You can configure IBM® Business Automation Workflow to work with an
existing external Content Platform Engine, also called an external Enterprise Content Management (ECM) system.
Restriction: IBM Business Automation
Workflow Enterprise Service Bus does not include
an embedded Content Platform Engine and
you cannot configure a Content Platform Engine for Enterprise Service
Bus.
Before you begin
There are two ways of configuring
Business Automation Workflow to work with an existing external ECM system.
- You can configure your Business Automation Workflow deployment
environment to use an empty object store in an external IBM
FileNet® Content Manager installation. This configuration is
useful if you set up a new Business Automation Workflow deployment
environment. You cannot configure your Business Automation Workflow
deployment environment to use an empty object store in an external IBM Content Manager installation
immediately. You must follow the instructions in this set of steps.
- You can configure your Business Automation Workflow deployment environment to reassign the BPM content store to the domain of an existing FileNet Content
Manager installation. This configuration is
useful if you already have a Business Automation Workflow deployment
environment set up. For instructions, see Reassigning the BPM document store.
- When you configure separate IBM Business Automation
Workflow environments with an
existing Content Platform Engine, it is
possible to configure separate IBM Business Automation
Workflow configurations with a
single FileNet P8 domain. The requirement is for all of the separate IBM Business Automation
Workflow configurations to be
on the same product version. For example, all IBM Business Automation
Workflow configurations are 23.0.2 or V21.0.2. Each
separate environment has its own set of unique object stores. Sharing of object stores across the
different IBM Business Automation
Workflow
configurations is not allowed. Configuring two separate FileNet P8 domains on the same WebSphere® Application
Server installation such that
each FileNet P8 domain,
services a different version of Business Automation Workflow is also not
supported.
These prerequisites are necessary to configure IBM Business Automation Workflow with an existing external Content Platform Engine.
- Only standard and cluster ECM environments are supported. Single server or multiple server
(noncluster) network deployment ECM environments are not supported.
- The existing external Content Platform Engine must be configured
on a profile that is enabled for Java 8. Otherwise, the Case configuration tool fails.
- On Content Platform Engine, you must
have a domain that is already set up. There might be multiple object-stores that are already set up.
When you configure the Content Platform Engine, you will find a
three-to-three correlation between the IBM Business Automation Workflow server and the
FileNet Content
Manager object
store. The three object stores are IBM Business Automation Workflow document store (which
must be a new, empty object store), design object store, and target object store.
- As an application server, only WebSphere Application
Server is
supported. In addition, if you are using a version earlier than V18.0.0.2, the WebSphere Application
Server used by IBM Business Automation Workflow and the WebSphere Application
Server used by the FileNet Content
Manager must have the same version.
- The same Lightweight Directory Access Protocol (LDAP) user repository must be used by both
IBM Business Automation Workflow and FileNet Content
Manager.
- The same configuration properties for the Lightweight Directory Access Protocol (LDAP) must be
used by both IBM Business Automation Workflow
and FileNet Content
Manager.
For example, the user and group name attributes:
- Business Automation Workflow - user-full-name-prop and group-name-prop
- Content Platform Engine - userShortNameAttribute and GroupNameAttribute
For more information, see managing_users_extsecprov.html and https://www.ibm.com/docs/filenet-p8-platform/5.5.x?topic=security-directory-service-providers.
- When you create the WebSphere Application
Server profile for the external
Content Platform Engine, you must use a
hostname with a domain name suffix, for example
MyDmgrHost.my_domain.com.
- Business Automation Workflow and Content Platform Engine must have the same
registry for achieving single-sign on (SSO). For example, Business Automation Workflow and Content Platform Engine both might have federated
repositories such as the Virtual Member Manager (VMM) repositories. A combination of Business Automation Workflow with VMM and Content Platform Engine with a stand-alone LDAP
is not supported by IBM WebSphere Application
Server. If you use shared LDAP
repositories, they must be added to the WebSphere federated repositories on both the Content Platform Engine and IBM Business Automation
Workflow.
About this task
Note: You cannot reverse this configuration and return to using the IBM Business Automation Workflow embedded Content Platform Engine. After you configure, you must always use the
external Content Platform Engine.
Back up your system configuration and databases before you begin this configuration. This backup
means you can roll back your configuration if needed. See Backing up and restoring administrative configuration files.
Procedure
-
Begin your configuration by checking there is no content such as folders and documents in the
IBM Business Automation Workflow object store.
Use the IBM Administration Console for
Content Platform Engine to
check that there is no content.
-
In the domain navigation tree, open .
-
In the object store navigation tree, open Search.
-
Click New Object Store Search.
-
For each of the following classes, run a search:
Document
.
-
If the result set is empty, there is no existing content.
-
Check the version level of the FileNet Content
Manager. It must be a supported version to work with IBM Business Automation Workflow.
The external Content Platform Engine version must be the same or later than the Content Platform Engine version embedded in IBM Business Automation Workflow. In 19.0.0.2, that version is 5.5.2, so the
external Content Platform Engine version must be 5.5.2 or later. New
features available in IBM Business Automation Workflow releases after
19.0.0.2 might not work with earlier versions of Content Platform Engine.
-
Configure single sign-on (SSO) security for the external FileNet Content
Manager, including the configuration of the
user registry and trusted realm. Follow the instructions in Configuring single sign-on with LPTA for an external Content Platform Engine or
Configuring single sign-on with UMS for an external Content Platform Engine.
-
Stop the IBM Business Automation
Workflow deployment
environment.
-
Start the IBM Business Automation
Workflow deployment manager to
have the changes take effect.
-
Set up a network shared directory between all computers in the IBM Business Automation Workflow cluster and the
Content Platform Engine cluster.
The shared directory must be the same on all computers. The computers must have the same
operating system.
- By default, the shared directory on the IBM Business Automation
Workflow computer is
install_root/CaseManagement/properties. If you customized
the path to the shared directory, use that customized path.
- On the Content Platform Engine
computer, create a folder with the same path as the IBM Business Automation
Workflow shared directory.
- You can mount remote file systems. You can also use network file systems or distributed file
systems to share files across computers, such as NFS, GPFS.
- By default, the shared path on the IBM Business Automation
Workflow computer is
install_root\CaseManagement\properties. If you customized
the path to the shared directory, use that customized path. If the path is a UNC path to share files
among Windows servers, use a forward slash, for example //WIN129146/shareFolder
instead of \\WIN129146/shareFolder.
- On the Content Platform Engine
computer, create a folder with the same path as the IBM Business Automation
Workflow shared directory.
- Share the directories between the computers.
-
Designate a user from the shared repository to be the administrator for the object store.
Business Automation Workflow uses this user to do administrative
operations like the creation of document class definitions. Then, map this user to the IBM Business Automation Workflow EmbeddedECMTechnicalUser role.
-
Check that the user defined in the Authentication Alias assigned to the
EmbeddedECMTechnicalUser role is a user from the shared repository.
- Select . Note the alias name that is used for the EmbeddedECMTechnicalUser role.
- Select . Expand the Java Authentication and Authorization Service
section and select J2C authentication data. Verify that the user who is
assigned to the EmbeddedECMTechnicalUser alias is a user from the shared user repository.
-
If the user assigned to the EmbeddedECMTechnicalUser does not qualify, that is, the user is not
from the shared repository, do the following steps.
- Create an authentication alias with credentials from the shared user repository for the Content
Platform Engine administrator.
- In the WebSphere administrative console for the IBM Business Automation Workflow server, select . The Global Security page opens.
- Expand the Java Authentication and Authorization Service section and
select J2C authentication data. The JAAS - J2C Authentication
Data page opens.
- Click New and add an authentication alias with LDAP credentials for the
object store administrator.
- Change the EmbeddedECMTechnicalUser role to use the new authentication alias that you created.
This authentication alias is for FileNet Content
Manager. To change the EmbeddedECMTechnicalUser role to use the new authentication alias, in the
WebSphere administrative console, select . Select your deployment environment and continue to Authentication
Aliases. You see the EmbeddedECMTechnicalUser and can modify that alias.
-
Grant administrator roles to the user that you chose for the EmbeddedECMTechnicalUser
role.
- Go to and click Add.
- Select
Administrator, Deployer, Operator
roles in the Roles list and click
Search.
- In the Available user list, select the
EmbeddedECMTechnicalUser
role mapped
user and add it to the Mapped to role list. Click OK to apply all
changes.
- Log in to the Process Admin Console. In the Group Management window, search for the tw_admins and tw_authors
groups, and add the
EmbeddedECMTechnicalUser
role mapped user to both groups.
-
Restart the IBM Business Automation
Workflow deployment
manager.
-
Synchronize the custom profiles with the deployment manager profile.
For each custom profile, run the following command on the custom
node:
custom_profile_install_root/bin/syncNode.bat dmgr_hostname dmgr_soap_port -user de_admin_user -password de_admin_password
-
Configure the FileNet Content Platform Engine.
-
Log in to the IBM Administration Console for
Content Platform Engine on the FileNet
Content Platform Engine as a domain administrator.
-
If you are creating a new Content Platform Engine environment, create the
three object stores for the IBM Business Automation Workflow document store, design
object store, and target object store. For considerations on object store configuration, see Planning for an external Content Platform Engine.
If you are augmenting IBM Case
Manager, you already have
the design object store and target object store and need to create only the IBM Business Automation Workflow document store. Use
the IBM Administration Console for
Content Platform Engine on the
FileNet Content Platform Engine as
described in Creating an object store.
Use the following settings:
- Containers: To use an external Content Platform Engine running in a container, follow the instructions in
Configuring IBM Business Automation
Workflow
with an external Content Platform Engine container. Then,
return to the next step.
-
Running a command and then starting IBM Business Automation Workflow finishes the
configuration. However, you must also verify that the configuration is working.
-
Run the setBPMExternalECM admin command to configure IBM Business Automation Workflow to use an external
Content Platform Engine.
- Ensure the IBM Business Automation
Workflow
deployment manager and the Content Platform Engine are running.
- Run wsadmin with the parameter -conntype SOAP from the
dmgr_profile_root/bin directory.
- Run the setBPMExternalECM admin command and save your changes. Use
NEW_EXTERNAL_OBJECT_STORE as the value for the
-ecmEnvironment parameter. For example,:
Important: This command
results in execution times that exceed the default timeout setting for wsadmin command execution. To
change the default to allow for the execution time required, open the
profile_root/properties/soap.client.props file and change
the value for
com.ibm.SOAP.requestTimeout
to
0
, which means no
timeout. Remember to restore the previous value after you run the command.
This command takes a
long time to run. Do not close the command window.
- Noncontainer version
example:
wsadmin -conntype SOAP -port 8879 -host myHostName.mycompany.com -user admin_user -password admin_password -lang jython
wsadmin>print AdminTask.setBPMExternalECM(['-clientDownloadServicePort', '9081', '-de', 'De1', '-ceUrl', 'iiop://CE.mycompany.com:2809/FileNet/Engine', '-ecmEnvironment', 'NEW_EXTERNAL_OBJECT_STORE', '-domainName', 'p8domain', '-objectStoreName', 'bpmdocs', '-designObjectStoreName', 'bpmdos'])
wsadmin>AdminConfig.save()
- Containers:
wsadmin -conntype SOAP -port 8879 -host myHostName.mycompany.com -user admin_user -password admin_password -lang jython
wsadmin>print AdminTask.setBPMExternalECM(['-clientDownloadServicePort', '9081', '-de', 'De1', '-ceUrl', 'iiop://CE.mycompany.com:2809/FileNet/Engine', '-ecmEnvironment', 'NEW_EXTERNAL_OBJECT_STORE', '-domainName', 'p8domain', '-objectStoreName', 'bpmdocs', '-designObjectStoreName', 'bpmdos'])
wsadmin>AdminConfig.save()
Notes:
- The host and port parameters correspond to the deployment manager server host value and its SOAP
port value.
- The -objectStoreName and -designObjectStoreName
parameters are case-sensitive.
- If you see a message that updated .jar files exist on this deployment manager node machine, you
must manually copy the updated files to the other custom node machines.
See setBPMExternalECM command.
- If you started the deployment manager and node agents, manually restart them.
- Synchronize the configuration of the nodes.
- Restart the IBM Business Automation Workflow deployment environment by using the BPMConfig command. BPMConfig
-start
. See BPMConfig command-line utility.
-
Check for errors in the IBM Business Automation Workflow logs. If you discover
errors, resolve them and restart the IBM Business Automation Workflow server.
-
Check the CMIS component in the Component Health Center () to verify that your external Content Platform Engine is up and running. The
switch to the external Content Platform Engine removes the BPM content store configuration.
Therefore, you cannot check the EmbeddedECM component anymore. Instead, check the CMIS component.
The CMIS component also reports errors for the connection to the external Content Platform Engine.
Note: Health Center is unable to check PostgreSQL.
You configured the external Content Platform Engine. To configure case
management, do the remaining steps.
- Optional:
If you are planning to use an external IBM Content
Navigator and it is
not yet configured, follow the instructions in Configuring IBM Business Automation Workflow with an external IBM Content Navigator to configure it. Then,
return and complete the remaining steps to configure case management.
- To import the external Content Platform Engine's signer and CA certificates to the Case
configuration tool, follow the two steps:
- Import the external Content Platform Engine SSL certificate into the
IBM Business Automation
Workflow
Case configuration tool.
- On the IBM Business Automation
Workflow
computer, access
https://cpe_host_name:ssl_port/wsi/FNCEWS40MTOM
to obtain the external Content Platform Engine SSL certificate from the
server. See Adding trusted certificates in Liberty.
- Import the certificate into the IBM Business Automation
Workflow JVM by using the keytool
command. For example:
/opt/IBM/baw/java/jre/bin/keytool -import -keystore
/opt/IBM/baw/java/jre/lib/security/cacerts -storepass changeit -file
/u/CPE/certificate.crt
- Import the Content Platform Engine signer, see IBM Business Automation Workflow Case configuration tool returns an SSLHandshakeException error.
-
Start the IBM Business Automation
Workflow
Case configuration tool by running
configmgr.exe in the directory
workflow-home/CaseManagement/configure.
If the tool is run on Windows, it should be run with administrative privileges.
Tip: If security is not a concern, enable saving passwords in the file system by clicking and selecting the Save all passwords checkbox.
-
Open the profile configuration file with the extension.cfgp that was
created when you configured your deployment environment.
This profile file, which contains the default settings, is located in either
dmgr-profile-root/CaseManagement/de
name/profiles/ICM_dev or
dmgr-profile-root/CaseManagement/de
name/profiles/ICM_prod.
-
Edit the setting for the remote Content Platform Engine
server connection properties.
-
Click .
-
In the first panel, click Test Connection to verify that the default
values are correct and then click Next.
-
In the second panel, click Test Connection to verify that the default
values are correct and then click Next.
-
In the third panel, replace the default settings for the embedded Content Platform Engine server with the settings for the external
Content Platform Engine and then click Test
Connection.
-
Click Finish.
- Copy the ejb-lookup.jar
file from the IBM Business Automation
Workflow
directory install_root/CaseManagement/configure/deploy (for
example: /opt/IBM/WebSphere/AppServer/CaseManagement/configure/deploy) to the
Content Platform Engine
WebSphere Application
Server directory
install_root/lib/ext (for example:
/opt/IBM/WebSphere/AppServer/lib/ext).
-
Restart the external Content Platform Engine to cause the
configuration changes to take effect.
-
Run the enabled configuration tasks in the order in which they are listed in the Case configuration tool.
For the details of each task, see the topic for your environment.
-
Restart the IBM Business Automation
Workflow environment.
-
For verification, see the topic for your environment.
- Optional: You can optionally configure the Content Services toolkit. For more
details, see Optional: Configuring the Content Services toolkit.