTC software.

Windchill Installation and Configuration Guide

UNITED STATES GOVERNMENT RESTRICTED RIGHTS LEGEND This document and the software described herein are Commercial Computer Documentation and Software, pursuant to FAR 12.212(a)-(b) (OCT95) or DFARS 227.7202-1(a) and 227.7202-3(a) (JUN95), and are provided to the US Government under a limited commercial license only. For procurements predating the above clauses, use, duplication, or disclosure by the Government is subject to the restrictions set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software Clause at DFARS 252.227-7013 (OCT88) or Commercial Computer Software-Restricted Rights at FAR 52.227-19(c)(1)-(2) (JUN87), as applicable. 01282013 PTC Inc., 140 Kendrick Street, Needham, MA 02494 USA

Contents

About This Guide.........................................................................................................9 Planning a Solution Installation ...................................................................................13 Installing Windchill PDMLink on a Pro/INTRALINK 10.1 System .............................14 Installation Planning for Optional Products ............................................................14 Installing Oracle ........................................................................................................29 About Oracle ......................................................................................................30 Before You Begin ................................................................................................30 Installing Oracle Server Software .........................................................................31 Installing Oracle Client Software...........................................................................32 Installing Oracle Patches .....................................................................................33 Post-Installation Activities ....................................................................................34 Installing SQL Server .................................................................................................39 About SQL Server...............................................................................................40 Before You Begin ................................................................................................40 Installing SQL Server Software ............................................................................42 Index Byte Limitation ...........................................................................................43 Configuring a Remote SQL Server Database to Work with the Windchill Server ............................................................................................................44 Starting SQL Server Services ..............................................................................45 Before Using the PTC Solution Installer .......................................................................47 Overview............................................................................................................48 Installing Using the Appropriate Permissions .........................................................48 Setting the Installation Directory on Windows ........................................................49 Using a Staging Directory for Product CDs on Windows .........................................49 Disabling Windows Firewall and Internet Explorer Enhanced Security Configuration for Windows Server .....................................................................49 Configuring Windchill with the Arbortext Publishing Engine.....................................51 Preparing Enterprise LDAP for Installation Data Load ............................................51 Preparing an Enterprise LDAP Including Active Directory .......................................51 Configuring a Windchill Installation to be IPv6 Compliant ........................................52 Specifying UNIX Settings.....................................................................................52 Verify that the Time and Date is Accurate on the Server .........................................53 Installing Windchill Solutions ......................................................................................55 Overview............................................................................................................56 Installing Using the PTC Solution Installer .............................................................56 Optional Product Settings ....................................................................................93 Installing a Standalone Product or Component........................................................... 137 Overview.......................................................................................................... 138

Installing Using the PTC Solution Installer ........................................................... 138 Selecting the Installation Type............................................................................ 139 Installing a Standalone Product or Component .................................................... 140 Specifying the User (UNIX Only) ........................................................................ 140 Providing Details for System Notifications and Information Exchange .................... 140 Specifying the Installation Directory .................................................................... 141 Entering the Web Server and Servlet Engine Settings .......................................... 142 Specifying Language Settings............................................................................ 143 Selecting the Database Size .............................................................................. 144 Entering Your Database Information ................................................................... 145 Selecting Data Loader Settings .......................................................................... 150 Entering Your LDAP Settings ............................................................................. 151 Entering Administrative Settings......................................................................... 160 Specifying Optional Product Settings .................................................................. 162 Creating Product Icons or Links.......................................................................... 162 Selecting Staging Directory Options ................................................................... 163 Copying CDs or CD Images to the Staging Area .................................................. 164 Reviewing the Installation Overview ................................................................... 164 Locating Post-installation Steps for Your Products ............................................... 165 Installing a File Server Remote Site........................................................................... 167 File Server Management Utility Overview ............................................................ 168 Installing a File Server Remote Site Using PSI .................................................... 168 Completing Configurations - Manual Steps ................................................................ 171 Completing the Configuration Overview .............................................................. 172 All Solutions ..................................................................................................... 172 Windchill Integrations for Embedded Software ........................................................... 201 Defect Tracking Systems [Integrity (DTS), Bugzilla and Atlassian JIRA] Server Configuration ................................................................................................ 202 Software Configuration Management Systems [Integrity Source (SCM), Subversion and IBM Rational ClearCase] Server Configuration ......................... 202 Windchill PDMLink ............................................................................................ 207 Windchill ProjectLink ......................................................................................... 208 Windchill CAPA ................................................................................................ 209 Windchill Nonconformance ................................................................................ 211 Windchill Customer Experience Management ..................................................... 212 Optional Products ............................................................................................. 214 Whats Next Summary ............................................................................................. 269 Monitoring and Maintenance Activities ................................................................ 270 Other Product Installations and Configurations .................................................... 270 Administrative Activities..................................................................................... 271 About Software Maintenance ............................................................................. 271 Database Initializing and Data Loading...................................................................... 273 Before You Begin .............................................................................................. 274 Configuring Business Object Uniqueness Across Organizations ........................... 274 Starting the Web Server, Servlet Engine, and Windchill Servers............................ 275

Windchill Installation and Configuration Guide

Setting the Number of Starting Method Servers ................................................... 276 Creating the Database Schema ......................................................................... 277 Update the Windchill Database .......................................................................... 279 Loading Base and Demonstration Data............................................................... 280 Executing Post-Dataload Steps.......................................................................... 287 Resetting the Number of Running Method Servers............................................... 287 About the Base and Demonstration Data ............................................................ 287 Installing and Configuring Adobe LiveCycle Software ................................................. 291 About Adobe LiveCycle Forms Software ............................................................. 292 System Compatibility and Requirements............................................................. 292 Installing Adobe LiveCycle Forms Software......................................................... 292 Configuring Windchill for Use with Adobe LiveCycle Forms Software..................... 293 Configuring EXPRESS Data Manager....................................................................... 297 Installing EXPRESS Data Manager .................................................................... 298 Configuring Windchill for EDMS ......................................................................... 298 Configuring Sun Java System Web Server ................................................................ 301 Before You Begin .............................................................................................. 302 Configuring Windchill for Sun Java System Web Server ....................................... 302 Configuring Sun Java System Web Server.......................................................... 303 Using Sun Java System Web Server for Multiple Instances of Windchill................. 312 Configuring IIS and Tomcat ...................................................................................... 313 Before You Begin .............................................................................................. 314 Configuring IIS and Tomcat................................................................................ 315 Configuration Summary..................................................................................... 326 Configuring IBM HTTP Server AIX ............................................................................ 327 Installing HTTP Web Server............................................................................... 328 Installing Windchill components ......................................................................... 328 Restarting the IBM HTTP Server ........................................................................ 328 Configuring Apache and Tomcat With Other Options .................................................. 331 Before You Begin .............................................................................................. 332 Setting Up Apache Ant ...................................................................................... 332 Configurations When Apache is Installed Remotely ............................................. 334 Running Apache as a Windows Service.............................................................. 336 Running Tomcat in Development Mode............................................................... 337 Apache and Info*Engine Installed With Different Users ........................................ 337 Installing Apache A Second Time ....................................................................... 338 Configuring Apache for IPv6 .............................................................................. 338 Configuring a Non-PTC Apache (manual installation)........................................... 339 Specifying Web Server Authentication ................................................................ 340 Configuring Windchill to Work with a Remote Apache ................................................. 343 Background...................................................................................................... 344 Configuring a Split Configuration ........................................................................ 344 Additional Apache Configurations....................................................................... 345 Configuring Additional Enterprise Directories ............................................................. 347

Contents

About Configuring Additional Enterprise Directories ............................................. 348 Integration with Established Enterprise Directory Services.................................... 349 Create and Configure the JNDI Adapter .............................................................. 354 Create a Repository Definition............................................................................ 359 Modify the wt.properties File .............................................................................. 360 Set Authentication in the MapCredentials.xml File................................................ 361 Update the Apache Configuration....................................................................... 363 Verify Your Changes ......................................................................................... 364 User and Group LDAP Attribute Value Mapping ................................................... 364 Configuring Security Labels...................................................................................... 373 About Security Labels ....................................................................................... 374 Security Labels Example Configuration............................................................... 380 Before You Begin .............................................................................................. 383 Configuration Steps .......................................................................................... 385 Additional Configuration Concerns ..................................................................... 414 Best Practices for Security Labels and Agreements ............................................. 424 Installation Logs and Troubleshooting ....................................................................... 426 Installation Log Files ......................................................................................... 427 Troubleshooting Your Initial Installation ............................................................... 428 The PTC Solution Installer Global Registry.......................................................... 443 Loading and Mounting the CD-ROM on UNIX ............................................................ 445 Determining the SCSI ID of the CD-ROM Drive ................................................... 446 Loading and Mounting the CD-ROM Locally........................................................ 447 Loading and Mounting the CD-ROM Remotely .................................................... 448 Recovering an Installation ........................................................................................ 451 Starting and Stopping Windchill ................................................................................ 452 Starting and Stopping Apache and the Windchill Method Server ........................... 453 Using a URL to Access Windchill........................................................................ 454 Running Windchill as a Windows Service............................................................ 455

Windchill Installation and Configuration Guide

About This Guide


The Windchill Installation and Configuration Guide provides the instructions to install and configure Windchill (including its Oracle database and Windchill solutions), and to initialize and load the database. Before you install your solution, be sure you have the most up-to-date version of this manual. It will be posted on the PTC Web site: https://www.ptc.com/appserver/cs/doc/refdoc.jsp Before you install and configure Windchill, be sure you have installed your database software (This is not a requirement for Pro/INTRALINK 10.1 customers installing the bundled Oracle database).

Related Documentation
The following documentation may be helpful:

Read This First Windchill Release 10.0 Getting Started with Windchill Installation and Configuration Guide Windchill Customization Guide Windchill Performance Tuning Guide Windchill CounterPart Installation Guide Windchill Data Loading Reference and Best Practices Guide Windchill PartsLink Administrator s Guide (for Windchill PDMLink only) Windchill Archive Administration Guide (for Windchill PDMLink and Pro/INTRALINK 10.1) Windchill Enterprise Systems Integration Installation and Configuration Guide - SAP

Windchill Enterprise Systems Integration Installation and Configuration Guide - Oracle Applications Getting Started with Pro/INTRALINK 10.1 Optegra Gateway Installation and Configuration Guide

If books are not installed on your system, see your system administrator.

Technical Support
Contact PTC Technical Support via the PTC Web site, phone, fax, or e-mail if you encounter problems using <product name> or the product documentation. For complete details, refer to Contacting Technical Support in the PTC Customer Service Guide. This guide can be found under the Self Help section of the PTC Web site at: http://www.ptc.com/support/indexsupport.htm The PTC Web site also provides a search facility for technical documentation of particular interest. To access this page, use the following URL: http://www.ptc.com/support/support.htm You must have a Service Contract Number (SCN) before you can receive technical support. If you do not have an SCN, contact PTC Maintenance Department using the instructions found in your PTC Customer Service Guide under Contacting Your Maintenance Support Representative.

Documentation for PTC Products


You can access PTC documentation using the following resources: Windchill Help Page The Windchill Help Center is an online knowledgebase that includes a universal index of all Windchill documentation; you can access it by clicking a help icon or the Help link in any Windchill page header. You can browse the entire Windchill documentation set, or use the advanced search capability to customize your keyword search. Reference Documents Web Site All books are available from the Reference Documents link of the PTC Web site at the following URL: http://www.ptc.com/appserver/cs/doc/refdoc.jsp A Service Contract Number (SCN) is required to access the PTC documentation from the Reference Documents Web site. For more information on SCNs, see Technical Support: http://www.ptc.com/support/support.htm

Comments
PTC welcomes your suggestions and comments on its documentation. Send comments to the online survey form at the following address: documentation@ptc.com
Windchill Installation and Configuration Guide

10

Please include the name of the application and its release number with your comments. For online books, provide the book title.

Comments

11

1
Planning a Solution Installation
Installing Windchill PDMLink on a Pro/INTRALINK 10.1 System ....................................14 Installation Planning for Optional Products ...................................................................14

This section contains information required before you install your solution. Before you install your solution, be sure you have the most up-to-date version of this manual. It will be posted on the PTC Web site: https://www.ptc.com/appserver/cs/doc/refdoc.jsp

13

Installing Windchill PDMLink on a Pro/IN Pro/INTRALINK 10.1 System


If you are upgrading Pro/INTRALINK 10.1 to Windchill PDMLink select the Update to Existing Install option in the PSI, and then select Upgrade Pro/Intralink to Windchill PDMLink . During this process you are asked to create or load a database schema and base or demo data; this panel can be ignored. Windchill PDMLink shares the same schema and base data as Pro/INTRALINK 10.1, so there is no need to install additional schema or base data when installing Windchill PDMLink on top of Pro/INTRALINK 10.1. Upon completing the Windchill PDMLink installation the Pro/INTRALINK 10.1 is replaced by Windchill PDMLink in the Windchill version. If you have customized or otherwise modified yourPro/INTRALINK 10.1 installation, consult the chapter "Managing Customizations" in the Windchill Customization Guide before installing Windchill PDMLink.

Installation Planning for Optional Products


Some of the optional products that the PTC Solution Installer (PSI) can install require special planning or pre-installation steps. This section contains the things you must consider or the actions you must perform before using PSI to install your optional products. Only the optional products with additional, pre-installation, considerations are listed under their own heading in the following sections.

Creo View
Creo View Client and Creo View Thumbnail Generator are installed using the PTC Solution Installer. There are additional components of Creo View which are located on productspecific CDs and require a separate installation. Some of these products may require an additional purchase from PTC. Refer to the Creo View Adapters Installation and Configuration Guide for installation instructions for the following products: Creo View Adapters JT Adapter Creo View Document Support Collective Document Support (Stellent libraries)

14

Windchill Installation and Configuration Guide

Windchill Enterprise Systems Integration


The following sections describe the high-level steps you need to perform to install and configure Windchill Enterprise Systems Integration (Windchill ESI) with TIBCO Middleware and ERP Connector.

Windchill ESI with TIBCO


If you are installing Windchill ESI and your implementation will use the bundled TIBCO software, there are three steps you need to complete in order to use Windchill ESI: 1. Install TIBCO using the Middleware Installation and Configuration Utility (MICU) and record the location of the tibjms.jar file before you initiate the PTC Solution Installer (PSI). 2. Install Windchill PDMLink and Windchill ESIusing the PSI. 3. Complete post-PSI configurations to configure Windchill ESI to Oracle Applications or SAP. Refer to your Windchill ESI documentation for information on post-PSI configuration information. To install TIBCO and configure ESI to ERP (steps 1 and 3), refer to the Windchill Enterprise Systems Integration Installation and Configuration Guide - Oracle Applications or the Windchill Enterprise Systems Integration Installation and Configuration Guide - SAP for more information. This guide only contains instructions for step 2. ERP Connector If you are installing ERP Connector, the following steps need to be completed in order to use ERP Connector: 1. Install Windchill PDMLink and ERP Connector using the PSI. 2. Complete post-PSI configurations to configure ERP Connector. For information on post-PSI configuration information, refer to the ERP Connector Administration Guide.

Windchill Business Reporting


If you are installing Windchill Business Reporting (WBR) along with your Windchill solution, you must decide whether the WBR components, the host and the gateway server, will be installed on the same machine as your Windchill solution, or installed in a distributed configuration on multiple machines.

Caution If you choose one of the distributed scenarios, the PTC Solution Installer (PSI) must be run on each machine in the proper sequence to avoid manual postinstallation configuration steps.

Planning a Solution Installation

15

Caution If you are updating an existing installation to include Windchill Business Reporting, you must first uninstall any previous installtions of Cognos, and reboot your machine, for the installation to run successfully.
The following Windchill Business Reporting installation scenarios are supported: Local InstallationThe host, gateway server, and your Windchill solution are all installed on one machine. Distributed Installations

Two machinesThe host is installed on one machine, and the gateway server and your Windchill solution are installed on a second machine. Three machinesThe host is installed on one machine, the gateway server is installed on a second machine, and your Windchill solution is installed on a third machine. The PSI is run first to install the host, then to install the gateway server, and lastly to install your Windchill solution. Windchill Business Reporting is also supported in a cluster environment. For information on installing Windchill Business Reporting in a cluster environment, see the Windchill Advanced Deployment Guide.

Local Installation
If the WBR host and gateway server are both installed on the same machine as your Windchill solution, as in the following graphic, then the PTC Solution Installer is run only once, and automatically installs the components in the proper sequence.

16

Windchill Installation and Configuration Guide

Distributed Installations
Two Machines If the WBR host is installed on a separate machine from the WBR gateway server and your Windchill solution, as in the following graphic, then the PSI must be run twice: first to install the host on its machine, and second to install the gateway server and the Windchill solution.

Three Machines If the WBR host, gateway server, and your Windchill solution are all installed on separate machines, as in the following graphic, then the PSI must be run three times: first to install the host, then to install the gateway server, and lastly to install your Windchill solution.

Other Pre-Installation Pre-Installation Considerations


Other considerations before you begin your installation: The Windchill Directory Server already be installed and configured before you begin installing any Windchill Business Reporting components. If you are installing Windchill Business Reporting on Red Hat Linux 5.X, you must have the system library files installed before installing Windchill Business Reporting.

Planning a Solution Installation

17

Windchill PartsLink Classification and Reuse


Windchill PartsLink Classification and Reuse provides internal design library organization and classification capability. Use the PTC Solution Installer to install the Windchill PartsLink components: Windchill PartsLink Client can be installed with your Windchill solution. Windchill PartsLink Server requires a separate PSI execution.

Note There is no dependency between the client and server installations. They can be installed in either order. Note The hostnames and RMI port for your Windchill PartsLink server and client must be known prior to installation. Option RMI Registry Port for Windchill PartsLink Default 10011 Description Valid range is 1024 65535

Refer to Installing Windchill Solutions on page 55 for instructions on installing Windchill PartsLink.

Windchill Gateway for FORAN


Installation of the Windchill Gateway for FORAN involves many components. The following steps summarize the installation process: 1. Install Message Oriented Middleware server 2. Install Windchill components 3. Install Windchill Gateway for FORAN components Prerequisites Refer to the standard PTC platform support matrix available at http://www.ptc. com/appserver/cs/doc/refdoc.jsp to view production hardware and software support. A successful Windchill Gateway for FORAN installation requires the following prerequisites: Java Runtime Environment (JRE) 1.6 or higher on both the client and server Java 2 Platform, Standard Edition 6.24 or higher installed on both the client and server Windchill PDMLink installed Windchill Gateway for FORAN components installed

18

Windchill Installation and Configuration Guide

Windchill Shipbuilding Template Creo View Windchill PartsLink Integration Client

Installing Components Sequence You can install components by staging area (a file location from where the component downloads) on the respective CD, or by media. If you are choosing a staging area for installation, then you need to copy the installers from these CD images:

Shipbuilding Template SHIPIA Windchill gateway for FORAN FORAN_IA

The following table lists the recommended sequence of installation steps. Number Installation Component 1. Message Oriented Middleware Client or Server Notes Standalone Component The MOM software is bundled with the Windchill Gateway for FORAN software on the FORAN_IA CD, and is installed separately.

2. 3. 4. 5.

Windchill Shipbuilding Template Windchill Gateway for FORAN Windchill Visualization Services and Creo View Windchill PartsLink Integration Client

Windchill Server Windchill Server Windchill Server Windchill Server

Installing Windchill Gateway for FORAN and Creo Elements/Direct Model Manager Together This option is installed using the bundled PTC Solution Installer (PSI). Both these gateways share common inputs in the inputs panel, and can be reviewed in the installation summary panel.

Planning a Solution Installation

19

Installing Windchill Gateway for FORAN on an Existing Gateway for Creo Elements/Direct Elements/Direct Model Manager This option is installed using the bundled PTC Solution Installer (PSI). This update does not require any further user inputs. All the inputs can be reviewed in the installation summary panel.

Windchill Gateway for Creo Elements/Direct Elements/Direct Model Manager


Installation of the Windchill Gateway for Creo Elements/Direct Model Manager involves many components. The following steps summarize the installation process: 1. Install MOM server 2. Install Windchill components 3. Install Creo Elements/Direct Model Manager components Prerequisites Refer to the standard PTC platform support matrix at http://www.ptc.com/ appserver/cs/doc/refdoc.jsp to view production hardware and software support. A successful Windchill Gateway for Creo Elements/Direct Model Manager installation requires the following prerequisites: Java Runtime Environment (JRE) 1.6 or higher on both the client and server Java 2 Platform, Standard Edition 6.23 or higher installed on both the client and server Creo Elements/Direct Model Manager Server installed Windchill installed

Installing Components Sequence You can install components by staging area (a file location from where the component downloads) on the respective CD, or by media. If you are choosing a staging area for installation, then you need to copy the installers from the CD_WCOCREATEMM CD If you choosing media for installation, then you must point to the following correct installer locations on the CD: <CD drive>/CD_WCOCREATEMM for Creo Elements/Direct Model Manager Gateway Server Component

20

Windchill Installation and Configuration Guide

The following table lists the recommended sequence of installation steps. For details on each step, refer to the section of documentation listed in the Where Documented column. Number Installation Client or Server How To Install Component 1 CD_WCOCRE Message Oriented (standalone ATEMM Middleware component) 2. CD_WCOCRE Windchill Server Windchill Gateway ATEMM for Creo Elements/Direct Model Manager Installing Windchill Gateway for Creo Elements/Direct Model Manager and FORAN Together This option is installed using the bundled PTC Solution Installer (PSI). You can review the inputs in the Installation summary panel. Installing Windchill Gateway for Creo Elements/Direct Model Manager on Existing Gateway for FORAN This option is installed using the bundled PTC Solution Installer (PSI). This update does not require any inputs from you.

Replication
Windchill replication increases the productivity of Windchill users by reducing their time to access content data. The users access content data stored on more rapidly accessible external vaults known as replica vaults. Replica vaults store content data that has been replicated from slower external vaults or from the Windchill database. The Windchill user's experience in accessing replicated and non-replicated information is identical except for the improved access time. The Windchill user's only explicit interaction with Windchill content replication is setting preferences in a graphical interface. A Windchill site (also known as a cluster) is a group of hosts with one URL. For the purpose of content replication, a site can play the role of master site, replica site, or both. When a site is playing the role of a master site, content can be replicated from database storage, from external storage, or both to one or more replica sites. When a site is playing the role of a replica site, content can be replicated to it from master sites. A master site stores vault and folder configuration information for each of its replica sites. Replica sites retrieve vault configuration information on startup or an update of the information is pushed from the master site on its startup or sent explicitly by the master site administrator.

Planning a Solution Installation

21

A remote site is meant to provide Windchill users with local access to content data in replicated vaults. The data in each replicated vault can come from only one master site, and attempts to disregard this rule could result in the loss of data. The installation and configuration of a File Server remote site are detailed in the following sections.

File Server Remote Site Pre-Installation Pre-Installation Steps


Before you install a File Server remote site, you must complete the following preinstallation steps: 1. Make sure you have used PSI to install a master site and have enabled the master site to use the File Server remote site. 2. Generate a security key. 3. Use the File Server Management utility to download the software and key. The following sections provide detailed information for each step. Enabling the Master Site to Use the File Server Use Advanced PSI for installation and configuration on the master site. On the
Select Product Features window, make sure you select the Enable Remote File Server Support checkbox:

22

Windchill Installation and Configuration Guide

You can select the Enable Remote File Server Support checkbox in all of the following product bases: Windchill PDMLink Windchill ProjectLink Windchill CAPA (not available if installing as a standalone product) Windchill Nonconformance (not available if installing as a standalone product) Windchill Customer Experience Management (not available if installing as a standalone product) Windchill Integrations for Embedded Software Pro/INTRALINK Integral Windchill PDMLink and Windchill ProjectLink Integral Windchill ProjectLink and Arbortext Content Manager Arbortext Content Manager

Note You must complete this step during the master server installation. Otherwise, you will need to perform manual steps to set it up later.
Generating the Security Key Before you install the File Server remote site, you must generate security keys (public and private), export the public key and copy it to the remote site file system, and make it known to the remote site. To generate security keys: 1. On the master site, select Site Administration .
Utilities File Server Administration Site

The Site Management window opens. 2. Select the master site.

Note Selecting the master site activates the Update Keys button. 3. If there is an existing Key Generation Date for the keys displayed in the table, you can accept the value and do nothing, or click Update Keys to initiate the creation of the public and private keys. (Generating the keys requires several seconds.) 4. When the keys are created, select the master site again and then click Export Key . 5. Provide a name for the key, navigate to a storage location for the key, and save it as a file. The key must have the extension PUBKEY or KEY (for example, site1.pubkey).

Planning a Solution Installation

23

Downloading the Software and Key Using the File Server Management Utility 1. Create a folder for your software and key downloads. 2. From a remote machine you want to use as a File Server, click or enter the master site URL. A Windchill product opens (See the various Windchill products listed in Step 1 in this section.) 3. From Site , Libraries , Products , , select Utilities File Server Administration File Server Management .

Note For Organizations and Projects the File Server Management link is available under Utilities .
The File Server Management page opens with the list of Installer Links .

4. Click each installer link and download the files into the folder you created earlier in this procedure. 5. Extract the contents of each ZIP file. 6. Continue to Installing a File Server Remote Site on page 167.

Note After you have installed the File Server remote site, you must complete the post-installation steps in the Completing Configurations - Manual Steps on page 171 chapter.

24

Windchill Installation and Configuration Guide

Windchill Requirements Management Planning and Prerequisites


The PTC Product Solution Installer (PSI) automatically installs the Requirements Management component when either Windchill PDMLink or ProjectLink is chosen as your Windchill solution. When installing the Windchill server for use with Integrity Requirements Management, the Web Application Context Root value specified in the PTC Solution Installer (PSI) must be Windchill , or the configuration with Integrity Requirements Management will fail.

Windchill PLM Connector


This section contains the server prerequisites for installing Windchill PLM Connector using the PTC Solution Installer (PSI). Before beginning this installation, in addition to reading this document, you should read the Windchill PLM Connector Administrator s and User s Guide. Software Matrix A software matrix on the PTC website lists the combinations of platforms, operating systems, PTC products, and third-party products that are certified for use with Windchill PLM Connector on Windows. Refer to the Reference Document page. Select your product from the Product list, select the current release from the Release list, select Software Matrix from the Document Type list, and select Windchill PLM Connector Software Matrix from the list of matrices. Software CD and Other Deliverables The Windchill PLM Connector server software can be downloaded to the PSI stager. It is also available on the Windchill PLM Connector CD-ROM and from the PTC software downloads page. When Upgrading From a Previous Windchill PLM Connector Installation Before upgrading Windchill PLM Connector, in addition to reading this document, see the Windchill Upgrade Guide. Download and install the latest WinDU patches available for a previous release of Windchill PLM Connector and execute the diagnostic before proceeding to upgrade. Windchill PLM Connector Documentation The following software and other deliverables are contained on the Windchill PLM Connector server CD:

Planning a Solution Installation

25

Item Windchill PLM Connector Server CD

Description The Windchill PLM Connector server CD contains the Windchill PLM Connector server software, sample files and documentation. The PTC solution Installer (PSI) is used to install the Windchill PLM Connector server on the Windchill server. The Windchill PLM Connector server CD can be downloaded from the PTC software downloads page to the PSI stager. It is also available on CD-ROM. The server installer is located in the CD_WPCSERVER directory of the Windchill PLM Connector server CD. When Windchill PLM Connector is installed, the Windchill server code is installed in the \Samples\WPC_Server\src directory. You can use the sample code as a guide to help prevent imported objects from getting checked-out or revised on a Windchill server where Windchill PDMLink, or Windchill PDMLink with Windchill ProjectLink, or Pro\INTRALINK is also installed. Use your HTML software or other third-party software to modify the sample code to meet your access policies for the prevention of non-owned data being imported on target Windchill systems. The sample WPCServer.zip file located at <WT_HOME>\src\wpcserver\Samples\ on the Windchill PLM Connector server and client CDs for the sample .java script, StandardWPCVetroService.java.

Sample Windchill Server Code

Note Windchill PLM Connector supports the exchange of Creo data from a source Windchill system to target Windchill systems. It is recommended that you do not modify the data in a Windchill target system unless the Windchill target system has ownership of the data. Windchill PLM Connector does not inherently enforce or prevent modification of imported data. An administrator can set the access permissions to read-only for imported data.

26

Windchill Installation and Configuration Guide

Item

Description Refer to the Discourage Modification of Imported Packages on the Windchill Server procedure for detailed instructions.

The following documentation is available from the following locations: Location Windchill PLM Connector server and client CDs Description The following documentation is available on the Windchill PLM Connector server and client CDs at <WPC_Server_Install_dir\doc> and <WPC_Client_Install_dir\doc>: Windchill PLM Connector Administrator s and User s Guide The following Windchill PLM Connector documentation is available on the PTC Reference Documents download page at the following URL address: http://www.ptc.com/appserver/cs/doc/refdoc.jsp Windchill Read This First Windchill PLM Connector Administrator s and User s Guide Windchill PLM Connector Software and Hardware Matrix Located under Enterprise Administration
Exporting and Importing Data Reference Windchill PLM Connector

PTC Reference Documents download page

Windchill Help Center

Server Prerequisites Ensure that the following prerequisites have been met before installing the Windchill PLM Connector server software on a Windchill server. Ensure that Windchill PDMLink, Windchill PDMLink with Windchill ProjectLink, or Pro/INTRALINK is installed and configured on the Windchill server. Ensure that at least 60 MB of disk space is available for the installation. Ensure that you have the necessary credentials to log in to Windchill as Site or Organization Administrator.

Planning a Solution Installation

27

Choosing the PSI Installation Type Choose the appropriate installation type for your system: Choose the Solution option to perform a complete installation of Windchill that includes the optional product Windchill PLM Connector server.

Note The Solution option creates a new installation on one or more machines with your choice of optional products (like Windchill PLM Connector), platform components, and configuration options. See the configuration section of the PSI installer guide to determine if any manual configurations are necessary for Windchill PLM Connector. Choose Update Existing Installation when you are installing an optional product, like Windchill PLM Connector server software, onto an existing Windchill installation. Note The Update Existing Installation option allows you to install a product onto an existing installation, add an additional language or install a Windchill software update.

28

Windchill Installation and Configuration Guide

2
Installing Oracle
About Oracle .............................................................................................................30 Before You Begin.......................................................................................................30 Installing Oracle Server Software ................................................................................31 Installing Oracle Client Software .................................................................................32 Installing Oracle Patches............................................................................................33 Post-Installation Activities...........................................................................................34

PTC supports Oracle Enterprise Edition and Standard Edition software. This section guides you through the process of installing and setting up Oracle for Windchill.

Note Select a version of Oracle that is supported with this release. For more information about the products supported with this release, see the software matrix (available from http://www.ptc.com/appserver/cs/doc/refdoc.jsp. Note If you are installing the bundled Oracle software, you do not need to install the database software before running the PTC Solution Installer (PSI).

29

About Oracle
PTC provides these guidelines to assist you when installing the Oracle Relational Database Management System (RDBMS) software. In all cases, follow the instructions in the Oracle Database Installation Guide for detailed platform specific instructions (user authentication, memory, process tuning, and so on). The Oracle server can be installed either on the same machine as Windchill or on a remote machine. By default, when the server software is installed, Oracle also installs the client software on the same machine. If you install Windchill on a different machine than the Oracle server and if you plan to customize Windchill and generate Data Definition Language (DDL) scripts, then you must also install the Oracle client software on the same machine as the Windchill server. Also, if you install Windchill on a different machine than the Oracle server, you must run the PTC Solution Installer (PSI) on the Oracle server before installing your Windchill solution. Included in this chapter are instructions for an Oracle server installation (whether on the Windchill server machine or on a remote machine), and an Oracle clientonly installation for the Windchill server machine.

Note You do not need to install the Oracle client software unless you are planning to customize Windchill and generate DDL scripts.
Oracle is delivered on the Oracle DVDs and it is installed using the Oracle Universal Installer. If you are using the PTC-bundled Pro/INTRALINK Oracle, it is installed using the PTC Solution Installer (PSI).

Before You Begin


Determine which versions of Oracle are supported for your application. See the software matrix (available from http://www.ptc.com/appserver/cs/doc/refdoc. jsp). On UNIX systems, the installing user (including root) is typically the database administrator (DBA). It does not matter whether the user is a local user or Network Information Services (NIS) user. When creating an Oracle database using PSI, you can launch PSI as the user that installed the database software, or as root user. On Windows systems, the installing user needs to be a member of the Administrator's group. It does not matter whether the user is a local user or a domain user.

30

Windchill Installation and Configuration Guide

You must have 5 GB available hard drive disk space for an Oracle server installation with a Windchill demo database. More disk space is accordingly needed for larger databases. For additional installation requirements, consult the Oracle documentation.

To complete the installation, you will need to provide the installer with information. PTC recommends you gather this information in advance to allow the installation to proceed without interruption: Name to assign to the listener. Default is LISTENER. Protocol type. Default is TCP/IP. Port number for the protocol type. The default for TCP/IP is 1521.

Note To create a database using the PSI the proper environment settings must be configured in a sh shell for an Oracle User. This includes updating the Oracle user profile so that the Oracle environment variable and path are set automatically when launching a sh shell. For more information see Database Configuration on page 66.

Installing Oracle Server Software


PTC recommends that you install the Enterprise Edition without any other optional components. While you can choose to install the full version of Enterprise Edition, it comes with many product components that are unnecessary when working with a Windchill server. The following procedure describes the recommended approach of installing Enterprise Edition using the Custom option. These instructions apply to Windows and UNIX installations. See the Oracle documentation for operating system-specific requirements. Complete the following steps to install the Oracle server: 1. Before initiating the installation, stop any running Oracle products. In particular, shut down all Oracle local services. 2. Insert or mount the Oracle Database DVD. 3. Run setup (Windows) or runInstaller (UNIX).

Installing Oracle

31

4. If you have a My Oracle Support account, you could enter the information here; otherwise, it is optional. Click Next to continue.

Note If you have not entered an email address, click Yes on the Email Address Not Specified popup window. 5. Select Install database software only and click Next . 6. Select Single instance database installation and click Next . 7. The default language is English. Select the language for your database and click Next . 8. Select Enterprise Edition 9. Click on Select Options and clear all components. 10. Enter the Oracle Base . This is the base directory for the Oracle software. 11. Enter the Software Location . Oracle recommends that this be within the Oracle base directory. 12. Click Next . 13. For UNIX, select the OSDBA and OSPER groups for operating system authentication and click Next . 14. The prerequisite check verifies that your system meets the needs of installation and configuration of Oracle. The installer lists any unsatisfied requirements. Click Next . 15. The summary window displays the options you chose. Review your selections and click Finish . 16. Once the installation has finished, click Close to exit. Note For UNIX, be sure to run $ORACLE_HOME/root.sh as the root user.

Installing Oracle Client Software


If your Oracle server and Windchill server are located on separate machines, and you are planning to customize Windchill and generate Data Definition Language (DDL) scripts, use the following procedure to install Oracle client software on your Windchill server machine. On the Windchill server, install the following product: Oracle Client (Runtime) - Provides tools for developing applications, networking services and client software.

These instructions apply to both Windows and UNIX installations. Additional documentation is provided where Windows and UNIX differ.

32

Windchill Installation and Configuration Guide

Complete the following steps to install the Oracle client: 1. Before initiating the installation, stop any running Oracle products. In particular, shut down any Oracle local services. 2. Insert or mount the Oracle Database DVD 1 of 3. 3. If the installer does not start automatically, run the executable or script to start the installer: On Windows: <DVD-ROM>\client\setup.exe On UNIX: <DVD-ROM>/runinstaller

The Welcome window opens. 4. Click Next to begin the installation. The Select Installation Type window opens. 5. Select Runtime and click Next . The Specify Home Details window opens. 6. Enter the following and click Next . Field Name Path Description A name for the installation Full path where you want to install the Oracle software.

The Available Product Components window opens. 7. Select the check boxes of the components you want to install and click Next . The Product-Specific Prerequisite Checks window opens. The installer performs some checks. The status column should display Successful and the results should display Passed. Go to the next step. If flagged items appear, click each item for details about the warnings. Resolve the issue if directed to do so. The Summary panel appears displaying the options you chose. 8. Click Install .

Installing Oracle Patches


After installing Oracle software, you must install any patches provided by Oracle. See the Windchill Software Matrices to determine the correct patch level to apply. If you do not have the appropriate patch on a CD provided by Oracle, you can obtain it through the Oracle technical support website (http://metalink.oracle.com/). After logging in, you can download the patch from the Patches section on the MetaLink site.

Installing Oracle

33

Post-Installation Post-Installation Activities


After installing the Oracle software, perform the following activities as needed to ensure that your system is ready to proceed with database creation (for Oracle server) and Windchill installation.

Removing Previous Versions of Oracle


If you have installed an upgraded version of Oracle you may remove the older version. However, before removing your older version you may want to verify that the new version has been installed properly. The following checks should confirm that Oracle has successfully upgraded: Connect to the database using the new Oracle environment settings, such as ORACLE_HOME or PATH Verify the database version. Verify the connection with Windchill

If the Oracle upgrade has been successful you may remove the older Oracle version by using the following procedure: 1. Navigate to the following location:
cd <ORACLE VERSION HOME>/deinstall

2. Run deinstall.

Checking Environment Variables


After the Oracle installation is complete, verify that the PATH environment variable includes the correct Oracle directory path. For example: Windows For Oracle 11.2.x.x:
c:\oracle\ora102\bin

UNIX For Oracle 11.2.x.x:


/u01/app/oracle/product/11.2.0/

Also, when Oracle is installed, it typically places two Java Runtime Environments at the beginning of the PATH variable. This placement interferes with Windchill installers, which rely on the Java 1.6 SDK. After installing Oracle, make sure that your 1.6.x Java SDK is positioned in your PATH variable before any JREs the Oracle installer may have added.

34

Windchill Installation and Configuration Guide

Configuring for Multi-byte Multi-byte Character Sets


If you are using multi-byte character sets on the Oracle server, then on the Windchill server machine (where the Oracle client is installed), the NLS_LANG environment variable must be set to match the operating system language setting. For example, on a Japanese Windows client, set the NLS_LANG variable to the following:
JAPANESE_JAPAN.JA16SJIS

For additional information about language setting options, see the Oracle installation documentation.

Configuring the Oracle Net Services Environments


Before Windchill can access a remote Oracle server as an Oracle client, you must configure a net service name. Both of these tasks are performed using the Oracle Net Configuration Assistant. The Oracle Net Configuration Assistant is normally launched automatically at the end of an Oracle installation session. In the event you need to manually start the Oracle Net Configuration Assistant, perform the procedure appropriate for your operating system from the following: Windows Click Start Programs Oracle - OraDb10g_home1 Configuration and Migration
Tools Net Configuration Assistant

Unix At the command prompt enter the following: <Oracle>/bin/netca where <Oracle> is the directory location where you installed Oracle. Perform the net services configuration procedure appropriate to an Oracle server or client, as described in the sections Installing Oracle Server Software on page 31 and Installing Oracle Client Software on page 32. For additional information about this configuration assistant, refer to the Oracle Database Installation Guide.

Installing Oracle

35

Configuring a Remote Oracle Database to Work with the Windchill Server


If your Oracle database is on a separate server from your Windchill server, you must perform this additional procedure before installing your Windchill solution. This section provides an overview of the actions you must perform with the PTC Solution Installer (PSI) on the Oracle server before you install the Windchill solution on your Windchill server.

Note This section assumes you have installed Oracle on your database server as described in this chapter.
For detailed descriptions of each screen and option, see Installing a Standalone Product or Component on page 137. Perform the following on the Oracle database server: 1. Launch the PTC Solution Installer. For more information, see Launching the PTC Solution Installer on page 56. 2. Choose the installer language. For more information, see Installing Using the PTC Solution Installer on page 138. 3. Read the Before You Begin panel and click Next . 4. Read the PTC Customer Agreement panel and confirm that you have legal authority to install the software as described in the section titled Installing Using the PTC Solution Installer on page 138. 5. Select the Solution Installation type and click Next . For more information on installation types, see Selecting the Installation Type on page 57. 6. Select the Standalone Product or Component and click Next . 7. Select Oracle Configuration . 8. Under Oracle Configuration , select Create Database . In addition, you can select Create Windchill Installation Database User Account . The latter can be done during your Windchill installation on the Windchill server, but the database must be created on the Oracle server now. For more information, see Installing a Standalone Product or Component on page 140. 9. Select the installation directories. For more information, see Specifying the Installation Directory on page 69. 10. Select the Base Data Language . For more information, see Specifying Language Settings on page 72. 11. Select the database size. For more information, see Selecting the Database Size on page 72. 12. Enter your database settings. For more information, see Entering Your Database Information on page 73. 13. Choose whether to use a staging area. For more information, see Selecting Staging Directory Options on page 91.
36

Windchill Installation and Configuration Guide

14. If you are using a staging area, copy the Oracle Configuration files from the "Windchill 3rd Party Software" CD to the staging directory. For more information, see Copying CDs or CD Images to the Staging Area on page 92. 15. Review the installation overview and click Install . For more information, see Reviewing the Installation Overview on page 92. You can now continue installing your Windchill solution on the Windchill server.

Installing Oracle

37

3
Installing SQL Server
About SQL Server .....................................................................................................40 Before You Begin.......................................................................................................40 Installing SQL Server Software ...................................................................................42 Index Byte Limitation..................................................................................................43 Configuring a Remote SQL Server Database to Work with the Windchill Server ..............44 Starting SQL Server Services .....................................................................................45

Select a version of SQL that is supported with this release. For more information about the products supported with this release, see the Windchill Software Matrices (available from http://www.ptc.com/appserver/cs/doc/refdoc.jsp).

Note Microsoft SQL Server is supported only on Windows systems.

39

About SQL Server


PTC has provided these guidelines to assist you when installing the SQL Server software. In all cases, follow the installation instructions outlined in the Readme. htm file, which is located in the Servers directory of the SQL Server software CD. You can also access this document by selecting Read the release notes on the Autorun panel of the SQL Server installer. SQL Server can be installed either on the same machine as Windchill or on a remote machine. SQL Server is delivered on the SQL Server CDs and is installed using the SQL Server installer.

Before You Begin


Determine which versions of SQL Server are supported for your application. See the software platform matrix (available from http://www.ptc.com/ appserver/cs/doc/refdoc.jsp). The installing user (typically the database administrator [DBA]) must be a member of the Administrator group. You must have 1.5. GB available hard drive disk space for a SQL Server installation with a Windchill demo database. More disk space is needed for larger databases. For additional installation requirements and platform prerequisites, consult the Microsoft SQL Server documentation, or visit: http://www.microsoft.com/sql/prodinfo/sysreqs/default.mspx.

Note If you are installing Windchill with Windchill Business Reporting then you must select SQL Server 2008 as the target database platform. Cognos Business Intelligence software is not currently supported on SQL Server 2012.
If you are installing Windchill 10.0 maintenance release M040 and above then note the following: If Windchill Business Reporting is selected as the sub installer then you must have SQL Server 2012 (Latin1_General_100_CS_AS_SC (UTF 16)) for Windchill and SQL Server 2008 (SQL_Latin1_General_CP1_CS_AS (UCS-

40

Windchill Installation and Configuration Guide

2)) for Windchill Business reporting as the target database platform. Install Windchill and Windchill Business Reporting as separate instances and then configure them manually to work together. If Windchill Business Reporting is NOT selected as the sub installer then you must have SQL Server 2012 (Latin1_General_100_CS_AS_SC (UTF 16)) as the target database platform for Windchill solution. If the new Windchill server is a target server for upgrading from a previous release of Windchill then you must use SQL Server 2012 (SQL_Latin1_General_CP1_CS_AS (UCS-2)) as the target database platform.

If you are installing Windchill 10.0 maintenance release M040 and above as an update server then note the following: You must update the existing Windchill server to 10.0 M040 with SQL Server 2008 R2 (SQL_Latin1_General_CP1_CS_AS (UCS-2)) along with Update tool execution. If you are planning to upgrade to SQL Server 2012 then the server needs SQL_Latin1_General_CP1_CS_AS (UCS-2) collation. Updating with a new sub installer for an updated server is allowed with SQL Server 2012 (SQL_Latin1_General_CP1_CS_AS (UCS-2)) collation. SQL Server instance must be installed with case-sensitive sort collation: Latin1_General_100_CS_AS_SC Database instance must be configured with mixed mode authentication The read_committed_snapshot database property must be activated.
ALTER DATABASE <database_name> SET READ_COMMITTED_SNAPSHOT ON

Note the following:

Required Filegroups: PRIMARY BLOBS INDX WCAUDIT

Database schema name and schema owner must be identified by same name SQL Server logon, user, and schema must be identified by same name Default schema for database user must be identified by same name Database user must be a member of the db_owner role, or have similar privileges

Installing SQL Server

41

Installing SQL Server Software


Complete the following steps to install the SQL Server software: 1. Insert the SQL Server DVD. 2. If the installer does not start automatically, run the executable or script to start the installer: <DVD-ROM>\setup.exe 3. In the SQL Server Installation Center , on the left panel select Installation and on the right panel select New SQL Server stand-alone installation or add feature to an existing installation . 4. If any of the support rules failed, re-run them or perform what is required for the rules and continue. 5. Enter the product key for SQL Server and click Next . 6. Review and accept the licence terms and click Next . 7. Select SQL Server Feature Installation and click Next . 8. In the Feature Selection window, select the following:

Note These are the minimum options needed to support a SQL Server database for Windchill.
Database Engine Services SQL Server Replication Full-Text Search and Semantic Extractions for Search Client Tools Connectivity Client Tools Backwards Compatibility Client Tools SDK Documentation Components Management Tools Basic

Management Tools Complete SQL Client Connectivity SDK 9. If any of the Installation rules failed, perform what is required for the failed rules and continue. 10. Select if you want to use the Default Instance or a Named Instance and click Next .

Note The Default Instance is the name of the machine on which SQL Server is installed. Instance ID should be the same as Instance Name .

42

Windchill Installation and Configuration Guide

11. Review the disk space requirements. Go back and change the installation location, if needed, and click Next . 12. Under Server Configuration , on the Service Accounts tab, select or enter the Account Name that will be used to start the services. For basic installations you can use NAUTTHORITY\SYSTEM account for all services, and click OK . 13. Under Server Configuration , select the Collation tab. 14. Select Customize next to Database Engine. In the popup window, select Windows collation designator and sort order , and select Latin1_General_100 from the Collation designator drop down box. Also select the check boxes Case- sensitive , Accent-sensitive , and Supplementary Characters . Click OK . The Database Engine field should display the collation Latin1_General_100_CS_AS_SC. Click Next . 15. Under Server Configuration , click Next . 16. Under Database Engine Configuration , select Authentication Mode Mixed Mode . Enter password for the Built-in SQL Server system admin account (sa). 17. Under Specify SQL Server administrators , select Add Current User and click Next . 18. Error reporting is optional. Check the box if you would like to send error reports to Microsoft. Click Next . 19. If any rules have failed, performed what is required for the failed rule and continue. 20. Review the summary for the SQL Server installation and click Install . 21. After the installation process is successful, click Next . 22. Click Close to close the installer.

Index Byte Limitation


The maximum length for an index key in SQL Server is 900 bytes. If an index exceeds the 900 byte limit, an exception is thrown. To prevent an exception from being thrown, ensure that the data values used by the index are less than 900 bytes. Following are examples of exceptions thrown when the index size exceeds 900 bytes. For example: The insert statement is executed and the index size exceeds 900 bytes
wt.pom.DatastoreException: A SQL error has occurred for the statement "INSERT INTO WTUser(classnameA2A2,updateCountA2,blob$entrySetadHocAcl, disabled, classnamekeydomainRef,idA3domainRef,entrySetadHocAcl,eventSet,inherited Domain,name,repairNeeded,markForDeleteA2,updateStampA2,createStampA2,modify StampA2,idA2A2) VALUES (wt.org.WTUSER,1,?,?,?,?,?,?,?,?,?,?,?,?,?)".

Installing SQL Server

43

Database system message follows: Nested exception is: java.sql.SQLException: [ptc][SQLServer JDBC Driver][SQLServer]Operation failed. The index entry of length 2000 bytes for the index WTUser$COMPOSITE exceeds the maximum length of 900 bytes.

For example: When the update statement is executed and the index size exceeds 900 bytes
wt.pom.DatastoreException: A SQL error has occurred for the statement "UPDATE WTUser SET blob$entrySetadHocAcl=?,disabled=?,classnamekey domainRef=?,idA3domainRef=?,entrySetadHocAcl=?,eventSet=?,inherited Domain=?,name=?,repairNeeded=?,markForDeleteA2=?, updateStampA2=?,modifyStampA2=?,updateCountA2=updateCountA2+1 WHERE ((idA2A2 = ?) AND (updateCountA2 = ? ))" Database system message follows: Nested Exception is: java.sql.SQLException: [ptc][SQLServer JDBC Driver] [SQLServer]Operation failed. The index entry length of 2000 bytes for the index WTUser$COMPOSITE exceeds the maximum length of 900 bytes.

Additionally, you may encounter warnings when executing the create_ddl_wt.bat file. These warnings can be ignored. For example: Running the create_ddl_wt.bat file
Warning: message=[ptc][SQLServer JDBC Driver][SQLServer]Warning! The maximum key length is 900 bytes. The index 'WTUser$COMPOSITE' has maximum length of 4000 bytes. For some combination of large values, the insert/update operation will fail. command=CREATE INDEX WTUser$ COMPOSITE ON WTUser(name)

Configuring a Remote SQL Server Database to Work with the Windchill Server
If your SQL Server database is on a separate server from your Windchill server, you must perform this additional procedure before installing your Windchill solution. This section provides an overview of the actions you must perform with the PTC Solution Installer (PSI) on the SQL Server database before you install the Windchill solution on your Windchill server.

Note This section assumes you have installed SQL Server on your database server as described in this chapter.
For detailed descriptions of each screen and option, see Installing a Standalone Product or Component on page 137.

44

Windchill Installation and Configuration Guide

Perform the following on the SQL Server database server: 1. Launch the PTC Solution Installer. For more information, see Installing Using the PTC Solution Installer on page 138. 2. Choose the installer language. This is the language that the installer uses for you to choose settings for your installation. 3. Read the Before You Begin panel and click Next . 4. Read the PTC Customer Agreement panel and confirm that you have legal authority to install the software as described in the section titled Installing Using the PTC Solution Installer on page 138. 5. Select the Solution installation type and click Next . 6. Select the Standalone Product or Component and click Next . 7. Select SQL Server Configuration . 8. Under SQL Server Configuration , select Create Windchill Database and Installation User . For more information, see Installing a Standalone Product or Component on page 140. 9. Select the installation directories. For more information, see Specifying the Installation Directory on page 69. 10. Select the Base Data Language. For more information, see Specifying Language Settings on page 72. 11. Select the database size. For more information, see Selecting the Database Size on page 72. 12. Enter your database settings. For more information, see Entering Your Database Information on page 73. 13. Choose whether to use a staging area. For more information, see Selecting Staging Directory Options on page 91. 14. If you are using a staging area, copy the SQL Server Configuration files from the "Windchill 3rd Party Software" CD to the staging directory. For more information, see Copying CDs or CD Images to the Staging Area on page 92. 15. Review the installation overview and click Install . For more information, see Reviewing the Installation Overview on page 92. You can now continue installing your Windchill solution on the Windchill server.

Starting SQL Server Services


Open the SQL Server Configuration Manager:
Start All Programs Microsoft SQL Server 2012 Configuration Tools SQL Server Configuration Manager

Installing SQL Server

45

Using the SQL Server Configuration Manager, start the following SQL Server services: SQL Server SQL Server Agent SQL Server Browser

46

Windchill Installation and Configuration Guide

4
Before Using the PTC Solution Installer
Overview ..................................................................................................................48 Installing Using the Appropriate Permissions ...............................................................48 Setting the Installation Directory on Windows ...............................................................49 Using a Staging Directory for Product CDs on Windows................................................49 Disabling Windows Firewall and Internet Explorer Enhanced Security Configuration for Windows Server ................................................................................................49 Configuring Windchill with the Arbortext Publishing Engine ...........................................51 Preparing Enterprise LDAP for Installation Data Load ...................................................51 Preparing an Enterprise LDAP Including Active Directory..............................................51 Configuring a Windchill Installation to be IPv6 Compliant ..............................................52 Specifying UNIX Settings ...........................................................................................52 Verify that the Time and Date is Accurate on the Server ................................................53

This chapter provides a high-level overview of any input required to install optional products. It also describes any pre-installation planning you should complete before installing certain products. Not all products have pre-installation steps to complete, though you should review the chapter in case some of the broader installation considerations apply to your site.

47

Overview
This section provides an overview of the things you should know before installing your Windchill solutions. Verify that you have the most recent version of this guide and other installation documentation. The latest versions can be downloaded from http://www.ptc. com/appserver/cs/doc/refdoc.jsp. Get familiar with how the PTC Solution Installer works, what each installation type does, and the order of installation for the database and the products the installer supports. Refer to the Getting Started with Windchill Installation and Configuration Guide for more information. Review this manual to understand the software requirements, the values you must enter into the PTC Solution Installer install your products, and any manual steps you must perform to complete your installation.

For complex environments that include the use of firewalls, alternate authentication, or multiple servers, use the Windchill Advanced Deployment Guide in conjuction with this guide.

Caution Before attempting to access any part of the Windchill system ensure that all installation procedures have been completed.

Installing Using the Appropriate Permissions


You must have certain permissions before you can install your Windchill solution. Windows You must have administrative privileges to install. UNIX You must log in as a root user and use the PTC Solution Installer (PSI) Solution installation type to install Apache (HP-UX only) as a standalone component. On HP-UX, after the installation of Apache is complete, go to the parent directory where Apache is installed (/opt/hpws22) and recursively change the ownership of the Apache directory to the user that will be installing Windchill. For example:
chown -R <user that will install Windchill> Apache

After installing those components, you can log in as a non-root user and use the PSIs Solution installation type to complete your installation.

48

Windchill Installation and Configuration Guide

If you choose to reference an existing Apache web server during your installation, the PTC Solution Installer (PSI) references the components as the user that is installing each component. For example, if you execute PSI and install Apache as root and you later run the PSI as a different user to install a Windchill solution that is configured to use the existing Apache, then the non-root user will not have permission to access the Apache logs. Oracle requires a database administrator who does not have root access to install.

Note A non-root installation of Apache requires that you set port numbers to 1024 or higher.

Setting the Installation Directory on Windows


Do not specify a Uniform Naming Convention (UNC) path name (such as \\host \path\to\JDK) for either the Java SDK or the Windchill Directory Server installation directory file paths. Additionally, if you specify a mapped or SUBST drive in the file path for the Windchill Directory Server, you cannot run the server as a Windows service.

Using a Staging Directory for Product CDs on Windows


While the PTC Solution Installer (PSI) allows you to copy your CDs to a directory as a part of the installation process, it is important not to use a Universal Naming Convention (UNC) path (for example, \\<serverName> \<sharedResourcePathname>) because not all products install properly if a UNC path is provided. As an alternative to using UNC paths, map a network drive to the UNC location where the CDs are staged and use the network drive as the staging directory. For more information on using a staging directory, refer to the section Selecting Staging Directory Options on page 91.

Disabling Windows Firewall and Internet Explorer Enhanced Security Configuration for Windows Server
Certain Windows components must be temporarily disabled while installing your PTC solutions using the PTC Solution Installer (PSI). Follow the instructions below for your Windows platform. For Windows 2003 Servers

Before Using the PTC Solution Installer

49

To disable the option, perform the following: 1. 2. 3. 4. 5. 6. Go to Control Panel . Click on Add or Remove Programs . Click on Add/Remove Windows Components . Clear the checkbox for Internet Explorer Enhanced Security Configuration . Click Next . Click Finish .

Once you have completed your installation and closed the PSI, you may re-enable this option. For Windows 2008 Servers The Windows Firewall and the Internet Explorer Enhanced Security Configuration option must be temporarily disabled while installing your PTC solutions using the PTC Solution Installer (PSI) for the following reasons: Disabling the Internet Explorer Enhanced Security Configuration option prevents the person installing having to click open for every product component being installed. Disabling the Windows Firewall prevents access permission problems on ports used by the Windchill solution during a Windchill installation activity.

Perform the following steps: 1. Go to Control Panel . 2. Click on Programs and Features . 3. Click on Turn Windows features on or off . The Server Manager opens. 4. In the Security Information section, click Go to Windows Firewall . 5. Click Windows Firewall Properties . 6. On the Domain Profile , Private Profile , and Public Profile tabs, change the Firewall State to Off . 7. Click OK . 8. In the Security Information section, click Configure IE ESC . 9. Under both Administrators and Users , select Off . 10. Click OK . Once you have completed your installation and closed the PSI, you may re-enable these components.

50

Windchill Installation and Configuration Guide

Configuring Windchill with the Arbortext Publishing Engine


For instructions on configuring the Arbortext Publishing Engine (PE) Worker, configuring the WVS publisher for the Arbortext Editor, and defining and loading publishing rules, see the Windchill Visualization Services Guide.

Preparing Enterprise LDAP for Installation Data Load


If you are connecting to an enterprise LDAP using the PTC Solution Installer (PSI) and want to load base data, verify that none of these out-of-the-box groups are in any repository when specifying "Base Distinguished Name of Enterprise User Entries": Administrators Attribute Administrators LifeCycle Administrators Replication Managers Type Administrators Workflow Administrators Workflow Authors

Preparing an Enterprise LDAP Including Active Directory


If your site has special requirements that force it to define the site administrator in the enterprise LDAP or Active Directory Server, note the following: If you are binding to a Read Only LDAP respository, the user you choose must have the "uid=Administrator" attribute. If you are binding to a Read/Write LDAP respository, the user specified will be assigned a "uid=Administrator" attribute. There can only be one user with the "uid=Administrator" attibute in both the administrative and enterprise user Distinguished Names. If you are going to specify an existing user for your site administrator, this user cannot be assigned to an organization (a value specified for the "o" attribute) in the LDAP repository. Using the existing user as a Site Administrator for Active Directory Server is not supported.

Before Using the PTC Solution Installer

51

Refer toConfiguring Additional Enterprise Directories on page 347 for more information.

Configuring a Windchill Installation to be IPv6 Compliant


Windchill solutions that are configured to be IPv6 compliant can do the following: Send and receive IPv6 packets with an IPv6 client Use IPv6 addresses and features available through the API

Several 3rd Party applications do not yet support IPv6, so sites implementing IPv6 must have a dual-stack Windchill server (IPv4/IPv6) to be able to integrate with IPv4 enabled 3rd party applications. The following is a diagram that illustrates this point:

The client (browser) to the Windchill server connection can use a pure IPv6 connection. There are manual instructions in this guide to configure Apache and Sun Java System Web servers. IIS Web servers do not require special instructions to make them IPv6 compliant. An IPv6 protocol stack must be installed on the server, but these instructions are outside the scope of this document.

Specifying UNIX Settings


UNIX has several prerequisites before you install your Windchill solution.

52

Windchill Installation and Configuration Guide

Windchill Requirements on UNIX


Windchill requires the following: An X Windows session capable of displaying xterm The xterm application needs to be installed

Setting the Ulimit Settings on UNIX


On UNIX systems, the shell limits for the maximum number of open file descriptors must be set to a minimum of 4096. Consult the operating system documentation or system administrator to determine how to do this in your environment. The default open file limit for AIX systems is 2000. For Windchill Production systems this should be increased . For example:
ulimit -n 65535 ulimit -f unlimited

Setting umask on UNIX


When installing on UNIX systems, the umask value must be checked prior to running PSI. The umask must be set so that newly created files are writeable. One possible umask value that might work is 022. If you are unsure what value is appropriate for your site, talk to your system administrator.

Verify that the Time and Date is Accurate on the Server


Some third-party products that are installed with your solution utilize the time and date stamp on the solution server. To ensure proper installation, verify that the time and date is accurate on the solution server.

Before Using the PTC Solution Installer

53

5
Installing Windchill Solutions
Overview ..................................................................................................................56 Installing Using the PTC Solution Installer....................................................................56 Optional Product Settings...........................................................................................93

This section describes how to use the PTC Solution Installer to install Windchill solutions.

55

Overview
Note If you have installed Pro/INTRALINK, installing Windchill PDMLink serves to upgrade your installation to Windchill PDMLink. If you have customized or otherwise modified yourPro/INTRALINK installation, consult the chapter "Managing Customizations" in the Windchill Customization Guidebefore installing Windchill PDMLink.
Verify that you have done the following before continuing with the installation process: Completed any necessary steps in the chapter Before Using the PTC Solution Installer on page 47 Installed the database software using the instructions in either Installing Oracle on page 29 or Installing SQL Server on page 39 Launch the PTC Solution Installer. Click Update Existing Installation and click Next . Select the Pro/INTRALINK instance of the installation and click Next . Select Upgrade to Windchill PDMLink and click Next . Complete the regular installation procedure.

To upgrade Pro/INTRALINK to Windchill PDMLink use the following procedure: 1. 2. 3. 4. 5.

Caution Before attempting to access any part of the Windchill system ensure that all installation procedures have been completed.

Installing Using the PTC Solution Installer


To begin your installation, first read through the Getting Started with Windchill Installation and Configuration Guide to plan your installation. Next, refer to the following information to install your Windchill solutions.

Launching the PTC Solution Installer


The PTC Solution Installer (PSI) is a dynamic installer that offers different installation options based upon the products and features you select. Use the instructions in this chapter to install your PTC solutions. 1. Insert the PTC Solution Installer CD.

Note If you are installing on UNIX, refer to Loading and Mounting the CD-ROM on UNIX on page 445 for more information.

56

Windchill Installation and Configuration Guide

Note If you are installing a service pack, do not run the installer from a windchill shell as the service pack may have updates to the windchill command code. Instead, be sure to modify the system PATH variable to include the path to your installed SDK bin directory before running the setup file. 2. From your CD drive, enter the following command:
Windows
setup.vbs

UNIX
setup

Choosing the Installer Language


Choose the language for this installation session and click OK .

Before You Begin


The Before You Begin panel provides links to the documentation necessary to install your Windchill solutions.

PTC Customer Agreement


The installer prompts you to accept the license agreement. Acceptance of the license agreement is required for installation. The person installing this software must have the legal authority to accept the license agreement on behalf of the customer. If the installer does not accept the license agreement, instructions will appear on-screen with respect to how to return the software for a refund. Note that a refund will only be given if the instructions are followed in a timely manner (no later than 30 days after the software is shipped by PTC). Before you are allowed to accept the agreement, you must scroll all the way through it to acknowledge you have reviewed the information.

Selecting the Installation Type


The PTC Solution Installer (PSI) allows you to install products using the following installation types: Solution Installation This option allows you to install on one or more machines. Update Existing Installation

Installing Windchill Solutions

57

This option allows you to install a maintenance release, install a point release, add products to your already-installed solution, or add a language. For example, if you have an existing Windchill PDMLink system, you use Update Existing Installation to add Windchill ProjectLink or Windchill Business Reporting to your solution. Recover This option is available if the PTC Solution Installer detects an incomplete installation. Select this option to attempt to complete the unfinished installation. For more information on recovering an unsuccessful installation, see Recovering an Installation on page 451

The following information will be useful prior to installing or updating your solution: See Planning a Solution Installation on page 13 for information on required permissions for those installing a Windchill solution. All databases and platform components on remote machines must be installed in the proper order as indicated in the Getting Started with Windchill Installation and Configuration Guide and this guide.

For information on how to update an existing installation, refer to the following:

Windchill Installation and Configuration Guide Update Existing Installation

Selecting the Solution


The solution is the main PTC product that you are installing on your system. Examples include Windchill PDMLink, Pro/INTRALINK, Windchill Integrations for Embedded Softwareand Windchill Quality Solutions, such as Windchill CAPA, Windchill Nonconformance and Windchill Customer Experience Management. All optional products and platform components integrate with the main solution to enable the parts to act together as one PTC solution. Select your main solution and click Next .

Note If you need to choose a different installation type after clicking Next , cancel the installation and re-start the PTC Solution Installer.

Windchill Integrations for Embedded Software


Windchill Integrations for Embedded Software is a PTC product solution with the following optional server integrations: Windchill Integration for Bugzilla Windchill Integration for IBM Rational ClearCase

58

Windchill Installation and Configuration Guide

Windchill Integration for Atlassian JIRA Windchill Integration for Subversion Windchill Integration for Integrity Windchill Integration for Software Build Tools Windchill Integration for Eclipse Selecting the product solution Windchill Integrations for Embedded Software Selecting the optional integrations for Windchill Integrations for Embedded Software

The Windchill Integrations for Embedded Software product solution consists of:

The Windchill Integrations for Embedded Software installation consists of:

Installation Remember the following points during the installation: Select and provide applicable information for your system requirements. Refer to the following installation procedure as a guideline. See the PSI installation guide for detailed installation instructions. Click Back at anytime during the installation process to revise the information that you have provided. Click Restore Default Folder to revert to the default folder location. Click Cancel at anytime to stop the installation. You are prompted for confirmation.

Caution If you cancel during the actual installation, any configurations already made to the system cannot be undone.
Perform the following steps for Windchill Integrations for Embedded Software installation.

Note Refer to the following installation procedure for Windchill Integrations for Embedded Software as a guideline. See the PSI installation guide for detailed installation instructions for your system installation and configuration.
1. After the PTC agreement screen, choose Solution to begin the PSI installation. 2. In the Product Lifecycle Management section of the Product Solution window, select Windchill Integrations for Embedded Software. If applicable, select other product solutions. 3. Select the optional products you want to install for: Windchill Integration Windchill Modules

Installing Windchill Solutions

59

Windchill Base Solutions Add-ons Windchill Visualization 4. Select the platform components to install and configure on this machine, or select the option to configure your solution to existing platform components for the following: Java Software Development Kit Apache Web Server Windchill Directory Server Database Software 5. A summary list of your product selections display. Some of your product selections may have optional features that you can configure. Select the features that you would like to configure. If there are no additional product features to configure, verify that the product list is accurate and continue. 6. Specify the database options to configure for your site from the following list of options: Database Database Installation User Database Application User 7. Select the optional integrations you will use with Windchill Integrations for Embedded Software from the following selections: Windchill Integration for Bugzilla Windchill Integration for IBM Rational ClearCase Windchill Integration for Atlassian JIRA Windchill Integration for Subversion 8. Select if you are installing in a production or non-production environment. And, if you want to configure to send and receive system information. 9. Specify the E-mail address of the system administrator responsible for the proper functioning of your Windchill solution. Provide your customers numbers so that your solution can send administrative notifications and communicate with PTC. 10. Specify the directory paths for the following: Base Installation Directory (your installation directory) Installation Directory for Windchill Installation Directory for Java SDK for Windchill Installation Directory for Windchill Directory Server

60

Windchill Installation and Configuration Guide

Installation Directory for Apache Web Server Installation Directory for Oracle Database 11. Select the datasets you would like to load for the following: Create database schema Load base data Load demo data

If you are installing the optional integration, Windchill Integration for IBM Rational ClearCase, you can choose to create database schema and load administrative data required for this product during the installation, or as a manual step after the installation.

Note If you choose not to perform this step during the installation, see Step 1 Run Windchill Loader in the post installation section for Windchill Integration for IBM Rational ClearCase. This is a required step IBM Rational ClearCase. There is no load demo data for IBM Rational ClearCase. 12. Specify the fully qualified host name and port numbers for both the web server and servlet engine:
Web Server DNS Registered Host Name HTTPS Port Number Servlet Web Server Listener Port Number Servlet Engine DSN Registered Host Name 13. Complete the applicable selections in the PSI installer windows. 14. Select a language for base data which includes templates and rules, and one or more display languages for user interface and documentation. Select Base Data Language Select Display Languages If applicable, Select multibyte character set storage is required for multibyte languages 15. Select the Oracle database specific to your location: Enter the Oracle database DNS Registered Host Name Enter the Oracle Database Listener Port Number Enter the Oracle Database System Identifier (SID) Enter the Oracle System Account Password. Enter the values for the database user name: Oracle User Name for Windchill Installation Oracle User Password for Windchill Installation Confirm Oracle User Password for Windchill Installation
Installing Windchill Solutions 61

16. Specify the settings to access the LDAP server, administrative users, and user definitions. LDAP Server DNS Registered Host Name LDAP Server Port Number LDAP Server Administrator Distinguished Name LDAP Server Administrator Password. Confirm LDAP Server Administrator Password. LDAP Base DN LDAP Server Administration Port 17. Enter Windchill Site Administrator. Select from the following: Create New Use Existing Account 18. Enter the Windchill Site Administrator user name and password as wcadmin. Windchill Site Administrator User Name wcadmin Windchill Site Administrator Password wcadmin Confirm Windchill Site Administrator Password

wcadmin 19. Select the Repository Where the Site Administrator is Stored from the following selections. Administrator Enterprise 20. Select the Web Application Context Root as Windchill. Windchill 21. Select the Info*Engine Task Processor Port Number. 22. Select the Initial Organization Name as ptc. ptc 23. Specify Where to Create Product Icons. 24. Specify the staging area for your installation CDs. 25. A summary page displays with the values you specified for your installation and the values that were selected for you by default. You can save this information for future reference by clicking Save . 26. To make any changes to your installation, click the Back button to the specific screens of where you want to change selections or values.

62

Windchill Installation and Configuration Guide

27. When ready to begin the installation, click Install .

Caution If you cancel during the actual installation, any configurations already made to the system cannot be undone. 28. Once the installation is complete, the components installed display on the screen. Click Done to exit the installer.
Post Installation Steps Refer to the section Windchill Integrations for Embedded Software on page 201for the manual post-installation steps.

Selecting Optional Products


Optional products integrate with the main solution and the platform components to form your PTC solution. Some optional products require more input than others to install, so each optional product has its own subsection under Optional Product Settings on page 93. For each optional product you are installing, refer to its section before returning to this part of the installation process. The section for each optional product describes any information you need to enter during installation. Note any post-installation instructions for each optional product that may need to be completed after the PSI finishes installing the solution.

Note For information on installing Optegra Gateway refer to the Optegra Gateway Installation and Configuration Guide available on the Reference Documents site.

Choosing the Platform Components


The platform components provide the internet infrastructure necessary for your Windchill solution installation. PSI allows you to select and configure the required platform components for your installation. This screen allows you to select some components to install with the main solution, such as Windchill PDMLink, and later install other components on a separate machine using the PSIs option to install Solution Standalone Products or Components . The following table describes each of the platform components: Component Description Java Software Development Kit (JSDK) The JSDK provides a Java development and runtime environment for Windchill solutions.

Installing Windchill Solutions

63

Component Apache Web Server

Description The front-end authentication mechanism for your Windchill Web application. The Apache Web server is bundled with Windchill solutions.

Windchill Directory Server

Note If you plan to use a Web server other than Apache, PTC highly recommends that you install the bundled Apache Web server to initially test your Windchill solution. After testing your solution with Apache, use the documented procedures to reconfigure your solution to use the other Web server. Testing your installation with Apache takes very little additional time up front and generally saves a great deal of time in troubleshooting if anything is not working properly with the other Web server. Windchill Directory Server is an LDAPcompliant enterprise directory that is bundled with Windchill solutions.
An LDAP server is required for managing Windchill operation definitions. It can also optionally manage Windchill user information. Select the database you are using with your Windchill solution and click Next . Oracle or SQL Server provides persistent data storage for Windchill solutions. If you are installing bundled Pro/ INTRALINK Oracle, select the Install Pro/INTRALINK Pro/INTRALINK Oracle check box. If you are installing using the Oracle Real Application Cluster option, see the Windchill Advanced Deployment Guide for more information.

Database Software o Install Pro/INTRALINK Oracle

64

Windchill Installation and Configuration Guide

The following table lists the actions available in the drop-down list for the platform components: Action Install and configure Configure to an existing local instance Do not install or configure Description Installs and configures this component on the local machine. Configures your Windchill solution to an existing local instance of the component. Only select this option if you will install and configure the component at a later time. This option also is available if you can manually configure a remote component of that type. For example, select this option under servlet engine if you wish to manually connect to a remote servlet engine.

Selecting Optional Features


You can choose optional features for the products you are installing. All of the products and components you have selected to install are listed, but not all products or components have optional features to select. Option Java Software Development Kit Apache Web Server Windchill Directory Server The Windchill solution listed will match what you chose in the section titled Selecting the Solution on page 58. Optional features are offered based on the choices you made in the sections titled Selecting Optional Products on page 63 and Choosing the Platform Components on page 63. Description of Optional Features There are no optional features. There are no optional features. There are no optional features. For optional features: Enable Remote File Server Support makes this server the master site for the remote Windchill File Server. Enable Cluster Support allows the server to operate in a cluster. See the Windchill Advanced Deployment Guide for more information on using this setting. Configure Windchill for Business Reporting configures your Windchill solution to work with the Windchill Business Reporting components when installed in a distributed installation scenario. This field only displays if you are not installing Windchill Business Reporting at this time.

Installing Windchill Solutions

65

Option

Description of Optional Features For descriptions of options that are available under each optional product, see Optional Product Settings on page 93.

Specifying the User (UNIX Only)


When installing as a root user, you can choose which user under which to install the software components.

Note This screen will not appear if you are installing Apache, because Apache requires a root user to install.
When choosing the user, refer to the section titled Installing Using the Appropriate Permissions on page 48 to note components that require specific permissions to function properly. When you have selected the appropriate user, click Next .

Database Configuration
The database configuration screen allows you to configure the database for your Windchill solution:

66

Windchill Installation and Configuration Guide

The following options are available: Selected Options Create Database and
Create Installation User

Resulting Configuration The PSI creates a database and installation user. The database installation user will be used to create the database schema, load required data, and execute transactions from Windchill. After selecting these options, click Next .

Create Database , Create Installation User and Create Database Application User

Note When creating an Oracle database using PSI, you can launch PSI as the user that installed the database software, or as root user. The PSI creates a database, installation user, and application user. The database installation user will be used to create the database schema and load required data. The database application user will be used to execute transactions from Windchill. After selecting these options, click Next .

Installing Windchill Solutions

67

Selected Options
Use Existing Database and Create Installation User

Use Existing Database , Create Installation User and Create Database Application User

Use Existing Database and Use Existing Installation User

Create Windchill Business Reporting User

Resulting Configuration The PSI creates a database Installation user. The database installation user will be used to create the database schema, load required data, and execute transactions from Windchill. After selecting these options, click Next . The PSI creates a database installation user and application user. The database installation user will be used to create the database schema and load required data. The database application user will be used to execute transactions from Windchill. After selecting these options, click Next . The PSI will use an existing database installation user to create the database schema, load required data, and execute transactions from Windchill. After selecting these options, click Next . The user has the option to configure Windchill with a database application user using the instructions in the section titled Configuring a Database Application User on page 196. This option is only available if you chose to install Windchill Business Reporting.

Setting Oracle Configuration Utility Environment Variables You must update the Oracle user profile so that the following environment variables are set automatically when launching a sh shell.
ORACLE_HOME= ORACLE_HOME_LOCATION PATH=/usr/bin:/usr/local/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/ucb:/usr/ccs/bin: $ORACLE_HOME/ bin:$PATHLD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH SHLIB_PATH=/u01/app/oracle/product/11gR2/lib:$SHLIB_PATH LIBPATH=/u01/app/oracle/product/11gR2/lib:$LIB_PATH

68

Windchill Installation and Configuration Guide

Configuring Your Environment for Information Exchange


This section describes how to configure your system for information exchange with PTC. Sending information to PTC is useful in helping diagnose and resolve problems when your site contacts PTC technical support. Choose from the following options: Option Production environment Description Select this option if you are installing your production system. Non-Production environment Select this option if you are installing a test system or a system other than your production system. Configure to Send and Receive System Configures your production system to Information send and receive information. By default, this option is selected when you choose to install a Production environment.

Providing Details for System Notifications and Information Exchange


This section describes the information necessary to configure your system to properly send notifications and exchange information with PTC (if you chose this option). Field Email address for Information Exchange, Apache, and System Notifications Description Enter the email address of your Windchill system administrator who will read system notifications or correspond with PTC for information exchange. Enter the name of your company. A service contract number is required for technical support.

Company Name Sales Order Number (SON) Service Contract Number (SCN)

Specifying the Installation Directory


Choose the base installation directory for your products. The base installation directory is the parent directory in which subdirectories are created for your optional products and platform components.

Installing Windchill Solutions

69

By default, your base installation directory is C:\ptc\Windchill_10.0 (Windows) or /opt/ptc/Windchill_10.0 (UNIX), and the directory structure for the platform components is as follows:

You can change each individual subdirectory to meet your needs. By default, all products and components are installed under the Base Installation Directory. You can change this by editing the installation directory in any given field. To continue propagating changes throughout all installation paths, enter further changes under the Base Installation Directory field.

Note For HP-UX machines, the Installation Directory for the Apache Web Server should only be installed in the following location:
/opt/hpws22/apache

Selecting Data Loader Settings


Data loading is used to initialize and populate the Windchill database with base or demonstration data. The base data for all of the installed Windchill products must be loaded before you can use Windchill. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. In the Define Settings section, determine the appropriate selection Option
Create Database Schema

Description Selecting this option creates the

70

Windchill Installation and Configuration Guide

Option

Description database schema that defines the tables, columns and relationships between fields and tables. This option is selected by default to allow base data to be loaded.

Load base data

Load demo data

Note When selected, and if you are adding an additional product to an existing installation, and that product has its own schema you are asked to provide a database installation user name and password. Base data is required for all solutions. This option is selected by default to load the base data. Installs the demonstration data.

Entering the Web Server and Servlet Engine Settings


Apache Web server and Tomcat servlet engine are the Web server and servlet engine that PTC bundles with its Windchill solutions. The Web server is the front-end authentication mechanism for your Windchill Web application. The Apache Web server is bundled with Windchill and has an automatic configuration. The servlet engine extends the functionality of the Web server by managing the data transfer between the Windchill application server and the client. The Tomcat servlet engine is bundled with Windchill and has an automated configuration. For more information about the Web servers and servlet engines, see the software matrices: http://www.ptc.com/appserver/cs/doc/refdoc.jsp For this part of the installation, make sure you have the logical host name from your network administrator.

Web Server and Servlet Engine Input Fields


Use the following options for Apache Web Server and Tomcat Servlet Engine: Option Web Server DNS Registered Host Name Description The a fully qualified host name of the computer on which Apache is installed.

Installing Windchill Solutions

71

Option

Description The host name must conform to the required standard Internet format that specifies the name can be a text string up to 63 characters drawn from only the alphabet (A-Z and a-z), digits (0-9), hyphen (-), and period (.). The period is used only as a domain name separator. The first character of a host name can be either a letter or a digit. The default is: <hostname>.<domainname> A port number to listen for HTTP requests. A value is required. The default is 80 or you can specify another value. If you specify another value, you must modify Apache to use a different port. A port number to listen for HTTPS requests. A value is required. HTTPS is not effective out-of-the-box and requires manual configuration to implement.

HTTP Port Number

HTTPS Port Number

Servlet Engine Web Server Listener Port Number

The default is 443. A port number to listen for Web server requests. Use the same port number value that you entered when you installed Tomcat.

Servlet Engine DNS Registered Host Name

The default is 8010. The host name where Tomcat is installed. The default is: localhost

72

Windchill Installation and Configuration Guide

Specifying Language Settings


For information about the languages supported with this release, use the following URL: http://www.ptc.com/appserver/cs/doc/refdoc.jsp Select the following: Product: Product <Your Product> Reported Release: Release <Your Release> Document Type: Type Matrices - Language User Role: Role Any Use the following options for the language settings: Option Base Data Language Description Select a language for administrative data, such as templates and rules. The initial default language is English. Select one or more Display Language check boxes for the user interface and documentation.

Display Language

Once you have selected your languages, click Next .

Selecting the Database Size


Database size determines the disk space requirements for Oracle and SQL Server. The table information does not take into account the disk space required for the Windchill product files or the memory and CPU requirements that are needed to run additional Windchill products. Oracle Option Demo/Test Tablespace 5000 MB Description Size is sufficient to load the Windchill demonstration data and should be adequate for very small pilots. Initial size. Adjust for your needs accordingly. Initial size. Adjust for your needs accordingly.

Production Large

11,000 MB 26,000 MB

Installing Windchill Solutions

73

Select the size and click Next . SQL Server Option Demo/Test Tablespace 1500 MB Description Size is sufficient to load the Windchill demonstration data and should be adequate for very small pilots. Initial size. Adjust for your needs accordingly. Initial size. Adjust for your needs accordingly.

Production Large

2500 MB 5000 MB

Select the size and click Next .

Entering Your Database Information


When you use the PTC-bundled Pro/INTRALINK - Oracle for the Windchill solution, you are creating new user names and passwords. When you use a previously installed Oracle or SQL Server database, you reference existing user names and passwords. Oracle and SQL provide persistent data storage for Windchill. In the Define Settings section, enter your Oracle or SQL Server database information. Oracle Option Enable extended character sets check box.

Description Select the check box for every language except for English. A cleared check box is the default, which means English is the default language. Create a new installation directory if you are installing the PTC-bundled Pro/ INTRALINK - Oracle. If you have installed Oracle, set the ORACLE_HOME system environment variable to the Oracle installation directory.

Oracle Server Installation Directory

74

Windchill Installation and Configuration Guide

Option

Description <ORACLE _HOME> is the default if the variable is not set. Create a new password if you are installing the PTC-bundled Pro/INTRALINK - Oracle. If you have installed Oracle, enter the existing system password. Enter the system password again. Create a new user name. Create a new password.

Oracle SYSTEM Account Password

Confirm Oracle SYSTEM Account Password Oracle User Name for Windchill Oracle User Password for Windchill

Confirm Oracle User Password for Windchill Option

Note Your password cannot include special characters (! @ % ^ & * ( ) + = \ | ` ~ [ { ] } ; : ' " , < > ?). If your sites password policy requires special characters, create a temporary password now and manually change it to include special characters post-installation. For more information, see Changing the Database Password on page 175. Enter the password again to verify the password.
Description Select the check box for every language except for English. Create a new installation directory if you are installing the PTC-bundled Pro/ INTRALINK - Oracle. Set the ORACLE_HOME system environment variable to the Oracle installation directory. Defines the fully qualified machine name of the

Default Enable extended characcharac- A cleared check box is the default, which means ter sets check box. English is the default language. Oracle Server Installation <ORACLE _HOME> is Directory the default if the variable is not set.

Oracle Database DNS Registered Host Name

<hostName>.<domain>

Installing Windchill Solutions

75

Option

Default

Description Oracle server. Create a new name for PTC-bundled Pro/INTRALINK - Oracle or use the existing name for the Oracle Configuration. Defines the port number the Oracle server listens on. Create a new port number for PTC-bundled Pro/INTRALINK - Oracle or use the existing port number for the Oracle Configuration. Defines a name to be given to the database when it is created. The number cannot exceed 8 aphanumeric characters, and must not begin with a numeric digit. Create a new name for PTC-bundled Pro/INTRALINK - Oracle or use the existing name for the Oracle Configuration. Enter the system password. Create a new password for PTC-bundled Pro/INTRALINK - Oracle or use the existing password for Oracle. Enter the password a second time to verify the password. Create this user name if you are installing the PTC-bundled Pro/INTRALINK Oracle.
Windchill Installation and Configuration Guide

Oracle Database Listener Port Number

1521

Oracle Database System Identifier (SID)

wind

Oracle SYSTEM Account Password

Confirm Oracle SYSTEM Account Password Oracle User Name for Windchill

76

Option

Default

Description Use the same user name that you used when installing Oracle. Create this password if you are installing the PTC-bundled Pro/INTRALINK Oracle. Use the same password that you used when installing the Oracle Configuration. Enter the password a second time to verify the password. Create this name if you are installing the PTCbundled Pro/INTRALINK Oracle. Use this name if you have installed the Oracle Configuration. Create this name if you are installing the PTCbundled Pro/INTRALINK Oracle. Use this name if you have installed the Oracle Configuration.

Oracle User Password for Windchill

Confirm Oracle User Password for Windchill Default Tablespace Name USERS (Both Database settings and Data Loader settings)

Temporary Tablespace Name (Both Database settings and Data Loader settings)

TEMP

SQL Server Creating a Windchill database user account and dabase objects remotely is not supported for SQL Server using PSI. To accomplish this option for SQL server, PSI must be run on the SQL Server host and the SQL Server Configuration option must be selected to create a database and user. Then, PSI must be launched again from the Windchill Server host. Select Configure to an existing user on an existing database for SQL Server and fill in the fields with the SQL Server values used during the database creation step on the database host. For more information on creating a User on SQL Server, see Installing a Standalone Product or Component on page 137.

Installing Windchill Solutions

77

Note Some options do not appear when configuring to an existing user and database.
Option Installed SQL Server Instance Name (Named Instance only) Password for User sa SQL Server User Name for Windchill SQL Server User Password for Windchill Description The default instance represents the machine on which the SQL server is installed. Enter a password. The same user name that you used when installing SQL Server The same password that you used when installing SQL Server

Note Your password cannot include special characters (! @ % ^ & * ( ) + = \ | ` ~ [ { ] } ; : ' " , < > ?). If your sites password policy requires special characters, create a temporary password now and manually change it to include special characters post-installation. For more information, see Changing the Database Password on page 175. Confirm SQL Server User Password for Enter the password again to verify the Windchill password.
Option SQL Server Installation directory SQL Server Client Installation Directory SQL Server DNS Registered Host Name Installed SQL Server Instance Name (Named Instance only) Default Description The same directory you used when installing SQL Server. The same directory you used when installing SQL Server. The same name you used when installing SQL Server. The name you used when installing SQL Server. If you used the default instance during installation of SQL Server, this can be left empty.

78

Windchill Installation and Configuration Guide

Option TCP Port Number for SQL Server Instance Password for User sa

Default

SQL Server User Name for Windchill SQL Server User Password for Windchill Confirm SQL Server User Password for Windchill

Description The same port number you used when installing SQL Server. The password for the master administrator for SQL Server. The username that Windchill uses to access SQL Server. The password Windchill will need to access the database. Enter the password again to verify the password.

Entering Your LDAP Settings


Windchill Directory Server (WDS) is an LDAP-compliant enterprise directory that is bundled with Windchill. WDS is required for managing Windchill operation definitions. It can also optionally manage Windchill user information. When installing WDS on a separate machine from your Windchill solution, WDS requires a locally installed Java Software Development Kit (JSDK).

Caution The Windchill Directory Server must be installed on local disk. It must not be installed on NFS mounts, or other non-local disk. Attempting to install the Windchill Directory Server on nonlocal storage can cause data corruption, file locking issues and startup failures. In addition, antivirus software must be turned off or be configured to avoid scanning in the Windchill Directory Server installation directory.
The LDAP settings create a default LDAP directory structure similar to the following:

Installing Windchill Solutions

79

Note Depending on the product you are installing, the default LDAP directory structure is different.
In the Define Settings section, enter your LDAP settings: Option LDAP Server DNS Registered Host Name LDAP Server Administrator Distinguished Name Description <hostname>.<domain> is the default. The distinguished name for the Windchill Directory Server administrator. The setup program creates the directory using the distinguished name that you specify. cn=Manager is the default Windchill Directory Server administrator s password Specify the same password that you specified
Windchill Installation and Configuration Guide

LDAP Server Administrator Password Confirm LDAP Server


80

Option Administrator Password

Description for the Administrator s password.

The following default values are set for you during the Express installation. You cannot change these values during an Express installation. Option LDAP Server Port Number Base Distinguished Name for Product Properties Base Distinguished Name for Administrative Users Default 389 Description Defines the port number that the Windchill Directory Server listens on for requests. Defines the distinguished name of the top subtree LDAP entry under which Windchill configuration LDAP entries reside. Specifies a base node in the Administrative Directory hierarchy that contains all users in the directory that should be visible to Windchill. Specifies a base node in the Enterprise Directory hierarchy that contains all users in the directory that should be visible to Windchill.

cn=configuration, cn=Windchill_10.0, o=<myCompany> ou=people, cn=AdministrativeLdap, cn=Windchill_10.0, o=<mycompany>

Base Distinguished ou=people, Name for Enterprise cn=EnterpriseLdap, Users cn=Windchill_10.0, o=<mycompany>

Note This option does not apply when a solution is installed standalone. Note Refer to the section Preparing Enterprise LDAP for Installation Data Load on page 51 before setting this option. Specifies whether user definitions are stored in the enterprise LDAP.
Defines the LDAP base distinguished name under which the entire set of Windchill created entries will be stored. The port number that is used by the Windchill Directory Server control-panel to administer
81

Enterprise User en- No tries are in the Enterprise LDAP Windchill Directory o=Company Name Server Directory Suffix Windchill Directory 4444 Server Administrator Port
Installing Windchill Solutions

Option

Default

Windchill Directory 1689 Server JMX Access Port Number

Description Windchill Directory Server.. The port number used by JMC clients to retrieve Windchill Directory Server usage data. The standard JMX clients, JConsole or VisualVM, can be used to connect to Windchill Directory Server on this port.

Define the settings for the Windchill Directory Server LDAP directory:

Note The following is a complete list of possible options; some may not appear depending on whether you are installing WDS on the same server with Windchill or standalone. Entry Option Default LDAP Server DNS <hostname>. <hostname>.<domain> is the Registered Host default. <domain> Name LDAP Server Port 389 Define the port number that the Number Windchill Directory Server Directory server listens on for requests. The distinguished name for the LDAP Server Ad- cn=Manager Windchill Directory Server adminministrator Distinistrator. The setup program creates guished Name the directory using the distinguished name that you specify. Windchill Directory Server adminLDAP Server Adistrator s password ministrative Password Specify the same password that you Confirm LDAP specified for the Administrator s Server Administrapassword. tive Password Note This field only appears when installing a new Windchill Directory Server LDAP Server. Defines the LDAP base distinguished name under which the entire set of Windchill created entries will be stored.

LDAP Server Base DN

o=PTC

82

Windchill Installation and Configuration Guide

Option LDAP Server Administrator Port

Default 4444

LDAP Server JMX 1689 Access Port Number

Base Distinguished cn=configuration, Name for Product cn=Windchill_10.0, Properties o=PTC

Entry The port number that is used by the Windchill Directory Server controlpanel to administer Windchill Directory Server.. The port number used by JMX clients to retrieve Windchill Directory Server usage data. The standard JMX clients, JConsole or VisualVM, can be used to connect to Windchill Directory Server on this port. Define the distinguished name of the top subtree LDAP entry under which Windchill configuration LDAP entries reside. You can enter any unique base unless you entered a context name as part of the distinguished name entered here. By default, a no context name was required when you installed Windchill Directory Server. Define the distinguished name of the LDAP subtree under which Administrative LDAP entries reside. Users and groups under this subtree will be visible to Windchill. You can edit this field to change the suggested name.

Base Distinguished ou=people, Name for Adminis- cn=AdministrativeLtrative Users dap, cn=Windchill_10.0, o=ptc

Base Distinguished ou=people, Name for Enterprise cn=EnterpriseLdap, Users cn=Windchill_10.0, o=ptc

Note This option does not apply when Windchill Directory Server is installed as a standalone component. Define the distinguished name of an LDAP subtree under which Enterprise LDAP entries reside. Users and groups under this subtree will be visible to Windchill.

Installing Windchill Solutions

83

Option

Default

Entry

Enable Separate Enterprise LDAP Server

Note Refer to the section Preparing Enterprise LDAP for Installation Data Load on page 51 before setting this option and Preparing an Enterprise LDAP Including Active Directory on page 51. This option is not se- Specifies whether the enterprise subtree is in a separate LDAP Servlected by default. When you do not se- er (for example, a site corporate lect the check box, the LDAP server). default settings for the If you select the check box, the next JNDI Adapter Settings screen displays settings for the sepappear. arate LDAP server. Specify the settings for the LDAP server you wish to use.
See these settings later in this section.

Note Refer to the section Preparing an Enterprise LDAP Including Active Directory on page 51 before setting this option.
The following list contains enterprise LDAP options: Option Enterprise Repository LDAP Server Host Name Default <hostname> <domainname> Description Host name to connect to the Enterprise LDAP Server. An Enterprise LDAP can exist on a local or remote machine. You can use either a V3 Compliant LDAP or an existing Microsoft Active Directory Service (ADS) for this. The port number that Windchill will use to communicate with the enterprise LDAP server. Specifies the bind method used to connect to the Enterprise Repository.

Enterprise Repository LDAP Server Port LDAP Connection

389

Bind as User

84

Windchill Installation and Configuration Guide

Option

Default

Description Two options are available: Bind as Anonymous, which does not require a user name to read the contents of the repository.

Enterprise Repository LDAP User Distinguished Name

cn=Manager

Enterprise Repository LDAP Password Windchill Privileges Read,Write for Repository

Bind as User, which binds to the directory as the user specified. This user must exist in the Enterprise Repository LDAP. Specify the distinguished name of an existing LDAP user. If the Enterprise LDAP Server is ADS, specify an existing ADS user in user@domain format. Enter the password of the specified user.

Sets a flag indicating this is a read/ write adapter. If it is ADS, you can bind in only Read only mode. For other V3 compliant LDAP, you can choose: Read, Write. The user specified earlier must have the corresponding privilege. Select either the User or Group check box. Depending on the option selected, Windchill should consider the users/groups defined in this Enterprise LDAP when determining Windchill access. If the respository is Read Only, Windchill does not attempt to manage users and groups in the repository.

Repository contains Users

Installing Windchill Solutions

85

LDAP Service Option LDAP Service Default Description Active Directory Serv- Select this option if the enterprise ice (ADS) node is ADS. Otherwise, select Other V3Compliant LDAP. As soon as you select ADS, the following options later in this section are highlighted. See Default User Mappings for ADS Attributes on page 87. Change only the text "EnterpriseLDAP in this field. To filter users. Only those users who are selected here are searchable through Windchill Examples: If the Enterprise Node (LDAP) is Windchill Directory Server: uid= *(searches for all users) or uid= ne* (searches for all users with the name starting with ne). If the Enterprise Node is ADS: cn=* (searches for all users) or cn=ne*(searches for all users with the name starting with ne)

Enterprise Adapter Name User Filter

<reverse hostname>. EnterpriseLDAP

Note You can modify this criteria after installation by going to Site Utilities Info*Engine Administrator

Group Filter

and selecting the respective Enterprise Adapter. To filter groups.

86

Windchill Installation and Configuration Guide

LDAP Service (continued) Option Default Description Only those groups who are selected here are searchable through Windchill. Examples: If the Enterprise Node (LDAP) is Windchill Directory Server: cn=*(Searches for all Groups) or cn=gr* (Searches for all Groups with the name starting with gr). If the Enterprise Node is ADS: cn=*(Searches for all Groups) or cn=gr*(Searches for all Groups with the name starting with gr), and so on.

Note You can modify this criteria after installation by going into Site Utilities Info*Engine and selecting the respective Enterprise Adapter.
LDAP Server Attribute Mapping to Windchill Attributes Attribute mapping is configured in the LDAP Adapters. The values supplied here are stored in the LDAP Adapter definition. An option is provided to allow the automatic addition of a default set for ADS. ADS can not be used without specifying a default set. The defaults can be adjusted to suit a sites needs. For other LDAP V3 compliant LDAP directories no mappings are required. If a site requires, mappings can be defined in any configured LDAP Adapter by consulting Configuring Additional Enterprise Directories on page 347. Default User Mappings for ADS Attributes The "Option" column specifies the attribute name expected by Windchill and the "Default" column specifies the ADS attribute name.

Installing Windchill Solutions

87

Default User Mappings for ADS Attributes (continued) Option User Certificate Unique Identifier Attribute Telephone Number Postal Address Preferred Language Common Name Surname Mobile Phone Number E-Mail Address Object Class Organization Name Fax Number Unique Identifier Default userCertificate sAMAccountName telephoneNumber postalAddress preferredLanguage cn sn mobile mail user company facsimileTelephoneNumber sAMAccountName

Descriptions for these fields can be found in Configuring Additional Enterprise Directories on page 347.

Note By default, both the unique identifier attribute and the unique identifier can have the same value; however, the unique identifier attribute must always point to an attribute that holds a unique value. If you do not have multiple subdomains in your ADS configuration, and you know that the sAMAccountName is unique within a single domain, then you can use the default value for your unique identifier attribute. If the values for your sAMAccountName are not unique, then you should use the userPrincipalName for your unique identifier attribute.
Default Group Mappings for ADS Attributes The "Option" column specifies the attribute name expected by Windchill and the "Default" column specifies the ADS attribute name. Option Unique Identifier Attribute Description Object Class Unique Member Default sAMAccountName description group member

Descriptions for these fields can be found in Configuring Additional Enterprise Directories on page 347.

88

Windchill Installation and Configuration Guide

Starting the Windchill Directory Server


On both Windows and UNIX systems you will need to start the Windchill Directory Server every time you reboot the machine. For more information see Starting the Windchill Directory Server.

Entering Administrative Settings


The administrative settings are used to configure your Windchill solution. Windchill Site Administrator Option Create New Description Creates a new Windchill site administrator using the values in the following fields. Uses an existing Windchill site administrator account. Specify the values for the existing account in the following fields. Description A user name for the administrator of the Windchill server. An example might be wcadmin.

Use Existing Account

Field Windchill Site Administrator User Name

Note Because of restrictions in both Apache and the Sun ONE servers, the user names that are used for logging on cannot contain extended ASCII characters nor multi-byte characters. Note If the Use Existing User (used as a Site Administrator) option is enabled, the installation does not work. See also Installation Logs and Troubleshooting on page 426. Windchill Site Administrator Password The password for the Windchill server administrator user. Confirm Windchill Site Administrator Verify the password you entered for the Password Windchill server administrator user. This option is only necessary when creating a new account.

Installing Windchill Solutions

89

Field Repository Where the Site Administrator Is Stored

Description Specifies which LDAP repository contains the site administrator. You have two options: Administrative and Enterprise

Field Web Application Context Root

Description Defines the Web application context root name used to access the Windchill applications through the Web browser. This value is used to format the URL, for example, http://<DNS name>/<Web application context root>.

The default is Windchill. Info*Engine Server Task Processor Port Defines the port number the task proNumber cessor listens on. The default is 10002. Select a different number if this port number is already in use. Initial Organization Name A name that describes the organization for which this installation is being performed. An example might be World Wide Tractors. The initial organization specified here becomes the internal organization for auditing. Organization Internet Domain Name An Internet domain name for the initial organization. The Internet domain name must conform to the required standard Internet format that specifies the name can be a text string up to 63 characters drawn from only the alphabet (A-Z and a-z), digits (0-9), hyphen (-), and period (.). The period is only used as a domain name separator. The first character of an Internet domain name can be either a letter or a digit. In particular, the value you specify cannot contain the underscore character ( _ ). A valid example of an Internet domain name is: world-wide-tractors1.com

90

Windchill Installation and Configuration Guide

Specifying Optional Product Settings


The descriptions for each optional products input fields can be found in the section entitled Optional Product Settings on page 93 under the product name.

Creating Product Icons or Links


You can create product icons or links to easily launch your product. The following describes your options on Windows and UNIX: Windows Option In a new program group In an existing program group Description Creates the icons in a new program group in the Start menu Creates the icons under a program group that already exists in the Start menu Creates the icons at the top level of the Start menu Creates the icons on your Windows desktop Creates the icons in your Windows Quick Launch Bar Specify the location where you want to create icons No icons are created during installation

In the Start menu On the Desktop In the Quick Launch Bar Other Do not create icons

Note If you select In a New Program Group or In the Start Menu , you can create the icons for all users by selecting Create Icons for All Users .
UNIX Option In your home folder Other Do not create links Description Creates the links in your home folder Specify the location where you want to create links No links are created during installation

When you are finished choosing, click Next .

Installing Windchill Solutions

91

Selecting Staging Directory Options


Select your staging directory location. You may specify up to three staging directories.

Note The term "product CD" can refer to either the physical CD media or the equivalent files downloaded from PTC.com.
PTC requires the use of a staging directory. A staging directory is a directory where you load all of your product CDs before beginning the installation. This allows the PTC Solution Installer to access each CD image without stopping to prompt you during installation. Using a staging area provides a faster installation experience and removes the need to insert CDs during installation. After you enter the location of a staging directory, the next panel allows you to browse for, and load, each installation CD if they are not already in the staging directory. When you are done, click Next .

Copying CDs or CD Images to the Staging Area


If the PSI does not find all of your CDs in the staging directory you specified, this screen allows you to copy your product CDs to the staging directory. The CDs listed are based on your choices for installing products, optional products and their components. If you have downloaded or copied your CDs to the staging directory, the PTC Solution Installer reports Staging Area as the CD location. To copy your CD to the staging directory, perform the following steps: 1. 2. 3. 4. Place the product CD you want to copy to the staging directory in the drive. Click Copy Disc . Click Browse and navigate to the CD drive where you placed the product CD. Click OK .

Repeat these steps for each product CD. If you are using UNIX, after staging all the CDs and DVDs, issue the command "chmod -R 755 <full_path_to_ORACLE_staged_DVDs>." For example:
chmod -R 755 /opt/ptc/installers/ORA_LINUX_DVD chmod -R 755 /opt/ptc/installers/ORA_LINUX_PATCHSET_DVD

When you are done, click Next .

92

Windchill Installation and Configuration Guide

Reviewing the Installation Overview


The Installation Overview lists the details of the installation. This summary lists the values you entered into the installer and values that have been set by default for you. Review these details to verify their accuracy. The Installation Overview panel also gives an indication of the estimated disk space requirements to complete the installation based upon the options you have chosen. After you click Install on the Installation Overview panel, the installer checks your system for the required disk space. If there is not enough space, the installer presents a dialog box that informs you of this and waits for the space to be available. You may also choose to go back and select a different installation directory. The disk space check can be disabled completely by setting the installer variable CHECK_DISK_SPACE to a value OFF (note all CAPS) prior to launching the installer. From a command prompt, enter the following command:
<PTCSolutionInstallerDirectory>/setup -DCHECK_DISK_SPACE=OFF

Click Save to copy an HTML version of this summary to your local machine. A file called <summaryName>.htm.properties is saved in addition to the summary that contains every property value set during that installation.

Note The installation summary includes un-encrypted password information. After the installation is complete, make sure that the following files are only accessible by those with the appropriate permissions: <Windchill>\installer\*.properties Summary.html

After you have reviewed the summary, click Install .

Locating Post-installation Post-installation Steps for Your Products


The PTC Solution Installer installs and configures many, but not all, PTC products end-to-end. Each product has its own section in the Completing Configurations Manual Steps chapter that describes any necessary post-installation manual steps. Refer to the section for each of your installed optional products to complete your installation.

Optional Product Settings


The following sections describe the settings for each optional product in detail and refer to any necessary post-installation steps.

Installing Windchill Solutions

93

Windchill Enterprise Systems Integration


Windchill Enterprise Systems Integration (Windchill ESI) integrates Product Lifecycle Management services offered by Windchill PDMLink and Windchill MPMLink with the services offered by distribution targets such as Enterprise Resource Planning (ERP) systems. This end-to-end integration provides a real-time connection between Windchill PDMLinkand Windchill MPMLinkand distribution targets and enables the transfer and mapping of business objects such as parts, Bills of Materials, Change Notices, manufacturing objects and documents from Windchill PDMLink to the distribution targets.

Note To publish manufacturing objects Windchill MPMLink must be installed.

Understanding Input Options


This section describes the options you can choose to install and configure Windchill Enterprise Systems Integration. It provides a description and any default values that may apply. Under Optional Products , select Windchill ESI Services . Set the following Installation Type for Windchill ESI: Option Configure Windchill PDMLink for use with Windchill ESI Default Selected Description Configures Windchill PDMLink for Windchill ESI by performing the relevant configuration steps such as installing the contents of the archive esi. ptcdar, propagating properties, updating the LDAP, loading the ESI data, etc. Configures Windchill PDMLink for ERP Connector by performing the relevant configuration steps such as installing the contents of the archive esi.ptcdar, propagating properties, updating the LDAP, loading the ESI data, etc. Creates distribution
Windchill Installation and Configuration Guide

Configure Windchill PDMLink for use with ERP Connector

Deselected

Create Distribution

Deselected

94

Option Targets in the Site Context

Default

Description targets in the database based on an input file supplied by the user.

Note For more information on configuring Windchill ESI for multiple ERP instance see the Windchill Enterprise Systems Integration Installation and Configuration Guide - Oracle Applications or the Windchill Enterprise Systems Integration Installation and Configuration Guide - SAP.
Enter the following Windchill Enterprise Systems Integration settings. The settings requested are based upon the product features you previously selected.

Note This step occurs further along in the installation process, after you configure you administrative settings.
Option Path to the File tibjms.jar Default Description Location of the file tibjms.jar, as installed by the Middleware Installation and Configuration Utility (MICU). Name of the user with administrative privileges for the TIBCO EMS (otherwise known as "TIBCO Enterprise for JMS") Server. Password for the JMS Administrator user. Since the password entered by the PSI user will not be echoed, this field would help ensure that the user typed in the

JMS Administrator Name admin

JMS Administrator Password Confirm JMS Administrator Password

Installing Windchill Solutions

95

Option

Default

JMS Server Host Name

JMS Server Port Number

7222

Directory Containing File ESITarget.xml

Note If the option for creating distribution targets for standard ESI has not been selected, this setting will not appear in the installer Choice Indicating the Create Distribution TarContext in Which to Cre- gets in the Site Context ate Distribution Targets Note If the option for creating distribution targets for standard ESI has not been selected, this setting will not appear in the installer Value for Context in Which to Create Distribution Targets Note If the option for creating distribution targets for standard ESI has not been selected, this setting will not appear in the installer

Description password correctly for the JMS Administrator Password field. Name of the machine hosting the TIBCO EMS Server. Port number on which the TIBCO EMS Server listens for requests from clients. Location of the file ESITarget.xml, containing distribution targets information for use with the Windchill data loader.

Choice indicating whether the user wants to create the distribution targets in the Site or some other context.

Value for the context in which to create the distribution targets. This needs to be provided only if the user chose to create the distribution targets in a context other than Site.

96

Windchill Installation and Configuration Guide

Post Installation Steps


Refer to the chapter Completing Configurations - Manual Steps on page 171 for any manual post-installation steps.

Reconfiguring ERP Connector into Windchill Enterprise Systems Integration


If you have a working ERP Connector instance and you have purchased Windchill Enterprise Systems Integration, see either the Windchill Enterprise Systems Integration Administration Guide - SAP or the Windchill Enterprise Systems Integration Administration Guide - Oracle Applications for more information on reconfiguring ERP Connector into Windchill Enterprise Systems Integration.

Post Installation Steps


Refer to the ERP Connector Administration Guide for any manual post-installation steps.

ERP Connector
ERP Connector is a product designed to leverage current standard Windchill ESI capabilities on the Windchill side, without using any third-party EAI software. This uni-directional integration enables the publication of product information stored in Windchill PDMLink to distribution targets in XML. ERP Connector enables the transfer and mapping of business objects, such as parts, Bills of Materials (BOMs) Change Notices (CNs) and documents, from Windchill PDMLink to the distribution targets, and also serves as the foundation for more advanced transaction-managed integrations. If Windchill MPMLinkis installed ERP Connector allows you to publish the following manufacturing objects: Process plans, including operations and sequences Resources, including process materials, skills and tooling

Understanding Input Options This section describes the options you can choose to install and configure ERP Connector. It provides a description and any default values that may apply. Under Optional Products , select Windchill Enterprise Systems Integration . Deselect the check box to Configure Windchill PDMLink for Standard ESI . Enter the following ERP Connector settings. The settings requested are based upon the product features you previously selected:

Installing Windchill Solutions

97

Option Directory containing the ERP Connector distribution target file

Description Location of the file containing the ERP Connector distribution target information. Create distribution targets There are two options for Choice Indicating the this setting. The default Context in Which to Cre- in the Site Context option places all ERP ate Distribution Targets Connector distribution targets in the Site context. If you have more specific needs for your distribution targets, select the option to create distribution targets in a context other than the Site context. If the option to create ERP Connector distribution targets in a context other than the Site context is selected, the user must specify the value for the context(s) to create the ERP Connector distribution targets in, here.

Default

Enter the value for the context to create ERP Connector distribution targets in

Post Installation Steps Refer to the ERP Connector Administrator's Guide for any manual post-installation steps.

Windchill Gateway for Cadence Allegro Design Workbench


The Windchill Gateway for Cadence Allegro Design Workbench is an adapter that allows ADW Library data to be managed in Windchill. It supports a star like architecture where multiple ADW libraries can be linked to a single Windchill server. This allows ADW data to be updated across multiple libraries automatically. The Cadence Allegro Design Workbench (ADW) Library is a library development and management environment that enables PCB librarians to create, validate, manage, and distribute library parts and their associated data for use with Allegro PCB SI, and Allegro PCB Editor.

98

Windchill Installation and Configuration Guide

Understanding Input Options


This section describes the options you can choose to install and configure ADW. Under Optional Products , select Windchill Gateway for Cadence Allegro Design Workbench (ADW) .

Post Installation Steps


The Windchill Gateway for Cadence Allegro Design Workbench has a client-side installer and some configuration steps to create and configure an adapter. See Windchill Gateway for Cadence Allegro Design Workbench User Guide for more information.

Windchill Workgroup Manager


Windchill Workgroup Manager is an add-on product to Windchill PDMLink and Windchill ProjectLink. It enables companies to integrate and manage second and third party authoring applications within Windchill. Installation of Windchill Workgroup Manager requires Windchill PDMLink or Windchill ProjectLink. When Installing a Newer Version of Windchill Workgroup Manager with the Previous Version of Windchill Beginning with the Windchill 10.1 M020 maintenance release, new versions of the Windchill Workgroup Manager client are supported with older versions of the Windchill server; the client will be backwardly compatible with an older version of the server. This allows client-side software fixes, along with support for new versions of CAD applications with older server maintenance releases without the need to upgrade the Windchill server. Backward compatibility is supported with AutoCAD, Autodesk Inventor, CATIA V5, NX, and SolidWorks. Backward compatibility is supported from Windchill 10.1 M020 and only within the 10.1 release stream. Windchill Workgroup Manager compatibility is not supported against Windchill 10.1 F000, Windchill 10.0 or Windchill 9.1. Refer to the illustration below for an example of this concept.

Installing Windchill Solutions

99

Backward compatibility is not extended forward; new versions of Windchill Workgroup Manager are supported with earlier versions of the server, but earlier versions of the Windchill Workgroup Manager are not supported with later versions of the server. To install a newer maintenance release of the Windchill Workgroup Manager client onto an older server, you must use the PTC Solution Installer of the same maintenance release date code as the new version of the Windchill Workgroup Manager client, and run it against the old server to install the new client into the old Windchill server.

Select Update Existing Apply Maintenance Release Standalone Products and Components only option. Under Optional Products , select Windchill Workgroup Manager . Under Define Settings , in the Workgroup Manager Authoring Applications window, check the check box next to all applicable Windchill Workgroup Manager authoring applications you want to install. When Installing Windchill Workgroup Manager 10.1 M020 on a Windchill 10.1 M020 Server This section describes the installation options for installing Windchill Workgroup Manager.

Note For a description of each optional Windchill Workgroup Manager product, refer to the Getting Started with Windchill Installation and Configuration Guide.
Under Optional Products , select Windchill Workgroup Manager. Under Define Settings , in the Workgroup Manager Authoring Applications window, check the check box next to all applicable Windchill Workgroup Manager authoring applications you want to install.

100

Windchill Installation and Configuration Guide

How to Install Windchill Workgroup Manager Client The Windchill Workgroup Manager client installation is located in theWindchill Workgroup Manager Help Center in the Installation section of the applicable second or third party authoring application being integrated with Windchill Workgroup Manager. The Windchill Workgroup Manager client installation is also located in the Windchill Workgroup Manager guide in the Installation section of the applicable second or third party authoring application being integrated with Windchill Workgroup Manager and available from the software downloads page and in the PTC document reference site. Server Post Installation Instructions If you are installing Windchill Workgroup Manager 10.1 M020 with Windchill 10.1 M010, or updating from a prior release of Windchill Workgroup Manager, you must run the Windchill Update Existing Installation procedure before launching the Windchill Method Server. You must run the Windchill Update Existing Installation procedure before attempting to launch the Windchill method server, or an error message will occur stating the current installation has not been updated. For more information see the Post-Update Actions section of the Windchill Installation and Configuration Guide Update Existing Installation.

Windchill Requirements Management Installation


The PTC Product Solution Installer (PSI) automatically installs the Requirements Management component when either Windchill PDMLink or ProjectLink is chosen as your Windchill solution. When installing the Windchill server for use with Integrity Requirements Management, the Web Application Context Root value specified in the PTC Solution Installer (PSI) must be Windchill , or the configuration with Integrity Requirements Management will fail. Post Installation Steps In addition to performing the Windchill post installation steps, refer to the section Windchill Requirements Management Configuration on page 265 for the manual post installation steps for Windchill Requirements Management and to learn how to integrate with Integrity Requirements Management.

Installing Windchill Solutions

101

Windchill PartsLink Classification and Reuse


This section includes information for installing Windchill PartsLink. Installing Windchill PartsLink Client on page 102 Installing Windchill PartsLink Server on page 103

Refer to the chapter Completing Configurations - Manual Steps on page 171 for any manual post-installation steps. For advanced deployment options, such as installing in a clustered environment, refer to the Windchill PartsLink Classification and Reuse Administrator's Guide .

Installing Windchill PartsLink Client


The following instructions are for installing Windchill PartsLink Client:

Note To install in a Windchill cluster environment, install the Windchill PartsLink client on each node in the Windchill cluster.
1. Refer to Installing Using the PTC Solution Installer on page 56 while completing the following sections: Launching the PTC Solution Installer Choosing the Installer Language Before You Begin PTC Customer Agreement When prompted to select an install type, select Solution and click Next . When prompted to select a solution, under Product Lifecycle Management , select Windchill PDMLink and click Next . The list of optional products is displayed. Under Windchill Integration , select Windchill PartsLink Integration Client and click Next . Specify optional product settings by entering the RMI Registry Port and PartsLink Server Hostname .

2. 3. 4. 5.

Note The server hostname you enter must be accessible by the machine on which Windchill PartsLink client is being installed.
RMI Registry Port Default value: Valid range: 10011 102465535

102

Windchill Installation and Configuration Guide

Note The value of the RMI Registry Port field must be the same as the RMI Registry Port specified when installing Windchill PartsLink server.
When finished, click Next . 6. Review the Installation Overview , you have the option of changing settings at this time. If the settings are acceptable, click Install . 7. When the installation has completed a confirmation is displayed. Click Done .

Installing Windchill PartsLink Server


The following instructions are for installing Windchill PartsLink Server: 1. Refer to Installing Using the PTC Solution Installer on page 56 while completing following sections: Launching the PTC Solution Installer Choosing the Installer Language Before You Begin PTC Customer Agreement 2. When prompted to select an install type, select Solution and click Next . 3. Under Standalone Products , select Standalone Product or Component and click Next . 4. Select Windchill PartsLink Server and select your configuration option: Configure for Oracle Configure for Oracle RAC Configure for SQL Server Click Next . 5. On the Define Settings screen, enter the following information:
Base Installation Directory Select Directory for Java SDK Installation Directory for PartsLink Server

By default this value is: C:\ptc \Windchill_10.0 Enter: D:\Java By default this value is: C:\ptc \Windchill_10.0\PartsLink

Click Next .

Installing Windchill Solutions

103

6. Enter Windchill PartsLink server database information. For more information see, Entering Your Database Information on page 74. When finished, click Next .

Note The information entered on this screen is used to propagate the xconfmanager and properties files. The schema for Windchill PartsLink is created separately. For information on creating the schema, see Windchill PartsLink Classification and Reuse Post-Installation Steps on page 220. 7. Specify optional product settings by entering the RMI Registry Port and PartsLink client hostname . Note If the Windchill PartsLink client is installed in a Windchill cluster environment, enter the hostnames of each of the Windchill nodes, separated by a semi-colon.
RMI Registry Port Default value: Valid range: 10011 102465535

Note The value of the RMI Registry Port field must be the same as the RMI Registry Port specified when installing Windchill PartsLink client.
When finished, click Next . 8. Follow the general PSI instructions for the remaining steps: Creating Product Icons or Links on page 91 Selecting Staging Directory Options on page 92 Copying CDs or CD Images to the Staging Area on page 92 Reviewing the Installation Overview on page 93

Refer to the chapter Completing Configurations - Manual Steps on page 171 for any manual post-installation steps.

Windchill Gateway for FORAN


The Windchill Gateway for FORAN and the Windchill Shipbuilding template should be installed together. For more information, see the Windchill Gateway for FORAN Configuration and Implementation Guide. To install Windchill Gateway for FORAN Message Oriented Middleware must be installed and configured. Installation of Windchill Gateway for FORAN on a Windchill system consists of two components: Windchill Shipbuilding Template and Windchill Gateway for FORAN.
104

Windchill Installation and Configuration Guide

The Windchill Gateway for FORAN installation begins at the Select Product step when Windchill PDMLink is installed. On the Select the optional products to install screen, the following selections must be checked to enable Windchill Gateway for FORAN integration: Windchill Gateway for FORAN Windchill PartsLink Integration Client Windchill Shipbuilding Template Creo View Thumbnail Generator and Viewable Compression Utilities

Understanding Input Options


This section describes the options you can choose to install and configure Windchill Gateway for FORAN. It provides a description and any default values that may apply. Under Optional Products , select Windchill Shipbuilding Template and then select Windchill Gateway for FORAN. Enter the following settings. The settings requested are based upon the product features you previously selected.

Note This step occurs further along in the installation process, after you configure you administrative settings.
Manual Input JMS Base URI Default Description A base URI is required to store administrative objects at the LDAP server. This procedure is for those who have WindchillDS servers. Specific to your site Specific to your site cn=ieQCF cn=ieExecution Specific to your site Specific to your site cn=inQ3

JMS Base URI User Name JMS Base URI Password JMS Queue Connection Factory JMS Queue Name Gateway Administrative User Name Gateway Administrative Password JMS Inbound Queue
Installing Windchill Solutions

105

Manual Input Default Name JMS Service Name SunMQ Default Target Context for Imported Data

Description

Post Installation Steps


Refer to Windchill Gateway for FORAN post installation on page 225 for any manual post-installation steps.

Creo Elements/Direct Elements/Direct Model Manager


Install the Windchill Gateway for Creo Elements/Direct Model Manager by selecting the Windchill Gateway module in the Creo Elements/Direct Model Manager server installer. Once selected, the installer will guide you through additional configuration screens.

Note During the configuration steps the installer will ask for a public key file. You must obtain this file from Windchill. Tip For more information see Getting Started with Windchill Gateway for Creo Elements/Direct Model Manager.

Understanding Input Options


When you install the gateway, by default you are configuring the adapters to Sun's Message Oriented Middleware. If you have another Message Oriented Middleware, the properties of the adapters will not be updated. . As an administrator of Windchill, go to Site Utilities Info*Engine Administration Page , and select the Windchill adapter from the adapter list.

Note The property com.ptc.distproc.credential sets the gateway administrator password in the <>/DistProc/distproc.properties file. This is the password of the principal who allows the adapters to interact with the gateway controller in Windchill. If encryption is enabled, then the JMS Base URI, WES Base URI and Queue Base URI fields need to be encrypted. See the Windchill system administration online help for more details.
The installation begins at the Select Product step when Windchill PDMLink is installed.

106

Windchill Installation and Configuration Guide

You must manually input the following: Manual Input JMS Base URI Default Description A base URI is required to store administrative objects at the LDAP server. This procedure is for those who have WindchillDS servers. Specific to your site Specific to your site

JMS Base URI User Name JMS Base URI Password JMS Queue Connection Factory JMS Queue Name Gateway Administrative User Name Gateway Administrative Password JMS Inbound Queue Name JMS Service Name Default Target Context for Imported Data

Specific to your site Specific to your site

Post Installation Steps


Refer to Windchill Gateway for FORAN post installation on page 225 for manual post-installation steps.

Windchill MPMLink
Windchill MPMLink is an add-on product to Windchill PDMLink, and is the central repository and the design environment for manufacturing data management in Windchill. Windchill MPMLink enables the manufacturing engineer to associatively transform the engineering BOM to the manufacturing BOM, to manage libraries of manufacturing resources and standardized manufacturing capabilities, to define digital definitions of process plans with associative links to the mBOMs and manufacturing resources and to dynamically generate work instructions for the shop floor. Installation of Windchill MPMLink requires Windchill PDMLink.

Installing Windchill Solutions

107

Understanding Input Options


This section describes the installation options for installing Windchill MPMLink. Under Optional Products , select Windchill MPMLink.
Creo Elements/View Client Creo Elements/View Thumbnail Generator Windchill MPMLink

These are the options for Creo Elements/View: Option Interactive 3D Thumbnails Description Makes the thumbnail image created by the Thumbnail Generator interactive. You can manipulate the model. Creates a Visualization tab on the Structure tab of the objects information page. Provides a client download directly from Windchill. Provides an ECAD Compare and Validate for ECAD download directly from Windchill.

Visual Structure Navigation

Make client available Make Validate for ECAD available

Post Installation Steps Refer to the chapter Windchill MPMLink on page 226 for any manual postinstallation steps.

Windchill Supplier Management


Windchill Supplier Management is an add-on product to Windchill PDMLink, and it enables companies to integrate and manage supply chain data within Windchill. In addition to helping companies track their supplier parts, Windchill Supplier Management improves the part selection process by making manufacturer and vendor data available early in the design phase. Installation of Windchill Supplier Management requires Windchill PDMLink.

Understanding Input Options


This section describes the installation options for installing Windchill Supplier Management. Under Optional Products , select Windchill Supplier Management .

108

Windchill Installation and Configuration Guide

Post Installation Steps Refer to the chapter Completing Configurations - Manual Steps on page 171 for any manual post-installation steps.

Windchill Aerospace and Defense


Windchill Aerospace and Defense addresses the needs of aerospace and defense customers by providing capabilities specifically targeted to the industry.

Understanding Input Options


This section describes the options you can choose to install and configure Windchill Aerospace and Defense. Under Optional Products , select Windchill Aerospace and Defense .

Post Installation Steps


Refer to the chapter Completing Configurations - Manual Steps on page 171 for any manual post-installation steps.

Windchill PLM Connector


Install the Windchill PLM Connector server component on the Windchill server to share of Creo designs and libraries with your design partners and suppliers who use Creo along with Windchill PDMLink, or Windchill PDMLink with ProjectLink, or Pro/INTRALINK. Remember the following points when installing the Windchill PLM Connector server: Windchill PLM Connector server is only installed on a Windchill server. Windchill PLM Connector server is generally installed in conjunction with either the Windchill PLM Connector client Windchill PLM Connector server can be installed in conjunction with the Windchill PLM Connector client.

Installation
Windchill PLM Connector server software is installed using the PTC Solution Installer (PSI). During the PSI installation, under Optional Products , select Windchill PLM Connector .

Installing Windchill Solutions

109

After you have completed the PSI installation, to view the Windchill PLM Connector server log files, go to <WT_HOME>/installer/logs folder to determine if the installation was successful: If the installation was successful, the Installation Complete window displays the location where Windchill PLM Connector server is installed. The log files for the installation are named: WPCSERVER_PtcInstall.log WPCSERVER_InstallLog.xml If the installation fails, error messages and the name of the log files appear. The log files can be helpful in determining the cause of the failure. The installation error log files are located in the <WT_HOME>/installer/logs folder.

Post Installation Steps


Refer to the section Completing Configurations - Manual Steps on page 172 for the manual post-installation steps.

Windchill Information Modeler


Windchill Information Modeler is one of the Windchill development components that can be used in conjunction with Java annotations to customize your Windchill environment. Information Modeler contains the Windchill modeling files and source code that you use to develop your customization.

Understanding Input Options


This section describes the options you can choose to install and configure Windchill Information Modeler. Under Optional Products , select Windchill Information Modeler . Post Installation Steps Refer to the chapter Completing Configurations - Manual Steps on page 171 for any manual post-installation steps.

Windchill Product Analytics Process Adapter


Windchill Product Analytics Process Adapter allows you to utilize the functionality of InSight in combination with your Windchill solution. For supported features, installation, administration, and user information, see the Windchill Product Analytics Process Adapter Environmental Compliance Integration User Guide . You can download this guide from the following location: http://www.ptc.com/appserver/cs/doc/refdoc.jsp

110

Windchill Installation and Configuration Guide

Understanding Input Options


This section describes the options you can choose to install and configure Windchill Product Analytics Process Adapter. Each section indicates the screen where the option can be entered and provides a description and any default values that may apply. Under Optional Products , select the Windchill Product Analytics Process Adapter check box. Set the following for Windchill Product Analytics Process Adapter: Option Base URL Default Description The property "com.ptc.windchill.insight. environment.baseUrl" is specified in <Windchill>\codebase\ insightIntegration.xconf. This is the name used by Windchill Product Analytics Process Adapter and is authenticated by to create parts and suppliers in . The name must be a valid user and have the required permissions to create parts and suppliers. The property is specified in <Windchill>\ codebase\ WEB-INF \insightIntegration.ie.xconf. This is the password used by Windchill Product Analytics Process Adapter and is authenticated in order to create parts and suppliers in InSight. The property is specified in <Windchill>\codebase\WEB-INF\ insightIntegration.ie.xconf.

User Name

Password

Windchill Business Reporting


Windchill Business Reporting is a reporting framework that uses industry leading Cognos 8 Business Intelligence to increase information visibility and access for business decision makers, and to help reduce reporting costs by providing users with the capability to quickly develop and distribute robust reports using your Windchill data.

Installing Windchill Solutions

111

Understanding Input Options


This section describes the options you can choose to install and configure Windchill Business Reporting. As described in the pre-installation considerations, there are three possible scenarios for Windchill Business Reporting on page 111 with your Windchill solution. The scenario right for your installation must be chosen before you begin your installation. The information for each scenario is provided in the sections that follow. Use the section appropriate for your installation scenario. Local Installation on page 112 Distributed InstallationTwo Machines on page 115 Distributed InstallationThree Machines on page 122 Each section details the input options specific to installing Windchill Business Reporting in the given scenario. Screens with no Windchill Business Reporting input, or fields unrelated to Windchill Business Reporting are not mentioned.

Note Windchill Business Reporting is also supported in a cluster environment. For information on installing Windchill Business Reporting in a cluster environment, see the Windchill Advanced Deployment Guide.

Local Installation
In a local installation, the Windchill Business Reporting components are installed on the same machine as your Windchill solution. The PSI is run only once. From the list of solutions to install, select the Windchill solution or solutions you are installing. On the optional products screen, select Windchill Business Reporting . On the optional product features screen, select the following options, as appropriate: Option
Install the HostComponents HostComponents

Default Selected

Install the GatewayServer GatewayServer Selected

Description When selected, installs the Windchill Business Reporting host components. When selected, installs the Windchill Business Reporting gateway server. The Configure Local
Apache for Gateway

check box must also be left selected (the default)

112

Windchill Installation and Configuration Guide

Option

Default

Description for the local Apache to be automatically configured by the PSI.

On the database configuration options screen, the checkbox to create the Database Windchill Business Reporting User is selected by default, and cannot be cleared. Enter the following installation directory information: Option
Installation Directory for Windchill Business Reporting

Default <base installation directory>\Reporting

Description The location where the selected Windchill Business Reporting components are installed.

Set the following data loader settings: Option


Load base data

Default Selected

Description Loads the base data set, including the predefined reports for Windchill Business Reporting. PTC strongly recommends leaving this option selected, to avoid the need for certain manual postinstallation configurations.

Enter the following database information. These values apply to the Database Windchill Business Reporting User created above. Options
Windchill Business Reporting Oracle Database User Name for the Database User Account

Description The user name for the Windchill Business Reporting database user account.

or
Windchill Business Reporting SQL Server Database User Name for the Database User Account Windchill Business Reporting Oracle Database Password for the Database User Account

The password for the Windchill Business Reporting database user account.

or

Installing Windchill Solutions

113

Options
Windchill Business Reporting SQL Server Database User Password for the Database User Account Confirm Windchill Business Reporting Oracle Database Password for the Database User Account

Description

Confirm the password entered in the previous field.

or
Confirm Windchill Business Reporting SQL Server Database User Password for the Database User Account

Set the following administrative settings for Windchill Business Reporting: Option
Windchill Business Reporting Administrative User ID

Default wbradmin

Description This user has administrative privileges for Windchill Business Reporting but is not a Windchill administrative user. This user is created in the repository specified in the Base Distinguished
Name for Administrative Users option on the

Windchill Business Reporting Administrative User Password Confirm Password for Administrative User

LDAP settings screen. Enter the password for the Windchill Business Reporting administrative user. Confirm the password entered previously.

Set the following optional product settings: Option


Windchill Business Reporting Gateway Machine's DNS Registered Host Name Windchill Business Reporting Gateway Machine's Web Server Port Mapped location of

Default local machine

Description Location where the gateway server will be installed. Port that the gateway server will listen on to communicate with the host components. In a local installation
Windchill Installation and Configuration Guide

80

114

Option
Windchill Business Reporting Host installation (leave empty if locally installed) DNS Registered Host Name of the Windchill Business Reporting Host

Default

Description scenario, leave this field blank. The local machine on which the Windchill Business Reporting is installed. In a local installation scenario, accept the default. Port used by Windchill Business Reporting host to communicate with the Windchill Business Reporting gateway. The installed location of Windchill Business Reporting as seen by the host component. In a local installation scenario, accept the default value.

local machine

Communication Port of the 9300 Windchill Business Reporting Host

Location of Windchill Installed location of Business Reporting Windchill Business installation as seen by the Reporting Windchill Business Reporting Host

Distributed Installation - Two Machines


In a two machine distributed installation scenario, the Windchill Business Reporting host components are installed on a separate machine from the gateway server and your Windchill solution. The PSI is run twice, in the following order: 1. Installing the Windchill Business Reporting Host Components on page 115 2. Installing the Gateway Server and Windchill Solution on page 119 Installing the Windchill Business Reporting Host Components From the list of solutions to install, select the Standalone Product or Component checkbox.

Installing Windchill Solutions

115

Select from the following standalone product or component options:

Note If you leave both the Oracle Configuration and SQL Server Configuration deselected, it is assumed that a database and associated user already exist, and that you will supply that information in the database information screen.
Option
Oracle Configuration

Default Deselected

Description Select this option if you are configuring an Oracle database as part of this installation scenario. Under this option, select the following as appropriate:
Create Database -

selected by default.

Note When creating an Oracle database using PSI, you can launch PSI as the user that installed the database software, or as root user.

Create Windchill Database User Account - selected by

default.
Create Windchill Business Reporting Database User Account - deselected

SQL Server Configuration

Deselected

by default. Select this checkbox to create a new database user. To use an existing database user, leave deselected. Select this option if you are configuring a SQL Server database as part of this installation scenario. Under this option, select

116

Windchill Installation and Configuration Guide

Option

Default

Description the following as appropriate:


Create Windchill Database and User -

selected by default.
Create Windchill Business Reporting Database and User -

Windchill Business Reporting

Deselected

deselected by default. Select this checkbox to create a new database and user. To use an existing database and user, leave deselected. Select this option to install the Windchill Business Reporting components. Under this option, select as follows:
Install the Host Components - Select

this option to install the host. Select from the following as appropriate for your installation; you must select one: Configure Oracle
Database

Configure Oracle
RAC Database

Configure SQL
Server Database

Install the Gateway Server - Deselect this

option. Enter the following installation directory information: Option


Installation Directory for Windchill Business

Default <base installation

Description The location where the

Installing Windchill Solutions

117

Option
Reporting

Default directory>\Reporting

Description host components are installed.

Enter the following database information. If you selected the Create Windchill Business Reporting Database User Account or Create Windchill Business Reporting Database and User checkbox previously on the standalone product or component options screen, then the values entered in these fields are used to create the user. Otherwise, enter the values for an existing database user. Options
Windchill Business Reporting Oracle Database User Name for the Database User Account

Description The user name for the Windchill Business Reporting database user.

or
Windchill Business Reporting SQL Server Database User Name for the Database User Account Windchill Business Reporting Oracle Database Password for the Database User Account

The password for the Windchill Business Reporting database user.

or
Windchill Business Reporting SQL Server Database User Password for the Database User Account Confirm Windchill Business Reporting Oracle Database Password for the Database User Account

or
Confirm Windchill Business Reporting SQL Server Database User Password for the Database User Account

Confirm the password entered in the previous field. This field appears only if the Create Windchill Business Reporting Database User Account or Create
Windchill Business Reporting Database and User option was selected previously

from the optional products screen.

Specify the appropriate LDAP settings for your configuration. For more information, see Entering Your LDAP Settings on page 79. Set the following optional product settings: Option
Windchill Business Reporting Gateway Machine s DNS Registered Host Name

Default local machine

Description Location where the gateway server will be installed. Be sure to note this location to use when you install the gateway server.
Windchill Installation and Configuration Guide

118

Option
Windchill Business Reporting Gateway Machine s Web Server Port

Default 80

Communication Port of the 9300 Windchill Business Reporting Host

Description Port that the gateway server will listen on to communicate with the host components. Be sure to note this location to use when you install the gateway server. Port used by Windchill Business Reporting host to communicate with the Windchill Business Reporting gateway.

Installing the Gateway Server and Windchill Solution From the list of solutions to install, select the Windchill solution or solutions you are installing. On the optional products screen, select Windchill Business Reporting . On the product optional features screen, select the following options, as appropriate: Option
Install the Host Components

Default Selected

Description Deselect this option. Leave this option selected. The Configure
Local Apache for Gateway

Install the Gateway Server Selected

check box must also be left selected (the default) for a local Apache to be automatically configured by the PSI. Enter the following installation directory information: Option
Installation Directory for Windchill Business Reporting

Default <Windchill installation directory>\Reporting

Description The location where the gateway server is installed.

Set the following data loader settings: Option


Load base data

Default Selected

Description Loads the base data set, including the pre-defined


119

Installing Windchill Solutions

Option

Default

Description reports for Windchill Business Reporting. PTC strongly recommends leaving this option selected, to avoid the need for certain manual postinstallation configurations.

Enter the following Web server and servlet engine information: Option
Web Server DNS Registered Host Name

Default local machine

Description This value must match the value for the Windchill
Business Reporting Gateway Machine s DNS Registered Host Name

HTTP Port Number

80

field when you installed the Windchill Business Reporting host components. This value must match the value entered in the
Windchill Business Reporting Gateway Machine s Web Server Port field when you

installed the host. Specify the appropriate LDAP settings for your configuration. For more information, see Entering Your LDAP Settings on page 79. Set the following administrative settings for Windchill Business Reporting: Option
Windchill Business Reporting Administrative User ID

Default wbradmin

Description This user has administrative privileges for Windchill Business Reporting but is not a Windchill administrative user. This user is created in the repository specified in the Base Distinguished
Name for Administrative Users option on the

LDAP settings screen.


Windchill Installation and Configuration Guide

120

Option
Windchill Business Reporting Administrative User Password Confirm Password for Administrative User

Default

Description Enter the password for the Windchill Business Reporting administrative user. Confirm the password entered above.

Set the following optional product settings: Option


Windchill Business Reporting Gateway Machine's DNS Registered Host Name Windchill Business Reporting Gateway Machine's Web Server Port Mapped location of Windchill Business Reporting Host installation (leave empty if locally installed)

Default local machine

Description Location where the gateway server will be installed. Port that the gateway server will listen on to communicate with the host components. The drive mapped to the host installation. You must share the host installation location on the host machine with read/ write permissions for the machine where the Windchill solution is installed. Then, on the machine where the Windchill solution is installed, map a location to that shared host installation.

80

DNS Registered Host Name of the Windchill Business Reporting Host

local machine

Communication Port of the 9300 Windchill Business Reporting Host

Caution This step must be completed before you can proceed with the installation. This value must match the machine where the host components were installed. Port used by Windchill Business Reporting host to communicate with the

Installing Windchill Solutions

121

Option

Default

Description Windchill Business Reporting gateway. This value should match the value entered when the host components were installed. The installed location of Windchill Business Reporting as seen by the host component.

Location of Windchill Installed location of Business Reporting Host Windchill Business Installation as seen by the Reporting Windchill Business Reporting Host

Distributed Installation - Three Machines


In a three machine distributed installation scenario, the host components are installed on one machine, the gateway server on a second machine, and your Windchill solution on a third machine. The PSI is run three times, in the following order: 1. Install the Windchill Business Reporting Host Components on page 122 2. Install the Gateway Server on page 126 3. Install Your Windchill Solution on page 129 Install the Windchill Business Reporting Host Components From the list of solutions to install, select the Standalone Product or Component checkbox. Select from the following standalone product or component options:

Note If you leave both the Oracle Configuration and SQL Server Configuration deselected, it is assumed that a database and associated user already exist, and that you will supply that information in the database information screen.
Option
Oracle Configuration

Default Deselected

Description Select this option if you are configuring an Oracle database as part of this installation scenario. Under this option, select the following as appropriate:

122

Windchill Installation and Configuration Guide

Option

Default

Description
Create Database -

selected by default.

Note When creating an Oracle database using PSI, you can launch PSI as the user that installed the database software, or as root user.

Create Windchill Database User Account - selected by

default.
Create Windchill Business Reporting Database User Account - deselected

SQL Server Configuration

Deselected

by default. Select this checkbox to create a new database user. To use an existing database user, leave deselected. Select this option if you are configuring a SQL Server database as part of this installation scenario. Under this option, select the following as appropriate:
Create Windchill Database and User -

selected by default.
Create Windchill Business Reporting Database and User -

deselected by default. Select this checkbox to create a new database and user. To use an existing
Installing Windchill Solutions

123

Option

Default

Windchill Business Reporting

Deselected

Description database and user, leave deselected. Select this option to install the Windchill Business Reporting components. Under this option, select as follows:
Install the Host Components - Select

this option to install the host. Select from the following as appropriate for your installation, you must select one: Configure Oracle
Database

Configure Oracle
RAC Database

Configure SQL
Server Database

Install the Gateway Server - Deselect this

option. Enter the following installation directory information: Option


Installation Directory for Windchill Business Reporting

Default <base installation directory>\Reporting

Description The location where the host components are installed.

Enter the following database information. If you selected the Create Windchill Business Reporting Database User Account or Create Windchill Business Reporting Database and User checkbox previously on the standalone product or component options screen, then the values entered in these fields are used to create the user. Otherwise, enter the values for an existing database user. Options
Windchill Business Reporting Oracle Database User Name for the Database User Account

Description The user name for the Windchill Business Reporting database user.

or

124

Windchill Installation and Configuration Guide

Options
Windchill Business Reporting SQL Server Database User Name for the Database User Account Windchill Business Reporting Oracle Database Password for the Database User Account

Description

The password for the Windchill Business Reporting database user.

or
Windchill Business Reporting SQL Server Database User Password for the Database User Account Confirm Windchill Business Reporting Oracle Database Password for the Database User Account

or
Confirm Windchill Business Reporting SQL Server Database User Password for the Database User Account

Confirm the password entered in the previous field. This field appears only if the Create Windchill Business Reporting Database User Account or Create
Windchill Business Reporting Database and User option was selected previously

from the optional products screen.

Specify the appropriate LDAP settings for your configuration. For more information, see Entering Your LDAP Settings on page 79. Set the following optional product settings: Option
Windchill Business Reporting Gateway Machine s DNS Registered Host Name

Default local machine

Windchill Business Reporting Gateway Machine s Web Server Port

80

Communication Port of the 9300 Windchill Business Reporting Host

Description Location where the gateway server will be installed. Be sure to note this location to use when you install the gateway server. Port that the gateway server will listen on to communicate with the host components. Be sure to note this location to use when you install the gateway server. Port used by Windchill Business Reporting host to communicate with the Windchill Business Reporting gateway.

Installing Windchill Solutions

125

Install the Gateway Server From the list of solutions to install, select the Standalone Product or Component checkbox. Select from the following standalone product or component options:

Note If you leave both the Oracle Configuration and SQL Server Configuration deselected, it is assumed that a database and associated user already exist, and that you will supply that information in the database information screen.
Option
Oracle Configuration

Default Deselected

Description Select this option if you are configuring an Oracle database as part of this installation scenario. Under this option, select the following as appropriate:
Create Database -

selected by default.

Note When creating an Oracle database using PSI, you can launch PSI as the user that installed the database software, or as root user.

Create Windchill Database User Account - selected by

default.
Create Windchill Business Reporting Database User Account - deselected

SQL Server Configuration

Deselected

by default. Select this checkbox to create a new database user. To use an existing database user, leave deselected. Select this option if you
Windchill Installation and Configuration Guide

126

Option

Default

Description are configuring a SQL Server database as part of this installation scenario. Under this option, select the following as appropriate:
Create Windchill Database and User -

selected by default.
Create Windchill Business Reporting Database and User -

Windchill Business Reporting

Deselected

deselected by default. Select this checkbox to create a new database and user. To use an existing database and user, leave deselected. Select this option to install the Windchill Business Reporting components. Under this option, select as follows:
Install the Host Components -

Deselect this option.


Install the Gateway Server - Select this

option to install the gateway server. The


Configure Local Apache for Gateway

check box must also be left selected (the default) for a local Apache to be automatically configured by the PSI. Enter the following installation directory information: Option
Select Directory for

Default

Description Browse to the local


127

Installing Windchill Solutions

Option
Apache Web Server

Default

Description Apache location. This field appears if the Apache Web Server check box was deselected on the standalone product or component screen. The location where the Apache Web Server will be installed. This field appears if the
Apache Web Server check

Installation Directory for Apache Web Server

<base installation directory>\Apache

box was selected on the


Standalone Product or Component screen. Installation Directory for Windchill Business Reporting

<base installation directory>\Reporting

The location where the gateway server is installed.

Enter the following Web server and servlet engine information: Option
HTTP Port Number

Default

Description This value must match the value entered in the


Windchill Business Reporting Gateway Machine s Web Server Port field when you

installed the host. Specify the appropriate LDAP settings for your configuration. For more information, see Entering Your LDAP Settings on page 79. Set the following optional product settings: Option
Mapped location of Windchill Business Reporting Host installation (leave empty if locally installed)

Default

Description The drive mapped to the host installation. You must share the host installation location on the host machine with read/ write permissions for the machine where the Windchill solution is installed. Then, on the machine where the

128

Windchill Installation and Configuration Guide

Option

Default

Description Windchill solution is installed, map a location to that shared host installation.

DNS Registered Host Name of the Windchill Business Reporting Host

local machine

Communication Port of the 9300 Windchill Business Reporting Host

Caution This step must be completed before you can proceed with the installation. This value must match the machine where the host components were installed. Port used by Windchill Business Reporting host to communicate with the Windchill Business Reporting gateway.
This value must match the value entered when the host components were installed.

Install Your Windchill Solution Install your Windchill solution, being sure to make the following Windchill Business Reporting related selections. On the optional products screen, DO NOT select Windchill Business Reporting . On the product selections summary screen, set the following product features: Option
Configure Windchill for Business Reporting

Default Deselected

Description Select this field for Windchill Services to be properly configured for Windchill Business Reporting.

Set the following Data Loader Settings : Option


Load base data

Default Selected

Description Loads the base data set, including the pre-defined reports for Windchill

Installing Windchill Solutions

129

Option

Default

Description Business Reporting. PTC strongly recommends leaving this option selected, to avoid the need for certain manual postinstallation configurations.

Specify the appropriate LDAP settings for your configuration. For more information, see Entering Your LDAP Settings on page 79. Set the following administrative settings for Windchill Business Reporting: Option
Windchill Business Reporting Administrative User ID

Default wbradmin

Description This user has administrative privileges for Windchill Business Reporting but is not a Windchill administrative user. This user is created in the repository specified in the Base Distinguished
Name for Administrative Users option on the

Windchill Business Reporting Administrative User Password Confirm Password for Administrative User

LDAP settings screen. Enter the password for the Windchill Business Reporting administrative user. Confirm the password entered above.

Set the following optional product settings: Option


Windchill Business Reporting Gateway Machine's DNS Registered Host Name Windchill Business Reporting Gateway Machine's Web Server Port Mapped location of Windchill Business

Default local machine

Description Location where the gateway server was installed. Port that the gateway server will listen on to communicate with the host components. The drive mapped to the host installation. You must share the host
Windchill Installation and Configuration Guide

80

130

Option
Reporting Host installation (leave empty if locally installed)

Default

Description installation location on the host machine with read/ write permissions for the machine where the Windchill solution is installed. Then, on the machine where the Windchill solution is installed, map a location to that shared host installation.

DNS Registered Host Name of the Windchill Business Reporting Host

local machine

Communication Port of the 9300 Windchill Business Reporting Host

Caution This step must be completed before you can proceed with the installation. This value must match the machine where the host components were installed. Port used by Windchill Business Reporting host to communicate with the Windchill Business Reporting gateway.
This value should match the value entered when the host components were installed. The installed location of Windchill Business Reporting as seen by the host component.

Location of Windchill Business Reporting Host Installation as seen by the Windchill Business Reporting Host

Post-Installation Post-Installation Steps


Refer to the chapter Completing Configurations - Manual Steps on page 171 for any manual post-installation steps.

Installing Windchill Solutions

131

Windchill Index Search


Indexing is the process of extracting text strings of attribute names, attribute values, and content from Windchill objects and sending them to a search engine that builds indices optimized for searching. This enables users to efficiently search for data stored in a Windchill database, without having to know anything about the internal object model. Windchill solutions provide the option of installing Windchill Index Search to help with indexing. The Windchill Index Search system provides the ability to search for keywords within the metadata and content of Windchill database objects. The oversight of a system administrator is required to maintain the efficiency and usefulness of the search system as it changes over time. It is important to note that content that is mastered in remote vaults is not indexed. For that reason, users cannot perform full-text searches on content that is mastered remotely; only attribute searches can be performed on this content.

Note Windchill Index Search is not available for PTC Windchill PDM Essentials.
Bulk Indexing You can use the Bulk Index Tool to load all the objects that belong in the Windchill Index Search libraries. This utility sends objects to a search engine to be indexed according to their domains indexing policy. You can perform the following tasks with this utility: Start and stop the bulk indexing process. Because loading indexes can take a significant amount of time, it may be necessary to stop the operation for some length of time. State is maintained in the IndexStatus table, which is used by this too, so the process can be stopped and restarted without having to re-index objects that have already been indexed. Schedule the process to start and stop at specified times. Check on the status of the overall bulk indexing process. Attempt the re-index objects that have failed the indexing process. Maintain a detailed log of the indexing process.

Note The Bulk Index Tool can only be used to load Windchill Index Search libraries. Note If a user searches for the latest iteration of an object that was loaded using the data loading utilities, all iterations appear in the search results. You can correct this problem by using the Bulk Index Tool to re-index the data once it has been loaded.

132

Windchill Installation and Configuration Guide

Using Windchill Index Search During an Upgrade For more information on using Windchill Index Search and bulk indexing during an upgrade see: The Windchill Upgrade Guide

Administering Windchill Index Search For information on configuring and administering Windchill Index Search and bulk indexing see: The Windchill Administration - Configuring Your Windchill Environment

Understanding Input Options


This section describes the options you can choose to install and configure Windchill Index Search. Each section indicates the screen where the option can be entered and provides a description and any default values that may apply. Under Optional Products , select the Windchill Index Search check box. Under Optional Product Settings , fill in the following location:
Enter the directory where you want Windchill Index Search (Solr) data to be stored

Enter the following Windchill Index Search settings. The settings requested are based upon the product features you previously selected. Option Enable Windchill Index Search Windchill Index Search Host Name Directory to store Index Search Data Default Selected The fully qualified name of the current machine Configured by PSI. Description Enables Windchill Search Index to load data. The Apache Web Server host name. The directory where you want Windchill Index Search data to be stored.

8085 Windchill Index Search Port Number


Installing Windchill Solutions

Tip Index Data should be stored on a local filesystem. Remote filesystems are typically quite a bit slower for indexing. If your index needs to be on the remote filesystem, consider building it first on the local filesystem and then copying it up to the remote filesystem. The port on which the Windchill Search Index starts.
133

Option Default Indexing Language

Index Search Language List

Default The language originally selected when launching the installation process. The language originally selected when launching the installation process.

Description The default language to be used when processing data.

Additional languages to be considered when processing data.

Post Installation Steps


Refer to the chapter Completing Configurations - Manual Steps on page 171 for any manual post-installation steps.

Thumbnail Generator and Viewable Compression Utilities


The Thumbnail Generator automatically creates ultralightweight thumbnails for previewing 3D models. The Viewable Compression Utilities create lightweight viewables for display on the Windchill server. You can use these smaller images when the viewable is intended for downstream publications.

Understanding Input Options


This section describes the options for installing the Thumbnail Generator and Viewable Compression Utilities. Under Optional Products , select Thumbnail Generator and Viewable Compression Utilities .

Creo View Clients


The Creo View clients include rich visualization tools for viewing, analyzing, and collaborating on 3D models, drawings, documents, and images.

Understanding Input Options


Under Optional Products , select Creo View Client. Select one or more of the following options for the installation: Option Interactive 3D Thumbnails Description Makes the thumbnail image created by the Thumbnail Generator interactive.

134

Windchill Installation and Configuration Guide

Option Visual Structure Navigation

Make client available Make Validate for ECAD available

Description You can manipulate the model. Creates a Visualization tab on the Structure tab of the objects information page. Provides a client download directly from Windchill. Provides a Creo View ECAD Compare and a Creo View ECAD Validate download directly from Windchill.

Windchill Service Information Manager


Windchill Service Information Manager is an optional component that lets you create and maintain information used for the safe and effective operation and servicing of a product For more information on installing and using Windchill Service Information Manager refer to the following documentation, available on the document reference site:

Installing and Configuring Windchill Service Information Manager and Service Parts Getting Started With Windchill Service Information Manager and Service Parts Customizing Windchill Service Information Manager and Service Parts

Understanding Input Options


This section describes the options you can choose to install and configure Windchill Service Information Manager. Under Optional Products , select Windchill Service Information Manager , and if desired Windchill Service Parts. Post Installation Steps To verify you have successfully installed Windchill Service Information Manager, you can go to the Navigator and choose the Browse tab. Choose to display the Recent Products and choose View All . In the Products pane, choose to create a new product. The Template list displays the Service Information Manager General Product . You can choose this template and proceed to create a new service product, or you can Cancel from the window. If you choose to create a new product using the Service Information Manager General Product template, it handles all of the configurations needed to create a service product.

Installing Windchill Solutions

135

Refer to the section Windchill Service Information Manager on page 262 for any additional manual post-installation steps.

136

Windchill Installation and Configuration Guide

6
Installing a Standalone Product or Component
Overview ................................................................................................................ 138 Installing Using the PTC Solution Installer.................................................................. 138 Selecting the Installation Type .................................................................................. 139 Installing a Standalone Product or Component ........................................................... 140 Specifying the User (UNIX Only) ............................................................................... 140 Providing Details for System Notifications and Information Exchange........................... 140 Specifying the Installation Directory........................................................................... 141 Entering the Web Server and Servlet Engine Settings................................................. 142 Specifying Language Settings .................................................................................. 143 Selecting the Database Size..................................................................................... 144 Entering Your Database Information .......................................................................... 145 Selecting Data Loader Settings................................................................................. 150 Entering Your LDAP Settings .................................................................................... 151 Entering Administrative Settings ............................................................................... 160 Specifying Optional Product Settings......................................................................... 162 Creating Product Icons or Links ................................................................................ 162 Selecting Staging Directory Options .......................................................................... 163 Copying CDs or CD Images to the Staging Area......................................................... 164 Reviewing the Installation Overview .......................................................................... 164 Locating Post-installation Steps for Your Products ...................................................... 165

This chapter describes how to install a product or component on a machine that is separate from other products and components.

137

Overview
This chapter describes how to use the PTC Solution Installer (PSI) to install a standalone product or component. The standalone product or component option appears when you have selected Solution Standalone Product or Component . If you are installing your PTC solutions in a distributed environment (on multiple machines), use this option to install components. You must run the PSI on each distributed machine that is to have standalone components. For more information on the installation order of distributed optional products and platform components, or high-level information on how to set up a distributed environment, see to the Getting Started with Windchill Installation and Configuration Guide .

Installing Using the PTC Solution Installer


This section describes how to install standalone products or components and is separated into sections on File Server and all other products and components.

Installing Standalone Components


To begin your installation, first read through the Getting Started with Windchill Installation and Configuration Guide to plan your installation. Next, refer to the following information to install your Windchill solutions.

Launching the PTC Solution Installer


The PTC Solution Installer (PSI) is a dynamic installer that offers different installation options based upon the products and features you select. Use the instructions in this chapter to install your PTC solutions. 1. Insert the PTC Solution Installer CD.

Note If you are installing a service pack, do not run the installer from a windchill shell as the service pack may have updates to the windchill command code. Instead, be sure to modify the system PATH variable to include the path to your installed JSDK bin directory before running the setup file. 2. From your CD drive, enter the following command:
Windows
setup.vbs

UNIX
setup

138

Windchill Installation and Configuration Guide

Choosing the Installer Language


Choose the language for this installation session and click OK .

Before You Begin


The Before You Begin panel provides links to the documentation necessary to install your Windchill solutions.

PTC Customer Agreement


The installer prompts you to accept the license agreement. Acceptance of the license agreement is required for installation. The person installing this software must have the legal authority to accept the license agreement on behalf of the customer. If the installer does not accept the license agreement, instructions will appear on-screen with respect to how to return the software for a refund. Note that a refund will only be given if the instructions are followed in a timely manner (no later than 30 days after the software is shipped by PTC). Before you are allowed to accept the agreement, you must scroll all the way through it to acknowledge you have reviewed the information.

Selecting the Installation Type


The PTC Solution Installer (PSI) allows you to install products using the following installation types: Solution Installation This option allows you to install on one or more machines. Update Existing Installation This option allows you to install a maintenance release, install a point release, add products to your already-installed solution, or add a language. For example, if you have an existing Windchill PDMLink system, you use Update Existing Installation to add Windchill ProjectLink or Windchill Business Reporting to your solution. Recover This option is available if the PTC Solution Installer detects an incomplete installation. Select this option to attempt to complete the unfinished installation. For more information on recovering an unsuccessful installation, see Recovering an Installation on page 451 The following information will be useful prior to installing or updating your solution:

Installing a Standalone Product or Component

139

See Planning a Solution Installation on page 13 for information on required permissions for those installing a Windchill solution. All databases and platform components on remote machines must be installed in the proper order as indicated in the Getting Started with Windchill Installation and Configuration Guide and this guide.

For information on how to update an existing installation, refer to the following:

Windchill Installation and Configuration Guide Update Existing Installation

Installing a Standalone Product or Component


When you reach the solution installation screen, you can choose to select either a solution or a standalone product or component that can be used in a distributed environment. A standalone product or component works as a part of the main PTC product that you are installing. Select Standalone Product or Component and click Next .

Specifying the User (UNIX Only)


When installing as a root user, you can choose which user under which to install the software components.

Note This screen will not appear if you are installing Apache, because Apache requires a root user to install.
When choosing the user, refer to the section titled Installing Using the Appropriate Permissions on page 48 to note components that require specific permissions to function properly. When you have selected the appropriate user, click Next .

Providing Details for System Notifications and Information Exchange


This section describes the information necessary to configure your system to properly send notifications and exchange information with PTC (if you chose this option). Field Email address for Information Exchange, Apache, and System Description Enter the email address of your Windchill system administrator who

140

Windchill Installation and Configuration Guide

Field Notifications

Description will read system notifications or correspond with PTC for information exchange.

Specifying the Installation Directory


Choose the base installation directory for your products. The base installation directory is the parent directory in which subdirectories are created for your optional products and platform components. By default, your base installation directory is C:\ptc\Windchill_10.0 (Windows) or /opt/ptc/Windchill_10.0 (UNIX), and the directory structure for the platform components is as follows:

You can change each individual subdirectory to meet your needs. By default, all products and components are installed under the Base Installation Directory. You can change this by editing the installation directory in any given field. To continue propagating changes throughout all installation paths, enter further changes under the Base Installation Directory field.

Note For HP-UX machines, the Installation Directory for the Apache Web Server should only be installed in the following location:
/opt/hpws22/apache

Installing a Standalone Product or Component

141

Entering the Web Server and Servlet Engine Settings


Apache Web server and Tomcat servlet engine are the Web server and servlet engine that PTC bundles with its Windchill solutions. The Web server is the front-end authentication mechanism for your Windchill Web application. The Apache Web server is bundled with Windchill and has an automatic configuration. The servlet engine extends the functionality of the Web server by managing the data transfer between the Windchill application server and the client. The Tomcat servlet engine is bundled with Windchill and has an automated configuration. For more information about the Web servers and servlet engines, see the software matrices: http://www.ptc.com/appserver/cs/doc/refdoc.jsp For this part of the installation, make sure you have the logical host name from your network administrator.

Web Server and Servlet Engine Input Fields


Use the following options for Apache Web Server and Tomcat Servlet Engine: Option Web Server DNS Registered Host Name Description The a fully qualified host name of the computer on which Apache is installed. The host name must conform to the required standard Internet format that specifies the name can be a text string up to 63 characters drawn from only the alphabet (A-Z and a-z), digits (0-9), hyphen (-), and period (.). The period is used only as a domain name separator. The first character of a host name can be either a letter or a digit. The default is: HTTP Port Number <hostname>.<domainname> A port number to listen for HTTP requests. A value is required. The default is 80 or you can specify another value. If you specify another value, you must modify Apache to use a different port.

142

Windchill Installation and Configuration Guide

Option HTTPS Port Number

Description A port number to listen for HTTPS requests. A value is required. HTTPS is not effective out-of-the-box and requires manual configuration to implement.

Servlet Engine Web Server Listener Port Number

The default is 443. A port number to listen for Web server requests. Use the same port number value that you entered when you installed Tomcat.

Servlet Engine DNS Registered Host Name

The default is 8010. The host name where Tomcat is installed. The default is: localhost

Specifying Language Settings


For information about the languages supported with this release, use the following URL: http://www.ptc.com/appserver/cs/doc/refdoc.jsp Select the following: Product: Product <Your Product> Reported Release: Release <Your Release> Document Type: Type Matrices - Language User Role: Role Any Use the following options for the language settings: Option Base Data Language Description Select a language for administrative data, such as templates and rules. The initial default language is English. Select one or more Display Language check boxes for the user interface and documentation.

Display Language

Installing a Standalone Product or Component

143

Once you have selected your languages, click Next .

Selecting the Database Size


Database size determines the disk space requirements for Oracle and SQL Server. The table information does not take into account the disk space required for the Windchill product files or the memory and CPU requirements that are needed to run additional Windchill products. Oracle Option Demo/Test Tablespace 5000 MB Description Size is sufficient to load the Windchill demonstration data and should be adequate for very small pilots. Initial size. Adjust for your needs accordingly. Initial size. Adjust for your needs accordingly.

Production Large

11,000 MB 26,000 MB

Select the size and click Next . SQL Server Option Demo/Test Tablespace 1500 MB Description Size is sufficient to load the Windchill demonstration data and should be adequate for very small pilots. Initial size. Adjust for your needs accordingly. Initial size. Adjust for your needs accordingly.

Production Large

2500 MB 5000 MB

Select the size and click Next .

144

Windchill Installation and Configuration Guide

Entering Your Database Information


When you use the PTC-bundled Pro/INTRALINK - Oracle for the Windchill solution, you are creating new user names and passwords. When you use a previously installed Oracle or SQL Server database, you reference existing user names and passwords. Oracle and SQL provide persistent data storage for Windchill. In the Define Settings section, enter your Oracle or SQL Server database information. Oracle Option Enable extended character sets check box.

Description Select the check box for every language except for English. A cleared check box is the default, which means English is the default language. Create a new installation directory if you are installing the PTC-bundled Pro/ INTRALINK - Oracle. If you have installed Oracle, set the ORACLE_HOME system environment variable to the Oracle installation directory. <ORACLE _HOME> is the default if the variable is not set. Create a new password if you are installing the PTC-bundled Pro/INTRALINK - Oracle. If you have installed Oracle, enter the existing system password. Enter the system password again. Create a new user name.

Oracle Server Installation Directory

Oracle SYSTEM Account Password

Confirm Oracle SYSTEM Account Password Oracle User Name for Windchill

Installing a Standalone Product or Component

145

Option Oracle User Password for Windchill

Description Create a new password.

Confirm Oracle User Password for Windchill Option

Note Your password cannot include special characters (! @ % ^ & * ( ) + = \ | ` ~ [ { ] } ; : ' " , < > ?). If your sites password policy requires special characters, create a temporary password now and manually change it to include special characters post-installation. For more information, see Changing the Database Password on page 175. Enter the password again to verify the password.
Description Select the check box for every language except for English. Create a new installation directory if you are installing the PTC-bundled Pro/ INTRALINK - Oracle. Set the ORACLE_HOME system environment variable to the Oracle installation directory. Defines the fully qualified machine name of the Oracle server. Create a new name for PTC-bundled Pro/INTRALINK - Oracle or use the existing name for the Oracle Configuration. Defines the port number the Oracle server listens on.

Default Enable extended characcharac- A cleared check box is the default, which means ter sets check box. English is the default language. Oracle Server Installation <ORACLE _HOME> is Directory the default if the variable is not set.

Oracle Database DNS Registered Host Name

<hostName>.<domain>

Oracle Database Listener Port Number

1521

146

Windchill Installation and Configuration Guide

Option

Default

Description Create a new port number for PTC-bundled Pro/INTRALINK - Oracle or use the existing port number for the Oracle Configuration. Defines a name to be given to the database when it is created. The number cannot exceed 8 aphanumeric characters, and must not begin with a numeric digit. Create a new name for PTC-bundled Pro/INTRALINK - Oracle or use the existing name for the Oracle Configuration. Enter the system password. Create a new password for PTC-bundled Pro/INTRALINK - Oracle or use the existing password for Oracle. Enter the password a second time to verify the password. Create this user name if you are installing the PTC-bundled Pro/INTRALINK Oracle. Use the same user name that you used when installing Oracle. Create this password if you are installing the PTC-bundled Pro/INTRALINK Oracle.

Oracle Database System Identifier (SID)

wind

Oracle SYSTEM Account Password

Confirm Oracle SYSTEM Account Password Oracle User Name for Windchill

Oracle User Password for Windchill

Installing a Standalone Product or Component

147

Option

Default

Description Use the same password that you used when installing the Oracle Configuration. Enter the password a second time to verify the password. Create this name if you are installing the PTCbundled Pro/INTRALINK Oracle. Use this name if you have installed the Oracle Configuration. Create this name if you are installing the PTCbundled Pro/INTRALINK Oracle. Use this name if you have installed the Oracle Configuration.

Confirm Oracle User Password for Windchill Default Tablespace Name USERS (Both Database settings and Data Loader settings)

Temporary Tablespace Name (Both Database settings and Data Loader settings)

TEMP

SQL Server Creating a Windchill database user account and dabase objects remotely is not supported for SQL Server using PSI. To accomplish this option for SQL server, PSI must be run on the SQL Server host and the SQL Server Configuration option must be selected to create a database and user. Then, PSI must be launched again from the Windchill Server host. Select Configure to an existing user on an existing database for SQL Server and fill in the fields with the SQL Server values used during the database creation step on the database host. For more information on creating a User on SQL Server, see Installing a Standalone Product or Component on page 137.

Note Some options do not appear when configuring to an existing user and database.
Option Installed SQL Server Instance Name (Named Instance only) Password for User sa Description The default instance represents the machine on which the SQL server is installed. Enter a password.
Windchill Installation and Configuration Guide

148

Option SQL Server User Name for Windchill SQL Server User Password for Windchill

Description The same user name that you used when installing SQL Server The same password that you used when installing SQL Server

Note Your password cannot include special characters (! @ % ^ & * ( ) + = \ | ` ~ [ { ] } ; : ' " , < > ?). If your sites password policy requires special characters, create a temporary password now and manually change it to include special characters post-installation. For more information, see Changing the Database Password on page 175. Confirm SQL Server User Password for Enter the password again to verify the Windchill password.
Option SQL Server Installation directory SQL Server Client Installation Directory SQL Server DNS Registered Host Name Installed SQL Server Instance Name (Named Instance only) Default Description The same directory you used when installing SQL Server. The same directory you used when installing SQL Server. The same name you used when installing SQL Server. The name you used when installing SQL Server. If you used the default instance during installation of SQL Server, this can be left empty. The same port number you used when installing SQL Server. The password for the master administrator for SQL Server.

TCP Port Number for SQL Server Instance Password for User sa

Installing a Standalone Product or Component

149

Option SQL Server User Name for Windchill SQL Server User Password for Windchill Confirm SQL Server User Password for Windchill

Default

Description The username that Windchill uses to access SQL Server. The password Windchill will need to access the database. Enter the password again to verify the password.

Selecting Data Loader Settings


Data loading is used to initialize and populate the Windchill database with base or demonstration data. The base data for all of the installed Windchill products must be loaded before you can use Windchill. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. In the Define Settings section, determine the appropriate selection Option
Create Database Schema

Description Selecting this option creates the database schema that defines the tables, columns and relationships between fields and tables. This option is selected by default to allow base data to be loaded.

Load base data

Load demo data

Note When selected, and if you are adding an additional product to an existing installation, and that product has its own schema you are asked to provide a database installation user name and password. Base data is required for all solutions. This option is selected by default to load the base data. Installs the demonstration data.

150

Windchill Installation and Configuration Guide

Entering Your LDAP Settings


Windchill Directory Server (WDS) is an LDAP-compliant enterprise directory that is bundled with Windchill. WDS is required for managing Windchill operation definitions. It can also optionally manage Windchill user information. When installing WDS on a separate machine from your Windchill solution, WDS requires a locally installed Java Software Development Kit (JSDK).

Caution The Windchill Directory Server must be installed on local disk. It must not be installed on NFS mounts, or other non-local disk. Attempting to install the Windchill Directory Server on nonlocal storage can cause data corruption, file locking issues and startup failures. In addition, antivirus software must be turned off or be configured to avoid scanning in the Windchill Directory Server installation directory.
The LDAP settings create a default LDAP directory structure similar to the following:

Installing a Standalone Product or Component

151

Note Depending on the product you are installing, the default LDAP directory structure is different.
In the Define Settings section, enter your LDAP settings: Option LDAP Server DNS Registered Host Name LDAP Server Administrator Distinguished Name Description <hostname>.<domain> is the default. The distinguished name for the Windchill Directory Server administrator. The setup program creates the directory using the distinguished name that you specify.

cn=Manager is the default LDAP Server Administrator Windchill Directory Server administrator s Password password Confirm LDAP Server Adminis- Specify the same password that you specified trator Password for the Administrator s password. The following default values are set for you during the Express installation. You cannot change these values during an Express installation. Option LDAP Server Port Number Base Distinguished Name for Product Properties Base Distinguished Name for Administrative Users Default 389 Description Defines the port number that the Windchill Directory Server listens on for requests. Defines the distinguished name of the top subtree LDAP entry under which Windchill configuration LDAP entries reside. Specifies a base node in the Administrative Directory hierarchy that contains all users in the directory that should be visible to Windchill. Specifies a base node in the Enterprise Directory hierarchy that contains all users in the directory that should be visible to Windchill.

cn=configuration, cn=Windchill_10.0, o=<myCompany> ou=people, cn=AdministrativeLdap, cn=Windchill_10.0, o=<mycompany>

Base Distinguished ou=people, Name for Enterprise cn=EnterpriseLdap, Users cn=Windchill_10.0, o=<mycompany>

Note This option does not apply when a solution is installed standalone.
Windchill Installation and Configuration Guide

152

Option

Default

Description

Enterprise User en- No tries are in the Enterprise LDAP Windchill Directory o=Company Name Server Directory Suffix Windchill Directory 4444 Server Administrator Port Windchill Directory 1689 Server JMX Access Port Number

Note Refer to the section Preparing Enterprise LDAP for Installation Data Load on page 51 before setting this option. Specifies whether user definitions are stored in the enterprise LDAP.
Defines the LDAP base distinguished name under which the entire set of Windchill created entries will be stored. The port number that is used by the Windchill Directory Server control-panel to administer Windchill Directory Server.. The port number used by JMC clients to retrieve Windchill Directory Server usage data. The standard JMX clients, JConsole or VisualVM, can be used to connect to Windchill Directory Server on this port.

Define the settings for the Windchill Directory Server LDAP directory:

Note The following is a complete list of possible options; some may not appear depending on whether you are installing WDS on the same server with Windchill or standalone. Option Default Entry LDAP Server DNS <hostname>. <hostname>.<domain> is the Registered Host default. <domain> Name LDAP Server Port 389 Define the port number that the Number Windchill Directory Server Directory server listens on for requests. The distinguished name for the LDAP Server Ad- cn=Manager Windchill Directory Server adminministrator Distinistrator. The setup program creates guished Name the directory using the
Installing a Standalone Product or Component

153

Option

Default

LDAP Server Administrative Password Confirm LDAP Server Administrative Password

Entry distinguished name that you specify. Windchill Directory Server administrator s password Specify the same password that you specified for the Administrator s password.

LDAP Server Base DN

o=PTC

LDAP Server Administrator Port

4444

LDAP Server JMX 1689 Access Port Number

Base Distinguished cn=configuration, Name for Product cn=Windchill_10.0, Properties o=PTC

Note This field only appears when installing a new Windchill Directory Server LDAP Server. Defines the LDAP base distinguished name under which the entire set of Windchill created entries will be stored. The port number that is used by the Windchill Directory Server controlpanel to administer Windchill Directory Server.. The port number used by JMX clients to retrieve Windchill Directory Server usage data. The standard JMX clients, JConsole or VisualVM, can be used to connect to Windchill Directory Server on this port. Define the distinguished name of the top subtree LDAP entry under which Windchill configuration LDAP entries reside.
You can enter any unique base unless you entered a context name as part of the distinguished name entered here. By default, a no context name was required when you installed Windchill Directory Server. Define the distinguished name of the LDAP subtree under which Administrative LDAP entries reside.

Base Distinguished ou=people, Name for Adminis- cn=AdministrativeLtrative Users dap,

154

Windchill Installation and Configuration Guide

Option

Default cn=Windchill_10.0, o=ptc

Entry Users and groups under this subtree will be visible to Windchill. You can edit this field to change the suggested name.

Base Distinguished ou=people, Name for Enterprise cn=EnterpriseLdap, Users cn=Windchill_10.0, o=ptc

Note This option does not apply when Windchill Directory Server is installed as a standalone component. Define the distinguished name of an LDAP subtree under which Enterprise LDAP entries reside. Users and groups under this subtree will be visible to Windchill.

Enable Separate Enterprise LDAP Server

Note Refer to the section Preparing Enterprise LDAP for Installation Data Load on page 51 before setting this option and Preparing an Enterprise LDAP Including Active Directory on page 51. This option is not se- Specifies whether the enterprise subtree is in a separate LDAP Servlected by default. When you do not se- er (for example, a site corporate lect the check box, the LDAP server). default settings for the If you select the check box, the next JNDI Adapter Settings screen displays settings for the sepappear. arate LDAP server. Specify the settings for the LDAP server you wish to use.
See these settings later in this section.

Note Refer to the section Preparing an Enterprise LDAP Including Active Directory on page 51 before setting this option.
The following list contains enterprise LDAP options:

Installing a Standalone Product or Component

155

Option Enterprise Repository LDAP Server Host Name

Default <hostname> <domainname>

Enterprise Repository LDAP Server Port LDAP Connection

389

Bind as User

Description Host name to connect to the Enterprise LDAP Server. An Enterprise LDAP can exist on a local or remote machine. You can use either a V3 Compliant LDAP or an existing Microsoft Active Directory Service (ADS) for this. The port number that Windchill will use to communicate with the enterprise LDAP server. Specifies the bind method used to connect to the Enterprise Repository. Two options are available: Bind as Anonymous, which does not require a user name to read the contents of the repository.

Enterprise Repository LDAP User Distinguished Name

cn=Manager

Enterprise Repository LDAP Password Windchill Privileges Read,Write for Repository

Bind as User, which binds to the directory as the user specified. This user must exist in the Enterprise Repository LDAP. Specify the distinguished name of an existing LDAP user. If the Enterprise LDAP Server is ADS, specify an existing ADS user in user@domain format. Enter the password of the specified user.

Sets a flag indicating this is a read/ write adapter. If it is ADS, you can bind in only Read only mode. For other V3 compliant LDAP, you can choose: Read, Write. The user specified earlier must have the corresponding privilege. Select either the User or Group

Repository contains Users

156

Windchill Installation and Configuration Guide

Option

Default

Description check box. Depending on the option selected, Windchill should consider the users/groups defined in this Enterprise LDAP when determining Windchill access. If the respository is Read Only, Windchill does not attempt to manage users and groups in the repository.

LDAP Service Option LDAP Service Default Description Active Directory Serv- Select this option if the enterprise ice (ADS) node is ADS. Otherwise, select Other V3Compliant LDAP. As soon as you select ADS, the following options later in this section are highlighted. See Default User Mappings for ADS Attributes on page 159. Change only the text "EnterpriseLDAP in this field. To filter users. Only those users who are selected here are searchable through Windchill Examples: If the Enterprise Node (LDAP) is Windchill Directory Server: uid= *(searches for all users) or uid= ne* (searches for all users with the name starting with ne). If the Enterprise Node is ADS:

Enterprise Adapter Name User Filter

<reverse hostname>. EnterpriseLDAP

Installing a Standalone Product or Component

157

LDAP Service (continued) Option Default Description cn=* (searches for all users) or cn=ne*(searches for all users with the name starting with ne)

Note You can modify this criteria after installation by going to Site Utilities Info*Engine Administrator

Group Filter

and selecting the respective Enterprise Adapter. To filter groups.


Only those groups who are selected here are searchable through Windchill. Examples: If the Enterprise Node (LDAP) is Windchill Directory Server: cn=*(Searches for all Groups) or cn=gr* (Searches for all Groups with the name starting with gr). If the Enterprise Node is ADS: cn=*(Searches for all Groups) or cn=gr*(Searches for all Groups with the name starting with gr), and so on.

Note You can modify this criteria after installation by going into Site Utilities Info*Engine and selecting the respective Enterprise Adapter.

158

Windchill Installation and Configuration Guide

LDAP Server Attribute Mapping to Windchill Attributes Attribute mapping is configured in the LDAP Adapters. The values supplied here are stored in the LDAP Adapter definition. An option is provided to allow the automatic addition of a default set for ADS. ADS can not be used without specifying a default set. The defaults can be adjusted to suit a sites needs. For other LDAP V3 compliant LDAP directories no mappings are required. If a site requires, mappings can be defined in any configured LDAP Adapter by consulting Configuring Additional Enterprise Directories on page 347. Default User Mappings for ADS Attributes The "Option" column specifies the attribute name expected by Windchill and the "Default" column specifies the ADS attribute name. Option User Certificate Unique Identifier Attribute Telephone Number Postal Address Preferred Language Common Name Surname Mobile Phone Number E-Mail Address Object Class Organization Name Fax Number Unique Identifier Default userCertificate sAMAccountName telephoneNumber postalAddress preferredLanguage cn sn mobile mail user company facsimileTelephoneNumber sAMAccountName

Descriptions for these fields can be found in Configuring Additional Enterprise Directories on page 347.

Note By default, both the unique identifier attribute and the unique identifier can have the same value; however, the unique identifier attribute must always point to an attribute that holds a unique value. If you do not have multiple subdomains in your ADS configuration, and you know that the sAMAccountName is unique within a single domain, then you can use the default value for your unique identifier attribute. If the values for your sAMAccountName are not unique, then you should use the userPrincipalName for your unique identifier attribute.
Default Group Mappings for ADS Attributes The "Option" column specifies the attribute name expected by Windchill and the "Default" column specifies the ADS attribute name.
Installing a Standalone Product or Component

159

Default Group Mappings for ADS Attributes (continued) Option Unique Identifier Attribute Description Object Class Unique Member Default sAMAccountName description group member

Descriptions for these fields can be found in Configuring Additional Enterprise Directories on page 347.

Starting the Windchill Directory Server


On both Windows and UNIX systems you will need to start the Windchill Directory Server every time you reboot the machine. For more information see Starting the Windchill Directory Server.

Entering Administrative Settings


The administrative settings are used to configure your Windchill solution. Windchill Site Administrator Option Create New Description Creates a new Windchill site administrator using the values in the following fields. Uses an existing Windchill site administrator account. Specify the values for the existing account in the following fields. Description A user name for the administrator of the Windchill server. An example might be wcadmin.

Use Existing Account

Field Windchill Site Administrator User Name

160

Windchill Installation and Configuration Guide

Field

Description

Note Because of restrictions in both Apache and the Sun ONE servers, the user names that are used for logging on cannot contain extended ASCII characters nor multi-byte characters. Note If the Use Existing User (used as a Site Administrator) option is enabled, the installation does not work. See also Installation Logs and Troubleshooting on page 426. Windchill Site Administrator Password The password for the Windchill server administrator user. Confirm Windchill Site Administrator Verify the password you entered for the Password Windchill server administrator user. This option is only necessary when creating a new account. Repository Where the Site Administra- Specifies which LDAP repository contor Is Stored tains the site administrator.
You have two options: Administrative and Enterprise Field Web Application Context Root Description Defines the Web application context root name used to access the Windchill applications through the Web browser. This value is used to format the URL, for example, http://<DNS name>/<Web application context root>.

The default is Windchill. Info*Engine Server Task Processor Port Defines the port number the task proNumber cessor listens on. The default is 10002. Select a different number if this port number is already in use. Initial Organization Name A name that describes the organization for which this installation is being performed. An example might be World Wide Tractors. The initial organization

Installing a Standalone Product or Component

161

Field

Organization Internet Domain Name

Description specified here becomes the internal organization for auditing. An Internet domain name for the initial organization. The Internet domain name must conform to the required standard Internet format that specifies the name can be a text string up to 63 characters drawn from only the alphabet (A-Z and a-z), digits (0-9), hyphen (-), and period (.). The period is only used as a domain name separator. The first character of an Internet domain name can be either a letter or a digit. In particular, the value you specify cannot contain the underscore character ( _ ). A valid example of an Internet domain name is: world-wide-tractors1.com

Specifying Optional Product Settings


The descriptions for each optional products input fields can be found in the section entitled Optional Product Settings on page 93 under the product name.

Creating Product Icons or Links


You can create product icons or links to easily launch your product. The following describes your options on Windows and UNIX: Windows Option In a new program group In an existing program group Description Creates the icons in a new program group in the Start menu Creates the icons under a program group that already exists in the Start menu Creates the icons at the top level of the Start menu Creates the icons on your Windows desktop

In the Start menu On the Desktop

162

Windchill Installation and Configuration Guide

Windows (continued) Option In the Quick Launch Bar Other Do not create icons Description Creates the icons in your Windows Quick Launch Bar Specify the location where you want to create icons No icons are created during installation

Note If you select In a New Program Group or In the Start Menu , you can create the icons for all users by selecting Create Icons for All Users .
UNIX Option In your home folder Other Do not create links Description Creates the links in your home folder Specify the location where you want to create links No links are created during installation

When you are finished choosing, click Next .

Selecting Staging Directory Options


Select your staging directory location. You may specify up to three staging directories.

Note The term "product CD" can refer to either the physical CD media or the equivalent files downloaded from PTC.com.
PTC requires the use of a staging directory. A staging directory is a directory where you load all of your product CDs before beginning the installation. This allows the PTC Solution Installer to access each CD image without stopping to prompt you during installation. Using a staging area provides a faster installation experience and removes the need to insert CDs during installation. After you enter the location of a staging directory, the next panel allows you to browse for, and load, each installation CD if they are not already in the staging directory. When you are done, click Next .

Installing a Standalone Product or Component

163

Copying CDs or CD Images to the Staging Area


If the PSI does not find all of your CDs in the staging directory you specified, this screen allows you to copy your product CDs to the staging directory. The CDs listed are based on your choices for installing products, optional products and their components. If you have downloaded or copied your CDs to the staging directory, the PTC Solution Installer reports Staging Area as the CD location. To copy your CD to the staging directory, perform the following steps: 1. 2. 3. 4. Place the product CD you want to copy to the staging directory in the drive. Click Copy Disc . Click Browse and navigate to the CD drive where you placed the product CD. Click OK .

Repeat these steps for each product CD. If you are using UNIX, after staging all the CDs and DVDs, issue the command "chmod -R 755 <full_path_to_ORACLE_staged_DVDs>." For example:
chmod -R 755 /opt/ptc/installers/ORA_LINUX_DVD chmod -R 755 /opt/ptc/installers/ORA_LINUX_PATCHSET_DVD

When you are done, click Next .

Reviewing the Installation Overview


The Installation Overview lists the details of the installation. This summary lists the values you entered into the installer and values that have been set by default for you. Review these details to verify their accuracy. The Installation Overview panel also gives an indication of the estimated disk space requirements to complete the installation based upon the options you have chosen. After you click Install on the Installation Overview panel, the installer checks your system for the required disk space. If there is not enough space, the installer presents a dialog box that informs you of this and waits for the space to be available. You may also choose to go back and select a different installation directory. The disk space check can be disabled completely by setting the installer variable CHECK_DISK_SPACE to a value OFF (note all CAPS) prior to launching the installer. From a command prompt, enter the following command:
<PTCSolutionInstallerDirectory>/setup -DCHECK_DISK_SPACE=OFF

164

Windchill Installation and Configuration Guide

Click Save to copy an HTML version of this summary to your local machine. A file called <summaryName>.htm.properties is saved in addition to the summary that contains every property value set during that installation.

Note The installation summary includes un-encrypted password information. After the installation is complete, make sure that the following files are only accessible by those with the appropriate permissions: <Windchill>\installer\*.properties Summary.html

After you have reviewed the summary, click Install .

Locating Post-installation Post-installation Steps for Your Products


The PTC Solution Installer installs and configures many, but not all, PTC products end-to-end. Each product has its own section in the Completing Configurations Manual Steps chapter that describes any necessary post-installation manual steps. Refer to the section for each of your installed optional products to complete your installation.

Installing a Standalone Product or Component

165

7
Installing a File Server Remote Site
File Server Management Utility Overview................................................................... 168 Installing a File Server Remote Site Using PSI ........................................................... 168

167

File Server Management Utility Overview


The File Server Management utility enables you to install, configure, and maintain remote sites, including their vaults and folders.

Note A File Server is a remote or replica server for Windchill.


File Server Management provides the following functions: Access to Windchill through a user interface for installing a File Server The ability to install, register, and maintain a File Server Automatic creation of a site, vaults, root folders, and a folder under that root folder where the content resides Automatic creation of folders under a root folder if a folder becomes full The ability to set a File Server to read-only for downloads The ability to automatically detect an upgrade of the master site and trigger the upgrade of a File Server

Installing a File Server Remote Site Using PSI


Before you begin the File Server remote site installation, ensure that you have: Completed the steps in the Replication section of the Planning a Solution Installation on page 13 chapter Read the Getting Started with Windchill Installation and Configuration Guide to plan your installation

You use the PTC Solution Installer (PSI) to install a File Server remote site. PSI is a dynamic installer that offers different installation options based on the products and features you select. To install a File Server remote site: 1. In the folder where you extracted the downloaded ZIP files, locate and open the PTC 10.0 Solution Installer folder. 2. Double-click the setup.vbs file. 3. Complete the installation as described in the Installing Windchill Solutions on page 55 chapter, but with the following File Server-specific options: Installation typeSelect Solution . Solution to installSelect File Server . Platform components For most File Server installations, use the default value of Install and Configure .

168

Windchill Installation and Configuration Guide

Note If you are configuring an existing LDAP then a unique Base DN is to be used. For example:
cn=<FileServerName>,cn=Windchill_10.0,o=ptc

4. Complete the installation by performing the steps in the Completing Configurations - Manual Steps on page 171 chapter.

Installing a File Server Remote Site

169

8
Completing Configurations - ManManual Steps
Completing the Configuration Overview..................................................................... 172 All Solutions ............................................................................................................ 172 Defect Tracking Systems [Integrity (DTS), Bugzilla and Atlassian JIRA] Server Configuration ....................................................................................................... 202 Software Configuration Management Systems [Integrity Source (SCM), Subversion and IBM Rational ClearCase] Server Configuration ................................................. 202 Windchill PDMLink................................................................................................... 207 Windchill ProjectLink................................................................................................ 208 Windchill CAPA ....................................................................................................... 209 Windchill Nonconformance....................................................................................... 211 Windchill Customer Experience Management ............................................................ 212 Optional Products .................................................................................................... 214

This section contains the manual instructions that complete the configurations for Windchill.

171

Completing the Configuration Overview


This chapter wraps up the steps to complete the configurations for Windchill that could not be addressed until now. Complete the following instructions that are applicable to your configuration. Refer to the section for each product you installed for any post-installation steps necessary for that product.

All Solutions
This section describes any manual post-configuration steps that apply to all solutions.

Run the Windchill Configuration Assistant


The Windchill Configuration Assistant (WCA) completes a preliminary run during the installation, but it must be run again post-installation, when the PTC Solution Installer and other third-party products are not running, to optimally configure the server.

Note If the WCA fails during the installation process, the installation may still complete successfully. However, you must manually re-run the WCA.
For more information on WCA, what it does and how to run the WCA, see Windchill Administration - Configuring Your Windchill Environment .

Configuring System Administration Settings


There are some administrative steps you must complete before Windchill is fully functional. Complete the following: Set the sender address for e-mail messages Set any necessary authentication for your SMTP server (optional)

Setting Sender E-mail E-mail Address


For e-mail messages to be sent, some mail servers require that a valid e-mail address be specified in the From header of the e-mail message. Windchill uses the value specified in the wt.mail.from property in the wt.properties file as the default sender of e-mail messages. Similarly, the wt.notify.notificationSenderEmail property is used to specify the e-mail address used as the sender of all event-based notifications. By default, the wt.mail.from property is set to Postmaster@< hostname>, where <hostname> is the value specified in the java.rmi.server.hostname property. The wt.notify.notificationSenderEmail property defaults to the value of the wt.admin. defaultAdministratorName property.
Windchill Installation and Configuration Guide

172

PTC suggests that the wt.mail.from and wt.notify.notificationSenderEmail properties both be set to the e-mail address of the Windchill administrator or some other authorized user. Many e-mail servers require the use of a fully qualified e-mail address that has verifiable domain components. Specifically, all originator and recipient addresses must be in the form of: <name>@<my.company.com> Where <my.company.com> is a valid e-mail domain that can be verified using the DNS. Use the xconfmanager to change the wt.mail.from and wt.notify. notificationSenderEmail properties to a value of your choice. From a windchill shell, execute the following command:
xconfmanager -s wt.mail.from=<authorized_user> -s wt.notify.notificationSenderEmail=<authorized_user> -t <Windchill>/codebase/wt.properties -p

Where <Windchill> is the location where Windchill is installed, and <authorized_user> is the valid e-mail address of an authorized Windchill user.

Setting Authentication for an SMTP Server


By default, Windchill sends all electronic mails anonymously to the SMTP host defined in the wt.mail.mailhost property. If the port used by the SMTP Server is not the default port (25), you must append it (after a colon character) at the end of the value of the property. For example, with port 10025 being used: wt.mail.mailhost=192.168.0.15:10025 If some restrictions exist on server access (such as 'relaying prohibited' or 'anonymous connection denied'), the messages sent by Windchill are rejected by the mail server. To configure Windchill to authenticate to the SMTP server, the following properties should be manually added in a file outside of the Windchill codebase (For example, <Windchill>/mail.properties). wt.mail.smtp.username=<mail-user> wt.mail.smtp.password=<mail-user-password> Additionally, wt.mail.properties must be set in wt.properties to the mail.properties file as follows: xconfmanager -s "wt.mail.properties=$(wt.home)$(dir.sep)mail.properties" -t "codebase/wt.properties"

Completing Configurations - Manual Steps

173

Configuring a Password File for Authentication in Apache and IBM HTTPServer (Optional)
Although LDAP is a preferred means of password management as compared to using a password file, there are cases where the use of a supplementary password file is appropriate. One example where a password file is useful is when a read-only LDAP directory (for example, a corporate directory) is used as the primary basis of authentication and some pseudo-users such as system administration are desired. Info*Engine can easily access information from multiple LDAP directories, but typical Web servers, including IBM HTTP Server, do not provide a means to authenticate a single resource (URL) using information in multiple LDAP directories. A solution to this issue is to define passwords for the few pseudo-users in a password file and point Apache at the corporate LDAP for the remaining corporate users. Apache 2.2 can access information from multiple LDAP directories, but it is still possible to configure it to use a password file, if necessary. Perform the following: 1. Execute the following : Apache 2.2
ant -f webAppConfig.xml addAuthProvider -DappName=< Web application name> -DproviderName=<provider name for password file>

For example,
ant -f webAppConfig.xml addAuthProvider -DappName=Windchill

2. Execute one of the following from <Apache_Home>/bin: If you are creating a password for the first time:
./htpasswd -c <Apache_Home>/conf/app-<webapp_name>-Passwd <username> <password>

If you are creating a password for the second or subsequent time:


./htpasswd -b <Apache_Home>/conf/app-<webapp_name>-Passwd <username> <password>

For example,
./htpasswd -c /opt/hpws/apache/conf/app-Windchill-Passwd my_username my_password

3. By default the web server user may not have permissions to access <Apache_Home>/conf, the default directory for which the password file is configured. In order to allow the password file to be readable by the Apache process, the conf directory and the app-<webapp_name>-Passwd file must both be accessible to the web server user.

174

Windchill Installation and Configuration Guide

Make both the conf directory and the app-<webapp_name>-Passwd file accessible to the Apache user by doing one of the following: Change the permissions on the <Apache_Home>/conf directory and the app-<webapp_name>-Passwd file so the user ID the web server runs as has both read and execute permission. Change the group that Apache runs as to something Apache-specific, change the group ownership on <Apache_Home>/conf and the app<webapp_name>-Passwd file to that group, and ensure that the group has access to <Apache_Home>/conf and the app-<webapp_name>-Passwd file.

Changing the Database Password


If your sites password policy requires the use of special characters in the database password, use the following procedure to change the password you created during installation: Oracle 1. Use sql*plus to log in to the database as a dba user. 2. Change the user password: Alter user WINDCHILL identified by pa$$w0rd; 3. Open a Windchill shell. 4. Execute the following command: xconfmanager t db/db.properties s wt.pom. dbPassword=pa$$w0rd -p SQL Server 1. Log in using either the sqlcmd or SQL Server Management Studio. Log in as the sa user. 2. Change the user password:
USE [master] GO ALTER LOGIN [windchill] WITH PASSWORD=N'pa$$w0rd' GO

3. Open a Windchill shell. 4. Execute the following command: xconfmanager t db/db.properties s wt.pom. dbPassword=pa$$w0rd -p

Completing Configurations - Manual Steps

175

Creating an Internal Product Name (Optional)


If your site needs to have an internal product to identify its deployment, perform the following steps: 1. From <Windchill>/installer/instreg, copy one of the existing IA files to a new IA file. Rename the new file to the name you want your product to be called. For example, copy whc.ia, create a new file from it, and rename the file MyCompanySolution.ia. 2. Edit the newly copied MyCompanySolution.ia file and make the following changes: a. Change the displayName attribute to be what you want your "new" product to be called. I called mine "My Company Solution". b. Delete the rest of the content of this file, leaving only the XML declaration at the top, and the InstalledAssembly element. 3. From a windchill shell, run the following command: windchill com.ptc.windchill.instassm. UpdateInstallationRegistry If you run a windchill version command from a windchill shell, the output will include My Company Solution.

Encrypting Windchill Passwords


When you install a Windchill solution, the PTC Solution Installer (PSI) encrypts your passwords within the properties files that it creates. The following table indicates the passwords that are encrypted, the properties file that each field impacts, and the property within the file to which the password maps: PSI Field [Oracle|SQL Server] User Password for Windchill LDAP Server Administrative Password Files Impacted db.properties Property Updated wt.pom.dbPassword ie.ldap.managerPW

<Windchill>/codebase/ WEB-INF/ ieStructProperties.txt <Windchill>/codebase/ WEB-INF/ie.properties <wbr_home>/ configuration/ cogstartup.xml

Windchill Business Reporting [Oracle|SQL Server] Database Password for the Database User Account Windchill Business db.properties

Not applicable - this is updated through the Cognos configuration. wt.cognos.admin.

176

Windchill Installation and Configuration Guide

PSI Field Files Impacted Reporting Administrative User Password

Property Updated password

For more information about encrypting passwords, see System Password Encryption Options" in the Windchill Administration - Configuring Your Windchill Environment.

Changing the Secret Text for Windchill Network Communications


PTC automatically generates a unique value for the secret.text2 and secret.text properties in the ie.properties file to establish a more secure authentication process between your servlet and the Windchill adapter. Both properties are used to sign and validate requests between Info*Engine components to verify their authenticity. The values that are set through the installation should be sufficiently unique that there should be no real need to reset these property values. If you choose to reset the secret.text2 and secret.text values, use the steps described in Windchill Administration - Configuring Your Windchill Environment.

Registering a non-Windchill non-Windchill User


This procedure describes how to register a non-Windchill user. The registration can be done through an email notification when a non-Windchill user is added to project team. Perform the following: 1. 2. 3. 4. Login as project creator. Create a project. Go to the Project Team page and select Add participant to team . Under Email Invitation , add the non-Windchill user email ID (for example, abc@gmail.com).

The user for abc@gmail.com must open the email that is sent and click the Register action in the email. To configure Windchill ProjectLink self registration, change the following properties in the <Windchill>/conf/register/reg.properties file # the ldap used: provider_url=ldap://pl-pla1.ptc.com:389
ldap://<LDAPserverName>.<MyCompany>.com:<port>

# the Directory Manager


principal=cn=Manager

Completing Configurations - Manual Steps

177

# password for Directory Manager


credentials=wcadmin

# user_registration_subtree= to point to ou=people node in the LDAP


user_registration_subtree=ou=people,ou=pdmpjl,l= <location> ,o= <MyCompany>

Configuring HTTPS for Apache and Windchill


To complete these instructions, Windchill Services must be installed because it delivers the site.xconf file which is needed to complete a HTTPS configuration. Out-of-the-box Windchill is configured for HTTP; however, Windchill is prepared to support HTTPS with the idea that minimal steps are required for you to implement HTTPS. The instructions provided in this section only support HTTPS with Apache (the default Web server packaged with Windchill). Instructions for HTTPS for other Web servers must be obtained from the product vendor. Configurations for HTTPS require the use of a commercial certificate of authority. Third-party vendors distribute certificates of authority. There are several configuration methods that can be implemented using certificates of authority. The instructions provided here should require a minimum of effort to implement HTTPS for your installation. 1. Obtain a certificate of authority. The first step is to obtain a certificate of authority. Third-party vendors provide certificates. Windchill requires that the certificate be trusted by Java. If you elect to use a certificate that is not trusted by Java, then you must configure Java to trust this certificate. Certificates provided by Verisign and Thawte, for example, are Java trusted certificates of authority. If the Web server certificate of authority is not trusted by Java, then the certificate of authority must be added to the jssescacerts keystore. Before executing the following command, the default JDK cacerts file must be copied to the filename jssecacerts. The cacerts file is located in <JRE>/lib/security directory.
keytool -import -alias <some alias name> -file <path to certificateAuthority.cert> -storetype jks -keystore /<JRE>/lib/security/jssecacerts

This must be configured for the JRE that is used by the servlet engine, the Windchill server, and any other Java application that would access the Web server. To list the default certificate of authority trusted by your JRE, execute:
keytool -list -v -keystore /<JRE>/lib/security/cacerts

Additional information about Java security can be found at:

178

Windchill Installation and Configuration Guide

http://java.sun.com/products/jsse 2. Configure Apache to recognize the certificate of authority. The certificate file and the private key are added to Apache. By default, two files have been provided as a reference specifically for the purpose of security access configurations. Apache 2.2 a. Install the certificate file (server.crt) into the < Apache>/conf/extra/ssl.crt directory. This action will overlay the initial server.crt file that has been provided for this purpose. Review the information in the README.CRT file. b. Install the private key (server.key) into the <Apache>/conf/extra/ssl.key directory. This action will overlay the initial server.key file that has been provided for this purpose. Review the information in the README.KEY file. 3. Configure Windchill for HTTPS by changing the URL to HTTPS. Using the xconfmanager change the following two properties to the appropriate values: a. wt.webserver.port=<port used for HTTPS>. The protocol default port is 443. b. wt.webserver.protocol=https 4. Restart Apache. The HTTPS Apache start commands are: Apache 2.2 Windows <apache home>\bin\httpd -DSSL UNIX <apache home>/bin/apachectl -DSSL If you created a shortcut or link when installing your Windchill solution, then modify that script to use the HTTPS start command for Apache. 5. Restart Tomcat. 6. Restart Windchill. Other Windchill products such as the workgroup managers may also support HTTPS and would require additional configurations to convert to HTTPS. See the workgroup manager documentation for those instructions. Additional information about HTTPS can be found at: www.modssl.org

Completing Configurations - Manual Steps

179

(The following two URLs are valid when Apache is installed and running on the local machine.) Apache installed on Windows and HP-UX: http://localhost/manual/ssl/ Apache installed on Solaris and AIX: http://localhost/manual/mod/ mod_ssl Solaris 64-bit 64-bit with SSL There is a bug with Apache's SSL usage. The OS incorrectly translates the default broadcast channel (255.255.255.255) into binary form so Apache doesn't find a correct matching virtual host in the <apache_home>/conf/extra/httpd-ssl.conf file. When trying to access Windchill over HTTPS, a not found error will be returned. There are two available work arounds for this: 1. Edit <apache_home>/conf/extra/httpd-ssl.conf and change the <VirtualHost_default_:port> to be whatever your IP address is on that machine. For example, change it to: <VirtualHost 132.253.10.34:443>. This will cause Apache to listen for the SSL requests on that particular IP. If you wish to listen on more than one interface, you would need to copy the whole <VirtualHost> tag section and change the IP to a second IP you wish to listen on. or 2. Edit appropriate network files. Edit /etc/nsswitch.conf and add dns to the hosts section. For example, the hosts line might look like this: "hosts: dns nis files". Once that is done, you need to disable the name-service-cache daemon. With root access type, "svcadm disable system/name-service-cache:default", this will disable the service. Apache will now work with the _default v-host. To reenable the daemon when you have finished testing you can type, "svcadm enable system/name-service-cache:default"

Running Apache as a Windows Service


Apply changes to both sections. Running Apache as a Windows service can be implemented with HTTPS. Instructions to configure Apache as a Windows service have been provided using the Apache Ant command and without the Ant command.

Note When Apache and Tomcat are configured as a service, the Windchill application directories should not be either a mapped drive or referenced using a UNC path (for example, \\server\\share).
Without Ant Execute this command from the Apache/bin directory:
httpd -k install -n <ServiceName> -DSSL

Where <ServiceName> is a unique name to reference this service.

180

Windchill Installation and Configuration Guide

If you have Apache Ant installed, you can implement using the Ant command. With Ant Execute the Ant command from the Apache root directory:
ant -f config.xml installService -DserviceName=< serviceName> -DwithSSL=true

Where <serviceName is a unique name to reference this service.

Uninstalling the Apache Windows Service


Instructions to uninstall the Apache Windows service have been provided using the Apache Ant command and without the Ant command. Uninstall without Ant Execute this command from the <Apache>/bin directory.
apache -k uninstall -n <ServiceName>

Where <ServiceName> is the name you gave the Apache Windows service when you created it. Uninstall with Ant Execute this command from the <Apache> directory.
ant -f config.xml uninstallService -DserviceName < serviceName>

Where <serviceName> is the name you gave the Apache Windows service when you created it.

Configuring HTTPS for Other Web Servers


If you are using a Web server and servlet engine other than Apache and Tomcat, those servers also can be configured to support HTTPS. PTC does not, however, provide the HTTPS configuration instructions for these servers and recommends using the documentation provided by the vendor for their products. To enable Windchill to support HTTPS for other Web servers, you would: Use the xconfmanager to set the wt.server.codebase property (in wt.properties) to use HTTPS. This is the same instruction performed for Apache. Restart the Web server, servlet engine and Windchill to effect the changes.

Completing Configurations - Manual Steps

181

Configuring an IBM JDK on AIX


If you are installing your Windchill solution on AIX and are configuring a nonPTC JDK, you must perform the following: 1. Extract the file <Windchill>/opt/ibmjdkjaxp/AIX_JAXP.jar into the <JAVA_HOME>/jre/lib/ext directory. 2. After extacting the AIX_JAXP.jar file, execute the clean_aix_jars.xml Ant script from the <JAVA_HOME>/jre/lib/ext directory using the following command:
ant -f clean_aix_jars.xml

If the command does not succeed, verify that the "ant" command is in your PATH.

Replication
File Server Remote Site Post-installation Post-installation Steps
To perform content replication, you must complete these steps for the master site and File Server sites. Following are the major post-installation steps for the master site and File Server. For detailed a detailed procedure for any of these steps, refer to the corresponding section below. 1. Do one of the following: Option ARegister the File Server with the master site. Option BCreate a remote site representation on the master site. 2. Create remote hosts, vaults, and folders. 3. Mount and enable the folders. 4. Start the remote site. Following these steps, a troubleshooting section appears to help resolve configuration errors. Step 1, Option A: Register the File Server with the Master Site. Register the File Server using the File Server Management utility, available from Site Utilities File Server Administration . For more information, see the topic Registering a New File Server with the Master Site in the online help, available from File Server Management .

182

Windchill Installation and Configuration Guide

Step 1, Option B: Create a Remote Site Representation on the Master Site 1. On the master site, select Utilities File Server Administration Site Administration , available from Site , Libraries , and Products . The Site Management window appears.

Note The label (This Installation) appears after the site name in the Site Management window for the site to which you are currently connected. System software ensures that the automatically generated site labeled (This Installation) can continue serving its role in the event of a change in the value of the wt.httpgw. url.anonymous property in the wt.properties file. This automatically generated sites URL is the value of the wt.httpgw.url.anonymous property in the wt.properties file. If the value changes, the system assigns the new URL to it, and a warning message is displayed on the master site console. You can configure this site by clicking Update . 2. In the Site Management window, click New . The New Site window opens. 3. Enter the following information:
Field
Site Name

Description The site name must be unique. The string is not case-sensitive and cannot include spaces. A File Server site must be known by the same name to all master sites. The label (This Installation) appears after the site name in the Site Management window for the site to which you are currently connected. Enter the URL. The URL must allow the master site to access the file server site. The URL is the value of the wt. httpgw.url.anonymous property in the wt.properties file of the site that you are creating. It is the URL of the anonymous gateway for the Windchill site. If this URL is the same as the URL of the Windchill site to which you are currently connected, the label (This Installation) appears following the site name in the Site Management window. Select the File Server checkbox.

URL

Site Type

Completing Configurations - Manual Steps

183

Field

Description The Master and File Server options determine which roles the site uses for replication. You can select one, both, or neither of these options.

Context

Description Principal

Site Proximity

Note This field is for the site and organization levels only. Click Select to access the Pick Context window, which lists all possible contexts. Select a context and then click OK . Enter a description of the site. You can use up to 200 characters. Click Select to access the Select Principal window. Use the fields on the Groups and Users tabs to select a principal for the new site. You can move the sites into the order of proximity to the current site being created or updated.
The left box contains a list of all the sites. You can move the sites from this box to the right box using >> and << . The box on the right side indicates the proximity of the other sites to the new site. The site at the top of the list has highest proximity to the new site. You can move a site up or down the list with Move Up , Move Down , Move Top , and Move Bottom .

4. Click OK . The new site appears in List of Sites table in the Site Management window. 5. Click Close to close the Site Management window.

Note If you need to update an existing site, select the site in the Site Management window and then click Update .

184

Windchill Installation and Configuration Guide

Step 2: Create Remote Hosts, Vaults, and Folders You create hosts, vaults, and folders for replication. You must create a host first, then a vault, and then folders. Before you create and mount folders, you must manually create a folder on the remote site. The master site must be able to read from and write to the folder. Before you begin this step, you must create at least one folder for each file vault that will be created in the following procedure. Create this folder now.

Caution Each folder must be mounted to a unique physical location. If this is not done, permanent data loss will occur.
You create remote hosts, vaults, and folders from the Vault Configuration window. To access this window, select Utilities File Server Administration Vault Configuration , available from Site , Libraries , and Products . Creating a Remote Host Creating a host associates a site with a host on the network. A host is a machine on your network, on which Windchill Method Server is running, that can be used to store content files. Since method servers may run on different hosts, each folder should have a different mount for each host. If this is not done, the paths might not be identical. However, the location for all mounts for a folder should be the same.

Note The system does not check that the DNS name that you enter for the host is a valid DNS name.
To create a host: 1. From the Vault Configuration window, select File New Host . The New Host window opens. 2. Enter the DNS name for the host in the Host Name field. (There cannot be any blank values in the name.) The host name appears in the wt.properties file on the remote site server (java.rmi.server.hostname).

Note The system does not verify that the DNS name that you enter is valid. 3. Select the remote site from the Site list. 4. Click OK .

Completing Configurations - Manual Steps

185

Creating a Remote Vault A vault is a logical context for folders, each of which represents a storage location on a host machine. A remote vault is a vault on a File Server rather than master site. PTC recommends one vault for each remote server for content replication.

Note Creating a cache vault on the File Server site is preferable because remote users can upload content to this vault much faster. However, the existence of a cache vault on a Windchill File Server is not a necessity for replicating contents to that site.
To create a remote vault: 1. From the Vault Configuration window, select File New Vault . The New Vault window opens. 2. Enter the following information: Field
Site Name

Vault type

Description Select the File Server from the list. Enter a vault name. The name you specify must be unique among the vaults defined for all sites. Select one of the following:
Master Vault Stores (revaulted)

master copies of content files. Replica vault Stores replicated content files. Cache vault Stores uploaded files until they are revaulted to their permanent storage locations. If you select this vault type, the vault is used as the local cache vault for the site. Only one cache vault is allowed for each site. All vault types are supported on both main sites and File Server sites.

Default system target (for a master vault) or Default target for site (for a

replica or cache vault)

Note Vaults are enabled by default at creation. You can select this checkbox, but you cannot directly clear it. Because there must always be a default target for the site (replica or cache vault) or default
Windchill Installation and Configuration Guide

186

Field

Description system target (master vault), the checkbox is cleared automatically when you designate another vault as the default target. Every site must have one vault that is its default target. When a master vault is designated as the default system target, and when the wt.fv.useVaultsForAllContent property is true, the vault becomes the destination for revaulting operations for content not covered by revaulting rules. When a replica or cache vault is designated as the default target for a site, it becomes the target of replication operations when the target vault has not been explicitly specified. Do not select this checkbox. If you do, the vault is not available for storing uploaded or replicated content files. Leave this checkbox selected. When this checkbox is selected, a folder is automatically created when an existing folder reaches its capacity (number of files). This checkbox is selected by default.

Read only

Automatic folder creation

Automatic cleanup of older content

Note This option is available only for replica and cache vaults.

Note For this option to work, you must have manually created and mounted a root folder. Select this checkbox if appropriate. When this checkbox is selected, automatic cleanups are performed on this vault according to the rules and schedule that are specified in the
Automated cleanup of replica vaults

Completing Configurations - Manual Steps

187

Field 3. Click OK .

Description window.

Note You can create only one cache vault per Windchill File Server for replication.
Creating a Remote Folder Creating a folder establishes a storage location and associates the location with a vault.

Note Creating a cache vault on the File Server site is recommended because remote users can upload content to this vault much faster. However, the existence of a cache vault on a Windchill File Server is not a necessity for replicating contents to that site.
To create a folder: 1. From the Vault Configuration window, select File New Folder . The New Folder window opens. 2. Enter a unique name for the folder in the Name field. 3. Select a vault from the Vault list.

Note Do not select the Read Only checkbox. If you do, the folder is not available for storing uploaded or replicated content files. 4. Click OK .
Before content can be replicated to a vault, at least one of its folders must be mounted and enabled in the next step. Step 3: Mount and Enable the Folders After you have defined vaults and folders for the site and specified its hosts, you must specify the location of the storage partition to which content will be replicated. You do this by defining the mount for each combination of folder and host for the site. To mount a folder: 1. In the left pane of the Vault Configuration window, expand a cabinet that holds folders and then select the folder. 2. Select Object Mount . The New Mount window opens. 3. Select a host from the Host list. 4. Specify the path to the folder path in the Path field.
Windchill Installation and Configuration Guide

188

5. Click OK . 6. Select the folder and then select Object Update . The Update Folder window opens. 7. Select the Enabled checkbox and then click OK . Step 4: Start the Remote Site Starting a remote site server is similar to starting a standard Windchill server. To start the remote site: 1. Start the web server, servlet engine, and method server on the remote site computer. 2. Start Windchill in one of the following ways: Using an MS-DOS command prompt, in the <Windchill>/bin directory, enter the following:
windchill start

On the Windows Start menu, select Programs Windchill Windchill


Method Server .

Troubleshooting the Configuration This section describes both the properties and services in the wt.properties file that are relevant to Windchill content replication. If replication configuration contains an error, log files created by the services provide information for troubleshooting. The log files show all the interactions between master sites and remote sites. In the case of some errors, the log files list suggestions to solve the problem. To Check the Configuration 1. Enable verbose logging for wt.fv and wt.fv.master (wt.fv.verbose=true wt.fv. master.verbose=true) packages on the master site and wt.fv.replica package (wt. fv.replica.verbose=true) on the remote site. 2. Ensure that the replica folders are not readonly and that they are enabled. 3. Restart the remote site method server. Immediately following startup, you should see a line in the log files stating that the remote site has requested configuration from the master site. Several lines below, there should be a response message specifying the received configuration. Verify that this configuration makes sense. 4. Restart the master site method server. Immediately following startup, you should see a line in the log files stating that the master site has attempted to refresh the configuration of the remote site. Check the remote site MethodServer.log file to verify that the configuration was received.

Completing Configurations - Manual Steps

189

Manually Configuring Services In File Server remote sites, the remote Windchill site does not have access to an Oracle instance and runs with a minimal set of services. Only the services required for content replication are started. Rather than the usual 67 or more services, only the 5 services pertaining to replication are configured. Verify that the services section contains the following:
wt.services.service.1=wt.fv.replica.ReplicaService/wt.fv.replica. StandardReplicaService

wt.services.service.2=wt.fv.replica.ReplicaServiceSvr/wt.fv. replica.StandardReplicaService

wt.services.service.3=wt.wrmf.delivery.ShippingService/wt.wrmf. delivery.StandardShippingService

wt.services.service.4=wt.wrmf.delivery.ReceiverService/wt.wrmf. delivery.StandardReceiverService

wt.services.service.5=wt.wrmf.transport.GenericTransportService/ wt.wrmf.transport.StandardGenericTransportService

The method server and server manager should now launch successfully. The POM messages that normally appear when the method server starts are not displayed, and registering with the server manager is significantly quicker than in a full Windchill installation.

Creating Installer Zip Files


If Enable Remote File Server Support was not selected during the solution installation, you must manually create File Server ZIP files to set up a File Server installation. This can be done after the solution installation is complete. A ZIP and MD5 checksum of the following installers must reside in the ZIP repository (<Windchill>/codebase/CCSTools/install) to provide the full required set of downloadable installers: Java SDK LDAP Server

190

Windchill Installation and Configuration Guide

Web Server Servlet Engine Info*Engine Server Windchill Services PTC Solution Installer

Note Windchill Services Apache and Tomcat must share a common directory when they are unzipped, for example CD_CAPPS/Apache and CD_CAPPS/Tomcat. To ensure that this structure is preserved in the ZIP files, Apache and Tomcat must be individually copied into a separate CD_CAPPS folder and this folder must be referenced when calling createZip.xml.
The script needed to perform these tasks can be found here: <Windchill>/bin/CCSTools/createZip.xml The script must be run from <Windchill>/bin/CCSTools for each CD image in this format:
ant f createZip.xml -Duser.install.dir=<val> -Dsource_image.dir=<val>

where <val> is: user.install.dirThe installation of the Windchill solution to store the ZIP repository source_image.dirThe ZIP file of an installer to add to or update the repository For example:
D:\ptc\PJL\Windchill\bin\CCSTools\>ant -f createZip.xml Duser.install.dir=D:\ptc\PJL\Windchill -Dsource_image.dir=E:\

The result should be <installer_name>.zip and <installer_name>.zip.MD5 files in <Windchill>/codebase/CCSTools/install for each CD.

Note The PTC Solution Installer CD image requires additional preparation steps before it is ready to be zipped. First, the CD contents must be copied to a local location. Then, the override_standardRules.properties filemust be created and placed in the <copied_location>/Disk1/InstallerData/psi directory. This entry must then be added to the file and saved: RULES_OVERRIDE=ccs_installerRules.xml The local modified version of the PTC Solution Installer (PSI) must be referenced by the source_image.dir property referenced above when constructing the zip files.

Completing Configurations - Manual Steps

191

Installing the File Server


With the ZIP and MD5 files available and in their proper location, they can be downloaded from a remote site. Once all ZIP files are downloaded, unzip all of the images into a common location and run the unzipped PTCSolnInstaller image. To unzip in Windows, you can use WinZip (or a similar application) or the built-in Windows .zip functionality. For UNIX, unzip <file name> can be used. You may need to install the unzip functionality. When the PSI is started, select the Solution scenario, choose File Server as an installation option, and point the staging area to the location containing all of the unzipped images.

Note All of the CD images must be unzipped before they can be recognized by the PSI staging area.
Begin the installation.

Updating the File Server


Maintenance updates for a remote File Server are required when maintenance releases or patches are applied to the master site. The updates are delivered by a file named CcsDsu.zip that contains all the necessary updates for a maintenance release. If Enable Remote File Server Support was selected when the solution was installed, this ZIP file is generated on the master site when the maintenance updates are applied. You must download the ZIP file to the remote File Server before it can be applied. The ZIP file resides in the following location on the master site: <Windchill>/codebase/CCSTools/update. If you have completed the master site update and the autoManageCCS property in the wt.properties file is set to true, then broadcast the file server configuration to automatically download the ZIP file to the following location on the file server: <Windchill>/bin/CCSTools/update. If the autoManageCCS property is set to false, you must manually download the ZIP file to this location from the File Server Management utility, available from Site Utilities File Server Administration .

Note If you are updating an existing file server installation, you must first update the third party products (Java, Apache, Tomcat) for the file server.
After you download the ZIP file to the appropriate location on the file server, you must update the existing standalone products on the file server with PSI before you restart Windchill on the file server to apply the update.

192

Windchill Installation and Configuration Guide

After you have successfully installed the Ccs.Dsu.zip file, and you are updating the file server for the first time from 10.0 F000, or 10.0 M010, or 10.0 M020 maintenance release to a future release, complete the following steps: 1. Shut down the method servers, server manager, and web server on the file server. 2. From a Windchill shell of the file server, execute the following command: ant -f <WT_HOME>/bin/installModules.xml deploy_module -Drt=true -Ddeclare_xconfs.skip=true If the master is on HTTPS and the Java on file server was updated with the same version as the master, manually add the certificate to the Java Keystore on the file server. Otherwise, no certificate needs to be added. Updating Existing Standalone Products on the File Server 1. Shut down the method servers, server manager, and web server on the file server. 2. After applying the update on the master and restarting it, check the content of File Server Management inside the Windchill page from Site Utilities File Server Administration to see if the standalone products have been updated (verify their date). 3. If the standalone products have been updated, download the standalone product ZIPs as well as the PSI ZIP from the master server and extract them into the staging area. 4. Run PSI located on the staging area and select Update Existing Installation . 5. Select the instance of the file server to be updated. 6. Select Standalone Products or Components Only . 7. Provide the location of the staging area for PSI to install the standalone products update. 8. Click Next until you reach the end of the last panel for running the installation. Manually Generating the CCSDsu.zip CCSDsu.zip File (If Necessary) If Enable Remote File Server Support was not selected during the initial solution installation, this ZIP file does not exist after applying the maintenance updates, so you must generate it manually. An ANT script that handles this task resides in the following location: <Windchill>/bin/CCSTools/create_ccsdsu.xml. This script creates the CcsDsu.zip file based on a BOM (bill of materials). It maintains a cumulative BOM, <wt_home>/codebase/CCSTools/CcsDsuBom.include, with which any future BOMs are merged.

Completing Configurations - Manual Steps

193

To generate the ZIP file, run the following command from a Windchill shell:
ant -f <Windchill>/bin/CCSTools/create_ccsdsu.xml -Dinstall.files.maint=true <params>

where <params> are: -Dccsdsubom_include (optional)Any alternative BOM file with contents relative to <wt_home>. This points to a BOM of contents to append to the CcsDsu.zip. -Dccsdsu_exclude_list (optional)A regular expression-based list containing any files to exclude from the DSU. It defaults to <wt_home>/installer/wnc/ccsdsu_regex_exclude_list.txt ).

The script runs and generates the CcsDsu.zip and a corresponding MD5 checksum file in the <Windchill>/codebase/CCSTools/update directory. This DSU is downloaded to the remote File Server. Ensure that the ZIP file is placed in the same location as the master site: <Windchill>/codebase/CCSTools/update. The DSU is applied when Windchill is restarted on the File Server.

Note When applying an update (a patch or maintenance release) to a master site that has a cluster setup, the patch is applied to each the node in the cluster individually. However, for the CCS (File Server) automatic update to function properly, the files in the <Windchill>/codebase/CCSTools/update directory in the master node (background method server) of the cluster must be copied to the <Windchill>/codebase/CCSTools/update directory of each node in the cluster. This is essential to ensure that the CCSDsu.zip and its CCSDsu.zip.MD5 files on all nodes are exactly the same.

Updating an Existing File Server Installation Automatically


If your system is set up to update existing File Server installations automatically when the master site is updated with a maintenance release or patch, the following process begins once the Site Manager on the master site has prepared the information and files, performed an update on the site, and restarted that site: 1. The master site notifies the File Server of the need to update. 2. The site is set to readOnly status. 3. The master site sets the status modifier on the File Server to Update in Progress status. 4. Each File Server recognizes the need to update itself. 5. The master site pushes the update to the File Server.

194

Windchill Installation and Configuration Guide

6. The status modifier changes to Restart Required status. 7. The system sends notifications to appropriate managers asking them to perform the restart. 8. If updated versions of standalone products and PSI are available, you must update the existing standalone products on the file server with PSI before restarting Windchill on the file server to apply the update. 9. The restart is performed. 10. The File Server updates itself during the restart. 11. The master site does the following: Verifies the File Server release level Removes the Restart Required status modifier from the File Server Removes the readOnly status from the site

Updating an Existing File Server Installation Manually


If your system is not set up to update existing File Server installations automatically when the master site is updated with a maintenance release or patch, you must manually update each File Server site: 1. Shut down all Windchill-related server applications, including the method servers, web server, servlet engine, and server manager, and exit all Windchill shells. 2. If updated versions of standalone products and PSI are available, you must update the existing standalone products on the file server with PSI before executing the install_ccsdsu.xml file. 3. Open a system console and navigate to the <Windchill>/bin/CCSTools directory. 4. Using ANT, execute the script file install_ccsdsu.xml as follows:
ant -f install_ccsdsu.xml

Note If ant -f install_ccsdsu.xml fails on the first attempt, run it again to successfully complete the update process. 5. Move the contents of the directory <Windchill>/codebase/CCSTools/update directory to the <Windchill>/codebase/CCSTools/Completedupdate directory, overwriting the files in the destination folder. 6. Once the execution completes, start Windchill.

Completing Configurations - Manual Steps

195

Installing and Registering a File Server Directly from a Maintenance Release


To install and register a File Server directly from a maintenance release: 1. Download the PTC Service Pack Update (CCSDsu.zip) to the server where File Server resides, storing it in the <Windchill>/codebase/CCSTools/update folder. 2. Restart the File Server to apply the update. If you have problems starting the File Server, manually apply CCSDsu.zip using the procedure described in the Updating an Existing File Server Installation Manually section of the Windchill Installation and Configuration Guide. 3. Configure the File Server and register it with the master site. 4. After registration, the status for File Server changes to Restart Required. On the File Server, move the CCSDsu.zip file from <Windchill>/codebase/CCSTools/update to <Windchill>/codebase/CCSTools/completedUpdate. 5. Restart the File Server to remove the Restart Required status.

Configuring Solaris and HP-UX HP-UX to Use a 64-bit 64-bit Virtual Machine
When propagating Windchill properties values with xconfmanager, the xconfmanager tool automatically configures certain configuration values. It bases the configuration on whether the JVM is 32-bit or 64-bit. For all platforms except Solaris and HP-UX, a separate JVM is used for 32-bit and 64-bit installations. For Solaris and HP-UX, the same JVM installation contains support for both 32-bit and 64-bit JVMs. The xconfmanager tool presents a warning if a memory heap size value is used that is higher than the recommended values for each platform. For Solaris and HP-UX, xconfmanager automatically configures and adds the -d64 flag necessary to support a 64-bit VM when configuring a larger heap size. Additionally, the wt.jdk.memoryModel property can be explicitly set to the values "32" or "64" to override this auto-detection and force the use of a 32 or 64bit VM.

Configuring a Database Application User


A database installation user is used to create the database schema and load required data. A database application user executes transactions from Windchill. If you did not create a database application user during installation and do not intend to use one, you can skip the steps in this section.

196

Windchill Installation and Configuration Guide

If you created a database application user when you installed your Windchill solution with the PTC Solution Installer, perform the following steps to complete the configuration: 1. From a Windchill shell, execute the following commands to modify Windchill db.properties file with appropriate values: xconfmanager -s wt.pom. dbUser=<WINDCHILL_APP_USER_NAME> -t "db/db. properties" -p xconfmanager -s wt.pom. dbPassword=<WINDCHILL_APP_USER_PASSWORD> -t "db/db. properties" -p xconfmanager -s wt.pom. dbSchemaUser=<WINDCHILL_INSTALL_USERNAME> -t "db/ db.properties" p 2. Start Windchill and its related services. From the method server output, verify that the database application user name <WINDCHILL_APP_USER_NAME> has been used for the database connection. If you did not create a database application user when you installed your Windchill solution, you can create one after the PTC Solution Installer (PSI) finishes installing your solution by using database-specific scripts and the database client. The database client must either be installed on the Windchill server or the script should be copied and executed from the database server. Use the following steps to manually create the database application user: Oracle 1. Open a Windchill shell. 2. Change the directory to <Windchill>\db\sql (or sql3). The script is located in both folders, and they are not dependent on single or multi-byte Windchill configuration. 3. Using the Sqlplus utility, log in to the Windchill database as a database administrative user.

Note Users executing the following script must have read/write privileges on the <Windchill>\db\sql (or sql3) folder.

Completing Configurations - Manual Steps

197

4. Execute the create_wc_app_user.sql file to create an application user, a database role, and an after login trigger.

Note PTC recommends creating the application user and role by appending the Windchill maintenance release version to the name; for example, WindchillAppUser_10M0XX, WindchillAppRole_10M0XX. This will help uniquely identify the names and correlate them with the target Windchill version.
The following is an example of the script execution output:
Windchill Install database User Name: <WINDCHILL_INSTALL_USERNAME> Windchill Application database Role Name: <WINDCHILL_APP_DATABASE_ROLE> Windchill Application database User Name: <WINDCHILL_APP_USERNAME> Windchill Application database User Password: <WINDCHILL_APP_USER_PASSWORD> Default Tablespace Name: users Temporary Tablespace Name: temp

5. Verify that the application user and role was created correctly by logging on to the database as that user. 6. From a Windchill shell, execute the following commands to modify Windchill db.properties file with appropriate values: xconfmanager -s wt.pom. dbUser=<WINDCHILL_APP_USER_NAME> -t "db/db. properties" -p xconfmanager -s wt.pom. dbPassword=<WINDCHILL_APP_USER_PASSWORD> -t "db/db. properties" -p xconfmanager -s wt.pom. dbSchemaUser=<WINDCHILL_INSTALL_USERNAME> -t "db/ db.properties" p 7. Start Windchill and its related services. From the method server output, verify that the database application user name <WINDCHILL_APP_USER_NAME> has been used for the database connection. SQL Server 1. Open a Windchill shell. 2. Change the directory to <Windchill>\db\sqlserver.

198

Windchill Installation and Configuration Guide

3. Execute the batch file D:\ptc\Windchill\db\sqlServer> create_wc_app_user.bat to create an application user and a database role.

Note Users executing the following script must have read/write privileges on the <Windchill>\db\sqlserver folder. Note PTC recommends creating the application user and role by appending the Windchill maintenance release version to the name; for example, WindchillAppUser_10M0XX, WindchillAppRole_10M0XX. This will help uniquely identify the names and correlate them with the target Windchill version.
The following is an example of the script execution output: SQL Server Host Name: <DB_HOST_NAME> SQL Server Instance Name (for Named Instance only): <DB_INSTANCE_NAME> SQL Server Admin User name (default is sa): Password for user sa: manager <SA_PASSWORD> Windchill Install Database User Name: <WC_INSTALL_USERNAME> Default database name for user <WC_INSTALL_USERNAME>: <DEFAULT_DB> Windchill Application Database Role Name: <WC_APP_DATABASE_ROLE> Windchill Application Database User Name: <WC_APP_USERNAME> Windchill Application Database User Password: <WC_APP_USER_PASSWORD>
SQL Server Host Name: SQL Server Instance Name (for Named Instance only): SQL Server Admin User name (default is sa): Password for user sa: Windchill Install Database User Name: Windchill Install Database User Name: Default database name for user s: Windchill Application Database Role Name: Windchill Application Database User Name: Windchill Application Database User Password:

4. Verify that the application user and role was created correctly by logging on to the database as that user. 5. From a Windchill shell, execute the following commands to modify Windchill db.properties file with appropriate values:

Completing Configurations - Manual Steps

199

xconfmanager -s wt.pom. dbUser=<WINDCHILL_APP_USER_NAME> -t "db/db. properties" -p xconfmanager -s wt.pom. dbPassword=<WINDCHILL_APP_USER_PASSWORD> -t "db/db. properties" -p xconfmanager -s wt.pom. dbSchemaUser=<WINDCHILL_INSTALL_USERNAME> -t "db/ db.properties" p 6. Start Windchill and its related services. From the method server output, verify that the database application user name <WINDCHILL_APP_USER_NAME> has been used for the database connection.

200

Windchill Installation and Configuration Guide

9
Windchill Integrations for EmEmbedded Software
Defect Tracking Systems [Integrity (DTS), Bugzilla and Atlassian JIRA] Server Configuration ....................................................................................................... 202 Software Configuration Management Systems [Integrity Source (SCM), Subversion and IBM Rational ClearCase] Server Configuration ................................................. 202

Windchill Integrations for Embedded Software is a PTC product solution with the following optional server integrations: Windchill Integration for Bugzilla Windchill Integration for IBM Rational ClearCase Windchill Integration for Atlassian JIRA Windchill Integration for Subversion Windchill Integration for Integrity Windchill Integration for Software Build Tools Windchill Integration for Eclipse Selecting the product solution Windchill Integrations for Embedded Software Selecting the optional integrations for Windchill Integrations for Embedded Software

The Windchill Integrations for Embedded Software product solution consists of:

The Windchill Integrations for Embedded Software installation consists of:

Perform all applicable post-installation steps before using the Windchill Integrations for Embedded Software for your integration[s].

201

Defect Tracking Systems [Integrity (DTS), Bugzilla and Atlassian JIRA] Server Configuration
There are no server post-installation steps for the Defect Tracking System (DTS) adapters, Integrity (DTS), Bugzilla and Atlassian JIRA. Refer to the Windchill Help Center, Integrated Software Management Software Defect Tracking Integrations Administration for information on how to setup and manage DTS adapters.

Software Configuration Management Systems [Integrity Source (SCM), Subversion and IBM Rational ClearCase] Server Configuration
There are no post-installation steps for the Software Configuration Management System adapters, Integrity Source (SCM) and Subversion. This section contains the necessary server post-installation steps for the Software Configuration Management (SCM) adapter, IBM Rational ClearCase. Refer to the Windchill Help Center, Integrated Software Management Software Configuration Management Integrations Administration for information on how to setup and manage SCM adapters.

IBM Rational ClearCase Configuration


This section contains the remote IBM Rational ClearCase adapter configuration steps that must occur after you have installed the Windchill Integrations for Embedded Software server software with IBM Rational ClearCase and before you begin using the Windchill Integrations for Embedded Software system.

Note There are no post installation procedures when performing an initial installation of Windchill in a Windows environment and when IBM Rational ClearCase is installed on the same machine that Windchill is installed.

202

Windchill Installation and Configuration Guide

Refer to the IBM Rational ClearCase Installation and Configuration section in the Windchill Help Center and in the Windchill Integration for Software Configuration Managements Systems Administrator s and User s Guide for information on how to: Create, edit, and delete IBM Rational ClearCase adapters. Check the status of IBM Rational ClearCase adapters. View the IBM Rational ClearCase adapter information page. Manage context associations of IBM Rational ClearCase adapters. Manage configuration specifications (config specs) and views for IBM Rational ClearCase adapters.

Step 1 Run Windchill Loader


Load administrative data required for IBM Rational ClearCase. This step is only performed if you did not create the database schema and load administrative data during the installation (see step 11). Create database schema and load administrative data required for this product.

Note If administrative data was not loaded by the installer, load the required administrative data. This loads context templates, preferences, and access control rules required by IBM Rational ClearCase.
windchill wt.load.WindchillLoader -Application=Windchill.SoftwareConfigMgmtIntegration

Step 2 Starting IBM Rational ClearCase on a Remote Server


Perform these steps when IBM Rational ClearCase is installed remotely, or if you have a need to run an IBM Rational ClearCase adapter in a separate Java Virtual Machine (JVM) than the Windchill Method Server. This section explains how the IBM Rational ClearCase adapter can be configured to run on the a different JVM than the Windchill JVM. Installing Files For an IBM Rational ClearCase Adapter The following section explains how to install files for the IBM Rational ClearCase adapter on the remote machine.

Windchill Integrations for Embedded Software

203

1. Create directory ADAPTER_HOME on the machine where the IBM Rational ClearCase adapter will be run, for example D:\SCMI-OOP. 2. Access the Software Downloads page from the Windchill Quick Links dropdown list. 3. Copy the cc.zip file from the PTC software downloads page to your machine. Editing the bat file to start the IBM Rational ClearCase adapter The following section explains how to install files for the IBM Rational ClearCase adapter on the remote machine. 1. Copy startCCADapter.bat contained in cc.zip to the <ADAPTER_HOME> directory. 2. Edit startCCADapter.bat. 3. Specify the following values: ADAPTER_HOME specify the directory where all the jar files from cc. zip file were extracted, as described above. For example:
set ADAPTER_HOME=D:\SCMI-OOP

JAVA_HOME specify the location of JDK (on the machine where the IBM Rational ClearCase adapter will be running). JDK version 1.5 should be installed on the client machine. For example,
set JAVA_HOME=c:\jdk\jdk1.5_0_06

ADAPTER_NAME specify the name of the IBM Rational ClearCase adapter that created in Windchill. For example,
set ADAPTER_NAME=$WC.com.ptc.swlink.scm.defaultAdapter$

Note Also verify that IEPROPFILE, IENAMINGSERVICENAME all have correct values as described in the comments of the startCCAdapter.bat file.
install.jar add install.jar to the classpath, where all classpaths are set. For example,
set CLASSPATH=%SCM_HOME%\install.jar;%CLASSPATH% set CLASSPATH=%SCM_HOME%;%CLASSPATH%

wt.home add a wt.home property to the java command, under the comment
rem The following line starts the scm adapter as a standalone process".

204

Windchill Installation and Configuration Guide

For example,
%JAVA_HOME%\bin\java.exe -cp "%CLASSPATH%" -DpropFile="%IEPROPFILE%" -DruntimeServiceName="%ADAPTER_NAME%" -DserviceName="%ADAPTER_NAME%" -DnamingServiceName="%IENAMINGSERVICENAME%" -Dwt.home="%SCM_HOME%" com.ptc.windchill.scm.adapter.clearcase. CcMultithreadedAdapter

Example startCCAdapter.bat:
@echo off rem Start up script for Windchill Integrations for rem Embedded Software IBM Rational ClearCase Adapter

rem ***************************************** rem User configured properties rem set rem set rem rem set set JAVA_HOME to the install location of the JDK JAVA_HOME= set ADAPTER_HOME to the directory where the file cc.zip was extracted ADAPTER_HOME= ADAPTER_NAME should be the set to the name the ClearCase adapter that you created in Windchill Integrations for Embedded Software. ADAPTER_NAME=$WC.com.ptc.swlink.scm.defaultAdapter$

rem *****************************************

rem rem rem rem set rem rem rem set

IEPROPFILE should look like.. ldap://cn=manager:manager@test.ptc.com/dc=IeProps,dc=test... and should be the same as 'seeAlso' value seen in the file WT_HOME\codebase\WEB-INF\ie.properties IEPROPFILE=$WC.com.ptc.swlink.scm.iepropfile$ IENAMINGSERVICENAME should be the same as the value of wt.federation.ie.namingService in WT_HOME\codebase\wt.properties IENAMINGSERVICENAME=$WC.com.ptc.swlink.scm.ccConfig.host2$.namingService

set SCM_HOME=%ADAPTER_HOME% set set set set set set CLASSPATH=%JAVA_HOME%\lib\tools.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%\servlet.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%\ie3rdpartylibs.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%\ieWeb.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%\jmxcoreWeb.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%\wc3rdpartylibs.jar;%CLASSPATH%

Windchill Integrations for Embedded Software

205

set set set set set

CLASSPATH=%SCM_HOME%\CommonCore.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%\MetaSpecCommon.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%\cc.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%\install.jar;%CLASSPATH% CLASSPATH=%SCM_HOME%;%CLASSPATH%

title SCM Adapter echo ------------------------------------------------------------------------------echo Starting SCM Adapter echo. echo JAVA_HOME = %JAVA_HOME% echo ADAPTER_HOME = %ADAPTER_HOME% echo ADAPTER_NAME = %ADAPTER_NAME% echo. echo CLASSPATH = %CLASSPATH% echo. if not exist %JAVA_HOME%\bin\java.exe ( echo ERROR: Cannot find Java command - check JAVA_HOME value echo. pause exit ) if not exist %ADAPTER_HOME% ( echo ERROR: %ADAPTER_HOME% does not exist - check ADAPTER_HOME value echo. pause exit ) rem The following line starts the scm adapter as a standalone process rem %JAVA_HOME%\bin\java.exe -cp "%CLASSPATH%" -DpropFile="%IEPROPFILE%" rem -DruntimeServiceName="%ADAPTER_NAME%" -DserviceName="%ADAPTER_NAME%" rem -DnamingServiceName="%IENAMINGSERVICENAME%" -Dwt.home="%SCM_HOME%" rem com.ptc.swlink.scm.adapter.clearcase.CcMultithreadedAdapter pause

Starting the IBM Rational ClearCase Adapter The final step is the start the IBM Rational ClearCase Adapter. Once the adapter is running, start the Windchill server, servlet engine.

206

Windchill Installation and Configuration Guide

1. Using the startCCADapter.bat file, start the IBM Rational ClearCase adapter on the machine where it is to be run. 2. Once the adapter is started, start the Windchill server, servlet engine. The IBM Rational ClearCase adapter should now be successfully configured and running remotely.

Windchill PDMLink
The following describes the post-installation procedures that are needed to complete an installation of Windchill PDMLink. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/pdml/DDLBasic/Make_module_DDLBasic.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>"

Windchill Integrations for Embedded Software

207

wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/pdml/DDLBasic/Make_module_DDLBasic.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.PDMLink -Unattended -AbortOnError

Windchill ProjectLink
The following describes the post-installation procedures that are needed to complete an installation of Windchill ProjectLink. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs="-Dwt.tools.sql.autoCommit=true

208

Windchill Installation and Configuration Guide

-Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/pjl/ ChangePlanning/Make_module_ChangePlanning.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/pjl/ProjectManagement /Make_module_ProjectManagement.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/pjl/ChangePlanning/ Make_module_ChangePlanning.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/pjl/ProjectManagement/ Make_module_ProjectManagement.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.ProjectLink -Unattended -AbortOnError

Windchill CAPA
The following describes the post-installation procedures that are needed to complete an installation of Windchill CAPA.

Windchill Integrations for Embedded Software

209

Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/qms/Masterdata/ Make_module_Masterdata.sqlwindchill --java=%JAVA_HOME%/bin/java.exe --javaargs="-Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/capa/CAPA/Make_module_CAPA.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/qms/Masterdata/ Make_module_Masterdata.sqlwindchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool

210

Windchill Installation and Configuration Guide

%WT_HOME%/db/sql3/capa/CAPA/Make_module_CAPA.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.QualityManagement.QMS -Unattended -AbortOnError windchill wt.load.WindchillLoader -Application=Windchill.QualityManagement.CAPA -Unattended -AbortOnError

Windchill Nonconformance
The following describes the post-installation procedures that are needed to complete an installation of Windchill Nonconformance. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema:

Windchill Integrations for Embedded Software

211

Non Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs="-Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/qms/Masterdata/Make_module_Masterdata.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.dbUser=<username> -Dwt.tools. sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/nc/NC/Make_module_NC.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.dbUser=<username> -Dwt.tools. sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/qms/ DispositionServer/Make_module_DispositionServer.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs="-Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/qms/Masterdata/Make_module_Masterdata.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.dbUser=<username> -Dwt.tools. sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/nc/NC/Make_module_NC.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/qms/DispositionServer/ Make_module_DispositionServer.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.QualityManagement.QMS -Unattended -AbortOnError

Windchill Customer Experience Management


The following describes the post-installation procedures that are needed to complete an installation of Windchill Customer Experience Management.

212

Windchill Installation and Configuration Guide

Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools. sql.SQLCommandTool %WT_HOME%/db/sql/qms/Masterdata/Make_module_Masterdata.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/cem/CEM/Make_module_CEM.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/qms/Masterdata/Make_module_Masterdata.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>"

Windchill Integrations for Embedded Software

213

wt.tools.sql.SQLCommandTool

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:

Note When manually loading data for Windchill Customer Experience Management, the Windchill.QualityManagement.QMS file must be loaded before loading the Windchill.QualityManagement.CEM file.
windchill wt.load.WindchillLoader -Application=Windchill.QualityManagement.QMS -Unattended -AbortOnError windchill wt.load.WindchillLoader -Application=Windchill.QualityManagement.CEM -Unattended -AbortOnError

Optional Products
This section describes any manual post-installation steps required for the optional products.

Creo View Standard


There are no post-installation steps for this product.

Creo View Thumbnail Generator


There are no post-installation steps for this product.

Windchill ESI
The following describes the post-installation procedures that are needed to complete an installation of Windchill ESI.

214

Windchill Installation and Configuration Guide

Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/esi/Esi/Make_module_Esi.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/esi/Esi/Make_module_Esi.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:

Windchill Integrations for Embedded Software

215

windchill wt.load.WindchillLoader -Application=Windchill. EnterpriseSystemsIntegration -Unattended -AbortOnError

Upgrading Customized Distribution Targets


When a customized distribution target is upgraded to a more recent release of Windchill, it will be labelled as a Distribution Target type. This is because there are no subtypes available for the customized target. After you have migrated your customized distribution targets you need to create the appropriate subtype distribution target using the Type and Attribute Manager . Once the appropriate distribution target subtype has been created you can convert your customized distribution target to the newly created custom subtype. To convert a customized distribution target to a different subtype use the following procedure: 1. Navigate to the Manage Distribution utility, available from Utilities under Organization or Site . 2. Select the customized distribution target and click Change Target Type . 3. Select the appropriate subtype.

Note Once a target has been converted to a subtype the Change Target Type action will no longer be available.

Windchill Product Analytics Process Adapter


The following describes the post-installation procedures that are needed to complete an installation of Windchill Product Analytics Process Adapter. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes.

216

Windchill Installation and Configuration Guide

1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/wii/Environment/Make_module_Environment.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/wii/Environment/Make_module_Environment.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.Environment -Unattended -AbortOnError

Windchill Workgroup Manager


This section contains information about Windchill Workgroup Manager postinstallation server instructions for all 2nd and 3rd party authoring tools integrated with Windchill Workgroup Manager.

Windchill Integrations for Embedded Software

217

Using a File Synchronization-Capable Synchronization-Capable Worker with Windchill Workgroup Manager The following instructions apply to Windchill Workgroup Manager authoring applications using a file synchronizations-capable worker with Windchill Workgroup Manager. These steps are included in the Windchill Workgroup Manager Help Center under Windchill Workgroup Manager Integrations for your individual authoring tool under Using a File Synchronization-Capable Worker with Windchill Workgroup Manager. Also refer to the Windchill Workgroup Manager Administrator s and User s Guide for your authoring tool located in the PTC Reference Documents site. Configuring the Worker and Configuring the Worker on Windows The following instructions apply to Windchill Workgroup Manager authoring applications requiring the configuration of the Worker, and the configuration of the Worker on Windows. These steps are included in the Windchill Workgroup Manager Help Center under Windchill Workgroup Manager Integrations for your individual authoring tool, and in the downloadable PDF for your guide from the PTC Reference Documents site: Configuring the Worker Post-Install Configuration of the Worker on Windows Also refer to Configuring the Worker and Post-Install Configuration of the Worker on Windows located in the Windchill System Administrator s Guide. Run the Windchill Update Existing Installation Procedure When Installing Windchill Workgroup Manager 10.1 M020 with Windchill 10.1 M010, or updating from a prior release of Windchill Workgroup Manager When Installing Windchill Workgroup Manager 10.1 M020 with Windchill 10.1 M010, or updating from a prior release of Windchill Workgroup Manager, you must run the Windchill Update Existing Installation procedure.

Note Installing Windchill Workgroup Manager 10.1 M020 with Windchill 10.1 M010 is supported with AutoCAD, Autodesk Inventor, CATIA V5, NX, and SolidWorks for backward compatibility.
Windchill Workgroup Manager for CATIA V5 For CATIA V5 only, after installing your Windchill solution, and prior to installing Windchill Workgroup Manager client, you must build the CATIA V5 Abstraction Library.

218

Windchill Installation and Configuration Guide

Refer to the Windchill Workgroup Manager for CATIA V5 Administrator s and User s Guide located in the PTC Reference Documents site at PTC Reference Documents. Windchill Workgroup Manager for Arbortext IsoDraw and Windchill Workgroup Manager for Creo Illustrate Ensure that the following mandatory system environment variables are created for Windchill Workgroup Manager for Arbortext IsoDraw and Windchill Workgroup Manager for Creo Illustrate.

Note The following system environment variables must be created before installing the Windchill Workgroup Manager client. Also refer to the Windchill System Administrator's Guide, available at the PTC Document Reference Site for more information.
The system environment variable for the Windchill Virtual File System (VFS), that is installed during the Windchill Workgroup Manager client installation, is PTC_VFS_INSTALL_DIR. This variable allows the user to install VFS at the specified location for the Windchill Workgroup Manager client software. Set the following system environment variable: PTC_VFS_INSTALL_DIR=<any local directory>

Note If you do not set the above variable, then during the Windchill Workgroup Manager client software installation, VFS will install at the default location C: \ProgramFiles\PTC\VFS. Another system environment variable for Windchill Virtual File System (VFS), that is installed during the Windchill Workgroup Manager client software installation is PTC_PLACES_DEFAULT. This variable allows a user to specify the initial location for PTC Place. It is used during the installation of VFS. This system variable can be changed using the PTC Places UI located in the Control Panel and wgmvfsclient.exe utility.
Set the following system environment variable:

Windchill Integrations for Embedded Software

219

PTC_PLACES_DEFAULT=<any local directory>

Note If you do not set the PTC_PLACES_DEFAULT variable, then after the Windchill Workgroup Manager client software installation, the default location for PTC Places becomes <User Profiles>\<username>\PTC Places. If you do not set the PTC_PLACES_DEFAULT variable, the customer cannot choose a default location for PTC Places. Other system environment variables must be set before installing the Windchill Workgroup Manager client software:
PTC_VFS_ROOT=<any local directory> PTC_WLD_ROOT=<any local directory>

Note If you do not set the above variables, then during the Windchill Workgroup Manager client software installation, the folders .ws and .vfs are created under <local drive>\<Users>\<user>\.wwgm. If the .wwgm folder becomes created under the network drive, it will cause a conflict.

Windchill PartsLink Classification and Reuse PostInstallation Steps


The following section describes post-installation steps for Windchill PartsLink Server.

Note There are no post-installation steps for Windchill PartsLink Client.


Creating the Windchill PartsLink Server Schema

Note It is recommended for the PartsLink database user to be different from the Windchill database user.
Oracle To create the Windchill PartsLink server schema: 1. Create a database schema. 2. Open a command prompt or windchill shell.

220

Windchill Installation and Configuration Guide

3. Change the directory of the shell to <PTL_HOME>/db/sql.

Note <PTL_HOME> is the installation directory location set during installation of Windchill PartsLink server. By default, this value is: C:\ptc\Windchill_10.0 \PartsLink. 4. Log in to sqlplus using the installation user name and password created during the database schema creation:
sqlplus <install username>/<install password>@<service id> 5. Execute the database scripts by running: @ptl/PartsLinkService/make_schema.sql To create the application user: 1. 2. 3. 4. Open a command prompt or Windchill shell. Change the directory of the shell to <PTL_HOME>/db/sql. Login to sqlplus as system user. Execute the database scripts by running:

@create_wc_app_user.sql 5. Enter details for the application user. SQL Server To create the Windchill PartsLink server schema: 1. Create a database schema. 2. Copy the following directory and all of its contents to a machine where the sqlcmd tool is available: PTL_HOME/db/sqlServer 3. Open a command prompt or Windchill shell. 4. Go to the sqlServer directory in the command prompt. 5. Log in to the SQLServer schema for the Windchill PartsLink installation syntax: sqlcmd -S <db-hostname>\<db-service> -U <username> -P <password> 6. To create the Windchill PartsLink Server schema objects, run the following command: :r make_partslinkserver_schema.sql

Windchill Integrations for Embedded Software

221

To create the application user: 1. 2. 3. 4. Open a command prompt or Windchill shell. Change the directory of the shell to PTL_HOME/db/sqlServer. Execute the batch file: create_wc_app_user.bat. Enter details for the application user.

Recreating the Windchill PartsLink Server Schema with SOX Compliance

Note It is recommended for the PartsLink database user to be different from the Windchill database user.
Oracle To recreate the Windchill PartsLink server schema with SOX compliance: 1. If you have created the application user, perform the following steps using the database system: a. Open a command prompt or Windchill shell. b. Log on to sqlplus as a system user. c. Drop the PartsLink server database role using the following command: drop role <role name>. d. Drop the PartsLink server application user, using the following command: drop user <user name>. 2. Drop the PartsLink server schema: a. Open a command prompt or Windchill shell. b. Change the directory of the shell to: <PTL_HOME>/db/sql.

Note <PTL_HOME> is the installation directory location set during installation of Windchill PartsLink server. By default, this path is set to C:\ptc \Windchill_10.0\PartsLink. c. Log on to sqlplus using the installation user name and password created during the database schema creation: sqlplus<install user name>/<install password>@<service id>. d. Execute the database scripts by running the following command: @ptl/ PartsLinkService/drop_schema.sql.
To create the application user: 1. Open a command prompt or Windchill shell. 2. Change the directory of the shell to <PTL_HOME>/db/sql.

222

Windchill Installation and Configuration Guide

3. Login to sqlplus as system user. 4. Execute the database scripts by running: @create_wc_app_user.sql 5. Enter details for the application user. SQL Server To create the Windchill PartsLink server schema: 1. If you have created the application user and role, perform the following steps using the database user sa

Note Keep the following in mind: USER_DB: user database name APP_ROLE: application database role name APP_USER: application database user name

USE [USER_DB} GO EXEC sp_droprolemember N'APP_ROLE', N'APP_USER' GO ALTER AUTHORIZATION ON ROLE::[APP_ROLE] TO [dbo] GO ALTER AUTHORIZATION ON SCHEMA::[APP_USER] TO [dbo] GO DROP SCHEMA [APP_ROLE] GO DROP ROLE [APP_ROLE] GO DROP SCHEMA [APP_USER] GO DROP USER [APP_USER] GO USE [master] GO DROP LOGIN [APP_USER] GO

2. Drop the PartsLink server schema: a. Copy the following directory and all of its contents to a machine where the sqlcmd tool is available: PTL_HOME/db/sqlServer. b. Open a command prompt or Windchill shell and go to the sqlServer directory.

Windchill Integrations for Embedded Software

223

c. Log on to SQLServer schema for the Windchill PartsLink installation syntx: sqlcmd -S <db-hostname>\<db-service> -U <username> -P <password>. d. To drop the Windchill PartsLink Server schema objects, run the following command: :r drop_partslinkserver_schema.sql. To create the application user: 1. 2. 3. 4. Open a command prompt or Windchill shell. Change the directory of the shell to PTL_HOME/db/sqlServer. Execute the batch file: create_wc_app_user.bat. Enter details for the application user.

Windchill Ship Building Template


The following describes the post-installation procedures that are needed to complete an installation of Windchill Ship Building. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. To load data run the following command:
windchill wt.load.WindchillLoader -Application=Windchill.WCShipbuildingTemplate -Unattended -AbortOnError

224

Windchill Installation and Configuration Guide

Windchill Gateway for FORAN


The following describes the post-installation procedures that are needed to complete an installation of Windchill Gateway for FORAN. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. To load data run the following command:
windchill wt.load.WindchillLoader -Application=Windchill.WCShipIntegration -Unattended -AbortOnError

Windchill Gateway for Creo Elements/Direct Elements/Direct Model Manager


The following describes the post-installation procedures that are needed to complete an installation of Windchill Gateway for Creo Elements/Direct Model Manager.

Windchill Integrations for Embedded Software

225

Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. To load data run the following command:
windchill wt.load.WindchillLoader -Application=Windchill.CoCreateModelManagerGateway -Unattended -AbortOnError

Windchill MPMLink
Perform the following steps to complete the Windchill MPMLink installation: If Windchill Requirements Management and Windchill MPMLink are installed at the same time The following file needs to be loaded as a post-installation step after the last of either Windchill Requirements Management or Windchill MPMLink is installed on a server with both products installed at the same time:
%<windchill>%\loadFiles\type\ConfigurableDescribeLinkREQLMPML.xml

Enabling Control Characteristics To enable control characteristics you must: Configuring Windchill Properties to Enable Control Characteristics on page 227 Configuring Creo View Options on page 228 Update the Object Adapter Recipe File For Creo Parametric on page 229

226

Windchill Installation and Configuration Guide

Configuring Windchill Properties to Enable Control Characteristics To configure Windchill properties to enable control characteristics use the following procedures: To configure Windchill properties to propagate EPMDocs from the upstream to the downstream part: 1. Navigate to and open the mpmlink.properties.xconf file, found to the following location:
\Windchill\codebase\com\ptc\windchill\mpml\xconfs\mpmlink.properties.xconf

2. Locate the following properties:


Property name="com.ptc.windchill.mpml.copyOver.create.wt.part.WTPart" Property name="com.ptc.windchill.mpml.copyOver.update.wt.part.WTPart"

3. Add the following entries to each property:


WCTYPE|wt.part.WTPart~MBA|describedBy@WCTYPE|wt.epm.structure.EPMDescribeLink WCTYPE|wt.part.WTPart~MBA|buildSource@WCTYPE|wt.epm.build.EPMBuildRule WCTYPE|wt.part.WTPart~MBA|describedBy@WCTYPE|com.ptc.windchill.mpml.pmi. MPMWTPartToEPMDocumentLink WCTYPE|wt.part.WTPart~MBA|characteristic@WCTYPE|com.ptc.windchill. mpml.pmi.MPMPartQualityLink

For example:
<Property name="com.ptc.windchill.mpml.copyOver.create.wt.part.WTPart" default="WCTYPE|wt.part.WTPart~MBA|source,WCTYPE|wt.part.WTPart~MBA| containerReference^WCTYPE|wt.inf.container.WTContainer,WCTYPE|wt.part.WTPart~MBA| partType,WCTYPE|wt.part.WTPart~MBA|describedBy@WCTYPE| wt.epm.structure.EPMDescribeLink,WCTYPE|wt.part.WTPart~MBA|describedBy@WCTYPE |wt.part.WTPartDescribeLink,WCTYPE|wt.part.WTPart~MBA|references@WCTYPE |wt.part.WTPartReferenceLink,WCTYPE|wt.part.WTPart~SCA|ALL_CLASSIFICATION_IBAS,WCTYPE| wt.part.WTPart~MBA|buildSource@WCTYPE |wt.epm.build.EPMBuildRule,WCTYPE|wt.part.WTPart~MBA|describedBy@WCTYPE| com.ptc.windchill.mpml.pmi.MPMWTPartToEPMDocumentLink,WCTYPE|wt.part.WTPart~MBA| characteristic@WCTYPE|com.ptc.windchill.mpml.pmi.MPMPartQualityLink"/> <Property name="com.ptc.windchill.mpml.copyOver.update.wt.part.WTPart" default="WCTYPE|wt.part.WTPart~MBA|source,WCTYPE|wt.part.WTPart~MBA|partType,WCTYPE| wt.part.WTPart~MBA|describedBy@WCTYPE|wt.epm.structure.EPMDescribeLink,WCTYPE| wt.part.WTPart~MBA|describedBy@WCTYPE|wt.part.WTPartDescribeLink,WCTYPE| wt.part.WTPart~MBA|references@WCTYPE|wt.part.WTPartReferenceLink,WCTYPE| wt.part.WTPart~SCA|ALL_CLASSIFICATION_IBAS,WCTYPE|wt.part.WTPart~MBA|choice@WCTYPE| com.ptc.windchill.option.model.ChoiceMappableChoiceLink,WCTYPE|wt.part.WTPart~MBA| describedBy@WCTYPE|com.ptc.windchill.mpml.pmi.MPMWTPartToEPMDocumentLink,WCTYPE| wt.part.WTPart~MBA|buildSource@WCTYPE|wt.epm.build.EPMBuildRule,WCTYPE| wt.part.WTPart~MBA|characteristic@WCTYPE|com.ptc.windchill.mpml.

Windchill Integrations for Embedded Software

227

pmi.MPMPartQualityLink"/>

To convert buildrule links to Inherited links use the following procedure (the default is to convert to Content links): 1. Navigate to and open the mpmlink.properties.xconf file, found to the following location:
\Windchill\codebase\com\ptc\windchill\mpml\xconfs\mpmlink.properties.xconf

2. Locate the following file:


Property name="com.ptc.windchill.mpml.replaceEPMBuildRule.by"

3. Edit the property to read as follows:


<Property name="com.ptc.windchill.mpml.replaceEPMBuildRule.by" default="WCTYPE|wt.part.WTPart~MBA|describedBy@WCTYPE|com.ptc. windchill.mpml.pmi.MPMWTPartToEPMDocumentLink"/>

Note This property controls how EPMBuildRule links (Part-CAD Association type: Owner, Contributing Content, Contributing Image and Image) are copied from an upstream part to its downstream equivalent part when this link type is declared in the copy over framework properties. The default for this property is to convert an upstream EPMBuildRule to a downstream EPMDescribeLink (Part-CAD Association type: Content). It can instead be set to convert an upstream EPMBuildRule to a downstream MPMWTPartToEPMDocumentLink (Part-CAD Association type: Inherited).
To maintain the published representation when iterating parts without iterating the EPM Doc use the following procedure:

Note This procedure is optional. However, if the default (true) is maintained representations may not always appear after you checkout a part.
1. Navigate to and open the wvs.properties.xconf file, found in the following location:
\Windchill\codebase\wvs.properties.xconf

2. Edit the property to read as follows:


<Property value="false" name="publish.copyrepresentationsforward.restrict"/>

ConfiguringCreo ConfiguringCreo Parametric Options To configureCreo Parametric options so that system parameters of designated objects are also automatically designated, use the following procedure:

228

Windchill Installation and Configuration Guide

Navigate to the following option and change the default to yes :


designate_model_item_params

Tip The ask_designate_owners option if set to no , allows you to designate annotation elements without being prompted to also designate the parent annotation. The parent annotation will not be designated.
Update the Object Adapter Recipe File For Creo Parametric The publishing of annotations needs to be enabled in the recipe file for Creo Parametric. If not, model annotations will not appear. For more information on how to do this refer to the Configuring the Creo View Adapter for Creo section of the Creo Elements/View MCAD Adapters Installation and Configuration Guide. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/mpml/MPMLink/Make_module_MPMLink.sql

Multi-byte Multi-byte Installations

Windchill Integrations for Embedded Software

229

windchill --java=%JAVA_HOME%/bin/java.exe --javaargs="-Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/mpml/MPMLink/Make_module_MPMLink.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.MPMLink -Unattended -AbortOnError

Windchill Supplier Management


The following describes the post-installation procedures that are needed to complete an installation of Windchill Supplier Management. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema:

230

Windchill Installation and Configuration Guide

Non Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/suma/SupplierManagement/Make_module_SupplierManagement.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/suma/SupplierManagement/Make_module_SupplierManagement.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.SupplierManagement -Unattended -AbortOnError

Windchill Aerospace and Defense


The following describes the post-installation procedures that are needed to complete an installation of Windchill Aerospace and Defense. Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes.

Windchill Integrations for Embedded Software

231

1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/wadm/wadm/Make_module_wadm.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/wadm/wadm/Make_module_wadm.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.WADM -Unattended -AbortOnError

Windchill PLM Connector


This section explains how to configure Windchill PLM Connector with the Windchill server. The following procedures are contained in this section: Create Attributes (optional procedure) Discourage modification of imported packages on the Windchill server (optional procedure).

232

Windchill Installation and Configuration Guide

Register Windchill PLM Connector service on the Windchill server (only necessary when Windchill ProjectLink is installed with Windchill PDMLink). Manually Loading Data and Database Schema

Create Attributes After you have installed Windchill PLM Connector, you can optionally configure attributes in Windchill to show the source system name and source object version of imported objects. These attributes are: SOURCE_PDMSYSTEM_NAMEShows the name of the source Windchill system. SOURCEVERSIONShows the version of the object on the source Windchill system. The source and target versions are different if the source and target Windchill systems use different versioning schemes. For example, the version could be 1.10 on the source system and A.1 on the target system. AWindchill Site or Organization administrator can create these attributes. 1. Log on to Windchill as a Site or Organization administrator. 2. Go to Sites Utilities Type and Attribute Management Manage Global Attributes . 3. From the Attribute Root list, create or choose an Attribute Organizer and create the SOURCE_PDMSYSTEM_NAME attribute with a data type string . a. Enter SOURCE_PDMSYSTEM_NAME (all upper case and no spaces) in the Name field. b. If desired, enter a unique description (all upper case and no spaces) in the Description field. c. Enter a display name (all upper case and no spaces) in the Display Name field. d. Enter a hierarchy display name (all upper case and no spaces) in the Hierarchy Display Name field. e. If desired, enter an internal name (all upper case and no spaces) in the Internal Name field. f. The data type is grayed out with the string type in the Data Type field. g. Select File Save to create the SOURCE_PDMSYSTEM_NAME attribute. 4. From the Attribute Root list, create the SOURCEVERSION attribute with a data type String . a. Enter SOURCEVERSION (all upper case and no spaces) in the Name field. b. If desired, enter a unique description (all upper case and no spaces) in the Description field. c. Enter a display name (all upper case and no spaces) in the Display Name field.

Windchill Integrations for Embedded Software

233

d. Enter a hierarchy display name (all upper case and no spaces) in the Hierarchy Display Name field. e. If desired, enter an internal name(all upper case and no spaces) in the Internal Name field. f. The data type is grayed out with the string type in the Data Type field. g. Select File Save to create the SOURCEVERSION attribute. 5. Go to Manage Types EPM Document Master CAD Document Master a. From the page of CAD Document Master go to Action Edit . b. Add the SOURCE_PDMSYSTEM_NAME attribute and select Type as Global . 6. Go to Manage Types EPM Document CAD Document a. From the page of CAD Document go to Action Edit . b. Add the SOURCEVERSION attribute and select Type as Global and set Properties c. Add the SOURCE_PDMSYSTEM_NAME as Type Alias and Data Type as String . d. It is required to map the EPM Document Master attribute (SOURCE_PDMSYSTEM_NAME) on layouts. e. On Set Property page add mapping property for SOURCE_PDMSYSTEM_NAME : MBA|masterReference^WCTYPE|wt. epm.EPMDocumentMaster| com.ptc.ptcnet.DefaultEPMDocumentMaster~IBA| SOURCE_PDMSYSTEM_NAME. f. If you want to display SOURCEVERSION and SOURCE_PDM_SYSTEM_NAME on information pages from the CAD Document page, select the desired Layouts tab. g. Add the attribute to the layout that you want it displayed in and Save it. Discourage Modification of Imported Packages on the Windchill Server Windchill PLM Connector supports the exchange of Creo data from a source Windchill system to target Windchill systems. It is recommended that you do not modify the data in a Windchill target system unless the Windchill target system has ownership of the data. Windchill PLM Connector does not inherently enforce or prevent modification of imported data. For information pertaining to the ownership of data, refer to the Object Ownership Transfer section in the Getting Started chapter of the Windchill PLM Connector Administrator s and User s Guide. You can use the sample code provided on the Windchill PLM Connector server CD as a guide in helping to prevent imported objects from getting checked-out or revised on a Windchill server where Windchill PDMLink, or Windchill PDMLink with Windchill ProjectLink, or Pro/INTRALINK is also installed. Refer to the
Windchill Installation and Configuration Guide

234

sample WPCServer.zip file located at <WT_HOME>\src\wpcserver\Samples\ on the Windchill PLM Connector server CD for the sample .java script, StandardWPCVetroService.java. A Site or Organization administrator can set the access permissions to read-only for imported data. Use your HTML software or other third-party software to modify the sample code to meet your access policies for the prevention of non-owned data being imported on target Windchill system[s]. The annotation.jar (or com.ptc.windchill.annotations.metadata.GenAsPersistable , GeneratedProperty.class) is not in the <WT_HOME>/codebase directory. You can obtain the .jar file from <WT_HOME>/srclib/tools/ directory. You can set the classpath to srclib/tools, or extract the classfile in the codebase directory. Perform the following procedure to compile the .java file required for Windchill PLM Connector service and Veto service.

Note Refer to the WPCServer.zip file located at <WT_HOME>\src\wpcserver\Samples\ on the Windchill PLM Connector software CD for the sample .java script, StandardWPCVetroService.java.
1. Open the Windchill shell and navigate to the <WT_HOME> \src\wpcserver directory. 2. Enter the following command to create a new directory structure under <WT_HOME>\src\wpcserver\cust\service.
javac -g -d. Samples/WPC_Server/src/cust/service/*.java

3. Copy the /cust folder to <WT_HOME\codebase>. 4. Navigate to Windchill/bin and enter the following xconf commands to update the Windchill PLM Connector wt.properties file, and to register your new service in the codebase with xconfmanager. For example,
xconfmanager -t codebase/wt.properties -swt.services.service.5010=cust.service. WPCVetoService/cust.service.StandardWPCVetoService -p

5. Restart the Windchill server.

Note Refer to the Windchill Customizer s Guide for more details on creating nonmodelled services for listening.

Windchill Integrations for Embedded Software

235

Register the Windchill PLM Connector Service on the Windchill Server If Windchill PLM Connector is installed on a Windchill PDMLink database with Windchill ProjectLink, you must register Windchill PLM Connector service with the Windchill server. 1. Register Windchill PLM Connector service in the codebase with xconfmanager. For example,
xconfmanager -t codebase/wt.properties -swt.services.service.5000 =com.ptc.cwp.wncadapter. server.CWPService/com.ptc.cwp.wncadapter.server. StandardCWPService p

2. Restart the Windchill server.

Note Refer to the Windchill Customizer s Guide for more details on creating nonmodelled services for listening.
Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>"

236

Windchill Installation and Configuration Guide

wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/wpcserver/WPCServer/ Make_module_WPCServer.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/wpcserver/WPCServer/ Make_module_WPCServer.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.WPCSERVER -Unattended -AbortOnError

Windchill Business Reporting


There are no manual post-installation steps required for an initial installation of Windchill including this product. Manual post-installation steps are required if: you are updating an existing Windchill installation to include Windchill Business Reporting. For more information, see Update Existing Installation on page 247. your Windchill Business Reporting and Windchill installations use different Apache web servers. For more information see Reverse Proxy Configuration for Separate Apache Web Servers on page 248.

The following sections include verifications you can run to confirm that Windchill Business Reporting installed properly, and optional manual post-installation steps that you may choose to perform if applicable for your site. These verifications include: Log In to Windchill Business Reporting on page 238 Confirm Presence of Out-of-The-Box Reports on page 238 Accessing Cognos Configuration Tool on page 239

Windchill Integrations for Embedded Software

237

These optional steps include: Configuring Windchill Business Reporting Access Control on page 239 Configuring Windchill Business Reporting with HTTPS on page 240 Adding an Enterprise LDAP for Authentication on page 240 Configuring Windchill Business Reporting with Sun Java System Web Server on page 246 Updating the Model and Loading Reports on page 246

Verifications
Log In to Windchill Business Reporting To confirm that Windchill Business Reporting was successfully installed, navigate to the following URL:
<machine>:<port>/cognos8

Where <machine> is the machine on which Windchill Business Reporting was installed, and <port> is the Windchill Business Reporting gateway machine's web server port (if you accepted the default port value of 80, then you do not need to specify the port in the URL). Log in using the credentials you specified for either the Windchill administrative user (wcadmin, by default), or the Windchill Business Reporting administrative user specified during installation (wbradmin, by default). Initially, all users residing in the Administrative LDAP repository can log into Windchill Business Reporting. If you want to log in as a user from an Enterprise repository, or if you configured the Windchill Business Reporting administrative user to reside in an Enterprise repository, see Adding an Enterprise LDAP for Authentication on page 240. Confirm Presence of Out-Of-The-Box Reports

Note This verification step applies only to Windchill PDMLink, Windchill ProjectLink, integral Windchill PDMLink and Windchill ProjectLink, and integral Arbortext Content Manager and Windchill ProjectLink installations.
Once you have logged into Windchill Business Reporting, a Windchill folder should be present, containing the out-of-the-box reports loaded for your Windchill solution. If Windchill Requirements Management, Windchill Aerospace and Defense, or Windchill MPMLink are installed with your Windchill solution, a folder for each products out-of-the-box reports will be present within the Windchill folder. These reports are also available from within your Windchill solution, on the
Reports pages.

238

Windchill Installation and Configuration Guide

Accessing Cognos Configuration Tool If the verifications are unsuccessful, or if there is additional configuration you would like to perform within Cognos, use the Cognos Configuration tool. If shortcuts were created during your installation, you can also access the tool by selecting the Cognos Configuration shortcut. Otherwise, access the Cognos Configuration tool at the following location: for Windows: <WBR_Home>\bin\cogconfigw.exe for UNIX: <WBR_Home>/bin/cogconfig.sh

Where <WBR_Home> is the machine on which Windchill Business Reporting was installed. For further information, refer to the documentation available from the Cognos Configuration tool.

Configuring Windchill Business Reporting Access Control


Out-of-the-box, Windchill Business Reporting makes all Windchill site administrators (members of the Administrators group) members of the System Administrators group within Cognos, giving them complete access to all Windchill Business Reporting data and functionality. If your site has the optional Windchill Business Reporting modules, then users must be added to the appropriate Windchill groups to be able to access the additional Windchill Business Reporting functionality: Windchill Business Report Author optional moduleusers must be members of the Business Report Author group to access the Report Studio tool. Windchill Business Report Monitor optional moduleusers must be members of the Business Report Monitor group to access the Report Monitor tool. Initially the Windchill administrative user (wcadmin, by default) and the Windchill Business Reporting administrative user (wbradmin, by default) created during installation are the only members of these groups. Additional users can be added to these groups using the Participant Administration utility, available from Site Utilities . For more information on how to configure access control, see the Cognos Administration and Security Guide, available from the Windchill Business Reporting documentation page. This page can be accessed in one of two ways from the machine on which Windchill Business Reporting (host component or gateway server) was installed: If shortcuts were created during your installation, select the Cognos 8 Documentation shortcut. Navigate to the following location and open the file: <WBR_Home>\webcontent\documentation\c8 motc.html where <WBR_Home> is the installed location of Windchill Business Reporting.

Windchill Integrations for Embedded Software

239

Configuring Windchill Business Reporting with HTTPS


You can configure Windchill Business Reporting to work with the SSL protocol so that communication happens using HTTPS rather than HTTP, using the following general steps: 1. Configure your Windchill web server to use SSL before you proceed to configure Windchill Business Reporting to use SSL. For more information see Configuring HTTPS for Apache and Windchill on page 178. 2. Configure Windchill Business Reporting to use SSL, following the directions in the Secure Deployment Guide available from the documentation page, as described in the previous section. 3. Update the model. For more information, see Updating the Model and Loading Reports on page 237. 4. Restart Windchill Business Reporting.

Adding an Enterprise LDAP for Authentication


Caution PTC strongly recommends that you configure access control within Windchill Business Reporting before adding an Enterprise LDAP for authentication purposes. See Configuring Windchill Business Reporting Access Control on page 237.
To add an Enterprise LDAP for authenticating users for Windchill Business Reporting, follow these general steps: 1. Add another LDAP Authentication namespace which corresponds to the Enterprise LDAP using the Cognos Configuration tool. 2. Configure your Web server to authenticate against the Enterprise LDAP when authenticating Windchill Business Reporting requests. 3. (Optional) Configure the Cognos namespace selection behavior when logging in to Windchill Business Reporting. The following sections provide more detail on these steps. Adding an LDAP Authentication Namespace Access the Cognos Configuration tool as described in Verifications on page 238. Following the instructions found in the Cognos Installation and Configuration Guide, add a new namespace resource with a type of LDAP or Active Directory, as appropriate, that corresponds to your Enterprise LDAP. You must also specify values for the following fields: Namespace ID Host and Port Base Distinguished Name

240

Windchill Installation and Configuration Guide

When logging into Windchill Business Reporting, users will be presented with a drop-down list of the available namespaces to choose from, including the original Administrative LDAP configured by the PSI, and the new Enterprise LDAP. To have the log-in default to the Enterprise LDAP, see Set the Default Namespace on page 237 (Optional). You can later choose to remove the default namespace and revert to the drop-down list. Configure your Web Server Next, configure your Web server so that the Enterprise LDAP is recognized when authenticating Windchill Business Reporting requests. See the previous chapters in this guide for more information on the Web server installed at your site. The following sections include specific information helpful for each Web server. For specific information on supported software versions, see the Software Support Matrix (available from http://www.ptc.com/appserver/cs/doc/refdoc.jsp). Apache on Windows To configure Apache to recognize the Enterprise LDAP for authenticating Windchill Business Reporting requests use the following procedure: 1. From within a Windchill shell, navigate to the directory where Apache is installed. 2. Run the following on the command line:
ant -f webAppConfig.xml addCognosAuthProvider -DappName=<COGNOS_WEBAPP_NAME> -DproviderName=<ENTERPRISE_LDAP_NAME> -DldapUrl=<ENTERPRISE_LDAP_URL>

where <COGNOS_WEBAPP_NAME> is the name of the Cognos Web application, which is cognos8 by default. <ENTERPRISE_LDAP_NAME> is the unique name of the Enterprise LDAP. This value should match the EnterpriseLDAP Node value in the Cognos Configuration tool. <ENTERPRISE_LDAP_URL> is the full URL for the Enterprise LDAP, including the base distinguished name. For example: ldap://mymachine.mycompany.com:389/ cn=EnterpriseLdap, cn=Windchill_10.0,o=myorg

Windchill Integrations for Embedded Software

241

You can optionally include -DbindDn and -DbindPwd elements if necessary.

Note If there is a space or an equal sign ( = ) anywhere in one of the arguments, you must enclose the entire argument with double quotes ( " ). 3. Restart Apache.
Apache on HP-UX On HP-UX, Apache can only use a single LDAP for authentication of Windchill Business Reporting requests, however you can specify an additional password file to allow users from the Administrative LDAP (or other LDAPs) to log in as well. 1. Edit the app-cognos8.properties file, located in the following directory: <Apache>/conf Where <Apache> is the directory location where your Apache is installed. 2. Change the values of the following properties as necessary to reflect the Enterprise LDAP rather than the Administrative LDAP: apacheWebApp.ldapUpr apacheWebApp.anonBind apacheWebApp.bindDN apacheWebApp.bindPwd

3. To allow users from the Administrative LDAP to log into Windchill Business Reporting, enable use of a password file as follows: a. While editing the app-cognos8.properites file in the previous step, specify a value of TRUE for the apacheWebApp.passwordFile.enabled property. b. Run the htpasswd command in the following directory to specify names and passwords for all Administrative LDAP users that you want to be able to log in to Windchill Business Reporting: <Apache>/bin where <Apache> is the directory location where your Apache is installed. 4. Regenerate the Cognos Web application configuration by running one of the following from a Windchill shell:
cd <Apache> ant -f webAppConfig.xml regenCognosWebAppConf -DappName=cognos8

or

242

Windchill Installation and Configuration Guide

cd <Apache> ant -f webAppConfig.xml regenAllWebApps

where <Apache> is the directory location where your Apache is installed. 5. Restart Apache IBM HTTP Server IBM HTTP Server can only use a single LDAP for authentication of Windchill Business Reporting requests, however you can specify an additional password file to allow users from the Administrative LDAP (or other LDAPs) to log in as well. 1. Edit the app-cognos8.properties file, located in the following directory:

<Apache>/conf
where <Apache> is the directory location where your Apache is installed. 2. Change the values of the following properties as necessary to reflect the Enterprise LDAP rather than the Administrative LDAP: apacheWebApp.ldapUpr apacheWebApp.anonBind apacheWebApp.bindDN apacheWebApp.bindPwd 3. To allow users from the Administrative LDAP to log into Windchill Business Reporting, enable use of a password file as follows: a. While editing the app-cognos8.properites file in the previous step, specify a value of TRUE for the apacheWebApp.passwordFile.enabled property. b. Run the htpasswd command in the following directory to specify names and passwords for all Administrative LDAP users that you want to be able to log in to Windchill Business Reporting:

<Apache>/bin
where <Apache> is the directory location where your Apache is installed. 4. Regenerate the Cognos web app configuration by running one of the following from a Windchill shell:
cd <Apache> ant -f webAppConfig.xml regenCognosWebAppConf -DappName=cognos8

or
cd <Apache> ant -f webAppConfig.xml regenAllWebApps

Windchill Integrations for Embedded Software

243

where <Apache> is the directory location where your Apache is installed. 5. Restart Apache Internet Information Services (IIS) IIS can only use a single LDAP for authenticating of Windchill Business Reporting requests. As noted in the Configuring IIS and Tomcat on page 315 chapter, PTC recommends that you initially configure your system using the bundled Apache Web server, before switching to IIS. 1. Follow the steps in the Apache on Windows section, and ensure that the configuration is working correctly. 2. Following the instructions contained in the Cognos Installation and Configuration Guide to configure IIS for Windchill Business Reporting. 3. Shut down Apache, and start IIS. As they are not running concurrently, both Apache and IIS can use the same port. Configure Cognos Namespace Selection Behavior on Log In (Optional) You can choose to configure the Cognos namespace selection behavior when logging in to Windchill Business Reporting by choosing one of the following options. Set the Default Namespace on page 237 or Enable Windchill to Pass User s Cognos Namespace on page 237

Only one of these options can be configured at a time. If neither option is configured, then when logging into Windchill Business Reporting, users will be presented with a drop-down list of the available namespaces to choose from.

244

Windchill Installation and Configuration Guide

Set the Default Namespace To authenticate users with the Enterprise LDAP by default, set the Windchill Business Reporting gateway namespace using the following procedure. This gateway namespace is the default namespace used by Windchill Business Reporting for authentication, which means that only the specified namespace is used for authentication. 1. Access the Cognos Configuration tool as described in Verifications on page 238. 2. Select the Environment node of the Explorer tree. 3. In the Properties panel, specify the Gateway namespace property with the same value you entered for the Namespace ID of the new Enterprise LDAP namespace resource created in Adding an LDAP Authentication Namespace on page 237.

Note If you set the Enterprise LDAP as the gateway namespace, then only users from the Enterprise LDAP can log into Windchill Business Reporting. This means that users from the Administrative LDAP, such as wcadmin or wbradmin, cannot log into Windchill Business Reporting, but users from the Enterprise LDAP who have similar permissions can log in. You can later remove this gateway namespace, and return to the drop-down list of namespaces presented to users when the log into Windchill Business Reporting.
Enable Windchill to Pass User s Cognos Namespace To enable Windchill to explicitly pass the user s Cognos namespace, set the following properties in the wt.properties file using the xconf manager: wt.cognos.explicitNamespace.enabled - When this property is set to TRUE, Windchill attempts to determine the Cognos namespace of the current user, and explicitly pass that namespace as a URL parameter when a Windchill Business Reporting report is executed from within Windchill. If the namespace cannot be determined, then the standard namespace drop-down list is presented, as described above. Setting this property to FALSE (the default) reverts to the drop-down list behavior. wt.cognos.startup.location - Set this property value to the file path location of the cogstartup.xml Cognos configuration file. If your Windchill solution and the WBR Gateway Server are installed on the same machine, then the property value can be set to: $wt.cognos.home)\\configuration\\cogstartup.xml

Windchill Integrations for Embedded Software

245

If your Windchill solution and Windchill Business Reporting Gateway Server are installed on different machines, then the file may need to be copied to an accessible location or the directory it is in may need to be shared to make the file available.

Configuring Windchill Business Reporting with Sun Java System Web Server
To configure Windchill Business Reporting to work with Sun Java System Web Server, use the following procedure:

Note The Sun Java System Web Server must be configured to work with Windchill before proceeding.
1. Log into Sun Java System Web Server as the administrator you established when you installed Sun Java Web Server. 2. On the Common Tasks tab, select Document Directories . 3. On the Document Directories table, click the New button. 4. Add the following URI Prefix and Directory Path values: URI Prefix /cognos8 /cognos8/cgi-bin Directory Path /<WBR_HOME>/webcontent /<WBR_HOME>/cgi-bin

5. 6. 7. 8. 9.

where <WBR_HOME> is the location where Windchill Business Reporting is installed. On the CGI tab, click the New button on the CGI as File Type Enabled URIs table. Select the Entire Virtual Server checkbox. Click OK . Deploy the pending changes to the server following the directions found in Deploying changes to the Sun Java System Web Server on page 303. Access Windchill Business Reporting as described in Log In to Windchill Business Reporting on page 238

Updating the Model and Loading Reports


If the out-of-the-box reports did not load during installation (for example, if you did not load the base data), or if there are updates to the reports that you need to load into Windchill Business Reporting, then the data model must be updated and the reports loaded on the machine where your Windchill solution is installed. To do

246

Windchill Installation and Configuration Guide

this, run the following script from a Windchill shell. (Your Windchill solution, Windchill Business Reporting, Web servers, and servlet engines must be running for this script to be successfully run.)
ant -f <wt_home>/installer/wnc/wbr_actions.xml

Update Existing Installation


If you are updating an existing Windchill installation to include Windchill Business Reporting, you should complete the following manual post-installation steps: Create a new database application user for Cognos. For more information, see Create a New Cognos Database User on page 247. Set properties using the xconfmanager. For more information, see Setting Properties on page 247. Run the wbr_actions.xml script as described in the previous section, Updating the Model and Loading Reports on page 246.

Create a New Cognos Database User After updating an existing Windchill installation to include Windchill Business Reporting, you must create a new database application user. For more information, see Configuring a Database Application User on page 196, following the instructions appropriate for your database. Setting Properties Set the following properties using the xconfmanager, using values appropriate for your installation: For wt.properties:
wt.reporting.thirdParty.enabled=true wt.auth.trustedHosts=<WBR host> <WBR gateway> localhost

For db.properties:
wt.cognos.namespace=AdministrativeLDAP wt.cognos.endpointUrl=http://<WBR host>:<WBR port>/p2pd/servlet/dispatch wt.cognos.home=<WBR host components installation directory on host machine> wt.cognos.model.dir.location=<Windchill host machines locally mapped location of WBR>\ptc\models\$(wt.cognos.model.name) wt.cognos.admin.uid=<Windchill site administrator user> wt.cognos.admin.password=<Windchill site administrator password> wt.cognos.externalUrl=$(wt.webserver.protocol)://$(wt.rmi.server.hostname):

Windchill Integrations for Embedded Software

247

$(wt.webserver.port)/cognos8/cgi-bin/cognos.cgi

Note The value used for the wt.cognos.namespace property must match the Namespace ID value in the Cognos Configuration tool, which by default is AdministrativeLDAP. If you have changed the Namespace ID value, then you must use that new value for the wt.cognos.namespace property. Note If the operating systems of the machines where the Windchill Business Reporting host and the Windchill Web server are installed differ, then the following property must also be set for db.properties:
wt.cognos.model.dir=$(wt.cognos.home)<OS specific separator> $(wt.cognos.model.name)

where <OS specific separator> is a back slash ( \ ) for Windows systems, and a forward slash ( / ) for Unix systems. For more information, see About the xconfmanager Utility.

Reverse Proxy Configuration for Separate Apache Web Servers


A reverse proxy configuration is required if Windchill Business Reporting and your Windchill solution use different Apache web servers. After Windchill Business Reporting and your Windchill solution are successfully installed, you must: 1. Configure your Windchill installation. For more information see Configuring Windchill on page 237. 2. Configure Windchill Business Reporting. For more information, see Configuring Windchill Business Reporting on page 237. 3. Update the model and load reports. For more information see Updating the Model and Loading Reports on page 237.

Note Both your Windchill solution and Windchill Business Reporting must use the same LDAP.
Configuring Windchill Changes must be made to your Windchill solution in the following locations: wt.properties file

248

Windchill Installation and Configuration Guide

Modify wt.properties to include the address of the machine where Windchill Business Reporting is installed as a trusted host:
wt.auth.trustedHosts=<machine_ip_addr> <serverhost>

where <machine_ip_addr><serverhost> is the address of the machine where the Windchill Business Reporting is installed. In a distributed installation scenario, this is the machine where the Windchill Business Reporting host components are installed. Apache httpd.conf To enable the reverse proxy, update the Apache httpd.conf file to include the following:
LoadModule proxy_http_module modules/mod_proxy_http.so

Apache additions.conf Add the following proxy setting to the Apache/conf/extra/additions.conf file:
ProxyPass /cognos8 <cognos_url> ProxyPassReverse /cognos8 <cognos_url>

where <cognos_url> is the fully qualified URL of the machine where the Windchill Business Reporting host components are installed. For example:
http://server1.mycompany.com/cognos8

Configuring Windchill Business Reporting To allow single sign-on, the AuthName value in the following file:
<Apache>/conf/extra/app-cognos8-auth.conf

must match the AuthName value in the following file:


<Apache>/conf/extra/app-<Web_application_context_root>auth.conf

where <Apache> is the directory location where your Apache is installed, and where <Web_application_context_root> is the name specified for your Windchill installation, which is "Windchill" by default.

Windchill Index Search


Execute the following instructions for Windchill Index Search.

Windchill Index Search Overview for Installers


Indexing is the process of extracting text strings of attribute names and attribute values from Windchill objects and sending them to a search engine that builds indices optimized for searching. This enables users to efficiently search for data

Windchill Integrations for Embedded Software

249

stored in a Windchill database, without having to know anything about the internal object model. Windchill solutions provide the option of installing Windchill Index Search to help with indexing. The Windchill Index Search system provides the ability to search for keywords within the meta data and content of Windchill database objects. The oversight of a system administrator is required to maintain the efficiency and usefulness of the search system as it changes over time. Bulk Indexing You can use the Bulk Index Tool to load all the objects that belong in the Windchill Index Search libraries. This utility sends objects to a search engine to be indexed according to their domains indexing policy. You can perform the following tasks with this utility: Start and stop the bulk indexing process. Because loading indexes can take a significant amount of time, it may be necessary to stop the operation for some length of time. State is maintined in the IndexStatus table, which is used by this too, so the process can be stopped and restarted without having to reindex objects that have already been indexed. Schedule the process to start and stop at specified times. Check on the status of the overall bulk indexing process. Attempt the reindex objects that have failed the indexing process. Maintain a detailed log of the indexing process.

Note The Bulk Index Tool can only be used to load Windchill Index Search libraries.
Using Windchill Index Search During an Upgrade For more information on using Windchill Index Search and bulk indexing during an upgrade see: The Windchill Upgrade Guide

Administering Windchill Index Search For information on configuring and administering Windchill Index Search and bulk indexing see: The Windchill Administration - Configuring Your Windchill Environment guide

Configuring Windchill Index Search


This part describes what properties must be set, how to check the properties, and the steps you need to take to configure Windchill Index Search.

250

Windchill Installation and Configuration Guide

Prerequisites for Configuring Windchill Index Search The following prerequisites must be met before you can bulk load a Windchill Index Search library. The index policy rules for your site must be in place. The default rule is that all indexable objects are indexable across the entire site. The Windchill Index Search libraries that appear in index policy rules must be properly configured. Ensure that collections are defined in wt.properties in the wt.index.federatedLibraries property. Certain property values should be modified to fit your needs. See Setting Windchill Index Search Properties on page 251.

Setting Windchill Index Search Properties Using the xconfmanager, set the following properties in the wt.properties.xconf file for Windchill Index Search to work properly: Property wt.index.bulkIndexSize Default Value 200 Description Number of objects to index at one time during a BulkIndex operation. If enabled, objects are filtered from the queue based on indexing rules. If disabled, objects that are not indexable are filtered at indexing time. Time-out interval, in seconds, for the index queue polling thread. Enables Windchill Index Search. Object attributes that are not indexed. Removing the default attributes may cause indexing to fail. The Solr core to which objects are indexed. If multiple cores are used, they should be indicated using a comma-separated list List of file extensions of

wt.index.checkIndexingRulesBeforeQueue

false

wt.index. defaultQueueInterval wt.index.enabled wt.index. excludeAttributes

60

true xml,organization,url, entrySet

wt.index. federatedLibraries

wblib

wt.index.filterFileTypes

.prt

Windchill Integrations for Embedded Software

251

Property

Default Value

wt.index. indexingLanguage

Description file types that will not be indexed. Default indexing language. The value should be a two-character ISO639 language code or local, which will set the language to the same as the method server. A list of supported language codes is available in the properties. html file. The list of indexing and searching languages. The value should be a commaseparated list of two-character ISO639 language codes. The default indexing language is added to this list if not already present. The corresponding keywords_xx field should be present in the Solr schema.xml file. If the detected language is not present in indexingLanguageList, that content would be indexed as default indexing language content. A list of supported language codes is available in the properties. html file. If enabled, checked out object data is indexed. When the object is checked in, the object is re-indexed with the new version. If the check out is

wt.index. indexingLanguageList

wt.index. indexWorkingCopy

true

252

Windchill Installation and Configuration Guide

Property

Default Value

wt.solr.ajpPort

8008

wt.solr.host

localhost

wt.solr.internalHttpPort

8085

wt.tomcat.embeddedMode.solr

Description undone, the checked out index is removed The TCP/IP port that will be used to expose the Solr web application to the web server via AJP. The xconfmanager automatically propagates this to the Apache or IIS/Tomcat configuration when these web server options are used and it has write access to the necessary configuration files. Otherwise, any changes made to this setting are also made in the web server configuration. Host for Solr. In the case of a non-clustered deployment, this can simply be localhost. In a clustered deployment, it should be the hostname of the cluster node where Solr is being run. If this is empty or unassigned, then this implies that Solr is not configured. The TCP/IP port that Solr listens upon for direct server to server HTTP requests from Windchill. Controls whether the Solr web application, other web applications, or both are deployed to the servlet engine embedded within a given method server, specified by values of only, no, and yes,
253

Windchill Integrations for Embedded Software

Property

Default Value

Description respectively.

For more information about these properties, see the Index Search properties topic in the Windchill Help Center. Checking the Properties In addition to the properties already mentioned, the following properties should be addressed: The excludeAttributes property includes the following:
wt.index.excludeAttributes=xml,organization,url

The wt.index.maxDocumentSize property is set to limit the maximum size (in bytes) of the document submitted to Windchill Index Search. There is no default value set for this property. Although not mandatory, you should limit the maximum size of documents to index to a reasonable value, such as 20 MB. If the file size exceeds the limit set by this property, the file is ignored during the indexing processes, but the metadata associated with the Windchill object is indexed.

The wt.index.maxContentSize property is to set the maximum size (in megabytes) for the amount of content to be indexed. The default value for this property is 1 MB. For example, if the file size is less than the value specified in wt.index.maxDocumentSize, 1 MB of the extracted content is indexed.

Valid Windchill Configurations


The following Windchill configurations can be used with Windchill Index Search:

Note This information is applicable only if Windchill is installed along with the Windchill Index Search module, and is applicable to every node in a Windchill cluster. Configuration Description Windchill with Single MethodServer In this configuration, the single Methodand no BackgroundMethodServer Server will handle all Windchill processes including Index Search process. The index engine (Solr) will also be hosted in the MethodServer. Windchill with single/multiple Method- In this configuration, the BackgroundMethodServer will host the index enServer and single gine (Solr). All other Windchill related BackgroundMethodServer processes run in the foreground

254

Windchill Installation and Configuration Guide

Configuration

Description MethodServer(s) Windchill with single/multiple Method- In this configuration, admin should ensure that only one BackgroundMethodServer and multiple Server is configured to host the index BackgroundMethodServer engine (Solr). The configuration details can be found in Configuring Background Method Servers on page .

The following Windchill configurations are invalid: Configuration Windchill with multiple MethodServer and no BackgroundMethodServer Description This configuration is not supported. If multiple MethodServers need to be configured in Windchill, then there must be atleast one BackgroundMethodServer configured on the node.

Tip The following may aid in performance: The host indexing engine (Solr) should be on a dedicated BackgroundMethodServer. Disabling the queues on the BGMS hosting Solr will further improve performance. The queues will run in the foreground MethodServers and other BackgroundMethodServers configured in the installation

Enabling Asian Languages


Certain additional steps are needed to enable Asian languages to work properly with the Windchill Index Search. To enable Windchill Index Search to work with Chinese characters use the following procedure: 1. Using the xconfmanger add or modify the following wt.properties: wt.index.indexingLanguageList=en,zh wt.index.indexingLanguage=zh 2. Navigate to <Windchill>\solr-home\wblib\conf\schema.xml.

Windchill Integrations for Embedded Software

255

3. Un-comment the lines that correspond to the language than enables the Field Type and Keywords fields. For Chinese characters remove the comment character from: fieldtype name="text_zhs" at line 38 name="keywords_zh" at line 353 4. Save the schema.xml file and restart the method server. To enable Windchill Index Search to work with Chinese characters om UNIX machines use the following procedure 1. Navigate to <Windchill>\solr-home\wblib\conf\schema.xml. 2. Un-comment the lines that correspond to the language than enables the Field Type and Keywords fields. For Japanese characters remove the comment character from: name="text_ja" at line 22 name="keywords_ja" at line 353

Performing Bulk Indexing


You should use the Bulk Index Tool to load Windchill Index Search libraries and their objects to do the following: Build indexes of existing data that belong in an index according to index policy. Reinitialize a Winchill Index Search library after changes have been made to the indexing policy.

Tip To improve performance, indexing should be turned off when bulk loading. The Bulk Index Tool should be used after indexing to populate your indexes.
Bulk Loading a Windchill Index Search Library You can use the Bulk Index Tool to load all the objects that belong in the Windchill Index Search libraries. This utility sends objects to a search engine to be indexed according to their domains indexing policy. You can perform the following tasks with this utility: Start and stop the bulk indexing process. Because loading indexes can take a significant amount of time, it may be necessary to stop the operation for some length of time. State is maintained in the IndexStatus table, which is used by this tool, so the process can be stopped and restarted without having to re-index objects that have already been indexed. Schedule the process to start and stop at specified times. Check on the status of the overall bulk indexing process.
Windchill Installation and Configuration Guide

256

Attempt to re-index objects that have failed the indexing process. Maintain a detailed log of the indexing process.

Note The Bulk Index Tool can only be used to load Windchill Index Search libraries.
The tool queries Windchill for all applicable objects, and then compares them to the IndexStatus table to determine if they have been indexed or not. Then it determines whether each object belongs in a collection according to the index policy of the domain to which the object belongs. If so, the object is indexed into the appropriate collections. For more information about collections, see Customizing Search in the Windchill Customization Guide. You can start, stop, and schedule this bulk indexing process.

Tip You can open two command prompts, side by side, to simplify the process of running the tool. Use one command prompt to run the Bulk Index Tool and the other command prompt to tail the BulkIndexTool.log file. The tail utility is a standard UNIX utility. For more information, see the main page. This utility is also available for Windows from GNU at the following web site: http://www.gnu.org
For real-time progress, you can run the tail utility on the BulkIndexTool.log file. However, this is not required. After all prerequisites are met, you can run the Bulk Index Tool by entering the following in a windchill shell and logging in as a user from the Administrator user group:
windchill wt.index.BulkIndexTool

Note If you plan to modify the default MIME file types for content indexing, follow the procedure outlined in the Specifying MIME Types for Content Indexing help topic prior to running the Bulk Index Tool.
Bulk Index Tool Menu Options There are multiple Bulk Index Tool options: 1. Start the bulk indexing process Select this option to begin the indexing of your data. This tool uses the current policy rules to filter out which items are to be indexed. This option also creates an entry in the BulkIndexQueue, which executes the actual bulk indexing task. If you do not use option 2 below, then monitor the queue to ensure that multiple entries are not generated.

Note Windchill only indexes the latest iteration of any revision.

Windchill Integrations for Embedded Software

257

If you have previously started the bulk indexing process and it is still running when you select this option, you will receive an error message. 2. Stop the bulk indexing process. Select option 2 to stop the bulk index loading process and remove any remaining bulk indexing queue entries. 3. Schedule the bulk indexing process. Select option 3 to setup a regular schedule to repeat the bulk indexing process. You may want to schedule this time during low user activity. Enter the following information: Start time in the format mm/dd/yyyy hh:mm am/pm. Stop time in the same format. Total number of runs (how many times you want the scheduled task repeated). Frequency (in days) that you want the bulk indexing task to run. (For example, enter 1 for daily; enter 7 for weekly.) 4. Reset failed entries Select option 4 to reset the objects that failed during indexing, so they can be processed again. 5. Reset entries that are processing. Select option 5 if you have objects that have not yet been marked as complete. This can happen if communication between the Index engine and Windchill occurred and the Windchill did not update the object. 6. Reset entries that had no indexing policies. Select option 6 if you have changed indexing rules and objects that did not have rules that needed to be indexed. For example, you should use option 6 if you create a new indexing rule in the Policy Administration utility and want objects subject to the new rule to be indexed. Creating a new indexing policy rule does not impact already indexed objects. 7. Check the bulk indexing progress: Select option 7 to view indexing status. The following status example indicates that out of 3609 objects, 3588 are indexed, 15 objects failed, and 6 objects have yet to be indexed. Example:
Current status of Bulk Indexing:

258

Windchill Installation and Configuration Guide

Total Objects Handles: 3609

Objects processed: 3588

Objects processing: 0

Objects w/o indexing policies: 0

Objects remaining: 6

Objects failed: 15.

When all objects have been processed, the bulk indexing process is complete.

Windchill Integrations for Embedded Software

259

Note This progress is dependent on the wt.indexbulkIndexSize=200 property. No changes to status are made until the set number of objects are processed. 8. Delete the bulk indexing list of objects. 9. Verify Index Data
Select option 9 to verify if the objects marked as indexed in Windchill are actually present in the indexed data. This option is particularly useful while restoring Windchill/index folders. We recommend using this option periodically (ideally, every 3-6 months) to ensure the correct index status of Windchill objects.

Note Option 9 marks objects not present on the index server as failed. Use option 7 if you want to check the status of your indexed objects. Use option 4 to index any failed objects. 10. Exit
Select option 10 to close the Bulk Index Tool.

Enabling Spelling Suggestions


To enable spelling suggestions in Windchill Index Search, as a site administrator, access the following URL:
http://<WINDCHILL_URL>-Solr/wblib/select/?q=solr&spellcheck=true&spellcheck. q=solr&spellcheck.build=true

Replace <Windchill_URL> with the actual Windchill URL

Note The URL needs to be accessed only once and the spelling suggestions will not be available if Solr is set up in a multi-core environment.

Manually Loading Data and Database Schema


The following describes the post-installation procedures that are needed to complete an installation of Windchill Index Search.

260

Windchill Installation and Configuration Guide

Manually Loading Data and Database Schema During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/rialto/AdaptersCC/ Make_module_AdaptersCC.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/rialto/WTSoftwareIssue/Make_module_WTSoftwareIssue.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/rialto/AdaptersCC/

Windchill Integrations for Embedded Software

261

Make_module_AdaptersCC.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/rialto/WTSoftwareIssue/Make_module_WTSoftwareIssue.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.SoftwareLink.Installed -Unattended -AbortOnError

Windchill Service Information Manager


For more information on installing and using Windchill Service Information Manager refer to the following documentation, available on the document reference site:

Installing and Configuring Windchill Service Information Manager and Service Installing and Configuring Windchill Service Information Manager and Service Installing and Configuring Windchill Service Information Manager and Service

Manually Loading Data and Database Schema for Windchill Service Information Manager During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes.

262

Windchill Installation and Configuration Guide

1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/sis/SisCore/ Make_module_SisCore.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/sis/SisCore/Make_module_SisCore.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.SIS -Unattended -AbortOnError

Windchill Integrations for Embedded Software

263

Manually Loading Data and Database Schema for Windchill Service Parts During the installation using the PSI, you are prompted to select your data loader settings on page 150. If you choose not to load data using PSI, you must manually load it after PSI installs your solution using the instructions in the section Database Initializing and Data Loading on page 273. However, in certain scenarios additional steps are needed to complete your installation. These scenarios are; You choose to not automatically create schema and load data when installing using the PSI. You choose to not automatically create schema and load data when adding to an existing Windchill installation, using the PSI.

Typically these steps are needed to account for customized standard attributes. 1. Complete the PSI installation, during which you deselect the options described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Load your data, as described in Loading Base and Demonstration Data on page 280. 4. Open a windchill command window and execute the following script to create the database schema: Non Multi-byte Multi-byte Installations
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/sisipc/PartList/Make_module_PartList.sql windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/sisipc/PartList/Make_module_PartList.sql

Multi-byte Multi-byte Installations


windchill --java=%JAVA_HOME%/bin/java.exe --javaargs=" -Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql3/sisipc/PartList/

264

Windchill Installation and Configuration Guide

Make_module_PartList.sql

Note Please note the following: If using an SQL server replace all instances of %WT_HOME%/db/sql with %WT_HOME%/db/sqlServer. %JAVA_HOME% refers to JDK directory used by Windchill. %WT_HOME% refers to the Windchill directory.

5. To load data run the following command:


windchill wt.load.WindchillLoader -Application=Windchill.SISPartCatalog -Unattended -AbortOnError

Windchill Requirements Management Configuration


The following describes post installation procedures that are needed to complete the installation of Windchill that includes Windchill Requirements Management and to learn how to integrate with Integrity Requirements Management. Add Read Access Permissions to All Windchill Requirements Management Types for Product Members This is a mandatory procedure that is usually performed by a Site, Organization, or Product administrator using the Policy Administration utility. Authorized administrators can create and manage policy rules that are based on a specific combination of a domain, an object type, a life cycle state, and a participant. In order for product members to have access to Windchill Requirements Management objects in Windchill, an administrator must grant read access to the object by either creating or updating access control rules for each of the Access Control Rule Names listed in step 6. 1. Login to Windchill as an administrator. 2. From Product Utilities open the Policy Administration utility. 3. You must first select and update the domain in order to manage access control rules. Select the domain (the Default product context branch) and click Update to open the Administrative Domain window. 4. From the Administrative Domain window, select the Access Control tab to manage access control rules for the selected domain. 5. Scroll to and select the WTObject branch with the appropriate Principal. For example, select the WTObject branch with the principal of Administrators.

Windchill Integrations for Embedded Software

265

6. Either create or update an access control rule for each of the following Windchill Requirements Management objects.

Note Use the Access Control Rule Name when creating or updating each of the following Windchill Requirements Management objects shown below.
Object Requirement Document Requirement Item Specification Document Specification Item Test Case Test Suite Access Control Rule Name RequirementDocument RequirementItem SpecificationDocument SpecificationItem TestCase TestSuite

7. Open the Access Control Rule window using one of the following buttons: a. To create an access control rule, click Create . For example, to create a rule, click Create to open the Access Control Rule window. Enter RequirmentDocument in the Name field. b. To update an access control rule, select an existing rule whose domain is the current domain, and click Update . When you update a rule, you can only modify the Permissions property. For an explanation of the information displayed, see About Access Control Rules in the Windchill Help Center. For example, to update a rule, select the rule name, RequirementDocument, and click Update to open the Access Control Rule window. 8. From the Access Control Rule window, you must set the following properties for the rule:

Note The purpose of this procedure is to grant read access using the Permissions property for each of the Windchill Requirements Management objects using the Access Control Rule Name in step 6. When you update an access control rule, you can only modify the Permissions property. When you create an access control rule, you must enter a value for each property shown below.
Property
Type

Action Select the object type for which you are defining a rule from the tree in the Type pane.

266

Windchill Installation and Configuration Guide

Property

Action

State

Permissions

Note All subtypes of the selected type inherit the rules defined for the type. Select the state that an object must be in for the rule to apply, or select All to apply the rule to the object, regardless of its state. If State does not apply to the selected object type, the State property is disabled. Select Grant , Deny , Absolute Deny , or None for each permission listed by clicking the corresponding radio button. Any permissions that do not apply to the selected object type are disabled. Note For each of the Requirements objects access control name listed in the above table, select the Grant Read radio button. Select a user, group, organization, or role and whether the permissions apply to the selected participant or to all users except the selected participant. See Selecting Principals in the Windchill Help Center. Note Principals in the Policy Administration utility are no different than participants elsewhere in Windchill.

Principal

9. If you are creating an access control rule, and are satisfied with your choices for the rule: a. Click OK to save your changes and return to the Administrative Domain window or b. Click Apply to save the rule and clear the fields so that you can create another rule. 10. If you are updating an access control rule and are satisfied with your choices for updating the access control rule, click OK to save your changes and return to the Administrative Domain window. 11. Repeat steps 410 for each of the Access Control Rule Names shown in step 6. 12. When finished creating or updating the access control rules, click Close from the Administrative Domain window.

Windchill Integrations for Embedded Software

267

10
What s Next Summary
Monitoring and Maintenance Activities....................................................................... 270 Other Product Installations and Configurations........................................................... 270 Administrative Activities ........................................................................................... 271 About Software Maintenance.................................................................................... 271

This chapter provides a summary of the other installation tasks and the post administrative tasks that are performed after the Windchill solutions are installed and configured.

269

Monitoring and Maintenance Activities


After you have completed the initial configuration steps so you can allow users to access Windchill, you should set up a schedule of activities for monitoring and maintaining a Windchill environment that is performing well. PTC provides some tools within Windchill that you can use when Windchill is running. Additionally, PTC highly recommends that you install and use the PTC System Monitor which is available as a free add-on monitoring system. For information on the PTC System Monitor, see the resource page that is available on the PTC website: http://www.ptc.com/go/psm For information about Windchill best practices for monitoring and maintenance, see the Windchill Basic Administration Guide.

Other Product Installations and Configurations


The following is a list of other configurations and products that you can install, and for which the instructions are included in this guide. Configuring Windchill to use other enterprise directories; Configuring Additional Enterprise Directories on page 347. Configuring Windchill to use EXPRESS Data Manager; Configuring EXPRESS Data Manager on page 297. Configuring a split configuration between Windchill and Apache; Configuring Windchill to Work with a Remote Apache on page 343.

The following is a list of other configurations and products that you can install. References to the installation and configuration instructions for these products are included: Windchill Index Search This is an optional feature that allows you to perform advanced searches of meta data. Windchill Index Search is a support component that helps to facilitate the communication between Windchill and Solr. Windchill Archive is an optional product that may be installed on top of Windchill PDMLink and Pro/INTRALINK 10.1. Windchill Archive provides you with the tools to manage archival and retrieval of Windchill data. Installation and administration information for this product is found in the Windchill Archive Administration Guide. Windchill Aerospace and Defense may be installed with a PDMLink installation.

270

Windchill Installation and Configuration Guide

Administrative Activities
Before you can allow users to access the Windchill solutions, there are some additional administrative tasks that must be completed. These administrative tasks are covered in the Windchill Basic Administration Guide and the Windchill Specialized Administration Guide.

About Software Maintenance


Normal maintenance corrections and updates to the products of the Windchill release are delivered primarily through a single cumulative installation image known as the Windchill Service Pack (WSP). Updates to a smaller subset of the products are delivered through a replacement CD image. Both WSP and any replacement CDs can be ordered in CD form or downloaded from the PTC Order or Download Software Updates Web site: http://www.ptc.com/cs/doc/swupdate.htm For additional information about the Windchill software maintenance strategy, see the Managing Customizations chapter in the Windchill Customization Guide.

Whats Next Summary

271

11
Database Initializing and Data Loading
Before You Begin..................................................................................................... 274 Configuring Business Object Uniqueness Across Organizations .................................. 274 Starting the Web Server, Servlet Engine, and Windchill Servers .................................. 275 Setting the Number of Starting Method Servers .......................................................... 276 Creating the Database Schema ................................................................................ 277 Update the Windchill Database ................................................................................. 279 Loading Base and Demonstration Data ..................................................................... 280 Executing Post-Dataload Steps ................................................................................ 287 Resetting the Number of Running Method Servers ..................................................... 287 About the Base and Demonstration Data ................................................................... 287

This chapter contains the instructions to initialize and populate the Windchill database with base and/or demonstration data. The base data for all of the installed Windchill products must be loaded before you can use Windchill. Follow the instructions in this chapter if you opted not to install the base data with the PTC Solution Installer. For information on loading legacy data, including converting data files from CSV to XML format, refer to the Windchill Data Loading Reference and Best Practices Guide.

273

Before You Begin


Determine which versions of Oracle are supported for your application. For more information, see the software matrix available from the PTC Reference Documents site: http://www.ptc.com/view?im_dbkey=124477 On UNIX systems, the installing user (including root) is typically the database administrator (DBA). It does not matter whether the user is a local user or Network Information Services (NIS) user. On Windows systems, the installing user needs to be a member of the Administrator's group. It does not matter whether the user is a local user or a domain user. You must have 5 GB available hard drive disk space for an Oracle server installation with a Windchill demo database. More disk space is needed for larger databases. For additional installation requirements, consult the Oracle documentation.

To complete the installation, you must provide the installer with information. PTC recommends you gather this information in advance to allow the installation to proceed without interruption: Name to assign to the listener. Default is LISTENER. Protocol type. Default is TCP/IP. Port number for the protocol type. The default for TCP/IP is 1521.

Configuring Business Object Uniqueness Across Organizations


This section provides information on how to configure business object uniqueness across organizations. If your company wants to constrain business object uniqueness at the organization level rather than the site level (default), then review the information in this section.

Note The information in this section is only pertinent if you are installing either the Windchill PDMLink solution, or the combined Windchill PDMLink and Windchill ProjectLink solution. If you are installing any other solution set, you may disregard the information contained in this section.

274

Windchill Installation and Configuration Guide

Before you load any data, you need to decide if you want to configure business object uniqueness across organizations. The type of configuration you choose determines whether business object uniqueness is constrained at the site level or at the organization level. If you want a business object to be unique across organizations, you must set several properties prior to loading your data. If you set these properties after having loaded your data, the data could become corrupted.

Caution Prior to system configuration, you should carefully consider whether organizationlevel object uniqueness is required. Configuration of the namespace at the organization level rather than the site level is not supported for all business use cases. For example, setting the namespace at the organization level can lead to problems in setting the owning organization value of an object that has been moved from one organization to another.
For more information on business object uniquenesss considerations, see the Windchill Basic Administration Guide. This guide explains the differences between constraining data uniqueness at the site level versus the organization level. In the default environment, business object uniqueness is constrained at the site level. In this default environment, business objects must be unique across the entire site. The alternative is to constrain business object unique at the organization level. In this type of environment, objects must be unique in their respective organization. To configure a business object to be unique across organizations, use the xconfmanager utility to set the required parameter values. From within a windchill shell, type the following commands:
xconfmanager -s wt.inf.container.restrictCrossOrgDataUse=true -s wt.inf.container.orgNamespace=true -t wt.properties -p

Starting the Web Server, Servlet Engine, and Windchill Servers


Start Apache and Tomcat. For more information on starting Apache and Tomcat, refer to the Starting and Stopping Apache and the Windchill Method Server on page 453 section and the Using the Windows Shortcut to Start the Servers section. Verify that the Apache/Tomcat configuration is correct and functioning before continuing. From your browser enter the URL for your Windchill server:
http://<hostname>/<webapp>

Database Initializing and Data Loading

275

where <webapp> is the web application context root for Windchill that you entered when installing your Windchill solution. You will see the PTC Splash Page. You will get an HTTP Error on a URL similar to the following:
http://host.company.com/Windchill/servlet/WindchillGW

Start the Method Server from a windchill shell:


windchill start

Verify that authentication works correctly before continuing. From a Windchill shell, change to your <Windchill>/bin directory and execute the following commands to authenticate. For example, on Windows:
cd <Windchill>\bin windchill wt.auth.Authentication

You will be prompted for a login. Enter the administrator user name and password. You will get messages similar to the following if the authentication executed correctly:

Setting the Number of Starting Method Servers


When initializing an empty database, only one method server should be running to avoid update conflicts between multiple servers. The server monitor process that creates data on demand can cause a racing condition when multiple instances of the service managers start at the same time while running against an empty database. Therefore, prior to loading the database with base data, you must set the number of starting method servers to only one. Thereafter, you can optionally reset the number of starting method servers and load the remainder of your data.

276

Windchill Installation and Configuration Guide

Note Refer to the Windchill Performance Tuning Guide and the Configuring Multiple Background Method Servers section in the Windchill System Administrator's Guide for additional information about multiple method servers and background method servers.

To Limit the Number of Method Servers to One


1. Verify that the wt.manager.monitor.services property specifies only the method server and document all other services that are displayed for the property. You must also disable any customized monitor service properties you may have defined. Execute the following command from the windchill shell to display the value assigned to wt.manager.monitor.services (perform this for your customized monitor services properties as well):
xconfmanager -d wt.manager.monitor.services

2. If only the method server is displayed, then only one method server is being used and no other steps are required. Otherwise, change the wt.manager. monitor.services to specify only the method server as follows:
xconfmanager -s wt.manager.monitor.services=MethodServer -t <Windchill>/codebase/wt.properties -p

3. Verify that the wt.manager.monitor.start.Method Server property exists, and if it does, verify that the value is set to 1. If these conditions are true, then no other steps are required. Otherwise, set the value of the property to 1, if the property exists. Use the xconfmanager to apply these changes. Perform the following instructions from the windchill shell: To display the property value:
xconfmanager -d wt.manager.monitor.start.MethodServer

To change the property value to a value of 1:


xconfmanager -s wt.manager.monitor.start.MethodServer=1 -t <Windchill>/codebase/wt.properties -p

Now that only the method server is specified (limited to one), you can load the database. After the database is loaded, restore these properties to their original settings.

Creating the Database Schema


The database schema must be created in order for the data to be loaded. This section describes how to manually create the database schema if you opted not to allow the PTC Solution Installer to create it automatically.

Database Initializing and Data Loading

277

Oracle 1. Open a Windchill shell and change directory to <Windchill>/db/sql (or <Windchill>/db/sql3 for multi-byte systems). 2. Execute the following command: Windows
windchill --java=%JAVA_HOME%/bin/java.exe --javaargs="-Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/create_ddl_wt.sql

UNIX
windchill --java=%JAVA_HOME%/bin/java --javaargs="-Dwt.tools.sql.autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql.dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql.SQLCommandTool %WT_HOME%/db/sql/create_ddl_wt.sql

3. Execute the following:


<WT_HOME>/bin/windchill --java=<JAVA_HOME>/bin/java --jap=wt.properties\ com.ptc.windchill.upgrade.tools.upgradeframework.java.args --cpp=wt.properties\ com.ptc.windchill.upgrade.tools.classpath com.ptc.windchill.upgrade. statemachine.DynamicLauncher -actc noui

4. Execute the following:


ant f <WT_HOME>/bin/upgradeTools.xml -v populateDbHashes

SQL Server 1. Open a Windchill shell and change directory to <Windchill>/db/sqlserver. 2. Execute the following: Windows windchill java=%JAVA_HOME%/bin/java.exe javaargs="-Dwt.tools.sql. autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql. dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql. SQLCommandTool %WT_HOME%/db/sqlserver /create_ddl_wt.sql UNIX windchill java=%JAVA_HOME%/bin/java javaargs="-Dwt.tools.sql. autoCommit=true -Dwt.tools.sql.verbose=6 -Dwt.tools.sql. dbUser=<username> -Dwt.tools.sql.dbPassword=<password>" wt.tools.sql. SQLCommandTool %WT_HOME%/db/sqlserver /create_ddl_wt.sql 3. Execute the following:
<WT_HOME>/bin/windchill --java=<JAVA_HOME>/bin/java --jap=wt.properties\ com.ptc.windchill.upgrade.tools.upgradeframework.java.args --cpp=wt.properties\ com.ptc.windchill.upgrade.tools.classpath com.ptc.windchill.upgrade.

278

Windchill Installation and Configuration Guide

statemachine.DynamicLauncher -actc noui

4. Execute the following:


ant f <WT_HOME>/bin/upgradeTools.xml -v populateDbHashes

Oracle RAC 1. Log in to the Oracle RAC database using SQLPlus as a DBA user (For example, SYSTEM). 2. After replacing the <USERNAME> and <PASSWORD> variables, execute the following query to create a user schema:
create user <USERNAME> identified by <PASSWORD> default tablespace USERS temporary tablespace TEMP quota unlimited on USERS;

3. Execute the following:


<WT_HOME>/bin/windchill --java=<JAVA_HOME>/bin/java --jap=wt.properties\ com.ptc.windchill.upgrade.tools.upgradeframework.java.args --cpp=wt.properties\ com.ptc.windchill.upgrade.tools.classpath com.ptc.windchill.upgrade. statemachine.DynamicLauncher -actc noui

4. Execute the following:


ant f <WT_HOME>/bin/upgradeTools.xml -v populateDbHashes

5. After replacing the <USERNAME> variables, execute the following query to grant privileges to the user schema:
grant connect, resource, create sequence, create view, query rewrite to < USERNAME>;

Note For more information on how to manually create the schema and load data for any separate modules that you may have installed see Completing the Configuration Overview on page 172 and then the Post-Installation actions section for the module you have installed.

Update the Windchill Database


The Windchill database must be updated in order for the data to be loaded. This section describes how to manually update the Windchill database if you opted not to allow the PTC Solution Installer to create it automatically. 1. Complete the PSI installation, during which you choose not to load base data, as described in Selecting Data Loader Settings on page 150. 2. Create the database schema to be used in order for the data to be loaded, as described in Creating the Database Schema on page 277. 3. Update the Windchill Database by executing the following commands in the update tool:

Database Initializing and Data Loading

279

On Windows: AddColumns -u On UNIX: AddColumns.sh u 4. Run the upgradeDBHashes process by executing the following command from a Windchill shell: On Windows: ant.bat -f %WT_HOME%\bin\upgradeTools.xml -v populateDbHashes UNIX: ant -f %WT_HOME%/bin/upgradeTools.xml -v populateDbHashes 5. Load your data, as described in Loading Base and Demonstration Data on page 280.

Note Optional products may require their own specific installation instructions. For more information refer to the Completing Configurations - Manual Steps on page 171post-installation section for the product you are installing.

Loading Base and Demonstration Data


WindchillLoader is a command line utility that can load data for any of the installed Windchill solutions. It can load base and or demonstration data for the selected solution either in interactive or unattended mode. When you run the data load utility, you are prompted to log on as a user from the Administrators Group. If the user name you enter is not an administrator, then you are prompted to create an administrator user. During the installation of Windchill Services, you defined a Windchill administrative user to the Web server. In this process, you will use this user name and its password for authentication.

Loading Localized Load Files


If you are loading localized data into the database, then you must first set the date format to the server locale and then execute WindchillLoader. If you are not loading localized data, then you can skip this step (in which case the locale defaults to English). Proceed to the section, Loading Base and Demonstration Data on page 280.

280

Windchill Installation and Configuration Guide

Changing the Load Set for Localized Data


By PTC convention, localized files include a locale extension. The locale extension is appended to the file name, but precedes the file type extension, for example, lifecycleInitRule_ja _ja.xml. In this example, _ja is the locale extension. The table below lists the locale extensions: PTC Locale Extensions Locale Simplified Chinese Traditional Chinese French German Italian Japanese Korean Spanish Extension Value _zh_CN _zh_TW _fr _de _it _ja _ko _es

Refer to the section wt.load.WindchillLoader Class Argument on page 280 for further details on the -Locale argument of WindchillLoader.

Setting the Date Format to Reflect the Server Locale


Prior to loading the database, the data files provided with this installation may require modification to set the date fields to match the locale setting of the server. The default date format used in the data files is EN_US (MM/DD/YYYY). If the server locale is something other than this format, then all date fields must be modified to fit your locale. The data files are contained in the XML files which are located in the <Windchill>/loadFiles directory. You only need to consider the XML files relevant to your installation (see About the Base and Demonstration Data on page 287). To locate the dates that require modification, use an editor that can perform expression matching on the data files. Using this editor, execute the following expression to find the dates that require modification: [0-3]?[0-9]/[0-3]?[0-9]/[12][90][0-9][0-9] This expression will find all entries that match the default MM/DD/YYYY pattern. This expression will also find all entries that match the DD/MM/YYYY pattern.

Database Initializing and Data Loading

281

Using WindchillLoader to Load Data


Review the information in this section to familiarize yourself with the syntax of the WindchillLoader and the examples. After you have reviewed the material, you should be ready to load the Windchill database. You may have installed only one Windchill solution or multiple solutions consecutively. Perhaps you installed one solution and then at a later date installed another solution. The WindchillLoader will support all of these scenarios. In other words, you can load the database to support the solution you initially installed, install another solution, and then load the database for the second solution. In addition to the solution data, there is one other data type Windchill Services data. The Windchill Services data is the base data for all Windchill solutions. It is managed as a separate data set, and as such, it must be installed as an entity of its own. The Windchill Services data must be installed before any solution data can be installed. The following diagram describes the hierarchical relationship of the Windchill data sets.

The Windchill Services data (installed with Windchill Services) can be loaded by itself or in conjunction with a Windchill solution. In the latter scenario, it must be the first in the product data load order. With regard to solution data, the following combinations of data loads are supported: Windchill PDMLink and Windchill ProjectLink The solution data sets can be loaded in any order. Pro/INTRALINK 10.1 is a standalone solution. It uses the same base data as Windchill PDMLink. If you load the base data and subsequently install an upgrade to Windchill PDMLink, you should not reload the base data. Arbortext Content Manager and Windchill ProjectLink. The solution data sets can be loaded in any order.

WindchillLoader Syntax
The WindchillLoader is run from the command line under the direction of the windchill command.The WindchillLoader command syntax is:
windchill wt.load.WindchillLoader [class args]

282

Windchill Installation and Configuration Guide

Where [class args] represents the required and optional executable options.

Note For additional information about the windchill command, refer to the Windchill Command chapter.
wt.load. wt.load.WindchillLoader WindchillLoader Class Arguments Class Arguments -All -Application=[<app ID>,...] Description Loads the base data for all the Windchill solutions that are installed. A comma delimited list of Windchill solutions for which data should be loaded. This argument allows you to choose a specific solution or set of solutions to load. Each <app ID> must match a value as listed when the -Info report is generated. Displays a list of the Windchill solutions that are installed and have valid loadsets. Run this command to obtain the <app ID> values to use with the Application argument. Loads the base data and the demonstration data for an installed Windchill solution. By default, if this argument is excluded, then only the base data is loaded. Loads only the demonstration data for an installed Windchill solution. To use this argument, the base data must have already been loaded. Loads the specified localized load files for the specified Windchill solution. Refer to the section "WindchillLoader Examples" for an example of this argument.

-Info

-IncludeDemo

-LoadOnlyDemo

-Locale=<locale>

Database Initializing and Data Loading

283

wt.load. wt.load.WindchillLoader WindchillLoader Class Arguments (continued) Class Arguments Description If this argument is provided, the load set framework will do the following: Adds "_<locale>" to the filename attribute if attribute "localized" is true. The framework will not fall back to the original file name if the locale variant is not found It will not change the file name if the attribute "localized" is false or not present

If the "-Locale" argument is not provided, the load set framework will use only the filename attribute irrespective of whether the "localized" attribute is true or false. For the case when a load set is localized, specifying the locale through this attribute would allow the localized version of the load set to be loaded. If no locale has been provided, the load set framework will fall back to the default pre-configured filename. Runs the loader in unattended mode. The installer will not elicit prompts to the typical questions it poses during the installation. Displays the help for WindchillLoader.

-Unattended

-Help

Loading Base Data Best Practices


Basically, there are two data load scenarios: (1) loading the database for the first time, and (2) loading the database when additional Windchill solutions are installed.

Note When loading the database for the first time, you must load the Windchill Services data (Windchill.Foundation) in addition to the data for the Windchill solution or solutions that you have installed.

284

Windchill Installation and Configuration Guide

You may load the Windchill Services data separately using the following command:
windchill wt.load.WindchillLoader -Application=Windchill.Foundation

Note It will also be loaded if you run the WindchillLoader command with the option -Application=All.
After you have installed all the solutions that you intend to install, you are ready to load the data. The following instructions will step you through the first time data load process: 1. Display a list of the Windchill products that are installed:
windchill wt.load.WindchillLoader -Info

A list of all the Windchill products that are installed are displayed. Take a moment to review the list and verify that the products listed are the products that you expect to be installed. At a minimum, the list must include Windchill. Foundation, the Windchill Services data. Take note of the product names and the format used for the name, as you must use this name as it exactly appears in the -Application argument product list. For example, Windchill.Foundation represents the Windchill Services data and Windchill PDMLink represents the Windchill PDMLink data. 2. Load all the data for the Windchill products that are installed. Using the -All argument will load the base data for all the installed products. For the first time load, it is recommended to use the -All argument to ensure you load the data for all the installed Windchill products:
windchill wt.load.WindchillLoader -All

3. Load the demonstration data for the Windchill solutions that are installed:
windchill wt.load.WindchillLoader -LoadOnlyDemo

When adding a solution to an existing installation, use these steps: 1. Display a list of the Windchill products that are installed:
windchill wt.load.WindchillLoader -Info

A list of all the Windchill products that are installed are displayed. Review the list for the name of the Windchill solution that you installed. Take note of the format of the name, because you will use that name in the -Application argument. 2. Load the base data for the Windchill solution (or solutions) that you installed:
windchill wt.load.WindchillLoader -Application=[<app ID>,...]

Database Initializing and Data Loading

285

For example, if you added Windchill PDMLink:


windchill wt.load.WindchillLoader -Application=Windchill.PDMLink

3. Load the demonstration data for the Windchill solution (or solutions) that you installed. If you installed Windchill PDMLink, then you would execute the command as follows:
windchill wt.load.WindchillLoader -Application=Windchill.PDMLink -LoadOnlyDemo

Caution Do not run the WindchillLoader with the -All argument if a Windchill solution data set is already loaded.
WindchillLoader Examples The following are some examples using various combinations of the utility arguments. To display a list of the installed Windchill solutions available for loading data:
windchill wt.load.WindchillLoader -Info

To load only the base data for a specific solution identified by <app ID>:
windchill wt.load.WindchillLoader -Application=<app ID>

To load the base data and the demonstration data for a specific solution:
windchill wt.load.WindchillLoader -Application=<app ID> -IncludeDemo

To load the base data and the demonstration data for all installed Windchill solutions:
windchill wt.load.WindchillLoader -All -IncludeDemo

To load the base data and demonstration data for all installed Windchill solutions in unattended mode:
windchill wt.load.WindchillLoader -All -Unattended

If a Windchill solution is already installed and its related data loaded, and you install a second Windchill solution, then to load the data do the following: Load only the data specific to the new Windchill solution. You cannot load the same data twice as this will cause an error to occur. To load the new Windchill solution load set, use the following command:
windchill wt.load.WindchillLoader -Application=<app ID> -Locale=<locale>

To load the localized data for a specific solution, enter the following in a Windchill shell:
windchill wt.load.WindchillLoader -Application=<app ID> -Locale=<locale>

286

Windchill Installation and Configuration Guide

For example,
windchill wt.load.WindchillLoader Application=Windchill.PDMLink -Locale=ja

This loads the Japanese version of the Windchill PDMLink solution.

Executing Post-Dataload Post-Dataload Steps


After manually loading the base data, some solutions require additional commands be run. Windchill PDMLink and Pro/INTRALINK 10.1 In a Windchill shell, execute the following command:
windchill com.ptc.windchill.upgrade.templatemigration.TemplateMigrationTool -install

Resetting the Number of Running Method Servers


Once you have loaded the base and demonstration data, you can reset the number of running method servers to their original state. In the Setting the Number of Starting Method Servers on page 276 section, you were advised to limit the number of method servers to one. Use the xconfmanager now to restore the properties that you changed to their previous values. In particular, the following properties were discussed: wt.manager.monitor.services wt.manager.monitor.start.MethodServer

About the Base and Demonstration Data


The information in the following tables describes the categories of the loadsets and the files included in the loadset. The loadset categories include: Windchill Services base data Windchill PDMLink base and demonstration data Arbortext Content Manager base and demonstration data Pro/INTRALINK 10.1 base data

Note The tables are subdivided by solution and then by base data and demonstration data.

Database Initializing and Data Loading

287

Windchill Services
The information in the Windchill Services Base Data table is base data that is required for all solutions. The base data files are listed in the loadset file: <Windchill>/codebase/wt/load/foundationLoad.xml.

Windchill PDMLink
There are two sets of data for Windchill PDMLink base data and demonstration data. The base data files are listed in the loadset file: < Windchill>/codebase/com/ ptc/windchill/pdmlink/load/pdmlinkLoad.xml.

Note If you are upgrading Pro/INTRALINK 10.1 to Windchill PDMLink and have already loaded the base data, you should not reload the base data.
The demonstration files are listed in the loadset file: < Windchill>/codebase/com/ ptc/windchill/pdmlink/load/pdmlinkDemo.xml.

Creating Containers in Windchill PDMLink


When running WindchillLoader to load Windchill PDMLink data, one step provides the option to create a default organization context based on the General (Windchill PDMLink) organization template. This organization context is owned by the site organization. If you do not want to create the default organization context, select n during this step. For further information on organization contexts, see the Windchill Business Administrator's Guide. To localize the context path names to match the name in the localized load files, add the <?loc-begin> and <?loc-end?> tags to the context path names in these files.

Note If WindchillLoader is run in Unattended mode, then it will not provide the above option. In this case, it automatically creates the default organization context. Note The Windchill PDMLink demonstration (demo) data contains thumbnail images. To view the thumbnail images, you must install the Creo View client. The Creo View client product is packaged with the Creo View Client CD (or the Creo View Standard CD, if you purchased this separately). Once the Creo View client is installed, to view the demo data images, log on as demo and use demo for the password.

Windchill ProjectLink
Windchill ProjectLink base data files are listed in the loadset file: < Windchill>/ codebase/com/ptc/windchill/projectlink/load/atcmLoad.xml.

288

Windchill Installation and Configuration Guide

The demonstration files are listed in the loadset file: < Windchill>/codebase/com/ ptc/windchill/projectlink /load/projectlinkDemo.xml.

Arbortext Content Manager


There is only one set of data for Arbortext Content Manager base data (there is no demonstration data). The Arbortext Content Manager base data is the same as Windchill PDMLink on page 287 base data. The base data files are listed in the loadset file: <Windchill>/codebase/com/ptc/windchill/pdmlink/load/pdmlinkLoad. xml.

Pro/INTRALINK Pro/INTRALINK 10.1


There is only one set of data for Pro/INTRALINK 10.1 base data (there is no demonstration data). The Pro/INTRALINK 10.1 base data is the same as Windchill PDMLink on page 287 base data. The base data files are listed in the loadset file: <Windchill>/codebase/com/ptc/windchill/pdmlink/load/pdmlinkLoad.xml.

Note This section does not cover the loading/migration of data from earlier releases of Pro/INTRALINK to Pro/INTRALINK 10.1. For information on this subject, see the Pro/INTRALINK Data Migrator Administrator's Guide.

Creating Containers in Pro/INTRALINK 10.1


When running WindchillLoader to load Pro/INTRALINK 10.1 data, one step provides the option to create a default organization context based on the General organization template. This organization context is owned by the site organization. You must select y to create the default organization context. This is because there is no way to create an organization context through the Pro/INTRALINK 10.1 user interface. For further information on organization contexts, see the Windchill Business Administrator's Guide. To localize the context path names to match the name in the localized load files, add the <?loc-begin> and <?loc-end?> tags to the context path names in these files.

Note If WindchillLoader is run in -Unattended mode, then it will not provide the above option. In this case, it automatically creates the default organization context.

Database Initializing and Data Loading

289

12
Installing and Configuring Adobe LiveCycle Software
About Adobe LiveCycle Forms Software.................................................................... 292 System Compatibility and Requirements ................................................................... 292 Installing Adobe LiveCycle Forms Software ............................................................... 292 Configuring Windchill for Use with Adobe LiveCycle Forms Software ........................... 293

This section describes how to install and configure the Adobe LiveCycle software for use with Windchill for creating and managing task form templates. Additionally, it covers how to deploy the Adobe software to an application server.

291

About Adobe LiveCycle Forms Software


The Adobe LiveCycle Forms software is a third-party product that is purchased separately from your Windchill solution and is deployed to an application server. It is used to pre-populate Windchill data into task form templates that are created in Adobe Designer software in a XDP file format. The LiveCycle Forms software also converts the XDP template into PDF format to be rendered in the web browser. The task form templates are managed via the Windchill Templates user interface and contains various form fields, like labels, text fields, and radio buttons. These form fields are place holders to display the attributes of task like variables and process names to the task participant when a task for an activity is executed through a Windchill workflow process. The Workflow Template Administration utility then acquires the information completed by the task participant and updates the Windchill system. Once created, the task forms are rendered in a PDF file format and printed from Windchill. For more information about templates, see the Templates online help. For more information about creating a task form template, see the Workflow Template Administration online help.

System Compatibility and Requirements


The following version of Adobe software is supported with Windchill 10.0 and later: Adobe LiveCycle Forms - version 8.2 or 9.0 Adobe LiveCycle Designer - version 8.2 or 9.0

For more information about the system requirements for the Adobe LiveCycle Forms software, refer to the Adobe Installing and Configuring LiveCycle Forms guide for version 8.2 or 9.0.

System Requirements for Adobe Software


Ensure the hardware and software requirements are met for the Adobe software, as well as the supported combinations for the operating system and application server. For more information, see Adobe Installing and Configuring LiveCycle Forms.

Installing Adobe LiveCycle Forms Software


There are two methods provided for installing and configuring the Adobe software, and deploying the product to an application server; Turnkey and Manual.

292

Windchill Installation and Configuration Guide

The Turnkey method will work if you are using a Windows operating system with a JBoss server. Follow the installation instructions found in the Adobe documentation titled, Adobe Installing and Configuring LiveCycle Forms. It is recommended that you read through the installation and deployment checklists as well as the Before You Install section prior to beginning the installation process.

Using the Turnkey Installation Method


The turnkey method is recommended for installing, configuring, and deploying the LiveCycle Forms with a Windows operating system and a JBoss server. This method installs the files and then runs the Configuration Manager to configure the EAR file for deployment to the application server. This method also installs and configures a JBoss application server. During the installation process you can skip the following steps: It is not necessary to install the MySQL database. However, it will not interfere with the Windchill solution if it is installed. When given the option, do not include the User Management and Administrator tools component.

Using the Manual Installation Method


Use the manual method to install the Adobe software if you already have a JBoss Application Server installed and configured, or if you are deploying to WebSphere. It is not necessary to include the User Management and Administrator tools component.

Deploying the Adobe Software to an Application Server


Follow the deployment procedure for the type of installation method you are using, found in the Adobe guide, Installing and Configuring LiveCycle Forms.

Configuring Windchill for Use with Adobe LiveCycle Forms Software


This section provides a procedure for configuring your Windchill solution for use with the Adobe LiveCycle Forms software. The defaults will work if the Adobe software is installed on the same server as Windchill.

Installing and Configuring Adobe LiveCycle Software

293

Use the following procedure to configure your Windchill solution: 1. In the db.properties file, define the following values: com.adobe.DefaultSOAPEndPoint=<Adobe LiveCycle ES installation location> This value represents the endpoint to which an invocation request is sent. If your Adobe LiveCycle ES is installed on a separate application server, specify the J2EE application sever name for <Adobe LiveCycle ES installation location>. If your client application is located on the same J2EE application server, specify localhost for <Adobe LiveCycle ES installation location>. For example, http://localhost:8080. The default endpoint is http://localhost:8080. com.adobe.ServerType=<Adobe LiveCycle ES installation server type> Where <Adobe LiveCycle ES installation server type> is the type of server on which the Adobe LiveCycle ES installation resides. The default value is JBoss. com.adobe.Username=<Adobe LiveCycle ES server user name> Where <Adobe LiveCycle ES server user name> is the log on user name of the server on which the Adobe LiveCycle ES installation resides. The default value is administrator. com.adobe.Password=<Adobe LiveCycle ES server password> Where <Adobe LiveCycle ES server password> is the log on password of the server on which the Adobe LiveCycle ES installation resides. The default value is password. The default value is set to default. This password field can be encrypted. To do this, you need to propagate the new password of Adobe Lifecycle server by running the following command from a windchill shell: xconfmanager -s com.adobe. Password=newpassword p If you want to set the encrypted value, then do not propagate this passwordrelated property from site.xconf.

Note The turnkey installation method uses a port setting of 8080. This is not a value that can be changed using the Turnkey installation method. 2. Copy the following JAR files from the Adobe form server to <windchill-root directory>\srclib\adobeFormLibs: adobe-usermanger-client.jar adobe-livecycle-client.jar adobe-output-client.jar adobe-forms-client.jar adobe-utilities.jar

294

Windchill Installation and Configuration Guide

The jar files can be found in the following location:

<Forms_Server_Home>\LiveCycle_ES_SDK\client-libs\common\adobeusermanager-client.jar <Forms_Server_Home>\LiveCycle_ES_SDK\client-libs\common\adobelivecycle-client.jar <Forms_Server_Home>\LiveCycle_ES_SDK\client-libs\common\adobeoutput-client.jar <Forms_Server_Home>\LiveCycle_ES_SDK\client-libs\common\adobeforms-client.jar <Forms_Server_Home>\LiveCycle_ES_SDK\client-libs\jboss\adobeutilities.jar

The remaining third-party jar files are bundled with Windchill and will be deployed automatically at <Windchill>\srclib\adobeFormLibs. Where <Windchill> is the location where your Windchill system is installed.

Installing and Configuring Adobe LiveCycle Software

295

13
Configuring EXPRESS Data Manager
Installing EXPRESS Data Manager........................................................................... 298 Configuring Windchill for EDMS ................................................................................ 298

This is an optional configuration; however, if you plan to use the Windchill STEP features, then you must install and configure EXPRESS Data Manager. This chapter contains instructions to install and configure EXPRESS Data Manager for Windchill.

297

Installing EXPRESS Data Manager


EXPRESS Data Manager (EDMS) is a third-party product that supports STEP (Standard for Exchange of Product Data). It is used to automatically convert the Windchill specific file format to and from the required STEP application protocol. The EDMS product processes provide the mapping between STEP and Windchill; which is described in EXPRESS-X. Information about EDMS is available at the following URL. http://www.epmtech.jotne.com See the Contact Us page for the EPM Technology company address and phone number to obtain information about procuring the EDMS product. Follow the product installation and configuration instructions provided by EDMS. After you have installed EDMS, you must reboot your Windows system to avoid toolkit-generated errors.

Configuring Windchill for EDMS


After you have installed and configured EDMS, you must edit the wt.properties to define the EDMS installation to Windchill and re-create the Windchill schema for EDMS. To configure EDMS, define the EDMS installation directory settings, the EDMS database properties, and the log settings. 1. Use the xconfmanager to add the properties described in the EDMS Properties table to the wt.properties file. The properties values are based on the EDMS install and configure information. From a windchill shell, execute the following command:
xconfmanager -s <EDMS Property Name>=<property value> -t <Windchill>/codebase/wt.properties -p

Where <Windchill> is the location where Windchill is installed. EDMS Properties Property Name edms.home Description Home directory for the EXPRESS Data manager. The directory path cannot contain spaces. Directory for database files Account name for the conversion database Password for the conversion database Default Value There is no default value; a value must be specified. $(edms.home)\\db exchange exchange

edms.db.directory edms.db.name edms.db.password

298

Windchill Installation and Configuration Guide

EDMS Properties (continued) Property Name edms.fullLog Description Default Value Product a full log when false performing conversion. A true or false switch. License for Express Data None Manager. This is needed only when using STEP on a 64 bit platform.

edms.license

2. Use the xconfmanager to append the following EDMS Java API value to the wt.java.classpath property: If using Windchill STEP on a 32 bit platform:
$(edms.home)\\Java\\jexpress1-11.jar

If using Windchill STEP on a 64 bit platform:


$(edms.home)\\edom3_java3.jar

From a windchill shell, execute the following commands: Display the current value:
xconfmanager -d wt.java.classpath

Specify the existing and new value (append the new value to the existing value). See the xconfmanager guidelines for specifying multiple property and property value combinations:
xconfmanager -s wt.java.classpath=<appended EDMS value> -t <Windchill>/codebase/wt.properties -p

Where <Windchill> is the location where you installed Windchill. 3. Build the STEP schema. To execute this command, use Apache Ant. At the command prompt, execute the following command:
ant -f <Windchill>/bin/tools.xml wt.step.schema.gen SchemaGen.log

4. Restart the Windchill method server for the changes to take effect. At this time, the STEP configurations are complete.

Configuring EXPRESS Data Manager

299

14
Configuring Sun Java System Web Server
Before You Begin..................................................................................................... 302 Configuring Windchill for Sun Java System Web Server.............................................. 302 Configuring Sun Java System Web Server ................................................................ 303 Using Sun Java System Web Server for Multiple Instances of Windchill ....................... 312

The instructions in this chapter provide the details to configure the Sun Java System Web Server for use with your Windchill solution.

301

Before You Begin


Before you begin this configuration, you should have: Consulted the Windchill software matrices for the version of the Sun Java System Web Server that is supported with this release. Installed Sun Java System Web Server.

The configurations for Sun Java System Web Server are performed using the Sun Web Server Administration Server and manually editing files. You will need the following information to complete the configuration: Windchill does not use the Sun Java System Web Server JDK, so the default, bundled Java version can be installed instead of using an external JDK. PTC recommends installing and configuring the Apache Web Server with your solution to provide a configuration baseline. You may then reconfigure to use the Sun Java System Web Server as a manual post installation step. The location of the Windchill codebase directory This value was defined during the installation of Windchill, for example, /opt/ptc/Windchill/codebase. The Windchill Web application context root name This value was defined during the installation of Windchill. The host name of the system where Windchill Directory Server resides. The LDAP Server Port Number This value was defined during the installation of Windchill Directory Server. The default is 389. The Base DN used by Windchill Directory Server for your Windchill solution This is the value you entered in the Base Distinguished Name for Product Properties field during your Windchill product installation. The LDAP Server Administrator Distinguished Name This is the Windchill Directory Server administrator distinguished name that was defined during the installation of Windchill Directory Server. The default is cn=Manager. The LDAP Server Administrator Password This is the password you defined for the Windchill Directory Server administrator that was defined during the installation of Windchill Directory Server. The URL to use to access the Sun Java System Web Server Admin Console. By default this is running on the local host at port 8989 for SSL and 8800 for non-SSL

Configuring Windchill for Sun Java System Web Server


After you have installed Windchill, identify the Sun Java System Web Server to Windchill.

302

Windchill Installation and Configuration Guide

To identify the Web server being used as a Sun Java System Web Server, set the following wt.properties property using the xconfmanager:
wt.content.SunOne=true

The user that the Sun Java System Web Server runs as must be allowed to read and write to the following files and locations in Windchill: <Windchill>/logs Ensure that the permissions on the directory and files, if they exist, are set to allow the Sun Java System Web Server user read and write privileges.

Configuring Sun Java System Web Server


The following instructions guide you through the steps to configure the Sun Java System Web Server for use with Windchill solutions: 1. 2. 3. 4. 5. Deploying changes to the Sun Java System Web Server Setting Up Access to the LDAP Directory and Applying Changes Enabling the Downloading of EXE Files Configuration Summary Using Sun Java System Web Server for Multiple Instances of Windchill (optional)

Deploying changes to the Sun Java System Web Server


Most changes made using the Admin Console will need to be deployed to the running instance of the web server. After making any changes, a Deployment Pending link appears in the top right corner of the Admin Console. This informs you that the changes you have made require deployment. To deploy these changes, click Deployment Pending and a new page appears. The page contains a Deploy... or Cancel button. Click Deploy... to propagate the changes to all instances or click Cancel to postpone the deployment.

If manual changes were made directly to the files, the Configuration Deployment page will provide the following options:

Configuring Sun Java System Web Server

303

Discard Instance Changes Pull and deploy configuration changes from [virtualhost]

Select the Pull and deploy changes from [virtualhost] action and click OK .

Setting Up Accesses to the Windchill Directory Server and Applying Changes


The instructions in this section use the Sun Java System Web Server administration console to perform the configurations. This requires that the Sun Java System Web Server administration console is running. Consult the Sun help if you need detailed information about the administration console. 1. Log in as the administrator you established when you installed Sun Java System Web Server. 2. From the Configurations tab, select the configuration. By default, this will be the server name. Then select the Access Control tab. Next select the Authentication Databases tab. a. Click New . The following appears:

304

Windchill Installation and Configuration Guide

b. In the window, enter information in the fields as described in the following table: LDAP Directory Service Configuration For this field Database Type Authentication Database Name Enter this value LDAP Server Enter in a name for this LDAP service. For example, "Windchill_Directory_Server". The host name of the computer where the Windchill Directory Server resides. A port number used for the Windchill Directory Server. The default port number is 389. The value entered in the Base
Distinguished Name For Administrative Users field during

Host Name

Port

Base DN

Bind DN

Bind Password

the Windchill installation. The Windchill Directory Server administrator distinguished name that was defined during the installation of Windchill Directory Server. The default is cn=Manager The password you defined for the Windchill Directory Server administrator during the installation of the Windchill Directory Server.

c. To save the new configuration, click OK . 3. Verify that the connection to the Windchill Directory Server is working by searching for users as described in the following steps: a. Click the Users tab. b. Select the database defined above in the Select Authentication Database drop down. c. Click Search . If you have installed Windchill Services, the administrator defined during that installation should display. Otherwise, no users are found.

Configuring Sun Java System Web Server

305

4. Set the LDAP database as the default. To do so, select the check box listed next to the Authentication Database name and click Set As Default . 5. Consult the section titled "Deploying changes to the Sun Java System Web Server" to deploy these changes.

Note Only a single LDAP directory service can be configured for authentication. All users must be located within this single LDAP directory service.
By default, the Sun Java System Web Server's internal servlet engine is enabled. This is not recommended for use with Windchill and should be disabled. To disable the internal Java Servlet Engine, perform the following: 1. From the Java tab of the Configurations instance, ensure the General sub-tab is selected. 2. In the General subsection, clear the Enabled box next to the Java: field. 3. Click Save . 4. Consult the section titled "Deploying Changes to the Sun Java System Web Server" to deploy these changes.

Enabling the Downloading of EXE Files


By default, the Sun ONE Web Server does not allow the downloading of files that have the EXE extension. To use all of your Windchill capabilities, users must be able to download files with this extension. To allow users to download EXE files, edit the MIME types as follows: 1. From the General tab of the Configurations instance, click the MIME Types tab. 2. Find the entry for the MIME value "magnus-internal/cgi" and click on the extensions in the right cell. The default value for this cell is "cgi,exe,bat". 3. On the page that opens, locate the File Suffix field and remove the EXE extension from this list. The list should now be "cgi,bat". 4. Click OK . 5. On the Edit MIME Type page, delete EXE and the comma that follows exe from the list of suffixes. Then, click Change MIME Type . 6. From the MIME Types list, search for the MIME value "application/octetstream" and click on the File Suffix cell for this row and add exe to the File Suffix list in the page that opens. 7. Consult the section titled "Deploying changes to the Sun Java System Web Server" to deploy these changes.Configuring Windchill for Sun ONE Java Enterprise Web Server.

306

Windchill Installation and Configuration Guide

Deploying Windchill Web Application to Sun Java System Web Server


This section describes how to deploy the Windchill Web application to the Sun Java System Web Server.

Generating Windchill configuration for Sun Java System Web Server


From a Windchill shell, execute the following: 1. Change directory to <Windchill>/tomcat/connectors/sjsws/scripts 2. Execute the following command ant -DauthDB=Authentication Database Name -f sjswsConfig.xml generateSJSWSConfig The Authentication Database Name is specified when adding the LDAP Authentication database via the Administrative interface. This will generate three files: sjswsAuth.acl magnusconfadditions.conf vhost-objconfadditions.conf

The following sections refers to configuration files for the Sun Java System Web server. These files are located in the <webserver installation directory>/https<configurationname>/config directory. For example, if the server is installed in /opt/sun/webserver7 and the configuration name is windchill.company.com, the directory will be: /opt/sun/webserver7/https-windchill.company.com/config.

Enabling the Tomcat Connector


The magnusconfadditions.conf file contains the configuration directives that must be added to the magnus.conf file located in the configuration directory. Cut and paste the two lines starting with Init into the magnus.conf file. Ensure that there are no unexpected line breaks in each line. The @@ARCH@@ string needs to be replaced with the appropriate string for the architecture of the web server. Use the following: i386 for 32-bit Solaris x86 amd64 for 64-bit Solaris x64 sparc for 32-bit Solaris SPARC sparc for 64-bit Solaris SPARC

For example, if you are using a 64-bit Intel WebServer running on Solaris 10, the lines will look like:

Configuring Sun Java System Web Server

307

Init fn="load-modules" funcs="jk_init,jk_service" shlib="WT_HOMEl/tomcat/connectors/sjsws/amd64/nsapi_redirector.so" shlib_flags="(global|now)" Init fn="jk_init" worker_file="WT_HOME/tomcat/connectors/conf/workers.properties" log_level="info" log_file="WT_HOME/tomcat/connectors/logs/nsapi.log" shm_file="/mnt/disk1 /ptc/pdmlinkx20/windchill/tomcat/connectors/logs/jk_shm"

Ensure that the magnus.conf file is saved after making this change. After completing the changes to the magnus.conf file, the [virtualhost]-obj.conf must be updated. If the [virtualhost]-obj.conf file does not exist, then the changes must be applied to the entire configuration. In this case, make the modifications to the obj. conf file. The generated vhost-objconfadditions.conf consists of three sections. Below is an example of the contents of this file:
#The following section belongs in the Object name="default" section of the vhost-obj.conf file NameTrans fn="assign-name" from="/Windchill/*.jsp(|/*)" name="jknsapi" NameTrans fn="assign-name" from="/Windchill/*.jspx(|/*)" name="jknsapi" NameTrans fn="assign-name" from="/Windchill/servlet/*" name="jknsapi" NameTrans fn="assign-name" from="/Windchill/app(|/*)" name="jknsapi" NameTrans fn="assign-name" from="/Windchill/ptc1(|/*)" name="jknsapi" NameTrans fn="assign-name" from="/Windchill/*.jar" name="jknsapi" NameTrans fn="assign-name" from="/Windchill/gwt/servlet/*" name="jknsapi" NameTrans fn="assign-name" from="/Windchill/gwt/*/servlet/*" name="jknsapi" #The following line belongs in the Object name="default" section of the vhost-obj.conf file #but must be after the above NameTrans lines NameTrans fn="pfx2dir" from="/Windchill" dir="/WT_HOME/codebase" #The following line belongs at the end of the vhost-obj.conf file <Object name="jknsapi"> ObjectType fn="force-type" type="text/plain" Service fn="jk_service" method="*" worker="ajp13" </Object>

The sections are separated by comment lines starting with the pound character (#). The first two sections contain NameTrans lines and need to be pasted into the Sun Java System Web Server configuration instance's virtualhost-obj.conf file's <Object name=default> section. Add these NameTrans lines after the last occurrence of any existing NameTrans lines in the virtualhost-obj.conf file. The last section begins with <Object name=jknsapi>. This section should be appended to the end of the virtualhostobj.conf file. Ensure that the virtualhost-obj.conf file is saved after making the above changes.

308

Windchill Installation and Configuration Guide

Configuring Access Control Rules for the Windchill Web Application The sjswsAuth.acl files contains the Authentication rules necessary for Windchill. This file needs to be copied to the Sun Java System Web Server instance's configuration directory and named [virtualhost].acl. For example, if your virtualhost for the webserver is windchill.company.com, the filename will be windchill.company.com.acl. If this file already exists, then the contents of the file immediately after the following need to be pasted into the existing file:
# File automatically written # # You may edit this file by hand # version 3.0;

Do not include the above lines if the file already exists. If the file does not already exist, the webserver must be told to look for this file. This must be done by editing the server.xml file in the instance configuration and making the following change: search for the <virtual-server> block:
<virtual-server> <name>windchill.company.com</name> <host>windchill.company.com</host> <http-listener-name>http-listener-1</http-listener-name> <object-file>windchill.company.com-obj.conf</object-file> </virtual-server>

Add the following just before the </virtual-server> line and save the file: <acl-file>[virtual hostname].acl</acl-file> For example, in the previous, block, where the hostname is windchill.company. com the entire block will be:
<virtual-server> <name>windchill.company.com</name> <host>windchill.company.com</host> <http-listener-name>http-listener-1</http-listener-name> <object-file>windchill.company.com-obj.conf</object-file> <acl-file>windchill.company.com.acl</acl-file> </virtual-server>

Once the previous changes to the magnus.conf, [virtualhost]-obj.conf, virtualhost. acl and server.xml files are changed, they need to be deployed. Consult the section titled "Deploying changes to the Sun Java System Web Server" to deploy these changes.

Configuring Sun Java System Web Server

309

Configuring Access Control Rules for the Sun Java System Web Server
This section describes the steps you must follow to configure access control rules for the Sun Java System Web Server. This is used to manually add additional access control rules that are not configured with Windchill by default. 1. From the Virtual Servers tab of the Configurations instance, select the virtual server to deploy the Windchill web application to. 2. Select the Access Control tab and then select the Access Control Lists tab. 3. Click on the "New" button to add a new Access Control list. 4. In the page that opens:

Set the following values: Field Resource Action or Value Select URI in the drop down window and enter the resource that access control is being configured against. Select the database for the LDAP server. Select Basic This is the HTTP Basic authentication realm for Windchill. The default value used for Windchill installs is
Windchill Installation and Configuration Guide

Authentication Database Authentication Method Prompt for Authentication

310

Field

Action or Value Windchill but any value may be used.

From Access Control Entries , select Edit in the ACE Action column. The following is displayed:

Set the following values: Field Access Users and Groups Action or Value Allow Select the appropriate authorization restrictions for the URL being configured.

Click OK for both pages. 5. Consult the section titled Deploying changes to the Sun Java System Web Server to deploy these changes.

Configuring Sun Java System Web Server

311

Using Sun Java System Web Server for Multiple Instances of Windchill
To use the same Sun Java System Web Server software to connect to multiple instances of Windchill, you must create multiple Sun Java System Web Server configurations and a separate Virtual Server within each configuration. This isolates each Windchill web application within its own configuration and Virtual Server.

312

Windchill Installation and Configuration Guide

15
Configuring IIS and Tomcat
Before You Begin..................................................................................................... 314 Configuring IIS and Tomcat ...................................................................................... 315 Configuration Summary ........................................................................................... 326

The instructions in this chapter provide the details to configure Internet Information Services (IIS) and Tomcat for use with Info*Engine and Windchill solutions.

313

Before You Begin


PTC supports Internet Information Services (IIS) with Tomcat. Before you begin this configuration, you should have: Consulted the Windchill software matrices for the version of IIS supported with this release. Installed a supported version of IIS, including the Microsoft Script Debugger. The debugger is optional, but is very useful for debugging. Installed the Java 2 Software Development Kit (SDK). Installed Apache. PTC highly recommends that you use the bundled Apache Web server to initially test your Info*Engine installation before switching to IIS. Testing your installation with Apache takes very little additional time up front and generally saves a great deal of time in troubleshooting if anything is not working properly with IIS. Installed Info*Engine as part of your Windchill solution. Installed any Windchill solution that you intend to use and tested it with Tomcat and Apache. Completing this step ensures that Windchill is correctly installed before you switch to using IIS. As part of testing Windchill with Apache, you may want to add an alternate user name (for example, "domainxzy\userxyz") to a user LDAP entry in Windchill Directory Server to ensure that such users can be accessed using the Windows "domain\user"-style credentials. For example, during the installation of Windchill Services, you specified the user name of the Windchill administrator and this user was added to Windchill Directory Server. If the name you entered (such as wcadmin) was not a Windows user, you can add an alternate user name for the administrator by updating the user through the Windchill Principal Administrator. The user name you add should be an established Windows user that IIS will be able to access. Remember that after you switch to IIS, IIS does not access user and password information in Windchill Directory Server.

Note If you are using only Info*Engine and not Windchill, this item does not apply. Installed all vendor required operating system patches and other suggested installations. For supported operating system versions, see the Software Matrix that is accessible from the PTC Documentaiton Reference Web site. Enabled ISAPI-dll Handler Mapping at either the server or web site level. Ensured that the appropriate Role services have been installed, to ensure that IIS works with Windchill.

314

Windchill Installation and Configuration Guide

Required Role Services The following are the minimum required Role services for IIS to work with Windchill: Common HTTP Features Static Content Default Document Directory Browsing HTTP Errors Application Development ISAPI Extensions (not installed by default) ISAPI Filters (not installed by default) Health and Diagnostics HTTP Logging Request Monitor Security Basic Authentication (not installed by default) Request Filtering Management Tools IIS Management Console IIS Management Scripts and Tools (not installed by default) The next section guides you through the steps to configure IIS and Tomcat.

Configuring IIS and Tomcat


Many of the instructions in this section use the Internet Information Services (IIS) Manager to configure IIS and Tomcat. Consult the IIS Manager help if you need detailed information about the user interface. Configuring IIS and Tomcat for use with Info*Engine and Windchill involves completing the sets instructions in the following sections: Installing Tomcat Connector into IIS on page 316 Creating the Windchill Virtual Directory for IIS 7 on page 318 Configuring IIS to Serve Necessary MIME Types on page 319 Adding Tomcat Connector to ISAPI Extension List on page 320 Putting IIS 6 in IIS 5 Isolation Mode on page 321 Improving Performance on IIS on page 321
Configuring IIS and Tomcat

315

Setting Authentication Constraints Required by Windchill on page 321

Restarting IIS
Throughout this document, you will be instructed to restart IIS. Use the following steps to restart IIS: For IIS 6: 1. Select the <ComputerName> (local computer) node in the left pane. 2. Select All Tasks and then restart IIS from the right-mouse context menu. 3. Click OK . For IIS 7: 1. Select the <ComputerName> (local computer) node in the left pane. 2. From the Actions pane, click Restart .

Setting Up the IIS/Tomcat IIS/Tomcat Connector Directory


The IIS/Tomcat connector directory contains the IIS/Tomcat connector configuration files. For the remainder of these instructions, the IIS/Tomcat connector directory is referred to as the <IISConnectorDir>. This directory is located at <Windchill>/tomcat/connectors. Edit <IISConnectorDir>\conf\workers.properties as follows: If Tomcat is on a different server than IIS, then change localhost to the appropriate host name. If Tomcat is listening for AJP13 requests on a port other than 8010 (the default), change 8010 to the appropriate port number.

Note The contents of this file can be identical to that in workers.properties in the Apache conf directory; so if you are moving from Apache to IIS, you can simply copy the Apache file to <IISConnectorDir>\conf.

Installing Tomcat Connector into IIS


To install the Tomcat connector into IIS, complete the following steps: 1. Open a command prompt window and navigate to the <IISConnectorDir>/iis directory. 2. Enter the following command (all on one line), replacing the italicized arguments as directed in the table that follows: For IIS 6:
scripts\isapi_install <server> <fdir> <worker> <mount> <log> <level>

316

Windchill Installation and Configuration Guide

For IIS 7:
scripts\isapi_install_iis7 <server> <fdir> <worker> <mount> <log> <level>

Note As an alternative, if the out of the box PTC Tomcat Connector directory is used, the following shorter command can be used:
isapi_install_iis7 <server> <tomcat_dir> <loglevel> <architecture>

Argument <server>

Description Name of the IIS web site to use; this should generally be Default Web Site (including the double-quotes) unless your site requires another value. If you use a value other than Default Web Site, be sure to use that value instead of Default Web Site throughout the remainder of these instructions. Full file name (including path) of <IISConnectorDir>/iis/<architecture> where <architecture> is either x86 for 32-bit Windows or x64 for 64-bit Windows. Full file name of (including path) of <IISConnectorDir>\conf \workers.properties. Full file name (including path) of <IISConnectorDir>\conf\uriworkermap.properties file. Full file name (including path) of log file in which filter connector messages will be logged. This file does not exist at this point in the process. PTC recommends that you use <IISConnectorDir> \logs\isapi_redirect.log as the log file name. The level of logging verbosity: emerg , error , info , or debug .
error is suggested for normal production usage, whereas debug

<fdir> <worker> <mount> <log>

<level>

should be used in the course of troubleshooting. If error is too verbose in a given environment, then use emerg instead. The architecture of the Windows IIS installation. x86 for 32-bit Windows and x64 for 64-bit Windows.

<architecture>

Note This command can be safely re-run with any necessary changes to any arguments including the level of logging. 3. Restart IIS.

Configuring IIS and Tomcat

317

Creating the Windchill Virtual Directory for IIS 7


Note This is the automated procedure for IIS 7 that uses the config_windchill.vbs script. If you do not want to use the script, you can follow the procedures for manually creating the Windchill Virtual Directory. From the <IISConnectorDir> enter the following (all on one line), replacing the bolded, italicized text as directed: scripts\config_windchill.vbs <server> <mount> <name> <Windchill>
Argument <server> Description Name of the IIS web site to use; this should generally be Default Web Site (including the double-quotation marks) unless your site requires another value. If you use a value other than Default Web Site, use that value instead of Default Web Site throughout the remainder of these instructions. Full file name (including path) of <IISConnectorDir>\conf\uriworkermap. properties file. The name for the application (ie, Windchill). This will be used as the virtual directory in IIS for application mapping. The full path to the Windchill installation directory (ie, C:\ptc\Windchill_<release_number>\Windchill)

<mount>

<name>

<Windchill>

Manually Creating the Windchill Virtual Directory


Note This procedure is for IIS 6 (required) or if you prefer to configure IIS 7 manually without using the config_windchill.vbs script
In this set of steps, you create a Windchill virtual directory for the Windchill codebase directory, set the access permissions for the virtual directory, and add the index.html file for documents. The virtual directory is created in Default Web Site. 1. Open IIS Manager by navigating to Start Control Panel Administrative Tools . 2. Follow the instruction for the IIS version you use: IIS 6

318

Windchill Installation and Configuration Guide

From tree tool in the left pane, select the Default Web Site (found in the Web Sites folder) and then, using the right-mouse, select New Virtual Directory . IIS 7 From tree tool in the left pane, select the Default Web Site (found in the Web Sites folder), right-click and select Add Virtual Directory . 3. Enter the following information for the virtual directory: Windchill Virtual Directory Creation At this prompt Alias Path Permissions 4. Click Finish . IIS 6 only 1. Select the resulting virtual directory from the left pane and select Properties from either the right-mouse contextual menu or the Action menu. 2. Select the Documents tab in the resulting dialog. 3. Click Add and enter index.html in the resulting dialog. Then click OK two times. By default, IIS only understands index.htm. Because Windchill has the index. html file, this step is required. For web applications without an index.html file, this step is optional. Enter a value that meets this description... A short name (alias) to give the Windchill virtual directory. For example, Windchill. Enter the fully-qualified path to the Windchill codebase directory: <Windchill>\codebase. (IIS 6 only) Select the Read access permission.

Configuring IIS to Serve Necessary MIME Types


Note This procedure is for IIS 6 (required) or if you prefer to configure IIS 7 manually without using the config_windchill.vbs script
IIS returns a 404.3 error rather than serving file types which are not listed in its global MIME types list. This error can be resolved by adding each type individually. Instead, PTC recommends that you can add a wildcard MIME type allowing IIS to serve all unregistered MIME types as binary files.

Configuring IIS and Tomcat

319

IIS 6: 1. From IIS Manager, select the <ComputerName> (local computer) node in the left pane. 2. Select Properties from either the right-mouse contextual menu or the Action menu. 3. Select the <ComputerName> (local computer) node in the left pane. 4. Select MIME Types in the resulting dialog. Then select New . 5. On the Actions pane, click Add... 6. Enter the asterisk (* )for Extension and application/octet-stream for MIME Type . 7. Click OK three times. IIS 7: 1. From IIS Manager, select the <ComputerName> (local computer) node in the left pane. 2. On the middle pane, select MIME Types . 3. On the Actions pane, click Add... . 4. Enter the asterisk (* )for Extension and application/octet-stream for MIME Type . 5. Click OK .

Adding Tomcat Connector to ISAPI Extension List


Note This procedure is for IIS 6 (required) or if you prefer to configure IIS 7 manually without using the config_windchill.vbs script.
To add the Tomcat connector to the list of allowed ISAPI extensions, complete the following steps: IIS 6: 1. 2. 3. 4. 5. 6. From IIS Manager, select the Web Service Extension node in the left pane. In the right pane, select Add a new web service extension... . Enter jakarta for the Extension name in the resulting dialog. Use Add... to add <IISConnectorDir >\isapi_redirect.dll as a required file. Select the Set extension status to allowed checkbox. Click OK .

IIS 7: 1. From IIS Manager, select the <ComputerName> node in the left pane. 2. From the Features (middle) panel, select Isapi & CGI Restrictions . Right click and choose Open Feature . From the actions (right) panel, select Add . 3. Enter "jakarta" for the description.
Windchill Installation and Configuration Guide

320

4. In the ISAPI or CGI Path , click the box to navigate to <IISConnectorDir> \isapi_redirect.dll as the required file. 5. Select Set extension status to allowed . 6. Click OK .

Putting IIS 6 in IIS 5 Isolation Mode


Note This is for IIS 6 only.
To put IIS into IIS 5 isolation mode, complete the following steps: 1. From IIS Manager, select the Web Sites folder in the left pane. 2. Select Properties from either the right-mouse contextual menu or the Action menu. 3. Select the Services tab in the resulting window. 4. Select the Run WWW service in IIS 5.0 isolation mode checkbox. 5. Click OK and approve restart of IIS.

Note The Tomcat filter should not be put on a server with SharePoint when IIS is run in isolation mode.

Improving Performance on IIS


Note This is for IIS 6 only.
Complete the following steps to improve IIS performance: 1. From IIS Manager, select the jakarta virtual directory node in the left pane. 2. Select Properties from either the right-mouse contextual menu or the Action menu. 3. From the Application protection drop-down list in the resulting window, select Low (IIS Process) . 4. Click OK .

Setting Authentication Constraints Required by Windchill


Note This procedure is for IIS 6 (required) or if you prefer to configure IIS 7 manually without using the config_windchill.vbs script.

Configuring IIS and Tomcat

321

Note If you are configuring IIS for use with only Info*Engine and not Windchill, you can skip this section.
In this set of steps, the virtual directory is configured to verify the identity of the users accessing it. Users can be authenticated to prevent unauthorized users from establishing a Web (HTTP) connection to restricted content. To set the required authentication, complete the following steps: 1. Create a directory called servlet within the Windchill codebase directory. 2. Create an empty file name WindchillGW in the servlet directory. 3. From IIS Manager, select the virtual directory created in Creating the Windchill Virtual Directory for IIS 7 on page 318 from the left pane. For example, select Windchill. Then select Refresh from either the right-mouse contextual menu or the Action menu. Performing this action makes the newly created directory visible. 4. Set up the following access controls in IIS for each directory within the Default Web Site: Enable anonymous access for specific directories Enable Basic authentication for all directories Disable Integrated Windows authentication for all directories

The following table lists the directories you will find in Default Web Site and whether to set Enable anonymous access for each directory. In the path listed, <webAppName> refers to the alias of the virtual directory created in Creating the Windchill Virtual Directory for IIS 7 on page 318. Path in Default Web Site jakarta/ <webAppName>/ <webAppName>/servlet/WindchillGW <webAppName>/infoengine <webAppName>/servlet <webAppName>/wtcore/jsp <webAppName>/netmarkets/jsp <webAppName>/com/ptc/wvs/client/jsp <webAppName>/rs/jsp/jsp <webAppName>/install/jsp <webAppName>/pdmlink/jsp Enable anonymous access Yes Yes Yes No No No No No No No No

322

Windchill Installation and Configuration Guide

Enable all of the above directories for Basic authentication using the associated checkbox. Also, disable all of the directories for Integrated Windows authentication by not clicking the checkbox. The steps to accomplish setting access controls for each directory are as follows: For IIS 6: a. Select the virtual directory from the left pane. For <webAppName>/servlet/WindchillGW, you must select <webAppName>/servlet and then select WindchillGW in the right pane. Select Properties from either the right-mouse contextual menu or the Action menu. In the resulting Properties window, select the Directory Security tab. Click Edit . In the resulting window, make the selections indicated previously for the following:

b. c. d. e.

Enable anonymous access Basic authentication Integrated Windows authentication f. Also, in the same window: Select the default domain:

Note To access Windchill, users must be in the default domain that is selected. Type Windchill in the Realm field. Note Entering Windchill in this field is required to ensure the proper functioning of Workgroup Managers.

Configuring IIS and Tomcat

323

The following example window shows the selection of both Enable anonymous access and Basic authentication , as well as the entry of WCQAPUNE.TEST.COM in the Default domain field and of Windchill in the Realm field:

Note Set Enable anonymous access for only the jakarta/, <webAppName>/, and <webAppName>/servlet/WindchillGW directories. g. Click OK in both windows.
Authentication must be set for the first seven paths listed in the table. If any of the paths listed after the first seven paths do not exist in your installation, you can skip them.

324

Windchill Installation and Configuration Guide

Note If additional Windchill products or updates are installed into this instance, they may require additional directories to be authenticated. To check for this case, examine the list of web-app-relative resources for which the Windchill instances requires authentication as recorded in the Windchill instance of apacheConf/config/authResAdditions.xml file. Also note that all entries starting with "servlet" can be ignored as these are already handled by the table above.
For IIS 7 Manual Configuration a. Select the virtual directory from the left pane. For <webAppName>/servlet/ WindchillGW, you must select <webAppName>/servlet. In the middle pane, the select the content view . Then, select WindchillGW in the middle pane, and from the Action pane select Switch to Features view . b. Select Authentication in the middle pane. c. In the resulting view, make the selections previously indicated for the following Authentication names: Anonymous Authentication Basic Authentication d. Select the appropriate authentication and in the Action menu select Disable or Enable as indicated by the previous chart. The following example window shows the selection of both enable anonymous access and basic authentication:

5. Restart IIS. a. Select the <ComputerName> (local computer) node in the left pane. b. Select All Tasks and then Restart IIS from the right-mouse contextual menu. c. Click OK .

Enabling the Default Domain and Realm for IIS7


Use the following procedure to enable the default domain and realm for IIS with basic authentication:

Configuring IIS and Tomcat

325

1. From the left pane of the IIS Manager , select the node <ComputerName> and in the middle pane, select Authentication . 2. Under the Authentication types listed, select Basic Authentication and in the Action pane, click Edit . 3. Enter the appropriate Default domain: and Realm: values. The default value used for Realm by Windchill with the bundled Apache web server is "Windchill".

Giving IIS Users Appropriate Permissions


Verify that IIS users have appropriate permissions. Navigate to the directory <tomcat>/connectors/conf and add a generic users group that has read permissions for the workers.properties file.

Configuration Summary
At this time, IIS and Tomcat are configured for Arbortext Publishing Engine and Windchill. To complete your IIS and Tomcat configuration activities, you should: If you have installed Windchill, test the Windchill solution that you intend to use with IIS and Tomcat. Installing Windchill is described in this guide. Administrative activities for Windchill are described in the Windchill Business Administrator's Guide. If you want to use Active Directory Server (ADS) as your enterprise LDAP service, you can do so by configuring Windchill to use it. For details on how to configure Windchill, see the Configure Windchill to Use an Enterprise Directory chapter in this guide.

Additionally, the isapi_redirect connector has additional advanced configuration options and capabilities beyond what is covered in this chapter. For more information, see <Tomcat>\connectors\doc\index.html.

326

Windchill Installation and Configuration Guide

16
Configuring IBM HTTP Server AIX
Installing HTTP Web Server ..................................................................................... 328 Installing Windchill components ................................................................................ 328 Restarting the IBM HTTP Server............................................................................... 328

The instructions in this chapter provide the details to configure IBM HTTP Server on an AIX platform for use with Windchill solutions.

327

Installing HTTP Web Server


Install the following components for the IBM WebSphere Application Server as directed by the IBM documentation: IBM HTTP Server Note the following configuration options:
IBM HTTP Server

When the IBM HTTP Server Plug-in for the IBM WebSphere Application Server check box appears, clear the check box. Once you have installed WebSphere, extract the following file to the IBM HTTPServer home directory.
imbHTTPServerManualOverlay.zip

This file is located under the Apache/ManualInstall directory on the Third Party Applications CD (CAPPS CD).

Note Any time the overlay is applied, any manual configurations in this file will need to be redone as this step overwrites the custom configuration.

Installing Windchill components


When you are installing your Windchill solution, when prompted for Apache, select Configure to an Existing Apache and use the HTTP Server directory as the directory for Apache.

Restarting the IBM HTTP Server


Use the information in the following sections to restart the IBM HTTP Server:

Restarting IBM HTTP Server


To stop and restart HTTP Server, perform the following steps: 1. Change directory to
<HTTPServer>/bin directorywhere<HTTPServer>

is the directory where the server is installed. For example if the installation directory is
/usr/HTTPServer/binthen

328

Windchill Installation and Configuration Guide

enter the following:


cd /usr/HTTPServer/bin

2. Use the following commands to stop and restart the server:


./apachect1 stop ./apachect1 start

Configuring IBM HTTP Server AIX

329

17
Configuring Apache and Tomcat With Other Options
Before You Begin..................................................................................................... 332 Setting Up Apache Ant............................................................................................. 332 Configurations When Apache is Installed Remotely .................................................... 334 Running Apache as a Windows Service .................................................................... 336 Running Tomcat in Development Mode ..................................................................... 337 Apache and Info*Engine Installed With Different Users ............................................... 337 Installing Apache A Second Time.............................................................................. 338 Configuring Apache for IPv6 ..................................................................................... 338 Configuring a Non-PTC Apache (manual installation) ................................................. 339 Specifying Web Server Authentication....................................................................... 340

This chapter provides additional instructions to configure Tomcat and Apache for other options.

331

Before You Begin


The typical installation and configuration scenario for Apache is that Apache is installed on the same machine as Windchill (local) and configured to support HTTP requests. Tomcat must be installed on the Windchill machine, as this is the only scenario PTC supports at this time. There are, however, other scenarios you may have for your environment, for example, running Apache on a machine other than Windchill (remote), reinstalling Apache after its initial installation, or running Apache in a more secure environment such as HTTPS. The additional instructions in this chapter include: Setting Up Apache Ant on page 332 Apache Ant is a Java-based build tool used by PTC to configure and reconfigure Apache (and Tomcat) for Info*Engine and Windchill. Configurations When Apache is Installed Remotely on page 334 Instructions for configuring Apache when it is installed on a different machine than Windchill. Running Tomcat and Apache As Windows Services on page 336 Setting up Tomcat and Apache as a Windows service using Ant. Installing Apache A Second Time on page 338 Configurations for a subsequent installation of Apache that overlays the initial version installed. Configuring a Non-PTC Apache (manual installation) on page 339 Configurations for using an existing Apache installation with Windchill. Specifying Web Server Authentication on page 340 Using Ant commands to specify various web server authentication items for Apache.

For information on setting up HTTPS on Windchill and Apache, see the Completing Configurations - Manual Steps chapter in the Windchill Installation and Configuration Guide and the Windchill Considerations for Security Infrastructures in the Windchill System Administrator's Guide.

Setting Up Apache Ant


Apache Ant is a Java-based build tool that has been bundled (and installed) with Windchill. It is located in the root level of the Windchill installation directory. It it is also available on the Windchill Third Party Software CD.

332

Windchill Installation and Configuration Guide

To use Ant, it must be located on the machine where the configurations are to take place, the access permissions must be set appropriately, and the environment variables set for Ant. At that point, Ant can be executed from the command line. 1. Install Ant If the configurations are taking place on a machine other than the Windchill machine, or if the user performing the configurations does not have sufficient access permissions to the Ant files in the Windchill directory, then you must install Ant to a new location. a. Select location where Ant should be installed (different machine or new directory on the Windchill machine) and create an installation directory for Ant, for example: Windows: C:\ptc\Windchill_10.0\ant UNIX: /opt/ptc/Windchill_10.0/ant b. Insert the Windchill Third Party Software CD in the CD-ROM. c. Copy the ant.tar.gzip file for UNIX or the ant.zip file for Windows from the /Apache/ManualInstall/ directory to the Ant directory. d. Set the access permissions as required for the install user. 2. Uncompress the Ant file. Ant is packaged as a compressed file and it must be uncompressed before it can be used in application. This step must be performed for all installations of Ant, including the Ant files located in the Windchill installation directory. Windows unzip ant.zip UNIX gunzip ant.tar.gzip tar -xf ant.tar 3. Set the following environment variables: ANT_HOME = <Ant installation directory> JAVA_HOME= <J2SE SDK install directory> PATH update to include <ANT_HOME>\bin On Windows, <ANT_HOME> is %ANT_HOME% On UNIX, <ANT_HOME> is $ANT_HOME

Configuring Apache and Tomcat With Other Options

333

Note These environment variable settings are not required once Windchill Services is installed and delivers the windchill shell. The windchill shell sets the necessary environment variables for you, at which point, Ant can be run. Once the windchill shell is available and if you have reason to use Ant after Windchill Services is installed, then run the Ant command from the windchill shell. 4. To test Ant, at the command prompt execute the following command:
ant -help

You can also use the help command to review the other execution options available with Ant and to verify the Ant syntax.

Configurations When Apache is Installed Remotely


If you have elected to run Apache on a remote system (on a machine different than Windchill, also known as a split configuration), then Apache must be able to recognize changes to the Windchill configuration environment and the Apache user account must have read privileges to the Windchill codebase directory. As changes occur in the Windchill configuration that impact the running environment, the changes are not automatically applied to the Apache installation. Consequently, you must manually update Apache with the most current Windchill environment settings. Apache must be updated with changes to the Windchill installation whenever the Tomcat and Windchill configuration files are modified, such as when a Windchill application is installed or modified. During a Windchill application installation, environment settings particular to the installation are captured and applied to the Tomcat and Windchill configuration files. Therefore, for the same changes to be recognized by Apache, the configuration files must be copied to the Apache machine and updated using Ant. Theoretically, these instructions should be executed following the installation of any Windchill application in order to capture the most current changes made to the Windchill configuration. However, if you are installing a suite of Windchill products, then you can simply perform these instructions after all the Windchill products are installed (or a group of them are installed) to capture the most recent environment changes. To implement these instructions you will use the Apache Ant utility. 1. Install Apache using the Apache installer and the instructions provided to perform the installation. 2. Install and configure Apache Ant for the machine where Apache is installed. See Setting Up Apache Ant on page 332.

334

Windchill Installation and Configuration Guide

3. Copy the content of the <Windchill>/apacheConf/config directory and the <Windchill>/apacheConf/config-WHC directory to a directory of choice on the Apache machine. The apacheConf/config and apacheConf/config-WHC directories contain configuration files for Tomcat and Windchill. The content of these files is dynamic and changes to accommodate the installation of a Windchill application. 4. Create a shared file system of the Windchill codebase directory for Apache that meets your site requirements. There are several methods available to establish a shared file system, use a method appropriate for your site. The objective is to allow Apache to access the contents of the Windchill codebase directory. Set access for the shared file system so that the Apache user account has read permission to the Windchill codebase and Windchill Help Center directories. For example: Windows: C:\ptc\Windchill_<release_level>\codebase and C:\ptc \Windchill_<release_level>\WHC (where C:\ptc \Windchill_<release_level> is the default installation directory for Windchill) UNIX: /opt/ptc/Windchill_<release_level>/codebase and opt/ptc/ Windchill_<release_level>/WHC (where /opt/ptc/ Windchill_<release_level> is the default installation directory for Windchill) 5. Perform the following to apply the most recent Tomcat, Windchill, and Windchill Help Center changes to Apache: Change directory to the location where you copied the apacheConf/config files on the Apache machine and execute the following Ant command (entire string on one line) ant -f applyApacheWebAppConfig.xml -DAPACHE_HOME=<file path to Apache installation> If the Apache installation from step 1 was done on an HP-UX system, it is necessary to run the following Ant command from <Apache_Home> to enable the installed Apache to access the remote Windchill solution:
ant -f config.xml configureJkWorkers DMOD_JK_HOST=<tomcat_host> DMOD_JK_AJP13_PORT=<tomcat_listening_port>

Change directory to the location where you copied the apacheConf/configWHC files on the Apache machine and execute the following Ant command (entire string on one line):
ant -f applyApacheWebAppConfig.xml -DAPACHE_HOME=<file path to

Configuring Apache and Tomcat With Other Options

335

Apache installation> -DdocBase=<file path to Windchill WHC>

Running Apache as a Windows Service


To set up Tomcat or Apache to run as a Windows service, complete these instructions.

Running Apache as a Windows Service


Instructions to configure Apache as a Windows service have been provided using the Apache Ant command and without the Ant command. Without Ant Execute this command from the Apache/bin directory:
apache -k install -n <ServiceName>

Where <ServiceName> is a unique name to reference this service. If you have Apache Ant installed, you can implement using the Ant command. With Ant Execute the Ant command from the Apache root directory:
ant -f config.xml installService -DserviceName=< ServiceName>

Where <ServiceName> is a unique name to reference this service.

Uninstalling the Apache Windows Service


Instructions to uninstall the Apache Windows service have been provided using the Apache Ant command and without the Ant command. Uninstall without Ant Execute this command from the <Apache>/bin directory.
apache -k uninstall -n <ServiceName>

Where <ServiceName> is the name you gave the Apache Windows service when you created it. Uninstall with Ant Execute this command from the <Apache> directory.
ant -f config.xml uninstallService -DserviceName <ServiceName>

Where <ServiceName> is the name you gave the Apache Windows service when you created it.

336

Windchill Installation and Configuration Guide

Running Tomcat in Development Mode


When developers are working on customizations to a solution, you can run Tomcat in development mode. In this mode, Tomcat automatically recompiles JSP files when changes are made. To change to development mode: 1. Start a windchill shell and change to the Tomcat installation directory. 2. Enter the following command:
ant -f config.xml configureJspEngine -Dmode=dev

After development is complete, return to normal operation by entering:


ant -f config.xml configureJspEngine -Dmode=prod

Apache and Info*Engine Installed With Different Users


If you installed Apache and Info*Engine using different user accounts, and Apache and Info*Engine are installed on the same machine (for example, if on a UNIX machine you installed Apache as a root user and Info*Engine as a non-root user), then the Info*Engine user account will not have privileges to update the Apache files. In this case, use the following instructions to configure Apache for Info*Engine. To execute these commands, Apache Ant must be installed 1. Log in as the user that installed Apache. 2. Change directory to <Windchill>/apacheConf/config to access the files referenced in the command string. 3. From the command line, execute the following command:
ant -f applyApacheWebAppConfig.xml -DAPACHE_HOME=< Apache>

Where <Apache> is the directory location where Apache is installed.

Note Use this same command to add authentication rules for either Windchill PDMLink or Pro/INTRALINK when either of these Windchill solutions have been installed and the Add Servlet Authentication Rules for Apache installation option was not selected.

Configuring Apache and Tomcat With Other Options

337

Installing Apache A Second Time


If you installed Apache a second time (in a new location or in the same location but chose not to preserve the initial configuration), or you bypassed the option to configure Apache when you installed Windchill, then use the following instructions to configure Apache for Windchill. To execute these commands, Apache Ant must be installed: 1. Perform the following: Change directory to <Windchill>/apacheConf/config to access the files referenced in the command string and execute the following from the command line:
ant -f applyApacheWebAppConfig.xml -DAPACHE_HOME=< Apache>

Where <Apache> is the directory location where Apache is installed. Change directory to <Windchill>/apacheConf/config-WHC to access the files referenced in the command string and execute the following from the command line:
ant -f applyApacheWebAppConfig.xml -DAPACHE_HOME=< Apache>

Where <Apache> is the directory location where Apache is installed.

Configuring Apache for IPv6


From <apache_home> in a Windchill shell run:
ant -f config.xml configureForIPv6 DIPv6_Interface=<IPv6_Address> -DIPv4_Interface=<IPv4_Address>

The IPv6 Address must be enclosed in brackets. For example:


ant -f config.xml configureForIPv6 DIPv6_Interface=[11:22:33:44:55:66:77:88] DIPv4_Interface=12.34.56.78

If not specific as parameters, the IPv6 address will default to [::1], localhost, and the IPv4 address will default to 0.0.0.0, all available listening interfaces. Running this target will result in Apache listening for both IPv6 and IPv4 requests over HTTP and HTTPS. The listening ports used will be those currenlty used. For additional details, review the configureForIPv6 target in config.xml by running:
ant -f config.xml -projecthelp.

338

Windchill Installation and Configuration Guide

Configuring a Non-PTC Non-PTC Apache (manual installation)


If you already have Apache installed and it meets the version criteria defined in the Windchill matrices, then you can use this version of Apache for Windchill with some minor alterations. In order for your version of Apache to work with Windchill: The Apache binary must be configured so that it functions properly for Windchill (without any intervention or modification using PTC products). Apache must include the appropriate LDAP authentication modules and the conf files must load them properly. With Apache 2.2, the modules are part of the Apache source. Apache must include the proxy and mod_proxy_ajp modules and the conf files must load properly. Also, the configuration line that loads the mod_proxy and mod_proxy_ajp modules must precede the configuration line that includes additions.conf. PTC does not provide the module files to support this scenario. The modules are part of the Apache 2.2 source.

Caution Warning for Windows users. An installation of Apache on or under a Windows drive letter obtained by using the Windows Map Network Drive utility (for example, Windows Explorer > Tools) is not supported. Apache does not operate reliably when located on a mapped drive. Instead, select a local drive such as C or D for installation.
Complete the following instructions to alter your Apache installation for Windchill. After these changes are applied, the PTC installers and Ant scripts will be able to modify your version Apache in the same manner and with the same updates as the PTC-supplied Apache. 1. Configure your Apache so that the PTC installers can process it. PTC has provided files to overlay and add to your Apache installation. The files are located on the Windchill Third Party Software CD in the Apache/ ManualInstall directory. These files must be expanded into your Apache installation to enable the PTC installers to configure your Apache. a. Insert the Windchill Third Party Software CD. b. Navigate to the Apache/ManualInstall directory. c. Expand the compressed files for your platform into the <Apache> directory (root level). Windows: Unzip the files. UNIX: Unzip and untar the files.

Configuring Apache and Tomcat With Other Options

339

Note Any time the overlay is applied, any manual configurations in this file will need to be redone as this step overwrites the custom configuration.
2. Edit the <Apache>/conf/httpd.conf file and add the following lines:
AddDefaultCharset Off BrowserMatch "MSIE" force-no-vary

Note The BrowserMatch entry is used to address a Microsoft Internet Explorer bug that impacts Windows clients.
3. Save your changes and close the file. 4. Execute the following script after applying the HP-UX Apache overlay: Non HP-UX
ant -f config.xml configureAJPWorkers -DAJP_PORT=<tomcat_listening_port> DAJP_HOST=<tomcat_host> -DAJP_WORKER_NAME=<ajp_worker>

Replace <tomcat_listening_port> with the port number tomcat is configured to listen on. The default is 8010. For additional information on specifying the parameters, execute:
ant -f config.xml -projecthelp

This completes the changes for your Apache.

Specifying Web Server Authentication


PTC has provided several methods (Ant scripts) to improve and simplify the configuration of the Apache Web server for Windchill. A commonly used script is the webAppConfig.xml Ant script. For example, it is used by the installers (along with config.xml) to perform the configuration of Apaches management of the Windchill Web application. Other webAppConfig.xml uses include: Manages the generation (and regeneration) of the app-<Web application>Auth.conf and app-<Web application>.conf files. These files contain the authentication parameters for the Windchill products. They are reproduced in their entirety each time an update occurs, thus, manual changes applied to the files are lost. Ensures that the Web application settings that apply to the Windchill system are applied to all the entries in the app-<Web application>-Auth.conf file.

During the update, the webAppConfig.xml script retains the existing data in the file while it applies the new changes saving you the effort of entering the data that already exists.

340

Windchill Installation and Configuration Guide

Note When either Windchill PDMLink or Pro/INTRALINK 10.1 has been installed and the Add Servlet Authentication Rules for Apache installation option was not selected, then the ant script described in Installing Apache A Second Time on page 338 must be run to complete the Apache configuration.
The following sub-sections provide instructions to implement various Windchill authentication strategies using the webAppConfig.xml Ant script.

Specifying a Resource (URL) to Authenticate


By default, Windchill does not configure Apache to require authentication of the Windchill URLs. Windchill does not require authentication. To specify that a given directory, file, or servlet (and URL within the Windchill Web application), be authenticated by Apache, you can execute the following command to set authentication for Windchill. The command must be run from the Apache root directory and the command string must be entered on one line:
ant -f webAppConfig.xml addAuthResource -DappName=<Web application name) -Dresource=<relative URL of resource to authenticate>

Where <Web application name> is the Web name you assigned to Windchill and where <relative URL of resource to authenticate> is the relative path from the Web application to the resource to authenticate, for example, the section for the URL after http[s]://hostname:port/.../<Web application name>/... The <relative URL of resource to authenticate> can be a directory, for example, wtcore/jsp, in which case it applies to everything in that directory, or a particular file, for example, foo/info. html. For example, to require authentication to access the IE servlet in an installation where the Web application name is MyInfoEngine, the command would look like:
ant -f webAppConfig.xml addAuthResource -DappName=MyInfoEngine -Dresource=servlet/IE

LDAP Configuration
For Apache 2.2, multiple LDAP URLs can be defined for authentication. Apache 2.2 uses named authentication providers for each LDAP URL. By default, the providers are [WebAppName]-EnterpriseLdap and [WebAppName]AdministrativeLdap. When a provider name is specified, "[WebAppName]-" is automatically pre-pended to the provider name in the Apache configuration.

Specifying an LDAP URL for Authentication


To specify an LDAP URL to use as the basis of authentication from Apache, issue the following command. The command string must be entered on one line:
Configuring Apache and Tomcat With Other Options

341

Apache 2.2
ant -f webAppConfig.xml addAuthProvider -DappName=< Web application name> -DproviderName=<LDAP provider Name> -DldapUrl=<LDAP URL>

In Apache 2.2, this command can be used to add additional LDAP URLs for authentication. To add users to the LDAP, consult the Windchill Directory Server Administrator's Guide.

Specifying a Bind DN for the LDAP URL


To specify a bind DN and password through which the LDAP URL should be accessed, for example, when the LDAP does not allow anonymous bind access, then issue the following command. The command string must be entered on one line: Apache 2.2
ant -f webAppConfig.xml addAuthProvider -DappName=<Web application name> -DldapUrl=<ldap Url> -DproviderName=<LDAP provider name that needs bind credentials> -DbindDn=<bindDN> -DbindPwd=<bindPassword>

Configure Authentication Realm Name


The authentication realm name appears in the authentication name and password log in dialog window. The default value is Windchill. To change this value, the variable must be manually configured. To change the realm name, the ant command is executed from the command line. The command must be run from the Apache root directory:
ant -f webAppConfig.xml regenWebAppConf -DappName=< your Web application name> -DauthRealm=<your realm name>

Where <your Web application name> is the Web application name you assigned, for example, Windchill. Where <your realm name> is a value of your choice.

342

Windchill Installation and Configuration Guide

18
Configuring Windchill to Work with a Remote Apache
Background ............................................................................................................ 344 Configuring a Split Configuration............................................................................... 344 Additional Apache Configurations ............................................................................. 345

This section describes how to configure Windchill to work with a remote Apache server, including split configurations and additional Apache configurations.

343

Background
This section describes the configuration necessary to run Windchill with Apache installed on a machine other than the machine that Windchill is installed on. This configuration is known as a split configuration. PTC recommends that you first get Windchill running with Apache installed on the same machine as Windchill before reconfiguring Windchill to work in a split configuration. This ensures that you have functional configurations for both Windchill and Apache. After the system is running with Apache installed locally, you then migrate the Apache configuration to an Apache installation on the remote machine. Note that the remote Apache must be updated with changes to the Windchill installation whenever the Tomcat and Windchill configuration files are modified, such as when a Windchill application is installed or modified. Refer to the section titled Configuring Apache as a Standalone Component. Finally, you perform configuration updates on Windchill to enable it to work with the remote Apache server. The procedure described here includes instructions to enable Remote Method Invocation (RMI) tunneling. This is not always required, but is included because oftentimes the same security concerns that influence the decision to implement a split configuration also discourage the use of direct RMI to the Windchill server.

Configuring a Split Configuration


This procedure refers to the following variable elements: <webapp> - The web application context root for Windchill that you entered when installing Info*Engine, for example "Windchill". <Windchill_hostname> - Fully qualified host name of the Windchill host <remote_Apache_hostname> - Fully qualified host name of the machine Apache will run on. <taskdispatcher_minport> - value of the wt.adapter.simpleTaskDispatcher.minPort property in Windchill 1. Following the instructions in this guide, install and configure Windchill together on a machine with its Apache web server. Verify that you can access the Windchill server using a web browser through Apache (see Using a URL to Access Windchill on page 454 in the chapter, Starting and Stopping Windchill on page 452). 2. Install Apache on the remote machine using a different hostname than the Windchill server, updating its configuration to enable it to recognize the Windchill installation. 3. Restart Apache on the remote machine.
Windchill Installation and Configuration Guide

344

4. Update wt.properties on the Windchill server.

Note When updating the wt.properties file, use the xconfmanager utility from within a windchill shell. .
Set the following properties and propagate to wt.properties:
wt.rmi.clientSocketFactory=wt.boot.WTRMIMasterSocketFactory wt.rmi.serverSocketFactory=wt.util.WrappedRMISocketFactory wt.rmi.javarmicgi=servlet/JavaRMIServlet wt.server.codebase=http://<remote_Apache_hostname>:<webserver port>/<webapp>

For more information, see RMI-over-HTTP and Server-Side Reverse Proxy Servers sections in the Windchill System Administrator's Guide. 5. Restart the Method Server. 6. Access the Windchill server using http://<remote_Apache_hostname>/ <webapp>

Configuring Windchill Index Search in a Split Configuration


Perform the following steps to configure Windchill Index Search with a split configuration: 1. Manually change the config.properties of the remote Apache for solrAjpHost to the Windchill host name and solrWorkerEnabled to true. 2. Execute the following command on the remote Apache: ant -f config.xml reconfigure 3. Copy the <Windchill>/apacheConf/config-solr directory to a desired location on the Apache host; for example, remote_apache_config. 4. Run the following ant script from the remote_apache_config/config-solr directory: ant -f applyApacheWebAppConfig.xml -DAPACHE_HOME= <remote_Apache_home> -DdocBase= =<file path to Windchill \solr-webapp>

Additional Apache Configurations


To allow external ADS users to login to Windchill the following settings must be added to the Apache Config: apacheWebApp.ldapUrl apacheWebApp.anonBind

Configuring Windchill to Work with a Remote Apache

345

apacheWebApp.bindDN apacheWebApp.bindPwd
-s ldapUrl="ldap:// -s anonBind=false -p -s bindDn="<DN>" -p -s bindPwd=<PWD> p

These settings can be propagated using the following commands:


xconfmanager -t apacheConf/config/apacheWebAppConfig.properties <LDAP_SERVER>/<SEARCH_BASE>?<user.uniqueIdAttribute>?sub" -p xconfmanager -t apacheConf/config/apacheWebAppConfig.properties xconfmanager -t apacheConf/config/apacheWebAppConfig.properties xconfmanager -t apacheConf/config/apacheWebAppConfig.properties

To propagate these settings from a Windchill shell on Windows use the following command:
cd /d %WT_HOME%\apacheConf\config ant -f applyApacheWebAppConfig.xml

Restart Apache and Windchill.

346

Windchill Installation and Configuration Guide

19
Configuring Additional Enterprise Directories
About Configuring Additional Enterprise Directories.................................................... 348 Integration with Established Enterprise Directory Services .......................................... 349 Create and Configure the JNDI Adapter..................................................................... 354 Create a Repository Definition .................................................................................. 359 Modify the wt.properties File ..................................................................................... 360 Set Authentication in the MapCredentials.xml File ...................................................... 361 Update the Apache Configuration ............................................................................. 363 Verify Your Changes ................................................................................................ 364 User and Group LDAP Attribute Value Mapping.......................................................... 364

The following topics describe how to manually configure additional enterprise LDAP directories for use with Windchill.

Note A Windchill JNDI adapter is automatically configured as part of the Windchill installation process to interact with the enterprise directory. No further manual configuration is required. Continue with the following topics if additional adapters are required or for additional information on how to modify the configuration as defined during the installation. For information on configuring the enterprise directory, see Entering Your LDAP Settings on page 151.

347

About Configuring Additional Enterprise Directories


You can connect to any Version 3 compliant LDAP directory or Microsoft Active Directory Service. If you are already using an enterprise LDAP service, you can continue to use that service to maintain user information. To do this, you can configure Windchill so that it can also access user information by querying entries through a JNDI adapter. However, Windchill typically does not create, update, or delete entries in an enterprise directory, as that capability might be limited to other parts of the organization. This means that Windchill cannot be used to administer user information in your enterprise LDAP service; you must use separate administration tools instead. However, Windchill must have the ability to update group information and organization information; therefore, these must be stored in an LDAP server, such as the Windchill Directory Server, that provides full access Windchill. As a result, in this scenario you would maintain two different LDAP directories in support of Windchill. Before You Begin Before you begin, you should have: Installed and configured the LDAP directory that you intend to connect to Windchill. For more information, see Entering Your LDAP Settings on page 151. A copy of the JNDI Adapter Guide A copy of the Info*Engine User s Guide A copy of the Info*Engine Implementation Guide

These guides are available from the PTC Reference Documents site: https://www.ptc.com/appserver/cs/doc/refdoc.jsp To connect an existing LDAP directory to Windchill, complete the following tasks. Where applicable, explicit instructions for a Microsoft Active Directory have been provided. Otherwise, the instructions apply to any LDAP directory: 1. Create a JNDI adapter entry for your directory and set additional properties: Create and Configure the JNDI Adapter on page 354 2. Create a repository definition that informs Windchill how to query and manage information in the directory: Create a Repository Definition on page 359 3. Identify the directory in Windchill by modifying the wt.properties file: Modify the wt.properties File on page 360 4. Set administrative access control privileges for the directory by modifying the MapCredentials.xml file: Set Authentication in the MapCredentials.xml File on page 361

348

Windchill Installation and Configuration Guide

5. Update your Apache configuration: Update the Apache Configuration on page 363 6. Restart Windchill servers and verify the changes: Verify Your Changes on page 364. 7. Ensure that LDAP attribute values are mapped correctly: User and Group LDAP Attribute Value Mapping on page 364

Integration with Established Enterprise Directory Services


Windchill Organization Services is the Windchill subsystem that is responsible for providing and managing information about principals (users, groups, and organizations). Windchill Organization Services integrates with LDAP-based directories to obtain and maintain information about users, groups, and organizations. The primary source of information about every Windchill principal is the LDAP directory service. This level of integration with LDAP-based directories makes Windchill compatible with other enterprise applications that obtain information about principals from the LDAP directory service, including web servers, enterprise email, single sign-on solutions, and Public Key Infrastructure (PKI). Directory-enabled administration of principals has a number of advantages including: Enables single user sign-on across the enterprise. When multiple enterprise applications authenticate their users against a common, shared directory service, the concept of a single user sign-on is achieved. This avoids the necessity of creating and maintaining a separate username and password for each enterprise application (or each instance of Windchill deployed in an enterprise). Minimizes the cost of administration. When multiple directory-enabled applications obtain their information about principals from a single, shared directory service, it becomes unnecessary to duplicate, maintain, or synchronize that information in multiple places. It also becomes unnecessary to deploy and maintain multiple user interfaces for creating and managing that information. Enables Public Key Infrastructure. Secure exchange of business data based upon digital signature technology, both within and between enterprises, requires that public keys be registered in a place that is easy to access and maintain. Shared, standards-based directory services such as LDAP directories are very convenient registries for public keys. A persons public key can be registered in a directory entry along with all of the other information that describes that person (for example, name, email and postal addresses, telephone and fax numbers, and so on).

Configuring Additional Enterprise Directories

349

User Information The Windchill class wt.org.WTUser provides applications with information about their users. Every Windchill user must have an entry in an LDAP directory service. The information conveyed by an instance of wt.org.WTUser is obtained from the corresponding user s LDAP directory entry. In particular, each instance of this class provides the following information about its user: name Specifies the unique name of the user within the scope of the directory context in which the user s entry resides. fullName Specifies the user s full name. eMail Specifies the user s email address locale Specifies the user s locale, primarily for generation of email notifications addressed to the user. certificates Specifies any public certificates registered for the user (for example, for verifying digital signatures or for encrypting information that only the user can decrypt). postalAddress Specifies the user s postal address. organizationName Specifies the name of the organization (for example, company or university) with which the user is employed or associated. telephoneNumber Specifies the user s telephone number. faxNumber Specifies the user s fax number. mobilePhoneNumber Specifies the user s cell phone number. webSite Specifies the URL of the user s website. Group Information The Windchill class wt.org.WTGroup provides applications with information about related groups of users. Every Windchill group must have an entry in an LDAP directory service. The information conveyed by an instance of wt.org.

350

Windchill Installation and Configuration Guide

WTGroup is obtained from the corresponding groups LDAP directory entry. In particular, each instance of this class provides the following information about a group: name Specifies the unique name of the group within the scope of the directory context in which the entry of the group resides. description Provides descriptive text about the organization. members Specifies the users or groups that are members of the organization. Organization Information The Windchill class wt.org.WTOrganization provides applications with information about organizations (for example, companies, universities, government institutions). Every organization referenced by Windchill must have an entry in an LDAP directory service. The information conveyed by an instance of wt.org. WTOrganization is obtained from the corresponding LDAP directory entry of the organization. In particular, each instance of this class provides the following information about an organization: name Specifies the unique name of the organization within the scope of the directory context in which the entry of the organization resides. organizationIdentifier Specifies the globally unique identifier under which the organization is registered. This might be a DUNS number, ISO organization identifies, or cage code. description Provides descriptive text about the group. members Specifies the users or nested groups that are members of the group. administrator Specifies the user or group that serves as administrator of the organization. classification Specifies the business classification of the organization. conferencingIdentifier Specifies an identifier that is used in conjunction with the conferencingURL attribute to create or subscribe to meetings and conferences scheduled by the organization. conferencingURL Specifies the URL of a service that can be used to create or subscribe to meetings and conferences scheduled by the organization.
Configuring Additional Enterprise Directories

351

internetDomain Specifies the name of the web domain associated with the organization. location Specifies the postal address of the organization. subscriber Specifies whether or not the organization is a subscriber to a web exchange hosted by Windchill. webSite Specifies the URL of the organization website. While all of the detailed information about each user, group, and organization comes from an LDAP directory, some information about each one is also stored in the Windchill database. Each such database entry serves mainly as a pointer to an LDAP directory entry, but it also contains Windchill-specific information about a user, group, or organization (for example, the Windchill administrative domain in which the principal resides), and it allows Windchill object references for users, groups, and organizations to be constructed and associated with other classes of Windchill objects (for example, creator, modifier, and owner references for parts and documents). Windchill Organization Services is responsible for interfacing with LDAP directories to query and manage information about Windchill principals. This includes mapping directory attributes to and from the Windchill classes wt.org. WTUser, WTUser wt.org.WTGroup, wt.org.WTGroup and wt.org.WTOrganization. wt.org.WTOrganization It also includes the automatic creation and management of the database entries that reference entries or principals in directory services.

Bundled and Third-Party Third-Party Directory Services


Windchill obtains information from LDAP directory services about both users and groups as well as system infrastructure. This includes Info*Engine configuration information as well as information about Windchill task delegates and information repositories. Windchill uses standards-based directory service APIs to communicate with LDAP directory services. Theoretically, therefore, Windchill can access and interact with any directory service that implements the Internet-standard LDAP Version 3 protocol. Differences do exist between different LDAP-based directory products. For example, the scalability, performance characteristics, and extended schema supported by various LDAP directory implementations differ, so Windchill imposes some restrictions on the directory solutions that it supports. Windchill includes and requires a bundled LDAP directory server named the Windchill Directory Server. The Windchill Directory Server satisfies all of the directory service requirements for Windchill, and can hold information about Windchill users and groups, as well as all of the directory-based infrastructure information for

352

Windchill Installation and Configuration Guide

Windchill. In fact, Windchill requires that its infrastructure information be held by the Windchill Directory Server. On the other hand, Windchill allows information about users and groups to be held in another LDAP directory if desired. Thus, Windchill can be configured to interact with multiple LDAP directory servers simultaneously. At least one of these must be the Windchill Directory Server, and the Windchill Directory Server must contain all of the directory-based infrastructure information for Windchill (for example, Info*Engine configuration properties and Windchill Federation configuration information). Windchill can obtain information about users and groups from any LDAP directory service that complies with Internet LDAP Version 3 standards, including, but not limited to, the Windchill Directory Server. Because Windchill must have the ability to update Windchill group and organization information, this information must be stored in an LDAP server, such as the Windchill Directory Server, that provides full access to Windchill.

Configuration Options Using Enterprise Directory Services


The enterprise directory service configuration options for maintaining user, group, and organization information are as follows: Option One Description Issues You can import your existing LDAP A decision must be made regarding the directory user, group, and organization distribution and operational information into the Windchill maintenance of the user, group, and Directory Server. As a result, all user, organization information. You must group, and organization information determine whether the information is resides in the Windchill Directory administered in multiple locations and Server. For information about importing how the information should be users and group information, see the distributed to the users of the information. For example, what Windchill Directory Server directory synchronization processes Administration Guide. must be established to keep information in the Windchill Directory Server up to date? Option Two Description Issues You must select which user User information is maintained in one administration tools to use. You can use or more separate LDAP directories. an LDAP administration tool of your Using this option, the Windchill Directory Server would hold the group choice to maintain information in the enterprise directory as an alternative to and organization information and additional LDAP directories would hold using the Windchill administration

Configuring Additional Enterprise Directories

353

Option Two Description Issues tools. However, if you use the the user information. This option allows the user information Windchill administration tools, then to be split between different directories, Windchill requires write access to the existing LDAP directory. For additional thus addressing the Option One issue information about Windchill about maintenance and distribution of administration tools, see the Windchill the user information in multiple Basic Administration Guide. directories. There are numerous other solutions that require knowledge and expertise regarding the deployment of multiple web servers and multiple LDAP directories in a complex secure environment. Most customers that have an existing LDAP directory will find Option Two to be the least complicated solution. The following topics explain how to implement Option Two.

Create and Configure the JNDI Adapter


When connecting to another naming or directory service (such as an LDAP service), you must create and configure a Java Naming and Directory Interface (JNDI) adapter. The JNDI adapter enables you to connect to the various naming and directory interfaces accessible using the JNDI system, including an enterprise directory server. The JNDI Service Provider Interface (SPI) provides the means by which naming and directory services are integrated into the JNDI framework. To connect to a directory, the JNDI adapter requires the appropriate JNDI Service Providers. The following section explains how to create a JNDI adapter entry and configure the default mapping for user and group properties. Refer to the JNDI Adapter Guide for more information on configuring the JNDI adapter entry and complete descriptions of adapter properties. For more information on creating LDAP entries, see Entering Your LDAP Settings on page 151. The JNDI configuration process essentially consists of two main steps: 1. Create a JNDI adapter entry 2. Set additional properties

Create a JNDI Adapter Entry


Adapter properties are maintained as attributes in Info*Engine adapter LDAP entries. Use the Info*Engine Property Administration utility to add or modify Info*Engine adapter LDAP entries. You can access the property administration utility by navigating to Site Utilities and clicking Info*Engine Administration .

354

Windchill Installation and Configuration Guide

To create a new adapter service LDAP entry, select JNDI Adapter from the Create Entry drop-down menu on the Info*Engine Property Administration main page. Enter values into the form; required fields on the form are indicated with an asterisk (*). For information about using the Info*Engine Property Administration utility, click the online help link available in the administration utility. All adapter LDAP entry forms include the following fields:

Configuring Additional Enterprise Directories

355

Service Name Distinguished Name Runtime Service Name The property administration utility automatically populates the Service Name , Distinguished Name , and Runtime Service Name fields with suggested names. These names are based on information provided when you logged on to the administration utility and also information that is stored in the form:
Service Name Ensure that this name is unique. If you are providing a new

name, give special consideration when using the period character (.) as described below. Distinguished Name Use the name suggested by the property administration utility. If you enter a new service name, the distinguished name field is updated in response. Runtime Service Name This name must be identical to the service name.

You can opt to change these names to match the criteria set up for your site LDAP entries. However, note that the period character (.) has unique significance when naming a new JNDI adapter. Including a period character (.) influences the format of the name that must be used for the corresponding repository definition. Many repository names and repository types specify a hierarchical structure, requiring a value formatted as an Internet domain. Therefore Info*Engine adapters are commonly given names that reflect their relationship to the network in which they are deployed. For example: com.company.host.Ldap Because this service name includes the period character (.), you would need to reverse parts of the name when creating and naming a new repository definition. Therefore, if you choose to name your JNDI adapter com. company.host.Ldap, the corresponding Info*Engine repository must be named: Ldap.host.company.com To avoid this, you can provide an adapter name that does not include the period (.) character. For example, if you name your JNDI adapter EnterpriseDirectory1, then you would also name the corresponding repository definition EnterpriseDirectory1. For instructions on creating a new repository definition, see Create a Repository Definition on page 359.

356

Windchill Installation and Configuration Guide

Note Such naming convention requirements are only necessary when connecting Windchill to an LDAP directory service that maintains user and group information. However, no such requirements are necessary for other Info*Engine integration configurations. Service Class The Service Class property identifies the Java class for the adapter. Use the default provided by the property administration utility.
Serialization Type Host Port Provider URL Specify the URL used to access your enterprise directory server. Search Base Specify the distinguished name of the LDAP node under which all user information is located. All user searches will use this as the base. Directory System Agent User Directory System Agent Credentials These can be used to define the distinguished name and password of the Windchill user who access the enterprise directory. However, PTC recommends that these fields should be left blank and you use the MapCredentials file instead. For more information, see Set Authentication in the MapCredentials.xml File on page 361. Serialization Type Host Port Unless you have a specific reason, all other fields should be left blank. You can find more information on the remaining adapter properties using the following options: Hover your cursor over the property name to view a short description of the property. Click the property name to open a page describing each property. Click the help link available from the form. See the section titled JNDI Adapter Properties in the JNDI Adapter Guide.

Configuring Additional Enterprise Directories

357

Set Additional Properties


Compare your enterprise directory attributes to the Windchill attributes to determine where differences occur. The Windchill user and group attributes are described in User and Group LDAP Attribute Value Mapping on page 364. Use this information when comparing attribute definitions. If a property is not defined on the form, you can add it in the Additional Properties field. When adding additional properties, the property name is comprised of the name of the adapter entry (the value of the Service Name field on the LDAP entry form) followed by the property name. For example: <service_name>.pageSize Set the following additional properties, if necessary. You can add them using the
Additional Properties field on the LDAP entry form:

windchill.config. windchill.config.readOnly readOnly Set this property to TRUE to indicate that the directory does not allow modifications performed through Windchill. Otherwise, the property is not required, or it can be set to FALSE. windchill.config. windchill.config.doesNotContainGroups doesNotContainGroups Set this property to TRUE to indicate that the directory does not contain groups and should not be searched for groups. Otherwise, the property is not required, or it can be set to FALSE. windchill.config. windchill.config.directoryType directoryType This property is only required when using a Microsoft Active Directory; otherwise, disregard this property. Setting this property prompts the adapter to handle some requests in a way that is uniquely compatible with a Microsoft Active Directory: <service_name>.windchill.config.directoryType=ADS Once set, this property automatically enables paged searches. To configure paged searches, use the pageSize and pagedSizeLimit properties. For more information, see the section titled JNDI Adapter Properties in the JNDI Adapter Guide

Note Paged searches can be configured for any directory type, but are only enabled by default when using a Microsoft Active Directory. To enable paged searches for other directory types, set the pageSize property.
windchill.mapping. windchill.mapping.user. user.attributes attributes Specifies the LDAP attributes that are available to Windchill and in the participant cache. For example, a typical attribute accessed by Windchill might be: user.getAttributes().get(<LDAP-attribute-name>); Enter attributes as a comma-separated list.

358

Windchill Installation and Configuration Guide

windchill.mapping. windchill.mapping.usersOrganizationName usersOrganizationName There are two ways to assign an organization name to a user. If a user is not assigned an organization, they cannot access data in any child contexts (such as products, projects, and libraries). The method you use depends on whether or not you need to identify multiple organizations: If your system has multiple organizations and you need to associate different sets of users to different organizations, you can assign an organization attribute to each user entry in the directory server. The value assigned to the organization attribute is the organization the user is assigned to in Windchill. By default, Windchill identifies the o attribute in the directory server when looking up an organization name for the user. If your directory server does not use the o attribute, then you must define the attribute that you are associating with the organization name using the following property:
<service_name>.windchill.mapping.user.o windchill.mapping.user.o= <organization_attribute_name>

Where <service_name> is the service name of the adapter and <organization_attribute_name> is the attribute in your directory server used to associate users with organization names. If all users accessed through a JNDI adapter belong to the same organization, you can assign the users organization name by adding the usersOrganizationName property:
<service_name>.windchill.mapping.usersOrganizationName= .windchill.mapping.usersOrganizationName <organization_name>

The value you set for this property represents the organization name assigned to all users accessed through this adapter. If used, this property overrides any organization attribute defined in user entries in the directory server. Only the value of the usersOrganizationName property is used by Windchill. For more information, see Managing User Access to Data in the Windchill Basic Administration Guide. For more information on mapping attribute values, see User and Group LDAP Attribute Value Mapping on page 364.

Create a Repository Definition


In addition to creating an LDAP adapter entry, you must also create a repository definition for each additional enterprise directory service.

Configuring Additional Enterprise Directories

359

Use the Task Delegate Administration utility to create and manage repository definitions. You can access this utility in two ways: Navigate to Site Utilities and click Task Delegate Administration . From the Info*Engine Property Administration utility, click the Task Delegate Administration link from the property administration main page.

From the Task Delegate Administration utility, perform the following steps: 1. Click the Manage Repository link in the menu on the left. 2. Under the Create Repository section, enter the following values:
Repository Name The service name of the adapter. If your adapter name

includes the period character (.), you must reverse the order of the name components. For more information, see Create and Configure the JNDI Adapter on page 354. Repository Type Select com.ptc.windchill-ldap from the dropdown menu. This is the value for an enterprise directory service used by Windchill. Webject Processor Select the JNDI adapter from the list provided. Task Processor Select the adapter name from the list provided.

Note Both the Webject Processor and Task Processor fields should both be set to the same value as the default LDAP adapter (typically the one used for the Windchill Directory Server). 3. Click Create to create the repository definition.
For more information on the Task Delegate Administration utility, click the Help link available from the utility main page.

Modify the wt.properties wt.properties File


When configuring an additional enterprise directory, you must access the wt.properties file to modify the value of the wt.federation.org. directoryServices property. The value of the wt.federation.org.directoryServices property is a comma-separated list of JNDI adapter names. The list is traversed from left to right when searching for users and groups. The first entry in the list is the name of the default JNDI adapter created during the initial Windchill installation process and which connects to the Windchill Directory Server. To complete this task, you must use the xconfmanager utility. For more information on the xconfmanager utility, see the Windchill Specialized Administration Guide.

360

Windchill Installation and Configuration Guide

From a windchill shell, execute the following commands: 1. To display the current value of the property:
xconfmanager -d wt.federation.org.directoryServices

Note You must copy the current value of the property. When adding additional JNDI adapter names to the value, you must retain the existing values by including them in your updated property value list. 2. Add any additional JNDI adapter names (using the adapter service name) to the existing property value. Use a comma to separate the adapter names.
xconfmanager -s wt.federation.org.directoryServices= <JNDI adapter service names> -t <Windchill>/codebase/wt.properties -p

Where <Windchill> is the Windchill is installation path. For guidelines on specifying multiple property and property value combinations using the xconfmanager utility, see the Windchill Specialized Administration Guide.

Set Authentication in the MapCredentials. xml File


The MapCredentials.xml file is used to specify the authentication access to specific Info*Engine adapters. If there are no entries in the MapCredentials.xml file for a particular adapter, then the default access to the corresponding directory is anonymous. In effect, this means that the Windchill administrator would probably not be able to read or modify the entries (create and update user information) in that directory. If you are manually adding an enterprise directory and you do not want anonymous access, you must set the authentication access to the enterprise directory by adding the newly-created JNDI adapter, distinguished name, and password to an existing property in the MapCredentials.xml file. You can also change the distinguished name or password being used for authentication by changing existing property values. Update the properties in the MapCredentials.xml file using the xconfmanager utility. Any changes made by directly editing the MapCredentials.xml file are overwritten by the xconfmanager utility. For more information on the xconfmanager utility, see the Windchill Specialized Administration Guide.

Configuring Additional Enterprise Directories

361

Note The actual file that stores the property changes is the codebase/WEB-INF/mapCredentials.txt file. Changes to this file should only be made using the xconfmanager utility.
Perform the following steps to define access to the enterprise directory: 1. Determine the distinguished name and password to be used by the Windchill administrator to authenticate to the LDAP directory service. The distinguished name and password you identify in this step are used in later steps of this procedure. 2. If you want to allow Windchill to access group entries or modify group or user information, ensure that the distinguished name identified in Step 1 allows sufficient privileges to read/create/update/delete Windchill objects in the directory server.

Note You can enable access using the windchill.config.readOnly and windchill. config.doesNotContainGroups properties described in Set Additional Properties on page 358. To change the access control privileges set for a user who is defined in LDAP, you must use the directory server administrative tools. 3. Use the xconfmanager utility to modify the MapCredentials.xml file to include the distinguished name and password used by the Windchill administrator to access the directory server (property changes are stored in the codebase/WEB-INF/mapCredentials.txt file).
The property is formatted as follows:
mapcredentials.admin.adapters=<service_name>^<distinguished_name>^<password>

Where <distinguished_name> and <password> are the values identified in Step 1. This is a multivalued property. You can use the xconfmanager add option to add multiple adapter definitions. Use the xconfmanager remove option to remove specific values. For example, assume enterpriseAdapter is the name of the adapter that has been set up for accessing an enterprise LDAP directory server. In this scenario, the distinguished name values are cn=DistUser,o=myCompany and the password is password. The following command adds the authentication access that is required for the LDAP directory:
xconfmanager --add "mapcredentials.admin.adapters= enterpriseAdapter^cn=DistUser,o=myCompany^password" -t "codebase/WEB-INF/mapCredentials.txt" -p

362

Windchill Installation and Configuration Guide

Using the xconfmanager utility to set values for this property ensures that the passwords specified are encrypted. For details on encrypting system passwords, see the Windchill Specialized Administration Guide. If you have made additional customizations to Windchill, you can also set additional authentication access through adapters that have been created for other activities in Windchill that require less access. In this case, use the following the property to add or modify the authentication access to the LDAP directory server identified in the adapter:
mapcredentials.nonprivileged.adapters=<service_name>^<distinguished_name>^ <password>

This specifies the distinguished name and password for a user who does not have Windchill administrative privileges, but still needs access to the established enterprise LDAP adapter. For example, assume newAdapter is the name of the adapter that has been set up for accessing an enterprise LDAP directory server. In this scenario, the distinguished name values are cn=NonprivUser,o=myCompany and the password is password. The following command adds the authentication access that is required for the LDAP directory:
xconfmanager --add "mapcredentials.nonprivileged.adapters= newAdapter^cn=NonprivUser,o=myCompany^password" -t "codebase/WEB-INF/mapCredentials.txt" -p

Note Ensure that the distinguished name you specify here allows sufficient privileges to read the Windchill objects in the directory server.
For additional credentials mapping information, see the Info*Engine User's Guide.

Update the Apache Configuration


You must update the Apache configuration to instruct Windchill to authenticate the enterprise directory users. Modify the app-Windchill.properties file to complete the configuration, and then execute the ant -f webAppConfig.xml regenAllWebApps command. For instructions on completing this task, see Specifying Web Server Authentication on page 340.

Configuring Additional Enterprise Directories

363

Verify Your Changes


Complete these steps to implement and verify your changes: 1. Restart the Windchill servers. 2. Navigate to Site Utilities and click Participant Administration . 3. Click any toolbar icon to create a new group, user, or organization. In the window that opens, the LDAP directory that you added should be included in the Directory Server drop-down menu.

User and Group LDAP Attribute Value Mapping


Windchill uses a subset of user and group LDAP attributes that are defined in an Internet-standard LDAP schema. Your directory might not use the exact directory attributes for user and group entries that Windchill expects by default. When using an enterprise directory for users or groups, you might need to modify which attributes are used in the directory or modify which LDAP object classes define users and groups. This means that when you configure the JNDI adapter you must provide additional attribute-mapping properties to map the default Windchill user and group attributes to the corresponding user and group attributes used by your LDAP directory. You can map property attributes using the Additional Properties section of the LDAP entry form:

The value you enter is saved in the named JNDI configuration property. After the properties are reloaded, they are then used by the directory service. When mapping property attributes in the JNDI adapter, the following formats are used to specify the user, group, and organization attribute properties: Principal User Group Organization Property Format <service_name>.windchill.mapping.user. <map_identifier> <service_name>.windchill.mapping.group. <map_identifier> <service_name>.windchill.mapping.org. <map_identifier>

where: <service_name> is the service name specified for the adapter (the Service Name field in the LDAP property form)

364

Windchill Installation and Configuration Guide

<map_identifier> is the attribute or value that you want to map


The following scenario illustrates how you might set the object class for users: You have assigned the JNDI adapter a service name of EnterpriseDirectory1. In Windchill, the map identifier when setting the object class property is objectClass. objectClass You are mapping this property for users, therefore specify the format windchill.mapping. windchill.mapping.user user. The default object class value in Windchill is inetOrgPerson, but you want to set the value to organizationalPerson.

To set this property, you would complete the following actions under the Additional
Properties section of the LDAP entry form:

1. In the Property field enter: EnterpriseDirectory1.windchill.mapping.user. objectClass 2. In the Value field, enter: organizationalPerson 3. Click Add .

Default User and Group LDAP Attribute Values


The following sections list the default group LDAP object class and attributes used by Windchill and the corresponding object class and attributes used for group objects in other LDAP directories. For Microsoft Active Directory-specific values, see Microsoft Active Directory Attribute Mapping for User and Group Objects on page 368. User Object LDAP Attribute Values The default value in Windchill assigned to the LDAP user object class: Windchill User Object Class <map_identifier> objectClass Description Specifies the LDAP object class value that defines users in the directory service. LDAP Object Class Default Value inetOrgPerson

Configuring Additional Enterprise Directories

365

The following table lists the default LDAP values for user objects recognized by Windchill. If necessary, use the <map_identifier> to change the corresponding default attribute value for your LDAP directory: Windchill LDAP User Attributes <map_identifier> Description Default Value cn cn Identifies the attribute that holds the full name (common name) of a user in the directory service X.509 certificateType Specifies the type of user certificates that are registered in the directory service. mail Identifies the attribute that mail holds the email address of a user in the directory service. postalAddress Identifies the attribute that postalAddress holds the postal address of a user in the directory service. preferredLanguage Identifies the attribute that preferredLanguage holds the preferred language of a user in the directory service. sn sn Identifies the attribute that holds the surname of a user in the directory service. o o Identifies the attribute that holds the organization to which a user in the directory service belongs. You can also set the user initial organization name using the usersOrganizationName. usersOrganizationName For more information, see Set Additional Properties on page 358. Identifies the attribute that uid holds the user ID (usually used as login ID) of a user in the directory service. Identifies the attribute that uid uniquely identifies a user in the directory service. Identifies the attribute that userCertificate provides the user certificate of a
Windchill Installation and Configuration Guide

uid

uniqueIdAttribute

userCertificate

366

Windchill LDAP User Attributes <map_identifier> Description Default Value user in the directory service. telephoneNumber Identifies the attribute that telephoneNumber holds the primary telephone number of the user. mobile Identifies the attribute that mobile holds the cell phone number of the user. facsimileTelephofacsimileTelepho- Identifies the attribute that facsimileTelephoneNumneNumber holds the fax number of the ber user. labledURI Identifies the attribute that labledURI holds the URL of the website of the user. Group Object LDAP Attribute Values The default value in Windchill assigned to the LDAP group object class: <map_identifier> objectClass Windchill Group Object Class Description Default LDAP Object Class groupOfUniqueNames Specifies the LDAP object class value that defines groups in the directory service.

The following table lists the default LDAP values for group objects recognized by Windchill. If necessary, use the <map_identifier> to change the corresponding default attribute value for your LDAP directory: Windchill LDAP Group Attributes <map_identifier> Description Default Value cn Identifies the attribute that holds cn the names of groups in the directory service. description Identifies the attribute that holds description the descriptive text about groups in the directory service. filter Specifies an additional expression that is be added to all LDAP search filters used in querying groups that use this JNDI adapter. By default, no additional

Configuring Additional Enterprise Directories

367

Windchill LDAP Group Attributes <map_identifier> Description Default Value expression is added. Example: (ou=Engineering) You can also set the filter using the existing JNDI searchFilter property. Identifies the attribute that holds cn the unique names of groups in the directory service. Identifies the attribute that defines uniqueMember members of groups in the directory service.

uniqueIdAttribute

uniqueMember

Microsoft Active Directory Attribute Mapping for User and Group Objects
To enable Windchill to work with Microsoft Active Directory user objects, the following attribute-mapping properties must be set for user objects on the JNDI adapter definition: mapping.user.objectClass=user mapping.user.o=company mapping.user.uid=sAMAccountName mapping.user.uniqueIdAttribute=sAMAccountName

Note The mapping values represents the attribute that gets mapped to the map identifier. For instance, the map identifier o is mapped to the attribute company. company Note The uid is assumed to be unique since it is the user ID that is used to log on to the web server, therefore, the value specified for mapping.user.uniqueIdAttribute should always be the same value specified for mapping.user.uid. mapping.user.uid
The following attribute-mapping values are based on an out-of-the-box installation of a Microsoft Active Directory. The actual values you assign to these attributemapping properties might vary depending on your Microsoft Active Directory installation:
<service_name>.windchill.mapping.user.postalAddress=postalAddress <service_name>.windchill.mapping.group.objectClass=group <service_name>.windchill.mapping.user.uid=sAMAccountName <service_name>.windchill.mapping.user.cn=cn

368

Windchill Installation and Configuration Guide

<service_name>.windchill.mapping.user.preferredLanguage=preferredLanguage <service_name>.windchill.mapping.group.uniqueMember=member <service_name>.windchill.mapping.user.mobile=mobile <service_name>.windchill.mapping.group.uniqueIdAttribute=sAMAccountName <service_name>.windchill.mapping.group.description=description <service_name>.windchill.mapping.user.mail=mail <service_name>.windchill.mapping.user.facsimileTelephoneNumber=facsimileTelephoneNumber <service_name>.windchill.mapping.user.sn=sn <service_name>.windchill.mapping.user.objectClass=user <service_name>.windchill.mapping.user.uniqueIdAttribute=sAMAccountName <service_name>.windchill.mapping.user.userCertificate=userCertificate <service_name>.windchill.mapping.user.o=company

The following properties are optional Microsoft Active Directory attribute mappings:
<service_name>.windchill.mapping.user.preferredLanguage=localeID <service_name>.windchill.mapping.user.labeledURI=wWWHomePage

The following tables list the default attributes for Microsoft Active Directory user objects as compared to Windchill values: Windchill and Microsoft Active Directory User Object Class Windchill Default LDAP User Object Class inetOrgPerson Microsoft Active Directory User Object Class user

Note Some mapping values for Microsoft Active Directory might vary depending on the Active Directory schema in use, which varies based on the release level of Windows being used.
Windchill and Microsoft Active Directory User Attributes Windchill Default LDAP User Attribute cn mail postalAddress Microsoft Active Directory User Attribute cn mail Out-of-the-box postalAddress is supported for the Microsoft Active Directory user object class, however Microsoft Active Directory does not set postalAddress. postalAddress Instead, it uses several individual attributes: street address, location, postal code, and country.

Configuring Additional Enterprise Directories

369

Windchill and Microsoft Active Directory User Attributes (continued) Windchill Default LDAP Microsoft Active Directory User Attribute User Attribute To enable Windchill to see a postalAddress value, do one of the following: 1) all address information has to be assigned to the user objects postalAddress attribute, or 2) another attribute can be used to consolidate all of the address information and then that attribute can be mapped to postalAddress on the JNDI adapter definition. Out-of-the-box Microsoft Active Directory does not have a preferredLanguage attribute for user objects. Windchill will not see a preferredLanguage value unless your Microsoft Active Directory installation is configured to set one of the user objects attributes to a preferred language value and then that attribute is mapped to preferredLanguage on the JNDI adapter definition. sn An out-of-the-box Microsoft Active Directory does not have a uid attribute for user objects. Instead there are two attributes that contain the user ID (uid uid) information: The first is sAMAccountName, sAMAccountName which is the user ID itself. The second is userPrincipalName, userPrincipalName which is the user ID with the domain appended (for example, user@myco.com). To enable Windchill to see a uid value, one of these attributes has to be mapped to uid on the JNDI adapter definition. Use the attribute that corresponds to the user ID format that is passed along by your web server. Out-of-the-box userPassword is supported for the Microsoft Active Directory user object class, but the Microsoft Active Directory does not set userPassword. userPassword Windchill will not see a userPassword value unless your Microsoft Active Directory installation sets it (or sets another attribute that you map to userPassword on the JNDI adapter definition). userCertificate

preferredLanguage

sn uid

userPassword

userCertificate

370

Windchill Installation and Configuration Guide

Windchill and Microsoft Active Directory User Attributes (continued) Windchill Default LDAP Microsoft Active Directory User Attribute User Attribute o The Microsoft Active Directory schema supports o as an optional attribute for the user object class. However, o typically might not be set by the Active Directory. Therefore, by default, Windchill maps o to company. You can change this mapping if necessary. telephoneNumber telephoneNumber facsimileTelephoneNumfacsimileTelephoneNum- facsimileTelephoneNumber ber mobile mobile labeledURI Out-of-the-box Microsoft Active Directory does not have a labeledURI attribute for user objects. Instead there is the wWWHomePage attribute that contains the same information. To enable Windchill to see a labeledURI value, wWWHomePage can be mapped to labeledURI on the JNDI adapter definition. Microsoft Active Directory Group Object LDAP Attributes Windchill Default LDAP Group Object Class groupofUniqueNames Microsoft Active Directory Group Object Class group

Windchill and Microsoft Active Directory Group Attributes Windchill Default LDAP Group Attribute cn description uniqueMember Microsoft Active Directory Group Attribute cn description The out-of-the-box Microsoft Active Directory does not have a uniqueMember attribute for group objects. Instead there is the member attribute. To enable Windchill to see Microsoft Active Directory group members, map the member attribute to uniqueMember on the JNDI adapter definition.

Configuring Additional Enterprise Directories

371

To enable Windchill to work with Microsoft Active Directory group objects and group members, the following attribute-mapping properties must be set for group objects on the JNDI adapter definition: mapping.group.cn=cn mapping.group.objectClass=group mapping.group.uniqueMember=member

372

Windchill Installation and Configuration Guide

20
Configuring Security Labels
About Security Labels .............................................................................................. 374 Security Labels Example Configuration ..................................................................... 380 Before You Begin..................................................................................................... 383 Configuration Steps ................................................................................................. 385 Additional Configuration Concerns ............................................................................ 414 Best Practices for Security Labels and Agreements .................................................... 424

This section details the steps necessary to configure and enable security labels and agreements for your site.

Configuring Security Labels

373

About Security Labels


Security labels are a means to classify sensitive information and restrict access to only authorized users. Uniquely configured by each site, security labels work with the Windchill access control policies and ad hoc permissions for an object to determine whether a user is authorized to access an object. A site can configure multiple security labels to cover various needs, such as identifying legal information, establishing export control criteria, or protecting proprietary information. There are currently two types of security labels available: standard security labels and custom security labels. You can configure one or both types of security labels for your site. Additional information about custom security labels is available in the Windchill Customization Guide. Each security label has a null, or unrestricted value, and can have multiple additional values, each of which may or may not restrict access to only a specified authorized participant. Security label values that do not restrict clearance (have no defined authorized participant) can be used simply for informative purposes. An authorized participant can be a user, user-defined group, or organization. Specifying a user-defined group as the authorized participant is most flexible, as membership in the group can be modified as needed using the Participant Administration utility or an LDAP directory service. Alternatively, you can customize your security labels to use an evaluator to determine if a participant is an authorized participant for the security label value and if a participant can modify the security label values. In order to view an object, a user must have at least Read permission on the object, but must also be an authorized participant for any security label values set on the object. Each standard security label value or custom security label can optionally also have an associated agreement type. Users who are not otherwise authorized to access an object with a particular security label value can be granted temporary clearance through use of an appropriate agreement. For example, a site could configure an Export Control standard security label, with values of No License Required, License Required, and Do Not Export. No License Required is the null value, and does not restrict any user from accessing objects with this security label value. License Required restricts access to only members of the US Employees group. This value has an associated agreement type of Export Agreement. Users who are not in the US Employees group, but meet the necessary licensing requirements can be granted temporary clearance to objects marked with the License Required value through use of an Export Agreement. Do Not Export restricts access to only members of the US Employees group. As there is no associated agreement type for this value, there is no way to grant temporary clearance to users who are not US Employees.

374

Windchill Installation and Configuration Guide

Security labels should be set during object creation, before an object is checked in or made available within the system, to prevent sensitive information from being exposed. Labels can be set on the Set Security Labels step for objects which use a create window, or through defining object initialization rules to set the default security label on an object. Once an object is created, security labels can be viewed and changed using the Manage Security action.

Security Label Values


A security label always has a null, or unrestricted, label value and can have one or more additional label values. These non-null label values can be defined to allow access only to users who are cleared for that label value. Cleared users are called authorized participants. Security label values that clear all users can be used as purely informative markings.

Null Label Values


The null value for each security label is unrestricted, meaning all users are cleared for the security label and can access the object if they have the required access control permissions. Unless otherwise specified by an object initialization rule, the null value is the default value for a security label setting on an object. The default display name for the null value is Null on a standard security label, but a meaningful, localizable display name can be defined, such as Unclassified or Public Information. The default display for a custom security label is a blank text field.

Non-Null Non-Null Label Values and Their Authorized Participants


A security label can have multiple non-null label values. For standard security labels, each non-null label value can be associated with a participant who is unrestricted by the security label value. Only one authorized participant can be assigned to each security label value. For both standard and custom security labels, there are multiple ways to specify the authorized participants: Using a Unique Federation Identifier (UFID), which limits the authorized participants to only the participant identified in the UFID (if the participant is a user) or to the participant and its members (if the participant is a user-defined group or organization). Using a custom evaluator class, which allows you to customize how to determine if a user is an authorized participant. Using a combination of the UFID and a custom evaluator class.

For more information about the custom evaluator class, the differences between the type of authorized participants, or about setting up custom security labels, see the Windchill Customization Guide.

Configuring Security Labels

375

Specifying a user-defined group as the authorized participant provides the most flexibility, as membership in the group can be modified as needed using the Participant Administration utility, the Organizations Groups page, or a third party LDAP tool to manage groups within an LDAP directory service. If a group is used as the authorized participant for a security label value, the membership of the group can include other groups. While there is no explicit hierarchy among security label values, a hierarchy can be achieved by nesting groups within other groups. For example, the Corporate Proprietary standard security label is created with three values: Private, Internal, and Company Most Private. Three authorized participant groups are available for the Corporate Proprietary security label, each with clearance to one security label value: The Employees group is cleared for the Private security label value. The Internal Personnel group is cleared for the Internal security label value and is a member of the Employees group and therefore is cleared for the Private security label value. The Highly Trusted Employees group is cleared for the Company Most Private security label value and is part of the Internal Personnel group and therefore cleared for the Private and Internal security label values as well.

Each standard security label value or custom security label can also optionally have an associated agreement type. Users who are not authorized participants for that standard security label value or any value of the custom security label are denied access to objects with that label value applied, unless they are specifically granted temporary clearance to the object by membership in an authorized participants list for an active agreement.

376

Windchill Installation and Configuration Guide

For example, a site could configure an Export Control standard security label, with values of No License Required, License Required - State, and Do Not Export. No License Required is the null value and does not restrict any user from accessing objects with this security label value. License Required - State allows access to only members of the US Persons group.

If the License Required - State value has an associated agreement type of State Export Agreement, the users who are not in the US Persons group, but meet the necessary licensing requirements can be granted temporary clearance to objects marked with the License Required - State value through use of an active State Export Agreement. When the agreement is created, users who are not members

Configuring Security Labels

377

of the US Persons group can be added to the authorized participants list of the agreement to be temporarily cleared for the License Required - State value on any associated objects.

Do Not Export restricts access to only members of the US Persons group. There is no associated agreement type for this value, so there is no way to grant temporary clearanceto users who are not in the US Persons group.

If the site also has a Corporate Proprietary security label configured, with its own set of label values and authorized participants, a user must be authorized for both security labels to access the object. For example, if a user is only a member of the US Persons group, which is the authorized participant group for the License Required - State label value, he will not be able to access an object that also has the Internal label value applied. Likewise, a user who is only a member of the Internal Personnel group, the authorized participant group for the Internal label value, will not be able to access the object that also has the License Required - State value

378

Windchill Installation and Configuration Guide

applied. Only a user who is cleared for all label values, through membership in all authorized participant groups or through an agreement, will be able to access the object.

Being authorized for one security label does not automatically authorize a user for any other security label. Users must be cleared for all security labels that are set on an object to be able to access the object.

Agreements
An agreement can provide an exception to a standard security label value or to all values of a custom security label. For example, if a user needs to access an object that has a standard security label applied, but that user is not an authorized participant for that security label value, that user can be cleared for the value through an active agreement for a predetermined amount of time. A standard agreement can clear additional participants for the value of specified securitylabeled objects. Any security-labeled object can be associated with a standard agreement. A context-based agreement can clear additional participants for the value of all security-labeled objects within the same context as the agreement. Once cleared for the security label value, the participants then must have the appropriate access control permissions to be able to take their desired action on the object. Agreements can only be created and modified by members of a user-defined, sitelevel agreement managers group. This group is specified in the security labels configuration file. Depending on their permissions, agreement managers may be able to create agreements in the project, product, library, organization, and site contexts. Agreements are not accessible through the context folder structure. They are only accessible through the Agreements page or from a search results table. Only members of the agreement managers group can access the Agreements page. For more information, see the Agreements help.

Configuring Security Labels

379

Products Supporting Security Labels


The following base and optional products support the security labels functionality: Arbortext Content Manager Arbortext Editor Creo View Windchill Aerospace and Defense Windchill MPMLink Windchill PDMLink Windchill ProjectLink Windchill Supplier Management Windchill Workgroup Managers for: Creo Elements/Pro 5.0 CATIA V5 Inventor SolidWorks CADDS AutoCAD NX

Object Types Exposing Security Labels


The object types currently exposing security labels are listed in the exposedSecurityLabelObjects.xml file found in the following location:

<Windchill>/conf
where <Windchill> is the installed location of your Windchill solution. Only object types listed in exposedSecurityLabelObjects.xml out of the box can be security labeled.

Security Labels Example Configuration


For the example configuration used in this guide, three standard security labels are defined: Export Control, Corporate Proprietary, and Legal Information and one custom security label is defined: Third Party Proprietary. The following sections detail the values, authorized participants, and agreements applicable to each security label.

380

Windchill Installation and Configuration Guide

Export Control
The Export Control standard security label is used to indicate an object's level of export sensitivity. Values No License Required (null value) License Required State License Required Commercial Do Not Export Unknown Download Authorized Participants Agreements Acknowledgement US Persons US Persons State Export Agreement Commercial Export Agreement AgreementAuthorized AllAuthorized

US Persons US Persons

For the Export Control security label, users outside of the US Persons group can be granted temporary clearance for objects marked as License Required - State through a State Export Agreement. Users granted temporary clearance who attempt to download objects with content files will be asked to agree to the conditions of download. Users outside of the US Persons group can be granted temporary clearance for objects marked as License Required - Commercial through a Commercial Export Agreement. All users who attempt to download objects with content files, including those who are members of the US Persons group, will be asked to agree to the conditions of download. Objects marked as Do Not Export or Unknown cannot be cleared for users outside of the US Persons group. Objects marked as No License Required (the null value) are unrestricted and can be accessed by anyone with the necessary permissions on the object.

Corporate Proprietary
The Corporate Proprietary standard security label is used to indicate an object's level of corporate sensitivity. Authorized Participants Values Public (null value) Private Employees Internal Company Most Private Agreements Download Acknowledgement

Non-Disclosure None Agreement Internal Non-Disclosure AgreementAuthorized Personnel Agreement Highly Trusted Non-Disclosure AllAuthorized Employees Agreement

Configuring Security Labels

381

While security labels themselves have no hierarchy, this effect can be achieved by nesting the authorized participant groups. The Highly Trusted Employees group is a member of the Internal Personnel group, which in turn is a member of the Employees group. If they have the appropriate access control permissions, members of the Highly Trusted Employees group can then access objects marked with the Private, Internal, or Company Most Private label values. Members of the Internal Personnel group can access objects marked as Private or Internal, while members of the Employees group can access objects marked as Private. Users outside of these groups can be granted temporary access through use of a NonDisclosure Agreement. The Non-Disclosure Agreement is a context-based agreement type because it is a subtype of the ContextBasedAgreement subtype. Objects marked as Public (the null value) are unrestricted and can be accessed by anyone with the necessary permissions on the object.

Legal Information
The Legal Information standard security label indicates whether an object contains legally sensitive information. Values No (null value) Yes Authorized Participants Agreements Download Acknowledgement

The Legal Information security label is used for purely informational purposes. A Yes value indicates that the object contains legally sensitive information, but the object is unrestricted. Anyone with the necessary permissions on the object can access the object if either label value is set. Using security labels as informative markings is acceptable, but security labels are intended to restrict access. For more information, see Best Practices for Security Labels and Agreements on page 424.

Third Party Proprietary


The Third Party Proprietary custom security label is used to indicate if an object is subject to a third partys non-disclosure agreement. In this example, there is an outside system that presents a user with a non-disclosure agreement. Once the user accepts that agreement, he or she is added to a corresponding Windchill group that represents the participants who have agreed to the non-disclosure agreement for the third party company. In some cases, an object may be part of more than one third party non-disclosure agreement. In that case, the user must be a member of all third party non-disclosure agreement groups. Possible security label values, user membership in the appropriate groups, and corresponding clearance to an object with the Third Party Proprietary label applied is tracked using a custom Java class. For more information about custom security labels, see the Windchill Customization Guide.

382

Windchill Installation and Configuration Guide

Before You Begin


Before you begin configuring security labels for your site, do the following: Decide what security labels you want to configure for your site and whether they will be custom or standard security labels. Establish the list of values for each standard security label. You can have multiple security labels defined for different purposes. In order to see an object, a user must be cleared for all security label values set on the object. For more information about custom security labels, see the Windchill Customization Guide. Determine who will be the authorized participants for each custom security label or standard security label value, meaning who will be cleared for access to objects when that security label value is applied. Consider also if the authorized participants can be specified using a unique federation identifier (UFID) or if you will need to write a custom evaluator class to determine which participants are authorized for each custom or standard label value. If you specify the authorized participant using a UFID, the UFID can specify a user, user-defined group, or organization, but most commonly would be a userdefined group. Using a group as an authorized participant allows you to easily add to or change group membership using the Participant Administration utility, the Organizations Groups page, or a third party LDAP tool to manage groups within an LDAP directory service. If you specify the authorized participant using a custom evaluator class, the way the current user is authorized can vary, depending on how you implement your custom evaluator. For example, the custom evaluator could check to see if the user is a member of a particular group, which is similar to using the UFID. Alternatively, the custom evaluator could query a system outside of Windchill that lists the participants cleared for a particular label value. For information about which authorized participants work best for your site, see the Specifying Authorized Participants for Custom Security Labels section in the Windchill Customization Guide. For information on user-defined groups, including user-defined groups managed with a third party LDAP tool, see the Participants (Users, Groups, and Organizations) section of the Windchill Basic Administration Guide. If the label value is informative only, you can omit the authorized participant to indicate that all users will be cleared for the value.

Configuring Security Labels

383

Optionally, create the necessary groups to be used as the authorized participants.

Note When creating user-defined groups, be sure to note the distinguished name of each group, and the directory service in which it is being stored, as this information is needed during your configuration. Decide whether agreements will be enabled for your site. If you are going to enable agreements, you must also:
Create or identify an existing group for agreement managers in the site context. In the example configuration, this group is the Agreement Managers group. Be sure to note the distinguished name of the group and the directory service in which it is being stored as this information is needed during your configuration. You will also need to set access control permissions for the members of the agreement managers group. For more information about setting these permissions, see Setting Access Control Permissions for Agreement Managers on page 418. If you want more than one type of agreement to be available, create subtypes of the Agreement type. Each custom security label or standard security label value can optionally be associated with one type of agreement. Be sure to note the internal name of each agreement subtype as you will need it during your configuration.

Best Practice If you are planning to use context-based agreements, PTC recommends that you create a subtype for both context-based agreements and for standard agreements. This makes maintaining policy access control rules easier for each type as both inherit from the Agreement type by default.
For more information about creating subtypes, see the help available from the Type and Attribute Management utility. For more information about the Agreement type, see the agreements help. Decide whether a download confirmation message will display when users attempt to download object content. Decide whether there are certain object types for which you want to hide security labels, so non-null security label values cannot be set. For the list of security labeled object types, access the <Windchill>/conf/exposedSecurityLabelObjects.xml file, where <Windchill> is the location where your Windchill solution is installed.

384

Windchill Installation and Configuration Guide

Configuration Steps
The following list outlines the steps necessary to enable and configure security labels and agreements for your Windchill solution. The subsequent sections provide detailed information on each step. Make sure that you have completed the items in Before You Begin on page 383 prior to starting your configuration.

Note Because this configuration involves modifying PTC-provided files, it is important that you understand and follow the practices detailed in the Managing Customizations chapter of the Windchill Customization Guide. Because PTCprovided files can subsequently be updated by PTC in a maintenance release, you should use a safe area for managing your files so that your configurations are not lost when maintenance updates are installed. The Managing Customizations chapter provides information on setting up and using a safe area for storing your site-modified files, as well as keeping versions of the original PTC-provided files, and providing other best practice information. You should familiarize yourself with this information before proceeding with this configuration.
1. Define Security Labels on page 386 2. Define Standard Security Label Values on page 389 3. Create a Custom Java Evaluator Class on page 391 4. Create a Custom Translator Class on page 391 5. Define Download Acknowledgement on page 391 6. Edit the Security Labels Configuration File on page 393 7. Edit LogicalAttributesSite.xml on page 401 8. Add Security Labels to RuleConfigurableTypeAttribute.properties on page 403 9. Specify Attribute Handler for Label Attribute on page 403 10. Enable Setting Security Labels on Explorer Windows on page 404 11. Enable Agreement Object Type for Search on page 404 12. Enable Agreement Object Type for Auditing on page 405 13. Enable Agreement Object Type for Subscription on page 406 14. Enable Modify Security Label Event for Auditing on page 407 15. Enable Modify Security Label Event for Subscription on page 407 16. Hide Security Labels on Certain Objects on page 408 17. Restart Windchill Method Servers on page 410 18. Add Agreements to List of Searchable Object Types on page 410 19. Define Object Initialization Rules for Security Labels on page 411

Configuring Security Labels

385

Step 1. Define Security Labels - Required


To define your security labels and specify their display names and descriptions, complete the following steps: 1. Navigate to the following source file:

<Windchill>/src/wt/access/accessModelRB.rbInfo
where <Windchill> is the installed location of your Windchill solution. If you are using a different locale, find the corresponding RBINFO file for that locale. 2. Copy the accessModelRB.rbInfo file to the following location:

<Windchill>/wtCustom/wt/access Note If the <Windchill>/wtCustom directory does not already exist in your installation, and your site has not already implemented a parallel directory structure for site specific files, complete the following steps to implement it: a. Create the following directory: <Windchill>/wtCustom By default this is the directory root recognized by Windchill for custom directories, as specified in the wt.generation.custom.dir property in tools. properties. For more information see the Windchill Customization Guide. b. Create additional subdirectories within the <Windchill>/wtCustom directory as needed. 3. Open the <Windchill>/wtCustom/wt/access/accessModelRB. rbInfo file in a text editor. 4. For each security label, add the following lines, making sure not to include any spaces except in the <DISPLAY_NAME> or the <LONG_DESCRIPTION>:
WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>.value=<DISPLAY_NAME> WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>.dataType=java.lang.String WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>.serverFunction= com.ptc.core.foundation.security.server.impl.SACFSecurityLabel WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>.serverFunction.arg1= PID{<SECURITY_LABEL>} WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>.longDescription= <LONG_DESCRIPTION>

where:

<SECURITY_LABEL> is the security label name. This value should use only alphanumeric characters and the underscore character. The string WCTYPE|wt.access.SecurityLabeled~SCA| <SECURITY_LABEL> is the value that will be specified for the SecurityLabelResourceKey element for the security label in Edit
Windchill Installation and Configuration Guide

386

the Security Labels Configuration File on page 393. While there is no requirement for the <SECURITY_LABEL> value to match the name attribute specified for the SecurityLabel element in the security labels configuration file, that is the convention used in this guide.

Note A security label name is stored as a server-calculated attribute (SCA). Each SCA must have a unique name. The Logical Attributes Report provides a list of all current SCAs. You can access this report from <Windchill>/netmarkets/jsp/lwcType/ logicalAttributesReport.jsp. <DISPLAY_NAME> is the name of the security label as it will display in the user interface. <LONG_DESCRIPTION> is the long description of the security label. The long description is displayed in the automatically generated description for the security label, accessed by clicking the view security label information icon from the Security Labels table.

For example, add the following lines to the end of the file for configuring the example security labels. (These lines have been formatted to fit the page; enter each WCTYPE definition on one line.)
WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY.value= Corporate Proprietary WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY.dataType= java.lang.String WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY.serverFunction= com.ptc.core.foundation.security.server.impl.SACFSecurityLabel WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY.serverFunction.arg1= PID{CORPORATE_PROPRIETARY} WCTYPE|wt.access.SecurityLabeled~SCA|CORPORATE_PROPRIETARY.longDescription= The "Corporate Proprietary" label indicates the business object's level of corporate sensitivity WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.value=Export Control WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.dataType=java.lang.String WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction= com.ptc.core.foundation.security.server.impl.SACFSecurityLabel WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.serverFunction.arg1= PID{EXPORT_CONTROL} WCTYPE|wt.access.SecurityLabeled~SCA|EXPORT_CONTROL.longDescription= The "Export Control" label indicates the business object's level of export sensitivity WCTYPE|wt.access.SecurityLabeled~SCA|LEGAL_INFORMATION.value=Legal Information WCTYPE|wt.access.SecurityLabeled~SCA|LEGAL_INFORMATION.dataType=java.lang.String WCTYPE|wt.access.SecurityLabeled~SCA|LEGAL_INFORMATION.serverFunction=

Configuring Security Labels

387

com.ptc.core.foundation.security.server.impl.SACFSecurityLabel WCTYPE|wt.access.SecurityLabeled~SCA|LEGAL_INFORMATION.serverFunction.arg1= PID{LEGAL_INFORMATION} WCTYPE|wt.access.SecurityLabeled~SCA|LEGAL_INFORMATION.longDescription= The "Legal Information" label indicates whether the business object contains legally sensitive information WCTYPE|wt.access.SecurityLabeled~SCA|THIRD_PARTY_PROPRIETARY.value= Third Party Proprietary WCTYPE|wt.access.SecurityLabeled~SCA|THIRD_PARTY_PROPRIETARY.dataType= java.lang.String WCTYPE|wt.access.SecurityLabeled~SCA|THIRD_PARTY_PROPRIETARY.serverFunction= com.ptc.core.foundation.security.server.impl.SACFSecurityLabel WCTYPE|wt.access.SecurityLabeled~SCA|THIRD_PARTY_PROPRIETARY.serverFunction.arg1= PID{THIRD_PARTY_PROPRIETARY} WCTYPE|wt.access.SecurityLabeled~SCA|THIRD_PARTY_PROPRIETARY.longDescription= The "Third Party Proprietary" label indicates the business object's level of third party corporate sensitivity

Note Do not delete or alter the existing lines that begin with:
WCTYPE|wt.access.SecurityLabeled~SCA|ALL_SECURITY_LABELS

WCTYPE|wt.access.SecurityLabeled~SCA|ALL_STANDARD_SECURITY_LABELS

WCTYPE|wt.access.SecurityLabeled~SCA|ALL_CUSTOM_SECURITY_LABELS

5. Save and close. 6. From within a windchill shell, run one of the following commands to build the resource bundle. With the <Windchill>/wtCustom directory created, the system automatically builds the RBINFO files found in the <Windchill>/ wtCustom directory, rather than the files found in the <Windchill>/src directory. For a Windows system:
ResourceBuild wt.access.accessModelRB

For a UNIX system:


ResourceBuild.sh wt.access.accessModelRB

388

Windchill Installation and Configuration Guide

Step 2. Define Standard Security Label Values Optional


The label values, display names, and descriptions for standard security labels are defined in the resource file associated with the enumerated type class for the standard security label. Ten enumerated type classes have been provided out-ofthe-box for use with standard security labels (wt.access.configuration. SecurityLabel1 through wt.access.configuration.SecurityLabel10). Decide which class you will use for each standard security label. You will specify the class for each standard security label in the security labels configuration file in the next step. For the example configuration, the following classes are used: wt.access.configuration.SecurityLabel1 for Export Control wt.access.configuration.SecurityLabel2 for Corporate Proprietary wt.access.configuration.SecurityLabel3 for Legal Information

Additional enumerated type classes can be created if your site wants to configure more than ten standard security labels. For more information on creating and editing enumerated type classes, see the Windchill Customization Guide. To define the security label values for each standard security label, and the display name and description for each value, complete the following steps: 1. Copy the resource bundle file for the class from the following source directory:
<Windchill>/src/wt/access/configuration

to the following directory:


<Windchill>/wtCustom/wt/access/configuration

2. Open the resource bundle file for the class in a text editor. For example, for the SecurityLabel1 class, open the following file:
<Windchill>/wtCustom/wt/access/configuration/SecurityLabel1RB.rbInfo

where <Windchill> is the installed location of your Windchill solution. 3. For each standard security label value, add the following lines:
<VALUE>.value=<LOCALIZED_DISPLAY_NAME> <VALUE>.longDescription=<LONG_DESCRIPTION>

Configuring Security Labels

389

where:

<VALUE> is the security label value name that will be specified in the securityLabelsConfiguration.xml file. <LOCALIZED_DISPLAY_NAME> is the name of the security label value as it will display in the user interface. <LONG_DESCRIPTION> is the long description of the security label. The long description is displayed in the automatically generated online help for the security label, accessed by clicking the view security label information icon from the Security Labels table.

Note The NULL resource key is present automatically for each standard security label. A meaningful display name and description can be provided for the NULL key by editing the resource entry, but the entry should not be deleted. The value associated with the NULL key is always unrestricted. As a result, the value associated with the NULL key should not be used for a marking for which you may want to restrict access in the future. Use a non-null informative marking for this case instead.
For example, the following lines would be modified in or added to the SecurityLabel1.rbInfo file for the sample configuration:
NULL.value=No License Required NULL.shortDescription=Export of the selected business objects does not require a license. LNC.value=License Required - Commercial LNC.longDescription=Export of the selected business objects requires a commercial export license. LNS.value=License Required - State LNS.longDescription=Export of the selected business objects requires a state export license. DNE.value=Do Not Export DNE.longDescription=Export of the selected business objects is not allowed. UNK.value=Unknown UNK.longDescription=Export restriction status of the selected business object is not known. Treat as Do Not Export.

4. Save and close.

390

Windchill Installation and Configuration Guide

5. Repeat steps 1 through 4 for each security label class. 6. From within a windchill shell, run the following command to build the resource bundle: For a Windows system:
ResourceBuild wt.access.configuration

For a UNIX system:


ResourceBuild.sh wt.access.configuration

Step 3. Create a Custom Java Evaluator Class Optional


A custom Java evaluator class can be used to determine if a participant is restricted by the security label value specified and to determine if the participant is able to modify the security label value. For more information about creating the custom Java evaluator class, see the Windchill Customization Guide.

Step 4. Create a Custom Translator Class - Optional


For custom security labels, a custom translator class can be used to convert the internal form of the security label value into the external form of the security label value. For more information about custom security labels and creating the custom translator class, see the Windchill Customization Guide.

Step 5. Define Download Acknowledgement Optional


Optionally, you can define a download confirmation message to appear when a user attempts to download an object with content that has at least one standard security label applied. Currently, the message only appears when a user attempts to download the content of a delivery object. To define your download acknowledgement key and message text, complete the following steps: 1. Navigate to the following source file:
<Windchill>/src/wt/access/configuration/securityLabelDownloadAckResource.rbInfo

Configuring Security Labels

391

Where <Windchill> is the installed location of your Windchill solution. If you are using a different locale, find or create the corresponding RBINFO file for that locale. 2. Copy the securityLabelDownloadAckResource.rbInfo file to the following location:
<Windchill>/wtCustom/wt/access/configuration

3. Open the copied securityLabelDownloadAckResource.rbInfo file in a text editor. 4. For each download acknowledgement message, add the following lines:
<KEY>.value=<LOCALIZED_MESSAGE_TEXT> <KEY>.comment=<COMMENT>

Where:

<KEY> is the download acknowledgement key that will be specified in the securityLabelsConfiguration.xml file. <LOCALIZED_MESSAGE_TEXT> is the confirmation message that will appear in the user interface. <COMMENT> is the optional comment describing the purpose of the message.

For example, the following lines would be added for the sample configuration:
LNS_DownloadAck.value=I have read and agree to the terms of the state export license. LNS_DownloadAck.comment=State export license user acknowledgement LNC_DownloadAck.value=I have read and agree to the terms of the commercial export license. LNC_DownloadAck.comment=Commercial export license user acknowledgement PRV_DownloadAck.value=I have read and agree to the company policy for private content. PRV_DownloadAck.comment=Private employee user acknowledgement INT_DownloadAck.value=I have read and agree to the company policy for internal content. INT_DownloadAck.comment=Internal employee user acknowledgement MPRV_DownloadAck.value=I have read and agree to the company policy for company most private content. MPRV_DownloadAck.comment=Company most private employee user acknowledgement

5. Save and close. 6. From within a windchill shell, run the following command to build the resource bundle: For a Windows system:

392

Windchill Installation and Configuration Guide

ResourceBuild wt.access.configuration

For a UNIX system:


ResourceBuild.sh wt.access.configuration

Step 6. Edit the Security Labels Configuration File Required


A security labels configuration file is provided out-of-the-box in the following location:

<Windchill>/conf/securityLabelsConfiguration.xml
where <Windchill> is the installed location of your Windchill solution. You can edit this file for your configuration, or create a new file. The location of your security labels configuration file will be specified using a property later in this step. This procedure uses the provided securityLabelsConfiguration. xml.

Note A sample configuration file, named securityLabelsConfiguration_sample.xml, is located in the same directory as the out-of-the-box configuration file. This sample configuration file contains sample data and detailed comments about the configuration file components. While the sample configuration file includes sample data similar to the example configuration used in this guide, actual values from your system are required to successfully configure security labels.
The content of the securityLabelsConfiguration.xml file consists of a single, complex XML element named SecurityLabelsConfiguration. When you initially open the securityLabelsConfiguration.xml file, you see the following:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE SecurityLabelsConfiguration SYSTEM "securityLabelsConfiguration.dtd"> <SecurityLabelsConfiguration enabled="false"> </SecurityLabelsConfiguration>

To enable security labels, make the following changes within the configuration file: If you are enabling agreements, add the AgreementConfiguration element and its subelements. For each standard security label, add a SecurityLabel element and its subelements. For each custom security label, add a CustomSecurityLabel element and its subelements.

Configuring Security Labels

393

For more information about custom security labels, see the Windchill Customization Guide. Change the value of the enabled parameter on the SecurityLabelsConfiguration element from false to true:
<SecurityLabelsConfiguration enabled="true">

Details of these changes are provided in the following sections. When you have made all of your changes, save and close the security labels configuration file.

AgreementConfiguration Element
Note For security labels to work, you do not need to enable agreements. If you are not planning to use agreements, you do not need to include this element.
The AgreementConfiguration element and subelements are specified in the following manner, using sample information:
<AgreementConfiguration enabled="true"> <AgreementManagersGroup> <groupUfid>cn=Agreement Managers,ou=people, cn=AdministrativeLdap,cn=Windchill_9.1,o=ptc |Ldap.ptcnet.ptc.com|Ldap.ptcnet.ptc.com</groupUfid> </AgreementManagersGroup> <AgreementLifecycleState> <lifecycleState>APPROVED</lifecycleState> </AgreementLifecycleState> <AgreementCabinetDomain> <domainPath>/Default</domainPath> </AgreementCabinetDomain> <ContextBasedAgreementType> <logicalTypeId>com.ptc.security.ContextBasedAgreement</logicalTypeId> </ContextBasedAgreementType> <SelectAuthorizedSecurityLabelValuesStep value="show"/> <AuthorizedSecurityLabelValuesDefault value="all"/> </AgreementConfiguration>

To enable agreements, the value of the enabled attribute on the AgreementConfiguration element must be set to true and at least one security label value must have an agreementType subelement. The AgreementManagersGroup element represents the Windchill group that is granted access to see the agreement user interface and to manage agreements in the Windchill solution. This group is represented by a UFID (Unique Federation Identifier). For information on how to specify a UFID, see Specifying a UFID on page 414.

394

Windchill Installation and Configuration Guide

The AgreementLifecycleState element specifies the life cycle state in which the agreement is considered approved and can be active. The value for the lifecycleState element must be one of the keys defined in the life cycle state resource information file ( <Windchill>/src/wt/lifecycle/StateRB.rbInfo ), for example, APPROVED. For more information about setting the life cycle template for agreements, see the agreements help. The AgreementCabinetDomain element specifies the domain assigned to agreements in each context where agreements are stored. The domain is used to determine the default access control policies for the cabinet and its contents. The path is relative to the context in which the agreement cabinet is created. This domain can be the /Default domain for the context, or a custom domain configured at your site. If no domain is specified, the agreements cabinet resides in the /Default domain. For information on creating a custom domain, see Creating Custom Domains for Agreements on page 418. The ContextBasedAgreementType element specifies the agreement type for context-based agreements. Any agreement created with the type specified in the element, or a subtype of this type, is treated as a context-based agreement. The ContextBasedAgreementType element is represented by the logical form of the object type. The logical form is the internal name of the type as shown in the Type and Attribute Management utility. The ContextBasedAgreementType element is not required if your site only wants to use standard agreements. For more information, see the agreements help. The SelectAuthorizedSecurityLabelsStep element enables the Select Authorized Security Label Values step on the New Agreement and Edit Agreement windows. To enable the step, the value of the element must be set to show. To disable the step, do not specify the SelectAuthorizedSecurityLabelsStep, or set the value to hide. If the step is enabled, the Authorize drop-down list will display with a default selection of All Values . To change the default selection for the drop-down list, specify the AuthorizedSecurityLabelValuesDefault subelement with one of the following values: all: Sets the default selection to All Applicable Values for standard security labels and to All Values for custom security labels. The default selection of All Values can also be achieved if you do not specify the AuthorizedSecurityLabelValuesDefault element. selected: Sets the default selection to Selected Values for standard security labels and to No Values for custom security labels. none: Sets the default selection to No Values for standard and custom security labels.

Configuring Security Labels

395

For more information about the Select Authorized Security Label Values step, see Authorized Security Label Values in the Agreements help.

SecurityLabel element
The SecurityLabel element contains the data for defining a standard security label, including possible security label values, the authorized participant for each value (if not all users), the agreement type (if any) associated with the label value, and various mappings used by applications and services to process security labels. There should be one SecurityLabel element for each standard security label you configure. For example:
<SecurityLabel name="EXPORT_CONTROL" enabled="true"> <SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA| EXPORT_CONTROL</SecurityLabelResourceKey> <SecurityLabelValueResourceClass>wt.access.configuration.SecurityLabel1 </SecurityLabelValueResourceClass> <SecurityLabelValue name="LNS" enabled="true" downloadAckMessageKey= "LNS_DownloadAck" downloadAckUsers="AgreementAuthorized"> <UnrestrictedPrincipal> <ufid>cn=US Persons,cn=Public,ou=people,cn=AdministrativeLdap, cn=Windchill_9.1,o=ptc|Ldap.ptcnet.ptc.com| Ldap.ptcnet.ptc.com</ufid> <AgreementType> <logicalTypeId>com.ptc.security.SEA</logicalTypeId> </AgreementType> </UnrestrictedPrincipal> </SecurityLabelValue> . . . . <SecurityLabelParameter>EXPORT_CONTROL</SecurityLabelParameter> </SecurityLabel>

The name attribute of the SecurityLabel element is the string that is stored in the database for this security label, in this case, EXPORT_CONTROL. For this security label to be available in your Windchill solution, the enabled attribute must be set to true. This name value does not generally show in the user interface; the display name for this security label was defined in Step 1 of this configuration. The SecurityLabelResourceKey element represents the resource key for the label, and is specified in the following format:
WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>

396

Windchill Installation and Configuration Guide

where <SECURITY_LABEL> is the value of the name attribute on the SecurityLabel element. This resource key must be present in the accessModelRB.rbInfo resource file edited in Define Security Labels on page 386.

Note Even if security labels are globally disabled, the security label resource keys specified in the configuration file must exist in the accessModelRB.rbInfo file in order for the method server to start. For more information on disabling security labels, see the security labels administration help.
The SecurityLabelValueResourceClass element represents the resource file where the resource keys for the label value localized strings (such as name and description) are stored. These resource keys were defined in Define Security Label Values on page 389. This element contains the resource file class name. The name attribute of the SecurityLabelValue element specifies the string that is stored in the database for this label value. The same value is used in the resource file associated with the SecurityLabelValueResourceClass as the resource key for the security label value localized strings. For the label value to be available in your Windchill solution, the enabled attribute must be set to true. The null value for the security label is automatically present and is not specified here.

Note The name attribute of the SecurityLabel element and the name attribute of the SecurityLabelValue element are stored together as a name/value pair in the database. Although the system allows you to specify as many security labels as desired, the name/value pairs are stored in a single database column. The number of security labels that can be set is limited by the column size (4000). As these values are generally not seen in the user interface, it is recommended that the values be kept as short as possible, but still be meaningful.
If you are using download acknowledgement, include the downloadAckMessageKey attribute and the downloadAckUsers attribute. The value for the downloadAckMessageKey attribute is the key specified in the securityLabelDownloadAckResource.rbInfo file. The value for the downloadAckUsers attribute can be one of the following: None: no users are shown the download confirmation message AgreementAuthorized: only users authorized through an agreement are shown the download confirmation message AllAuthorized: all authorized users are shown the download confirmation message

Configuring Security Labels

397

Each SecurityLabelValue element can have a single UnrestrictedPrincipal subelement, which specifies the authorized participant for this security label value. The authorized participant is cleared for the security label value. If the UnrestrictedPrincipal subelement is omitted, all users are cleared for access to objects with the label value. Each UnrestrictedPrincipal subelement can have a ufid sublement. The UFID, or Unique Federation Identifier, specifies a participant, which can be a user, user-defined group, or organization. For information on how to specify a UFID, see Specifying a UFID on page 414. Each UnrestrictedPrincipal element can also have an evaluatorClass subelement, which specifies the evaluator class created in Create a Custom Java Evaluator Class on page 391. The ufid subelement and the evaluatorClass subelement can either be used together or individually under the UnrestrictedPrincipal element. For more information about the differences between using a ufid subelement, an evaluatorClass subelement, or both, see Specifying Authorized Participants on page 413. The order in which the SecurityLabelValue elements are specified is the order in which the non-null values display in selection lists. Each UnrestrictedPrincipal element can optionally have an AgreementType subelement. An agreement can be used to grant temporary clearance to users who are not authorized participants for this security label value. The content for the AgreementType element is specified in the following format:
<logicalTypeId><AGREEMENT_NAME></logicalTypeId>

where <AGREEMENT_NAME> is the internal name of the agreement type or subtype. For more information about the agreement type, see the agreements help. The optional SecurityLabelParameter element contains the parameter name used by various authoring applications as a file attribute to map to this security label. SecurityLabelParameter is always the last element within the SecurityLabel element. The parameter name must follow any restrictions for parameter names that exist for the authoring applications. For information on how this element is used, see Security Label Parameter for CAD Application Clients on page 415.

CustomSecurityLabel element
The CustomSecurityLabel element contains the data for defining a custom security label, the authorized participant for the custom security label values (if not all users), the agreement type (if any) associated with the custom security label values, and various mappings used by applications and services to process custom security labels. There should be one CustomSecurityLabel element for each custom security label you configure. For example:

398

Windchill Installation and Configuration Guide

<CustomSecurityLabel name="THIRD_PARTY_PROPRIETARY" enabled="true"> <SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA| THIRD_PARTY_PROPRIETARY</SecurityLabelResourceKey> <CustomSecurityLabelValues> <UnrestrictedPrincipal> <ufid>cn=Employees,cn=Public,ou=people,cn=AdministrativeLdap, cn=Windchill_10.1,o=ptc|Ldap.ptcnet.ptc.com| Ldap.ptcnet.ptc.com</ufid> <evaluatorClass> com.ourcompany.CustomEvaluator </evaluatorClass> </UnrestrictedPrincipal> <TranslatorClass> com.ourcompany.CustomTranslator </TranslatorClass> </CustomSecurityLabelValues> <SecurityLabelParameter>THIRD_PARTY_PROPRIETARY</SecurityLabelParameter> </CustomSecurityLabel>

The name attribute of the CustomSecurityLabel element is the string that is stored in the database for this security label, in this case, THIRD_PARTY_PROPRIETARY. For this custom security label to be available in your Windchill solution, the enabled attribute must be set to true. This name value does not generally show in the user interface; the display name for this security label was defined in the <Windchill>/wtcustom/wt/access/accessModelRB.rbinfo file previously.

Best Practice Keep the name attribute of the CustomSecurityLabel element and the internal custom label values as short as possible. You can use the TranslatorClass element to reduce the size of the internal values stored in the database. For more information, see the Windchill Customization Guide.
The SecurityLabelResourceKey element represents the resource key for the label, and is specified in the following format:
WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>

where <SECURITY_LABEL> is the value of the name attribute on the CustomSecurityLabel element. This resource key must be present in the accessModelRB.rbinfo resource file edited previously.

Note Even if security labels are globally disabled, the security label resource keys specified in the configuration file must exist in the accessModelRB.rbinfo for the method server to start. For more information on disabling security labels, see Disabling Security Labels and Values in the Windchill Help Center or the Windchill Specialized Administration Guide.

Configuring Security Labels

399

The CustomSecurityLabelValues element can have a single UnrestrictedPrincipal subelement, which specifies the authorized participant for the security label values. If the UnrestrictedPrincipal subelement is omitted, all users are cleared for access to objects with the custom label values. The UnrestrictedPrincipal element can have a ufid subelement. The UFID, or Unique Federation Identifier, specifies a participant, which can be a user, user-defined group, or organization. The UnrestrictedPrincipal element can also have an evaluatorClass subelement, which specifies the evaluator class created in Step 3. Create a Custom Java Evaluator Class on page 391. The ufid subelement and the evaluatorClass subelement can either be used together or individually under the UnrestrictedPrincipal element. For more information about the differences between using a ufid subelement, an evaluatorClass subelement, or both, see Specifying Authorized Participants for Custom Security Labels in the Windchill Customization Guide. The UnrestrictedPrincipal element can optionally have an AgreementType subelement. An agreement can be used to grant temporary clearance to users who are not authorized participants for the security label values. The content for the AgreementType element is specified in the following format:
<logicalTypeId><AGREEMENT_NAME></logicalTypeId>

where <AGREEMENT_NAME> is the internal name of the agreement type or subtype. The optional TranslatorClass element specifies the class created in Step 4. Create a Custom Translator Class on page 391. The TranslatorClass element converts the internal name of the security label values into the external names, which appear throughout Windchill, and back again. If the TranslatorClass element is not specified, the internal and external values for the custom security label values are the same. The optional SecurityLabelParameter element contains the parameter name used by various authoring applications as a file attribute to map to this custom security label. SecurityLabelParameter is always the last element within the CustomSecurityLabel element. The parameter name must follow any restrictions for parameter names that exist for the authoring applications.

Set the Configuration File Location in Windchill Property


If you created your own configuration file, instead of editing the provided securityLabelsConfiguration.xml file, you must specify the name and location of the file in the wt.access.configuration.securityLabelsConfigurationFile property in wt.properties.

400

Windchill Installation and Configuration Guide

From within a windchill shell, run the following command, replacing conf/ securityLabelsConfiguration.xml with the location and name of your configuration file:
xconfmanager -s wt.access.configuration.securityLabelsConfigurationFile= $(wt.home)/conf/securityLabelsConfiguration.xml -t codebase/wt.properties -p

By default, the property is set to the provided securityLabelsConfiguration.xml file. If you use the provided file, you do not need to specify this property. For more information on using the xconfmanager, see the Windchill Specialized Administration Guide.

Step 7. Edit LogicalAttributesSite.xml LogicalAttributesSite.xml - Required


Edit the LogicalAttributesSite.xml file to add Property subelements for each security label to the wt.access.SecurityLabeled Class element. 1. If it does not already exist at your site, create a LogicalAttributesSite.xml file in the following location:
<Windchill>/codebase

where <Windchill> is the installed location of your Windchill solution. The LogicalAttributesSite.xml file should contain the following:
<?xml version="1.0" standalone="no"?> <!DOCTYPE LogicalAttributes SYSTEM "/com/ptc/core/meta/common/impl/ LogicalAttributes.dtd" > <!-- Site specific logical attributes. --> <LogicalAttributes> </LogicalAttributes>

2. Add the Class element within the LogicalAttributes element.


<Class name="wt.access.SecurityLabeled"> </Class>

3. Within the Class element, add a Property subelement for ALL_SECURITY_LABELS, ALL_STANDARD_SECURITY_LABELS, ALL_CUSTOM_SECURITY_LABELS, and for each security label in the following format:
<Property> <LogicalForm><SECURITY_LABEL></LogicalForm> <ExternalForm>SCA|<SECURITY_LABEL></ExternalForm> </Property>

Configuring Security Labels

401

where SCA|<SECURITY_LABEL> matches the segment after the tilde (~) in the SecurityLabelResourceKey element value for the security label in the security labels configuration file. This value can only contain alphanumeric characters and the underscore character. While there is no requirement for the <SECURITY_LABEL> value in the LogicalForm to match the <SECURITY_LABEL> value in the ExternalForm, that is the convention used in this guide. For example, after adding the lines necessary for each security label for the example configuration, the element appears as follows:
<Class name="wt.access.SecurityLabeled"> <Property> <LogicalForm>ALL_SECURITY_LABELS</LogicalForm> <ExternalForm>SCA|ALL_SECURITY_LABELS</ExternalForm> </Property> <Property> <LogicalForm>ALL_STANDARD_SECURITY_LABELS</LogicalForm> <ExternalForm>SCA|ALL_STANDARD_SECURITY_LABELS</ExternalForm> </Property> <Property> <LogicalForm>ALL_CUSTOM_SECURITY_LABELS</LogicalForm> <ExternalForm>SCA|ALL_CUSTOM_SECURITY_LABELS</ExternalForm> </Property> <Property> <LogicalForm>CORPORATE_PROPRIETARY</LogicalForm> <ExternalForm>SCA|CORPORATE_PROPRIETARY</ExternalForm> </Property> <Property> <LogicalForm>EXPORT_CONTROL</LogicalForm> <ExternalForm>SCA|EXPORT_CONTROL</ExternalForm> </Property> <Property> <LogicalForm>LEGAL_INFORMATION</LogicalForm> <ExternalForm>SCA|LEGAL_INFORMATION</ExternalForm> </Property> <Property> <LogicalForm>THIRD_PARTY_PROPRIETARY</LogicalForm> <ExternalForm>SCA|THIRD_PARTY_PROPRIETARY</ExternalForm> </Property> </Class>

4. Save and close.

402

Windchill Installation and Configuration Guide

Step 8. Add Security Labels to RuleConfigurableTypeAttribute.properties RuleConfigurableTypeAttribute.properties - Optional


Note If your site does not use object initialization rules, skip this step. If your site plans to use object initialization rules for one of more security labels, add each of those security labels to the RuleConfigurableTypeAttribute.properties file so that object initialization rules can be created for security labels.
From within a windchill shell, run the following command:
xconfmanager -s wt.access.SecurityLabeled=<SECURITY_LABEL> -t codebase/com/ptc/core/rule/server/delegate/init/ RuleConfigurableTypeAttribute.properties -p

where <SECURITY_LABEL> is the security label name as specified in the securityLabelsConfiguration.xml file. Multiple security labels can be specified as a comma-delimited list. For example, the command for the example configuration is as follows:
xconfmanager -s wt.access.SecurityLabeled=EXPORT_CONTROL, CORPORATE_PROPRIETARY,LEGAL_INFORMATION,THIRD_PARTY_PROPRIETARY -t codebase/com/ptc/core/rule/server/delegate/init/ RuleConfigurableTypeAttribute.properties -p

Instructions for defining object initialization rules for security labels are found later in this configuration.

Step 9. Specify Attribute Handler for Label Attribute Required


Add each security label to the FoundationAttributeHandler.properties file to specify the attribute handler to use for the label attribute. From within a windchill shell, run the following command for each security label:
xconfmanager -s wt.services/svc/default/com.ptc.core.command.server.delegate.io. AbstractAttributeHandler/<SECURITY_LABEL>/wt.access.SecurityLabeled/0= com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton -t codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties -p

where <SECURITY_LABEL> is the security label name as specified in the securityLabelsConfiguration.xml file. For example, the following three commands would be individually run for the example configuration:
xconfmanager -s wt.services/svc/default/com.ptc.core.command.server.delegate.io. AbstractAttributeHandler/EXPORT_CONTROL/wt.access.SecurityLabeled/0=

Configuring Security Labels

403

com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton -t codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties -p xconfmanager -s wt.services/svc/default/com.ptc.core.command.server.delegate.io. AbstractAttributeHandler/CORPORATE_PROPRIETARY/wt.access.SecurityLabeled/0= com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton -t codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties -p xconfmanager -s wt.services/svc/default/com.ptc.core.command.server.delegate.io. AbstractAttributeHandler/LEGAL_INFORMATION/wt.access.SecurityLabeled/0= com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton -t codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties -p xconfmanager -s wt.services/svc/default/com.ptc.core.command.server.delegate.io. AbstractAttributeHandler/THIRD_PARTY_PROPRIETARY/wt.access.SecurityLabeled/0= com.ptc.core.command.server.delegate.io.SecurityLabelAttributeHandler/singleton -t codebase/com/ptc/core/foundation/FoundationAttributeHandler.properties -p

Step 10. Enable Setting Security Labels on Explorer Windows - Required


Add the com.ptc.windchill.explorer. monitorXmlConfigChanges property to the site.xconf file to enable the Set Security Labels step on the Product Structure Explorer or the MPMLink Explorer windows. From within a windchill shell, run the following command:

xconfmanager -s com.ptc.windchill.explorer.monitorXmlConfigChanges=true -t codebase/wt.properties -

Step 11. Enable Agreement Object Type For Search - Optional


Note If you are not enabling agreements, skip this step.
To enable the Agreement object type for use in simple and advanced searches, complete the following steps: 1. Navigate to the following location:
<Windchill>/codebase/com/ptc/windchill/enterprise/search/server

where <Windchill> is the installed location of your Windchill solution. 2. Open the SearchableTypes.properties.xconf file in a text editor. 3. In each category, remove the comment from the following:
<!-- If security labels is enabled on your system then add wt.access.agreement.AuthorizationAgreement to ProjectLink.userSearch: <AddToProperty name="ProjectLink.userSearch" value=

404

Windchill Installation and Configuration Guide

"wt.access.agreement.AuthorizationAgreement"/> -->

For example,
<!-- If security labels is enabled on your system then add wt.access.agreement.AuthorizationAgreement to ProjectLink.userSearch: <AddToProperty name="ProjectLink.userSearch" value= "wt.access.agreement.AuthorizationAgreement"/> -->

becomes
<!-- If security labels is enabled on your system then add wt.access.agreement.AuthorizationAgreement to ProjectLink.userSearch:--> <AddToProperty name="ProjectLink.userSearch" value= "wt.access.agreement.AuthorizationAgreement"/>

4. If the property named WindchillPDM.allSearch does not exist, add it as follows:


<Property name="WindchillPDM.allSearch" multivalued="," default= wt.access.agreement.AuthorizationAgreement"/>

5. Save and close. 6. From within a windchill shell, run the following command:
xconfmanager -s com.ptc.windchill.search.refreshTypesFromProperties=true -t codebase/wt.properties -p

Note This step makes the agreement object type searchable. You must also Add Agreements to List of Searchable Object Types on page 410.

Step 12. Enable Agreement Object Type for Auditing - Optional


Note If you are not enabling agreements, skip this step.
To enable the agreement object type for auditing, complete the following steps: 1. Open the following file in a text editor:
<Windchill>/codebase/com/ptc/core/auditing/ auditing-SearchableType.properties.xconf

where <Windchill> is the installed location of your Windchill solution. 2. Remove the comment characters around each agreements property. For example:
<!-If security labels is enabled on your system then add

Configuring Security Labels

405

wt.access.agreement.AuthorizationAgreement to Foundation. auditSearchFoundation: <AddToProperty name="Foundation.auditSearchFoundation" value="wt.access.agreement.AuthorizationAgreement"/> -->

becomes
<!-- If security labels is enabled on your system then add wt.access.agreement.AuthorizationAgreement to Foundation. auditSearchFoundation: --> <AddToProperty name="Foundation.auditSearchFoundation" value="wt.access.agreement.AuthorizationAgreement"/>

3. Save and close. 4. From within a windchill shell, run the following command to propagate the changes:
xconfmanager -p

Step 13. Enable Agreement Object Type for Subscription - Optional


Note If you are not enabling agreements, skip this step.
To enable the agreement object type for subscriptions, complete the following steps: 1. Open the following file in a text editor:
<Windchill>/codebase/com/ptc/core/subscription/ subscription-SearchableTypes.properties.xconf

where <Windchill> is the installed location of your Windchill solution. 2. Remove the comment characters from around the agreements property. For example:
<!-- This property wt.access.agreement.AuthorizationAgreement should only be added to Foundation.subscriptionTypePicker if the Security Labels feature is enabled. <AddToProperty name="Foundation.subscriptionTypePicker" value= "wt.access.agreement.AuthorizationAgreement"/> -->

becomes
<!-- This property wt.access.agreement.AuthorizationAgreement should only be added to Foundation.subscriptionTypePicker if the Security Labels feature is enabled.--> <AddToProperty name="Foundation.subscriptionTypePicker" value= "wt.access.agreement.AuthorizationAgreement"/>

406

Windchill Installation and Configuration Guide

3. Save and close. 4. From within a windchill shell, run the following command to propagate the changes:
xconfmanager -p

Step 14. Enable Security Label Events for Auditing Optional


By default, Windchill only audits user login and logout events. When full auditing is enabled, the Modify Security Label and Security Label Download Acknowledgement events are recorded for all object types that support security labels or download acknowledgement. To enable auditing the Modify Security Label or Security Label Download Acknowledgement event only for a particular object, add the following event key to the ConfigEntry element for the particular object class: For the Modify Security Label event:
<KeyedEventEntry eventKey="*/wt.events.summary. ModifySecurityLabelsSummaryEvent/" enabled="true" handler="wt.audit.configaudit. ModifySecurityLabelsEventRecorder"/>

For the Security Label Download Acknowledgement event:


<KeyedEventEntry eventKey="*/wt.audit.AuditServiceEvent/ SECURITY_LABEL_DOWNLOAD_ACK" enabled="true" handler="wt.audit.configaudit. SecurityLabelDownloadAckAuditEventRecorder"/>

For more information, see the Customizing Audit Events section in the Windchill Customization Guide or the auditing administration help.

Step 15. Enable Modify Security Label Event for Subscriptions - Optional
To enable the Modify Security Label Event for subscriptions, complete the following steps: 1. Open the following file in a text editor:
<Windchill>/codebase/wt/notify/subscriptionConfig.xml

2. Remove the comment characters from around the following lines:


<category name = "EDIT_SECURITY_LABELS"> <event name = "*/wt.events.summary.ModifySecurityLabelsSummaryEvent/"/> <override type = "com.ptc.windchill.mpml.processplan.MPMProcessPlan"/> <override type ="com.ptc.windchill.mpml.processplan.sequence.MPMSequence"/>

Configuring Security Labels

407

<override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override <override </category>

type type type type type type type type type type type type type type type type type type type type type type type type type

="com.ptc.windchill.mpml.processplan.operation.MPMOperation"/> ="com.ptc.windchill.mpml.mfgprocess.MPMMfgProcess"/> ="com.ptc.windchill.mpml.mfgprocess.MPMMfgStandardGroup"/> ="com.ptc.windchill.suma.part.VendorPart"/> ="com.ptc.windchill.suma.part.ManufacturerPart"/> ="com.ptc.windchill.suma.npi.WTPartRequest"/> ="wt.annotation.StructuredAnnotationSet"/> ="wt.change2.WTAnalysisActivity"/> ="wt.change2.WTChangeActivity2"/> ="wt.change2.WTChangeInvestigation"/> ="wt.change2.WTChangeIssue"/> ="wt.change2.WTChangeOrder2"/> ="wt.change2.WTChangeProposal"/> ="wt.change2.WTChangeRequest2"/> ="wt.change2.WTVariance"/> ="wt.doc.WTDocument"/> ="wt.epm.EPMDocument"/> ="wt.maturity.PromotionNotice"/> ="wt.meeting.MeetingCenterMeeting"/> ="wt.meeting.TraditionalMeeting"/> ="wt.part.WTPart"/> ="wt.part.WTProductConfiguration"/> ="wt.vc.baseline.ManagedBaseline"/> ="wt.viewmarkup.WTMarkUp"/> ="wt.viewmarkup.DerivedImage"/>

3. Save and close.

Step 16. Hide Security Labels on Certain Objects Optional


If you do not want security labels to be set on certain types of objects, you can hide the security labels functionality from being displayed in certain areas for those object types. Security labels can be hidden in the Manage Security , Subscribe , and agreement authorized object search windows. To ensure that there are no default security labels applied to the object type, remove all security label object initialization rules for the object type in addition to completing the following procedure.

Note Do this before the security label enabled system is made available to your users.
To hide the Security Labels tab in the Manage Security window and remove the ability to associate the object type as an authorized object: 1. Open the following file in a text editor:

408

Windchill Installation and Configuration Guide

<Windchill>/conf/exposedSecurityLabelObjects.xml

where <Windchill> is the installed location of your Windchill solution. 2. Add comment characters around the entry for the object type for which you want to hide security labels. For example,
<object name="wt.doc.WTDocument"/>

becomes
<!--object name="wt.doc.WTDocument"/-->

3. Save and close. To hide the Modify Security Labels event for selected types in the Subscribe window:

Note Only complete these steps if you enabled security labels for subscription in Enable Modify Security Label Event for Subscription on page 407.
1. Open the following file in a text editor:
<Windchill>/codebase/wt/notify/subscriptionConfig.xml

where <Windchill> is the installed location of your Windchill solution. 2. Under the <category name = "EDIT_SECURITY_LABELS"> element, add comment characters around the object type entry for which you want to hide security labels. For example,
<override type ="wt.doc.WTDocument"/>

becomes
<!--override type ="wt.doc.WTDocument"/-->

3. Save and close. To remove the object type from the list of authorized object types in an agreement:

Note Only complete these steps if you enabled agreements.


1. Open the following file in a text editor:
<Windchill>/codebase/com/ptc/core/agreements/ agreements-SearchableTypes.properties.xconf

where <Windchill> is the installed location of your Windchill solution. 2. In each category that applies to your installation, remove the object type entry for which you want to hide security labels from the comma-delimited list. For example, the following property has the object type wt.doc. WTDocument:
<Property name="Foundation.AgreementAuthObjectPickerFoundation" multivalued=","

Configuring Security Labels

409

default="wt.epm.EPMDocument,wt.change2.WTAnalysisActivity, wt.change2.WTChangeActivity2,wt.change2.WTChangeInvestigation, wt.change2.WTChangeIssue,wt.change2.WTChangeOrder2,wt.change2.WTChangeProposal, wt.change2.WTChangeRequest2,wt.change2.WTVariance,wt.maturity.PromotionNotice, wt.doc.WTDocument,wt.part.WTPart,wt.vc.baseline.ManagedBaseline, wt.meeting.MeetingCenterMeeting,wt.meeting.TraditionalMeeting, wt.viewmarkup.WTMarkUp,wt.viewmarkup.DerivedImage, wt.annotation.StructuredAnnotationSet,wt.part.WTProductConfiguration, wt.part.WTProductInstance2,com.ptc.windchill.wp.AbstractWorkPackage, com.ptc.windchill.wp.delivery.DeliveryRecord"/>

Edit the property element to remove the wt.doc.WTDocument reference. The result will be:
<Property name="Foundation.AgreementAuthObjectPickerFoundation" multivalued="," default="wt.epm.EPMDocument,wt.change2.WTAnalysisActivity, wt.change2.WTChangeActivity2,wt.change2.WTChangeInvestigation, wt.change2.WTChangeIssue,wt.change2.WTChangeOrder2,wt.change2.WTChangeProposal, wt.change2.WTChangeRequest2,wt.change2.WTVariance,wt.maturity.PromotionNotice, wt.part.WTPart,wt.vc.baseline.ManagedBaseline,wt.meeting.MeetingCenterMeeting, wt.meeting.TraditionalMeeting,wt.viewmarkup.WTMarkUp,wt.viewmarkup.DerivedImage, wt.annotation.StructuredAnnotationSet,wt.part.WTProductConfiguration, wt.part.WTProductInstance2,com.ptc.windchill.wp.AbstractWorkPackage, com.ptc.windchill.wp.delivery.DeliveryRecord"/>

3. Save and close. From within a windchill shell, run the following command:
xconfmanager -fp

Step 17. Restart Windchill Method Servers Required


Restart your Windchill method server for the configuration to take effect.

Step 18. Add Agreements to List of Searchable Object Types - Optional


Note If you are not enabling agreements, skip this step.

410

Windchill Installation and Configuration Guide

Add the agreement type to the list of searchable object types available on search windows as follows: 1. Open the Site Utilities Preference Management from the page on the tab. 2. Navigate to the Search All Applicable Object Types preference. 3. Add WCTYPE|wt.access.agreement.AuthorizationAgreement to the list of searchable objects to enable searching for all agreements. Only participants with Read access to the agreement object will be able to find the agreement object.

Step 19. Define Object Initialization Rules for Security Labels - Optional
It is important that security labels are set appropriately on objects before the objects are made available within your system. For example, security labels should be set when the object is initially checked in to prevent exposing sensitive information to unintended audiences. If a security label is not set when an object is created, the security label automatically defaults to its null value. The object is then unrestricted and can be viewed by any user with Read access to the object. It is your responsibility to define object initialization rules where non-null default security label values are necessary. Some objects do not have a user interface for creation. For example, there is no interface for promotion notices and documents created using the Upload Documents from Compressed File action. If these objects should be restricted, then they must have object initialization rules defined so that the appropriate security label values are set when the objects are created. Object initialization rules can also be used to set default security label values for object types that do use a creation user interface. For a list of objects that can be security labeled, see the <Windchill>/conf/exposedSecurityLabelObjects.xml file, where <Windchill> is the location where your Windchill solution is installed. The following attribute constraints are available for setting security label values on a new object window: GetHiddenConstraint: Hides the security label and security label value from the new object window. GetDiscreteSetConstraint: Displays only the label values specified in the object initialization rule in a drop-down list.

Tip If you are using custom security labels, setting an object initialization rule with the GetDiscreteSetConstraint attribute constraint allows you to limit the values a user can specify for the custom security label.

Configuring Security Labels

411

GetImmutableConstraint: Prevents the user from changing the displayed value. GetServerAssignedConstraint: Displays the label name, but not the label values. The text displayed in place of the value is (Generated) . GetServerPreGeneratedValue: Displays the specified value as the default value for the label.

Object initialization rules are created and edited through the Object Initialization Rules Administration utility. The following procedure provides the general steps for creating or updating an object initialization rule for an object type. For detailed information on using the Object Initialization Rules Administration utility, see the Object Initialization Rules help. 1. Open the Object Initialization Rules Administration utility from the Utilities page of the context for which you want to define the rule. Object initialization rules can be specified at any context level. This means that you can set a default rule for all objects of a type in the site level context, and specify a different rule in an organization context, or in a particular application context, such as a product or a project. For example, you could specify an object initialization rule such that any document created in your site has a default Corporate Proprietary security label value of Private, but specify that all documents in a particular project have a default Corporate Proprietary security label value of Company Most Private. 2. If a rule exists for the object type, download the existing rule to your local machine, and open the XML file in a text editor. If you are creating a new rule, PTC recommends that you download an existing rule and save it as a new file to use as a template for the new rule. 3. Edit the XML file to add the desired default value for a security label. While only one object initialization rule can exist for an object in a particular context, that rule can contain multiple elements. For example, to specify that the Export Control security label should default to License Required - State, and that this value is selected by default if a list of values is displayed, add the following:
<!--set default security label values--> <AttrValue id="EXPORT_CONTROL" algorithm= "wt.rule.algorithm.StringConstant"> <Arg>LNS</Arg> </AttrValue> <AttrConstraint id="EXPORT_CONTROL" algorithm="com.ptc.core. rule.server.impl.GatherAttributeConstraints"> <Value algorithm="com.ptc.core.rule.server.impl. GetServerPreGeneratedValue"/> </AttrConstraint>

412

Windchill Installation and Configuration Guide

The algorithm to use for default security label values is wt.rule. algorithm.StringConstant. The value for the AttrValue element id attribute is the security label name defined in the security labels configuration file. An AttrValue element can be added for each security label on your system. The Arg element should be the security label value name specified in the securityLabelsConfiguration.xml file for a standard security label and the external value of the security label value for a custom security label. 4. Save the XML file to a known location on your machine. If desired, you can give the file a meaningful name. 5. If you edited an existing rule, select Edit from the actions list for the rule in the Object Initialization Rules Administration table. Browse to the XML file you just edited. If you are creating a new rule, click the new object initialization rule icon . Enter the name and type identifier for the object and browse to the XML file that you just edited. 6. Click OK . The rule immediately takes effect. There is no need to restart the method server.

Specifying Authorized Participants


The authorized participants can be specified for a security label value in multiple ways: Unspecified If neither a UFID nor an EvaluatorClass is specified, the label value does not limit access to the objects with the label value applied and it becomes an informative marking. UFID Only If an authorized participant is specified using a UFID, whether the participant (user, user-defined group, or organization) is cleared for access to the objects with the label value applied is indicated by the UFID value. EvaluatorClass Only If an evaluator class is specified, its isRestrictedBySecurityLabelValue method is called when the access rights of a participant are evaluated to determine whether the participant is cleared for access to objects with the label value applied. Both UFID and EvaluatorClass

Configuring Security Labels

413

If both a UFID and an evaluator class are specified, the UFID is only used if the isRestrictedBySecurityLabelValue method is not overridden in the evaluator class or if the method is overridden and the method calls super. isRestrictedBySecurityLabelValue and makes use of the result.

Specifying a UFID
The syntax for specifying a UFID is as follows:
<DISTINGUISHED_NAME>|<GUID>|<DOMAIN>

where

<DISTINGUISHED_NAME> is the distinguished name of the Windchill participant (user, user-defined group, or organization). The distinguished name is displayed on the information page for the participant in the Participant Administration utility. <GUID> is the globally unique identifier for the repository where the participant was initially created. <DOMAIN> is the internet style domain name of the repository where the participant currently resides.

In standard UFIDs, the <GUID> and <DOMAIN> values together represent the identity of the directory service in which the group resides. In Windchill usage, the <GUID> and <DOMAIN> values are identical, each being the name of the directory service in which the group resides. If you do not know the directory service name, it can be found by reversing the value obtained by one of following means: Viewing the value of Directory Service field when creating the participant. This field is only visible during participant creation using the Participant Administration utility. Viewing the name of the JNDI adapter used for the directory service as shown in the Info*Engine Administration utility. Viewing the value of the wt.federation.org.defaultAdapter property in the wt.properties file.

For example, if the value of the Directory Service field when creating the group was com.ptc.Ldap, then the value for the <GUID> and <DOMAIN> values is Ldap.ptc.com.

Additional Configuration Concerns


Your Windchill solution can now run with security labels enabled; however, additional configuration is necessary in some functional areas, depending on your site's intended security label usage.

414

Windchill Installation and Configuration Guide

Visualization and File Synchronization


If your site uses file synchronization to assist the visualization server in publishing viewables, a user (known as the file synchronization user) is specified in the agent worker authorization file (usually named auth.properties). This user is expected to have Read and Download permissions on all objects to be published. When security labels are enabled, only objects for which the file synchronization user is cleared can be published. For publishing to succeed, the file synchronization user must be an authorized participant for any non-null security label values set on the objects being published. If adding the file synchronization user as an authorized participant on all security label values is a concern for your site, you can chose to disable file synchronization for publishing. When file synchronization is disabled, publishing is always executed based on the access of the user initiating the publish action. For details on creating the auth.properties file and specifying the file synchronization user, see the File Synchronization section of the Windchill Specialized Administration Guide.

Security Label Parameter for CAD Application Clients and Arbortext Editor
Some authoring applications, such as Creo Parametric, Arbortext Editor, and various Windchill Workgroup Managers, can optionally use a CAD application parameter to set security labels on objects created within a workspace. The optional SecurityLabelParameter element specified for each security label in the security labels configuration file maps the parameter name to the security label name in Windchill. Only one SecurityLabelParameter element can be specified for each security label. This means that no matter how many authoring applications are in use at a site, they all must respect the same mapping and use the same parameter name.

Note If your site makes use of the nested family tables functionality in Creo Parametric, lower level instances inherit parameter values from the intermediate generic. If security label values can vary within lower level instances, then you should not use the parameter to set security labels.
Each parameter should be defined in the client as a String parameter. The parameter should also be defined as communicate to PDM system. In Creo Parametric, this is done using the Designate action in Tools
Parameter ; select the checkbox provided.

In Arbortext Editor, this is done by entering the parameter into the appropriate metadata element in the burst configuration file. In the workgroup manager clients, the parameter is automatically defined as communicate to PDM system.

Configuring Security Labels

415

If the parameter name does not match the name defined in the SecurityLabelParameter element, the parameter is not recognized as a security label and is treated like any other CAD parameter. No corresponding global attribute definition is needed for the security label communication. To override an object initialization rule set for the object type, you must set a parameter for the security label. If you want to use the object initialization rule on the object type for a particular security label, do not specify the parameter. For standard security labels, the values for the CAD parameter must be the RBINFO keys for the label values for the security label. The RBINFO key for the label value is the same as the name value of the SecurityLabelValue element. If a parameter value set on the object does not correspond to a valid label value, the object cannot be uploaded. For custom security labels, the values for the CAD parameter must be the external form of the label values. If the parameter value set on the object does not correspond to a valid label value, the object cannot be uploaded. If you specify the parameter, but leave the value blank, it is the same as explicitly setting it to the NULL value. As a result, any object initialization rules set for the object type will not apply when the object is added to Windchill because a NULL value is set. Users can assign security labels using CAD application parameters only for objects that are new in the workspace and have never been uploaded. Once an object has been uploaded, the parameters are considered as being owned by Windchill. For Creo Parametric, this means that the parameter becomes read-only and cannot be modified. For Arbortext Editor and the other workgroup managers, the parameters are considered to be system attributes. They can still be edited within the client, but any changes to the parameter are ignored when the object is later uploaded or checked in. Objects created from a template or a start part file stored in Windchill cannot be used to set a security label via parameter because the parameter value is already set. To set a security label, Use the Manage Security action on the object after it is created to update the label to the appropriate value. Set an object initialization rule for the new object when created, the object is automatically populated with the appropriate security label value. For more information, see the security labels help. Create the model in Creo Parametric so you can set the parameter value that will specify the security label in Windchill on initial upload.

After an object has been uploaded or checked in for the first time, security labels can only be set using the Manage Security action. When an object is later downloaded, the parameter reflects the currently-assigned security label as the parameter value. For more information on parameters, see the Windchill Workgroup Manager Administrator's and User's Guide for your workgroup manager.

416

Windchill Installation and Configuration Guide

Replication
When a new replica site is created, a principal (user or group) is selected to be the site principal, by clicking Select next to the Principal field:

This principal is used as the session principal for a replication session for that replica site. For objects to be replicated to the replica site, the principal specified for that site must have access to that object. When security labels are enabled, this means that for an object to be replicated to the replica site, the user or group specified as the site principal must be an authorized participant for all security label values on that object. The following types of replication are impacted: Scheduled replication Only objects to which the site principal has access are replicated. User initiated replication When replication is initiated, only objects to which the site principal for chosen replica site has access are replicated, even if the user initiating the replication has access to the objects.

Configuring Security Labels

417

Ad-hoc replication The object is only added to the user's preferred replica site if the site principal for that site has access to the object. If the site principal does not have access to the object, the user is provided a direct download URL from the proximity site. Predictive replication If the site principal does not have access to the object, a predictive cache rule is not created. If a predictive cache rule already exists for the object, but the site principal does not have access to it (either the site principal has been changed, or the access rights on the object have changed so that the site principal no longer has access), the object is not replicated.

For more information on replication, see the Replication section of the Windchill Enterprise Administration Guide and the File Vaulting and Replication help.

Creating Custom Domains for Agreements


If you have specified a custom domain for the agreements cabinet, you must create the domain in existing contexts before agreement managers are able to access the Agreements page.

Note If agreements are configured for your site but the agreements domain has not been created in existing contexts, the Agreements page is available to agreement managers, but the page displays an error message.
For more information about creating a domain, see the Contexts section of the Windchill Basic Administration Guide or the Policy Administrator help. Additional domains can be created and associated with the folders created and managed from the Agreements page.

Setting Access Control Permissions for Agreement Managers


Out of the box, there are no permissions set for the AuthorizationAgreement object type. For agreement managers to access and modify agreements, the appropriate access control rules must be set. You can set permissions using the Policy Administration utility or by creating or updating context templates. For more information on using the Policy Administration utility to create access control rules, see the Policy Administration help. For more information on creating context templates, see the Windchill Basic Administration Guide. Permissions should be set in the domain in which agreements reside as well as in the domain in which a user's checked-out work resides. When an object is checked out, a working copy of the object is created in a checked-out work folder. Out of the box, the checked-out work folder resides in the user's personal cabinet and the user has full control over all objects in the cabinet. By default, a user has the necessary permissions on his or her checked-out work folder to perform all actions.

418

Windchill Installation and Configuration Guide

When agreements are enabled, permissions should be set on the following object types: AuthorizationAgreement Cabinet SubFolder

Some permissions may already exist on the Cabinet and SubFolder object types and on their parent type, WTObject. Not all agreement managers are required to have full control over agreements. Permissions can be set for an individual agreement manager, a group of agreement managers, or the entire agreement manager group. Additionally, not all agreement managers need permissions in all contexts. You can set the rules so that some agreement managers can only create or modify agreements, while others have additional permissions, such as Delete. Only agreement managers with Read access to the agreements cabinet for a particular context can see the Agreements page in that context. For example, an agreement manager has permission to access the agreements cabinet in a project context, but the same agreement manager does not have permission to access the agreements cabinet in the organization context. As a result, this agreement manager is only able to see the Agreements page in a project context. Read permission is required to access any object and view its information page. The following table illustrates additional access control permissions required for actions often completed by an agreement manager. The object location column has the following values. Use these values to determine the domain in which to grant access control permissions. Target Location - the location where the agreement will reside when the action is complete. Source Location - the current location of the agreement. Checked-out Location - the location where the working copy of the agreement resides. Object Type Object Location Permissions Action New Agreement AuthorizationAgreement Target Location Create Target Location Modify Subfolder or Check Out Cabinet AuthorizationAgreement AuthorizationAgreement Subfolder Edit AuthorizationAgreement Source Location Checked-out Location Checked-out Location Checked-out Modify Create Modify Modify

Configuring Security Labels

419

Action

Object Location Location Check In AuthorizationAgreement Source Location Subfolder Checked-out Location or (if not owner of checkout) AuthorizationAgreement Source Location Undo Checkout AuthorizationAgreement Checked-out Location Subfolder Checked-out Location or (if not owner of checkout) AuthorizationAgreement Source Location or Checked-out Location Source Location Source Location

Object Type

Permissions Modify Modify

Administrative Delete Modify

Administrative

View Information Rename

AuthorizationAgreement AuthorizationAgreement

Read Modify (change name) Modify Identity (change number) Revise Create Set State1 or Administrative Change Domain2 Change Context3 Create By Move4 Modify

New Revision

Set State

AuthorizationAgreement (existing revision) AuthorizationAgreement (new revision) AuthorizationAgreement

Source Location Target Location Source Location

Cut/Paste

AuthorizationAgreement

Source Location

AuthorizationAgreement Subfolder or Cabinet

Target Location Source Location

420

Windchill Installation and Configuration Guide

Action

Object Type Subfolder or Cabinet AuthorizationAgreement Subfolder or Cabinet AuthorizationAgreement Subfolder or Cabinet AuthorizationAgreement AuthorizationAgreement

Object Location Permissions Target Location Modify

Copy/Paste

Target Location Target Location

Create Modify

Delete

Source Location Source Location

Delete Modify

Subscribe Manage Security

Source Location Source Location

Read Read

1. To set the state of an object, there must be a valid state transition between the current state and the target state. 2. The Change Domain permission is only required if the object is pasted in a new domain. 3. The Change Context permission is only required if the object is pasted in a new context. 4. The Create By Move permission is only required if the object is pasted in a new domain.

For example, if you want an agreement manager to be able to create an agreement, that participant must have Create permission for the agreement object and Modify permission for the folder or cabinet in which the agreement is to be created. You can set access control permissions on the AuthorizationAgreement type for users who are not agreement managers. Any user can subscribe to an agreement as long as the user has Read access to the agreement. For more information, see the agreements help. For more information about access control permissions, see the Access Control section of the Windchill Specialized Administration Guide.

Watermarks
Security label settings can be included in watermarks, similar to other object attributes. When publishing an assembly or structure, the security labels associated with the top-level object being published are the security labels included in the watermark. If the security label setting is different on a child part within the structure, that difference is not reflected in the watermark.

Configuring Security Labels

421

Security labels and their settings are stored in property groups. There are three property groups: WindchillEPM, WindchillPart, and WindchillDocument. These property groups are stored in the Structure or PVS file for Creo View, and can be viewed from within Creo View. The security label properties display in the following format:
<PROPERTY_GROUP>_sl<SECURITY_LABEL_NAME>

where

<PROPERTY_GROUP> is the prefix associated with the property group:


part for the WindchillPart property group epmdoc for the WindchillEPM property group doc for the WindchillDocument property group <SECURITY_LABEL_NAME> is the security label name as it appears in the name attribute of the SecurityLabel or CustomSecurityLabel element in the security labels configuration file.

For example, the security label property for the Export Control security label in the WindchillPart property group displays as follows:
part_slExport_Control

When a standard security label is selected from one of the property groups and included in a watermark, the localized label value displays based on the locale of the server. When a custom security label is selected from one of the property groups and included in a watermark, the external value displays. Initially, a representation inherits the security labels from the object it is representing, known as the representable object. Use the Manage Security action to update the security labels set on the representation. The properties available for selection on a watermark depend on the representation being viewed, and its representable object. When the representable object is a part with no associated EPM document: The WindchillPart security label properties for representations are those of the representable part and are dynamically updated whenever the security labels on the representable part are updated. If a representation was copied from an EPM document, the WindchillEPM security label properties for the representation are the security labels as they were set at the time the representation was copied to its current location. There is no connection between the representation and the original EPM document.

422

Windchill Installation and Configuration Guide

If a representation was copied from a document, the WindchillDocument security label properties for the representation are the security labels as they were set at the time the representation was copied to its current location. There is no connection between the representation and the original document. When the representable object is an EPM document with no associated part: The WindchillEPM security label properties for representations are those of the representable EPM Document and are dynamically updated whenever the security labels on the representable EPM document are updated. If a representation was copied from a part, the WindchillPart security label properties for the representation are the security labels as they were set at the time the representation was copied to its current location. There is no connection between the representation and the original part. If a representation was copied from a document, the WindchillDocument security label properties for the representation are the security labels as they were set at the time the representation was copied to its current location. There is no connection between the representation and the original document. If the representable object is an EPM document with an associated part: The WindchillPart security label properties for representations are those of the associated part and are dynamically updated whenever the security labels on the associated part are updated. The WindchillEPM security label properties for representations derived from the EPM document are those of the EPM Document and are dynamically updated whenever the security labels on the derived-from EPM document are updated. If the representation was copied from a different EPM document, rather than the representable EPM document, then the WindchillEPM security label properties for the representation are the security labels as they were set at the time the representation was copied to its current location. There is no connection between the representation and the EPM document from which it was originally derived. If a representation was copied from a document, the WindchillDocument security label properties for the representation are the security labels as they were set at the time the representation was copied to its current location. There is no connection between the representation and the original document. If the representable object is a document: The WindchillDocument security label properties for representations are those of the representable document and are dynamically updated whenever the security labels on the representable document are updated.

Configuring Security Labels

423

If a representation was copied from a part, the WindchillPart security label properties for the representation are the security labels as they were set at the time the representation was copied to its current location. There is no connection between the representation and the original part. If a representation was copied from an EPM document, the WindchillEPM security label properties for the representation are the security labels as they were set at the time the representation was copied to its current location. There is no connection between the representation and the original EPM document. Depending on the wvs.properties configurations at your site, representations can be copied forward when certain actions are performed on the representable object. These actions can include check out of the representable object, copy and pasting the representable object to a new location, revising the representable object, and so on. When a representation is copied forward, it becomes a copy, and the security label properties on the representation behave as described above. For more information on watermarks, see the Windchill Visualization Services Guide.

Best Practices for Security Labels and Agreements


Consider the following best practices for a system with security labels configured: Set a null security label value on objects that do not contain sensitive information. Setting a non-null informative marking is also acceptable. Objects with null security label values and non-null informative markings do not restrict access, which means your Windchill system will not need to verify that the user is an authorized participant. Use security labels only when one or more values restrict access to an object. Otherwise, use global attributes rather than non-null informative markings on an object. Security labels that are purely informative markings are not a replacement for global attributes. For objects that do contain sensitive information, add participants to the label value's authorized participant's group unless the participants only need access for a limited time. Agreements should be used only as an exception to a security label value restriction. While there is no limit to the amount of time an agreement can be active, agreements should not be used as the primary means to grant a large number of users access to a security-labeled object. All the name/value pairs applied to a business object are stored together in a single database column with a size limit of 4000. For standard security labels, keep the name attribute of the SecurityLabel element and the name

424

Windchill Installation and Configuration Guide

attribute of the SecurityLabelValue element as short as possible as these values are not generally seen in the user interface. For more information, see Edit the Security Labels Configuration File on page 393. For custom security labels, keep the name attribute of the CustomSecurityLabel element and the internal custom security labels values as short as possible. You can use a custom translator to reduce the size of the internal values stored in the database. For more information, see Create a Custom Translator Class on page 391. Use caution when specifying an authorized participant for a security label value or an agreement. Specifying a group or an organization as an authorized participant gives those with permission to change group or organization membership control over who is authorized by the security label value or agreement. Make sure that you select groups and organizations whose membership can only be modified by administrators that should be allowed to extend access to objects with the security label value applied or that are associated with the agreement. For example, if you select a system group associated with a context team role as the authorized participant for an agreement, by default the context administrator is able to change the team membership and therefore also change who is an authorized participant for the agreement. Unless the context administrator is also an agreement administrator, the context administrator may not understand the impact of changing the team membership. The Select Authorized Related Changes step when creating or editing an agreement aids in managing agreement authorized objects. However, including large change objects as related change objects in an agreement can negatively impact Windchill performance. When implementing custom evaluator and translator classes, performance may be impacted as methods in the custom classes will be called frequently by Windchill. If you are setting up a call to an outside system, for example, you may consider caching the returned values to improve performance on subsequent method calls. If you are using custom security labels, PTC recommends adding validation to the user interface if users are able to enter values manually, such as by using the text field provided by default when custom security labels are configured. A custom translator class is recommended to validate the values to prevent unexpected values from being stored in the database, either if the user enters an invalid value in the user interface or if an invalid value is specified in an import file. Ensure that an administrator is able to modify a standard or custom security label value, in case it is mistakenly set by a user to a value that restricts the user s access, and the user needs assistance correcting the value.

Configuring Security Labels

425

21
Installation Logs and Troubleshooting
Installation Log Files ................................................................................................ 427 Troubleshooting Your Initial Installation...................................................................... 428 The PTC Solution Installer Global Registry ................................................................ 443

This section describes where to find the log files that can help you debug issues that arrise during installation. It also describes known issues and actions you can take to resolve them.

426

Windchill Installation and Configuration Guide

Installation Log Files


During the installation, information is written to various log files. The log files are located in the following directories: Windows <installation directory>/installer/logs UNIX <installation directory>/installer/logs There are generally two log files written per installation session: <installer short name>_InstallLog.xml <installer short name>_PtcInstall.log

Note The <installer short name>_InstallLog.xml is only available after the installer terminates.
When multiple executions of the same installer are performed to the same installation directory, these log files are backed up and the file names are changed to include a sequence number. The sequence numbers begin with 000. For example, the log files for the first execution of the installer would be named as follows: <installer short name>_InstallLog.000.xml. For example, WNC_InstallLog.000.xml <installer short name>_PtcInstall.000.log. For example, WNC_PtcInstall.000. log

Up until the point where you have actually clicked Install on the Installation Summary panel, the log files are written to the temporary directory controlled by the operating system as follows: On Windows, the environment variable %TMP% is used and typically defaults to Local Settings\Temp directory of the current users in the User Profile directory. For example, d:\User Profiles\<userid.domain>\Local Settings\Temp.

Note On Windows, the Local Settings directory may be hidden by default. If you cannot find the Local Setting directory using the Windows Explorer, check your folder options to ensure that hidden folders are displayed. On UNIX, the logs are temporarily written to either /var/tmp or /tmp (JVM implementation dependent). If the installer does not have permission to write to the temporary directory, it writes the <installer short name>_InstallLog.xml file to the user's <HOME> directory, but the <installer short name>_PtcInstall.log is held in memory until they are both written to <Windchill>/installer/logs. If

Installation Logs and Troubleshooting

427

the installation fails before you have actually clicked Install , there is no <installer short name>_PtcInstall.log written when the installer does not have permission to write to the temporary directory. When the installer is executed in a language other than English, messages in the <installer short name>_PtcInstall.log files are written in both English and the translated form. Not all messages have a translated form. If problems occur during the installation, write down the location of the log files and be prepared to send them to PTC Technical Support for analysis. If an installer fails before the install has actually started, the files are located in the directory identified by the operating system as noted previously.

Troubleshooting Your Initial Installation


Reading through the following common problem descriptions may help you in troubleshooting your installation problems. Problem: When an installation fails, the installer logs are not written to the standard output directory of <installation directory>/installer/logs. Action: In this case, the installer displays the location of the installation log files that it has produced. Write down the location specified by the installer. The location of the log files depends upon when in the installation process the installation fails. Refer to Installation Log Files on page 427 for details. Problem: When installing on Windows, the installation fails after the PTC Solution Installer (PSI) closes before completing the installation. Action: This can result from the Windchill Directory Server or Java not being installed on a local drive. The following error will be found in the WINDCHILLDS_PtcInstall. log:
javax.naming.CommunicationException: Could not connect to the LDAP Server

See the section titled Setting the Installation Directory on Windows on page 49 in the Windchill Installation and Configuration Guide. If a prohibited file path was specified in PSI for installation, reinstall using a non-prohibited file path.

428

Windchill Installation and Configuration Guide

Problem: If you are installing Windchill Directory Server on an IBM AIX Platform, the installation may fail with the following error:
javax.naming.CommunicationException: Could not connect to the LDAP Server, ldap at com.ptc.ldapserver.install. port: 389 ldap manager: cn=Manager actions.CheckServerStatus.process(CheckServerStatus.java:78) at com.ptc.windchill.install.framework.InstallAction.run(InstallAction.java:476)

By default, the IBM JVM initially uses Internet Protocol Version 6 (IPv6) for all network accesses, followed by using IPv4. If a sites Domain Name Server is not set up properly to respond to IPv6 requests, the IPv6 requests may time out before IPv4 use is attempted. For example, even a simple request to get the local host name can cause such timeouts. The Windchill Directory Server code makes several local host name requests and, therefore, may take a long time to start on some AIX sites. The Windchill Directory Server installation process only waits 120 seconds for the Windchill Directory Server to start before continuing with installation tasks and the server must be running for the installation to complete successfully. If, as a result of the DNS timeouts, the Windchill Directory Server takes longer than 120 seconds to start, then the Windchill Directory Server installation may fail with the error that is identified above. Although the Windchill Directory Server may eventually start, the installation does not complete successfully and you will not be able to connect to the Control Panel. Action: This is an issue with a sites IPv6 DNS configuration in conjunction with the way IPv6 is used by the IBM JVM. For additional information on the issue, see information on the IBM site that is available from: http://www-01.ibm.com/support/docview.wss?uid=swg21170467 . Also see RFC 4074 that is available from: http://www.ietf.org/rfc/rfc4074.txt. One way to resolve the issue is to update the DNS to respond properly to IPv6 requests, as described in section 3 of RFC 4074. After you have fixed the problem, rerun the installer. Alternatively, if you are not using IPv6, you can set the IP configuration to use only IPv4 by adding the following line to the /etc/netsvc.conf file:

Installation Logs and Troubleshooting

429

hosts=bind4,local

Using IPv4 fixes the timeout problem that was causing the Windchill Directory Server installation to fail. After you have fixed the problem, rerun the installer. Problem: On a UNIX system, the installer does not run. This can happen if the TMP directory does not have the disk space required by the installer. Action: Set the environment variable LAX_DEBUG=1 in the shell where the installer was launched and restart the installer. This should result in output being written to the console window. If the output produced indicates that the amount of /tmp disk space required to perform this installation is greater than what is available, you can set the IATEMPDIR environment variable to a directory on a disk partition with enough free disk space. Then restart the installer. To set the variable, enter one of the following commands at the UNIX command line prompt before running this installer again: for Bourne shell (sh), ksh, bash and zsh: $ IATEMPDIR=/<your>/<free>/<space>/<directory> $ export IATEMPDIR for C shell (csh) and tcsh: $ setenv IATEMPDIR /<your>/<free>/<space>/<directory>

Problem: The installer cannot find a valid Java Virtual Machine (JVM). This can happen in the following situations: If you try running the installer using an executable file that is located in a NoVM directory. You are trying to install one of the products from the Windchill Third Party Software CD or the Windchill Services CD over a network connection, and you do not have a supported JVM on your local machine. For the installers, the supported JVM is a version of Java 1.5.

430

Windchill Installation and Configuration Guide

Either or the following messages could be returned: The installer requires Java 1.5 in your path. (on UNIX) Could not find a valid JVM to load. (on Windows). Action: If you were not using a setup script that is located at the root directory on the CD, rerun the installer using the setup script located in the root directory. Running the installer from the root directory ensures that the JVM bundled with the installer is used. If you are installing over a network connection, locate a supported JVM and rerun the installer using the setup command with the following as the first two arguments on the command line. UNIX: UNIX
<install_dir>/<setup_script> LAX_VM <java_install_dir>/bin/java

Windows: Windows
<install_dir>/<setup_script> LAX_VM <java_install_dir>/bin/java.exe

Where <install_dir> is the directory path to the setup file, <setup_script> is the setup script in the root directory of the CD for the product you are installing (such as setup_tomcat.vbs), and <java_install_dir> is the installation directory for the JVM. The second argument is the actual Java VM executable, not a directory. If any other arguments are passed in, they must follow these two arguments. Alternative Method: Method An alternative to running the setup script from command line and including the LAX_VM option is to set the LAX_VM environment variable to the same value that would be used on the command line. When this variable is set, running the setup script that is in the root directory on the CD automatically adds LAX_VM and <java_install_dir>/bin/java to the command line for the installer that you are starting. Problem: On AIX, the installer core dumps and does not launch. Action: This can happen if the IBM_MIXED_MODE_THRESHOLD environment variable is set. Unset the IBM_MIXED_MODE_THRESHOLD variable. Problem: Technical Support asks you to provide additional diagnostic information about how the installer launches and what JRE is used to execute the installer.

Installation Logs and Troubleshooting

431

Action: There are two ways to obtain additional diagnostics: On some Windows versions, you can press the CTRL key when you doubleclick on the setup.vbs script that is at the root level of the CD. This brings up a command shell window with diagnostic information. You can copy this information into a file to send to Technical Support. On UNIX and Windows, you can set the environment variable LAX_DEBUG to 1. Then execute the setup script for the installer that is at the root level of the CD. The diagnostics are shown in the same command window (UNIX) or in a pop-up window (Windows).

Problem: The installer does not run. The error message returned indicates that one of the following requirements is not true: The installer only runs on the following platforms: AIX, HP-UX, Solaris, Windows 2000, or Windows 2003 The installer requires Java 1.5 or higher in your path.

Action: Ensure that you are running on a supported platform. Although the message does not indicate that Windows XP is supported, the installers can run on Windows XP also. Additionally, ensure that you are running the installer using the scripts located in the root directory of the CD. This ensures that Java Virtual Machine bundled with the installer is being used. Problem: Sometimes the installer appears to skip over a step. Action: The installers behave in a wizard-like fashion with Next and Previous buttons. In a system where the response is slow, the wizard may not advance to the next or previous step as quickly as expected and you may click the Next or Previous button again (repeatedly). This mouse click event is queued up and acted upon when the system responds. This may advance the windows beyond the expected window. Once the Next or Previous button has been clicked, wait for the installer to respond and advance to the intended window. Under normal system conditions, the installer moves forward and backward through the windows with little noticeable delay.

432

Windchill Installation and Configuration Guide

This issue has been filed as a bug with the software vendor Macrovision. Problem: On Windows, the installer Cancel Installation dialog box demands the user interface focus. Action: When you try to cancel the installer through the Cancel Installation dialog box, the window monopolizes the window focus on the desktop. To release the focus, click either the cancel (the X in the upper right corner of the dialog box) or Resume button.

Problem: During an installation, the installer displays the following:

Action: The appearance of this window indicates that the installer could not locate a required file from the current media set.

Installation Logs and Troubleshooting

433

If you are installing over a network, the window can be an indication that the response time across the network is too slow for the installer. Click Cancel and rerun the installer. If the windows appears again, try running the installer when there is less network traffic or from another network, or copy the installation files to your local system. If you are installing from the installation CDs or a local directory, then the installation data set is incomplete. Try downloading the installation files again. If this fails to correct the problem, contact Technical Support for assistance. Problem: The following error message appears when you are doing a keyword search in Windchill Index Search:
Resource limit Exceeded

Problem: The following error message appears on a UNIX system during a data load if the Windchill Index Search server is not running:
Indexing Queue is Experiencing Problems

Action: PTC recommends you disable indexing during data loads and use the Bulk Index Tool for a more performant load. Also, you need to make sure that Windchill Index Search has enough time to start completely before the data load is started, and the indexing queue is ready. You need to check this directly. If the error still occurs, start Windchill Index Search manually. See the information in Completing Configuration - Manual Steps.

Note The indexing errors clear once Windchill Index Search is up and running correctly. Everything then should run normally.
Problem: On AIX, installing the Windchill solution with multiple optional products fails. Action The last JAR to be loaded from the JDK should always be tools.jar.

434

Windchill Installation and Configuration Guide

AIX limits the classpath, so long classpaths get truncated when there are many optional products installed. The best way to diagnose this is when the classpath listing at the top of the MethodServer log arbritrarily truncates the last line(s) of the path as listed below. A common secondary symptom is the exception on the subject line
- wt.util.WTException: java.lang.NoClassDefFoundError: com.sun.tools.javac.Main (also in the MethodServer log).

Example, Non-Working MethodServer Log


Mon 6/30/08 16:27:15: main: ------------------------------------------------------------------------------

Mon 6/30/08 16:27:15: main: INFO Starting MethodServer

: wt.method.server.startup -

Mon 6/30/08 16:27:15: main: INFO JVM id: 647398

: wt.method.server.startup -

Mon 6/30/08 16:27:15: main: INFO JVM: 1.6.0, IBM Corporation

: wt.method.server.startup -

Mon 6/30/08 16:27:15: main: INFO Class path =

: wt.method.server.startup -

Mon 6/30/08 16:27:15: main:

/mnt/disk2/ptc/Windchill/codebase

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/activation.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/ieWeb.jar

Installation Logs and Troubleshooting

435

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEBINF/lib/ie3rdpartylibs.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/ieWeb.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/install.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/mail.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/Gantt.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/jviews-chartall.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/jviews-frameworkall.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/jviews-ganttall.jar

436

Windchill Installation and Configuration Guide

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEBINF/lib/wc3rdpartylibs.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEBINF/lib/CounterPartWeb.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/prowtWeb.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/wncWeb.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/pdmlWeb.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/sumaWeb.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/scmiWeb.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/pjlWeb.jar

Mon 6/30/08 16:27:15: main:

Installation Logs and Troubleshooting

437

/mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/GanttExplorer.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/tibjms.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/ptlWeb.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/lib/servlet.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/lib/windu.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/lib/wnc.jar

Mon 6/30/08 16:27:15: main: /mnt/disk2/ptc/Windchill/lib/pdml.jar

Mon 6/30/ 6/30/08 08 16:27:15: main:

/mnt/disk2/ /mnt/disk2/ptc/ ptc/

Mon 6/30/08 16:27:15: main: INFO

: wt.method.server.startup -

Setting WTContext time zone to America/Chicago; offset: -5.0

Mon 6/30/08 16:27:15: main: INFO

: wt.method.server.startup -

Setting default time zone to GMT; offset: 0.0

Example, Working MethodServer Log


Thu 6/26/08 18:20:36: main: -----------------------------------

438

Windchill Installation and Configuration Guide

--------------------------------------------

Thu 6/26/08 18:20:36: main: INFO Starting MethodServer

: wt.method.server.startup -

Thu 6/26/08 18:20:38: main: INFO JVM id: 466962

: wt.method.server.startup -

Thu 6/26/08 18:20:38: main: INFO JVM: 1.6.0, IBM Corporation

: wt.method.server.startup -

Thu 6/26/08 18:20:38: main: INFO Class path =

: wt.method.server.startup -

Thu 6/26/08 18:20:38: main:

/mnt/disk2/ptc/Windchill/codebase

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/activation.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/ieWeb.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/ie3rdpartylibs.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/ieWeb.jar

Installation Logs and Troubleshooting

439

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/install.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/mail.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/Gantt.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/jviews-chart-all.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/jviews-framework-all.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/jviews-gantt-all.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/wc3rdpartylibs.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/CounterPartWeb.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/prowtWeb.jar

Thu 6/26/08 18:20:38: main:

440

Windchill Installation and Configuration Guide

/mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/wncWeb.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/pdmlWeb.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/sumaWeb.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/codebase/WEB-INF/lib/scmiWeb.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/lib/servlet.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/lib/windu.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/lib/wnc.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/lib/pdml.jar

Thu 6/26/08 18:20:38: main: /mnt/disk2/ptc/Windchill/lib/scmi.jar

Thu 6/26/08 18:20:38: main:/mnt/disk2/ptc/Java/lib/tools.jar

Installation Logs and Troubleshooting

441

Thu 6/26/08 18:20:38: main: INFO

: wt.method.server.startup -

Setting WTContext time zone to America/Chicago; offset: -5.0

Thu 6/26/08 18:20:38: main: INFO

: wt.method.server.startup -

Setting default time zone to GMT; offset: 0.0

Problem: When installing as a root user on UNIX, the PTC Solution Installer terminates after hitting Install . Action: Clear the SESSION_MANAGER variable. This issue will not occur if using the PSI as a non-root user.

Troubleshooting the Web Server, Servlet Engine and Method Server


You can gather information on Web server, servlet engine, and method serve communication to help you troubleshoot issues before contacting technical support. Perform the following: 1. Start the Web server, servlet engine, and method server. 2. From a windchill shell, change to the <Windchill>\codebase directory and enter the following command:
ant -f ServerConnTest.xml -Dusername=<UserName> Dpassword=<password>

3. Select each of the links. The following list describes a successful result: The first two rows result in SUCCESS messages Authenticated JSP Request link results in a page that shows the user authentication name THe last row shows a low-level echo of the HTTP request's fields without an error. An authenticated version shows the user name under the heading cgi.remote_user in the format:
:<username>:

If all of these links show successful messages, the communication between the Web server, servlet engine and method server is working. Any failure messages include more information on troubleshooting the issue.

442

Windchill Installation and Configuration Guide

Gathering Information for a Support Call


Prior to contacting Technical Support for assistance with your installation problem, gather the log files for your particular installer from the logs directory mentioned at the beginning of the section Installation Log Files on page 427. In some cases, the files are quite large. You may want to ZIP or TAR them before sending them to Technical Support. If you are reporting an issue for a product installed into the Windchill installation directory, also provide the information generated by the Windchill version command. This information can be obtained by executing the following command in a command prompt window:
windchill version

A report similar to the following report is generated:

Provide the information in this report when submitting your information to Technical Support.

The PTC Solution Installer Global Registry


The PTC Solution Installer (PSI) creates a global registry file for each installation instance. The global registry file is needed to update an instance, so the PSI automatically backs it up into the local installation every time the PSI is executed.

Installation Logs and Troubleshooting

443

The registries for each installation instance are created under whichever user they installed as. For instance, if someone ran the PSI as root on UNIX, the PSI creates a registry for the installation under root's home directory. This prevents other users from seeing or modifying root's installations via the PSI; but if the registry is removed, not even root will be able to see them. The registries are created here: UNIX
<user_home>/ .ptc/windchill/<instance_id>

Windows
<drive>\User Profiles\<user_name>\Application Data\PTC\ Windchill\<instance_id>

Within the <instance_id> is the actual registry file psi_iir.xml which contains information about that instance. There may be some numbered backups such as psi_iir.000.xml as well. The <instance_id> folder is a computer-generated unique ID, so in order to identify a particular registry, the psi_iir.xml must be referenced. When the PSI is executed, the registry is backed up to the following location: <Base Installation Directory>/installer/instreg/<instance_id> where: <Base Installation Directory> = the base common directory of the installed products <instance_id> = the unique string that identifies the registry instance The base installation directory and its instance_id are added to a master index file (psi_iir_index.xml) that resides in the old registry location. When an existing installation is updated to a later maintenance release or point release, an entry for the installation is created in this file and the registry for the old release is removed.

444

Windchill Installation and Configuration Guide

22
Loading and Mounting the CDROM on UNIX
Determining the SCSI ID of the CD-ROM Drive .......................................................... 446 Loading and Mounting the CD-ROM Locally .............................................................. 447 Loading and Mounting the CD-ROM Remotely ........................................................... 448

Most UNIX systems automatically mount the CD-ROM after it is loaded into the CD-ROM drive. For users whose machines do not mount automatically, the following instructions explain how to load and mount the CD-ROM both locally and remotely.

Note Sun Solaris 2.x has automatic CD mounting. For more specific information on how to mount CDs on Sun hardware, visit http://docs.sun.com/.

Loading and Mounting the CD-ROM on UNIX

445

Determining the SCSI ID of the CD-ROM CD-ROM Drive


You specify the SCSI identification number of your CD-ROM drive when you mount the CD-ROM file system to your UNIX workstation. If you already know the SCSI ID of your CD-ROM drive, proceed to the next step. If you do not already know the SCSI ID of your CD-ROM drive: For external CD-ROM drives, the SCSI ID can be found on the back of your CD-ROM drive. Look for a single-digit switch. The displayed number is the SCSI ID number. For internal CD-ROM drives, use the following table to find the command(s) you need to enter to determine the SCSI ID (the number in bold is the ID).

Commands Used to Find the SCSI ID of the CD Device System HP-UX Command and Output 1. Insert the CD-ROM into the drive. 2. Become root user. 3. For each file in the /dev/rdsk directory, type the following at the command line:
/etc/diskinfo /dev/rdsk/ <device>

SCSI ID 3

<device>should be replaced with each item in the /dev/dsk directory.


For the device file identified as type: CD-ROM, the SCSI ID is to the right of the letter t in this example of a device file name:
c0t3 d0

SUN AIX
446

Note The identified device file name is the same file name that is used in the command to mount the CDROM. Automatically mounts the CDROM. lsdev -C -c cdrom -H

Windchill Installation and Configuration Guide

Commands Used to Find the SCSI ID of the CD Device (continued) System Command and Output IBM eServer p5 and pSeries systems have IDE CD-ROM Drive SCSI ID (in the string 0008 00#0)

Note The inclusion of a system in this table does not indicate support for that system; this information is only included to help you determine the SCSI ID for CD-ROM drives that are remotely mounted to your workstation. See the software platform matrix (available from http://www.ptc.com/appserver/cs/doc/refdoc.jsp) for information on supported systems and platforms.

Loading and Mounting the CD-ROM CD-ROM Locally


1. Turn on the CD-ROM drive and insert the CD-ROM. 2. If the /cdrom directory does not already exist, create it using the following command:
mkdir /cdrom

3. To mount the CD-ROM drive, enter the command appropriate for your UNIX workstation system. For Sun, the command is:
mount -F hsfs -o ro /dev/dsk/c0t#d0s0 /cdrom

In the command line, replace the # symbol with the SCSI ID of the drive. For AIX, the command is:
/usr/sbin/mount -o ro -v cdrfs -f /dev/cd0 /cdrom

For Hewlett-Packard, the procedure is: a. Add the following line to the /etc/pfs_fstab file. The first entry is the CD-ROM device file, the second is the mount point. The third entry indicates that the CD-ROM to be mounted is in ISO9660 format with Rockridge extension:
<device_file> <mount_point> <filesystem_type> <translation_method>

Example:
/dev/dsk/c5t2do /cdrom pfs-rrip xlat=unix 0 0

b. Perform this step (and steps c through e) as the root user. Run the following file:
# nohup /usr/sbin/pfs_mountd &

Loading and Mounting the CD-ROM on UNIX

447

c. Run the following file:


# nohup /usr/sbin/pfsd &

d. Run the following command to mount the CD-ROM:


# /usr/sbin/pfs_mount /cdrom

e. Exit the root user account:


# exit

f. Change directories to /cdrom, where you can see a lowercase listing of the directories and files on the CD-ROM. The mounted CD-ROM should appear as another read-only file system. Linux RHEL 4.0 64-bit 64-bit If you install Red Hat with the default desktop environments Gnome or KDE, the CD mounts automatically. If it does not mount or you need to mount the CD manually, use the command:
mount <directory for CD-ROM device configured in /etc/fstab >

If you have not configured a CD-ROM device in /etc/fstab or did not allow the Red Hat installer to automatically configure a CD-ROM device in your /etc/fstab, refer to Red Hat documentation for instructions. You can find Red Hat documentation at: http://www.redhat.com/docs/manuals/enterprise/

Loading and Mounting the CD-ROM CD-ROM Remotely


The CD-ROM drive should be mounted using NFS version 2. On machines that support NFS 3, an extra argument needs to be added to the mount command to force the use of NFS 2. 1. Load and mount the CD-ROM on the remote UNIX system to which the CDROM drive is connected. Use the procedure outlined in Loading and Mounting the CD-ROM Locally on page 447. 2. The CD-ROM file system must be exported before a remote UNIX system can allow access to the CD-ROM from your local UNIX workstation. To accomplish this, a line must be added to a file on your local UNIX workstation and, in some cases, a command needs to be executed. 3. Use the following table to look up the system of the remote UNIX system. Select your system from the System column, and add the text line in the Line to Add column to the file in the File to Edit column. You must have correct write permissions to edit these files. 4. If necessary after you have made the changes, execute the command listed in the Command column.
448

Windchill Installation and Configuration Guide

Exporting the CD File System System HP-UX AIX File to Edit /etc/exports /etc/exports Line to Add /cdrom -ro /cdrom -ro (AIX 5.2) /cdrom -sec=sys, ro (AIX 5.3) share -F nfs -o ro /cdrom Command exportfs /cdrom /usr/sbin/exportfs /cdrom

Sun

/etc/dfs/dfstab

shareall

5. If the /cdrom directory does not already exist on your local UNIX workstation, create it using the following command:
mkdir /cdrom

6. The CD-ROM directory must be mounted from the remote UNIX system to your local workstation. Use the following table to identify your local UNIX workstation type and execute the corresponding command. In the command, specify values, as follows:

<node>is the name of the remote UNIX system to which the CD-ROM drive is connected. <cdmount>is the CD-ROM mount directory used on the remote UNIX system.
System HP-UX AIX Sun Remote Mounting Command
/etc/mount -o ro,hard <node>:<cdmount> /cdrom /usr/sbin/mount -o ro,hard <node>: <cdmount> /cdrom mount -o ro,hard <node>:<cdmount> /cdrom

Note If problems occur while using an installer from a remote-mounted CD-ROM, you can try remounting the remote CD-ROM using one of the following commands:
For Sun systems
mount -o ro,hard,vers=2 <node>:<cdmount> /cdrom

For IBM eServer p5 and pSeries systems:


/usr/sbin/mount -o ro,hard,vers=2 <node>:<cdmount> /cdrom

Loading and Mounting the CD-ROM on UNIX

449

7. If your system does not automatically mount the CD-ROM, enter the required command. For example, for Hewlett Packard systems:
/etc/mount -F cdfs -o ro /dev/dsk/c?t#d0 /cdrom

Note In the preceding example, the number sign (#) represents the SCSI ID of the CD-ROM drive. 8. The CD-ROM file system must be exported before a remote UNIX system allows access to the CD-ROM from your local UNIX workstation. To accomplish this, you must add a line to a file on your local UNIX workstation, and, in some cases, execute a command. 9. Use the following table, to identity your remote system; add the text in the Line to Add column to the file listed in the File to Edit column. You must have the correct write permissions to edit the files. If necessary, execute the command listed in the Command column. For additional information, see your hardwarespecific documentation.
System HP-UX Sun File to Edit /etc/exports /etc/dfs/dfstab Line to Add /cdrom -ro share -F nfs -o ro /cdrom Command exportfs /cdrom shareall

If problems occur while using an installer from a remote-mounted CD-ROM on Sun Solaris systems, try remounting the remote CD-ROM using the following command:
mount -o ro,hard,vers=2 <node>:<cdmount> /cdrom

450

Windchill Installation and Configuration Guide

Recovering an Installation
If your installation was unsuccessful and you re-run the PTC Solutions Installer on the same machine, you are given the option to recover your installation. This gives you the opportunity to fix the issue that caused the installation from that point.

23

Note During the recovery some panels may be disabled.


To recover a failed installation, use the following procedure: 1. Execute the PTC Solution Installer (PSI). 2. On the first screen with the PTC logo, select the installer language and click Next . 3. Review the Before You Begin and click Next . 4. Review the license and have the appropriate person accept it. Click Next . 5. A Recover Failed Installation message is displayed. Click Yes to recover the most recent failed installation; if you have more than one, click No and continue to the next screen. 6. Perform the following based on your action from step 5: a. If you clicked Yes in step 5, verify the installation information and correct the information that caused the failure. b. If you clicked No in step 5, select Recover and click Next . i. Select your installation instance to complete and click Next . ii. Verify the installation information and correct the information that caused the failure.

Recovering an Installation

451

24
Starting and Stopping Windchill
Starting and Stopping Apache and the Windchill Method Server .................................. 453 Using a URL to Access Windchill .............................................................................. 454 Running Windchill as a Windows Service .................................................................. 455

This chapter provides instructions on managing the Windchill servers (start and stop), how to initiate the Windchill home page, and how to configure Windchill to run as a Windows service.

452

Windchill Installation and Configuration Guide

Starting and Stopping Apache and the Windchill Method Server


Starting and Stopping Apache
This section describes how to stop and start the Apache Web server.

Apache Start and Stop Files


The user that runs Apache on Windows should be the same user that installed Apache. On UNIX, the user can be the same as the install user, however, this user must have access permission to use port numbers that are less than 1024, if necessary. To start Apache on Windows: Use the Apache shortcut. This shortcut is created by the Info*Engine installer. You can optionally elect to create the start file shortcut during the Info*Engine installation. Run <Apache>/bin/httpd.exe. In the Apache console window, enter Ctrl/C. If Apache is configured as a Windows service, then stop the <Apache>/bin/ ApacheMonitor.exe service by using the Windows Services control panel. From a command prompt, enter:
apachect1 start

To stop Apache on Windows:

To start Apached on UNIX:

To stop Apache on UNIX: From a command prompt, enter:


apachect1 stop

Using a Windows Shortcut


When Windchill Services is installed, the installer verifies whether shortcuts were created during the Info*Engine installation (based on the shortcut option you selected). If a shortcut exists, then a shortcut is created for the Windchill method server and for the windchill shell. In that case, you can use a shortcut to start the Windchill method server and to launch the windchill shell.

Starting and Stopping Windchill

453

Select one of the following shortcut options to start the Windchill method server and to launch the windchill shell: Use the Windows Start menu: Windchill Method Server Navigate to Start Programs <webapp> , and click Windchill Method Server . windchill shell Navigate to Start Programs <webapp> , and click
windchill shell .

Where <webapp> represents the Web Application Context Root value you specified during the Info*Engine installation, for example, Windchill. Desktop Icon: Click on the Windchill Method Server icon. Click on the windchill shell icon.

Quick Launch Bar: You must mouse-over the icons in the quick launch bar to display the icon labels. Click on the Windchill Method Server icon. Click on the windchill shell icon.

Other This is a location that you specified during the installation.

Using a URL to Access Windchill


Using a URL allows you to access the Windchill application from a Web browser. The server manager and method server must be running (as well as the Web server and servlet engine) before Windchill can be accessed. The URL string is formatted as follows http://<hostname>:<port>/<webapp> The <hostname> is the DNS Registered Host Name , <port> is the optional port number, and <webapp> is the Web Application Context Root . You only need to include the port number when the application is using a port number other than 80 (default). If you are using the default port, then entering http://< hostname>/ <webapp> is sufficient to enter in your Web browser Address (or Location) text box. For example, if you specified Windchill for the <webapp> parameter, then the following URL entered in the Web browser Address text box will open the Windchill home page:
http://<hostname>/Windchill

If you configured Windchill for HTTPS, then the format would be:
https://<hostname>:<port>/<webapp>

The default port number for HTTPS is 443. If you assigned a value other than the default value, then include the port number in the HTTPS URL string.

454

Windchill Installation and Configuration Guide

On Windows, if shortcuts are created by the Windchill Services installer (see Using a Windows Shortcut above), a shortcut is included that will open a web browser window directly to the Windchill home page. For example, to access Windchill you can navigate to Start Programs < webapp > , and click Windchill Home Page . This shortcut is provided solely as a convenience for the administrator; it is accessible only through the Windows system on which Windchill is installed. The shortcut target file is <Windchill>/bin/HomePage.html (where <Windchill> is the Windchill installation directory); the installer writes the Windchill URL into this file using the format described above.

Note The URL stored in HomePage.html is written only once by the Windchill Services installer. If the URL subsequently changes (e.g., because of a port change), the administrator needs to manually edit this file accordingly to continue to use the shortcut.

Running Windchill as a Windows Service


Execute the following command to configure Windchill to run as a Windows service. The service is automatically started when the command is executed. From a Windchill shell, enter:
ant -buildfile <Windchill>\opt\ntservice\WindchillService.xml install -DserviceName=<ServiceName>

Where <ServiceName> is a unique name to reference this service (e.g., WTService). You can now manage (e.g., start and stop) Windchill from the Windows Services utility. It is listed in the utility under the name (i.e., <ServiceName>) that you provided in the above command.

Starting and Stopping Windchill

455

Points to Consider When Running a Windows Service


The following items are points that should be considered when running an application as a Windows service: The environment that supports a running service is different than the environment in which a service was launched from a console window. A service running under the default system account is not able to access the shared network resources. You must modify the permissions to allow access to the shared network resources. The server launchers require a formally installed JRE in order to run. Formally installed means the JRE was installed with the JRE installer; which updates the Windows registry. If you copy a JDK or JRE folder from a different source, the JavaSoft (or IBM) registry keys will not exist and the service launcher will not be able to locate the JVM.

Troubleshooting Tips
If the JNI error finding main class or Unable to change the working directory messages are displayed in the Windows Event Viewer, then try the following: Verify your CLASSPATH settings to ensure it is correct. If a directory contains spaces, enclose the directory path in quotes.

Removing Windchill as a Windows Service


To remove Windchill as a service, execute the following command from a Windchill shell:
ant -buildfile <Windchill>\opt\ntservice\WindchillService.xml uninstall -DserviceName=<ServiceName>

Where <ServiceName> is the name you gave the Windchill Windows service when you created it.

456

Windchill Installation and Configuration Guide