IBM Connections wiki: Deployment Scenarios: Scenario 2: Installing Lotus Connections 3.0

Scenario 2: Installing Lotus Connections 3.0 - Large Network Deployment

Added by

Dana Liburdi | Edited by IBM contributor

Dana Liburdi on April 23, 2012 | Version 28

Edit
More Actions ▼

7 comments

Abstract

This article describes how to deploy IBM® Lotus® Connections 3.0 in a large network deployment. This type of deployment is typical of an enterprise-level production system and is both highly available and highly scalable.

Tags: 3.0, deploying, 3_deployment, scenarios, test_infrastructure

ShowTable of Contents

HideTable of Contents

1 Overview
2 Scenario description
- 2.1 Prerequisites details
- 2.2 Environment hardware and software specifications
3 Configuration diagrams
4 Deployment considerations
5 Getting started
6 Installation and configuration instructions
- 6.1 Configure the database
- 6.2 Populating the Profiles database manually
7 Installing Lotus Connections 3.0
- 7.1 Before beginning the installation
- 7.2 Installation
8 Configuring the HTTP Server
9 Configuring application administrators and configuring Blogs
10 Tuning and Optimizing Lotus Connections 3.0
11 Integration
- 11.1 Enabling Sametime Awareness with Sametime 8.5
- 11.2 Integration with Quickr Domino 8.5
12 About the Authors

Overview

This scenario explains how to deploy IBM® Lotus® Connections 3.0 in a network deployment that involves multiple machines; that is, one IBM WebSphere® cell containing two nodes, both of which host Lotus Connections 3.0. This scenario is typical of an enterprise-level production deployment. This article is designed to be an end-to-end guide to deploying this type of configuration, including all prerequisites. You can also follow this guide in situations in which more than two nodes are being deployed.

To view this content in PDF format, download the http://www-10.lotus.com/ldd/lcwiki.nsf/xsp/.ibmmodres/domino/OpenAttachment/ldd/lcwiki.nsf/D20AFE41AB037E90852578370012E8F6/attach/Large_Deployment_S2.pdf|Large_Deployment_S2.pdf attachment">Large_Deployment_S2.pdf">http://www-10.lotus.com/ldd/lcwiki.nsf/xsp/.ibmmodres/domino/OpenAttachment/ldd/lcwiki.nsf/D20AFE41AB037E90852578370012E8F6/attach/Large_Deployment_S2.pdf|Large_Deployment_S2.pdf attachment external link

Scenario description

This scenario is designed as an end-to-end guide to deploying Lotus Connections 3.0 in a network environment containing two nodes. Full system specifications and a list of software used in this configuration are outlined in the Environment Hardware and Software Specifications topic in this article. The following properties describe the environment in more detail.

Operating system
Microsoft® Windows® Server 2008 Enterprise Edition x86-64 Bit

Database server
IBM DB2® 9.7 FP2

User directory
IBM Tivoli® Directory Server v6.2

Supported plug-ins
All plug-ins are supported in this environment.

WebSphere topology
We select the "medium" install topology for this scenario. This amounts to three Java^TMVirtual Machines (JVMs) on each node; three clusters hosting all the Lotus Connections 3.0 features. As this scenario is described on 64-bit hardware, there is no need, from a resource perspective, to have individual clusters for each application. Three clusters on this hardware with all applications are capable of handling quite a large number of users.

Note that there are a number of advantages and disadvantages to consider when opting for a "medium"' versus "large" WebSphere topology. For instance, less RAM is required when using medium topology. Conversely, a large deployment can allow easier serviceability by having individual JVMs for each application. On a 32-bit operating system, a large topology may be more appropriate. All in all, you can use this guide no matter which topology is selected.

Secure sockets layer (SSL)
SSL is enabled on this deployment for all communication.

Other product integration
This scenario describes integration with IBM Lotus Quickr® Domino® 8.2 and IBM Lotus Sametime® 8.5.

Mail integration
Mail integration is enabled in this deployment using DNS MX records.

Prerequisites details

The following describes the prerequisites that must be completed prior to installing Lotus Connections 3.0. The installation of all these prerequisites is explained in the course of this document, with the exception of the LDAP, which is already configured. Links to fix packs and the names of each machine used in this deployment scenario are included with each prerequisite descriptions.

Installation and configuration of WebSphere Application Server 7.0 Network Deployment (ND) and IBM HTTP Server

WebSphere Application Server must have the following fix packs and fixes applied:

7.0.0-WS-WAS-WinX64-FP0000011.pak
7.0.0-WS-WASSDK-WinX64-FP0000011.pak
7.0.0.11-WS-WAS-IFPM12828
7.0.0.0-WS-WAS-IFPM23410 *
7.0.0.0-WS-WASJavaSDK-WinX64-IFPM24384 *

IBM HTTP Server must have the following fix packs applied:

7.0.0-WS-IHS-WinX64-FP0000011.pak
7.0.0.0-WS-WASJavaSDK-WinX64-IFPM24384 *

IBM HTTP Server Plug-ins for WebSphere has the following fix packs applied:

7.0.0-WS-PLG-WinX64-FP0000011.pak
7.0.0-WS-WASSDK-WinX64-FP0000011.pak
7.0.0.0-WS-WASJavaSDK-WinX64-IFPM24384 *

Note that the panel shots supplied with this guide for applying fixes do not include the fixes followed by an asterisk (*). However, the above list is the definitive list of fixes required for Lotus Connections 3.0 to run correctly in this environment. Hence, all the above listed fixes need to be applied. panel shots are supplied to supplement the instructions how to do this.

These fix packs can be downloaded from IBM Fix Central at: http://www.ibm.com/support/fixcentral

The Deployment Manager, nodes, and Web Server are each installed on their own machines as shown in Table 1.

Table 1. Install details

Purpose	Host Name
Deployment Manager	dm.example.com
Node 1	node1.example.com
Node 2	node2.example.com
Web Server	connections.example.com

Installation and configuration of DB2 Enterprise Edition 9.7

DB2 must have the following fix pack applied:

DB2-ntx64-server-9.7.200.358-FP002

DB2 fix packs can be downloaded from this location: http://www-01.ibm.com/support/docview.wss?uid=swg27007053

In this scenario, the database is hosted on a machine named "db.example.com". Individual database instances are used for each database, which we explain later in this article.

Installation and configuration of Tivoli Directory Integrator 7.0

TDI must have the following fix pack applied:

7.0.0-TIV-TDI-FP0005

This fix pack is available here: http://www.ibm.com/support/fixcentral

DB2 and TDI are installed on the same machine:

Purpose	Host Name
Database and TDI	db.example.com

LDAP Directory

The LDAP server used is IBM Tivoli Directory Server V6.2 and is named ldap.example.com.

Environment hardware and software specifications

Table 2 lists all the hardware and software specifications for our environment. Note that the OS for all machines is Microsoft Windows Server 2008 Enterprise Edition x86-64.

Table 2. Hardware and software specifications

Machine DNS Name	Purpose	RAM (GB)	CPU	Hard drive size (GB)	Software and versions installed
connections.example.com	IBM HTTP Server	8	2 x Intel Xeon X7460 @ 2.66 GHZ	70	IBM HTTP Server V7.0.0.11 IBM HTTP Server plug-ins for WebSphere V7.0.0.11 IBM WebSphere Update Installer V7.0
dm.example.com	Deployment Manager Shared data space	12	2 x Intel Xeon X7460 @ 2.66 GHZ	200	WebSphere Application Server Network Deployment V7.0.0.11 IBM WebSphere Update Installer V7.0 Lotus Connections 3.0
node1.example.com	WebServer Application Server Node 1	12	2 x Intel Xeon X7460 @ 2.66 GHZ	70	WebSphere Application Server Network Deployment V7.0.0.11 IBM WebSphere Update Installer V7.0
node2.example.com	WebServer Application Server Node 2	12	2 x Intel Xeon X7460 @ 2.66 GHZ	70	WebSphere Application Server Network Deployment V7.0.0.11 IBM WebSphere Update Installer V7.0
db.example.com	Database (64 bit)	16	2 x Intel Xeon X7460 @ 2.66 GHZ	100	IBM DB2 v9.7 FP 2 IBM Tivoli Directory Integrator V7.0 FP 5
ldap.example.com	LDAP Directory Server	8	2 x Intel Xeon X7460 @ 2.66 GHZ	50	IBM Tivoli Directory Server V6.2

Configuration diagrams

The diagrams in this section demonstrate the topology used in this deployment scenario. The topology offers both performance and reliability, and is designed as an enterprise-level production deployment that is highly available. An additional benefit to this topology is its ability to scale up as required in the future.

We first explain how to set up the Enterprise Network Deployment and then move on to discuss the additional configuration, Enterprise Network Deployment Architecture with Sametime and Quickr Domino Integration . You should focus on whichever best suits your configuration. For even more complex deployments, involving single sign-on (SSO) solutions, refer to the best practice articles on topics such as Tivoli Access Manager, SiteMinder, and Simple and Protected Negotiation mechanism (SPNEGO) in association with this guide.

Standard Enterprise Network Deployment Architecture

Figure 1 shows the enterprise-level network deployment of Lotus Connections 3.0 without any additional complexity. This topology shows a two-node cluster of Lotus Connections, in which the LDAP and database servers communicate with the cell controlled by the Deployment Manage. The Tivoli Directory Integrator server sits between the database and LDAP, maintaining synchronization between both.

Lotus Connections is installed on the Deployment Manager machine and from there is pushed out to the nodes in the cell, node01Node and node02Node. The shared data store is a shared space accessible from all nodes in the configuration and the Deployment Manager. In this case the shared space is mounted on the Deployment Manager machine and shared with both nodes, at the same location on those machines.

Sitting in front of the entire configuration is the Web server, from which the end user accesses Lotus Connections 3.0.

Figure 1. Standard Enterprise Network Deployment Architecture

Enterprise Network Deployment Architecture with Lotus Sametime and Quickr Domino

The configuration in figure 2 builds on that shown in figure 1, depicting a more complex environment involving integration with Lotus Sametime and Quickr Domino.

Figure 2. Enterprise Network Deployment Architecture with Lotus Sametime and Quickr Domino

WebSphere Application Server topology

The relationships between the various components in the deployment in figure 2 above is clear. However, it did not address the WebSphere Application Server topology, which is shown in figure 3. In this scenario, there are multiple (three) clusters, each containing four of the Lotus Connections applications, and each cluster contains a server on each node.

Figure 3. WebSphere Application Server topology

Deployment considerations

Here is a brief discussion of some of the key points to consider when planning a deployment of Lotus Connections.

System requirements

Lotus Connections 3.0 is supported only on 64-bit versions of Linux® or AIX®, with the exception SLES10 31 bit on System Z. Even though it is supported on 32-bit versions of Windows, it is highly recommended to move to a 64-bit operating system to achieve better performance a from the overall system.
It is recommended to have 12 GB RAM on your node machines.
In this scenario, the system hosting WebSphere Application Server and Lotus Connections has a total of 100 GB, and approximately 70 GB hard disk space was free on the system after the installation. This is capable of delivering high availability and scalability for very large deployments and is good base for any future expansion. When planning the installation it is important to consider how many users will use the system and how much data each user may generate. The file system should be big enough to handle this, or else expanded over time to cope with space requirements.

Resource planning
While this scenario covers a specific deployment situation, it can be used as a guide to deploying other slightly different topologies. It is possible to customize the number of clusters and applications that are installed into each cluster and, where there are resource constraints, any number of the Lotus Connections applications can be combined onto a cluster.

It is also possible to combine one or more databases onto any number of DB2 instances to achieve the performance required.

Future planning
It is crucial to plan for the future when deploying Lotus Connections. Even though this configuration is an excellent starting configuration, over time the demands on the system may grow, and it may be necessary to additional nodes to the system. This topology offers this option by allowing additional nodes to be added to the cell, as and when required in the future.

Integration with other products and SSO
Integration with some IBM products is covered in this document, but we do not address a single sign-on (SSO) solution. Note, however, that you may need to consider the implications of integrating other products with Lotus Connections or SSO between a security product and Lotus Connections when planning your installation.

Enabling SSO with another IBM product will involve exchanging LTPA tokens, the sharing of realms and users who can access the system, as well as the machines being in close synchronization with each other's system clocks.
If you plan to deploy a system in which a third-party security suite such as SiteMinder, Tivoli Access Manager, or SPNEGO will be deployed, it is crucial that an LDAP user is configured as a WebSphere Application Server administrator and is specified as the user to connect to WebSphere Application Server during the installation.

Security considerations

The proxy-config.tpl file allows the proxy to work with self-signed certificates. This is true out-of-the-box, but for improved security you should set the value of the unsigned_ssl_certificate_support property to false, when your deployment is ready for production. This file can be checked out and edited by following the Configuring the AJAX proxy section of the Lotus Connections product documentation.

Getting started

Installing WebSphere Application Server 7.0 on the Deployment Manager

1. On dm.example.com, unzip the file you have downloaded into a directory on your hard disk. Go into that directory and launch launchpad.exe. The following panel is displayed.

2. Click the "Launch the installation wizard for WebSphere Application Server Network Deployment" option. The following panel is displayed.

3. Click Next. The following panel is displayed.

4. Accept both the IBM and non-IBM terms and click Next. The following panel is displayed.

5. If the prerequisites check is successful, click Next. The following panel is displayed.

6. Leave all the check boxes unselected and click Next. The following panel is displayed.

7. Select an installation directory, preferably not in c:\Program Files, and click Next. The following panel is displayed.

8. Select "Management" as the environment to install, and click Next. The following panel is displayed.

9. Select the Deployment manager option and click Next. The following panel is displayed.

10. Choose a user name and a password for the administrative user of WebSphere Application Server and click Next. The following panel is displayed.

11. Leave the check box unchecked and click Next. The following panel is displayed.

12. Click Next. The following panel is displayed.

13. Click the Finish button.

Installing WebSphere Application Server 7.0 on the node machines

Repeat the same steps as above on node1.example.com and node2.example.com, choosing "Application server" instead of "Management" in this panel:

Installing IBM HTTP Server V7.0 and WebSphere plug-ins

1. On connections.example.com, unzip the WebSphere Application Server Supplements file into a directory on your hard disk. Go into the IHS subdirectory and double-click install.exe. The following panel is displayed.

2. Click Next. The following panel is displayed.

3. Accept both the IBM and non-IBM terms and click Next. The following panel is displayed.

4. If the prerequisites check is successful, click Next. The following panel is displayed.

5. Select an installation directory, preferably not in c:\Program Files, and click Next. The following panel is displayed.

6. Leave the default values, and click Next. The following panel is displayed.

7. Check the two check boxes at the top, select to "Log on as a specified user account", and select a user name and a password for that account. Click Next. The following panel is displayed.

8. Check "Create a user ID for IHS administration server authentication", and select a user name and a password. Click Next. The following panel is displayed.

9. Check "Install the IBM HTTP Sever Plug-in for....". The two fields below that should already be filled in; leave the defaults and click Next. The following panel is displayed.

10. Review the installation summary, and click Next. The following panel is displayed.

Upgrading WebSphere Application Server, HTTP Server, and WebSphere Plug-ins to correct fix pack level

Apply the fix pack on dm.example.com, node1.example.com, and node2.example.com

You must repeat this procedure on all three servers.

1. In the directory where you unzipped the WebSphere Application Server Supplements, go to the UpdateInstaller directory and click Install.exe. The following panel is displayed.

2. Click Next. The following panel is displayed.

3. Accept both the IBM and non-IBM terms and click Next. The following panel is displayed.

4. If the prerequisites check is successful, click Next. The following panel is displayed.

5. Select an installation directory, preferably not in c:\Program Files, and click Next. The following panel is displayed.

6. Review the installation summary and click Next. The following panel is displayed.

7. Select the "Launch IBM Update installer for WebSphere Software on exit" check box. The following panel is displayed.

8. Click Next. The following panel is displayed.

9. The location of the AppServer should already be filled in. Click Next. The following panel is displayed.

10. Select "Install maintenance package" and click Next. The following panel is displayed.

11. Select the directory where you copied 7.0.0-WS-WAS-WinX64-FP0000011.pak, 7.0.0-WS-WASSDK-WinX64-FP0000011.pak, 7.0.0.11-WS-WAS-IFPM12828.pak, 7.0.0.0-WS-WAS-IFPM23410* and 7.0.0.0-WS-WASJavaSDK-WinX64-IFPM24384*. Click Next. The following panel is displayed.

12. Check the applicable boxes and click Next. The following panel is displayed.

13. Review the installation summary and click Next

Apply the fix pack on connections.example.com

The procedure is different on the machine connections.example.com.

1. In the directory where you unzipped the WebSphere Application Server Supplements, go to the UpdateInstaller directory and click Install.exe. The following panel is displayed.

2. Click Next. The following panel is displayed.

3. Accept both the IBM and non-IBM terms, and click Next. The following panel is displayed.

4. If the prerequisites check is successful, click Next. The following panel is displayed.

5. Select an installation directory, preferably not in c:\Program Files, and click Next. The following panel is displayed.

6. Review the installation summary and click Next. The following panel is displayed.

.

7. Check the "Launch IBM Update installer for WebSphere Software on exit" box. You will see the following panel:

8. Click Next. The following panel is displayed.

9. From the drop-down list select the path for the HTTP Server and click Next. The following panel is displayed.

10. Click Next. The following panel is displayed.

11. Select the path where you downloaded the fix packs, 7.0.0-WS-IHS-WinX64-FP0000011,pak and 7.0.0.0-WS-WASJavaSDK-WinX64-IFPM24384*, and click Next. The following panel is displayed.

12. Leave the box checked and click Next. The following panel is displayed.

13. Review the summary and click Next. The following panel is displayed.

14. Click the Relaunch button. The following panel is displayed.

15. From the drop-down list, select the path for the HTTP Server plug-ins and click Next. The following panel is displayed.

16. Select "Install maintenance package" and click Next. The following panel is displayed.

17. Select the path where you downloaded the fix packs, 7.0.0-WS-PLG-WinX64-FP0000011.pak, 7.0.0-WS-WASSDK-WinX64-FP0000011.pak, and 7.0.0.0-WS-WASJavaSDK-WinX64-IFPM24384*, and click Next. The following panel is displayed.

18. Click Next. The following panel is displayed.

19. Click Next. The following panel is displayed.

20. Click Finish. This ends the installation of WebSphere Application Server and IBM HTTP Server.

Installing DB2 Enterprise Edition V9.7 fix pack 2

1. Run v9.7fp2_ntx64_server.exe, to unzip the content. Go in the SERVER directory and run setup.exe. The following panel is displayed:

2. Click the Install a Product link. The following panel is displayed.

3. Click the Install New button. The following panel is displayed.

4. Click Next. The following panel is displayed.

5. Accept the license agreement and click Next. The following panel is displayed.

6. Select "Typical" and click Next. The following panel is displayed.

7. Select "Install DB2 Enterprise Server Edition on this computer" and click Next. The following panel is displayed.

8. Choose the installation directory and click Next. The following panel is displayed.

9. Choose a user name and a password, and click Next. The following panel is displayed.

10. Click Next. The following panel is displayed.

11. Leave the check box unselected (catalog not needed), and click Next. The following panel is displayed.

12. Leave the check box unselected (notifications not needed), and click Next.. The following panel is displayed.

13. We must enable OS security, so select the check box "Enable operating system security" and click Next. The following panel is displayed.
Note: In the screenshot, "Enable operating system security" is not selected. This is a mistake. We need this enabled to get the groups DB2ADMNS and DB2USERS created.

14. Review the setup and click Install. After a while, the following panel is displayed.

15. Click Finish.

Verify and apply DB2 licence

1. Ensure that you have DB2 license. To do this, check the licence status, using the following command:

2. Locate the DB2 licence file named db2ese_o.lic. Apply this file using the below command:

Installing Tivoli Directory Integrator V7.0 and fix pack 5

1. Unzip the file you have downloaded in a directory on your hard disk. Go into that directory and launch launchpad.exe. The following panel is displayed.

2. Select the language and click OK. The following panel is displayed.

3. Select the Install IBM Tivoli Directory Integrator option. The following panel is displayed.

4. Select the Tivoli Directory Integrator 7.0 Installer link. The following panel is displayed.

5. Click Next. The following panel is displayed.

7. Click Next again. The following panel is displayed.

8. Accept the license agreement and click Next. The following panel is displayed.

9. Choose the installation directory and click Next. The following panel is displayed.

10. Select "Typical" and click Next. The following panel is displayed.

11. Select "Do not specify -- use current working directory at startup time", and click Next. The following panel is displayed.

12. Leave the default values, and click Next. The following panel is displayed.

13. Leave the check box deselected and click Next. The following panel is displayed.

14. Review the setup and click Install. After a while, the following panel is displayed.

15. Click Finish.

Apply fix pack 5 to Tivoli Directory Integrator

1. Unzip the file "7.0.0-TIV-TDI-FP0005.zip." This creates a folder with the same name (in this example, we have unzipped in C:\). In this directory, locate the .jar file, "UpdateInstaller.jar".

2. Copy this file and paste it into the directory, C:\IBM\TDI\V7.0\maintenance, replacing the existing file with the same name.

3. Go in the directory, C:\IBM\TDI\V7.0\bin, and run the command, applyUpdates.bat -update C:\7.0.0-TIV-TDI-FP0005\TDI-7.0-FP0005.zip as follows:

Setting up federated repositories and application security

1. Make sure that the Deployment Manager is started.

2. Open the WebSphere Administration Console: http://dm.example.com:9060/ibm/console

3. Log in with the user you previously defined as administrator:

4. Expand the Security section and select Global security.

5. Click the Configure button:

6. Click the Add Base entry to Realm button:

7. Click the Add Repository button:

8. Type a name in the "Repository identifier" field, choose the Directory type, type the Primary host name, and then type the username and password of the Bind distinguished username. Use default values for the remaining fields.

9. At the bottom of the page, click Apply, and then at the beginning of the page click the Save link:

10. Fill the first field with the value of the base DN of the user container of your LDAP server. This changes, depending on the type of LDAP you have. In our example, we use Tivoli Directory Sever, so the value is dc=connections,dc=example,dc=com.

The second field defines the location in the LDAP directory information tree from which the LDAP search begins. The entries beneath it in the tree can also be accessed by the LDAP search. In our example, it is dc=connections,dc=example,dc=com.

When done click Apply, then Save:

11. Verify that the new base entry has been saved:

12. Click OK and then Save. Select the Enable administrative security and Enable application security options; do not enable Java 2 security. Click Apply and then Save.

13. Optional: If you want to set up SSO later, you need to do the following:

a) Expand the Security section and select Global security.
b) On the right-hand side, click the + sign near Web and SIP security.
c) Click Single sign-on (SSO).

14. Insert the Domain name, in our case example.com, and check the Interoperability Mode check box:

15. Log out from the administrative console. Stop and restart the Deployment Manager.

Add nodes to the Deployment Manager cell before installation

On both node1 and node2, do the following:

1. Start the Deployment Manager, if it is not already started
.
2. On each of the nodes you wish to add to the cell (and install Lotus Connections on), do the following :
a) Open a command prompt (terminal on Linux) and change directory to <AppServer

/profiles/AppSrv01/bin
b) Issue the command, addNode.bat(.sh) <DeploymentManagerHostName

<DM_SoapPort

-username <WAS Admin User

-password <WAS Admin Password>. For example, the command appears similar to:

addNode.bat dm.example.com 8879 -username wsadmin -password wsadmin

Installation and configuration instructions

Configure the database

Creating DB2 User
Before beginning to create the databases, we need to create a user on the operating system for DB2 named "lcuser", who is used as the owner of the databases when they are created.

1. On the database machine, open Computer Management. Expand System Tools > Local Users and Groups > Users. Right-click Users and select New User.

2. Enter the user and password details of lcuser. Be sure to unselect the "User must change password at next logon" option. Click Create when ready:

3. Once created, right-click the user, click Properties, and open the Member Of tab. The user "lcuser" must be added the group DB2USERS. Click the Add button and enter "DB2USERS" in the "Enter the object names to select" field as shown below. Click OK until you are back to the Computer Management panel. Now your computer is prepared for the Lotus Connections databases to be created:

Note: If the DB2USERS group is not found, extended security for DB2 on Windows might not be enabled. To enable this, you must stop the database, run the command, db2extsec.exe, and restart the database again. See the DB2 documentation for more information about Extended Windows security using DB2ADMNS and DB2USERS groups.

4. On Linux, do the following:

a) Log into the DB2 server as root user, and then type the following commands to create the user:

useradd lcuser
passwd lcuser

b) When prompted for a new password, enter it, and then confirm it.

Note: When using other databases, such as Oracle Database Server or Microsoft SQL Server, there is no need to create "lcuser" as above. Instead, when using the wizard to create the databases, you are prompted to provide a password for each of the databases.

Creating multiple instances
In this scenario, an instance is created to house each database. There are nine databases in total for Lotus Connections 3.0, meaning there will be nine DB2 instances running on the database machine.

Table 3 describes the instances and the databases that reside on those instances. The instance name column refers to the name that is given to each instance in this example. Note that an instance name cannot be longer than eight characters in DB2.

Table 3. Instances and their database information

DB2 instance name	Port listening on	Database name	LC3 applications that use database
act	50001	OPNACT	Activities
blogs	50002	BLOGS	Blogs
comm	50003	SNCOMM	Communities
dogear	50004	DOGEAR	Bookmarks
profiles	50005	PEOPLEDB	Profiles
home	50006	HOMEPAGE	Homepage, Search, News
wikis	50007	WIKIS	Wikis
files	50008	FILES	Files
forums	50009	FORUM	Forums

To create the nine instances of DB2 with the above names, follow these steps:

1. From a command prompt, create the instances. You are prompted for the db2admin user password for each command.

C:\IBM\SQLLIB\BIN\db2icrt act -s ese -u db2admin
C:\IBM\SQLLIB\BIN\db2icrt blogs -s ese -u db2admin
C:\IBM\SQLLIB\BIN\db2icrt comm -s ese -u db2admin
C:\IBM\SQLLIB\BIN\db2icrt dogear -s ese -u db2admin
C:\IBM\SQLLIB\BIN\db2icrt profiles -s ese -u db2admin
C:\IBM\SQLLIB\BIN\db2icrt home -s ese -u db2admin
C:\IBM\SQLLIB\BIN\db2icrt wikis -s ese -u db2admin
C:\IBM\SQLLIB\BIN\db2icrt files -s ese -u db2admin
C:\IBM\SQLLIB\BIN\db2icrt forums -s ese -u db2admin

2. To set the port number of the instance (as in table 3), use a text editor to add the following lines to the end of the C:\WINDOWS\system32\drivers\etc\services file:

db2c_ACT 50001/tcp
db2c_BLOGS 50002/tcp
db2c_COMM 50003/tcp
db2c_DOGEAR 50004/tcp
db2c_PROFILES 50005/tcp
db2c_HOME 50006/tcp
db2c_WIKIS 50007/tcp
db2c_FILES 50008/tcp
db2c_FORUMS 50009/tcp

3. Update the DB configuration for each instance, using the below commands on the DB2 Command Line Processor. Open C:\IBM\SQLLIB\BIN from the command line and run db2cmd.exe. This launches the db2 command line processor in a new window.

set DB2INSTANCE=ACT
db2 update database manager configuration using svcename db2c_act
db2set DB2COMM=npipe,tcpip
db2stop
db2start

set DB2INSTANCE=BLOGS
db2 update database manager configuration using svcename db2c_blogs
db2set DB2COMM=npipe,tcpip
db2stop
db2start

set DB2INSTANCE=COMM
db2 update database manager configuration using svcename db2c_comm
db2set DB2COMM=npipe,tcpip
db2stop
db2start

set DB2INSTANCE=DOGEAR
db2 update database manager configuration using svcename db2c_dogear
db2set DB2COMM=npipe,tcpip
db2stop
db2start

set DB2INSTANCE=PROFILES
db2 update database manager configuration using svcename db2c_profiles
db2set DB2COMM=npipe,tcpip
db2stop
db2start

set DB2INSTANCE=HOME
db2 update database manager configuration using svcename db2c_home
db2set DB2COMM=npipe,tcpip
db2stop
db2start

set DB2INSTANCE=WIKIS
db2 update database manager configuration using svcename db2c_wikis
db2set DB2COMM=npipe,tcpip
db2stop
db2start

set DB2INSTANCE=FILES
db2 update database manager configuration using svcename db2c_files
db2set DB2COMM=npipe,tcpip
db2stop
db2start

set DB2INSTANCE=FORUMS
db2 update database manager configuration using svcename db2c_forums
db2set DB2COMM=npipe,tcpip
db2stop
db2start

4. Ensure your firewall will allow the new instances of DB2 to communicate through the listening ports assigned above.

5. Restart the database machine.

Creating the databases

Note that in this scenario, database creation and population is achieved via the manual scripts. To see the wizards in action, refer to the View Scenario 1 article, which details this method.

1. To create the databases, extract the wizards (or just the connections.sql folder) to a location, such as C:\Software\Wizards on db.example.com. All the necessary scripts to create the databases are located in the connections.sql folder. The scripts for the various applications can be found via the folder structure /, for example, activities\db2 or blogs\oracle.

2. Table 4 describes the scripts needed to be run against each database instance to create the relevant tables. Note that the commands below assume that you run the scripts from the location where the connections.sql folder exists. Ensure that the correct database instance is selected and started before running these commands. To verify that the correct DB2 instance is selected, use the command "SET DB2INSTANCE=", and use the command "DB2START" to start the instance if it is stopped.

Table 4. Scripts to run for each database instance

Database instance	Commands required
ACT	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\activities\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\activities\db2\appGrants.sql
BLOGS	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\blogs\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\blogs\db2\appGrants.sql
COMM	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\communities\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\communities\db2\appGrants.sql
DOGEAR	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\dogear\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\dogear\db2\appGrants.sql
PROFILES	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -tvf connections.sql\profiles\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -tvf connections.sql\profiles\db2\appGrants.sql
HOME	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -tvf connections.sql\homepage\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -tvf connections.sql\homepage\db2\appGrants.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -tvf connections.sql\homepage\db2\initData.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -tvf connections.sql\homepage\db2\reorg.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -tvf connections.sql\homepage\db2\updateStats.sql
WIKIS	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\wikis\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\wikis\db2\appGrants.sql
FILES	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\files\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\files\db2\appGrants.sql
FORUMS	C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\forum\db2\createDb.sql C:\IBM\SQLLIB\bin\db2cmd -c -w -i db2 -td@ -vf connections.sql\forum\db2\appGrants.sql

Populating the Profiles database manually

The following example assumes a default Profiles population; that is, no additional scripts or customizable fields are populated. To fully understand this topic and the customization possible, follow these links:

https://idoc2.swg.usma.ibm.com/connections/topic/com.ibm.lotus.connections.doc_2.5.1/t_prof_tdi_mapfields.html
and
https://idoc2.swg.usma.ibm.com/connections/topic/com.ibm.lotus.connections.doc_2.5.1/t_prof_tdi_mapfields.html

Manual population
1. Open profiles_tdi.properties (located at C:\Software\Wizards\TDIPopulation\TDISOL\win), and ensure the following values are set:

source_ldap_url=ldap://ldap.example.com:389
source_ldap_user_login=cn=root
{protect}-source_ldap_user_password=password
source_ldap_search_base=dc=connections,dc=example,dc=com
source_ldap_search_filter=(&(uid=*)(objectclass=inetOrgPerson))
source_ldap_use_ssl=false
dbrepos_jdbc_url=jdbc:db2://db.example.com:50005/peopledb
dbrepos_jdbc_driver=com.ibm.db2.jcc.DB2Driver
dbrepos_username=lcuser
{protect}-dbrepos_password=password

Oracle database only:

dbrepos_jdbc_url=jdbc:oracle:thin:@db.example.com:1521:PEOPLEDB
dbrepos_jdbc_driver=oracle.jdbc.driver.OracleDriver
dbrepos_jdbc_driver=oracle.jdbc.pool.OracleConnectionPoolDataSource

Microsoft SQL Server only:

dbrepos_jdbc_url=jdbc:sqlserver://db.example.com:1433;DatabaseName=PEOPLEDB
dbrepos_jdbc_driver=com.microsoft.sqlserver.jdbc.SQLServerDriver

Additional properties can be provided as required. Review the Mapping fields manually topic in the product documentation for more information on how to do this.

2. Run the following script to create the file containing the distinguished names (DNs) to be processed from the source LDAP directory:

collect_dns.bat (.sh)

This command creates a file named collect.dns that contains all the DNs collected. This script also creates a log file named ibmdi.log in the logs folder. Check this file to ensure that no errors are reported. The following file is a sample of how this log should look:

(See attached file: ibmdi.log)

3. To begin the population into the database, run the following script:

populate_from_dn_file.bat (.sh)

The successful output appears similar to the following. In this example only 70 users are populated. For scenarios in which there are many thousands of records to populate, this script will print a line every one thousand users to allow you to keep track of its progress.

3. There are a number of optional fields for population that are not discussed in detail in this document. Options that include details on these population tasks should be referenced in the Lotus Connections 3.0 Product Documentation topic on Manually Populating the Profiles Database:

Mark Managers
Fill Country
Fill Department
Employee Type
Organization Codes
Work Locations Codes

Installing Lotus Connections 3.0

Before beginning the installation

Before beginning the installation, take note of the following points:

Rational Installation Manager. Lotus Connections 3.0 uses the Rational Installation Manager to provide an enhanced installation experience. Before beginning the installation, you should uninstall any previous versions of Rational Installation Manager since you are prompted to install this when you launch the Lotus Connections 3.0 Installer.

Deployment Manager and nodes. Remember to start the Deployment Manager before launching the installation wizard. Node agents should also be started so that re-synchronization is possible between the Deployment Manager and nodes, when required.

Linux / AIX issues. If installing Lotus Connections 3.0 on Linux as a non-root user, refer to the Installing as a non-root user in the product documentation. On AIX environments, GNU Tar is required to untar the installation packages. GNU Tar can be downloaded from http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/alpha.html.

DB2. Before beginning to install Lotus Connections 3.0, you must copy the JDBC driver from the DB2 server, db.example.com, to a local directory on the Deployment Manager and both nodes. The same local directory must be used on dm.example, node1.example.com, and node2.example.com. That directory is named C:\IBM\JDBC_Drivers. These drivers are used by Lotus Connections to connect to the database.

On the DB2 machine, these drivers are located in C:\IBM\SQLIB\java. The names of the drivers required are db2jcc.jar and db2jcc_licence_cu.jar.

Note that for different databases, different JDBC drivers are required. The table below describes which drivers are required for which database. No matter which database is used, these drivers must be copied to this location on the machine hosting Lotus Connections 3.0:

Database Type	JDBC Driver Name
Oracle	ojdbc6.jar
MS SQL Server	sqljdbc4.jar

Shared Data folder. For a networked, multi-node configuration, there must be a shared space between the Deployment Manager and nodes. This space is used as a data store for Lotus Connections. This shared space can be a shared network folder on Windows or Linux, or be part of a Storage Area Network (SAN) in large deployments. In this scenario, the directory C:\IBM\LotusConnections\data\shared on dm.example.com is shared between both nodes.

To share the folder, follow these steps:

1. Open the folder C:\IBM on the Deployment Manager, open the properties of this folder, and switch to the Sharing tab.

2. Click the Share button.

3. The folder will then be shared along with all its subdirectories.

The folder is now shared; however, any clients wanting to connect to this client must authenticate with this machine.

4.Map the shared folder to both node machines. If the credentials are different on the node machine and the Deployment Manager, select the "Connect using different credentials" check box. Be sure to check the "Reconnect at logon" check box.

Post installation, the Lotus Connections data folder will be created and can be accessed at this location on each node:

Installation

Unzip the Lotus Connections installation files to a directory on dm.example.com and run launchpad.exe to begin the installation.

Click the Install Lotus Connections 3.0 link from the side panel above.

The above panel explains more about Rational Installation Manager and includes a very important note about starting the Deployment Manager before beginning the installation. See the Starting and Stopping Lotus Connection section to find out how to start the Deployment Manager. After the Deployment Manager is started, from the above panel select the "Launch the Lotus Connections 3.0 install wizard" option. The following installer is displayed.

Select to install both the installation manager and Lotus Connections 3.0 . Click Next to continue.

Accept the license agreement and click Next to continue.

Select the location to install Rational Installation Manager and the shared resources directory. Use the above locations for ease of use and then click Next to proceed.

A new package group will be created for Lotus Connections. Select the install directory as above and click Next to proceed.

To install all Lotus Connections components, ensure that all check boxes are selected and click Next to proceed.

On the above panel, click Browse to point the installer to the location of WebSphere Application Server:

Select the appropriate location as above, and click OK.

Fill in the hostname, dm.example.com and the Deployment Manager administrator and password. If you plan to deploy your configuration with a third-party security suite, such as Tivoli Access Manager, SiteMinder or SPNEGO, it is very important that the administrative user specified be both on the LDAP and a Deployment Manager administrator. Click Validate to verify these settings before proceeding.

After validation is successful, click the Next button to proceed.

Select the Medium Deployment topology as above and select "Same nodes selection for all clusters" to ensure that all applications are installed on both nodes in each cluster. Click Next to continue.

In this instance, each database is on its own instance. Therefore, check the No option at the top of the panel. Select DB2 and as the database type, and provide the location to the JDBC drivers. For each database, the next step is to provide the hostname of the database server, the port numbers that each database can be found under, and the password to access the database. These values are the same as in the table describing the database topology when setting up DB2. Note that these ports may differ slightly from configuration to configuration. Click Validate to ensure all the inputs are correct.

The above validation successful message is displayed. If you do not receive this message, review the database information to ensure it is correct and ensure the database instances are all started. Click Next to proceed.

Provide the location of the local and shared data stores as above. Note that the shared content store must be specified using the Windows UNC directory format . The location \\dm.example.com\IBM\LotusConnections\data\shared is available to all nodes and is the same physical space, Click Validate to verify these settings and then click Next to proceed.

On this panel, enable your Lotus Connections deployment for mail notifications. To do so, enter the DNS MX records information as above. Depending on your configuration, you may need to provide additional information in the other fields. Click Next to continue.

Review the summary panel and click Install to begin the installation.

The above progress bar will keep you informed as to the installation's progress. Once complete the below summary panel will be presented. All packages should be installed successfully as below:

Click Finish to complete the installation of Lotus Connections. There are a number of post installation tasks which must be attended to. Before proceeding to these tasks, it is necessary to restart the Deployment Manager for installation changes to take effect. After the Deployment Manager is restarted, move onto these steps.

Configuring the HTTP Server

Before beginning this task, ensure that the IBM HTTP Administration server is started. The administration server must be started to synchronize configuration files between the HTTP Server and the Deployment Manager. If it is not started, select Start > Programs > IBM HTTP Server V7.0 > Start Admin Server.

Linux/AIX note: Start the administration server on these platforms using the terminal. Navigate to HTTPServer/bin directory and issue the command "./adminctl start".

Add Web Server as unmanaged node

After the administration server is started, open the Deployment Manager and add the Web server to the cell as an unmanaged node. Open the WebSphere Administration Console at https://connections.example.com:9043/admin.

Go to System Administration - Nodes and click the Add Node button.

Select the unmanaged node option and click Next.

Provide a name and hostname of the HTTP server and click OK.

Click Save.

On the nodes panel, the Web server is displayed in the list.

Add Web server as a server

Next, add the Web server as a server in the configuration. To do this, do the following:

From Servers - Server Types - Web Servers click the New button.

Select the webserver node and provide the name of this server "webserver1." This is the same name that is provided during the plug-ins installation on the webserver. Click Next to continue.

The IHS option is selected, click Next.

Provide all of the webserver details as above and click Next.

Confirm the new web server and click Finish.

Save this change. Before proceeding, do a full synchronize between nodes in the deployment.

Return to Servers - Server Types - Web Servers. Generate and propagate the plug-in file to the webserver.

To do so, select the check box beside webserver1 and click the Generate Plug-in button.

Select the check box again and click Propagate Plug-in.

Click on webserver1 and open the Plug-in properties link.

From the repository copy of web server plug-in files section, click the Copy to Web server key store directory button.

The following message is displayed to indicate the successful copying of these keys. Once again, restart the webserver for the plug-in changes to take effect.

Configuring IBM HTTP Server for SSL

To support SSL, create a self-signed certificate and then configure IBM HTTP Server for SSL traffic. If you use this certificate in production, users might receiver warning messages from their browsers. In a typical production deployment, you would use a certificate from a trusted certificate authority.

The first step is to create a key file. Start the IKEYMAN utility by double clicking the file ikeyman.bat from C:\IBM\HTTPServer\bin (or ikeyman.sh from /opt/IBM/HTTPServer/bin on a Linux\AIX system).

The above panel is displayed when you launch this utility.

Select Key Database File - New...

Ensure the key database type is selected as CMS. Input a name for the key file and location to store it.

Enter a password and select the Stash password to a file option.

You are returned to the IKEYMAN panel with the webserver-key.kdb opened.

Now create a self-signed certificate using Create > New Self-Signed Certificate.

Input the label and other details as appropriate above. Click OK to save the certificate.

The certificate now appears in the key file, as above.

Stop the IBM HTTP Server, if started. Once verified as stopped, log in to the WebSphere Administration Console and configure the webserver for SSL.

From the Web servers panel, select the webserver1 link.

Click the configuration file option to open the httpd.conf from the WebSphere Administration Console.

The httpd.conf opens in the browser as shown above. At the bottom of the configuration, add the following lines to the http.conf file:

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

<IfModule mod_ibm_ssl.c>

Listen 0.0.0.0:443

<VirtualHost *:443>

ServerName connections.example.com

SSLEnable

</VirtualHost>

</IfModule>

SSLDisable

Keyfile "C:\IBM\Keyfiles\webserver-key.kdb"

SSLStashFile "C:\IBM\Keyfiles\webserver-key.sth"

Scroll to the bottom of the configuration file. At the end of the httpd.conf, add the above lines to load the SSL module using the newly-created key file.

Click OK to save this change.

Next, start the IBM HTTP Server. To verify that the SSL settings took effect correctly. type https://connections.example.com into a browser. If the IBM HTTP Server page appears over https, then this step was successful. Note that you may need to accept the certificate to your browser as it is not signed.

Adding Certificates to the WebSphere Trust Store

On the WebSphere Administration Console go to Security > SSL Certificate and Key Management.

Click CellDefaultTrustStore as shown in the panel above.

From within CellDefaultTrustStore, click the Signer Certificates link from the right hand side.

To add the webservers signer to the trust store, click the Retrieve from Port button.

Enter the hostname of the webserver and its SSL port (typically 443). Then click the Retrieve Signer Information button, which retrieves the information shown at the bottom of the screenshot. Provide an alias for this signer certificate and click OK to add this certificate to the list of signers.

Save this change and restart the HTTP server to apply the changes.

Update Web addresses used by Lotus Connections to access content

Using the wsadmin client, check out the LotusConnections-config.xml to a temporary directory. From this directory, this file must be edited so that all href and ssl_href values are updated to reflect the hostname of the HTTP Server and do not include any port numbers.

An example of this is as follows:

Convert the original values below of the href's ssl_href's from their default values above to their new values. In this case, all that is done is to drop the port numbers 9081 and 9044 from these URLs.

Repeat this process for all href and ssl_hrefs that are currently set to dm.example.com: . After this process is complete, save the file and check the file back in using the wsadmin client. After the file is checked back in, resynchronize the node so that this change is pushed out.

This completes the webserver, SSL, and certificate configuration for this scenario. Now, when the application is started it can be accessed at http://connections.example.com/<component

, where <component

represents any of the Connections applications.

The commands to do all of the above are shown below (the above updates take place after the check out command):

The below list provides the above commands in a test format so that they can be copied and used again in your own deployment:

1: wsadmin.bat -lang jython -username wasadmin -password wasadmin -port 8879

2: execfile("C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\bin_lc_admin\connectionsConfig.py")

3: LCConfigService.checkOutConfig("C:/temp","connectionsCell01")

<Make changes to the checked out file>

4: LCConfigService.checkInConfig()

5: synchAllNodes()

Configuring application administrators and configuring Blogs

After Lotus Connections 3.0 is installed, it is necessary to configure the blogs landing page. To do so, follow these two steps:

1. Assigning administrative access to a blogs user.
2. Creating the blogs home page.

You might also want to give administrative access to particular users for other applications, such as home page, so that widgets can be enabled/disabled and determine who can read server metrics and statistics. The following example shows how to add an administrator to the blogs application, but the same process is followed to add administrators to the other applications.

Before beginning this task, ensure to start Lotus Connections. For instructions, refer to the Starting and Stopping Lotus Connections section. After the deployment is started, verify that you can login successfully to all components. It is a good idea to check the logs to ensure there are no errors occurring during the startup and verification.

Adding an Administrator to Blogs

1. Log in to the WebSphere Administration Console on dm.example.com at http://dm.example.com:9060/admin.
2. Go to Applications - Application Types Web - WebSphere Enterprise Applications and click the Blogs link as shown.

From the list of options for this application, select "Security role to user/group mapping."

From the following panel, it is possible to map users and groups to different roles. In this example, there is no user assigned as admin. Select the check box beside admin and then select Map Users...

Input the username into the search string and click Search. When the required user is found, select their name and click the right arrow to assign this user to the role specified.

Click the OK button below to return to the user - role mapping panel:

Now the user 'jcollins' is assigned as an administrator in Blogs. Click OK to save this change.

Save the change by clicking Save as shown.

Now we have assigned an admin user in blogs. Follow the same procedure to map groups or users to different roles in the various applications, such as admin or moderator where appropriate. It is not required to restart the servers for this change to take effect. However it may take a few minutes for the change to take effect across the node(s) in the deployment.

Creating the Blogs Homepage

Near the top-center of the page, there is now an Administration tab. Click New Blog Creation Page to create the new blog home page.

At the above page make note of the blog address, in this case 'home', and the theme must be set to Blogs Home page. Click Save to create the blog.

The above message is displayed. Click the Administration tab.

Input the blog URL (home), into the above field as shown. Click Save to make this change.

After the change is successful, log out of blogs.

You will notice that if you navigate to connections.example.com/blogs, the above page is shown.

Linux\AIX only: Setting path variables for Search

This section relates to Linux or AIX deployments only and is included to show the differences between a Windows configuration and AIX/Linux configuration. Do not follow steps in this section if your system is based on Windows.

This task needs to be performed on the nodes where the search component is running. In this scenario, these are node1.example.com and node2.example.com (if they were AIX/Linux systems). You must also perform this task if an additional node is added at a future time containing the search component.

On each node, do the following:

On the shared network space between the nodes and Deployment Manager, find the folder search/stellant/dcs/oiexport. Copy this directory from this location to the local data folder both nodes. This location should be identical on each node (for example, /opt/IBM/LCLocalData/search/stellant/dcs/oiexport, or whatever directory was specified during installation for the local data store).

Log onto the WebSphere Administration Console and go to Environment - WebSphere variables. Find the variable named FILE_CONTENT_CONVERSATION and edit this variable so that it points to the exporter file, which is contained within the oiexport folder. This was copied to the local directory, shown below to '/opt/IBM/LCLocalData/search/stellant/dcs/oiexport/exporter':

Next, make a backup of 'setupCmdLine.sh' on each node. This file is found in /opt/IBM/WebSphere/AppServer/bin.

Open setupCmdLine.sh with a text editor and add the following line to the end of this file on each node:

export PATH=$PATH:/opt/IBM/LCLocalData/search/stellant/dcs/oiexport

Finally, depending on your operating system, also add the following to this file:

AIX Only: export LIBPATH=$LIBPATH:/opt/IBM/LCLocalData/search/stellant/dcs/oiexport

Linux Only: export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/IBM/LCLocalData/search/stellant/dcs/oiexport

To complete this process, save this file and restart all WebSphere Application Server processes on each node.

Starting & Stopping Lotus Connections

To completely start or stop the system, follow these steps. It is assumed that the LDAP is active throughout.

WebSphere Application Server

To start/stop these services, use the command prompt or shell in Linux. From the prompt, issue the following commands.

Deployment Manager Start\Stop:
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\startManager.bat
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\stopManager.bat -username wasadmin -password wasadmin

Node Agent Start\Stop:
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\stopNode.bat -username wasadmin -password wasadmin
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startNode.bat

Web Server

Ensure the IHS administrator server is started and click Start > All Programs > IBM HTTP Server V7.0 > Start Admin Server.

From the WebSphere Administration Console, select Servers - Server Types - Web Servers. Select the check box beside webserver1 and click Start or Stop as required.

Database
To start/stop these services, use the command prompt or shell in Linux. From the prompt issue, the following commands:

To set the instance to the correct name, use the following command:
SET DB2INSTANCE=
Where is the name of the instance. In this scenario, we have eight database instances so this process must be repeated for each instance. Note that in a Linux environment you have to login as the database user for each instance to issue the db2stop / db2start commands.

Use either of the below commands to start or stop DB2:
DB2START
DB2STOP

Here is an example of this for one instance in a Windows environment:

set DB2INSTANCE=ACT

db2stop

db2start

Lotus Connections
From the WebSphere Administration Console. select Servers - Clusters - WebSphere Application Server Clusters. Select the check box beside the cluster you want to start (in this case, LCCluster1) and click Start or Stop as required.

After the cluster is started, view the logs on both nodes to verify that there are no problems. These logs are located in C:\IBM\WebSphere\profiles\AppSrv01\logs\LCCluster1_server1\SystemOut.log and C:\IBM\WebSphere\profiles\AppSrv01\logs\LCCluster1_server2\SystemOut.log respectively.

Backing up your Lotus Connections Deployment

To take a back up of your Lotus Connections deployment, refer to Backing up Lotus Connections 3.0 in the product documentation. It is recommended to back up your deployment after a successful installation and to back up your Lotus Connections data on a regular basis.

Taking a backup involves backing up WebSphere profiles, profileRegistry.xml and your Lotus Connections install directory. You also need to back up databases and data stores along with any customization files. Carefully review the product documentation instructions.

Tuning and Optimizing Lotus Connections 3.0

With the exception of the next section (enabling fast downloads for files and wikis), use the remaining topics in this section as an initial guide to optimize performance. It contains recommendations based on settings used within the System Verification Test (SVT) team during the Lotus Connections 3.0 testing phase. There are many possible tweaks and modifications that can be made on WebSphere Application Server to tune the configuration for optimal performance depending on your requirements. For further information, consult the Lotus Connections 3.0 tuning articles available on the Lotus Connections Wiki.

Enabling Fast Downloads for Files and Wikis

You can download files from the Files and Wikis applications much more efficient by configuring an IBM® HTTP Server to handle most of the download instead of the WebSphere® Application Server. It is strongly recommended that you configure production deployments this way. In the default deployment with an IBM HTTP Server, file download requests are passed from the IBM HTTP Server to the WebSphere Application Server. The WebSphere Application Server accesses the binary files in a data directory on the file system and returns them to the IBM HTTP Server, which passes them to the browser.

This is inefficient in deployments where large numbers of users are downloading files, partly because WebSphere Application Server has a limited thread pool that is tuned for short-lived transactions, and optimized for J2EE applications and not file downloads. In this environment, it is possible that you would need to create a cluster to handle downloads, especially if you have slow transfer rates (for example, caused by people in different geographies downloading 2MB at 2KB per second). This would cause problems, such as making it impractical to properly tune the thread pool.

Configuring the IBM HTTP Server to download the binary files instead makes downloading far more efficient, since IBM HTTP Server is designed specifically for serving files. This leaves WebSphere Application Server to perform tasks, such as security checking and cache validation, while leaving downloading to the IBM HTTP Server. To configure this environment, you must install an add-on module to the IBM HTTP Server. As in typical deployments, download requests are passed from the IBM HTTP Server to the WebSphere Application Server. However, instead of responding with the binary data, the WebSphere Application Server only adds a special header to its response. The add-on module recognizes the header and directs the IBM HTTP Server to download the binary data.

This configuration requires making the Files and Wikis data directories available to the IBM HTTP Server using an alias. This creates a security concern, so you must configure the access control at the IBM HTTP Server level. After you configure security, access to the Files and Wikis data directories is denied unless a specific environment variable is set. Requests to the Files and Wikis applications on WebSphere Application Server are then configured to set the variable. In other words, only requests passing through WebSphere Application Server are able to access the data directory, with WebSphere Application Server acting as the authorizer.

Do the following to enable fast file downloads for Wikis and Files. It is highly recommended that you review the product documentation for additional information on this step where non defaults are used in the config for application context roots, or where proxies may be involved in the system.

1. On the Deployment Manager machine, navigate to C:\IBM\LotusConnections\plugins\ihs\mod_ibm_local_redirect\win_ia32-ap22 directory to find the module file named mod_ibm_local_redirect.so. This is the correct module to use with IBM HTTP Server V7.0 in Windows environments. Modules for other environments can be found if you navigate up a directory to the mod_ibm_local_redirect folder. HTTP Server V7.0 uses the modules ending in ap22. Copy this file from this location to C:\IBM\HTTPServer\modules.

2. Open the IBM HTTP Server httpd.conf file from C:\IBM\HTTPServer\conf directory and add the following statements:

LoadModule ibm_local_redirect_module modules/mod_ibm_local_redirect.so

LoadModule env_module modules/mod_env.so

Note: By default, the mod_env module is installed in the /modules directory. It may already be loaded, or it may be a commented-out line that you can remove comments from to load.
3. Give the IBM HTTP Server READ access to the data directory root. For optimal security, do not give the user WRITE access. The path in this instance is Z:\IBM\LotusConnections\data\shared.
4. On all virtual hosts in the same domain as Files or Wikis, including both HTTP and HTTPS, do the following to expose the data directory root. Open the httpd.conf and add the following, explanations of each section are found after the comments (##) before each section.

##Add the following to create the alias for these directories.

## Do not use the application context root here (/wikis or /files by default). Use any other alias. Do not use quotes around paths on Linux operating systems.

Alias /downloadfiles "Z:\IBM\LotusConnections\data\shared\files\upload\"

Alias /downloadwikis "Z:\IBM\LotusConnections\data\shared\wikis\upload\"

##Add the following lines to make the aliases more secure. This secures the data by only allowing requests where REDIRECT_FILES_CONTENT or REDIRECT_WIKIS_CONTENT is specified.

<Directory "Z:\IBM\LotusConnections\data\shared\files\upload\">

Order Deny,Allow

Deny from all

Allow from env=REDIRECT_FILES_CONTENT

</Directory>

<Directory "Z:\IBM\LotusConnections\data\shared\wikis\upload\">

Order Deny,Allow

Deny from all

Allow from env=REDIRECT_WIKIS_CONTENT

</Directory>

## Add the following lines to enable the module for files and wikis

<Location /files>

IBMLocalRedirect On

IBMLocalRedirectKeepHeaders X-LConn-Auth,Cache-Control,Content-Type,Content-Disposition,Last-Modified,ETag,Content-Language,Set-Cookie

SetEnv FILES_CONTENT true

</Location>

<Location /wikis>

IBMLocalRedirect On

IBMLocalRedirectKeepHeadErs X-LConn-Auth,Cache-Control,Content-Type,Content-Disposition,Last-Modified,ETag,Content-Language,Set-Cookie

SetEnv WIKIS_CONTENT true

</Location>

5. Do the following to test that the IBM HTTP Server is configured properly and securely:

Restart the IBM HTTP Server. Make sure it loads properly and there are no log errors about loading modules or configuration. If there are problems, make sure the load module and configuration directives do not contain typos.
Try to access the alias directory directly at http/https:/ and make sure you are denied permission. If you can access the directory, make sure that the Order Deny, Allow; Deny from All; Allow from env are all there.
Access the application and download a file to make sure it functions. The module is not yet enabled.

1. Check out the files-config.xml or wikis-config.xml file and make the following changes to both specifying /downloadfiles and /downloadwikis as appropriate:

<download>

<modIBMLocalRedirect enabled="true" hrefPathPrefix="/downloadfiles" />

</download>

2. Restart Files or Wikis.
3. Download a file to make sure it works.
4. Do the following to test whether the IBM HTTP Server is downloading the files, make the following changes to the httpd.conf, save the file and restart the webserver. Now when you attempt to download a file, you will be denied as the below states not to allow anyone access this content. Ensure to remove this change and restart the webserver when this test is completed to reallow the downloading of files.

<Directory "Z:\IBM\LotusConnections\data\shared\files\upload\">

Order Deny,Allow

Deny from all

#Allow from env=REDIRECT_FILES_CONTENT

</Directory>

<Directory "Z:\IBM\LotusConnections\data\shared\wikis\upload\">

Order Deny,Allow

Deny from all

# Allow from env=REDIRECT_WIKIS_CONTENT

</Directory>

Tuning the JVM Heap Sizes

Note that the following JVM tuning is only compatible with a 64 bit operating system as described in this scenario. In non-64 bit environments please consult the Lotus Connections tuning guide.

This section contains the recommended values for JVM sizes for servers hosting each application. When increasing the heap size, it is a good idea to monitor overall memory consumption to ensure that your system can provide the necessary memory allocations without excessive paging.

Applications	Servers	Initial Heap Size (MB)	Maximum Heap Size (MB)
Activities, Communities, Profiles, Forums	LCCluster1_server1 LCCluster1_server2	512	2048
Blogs, Bookmarks, Wikis, Files	LCCluster2_server1 LCCluster2_server2	512	2048
Search, News, Homepage, Mobile	LCInfraCluster_server1 LCInfraCluster_server2	768	3072

In this scenario, the node machines have 12GB to facilitate the total possible maximum JVM overhead of just under 7.5GB, which leaves 4GB available for the operating system and possible tweaks to the maximum heap sizes in the future based on the systems performance over time.

Here is how to set this value for one server (activitiesCluster_server1). Repeat this process for each subsequent server. Open the Deployment Manager and navigate to Server Types -> WebSphere application servers. Click the link for the server you want to modify (activitiesCluster_server1).

Find the Server Infrastructure section and click Process definition.

Click the Java Virtual Machine link as shown.

Input the initial heap and maximum heap size for this server as per the table above.

Click OK and Save this change. Repeat this process for all the servers to be updated.

Tuning Connection pool size for each data source

Tuning each connection pool is an important step to ensure optimal response times. An improperly tuned environment might mean unnecessary time spent waiting for a free connection. Setting the pool sizes large enough eliminates this risk, but it is also important to respect the overall system resources on the application server by not setting this value higher than necessary for the expected peak workloads. Increasing the default value of 10 connections to 75 is a safe assumption for any size of deployment and should not have a negative impact on overall system resources.

Tuning to higher values, such actions, might be needed to support maximum load for some of the components in a large deployment. However, as you tune these values higher, keep an eye on overall memory consumption to ensure that your system is able to provide the necessary memory allocations without excessive paging.

Set the maximum number of connections for each data pool to 75. To edit the maximum connection pool properties repeat the below process for each data source.

On the WebSphere Administration Console select JDBC - Data sources.

Now select the data source that you want to edit (in this example, activities).

Now select the Connection pool properties link.

Set the Maximum connections dialog to the value required as shown.

Click OK and Save the changes.

Integration

In this scenario, Lotus Connections is integrated with other IBM products. These products are IBM Lotus Sametime and IBM Lotus Quickr Domino. The integration between Sametime and Connections is via Sametime awareness, which appears on users profile or business card if they are logged into their Sametime client while using Lotus Connections 3.0. Integration with Quickr Domino allows the publishing of files from activities to Quickr places and the integration of Quickr Places with Communities. From the Quickr side, users can leverage the Lotus Connections business card. The following section explains this integration in detail. It is assumed that Sametime Community Server 8.5 and Lotus Domino Quickr 8.5 are already configured.

Enabling Sametime Awareness with Sametime 8.5

To enable Sametime awareness with Sametime 8.5, do the following:

1. Check out the profiles-config.xml file to a temporary location using the wsadmin client. Connect to the client using the command:

C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\wsadmin.bat -lang jython -username wasadmin -password wasadmin -port 8879

2. Execute the following commands to check out the profiles-config.xml to the C:\temp directory:

execfile("profilesAdmin.py")

ProfilesConfigService.checkOutConfig("C:\temp","dmCell01")

3. Find the element, and then set the enabled attribute equal to true, specify web addresses for the href and ssl_href attributes, and specify which input type should be used for identifying the person: an email address or a user ID. For example:

<sametimeAwareness enabled="true" href="http://localhost:59449/stwebapi" ssl_href="https://localhost:59669/stwebapi" sametimeInputType="email" />

If Lotus Connections is configured to hide email addresses, define the user ID as the input type by setting the sametimeInputType attribute equal to 'uid'.
4. Check in the file using the wsadmin command:

ProfilesConfigService.checkInConfig()

5. Resynch the nodes with the Deployment Manager and restart the profiles application.
6. Refer to the following link http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Adding_Sametime_awareness_though_the_Sametime_client_lc3">http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Adding_Sametime_awareness_though_the_Sametime_client_lc3

for more information on enabling Sametime awareness.

Integration with Quickr Domino 8.5

The following integration points exist between Connections 3.0 and Quickr Domino 8.5:

Single Sign On Between Products (SSO).
Publishing File Attachments from Activities to Quickr Places.
Association of Quickr Teamspaces and Wikis as part of a Lotus Connections Community. This is achieved via the Lotus Connections Connector for Lotus Quickr.
Enable the business card from the Quickr Domino server so that users can pull profile information directly from Connections while navigating on Quickr UI.

It is optional as to how many of these integration points are actually enabled. In this configuration all of the above are enabled and explained in detail.

Enabling SSO between Lotus Connections and Quickr

SSO allows users to log into Connections or Quickr one time and not be prompted for credentials again for the duration of their session on either product. SSO is achieved via the use of a WebSphere LTPA token, which is shared with the Quickr server. To support SSO, there are a number of other conditions which need to be met, such as a shared LDAP, LDAP Realm and SSO domain. System clocks must also be in synch between the servers in the configuration or else the SSO may not work correctly.

1. On the WebSphere Administration Console, enable the LDAP realm via Security - Global Security - Federated repositories and input the realm in the Realm Name field. It is recommended that the realm name follow the format <LDAP_Hostname

:<LDAP_Port

, in this case "ldap.example.com:389." Click OK and save this change.

2. From the Security - Global Security panel, expand the Web and SIP Security option on the right-hand side and click the Single sign-on (SSO) link below:

3. From within this panel, select the Enabled and Interoperability Mode check boxes as well as input the Domain name. Click OK and save this change.

4. To export an LTPA token, at the Security - Global Security panel, click the LTPA link.

5. Input a password of your choosing for the LTPA keys being exported and specify a location to export this key. Click the OK button to export the keys.

6. Once this key is exported, copy it to your Quickr Domino machine and import it to the Quickr Domino configuration via the Domino Administrator console. It is also important to set the correct realm on the Domino configuration. This aspect of the configuration is outside of the scope of this guide. Please refer to the Lotus Quickr Wiki for more information on how to do this on the Domino part of the configuration.

The above steps prepare the Lotus Connections part of the configuration. After the steps to import the LTPA server to the Domino configuration are complete, synchronize the nodes in the configuration and restart Lotus Connections and Lotus Quickr. When the configuration comes back online, SSO is enabled. To verify this, open a clean browser and log into Lotus Connections. After you have logged in, type the URL of the Domino Quickr server into the address bar. When the page loads, you should still be logged into Lotus Quickr without being prompted for credentials. Repeat this test from the opposite perspective, starting with Lotus Quickr to verify that SSO is working in both directions. Once SSO is working, proceed to the next steps.

Enabling the Connections business card in Quickr Domino

Enable the business card on the Quickr Domino server by making the following change to the qp-config.xml, located in the following sample location - C:\IBM\Lotus\Domino\data.

Open this file with a text editor and search for a section in this file named "profile_server." After the sample information, add the following lines to the file:

 <profile_server>

<server_name>

connections.example.com

</server_name>

<semantic_tag_service_location>

/profiles/ibm_semanticTagServlet/javascript/semanticTagService.js

</semantic_tag_service_location>

<javelin_tag_location>

/profiles/html/personTag?template=personTag.jsp

</javelin_tag_location>

</profile_server>

Save the file and restart your Lotus Quickr Domino server for this change to take effect. Once restarted, you can now hover over username in Quickr Domino and the option to show the business card will appear in a similar fashion to that of Connections.

Note: There is a limitation on this business card. Quickr Domino uses the email attribute to obtain the business card. Therefore, email must be exposed on the Lotus Connections side for the business card to work correctly.

Enabling integration between Activities and Quickr

To enable the publishing of files to Quickr from Activities the Quickr server must be added to the white list provider for activities and then some changes are required on the oa-config.xml. To begin, open the WebSphere Administration Console.

1. Navigate to Resources - Resource Environment - Resource Environment Providers and click the QuickrWhitelistProvider link.

2. Click the Custom Properties link.

3. Click the New button.

4. Name this new property. Start the name with the word 'allow', in this case "allowQuickr". The value provided should be the hostname or IP address of the Quickr server, in this case the hostname of the Quickr server is used (quickr.example.com).

5. Click OK and save this change.

6. Check out the oa-config.xml using the wsadmin client.

Fine the block of code named "PublishFile". Set the enabled flag to true, requireSSO to true and allowCustomServers to false.

<PublishFile allowCustomServers="false" enabled="true" requireSSO="true">

<server>http://dslvm325.spnego1.mul.ie.ibm.com</server>

</PublishFile>

Resynchronize the nodes and restart the Activities component. Now the ability to publish attachments from Activity entries to Lotus Quickr is enabled via the below link.

Enabling Communities integration with Quickr

To enable integration between Communities and Quickr, the Connector must be installed. On the Deployment Manager machine do the following:

1. From the Lotus Connections Connectors for Quickr install files, find the folder named LC_Connectors_Quickr_Install. From here, locate the IM folder and from within this folder select the folder appropriate for your operating system (Windows, zLinux or Linux). From within this folder, launch install.sh.

Select the packages which are required to be installed. Click the Next button to proceed.

Accept the licence agreement and click next to continue :

Select the location where to install this package and click Next.

Select the packages to install and click Next to proceed.

Select the version of Quickr, in this case Quickr for Domino. Then select both Quickr Domino Wiki and Quickr Domino Teamspace to enable both features. Finally, provide the hostname of the Quickr server and an authentication user. This user should be an administrator on the Quickr Domino application.

Provide the location of the Lotus Connections install home directory and the fields for libraries and configuration files will be filled in automatically. The Lotus Connections install home directory may be present by default; however, use the file explorer button on the right of this field to select this location again to get the other fields to populate automatically, Click Validate to proceed. The message requesting to click validate is removed.

Once validated, click Next to proceed.

From the summary panel select Install to begin the installation.

The progress of the install is reported as shown.

After the process is completed, click the Finish button to close the installer. Resynchronize the nodes from the Deployment Manager and restart the Communities application.

After the application is restarted, when creating a community the options to include associated applications will be available. The memberships of these Quickr places will be managed from the Community.

About the Authors

Colm O'Brien is a member of the Lotus Connections System Verification Test (SVT) specialising in the area of product deployment and reliability/workload testing.

Roberto Boccadoro is a Collaborative solutions Architect in the Lotus Client Technical Professionals team.

Elena Sangalli is an IT Specialist in the Lotus Client Technical Professionals team.(See attached file: ibmdi.log)(See attached file: ibmdi.log)(See attached file: ibmdi.log)

Edit
More Actions ▼

Attachments (0)

Versions (28)

Comments (7)

Ofer Haimovich commented on Apr 23, 2012

Re: Scenario 2: Installing Lotus Connections 3.0 - Large Network Deployment

If one wants to go step by step there is a minor typo in section

5.9 Add nodes to the Deployment Manager cell before installation

addNode.bat dm.example.com 8879 -username wasadmin -password wasadmin

it should be wsadmin

Diane Weir commented on Feb 7, 2012

PDF please

The pdf downloads a 0kb document. Could you please repost it?

Ofer Haimovich commented on Nov 27, 2011

Re: Scenario 2: Installing Lotus Connections 3.0 - Large Network Deployment

While creating the db2 databases manually I got an error immediately which indicted parsing error. I noticed that in the end of line a ';' was used instead of "@". Once changed the script worked fine. It happened in a bunch of the scripts.

Michelle Mahoney commented on Aug 11, 2011

Re: Scenario 2: Installing Lotus Connections 3.0 - Large Network Deployment

PDF attachment link should be fixed now. Thanks for letting us know it was broken.

Vemana Praja commented on Aug 10, 2011

Re: Scenario 2: Installing Lotus Connections 3.0 - Large Network Deployment

PDF attachment link does not work, kindly fix it. Thanks

chris whisonant commented on May 11, 2011

DB2 Tools Catalog

You should really encourage admins to install the TOOLSDB. This is something they'll need to have installed in order to establish a native DB2 backup procedure for online database backups using the scheduler. If they don't consider the backup ramifications when they're installing the system they could possibly incur some downtime down the road to set it up later. Great article, by the way.

saroj pati commented on Apr 12, 2011

Re: Scenario 2: Installing Lotus Connections 3.0 - Large Network Deployment

Mentioning the Part number would definitely help

Copy and paste this wiki markup to link to this article from another article in this wiki.

Link: