Beruflich Dokumente
Kultur Dokumente
0
2011 IBM Corporation
This session
We will install from scratch a complete IBM Lotus Connections infrastructure. No smoke, no mirrors. You'll go away with all the materials needed to install Lotus Connections 3.0 from scratch, and become Enterprise 2.0 heroes! The Lotus Connections install process keeps improving with each release, introducing new wizards, reducing prerequisite steps, making the process more robust and Lotus Connections 3.0 goes a step further by using the new Installation Manager technology. But there are still a lot of moving parts. With over thirty successful Lotus Connections installations completed between us, we'll take attendees through the installation process step-by-step, from installing and patching IBM WebSphere and IBM DB2, connecting to LDAP, through installing Lotus Connections and onto securing the service, all in 90 short minutes!
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
Technical Director of Collaboration Matters (UK-based Lotus business partner), a social software evangelist and Lotus Connections specialist. Has been working with Lotus software for 18 years, and focused on Lotus Connections since its 2007 launch, presenter at conferences such as Lotusphere, UKLUG and Collaboration University. Authors the Connections Blog: lotusconnectionsblog.com (amongst others) Twitter: stuartmcintyre Email: stuart@collaborationmatters.com
Some Terminology...
Term WAS IHS DB2 LDAP TDI ISC Meaning IBM WebSphere Application Server (Network Deployment Edition) IBM HTTP Server (or IHS), based on ApacheTM IBM DB2 Enterprise Server Edition Lightweight Directory Access Protocol - the service used for authentication and population of data into Lotus Connections IBM Tivoli Directory Integrator Integrated Solutions Console (WAS Administration utility) We may also have used these abbreviations: LC ST LQ DMgr IBM Lotus Connections IBM Lotus Sametime IBM Lotus Quickr WAS Deployment Manager
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
WebSphere Application Server Network Deployment 7.0 WebSphere Application Server Network Deployment Supplements 7.0 (HTTP) WebSphere Application Edge Components 7.0 (Optional)
DB H TTP
LDA P
TDI
TDI 7 .0 .0 .5
2011 IBM Corporation
10
WAS ND 7.0 PA/ PW WAS ND Supplements 7.0 PA/ PW WebSphere UpdateInstaller 7.0.0.13 TN FC HTTP 7.0
LC 3.0 Installer PA/ PW LC 3.0 Wizards PA/ PW LC 3.0 UpdateInstaller FC All current LC3.0 Fixes FC
FC
PA/ PW
FC = Fix Cent ral ht t p:/ / ibm.com/ support / fix cent ral PA/ PW = Passport Advant age (Cust omers) or Part nerWorld (Part ners)
11
Windows Server 2008 Enterprise Edition (64 Bit only - not R2!) Windows Server 2003 SP2 Enterprise Edition (32 Bit only) Windows Server 2003 SP2 Standard Edition (32 Bit only
Red Hat Enterprise Linux 5.0 Advanced Platform SUSE Linux Enterprise Server 10 SP2 (System z) Update 4 (System z) SUSE Linux Enterprise Server 10 SP2 (32 Bit) Red HEL 5.0 Advanced Platform Update 4 (32 Bit or 64 SUSE Linux Enterprise Server 11 (System z - 64 Bit Tolerate) Bit) SUSE Linux Enterprise Server 11 (64 Bit Tolerate)
12
Then cloned VM
13
WAS HTTP
2GB
In a production environment, would expect LDAP to already exist (Domino or AD), otherwise this environment built on VMWare ESX would work well.
14
15
16
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
17
We're not saying you shouldn't use something else, but there are a lot of reasons why the 'included-in-the-box DB2' is the logical choice...
18
Suggestions:
19
Other tips...
We don't want to ruin all the surprises in our 12 Things Your Mother Never Told You session, but there are a couple critical tips to pass along:
Never install into c:\program files (or any path with spaces) Keep paths as short as possible If using VMs, take regular snapshots (so you can do a step over if needed) Use Baretail (or tail -f) to follow log files Use an LDAP browser Use cheat sheets (record frequently-used command lines in a txt file) Plan to spend three times more time planning than doing, and three times more time doing that on Profiles than anything else Always wear white at night (important general safety tip)
20
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
21
22
Connections 3.0 installer supports installing multiple nodes at the same time
The installer will run directly against Deployment Manager and Managed Node rather than on unmanaged nodes (like 2.5)
23
Upgrades from Connections 2.5.0.2 to Connections 3.0 will be supported New Database Wizard for Connections 3.0
Nanny mode enables you to look into the detailed commands the Wizard runs, selected by default Streamlined Wizard reduces number of questions asked
24
25
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
26
Installation Sequence
We will be following an install process that makes most sense on stage, given time and equipment constraints You do not need to perform the steps in exactly this order. The key is that all installation pre-requisites are met fully before installing Lotus Connections. The steps fall into four categories:
Pre-installation steps (installing foundational software) Configuring for Lotus Connections (create databases, etc.) Install Lotus Connections Post-Installation steps
27
28
Pre-Installation Tasks
As per the previous slide, we need to get a bunch of foundational installs out of the way before we actually install Connections:
On our Data server:
Install DB2 Apply the DB2 license Install TDI Apply TDI Fixpack Install WAS Install HTTP and WAS Plug-ins Install WebSphere Update Installer Patch WAS, HTTP, Plug-ins to 7.0.0.11
29
Run v9.7fp2_ntx64_server.exe to unzip the contents (e.g. into c:\Install\db2_9702) Go to the "SERVER" directory and run setup.exe
30
31
32
33
34
35
36
37
38
39
DB2 Tools are not required for this environment, click Nex t...
40
DB2 Notifications are not required for this environment, deselect Set up your2011 IBM Corporation DB2
41
It is security best practice to enable Windows Security, though I do not always do so depending on organisational policy.
42
43
44
45
The Control Center will launch, showing the View panel. Ensure Advanced is selected, set to not show this window in the future, and click OK:
46
47
48
Deselect the "User must change password at nex t logon" option, select Password never ex pires. Click Create
2011 IBM Corporation
49
Select the Member of tab. The lcuser user must be added to the DB2USERS group. Click Add and type DB2USERS in the "Enter the object names to select" field:
50
51
Test:
Login as db2inst1 db2cc
52
53
You should then be ready to run DBWizard... Also need to configure DB2 to start automatically, e.g.:
Edit /etc/rc.local as root, add the following:
#START DB2 for LOTUS CONNECTIONS DB2LOG=/tmp/startDB2.out.`date +"%y%m%d"` su db2inst1 -c /home/db2inst1/sqllib/adm/db2start >> $DB2LOG 2>&1
54
55
DB2 is shipped with trial license, this needs to be replaced with limited license included with Lotus Connections...
56
57
58
59
60
61
62
63
64
65
Choose a suitable location that does not contain a space (e.g. C:\IBM\TDI\V7.0), and click Nex t...
66
67
68
69
70
71
Check the details, deselect Start the Configuration Editor, and click Finish. IBM Corporation 2011
72
73
74
75
Click Launch the installation wizard for WebSphere Application Server NetworkIBM Corporation 2011
76
77
78
79
80
Choose a suitable location (C:\IBM\WebSphere\AppServer), and click Nex t... IBM Corporation 2011
81
82
Select Enable checkbox and enter username and password* and 2.5 t... * Note: this is a change from click Nex 2011 IBM Corporation
83
84
85
86
Click Finish...
2011 IBM Corporation
87
88
89
90
91
92
93
Enable both checkboxes, enter the details of your Windows admin user, set startup type as Automatic and click Nex t...
94
Create a new user ID for this purpose (e.g. ihsadmin, add a password, and click Nex t...
95
Select to install the Plug-in, create web server definition (defaults to webserver1), check the hostname of the server (e.g. connections.ls11.us), and click Nex t...
96
97
Click Finish...
2011 IBM Corporation
98
99
Its always best to download and use the latest release, e.g. 7.0.0.13.
100
101
102
103
104
105
106
107
108
These need to be downloaded from FixCentral and stored in an easily accessible location, e.g. C:\Install\WASFixes
109
110
111
Select the directory where the WAS fixes reside (e.g. C:\Install\WASFixes) and click Nex t...
112
All applicable patches should be selected, check this and click Nex t ...
2011 IBM Corporation
113
114
115
116
117
This need to be downloaded from FixCentral and stored in an easily accessible location, e.g. C:\Install\WASFixes Note: if the HTTP Server is installed on a different system to the WAS server, then this fix will also need to be installed:
7.0.0-WS-WASSDK-WinX64-FP0000011.pak
118
119
120
Select the directory where the HTTP fixes reside (e.g. C:\Install\WASFixes) and click Nex t...
121
All applicable patches should be selected, check this and click Nex t ...
2011 IBM Corporation
122
123
124
125
126
This need to be downloaded from FixCentral and stored in an easily accessible location, e.g. C:\Install\WASFixes Note: if the HTTP Server is installed on a different system to the WAS server, then this fix will also need to be installed:
7.0.0-WS-WASSDK-WinX64-FP0000011.pak
127
128
129
Select the directory where the HTTP fixes reside (e.g. C:\Install\WASFixes) and click Nex t...
130
All applicable patches should be selected, check this and click Nex t ...
2011 IBM Corporation
131
132
133
134
Phew!
We've now finished the pre-requisite software install (all the foundational software we need for Connections is now in place) It's time to start actually configuring things for Connections Grab your favorite beverage and forge ahead!
135
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
136
137
138
139
Log in with the user you defined as administrator during the WAS install (wasadmin / GetS0c1al)
140
141
142
143
144
145
Click Save
146
When you are done, click Apply and then click Save
2011 IBM Corporation
147
148
Enter your IP domain name including a leading .. Select the "Interoperability Mode" check box. Click OK and then Save.
149
150
Then stop and restart the Deployment Manager using the Services panel:
Once the service has restarted, log into the ISC again using the browser.
151
Leave the search criteria as the defaults, and click Search. WAS will query the LDAP server and return a list of matching users:
152
153
154
155
156
157
Unless you have a very good reason not to, accept the default of all features, and click Nex t
158
159
160
Check Open log to review the log files as the wizard runs...
161
Check the details (ensuring all features created successfully), then click Finish.IBM Corporation 2011
162
163
164
Click Nex t
165
166
167
Enter the hostname of the database server and the LCUSER password.
With DB2 installed on the same system, we set the JDBC driver path to the java subdirectory of the DB2 install. With Oracle, SQL Server or a remote DB2 install, this 2011 IBM Corporation JDBC driver would need to be copied onto the system. Click Nex t 168
Enter the full hostname of the LDAP server, and ensure that SSL is selected if required (were using standard port 389 here). Click Nex t
169
Enter the LDAP Bind ID and password as used in WAS earlier. Click Nex t
170
Enter the search base used in WAS earlier. The default LDAP search filter is2011 IBM Corporation usually
171
You can customize the mappings between the LDAP and profiles database if 2011 IBM Corporation required.
172
You can customize the mappings between the attributes and full text fields (e.g. country codes) if required. Weve never needed to do this!
173
174
175
Check the section highlighted here, and if all is well, click Finish.
176
177
Pre-Installation Complete
At this stage, all the pre-installation tasks are complete. This would be a very very good time t o take backups (having stopped the database, WAS and HTTP), or to take SnapShots if using virtual machines. At the very least, take a copy of the c:\IBM directory on the WAS server! Take lunch... Freshen up... Cross yourself (or praise a suitable deity)... Deep breath...
Lets go!
178
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
179
Configured LDAP and secured the WAS DMgr Created the Lotus Connections databases Populated the Profiles database from LDAP
Having installed installed and patched TDI7.0 first
180
181
182
183
184
185
186
187
188
Ensure both the Installation Manager and Connections 3.0 are selected,
189
Read every word and meditate on it, then accept and click Nex t:
190
I know it will shock you, but we would recommend in the st rongest terms not IBM Corporation 2011 to
191
192
193
Click Nex t
194
Unless you are limited by license, ensure all features are selected (they canbe IBM Corporation 2011
195
196
If all is working correctly, the WAS DMgr will be detected and displayed:
197
Enter the hostname of the WAS server (connections.ls11.us in this case), the WAS Administration username and password, and then select Validate
2011 IBM Corporation
198
199
200
Select the Small Deployment option, enter a Cluster Name (e.g. connections) and click Nex t
201
202
203
204
205
206
207
208
Click Nex t
209
210
If there are newer versions of any resources it will download them automatically The install should take in the region of one hour to complete
211
212
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
213
Post-Installation Tasks
Note that there are a number of post installation tasks which must be performed to complete the configuration Before beginning these tasks, you must restart the Deployment Manager for changes to take effect
Either do this from the command line (stopManager.[bat,sh], startManager.[bat,sh]) or using the Windows Services panel - the wasadmin username and password will be needed for the stop command
214
215
216
(To start the admin server on Linux and AIX systems, use the terminal. Navigate to the HTTPServer/bin directory and issue the following command: ./adminctl start)
2011 IBM Corporation
217
218
219
220
221
Click Nex t
2011 IBM Corporation
222
Click Nex t
223
Click Nex t
224
The locations need to be edited to remove Program Files (i.e. be C:\IBM\HTTPServer), and the correct username and password for the HTTP Admin 2011 IBM Corporation task need to be entered (as created in Step 6). Click Nex t 225
Ensure all the details are correct, and then click Finish
226
227
228
Wait for the synchronization to complete - when it does, the screen displays to updated status of the nodes:
229
This means that when a configuration change is saved to the repository, a re 2011 IBM Corporation synchronization is automatically executed 230
231
232
233
This indicates the successful copy of these keys We need to restart the Web server for the plug-in changes to take effect:
234
235
236
(On a Linux or AIX system, it is launched by executing ikeyman.sh from /opt/IBM/HTTPServer/bin - XWindows is required)
237
238
Ensure Key database type is set to CMS (this is the default), enter a name for the file (e.g. webserver-key.kdb) and a location (this directory must have been created e.g. C:\IBM\Keyfiles). Click OK
Enter a password, and tick the Stash password to a file option. Click OK
2011 IBM Corporation
239
240
Add a Key Label and extend the Validity Period to a long period, were using 10 years here. If desired, add details of the organisation as well. Ensure the Common Name is correct (it is added by default). Click OK
241
242
Ensure that the status of the HTTP Server is stopped (a red cross), then click webserver1
243
Click Configuration File to open the HTTP Server configuration file (httpd.conf). This can also be edited manually in C:\IBM\HTTPServer\conf\httpd.conf...
244
245
246
247
248
249
250
251
252
253
Click OK
254
Finally, restart the HTTP server to apply the changes The HTTP Server and WAS server can now communicate over SSL Next, we need to ensure that the URLs used by Lotus Connections are passed correctly to the WAS server
2011 IBM Corporation
255
256
Step 19: Update Web Addresses used by Lotus Connections to access Content
We need to edit the LotusConnections-config.xml file to remove the ports that the installer automatically adds, now that the HTTP Server is fronting the WAS environment The correct method to do this is to check out the file using WSAdmin, edit it and then check it back in again As discussed in our BP105 session, we are more pragmatic about this and often edit the file directly (having made a backup) However, lets do it correctly...
257
Step 19: Update Web Addresses used by Lotus Connections to access Content (cont.)
First, lets remove the need to add usernames and passwords everytime we run WSAdmin and other WAS commands...
Using your favorite text editor, open C:\IBM\WebSphere\AppServer\profiles\Dmgr01\properties\soap.client.props Set: com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid=wasadmin com.ibm.SOAP.loginPassword=mypassword and save Then encode password so it is hidden in the future Start a Command Prompt
cd C:\IBM\WebSphere\AppServer\profiles\DMgr01\bin PropFilePasswordEncoder.bat ..\properties\soap.client.props com.ibm.SOAP.loginPassword
Do the same for the Connections server: Set same values in C:\IBM\WebSphere\AppServer\profiles\AppSrv01\properties\soap.client.props Then encode password so it is hidden in the future
cd C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin PropFilePasswordEncoder.bat ..\properties\soap.client.props com.ibm.SOAP.loginPassword
2011 IBM Corporation
258
Step 19: Update Web Addresses used by Lotus Connections to access Content (cont.)
Start a Command Prompt session
cd C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin wsadmin -lang jython
This copies the current LotusConnections-config.xml file to C:\Temp (which needed to exist). Leave this WSAdmin session open... 2011 IBM Corporation
259
Step 19: Update Web Addresses used by Lotus Connections to access Content (cont.)
Edit C:\Temp\LotusConnections-config.xml using your favorite editor (e.g. Wordpad): Update all href= and ssl_href= values to reflect the host name of the HTTP Server. Do not include any port numbers e.g.
260
Step 19: Update Web Addresses used by Lotus Connections to access Content (cont.)
Double-check your changes - it is very easy to make mistakes at this stage Save the file Go back to the WSAdmin session. Enter:
LCConfigService.checkInConfig()
Ensure the file is valid and gets checked back in Still in the WSAdmin session:
synchAllNodes()
261
262
Select the connections cluster and click Start This will kick off the start of the Connections environment:
263
264
265
So close!
Were nearly there! The last couple of steps are upon us:
Configuring Application Administrators (users than can administer individual Lotus Connections features) Setting Blogs homepage
266
267
268
269
Click the check box beside admin, then click Map Users...
270
271
Click OK and then Save Follow the same procedure to map groups or users to different roles in the various applications, such as admin or moderator where appropriate It is not required to restart the servers for this change to take effect, though synchronization can take a few minutes in complex clusters
2011 IBM Corporation
272
273
274
275
Fill in the fields, ensuring that the Theme is set to Blogs Homepage and theBlog Corporation 2011 IBM
276
277
Set the Handle of blog to serve as Blogs Homepage to be the same as the value entered into the Blog address field when the blog was created (e.g. home) Click Save
278
Log out The Blogs feature will display its newly-configured homepage:
279
280
However, your job isn't completely finished yet! NOW, you need to start thinking about:
Configuring for autostart Backups Redirect for Homepage Enabling two-way sync between Lotus Connections and your LDAP Customizing themes (well, at the very least add your logo!) Adding fields Adding sample content
281
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
282
In a real life environment, it will take longer than that If we were going to give a SWAG time estimate, we'd figure at least three days one for the 'foundation software' work, another for the actual Connections install(s), yet another for the post-install work. Then, add more time for customization, TDI assembly lines, customizing themes and skins, Sametime integration, etc., etc., etc.
283
284
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
285
286
287
Agenda
Introductions, housekeeping, etc. The Installation Environment General Advice Whats Changed for 3.0? Pre-installation Tasks Configuring for Lotus Connections Installing Lotus Connections Post-installation Tasks Summary Resources Q&A
288
Legal Disclaimer
IBM Corporation 2011. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBMs current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBMs sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.
IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.
All references to Renovations efer to a fictitious company and are used for illustration purposes only.
289