Configuring IBM Business Automation Workflow with an existing external Content Platform Engine

Edit online

You can configure IBM® Business Automation Workflow to work with an existing external Content Platform Engine, also called an external Enterprise Content Management (ECM) system.

Before you begin

There are two ways of configuring Business Automation Workflow to work with an existing external ECM system.
  • You can configure your Business Automation Workflow deployment environment to use an empty object store in an external IBM FileNet® Content Manager installation. This configuration is useful if you set up a new Business Automation Workflow deployment environment. You cannot configure your Business Automation Workflow deployment environment to use an empty object store in an external IBM Content Manager installation immediately. You must follow the instructions in this set of steps.
  • You can configure your Business Automation Workflow deployment environment to reassign the BPM content store to the domain of an existing FileNet Content Manager installation. This configuration is useful if you already have a Business Automation Workflow deployment environment set up. For instructions, see Reassigning the BPM content store.
  • When configuring separate IBM Business Automation Workflow environments with an existing Content Platform Engine, it is possible to configure separate IBM Business Automation Workflow configurations with a single FileNet P8 domain. The requirement is for all of the separate IBM Business Automation Workflow configurations be on the same product version. For example, all IBM Business Automation Workflow configurations are V21.0.2 or V20.x. Each separate environment has its own set of unique object stores. Sharing of object stores across the different IBM Business Automation Workflow configurations is not allowed. Configuring two separate FileNet P8 domains on the same WebSphere® Application Server installation such that each FileNet P8 domain, services a different version of Business Automation Workflow is also not supported.

These prerequisites are necessary to configure IBM Business Automation Workflow with an existing external Content Platform Engine.

  • Only standard and cluster ECM environments are supported. Single server or multiple server (non-cluster) network deployment ECM environments are not supported.
  • The existing external Content Platform Engine must be configured on a profile that is enabled for Java 8. Otherwise, the Case configuration tool fails.
  • On Content Platform Engine, you must have a domain that is already set up. There might be multiple object-stores that are already set up. When you configure the Content Platform Engine, there is a three-to-three correlation between the IBM Business Automation Workflow server and the FileNet Content Manager object store. The three object stores are IBM Business Automation Workflow document store (which must be a new, empty object store), design object store, and target object store.
  • As an application server, only WebSphere Application Server is supported. In addition, if you are using a version earlier than V18.0.0.2, the WebSphere Application Server used by IBM Business Automation Workflow and the WebSphere Application Server used by the FileNet Content Manager must have the same version.
  • The same Lightweight Directory Access Protocol (LDAP) user repository must be used by both IBM Business Automation Workflow and FileNet Content Manager.
  • The same configuration properties for the Lightweight Directory Access Protocol (LDAP) must be used by both IBM Business Automation Workflow and FileNet Content Manager. For example, the user and group name attributes:
    • Business Automation Workflow - user-full-name-prop and group-name-prop
    • Content Platform Engine - userShortNameAttribute and GroupNameAttribute
    For more information, refer managing_users_extsecprov.html and https://www.ibm.com/support/knowledgecenter/SSNW2F_5.5.0/com.ibm.p8.security.doc/p8psd000.htm
  • When you create the WebSphere Application Server profile for the external Content Platform Engine, you must use a host name with a domain name suffix, for example MyDmgrHost.my_domain.com.
  • Business Automation Workflow and Content Platform Engine must have the same registry for achieving single-sign on (SSO). For example, Business Automation Workflow and Content Platform Engine both could have federated repositories such as the Virtual Member Manager (VMM) repositories. A combination of Business Automation Workflow with VMM and Content Platform Engine with a stand-alone LDAP is not supported by IBM WebSphere Application Server. If using shared LDAP repositories, they must be added to the WebSphere federated repositories on both the Content Platform Engine, as well as IBM Business Automation Workflow.

About this task

Note: You cannot reverse this configuration and return to using the IBM Business Automation Workflow embedded Content Platform Engine. After you configure, you must always use the external Content Platform Engine.

Back up your system configuration and databases before you begin this configuration. This backup means you can roll back your configuration if needed. See Backing up and restoring administrative configuration files.

Procedure

  1. Begin your configuration by checking there is no content such as folders and documents in the IBM Business Automation Workflow object store. Use the IBM Administration Console for Content Platform Engine to check there is no content.
    1. In the domain navigation tree, open Object Stores > docs.
    2. In the object store navigation tree, open Search.
    3. Click New Object Store Search.
    4. For each of the following classes, run a search: Document.
    5. If the result set is empty, there is no existing content.
    See Using the IBM Administration Console for Content Platform Engine
    Note: Any content that you do not remove from the BPM content store is deleted when you complete this configuration.
  2. Check the version level of the FileNet Content Manager. It must be a supported version to work with IBM Business Automation Workflow.
    The external Content Platform Engine version must be the same or later than the Content Platform Engine version embedded in IBM Business Automation Workflow. In 19.0.0.2, that version is 5.5.2, so the external Content Platform Engine version must be 5.5.2 or later. New features available in IBM Business Automation Workflow releases after 19.0.0.2 might not work with earlier versions of Content Platform Engine.
  3. Configure single sign-on (SSO) security for the external FileNet Content Manager, including the configuration of the user registry and trusted realm. Follow the instructions in Configuring single sign-on with LPTA for an external Content Platform Engine or Configuring single sign-on with UMS for an external Content Platform Engine.
  4. Stop the IBM Business Automation Workflow deployment environment.
  5. Start the IBM Business Automation Workflow deployment manager to have the changes take effect.
  6. Designate a user from the shared repository to be the administrator for the object store. Business Automation Workflow uses this user to do administrative operations like the creation of document class definitions. Then, map this user to the IBM Business Automation Workflow EmbeddedECMTechnicalUser role.
    1. Check that the user defined in the Authentication Alias assigned to the EmbeddedECMTechnicalUser role is a user from the shared repository.
      1. Select Servers > Deployment Environments > DE name > Authentication aliases. Note the alias name that is used for the EmbeddedECMTechnicalUser role.
      2. Select Security > Global Security. Expand the Java Authentication and Authorization Service section and select J2C authentication data. Verify that the user who is assigned to the EmbeddedECMTechnicalUser alias is a user from the shared user repository.
    2. If the user assigned to the EmbeddedECMTechnicalUser does not qualify, that is, the user is not from the shared repository, do the following steps.
      1. Create an authentication alias with credentials from the shared user repository for the Content Platform Engine administrator.
        1. In the WebSphere administrative console for the IBM Business Automation Workflow server, select Security > Global Security. The Global Security page opens.
        2. Expand the Java Authentication and Authorization Service section and select J2C authentication data. The JAAS - J2C Authentication Data page opens.
        3. Click New and add an authentication alias with LDAP credentials for the object store administrator.
      2. Change the EmbeddedECMTechnicalUser role to use the new authentication alias that you created. This authentication alias is for FileNet Content Manager. To change the EmbeddedECMTechnicalUser role to use the new authentication alias, in the WebSphere administrative console, select Servers > Deployment Environments. Select your deployment environment and continue to Authentication Aliases. You see the EmbeddedECMTechnicalUser and can modify that alias.
  7. Grant administrator roles to the user that you chose for the EmbeddedECMTechnicalUser role.
    1. Go to Users and Groups > Administrative user roles and click Add.
    2. Select Administrator, Deployer, Operator roles in the Roles list and click Search.
    3. In the Available user list, select the EmbeddedECMTechnicalUser role mapped user and add it to the Mapped to role list. Click OK to apply all changes.
    4. Log in to the Process Admin Console. In the Group Management window, search for the tw_admins and tw_authors groups, and add the EmbeddedECMTechnicalUser role mapped user to both groups.
  8. Restart the IBM Business Automation Workflow deployment manager.
  9. Synchronize the custom profiles with the deployment manager profile.
    For each custom profile, run the following command on the custom node:
    custom_profile_install_root/bin/syncNode.bat dmgr_hostname dmgr_soap_port -user de_admin_user -password de_admin_password
  10. Configure the FileNet Content Platform Engine.
    1. Log in to the IBM Administration Console for Content Platform Engine on the FileNet Content Platform Engine as a domain administrator.
    2. If you are creating a new Content Platform Engine environment, create the three object stores for the IBM Business Automation Workflow document store, design object store, and target object store. For considerations on object store configuration, see Planning for an external Content Platform Engine.
      If you are augmenting IBM Case Manager, you already have the design object store and target object store and need to create only the IBM Business Automation Workflow document store. Use the IBM Administration Console for Content Platform Engine on the FileNet Content Platform Engine as described in Creating an object store. Use the following settings:
      • Use the user from step 6 when granting administrative access to this object store. You may also use a group that contains this user.
        Important: If you don't complete this step, you might see errors in the SystemOut.log file because the ECM Technical User isn't considered a member of the Object Store Administrators.
      • Grant all users that work with IBM Business Automation Workflow basic access. You might want to use the #AUTHENTICATED-USERS security identifier as grantee to allow all users to work with the object store. The individual instance objects are automatically protected based on the teams you create in IBM Business Automation Workflow.
      • When you choose the add-ons, check that the following extensions are installed. The add-ons are part of the default configuration.
        • For IBM Business Automation Workflow document store:
          • Base Content Engine Extensions
        • For IBM Business Automation Workflow design object store and target object store:
          • Base Application Extension
          • Base Content Engine Extensions
          • Process Engine Extensions
          • Publishing Extensions
          • Stored Search Extensions
          • Worksplace Access Roles Extensions
          • Worksplace Base Extensions
          • Worksplace E-mail Extensions
          • Worksplace Forms Extensions
          • Worksplace Template Extensions
          • Worksplace XT Extensions
      • After the object stores are created, the only access rights that you will need to add to the administrative user is PRIVILEGED_WRITE. In IBM Administration Console for Content Platform Engine on FileNet Content Manager, the checkbox that you must select is Modify certain system properties (in English).
      • After the target object store is created, you must create a new "Workflow System" for it. Open the target document store, go to Administrative > Workflow System, click New, and enter the values for your environment. Make a note of the connection point name because you will need it in a later step when you run the case configuration tasks in the Case configuration tool. You can ignore the Broker servlet URL and Public listener URL in the Process Orchestration section.
      After the object stores are created, you can add a user with administrative permissions on the object store. See Update object store with new users and groups. The permissions that you must grant to the user are listed in Permissions required for the new object store.
  11.  Containers:  To use an external Content Platform Engine running in a container, follow the instructions in Configuring IBM Business Automation Workflow with an external Content Platform Engine container. Then, return to the next step.
  12. Running a command and then starting IBM Business Automation Workflow finishes the configuration. However, you must also verify that the configuration is working.
    1. Run the setBPMExternalECM admin command to configure IBM Business Automation Workflow to use an external Content Platform Engine.
      1. Ensure the IBM Business Automation Workflow deployment manager and the Content Platform Engine are running.
      2. Run wsadmin using the parameter -conntype SOAP from the dmgr_profile_root/bin directory.
      3. Run the setBPMExternalECM admin command and save your changes. Use NEW_EXTERNAL_OBJECT_STORE as the value for the -ecmEnvironment parameter. For example,:
        Important: This command results in execution times that exceed the default timeout setting for wsadmin command execution. To change the default to allow for the execution time required, open the profile_root/properties/soap.client.props file and change the value for com.ibm.SOAP.requestTimeout to 0, which means no timeout. Remember to restore the previous value after running the command.

        This command takes a long time to run. Do not close the command window.

        • Non-container version example:
          wsadmin -conntype SOAP -port 8879 -host myHostName.mycompany.com -user admin_user -password admin_password -lang jython
wsadmin>print AdminTask.setBPMExternalECM(['-clientDownloadServicePort', '9081', '-de', 'De1', '-ceUrl', 'iiop://CE.mycompany.com:2809/FileNet/Engine', '-ecmEnvironment', 'NEW_EXTERNAL_OBJECT_STORE', '-domainName', 'p8domain', '-objectStoreName', 'bpmdocs', '-designObjectStoreName', 'bpmdos'])
wsadmin>AdminConfig.save()
        •  Containers: 
          wsadmin -conntype SOAP -port 8879 -host myHostName.mycompany.com -user admin_user -password admin_password -lang jython
wsadmin>print AdminTask.setBPMExternalECM(['-clientDownloadServicePort', '9081', '-de', 'De1', '-ceUrl', 'iiop://CE.mycompany.com:2809/FileNet/Engine', '-ecmEnvironment', 'NEW_EXTERNAL_OBJECT_STORE', '-domainName', 'p8domain', '-objectStoreName', 'bpmdocs', '-designObjectStoreName', 'bpmdos'])
wsadmin>AdminConfig.save()
        Notes:
        • The host and port parameters correspond to the deployment manager server host value and its SOAP port value.
        • The -objectStoreName and -designObjectStoreName parameters are case-sensitive.
        • If you see a message that updated .jar files exist on this deployment manager node machine, you must manually copy the updated files to the other custom node machines.
        See setBPMExternalECM command.
      4. If you started the deployment manager and node agents, manually restart them.
      5. Synchronize the configuration of the nodes.
      6. Restart the IBM Business Automation Workflow deployment environment by using the BPMConfig command. BPMConfig -start. See BPMConfig command-line utility.
    2. Check for errors in the IBM Business Automation Workflow logs. If you discover errors, resolve them and restart the IBM Business Automation Workflow server.
    3. Check the CMIS component in the Component Health Center (Servers > Deployment Environments > de_name > Health Center) to verify that your external Content Platform Engine is up and running. The switch to the external Content Platform Engine removes the BPM content store configuration. Therefore, you cannot check the EmbeddedECM component anymore. Instead, check the CMIS component. The CMIS component also reports errors for the connection to the external Content Platform Engine.
    You have now configured the external Content Platform Engine. To configure case management, do the remaining steps.
  13. Optional: If you are planning to use an external IBM Content Navigator and it is not yet configured, follow the instructions in Configuring IBM Business Automation Workflow with an external IBM Content Navigator to configure it. Then, return and complete the remaining steps to configure case management.
  14. To import the external Content Platform Engine's signer and CA certificates to the Case configuration tool, follow the two steps:
    1. Import the external Content Platform Engine SSL certificate into the IBM Business Automation Workflow Case configuration tool.
      1. On the IBM Business Automation Workflow computer, access https://cpe_host_name:ssl_port/wsi/FNCEWS40MTOM to obtain the external Content Platform Engine SSL certificate from the server. See Adding trusted certificates in Liberty.
      2. Import the certificate into the IBM Business Automation Workflow JVM by using the keytool command. For example: 
        /opt/IBM/baw/java/jre/bin/keytool -import -keystore
/opt/IBM/baw/java/jre/lib/security/cacerts -storepass changeit -file
/u/CPE/certificate.crt
    2. Import the Content Platform Engine signer, see IBM Business Automation Workflow Case configuration tool returns an SSLHandshakeException error.
  15. Start the IBM Business Automation Workflow Case configuration tool by running configmgr.exe in the directory workflow-home/CaseManagement/configure.
    If the tool is run on Windows, it should be run with administrative privileges.
    Tip: If security is not a concern, enable saving passwords in the file system by clicking Windows > Preferences and selecting the Save all passwords checkbox.
  16. Open the profile configuration file with the extension.cfgp that was created when you configured your deployment environment.
    This profile file, which contains the default settings, is located in either dmgr-profile-root/CaseManagement/de name/profiles/ICM_dev or dmgr-profile-root/CaseManagement/de name/profiles/ICM_prod.
  17. Edit the setting for the remote Content Platform Engine server connection properties.
    1. Click File > Edit Profile Properties.
    2. In the first panel, click Test Connection to verify that the default values are correct and then click Next.
    3. In the second panel, click Test Connection to verify that the default values are correct and then click Next.
    4. In the third panel, replace the default settings for the embedded Content Platform Engine server with the settings for the external Content Platform Engine and then click Test Connection.
    5. Click Finish.
  18. Copy the ejb-lookup.jar file from the IBM Business Automation Workflow directory install_root/CaseManagement/configure/deploy (for example: /opt/IBM/WebSphere/AppServer/CaseManagement/configure/deploy) to the Content Platform Engine WebSphere Application Server directory install_root/lib/ext (for example: /opt/IBM/WebSphere/AppServer/lib/ext).
  19. Restart the external Content Platform Engine to cause the configuration changes to take effect.
  20. Run the enabled configuration tasks in the order in which they are listed in the Case configuration tool.
    For the details of each task, see the topic for your environment.
  21. Restart the IBM Business Automation Workflow environment.
  22. For verification, see the topic for your environment.