This sections describes the planning required for IBM Connections before installation.
LDAP (lightweight directory access protocol) is a protocol used by most Enterprise directories for talking to each other in a common language. In an IBM Connections environment, the WebSphere servers must be able to talk to a corporate directory to both authenticate users who are accessing the system and to import and manage user profiles.
In the IBM Connections pre-installation step, it is a requirement that the WebSphere Application Server server be configured to access one or more LDAP servers. It is very common to tell the WebSphere server of a host name that directs requests through a load balancer to multiple LDAP servers. Many LDAP servers are pre-configured in the WebSphere server including Microsoft Active Directory, IBM Domino, and IBM Tivoli Directory Servers, however, any LDAP compatible directory is supported.
LDAP performance and stability is critical for IBM Connections to work at all.
DNS and host names
Domain Naming System (DNS) is a distributed database management system for managing host names and their associated Internet Protocol (IP) addresses. In an enterprise environment, the host names are registered in DNS server, so that the user can query the system by host name instead of typing the IP address.
IBM Connections server uses the DNS server to query the database server, directory server, mail server and application server. The host name of the IBM Connections server must be defined as fully qualified name, for example, "connections.ibm.com".
SMTP Notifications server
IBM Connections applications uses Simple Mail Transfer Protocol (SMTP) server to send notifications to the users. The SMTP sever must be installed separately in the same network or different network.
Shared content storage location
IBM Connections server uses shared content directory to store application contents. The content directory resides in a shared repository that provides read and write accessible to the WebSphere Deployment manager and all nodes. Network File Share (NFS) V4 is recommended for UNIX and Linux platform. The following table summarizes the usage of disk space for each application in enterprise environment.
LTPA and single sign on
IBM Connections uses single sign-on (SSO) to secure the transfer of user ID and password information that users provide to be authenticated. The authentication is done once per session and then the users can switch to different applications without needing to be authenticated again.
SSO is automatically enabled when IBM Connections is installed on a single WebSphere Application Server profile or when different profiles are federated into the same cell.
IBM Connections supports several methods to implement SSO for you to choose based on how your environment was planned.
If you already have an Intranet that requires authentication, you can share the credential with your IBM Connections. For example, you have an Intranet hosted on a Domino Web Server, you can shared the credential with the IBM Connections using SSO for Domino
If you already have a Tivoli Access Manager environment, you can use WebSphere cookie-based lightweight third-party authentication (LTPA) as an SSO solution to authenticate your IBM Connections environment. You can read the uses of the SSO at IBM Connections Wiki
On our lab environment, we use SSO domain name. For the installation details, see 6.10 Post installation environment configuration
On your architecture environment, you must identify what are the components that provide sensible data to secure the communication using SSL to protect the data traffic .
You can use SSL to secure the LDAP communication during the authenticating user name and password.
To secure IBM Connections communications, you can use Secure Sock Layer (SSL) between the IBM Connections and user web browser.
The figure below represents an SSL communication between IBM Connections and LDAP server:
Step 1 - IBM Connections server requests a SSL communication using LDAP protocol (TCP Port 636).
Step 2 - LDAP servers sent a certificate to IBM Connections server, this certificate checks the validation of the certificate, if it is signed by some Certificate Authority and the Full Qualified Domain Name (FQDN) used to access the server.
Step 3 - If the IBM Connections has the certificate on the Trust store, the session can be started, if not, you must to import the certificate on the IBM Connections
Step 4 - All data are encrypted using the certificate sent on step 2, and the LDAP server can decrypt the information using the private key.
The process to import the certificate on IBM Connections is detailed on 6.10 Post installation environment configuration
Multiple language content
IBM Connections applications support multiple pre-defined languages. By default, the default language of the browser is chosen for the current user session. The customer has to consider the default language and prioritize the order of other languages for IBM Connections applications.
IBM Connections applications communicate with various backend applications. Make sure that the following conditions are met prior to starting the IBM Connections server installation.
For IBM Connections 4.0, we recommend to use 64-bit operating system server for better performance.
If the registered user is less than 1000, consider choosing a small deployment scenario, where all the applications and databases are installed in same machine. Separating the database server from IBM Connections server provides the better performance and is recommended.
If the registered user is less than 10 000, consider choosing a medium deployment scenario, where IBM Connections applications are grouped together and installed into multiple clusters.
If the registered user is higher than 10 000, consider choosing a large deployment scenario, where each application is installed into dedicated application server cluster.
50 GB of available space required for installing IBM Connections.
We recommend to use IBM WebSphere Application Server Edge components to cache the content data for IBM Connections applications.
The location of shared content storage directory must be accessible to Deployment manager and all the nodes.
Select the language used by registered users to access the IBM Connections applications. List the SMTP server details to enable notification for IBM Connections applications.
LDAP server details required prior to starting IBM Connections server installation.
Cognos Business Intelligence server can be installed prior or after to IBM Connections server
IBM Connections server supports IBM DB2, Oracle, and Microsoft SQL database server to store application data. Setup any one of the database server on dedicated server.
Populate users from the LDAP repository to the Profiles database for IBM Connections applications.
For small and medium deployment, the maximum heap size was set to 2048 MB during the installation. For large deployment the default heap size is set to 256 MB. For larger deployment, the sum of heap size of the entire application server should be less than physical memory of the server.
Configure IBM HTTP Server and add certificates to the WebSphere trust store.
By default, Common and Widget container applications are installed with News application on News Cluster. We recommend to uninstall Common and Widget container applications from News cluster and install it on a dedicated cluster.