Preparing forfirstconnectionsinstall


Published on

Planning and Preparing For IBM Connections Install - Benelug March 2013

  • Be the first to comment

Preparing forfirstconnectionsinstall

  1. 1. Preparing For Your 1st Connections InstallGabriella Davis Paul MooneyThe Turtle Partnership
  2. 2. Today’s PlanMake sure you leave here feeling more confidentabout installing Connections 2
  3. 3. Understanding First, Planning LaterThe 8+ products that make up a Connections installWhat does what, where, how and whyDesign DecisionsBuilding a PlanSaving The Pain 3
  4. 4. Products That Make Up Connections (in install order)Operating System (take your pick but not all OS are equal)LDAP (AD, Domino, Tivoli take your pick)Databases (DB2, SQL or Oracle - something has to hold the data)Tivoli Directory Integrator (yes you must use it)IBM HTTP Server (you need a web server because WebSphere isn’t one)WebSphere Application Server (WAS 7 fixpack 23) or optionally WAS 8 forConnections 4.5– Network Deployment - more about this in a bitIBM Connections (all the applications)IBM Cognos (optional and used for producing site metrics, more on this in a bit)WebSphere Edge Server (caching , reverse proxy and load balancing - optional) 4
  5. 5. What does what, where, how and why ? 5
  6. 6. LDAP ServerWebSphere Application Server has no directory of its own– It must connect to a LDAP server to use a directoryIBM Connections supports multiple LDAP servers, including Domino and ActiveDirectoryIBM Connections uses LDAP for authentication, as well as for security and anywhereyou might browse a directory– Choosing people to share content with– Adding people to Communities– Populating profiles– Group access rights to applications LDAP Server 6
  7. 7. Databases and Database ServersConnections comprises multiple databases, each used by differentapplications and often referencing each otherConnections supports SQL, DB2, and Oracle as stores for thedatabases, but licensing is only provided for DB2 9.7 as part ofyour Connections license (DB2 10 with Connections 4.5)There can only be one database server supporting all theConnections applications LDAP Server Database Server & Databases 7
  8. 8. Tivoli Directory IntegratorTivoli Directory Integrator sits outside of Connections and is designed to synchronize databetween two data sources. In Connections those are our LDAP directory and our Databaseserver.IBM supply a graphical interface with Connections to help you perform that initial data pull andalso provide batch files for deeper customisationThere are also many scripts provided for performing regular syncs either from LDAP –PEOPLEDB or in reverse and you will need to use these to keep your Connections profilessynchronised with your directory changes. LDAP Server Tivoli Directory Integrator Database Server & Databases 8
  9. 9. WebSphere Application ServerApplication Server for Java applications– Connections is a series of Java applicationsManages and secures the applicationProvides an environment in which to run multiple applicationsWAS configuration details are held in XML files on the file system(called the Configuration Repository)– Application configuration, which is specific security, roles, or functionality for an application, is configured within that application itselfConnections can use multiple WAS servers, and would do so inanything but a pilot or small deployment– Multiple servers can be clustered together for availability 9
  10. 10. IBM HTTP ServerConnections applications install on dedicated ports such as 9081 and 9443, but noton port 80 or 443 (HTTP, HTTPS). 908x and 944x are WAS application server ports.IHS is IBM’s web server. It sits in front of the WAS servers and allows theConnections applications to be reached on standard ports 80/443 instead of theapplication ports they install underThis makes URLs cleaner and avoids having to open special ports for public accessYou can use IHS to force SSL for all traffic, to set a default URL for theConnections application, and to manage hostnames LDAP Server IBM HTTP Server Tivoli Directory Integrator Database Server & Databases 10
  11. 11. WebSphere Application Server LDAP Server IBM HTTP Server Tivoli Directory Integrator WebSphere Application Server WebSphere Application Server Database Server & Databases 11
  12. 12. Connections Applications Connections is not just one thing, it is a collection of J2EE applications hosted on WebSphere Application Servers, each serving a different purpose or feature They can be installed on one or multiple servers They can also be clustered by application• Activities (OPNACT) • Homepage (HOMEPAGE)• Blogs (BLOGS) • Metrics (METRICS)• Communities (SNCOMM) • Mobile• Dogear – Bookmarks application • Moderation (DOGEAR) • News (HOMEPAGE)• Files (FILES) • Profiles (PEOPLEDB)• Forums (FORUM) • Search (HOMEPAGE)• Help • Wikis (WIKIS) 12
  13. 13. Connections Applications LDAP Server IBM HTTP Server Tivoli Directory Integrator WebSphere Application Server IBM Connections WebSphere Application Applications Server IBM Connections Applications Database Server & Databases 13
  14. 14. CognosCognos Business Intelligence 10.1.1 and Cognos Transformer as provided aspart of your IBM Connections 4.0 licensing and can be used againstConnections data onlyThe Connections Metrics application can run pre built reports showing siteactivity, most active areas and Community activity including what pages arethe most popular LDAP Server IBM HTTP Server Tivoli Directory Integrator WebSphere Application Server IBM Connections WebSphere Application Application Server IBM Connections Application Database Server & Cognos Databases 14
  15. 15. WebSphere Edge ServerOne of the components of the WebSphere Edge Server is the reverse proxyWe use the reverse proxy in Connections to manage traffic to the serversover port 80/443 and, also, to cache requestsIt’s an optional server, but an important one if you want to deploy outsideof your firewall or you want optimal network performance but can bereplaced with any standard reverse caching proxy you may have in place LDAP Server IBM HTTP Server Tivoli Directory Integrator WebSphere Application Server IBM Connections WebSphere Application Application Server IBM Connections Application Database Server & Cognos Databases 15 WAS Edge Proxy
  16. 16. All Together NowDatabase server stores information used by the Connections applicationsThe profiles in Connections are populated into a database via TDI readingLDAPWebSphere runs and manages the Connections applications that use LDAPas a directoryIBM HTTP Server as as the proxy for traffic to the Connections applications LDAP Server IBM HTTP Server Tivoli Directory Integrator WebSphere Application Server IBM Connections WebSphere Application Application Server IBM Connections Application Database Server & Cognos Databases 16 WAS Edge Proxy
  17. 17. Design Decisions 17
  18. 18. Choosing an Operating SystemEach of the Connections components can be installed ondifferent platforms; not everything can be installed on thesame platformDon’t install on 32-bit unless you are committed to a smallscale deployment– Connections applications are memory-hungry and you are restricting your access to memory choosing 32-bitSelecting an Operating System is often a choice of which yourcompany is most comfortable supporting and maintaining– Linux is a good choice, but only if you have internal Linux skillsPay close attention to the system requirements, IBM does, andwon’t support you upgrading beyond the patch level theyspecify 18
  19. 19. Deploying WebSphereConnections is an application that is installed inside aWebSphere Application Server (WAS)Each WAS server is installed in a NodeEach Node must exist within a CellEach Node will have a Node Agent and at least one serverConnections will install onto a server inside a Node inside a CellIf you are going to have more than one WAS server to distributeyour Connections applications or cluster them, they must all beon Nodes in the same Cell– You cannot cluster across cellsYour Connections deployment will therefore have one Cell, onecluster and at least one server 19
  20. 20. Option 1 — All Applications on a Single ServerThis is a simple pilot or small deployment where youhave one instance of WAS and you have a single cell, asingle server, and all Connections applications installedon that server– To achieve this, the server will be under significant load for both processor and memory • Connections behaves very oddly if it starts being starved of resources, e.g., suddenly refusing to load pagesConnections will create clusters to group theapplications together during install– This gives you the option to add another server at a later date and make that server part of an existing cluster 20
  21. 21. Option 2 — All Applications on Multiple ServersInstall multiple WAS machines, each with all applicationsinstalled, on a single server instanceThe WAS servers will contain a primary and secondaryserver node in the same cellConnections will install all the applications onto bothserversThe servers will be clustered and the applications will usethe same Connections configuration (DB2, LDAP, TDI, etc.)To grow the environment, another server can be added at alater date, but all applications will be clustered onto thisserver too since the server contains all of the applicationsand it is the server you are clustering 21
  22. 22. Option 3 — Different Applications on Different Servers Multiple WAS servers but a single cell Each WAS server will have one or more server instances, which have one or more Connections applications installed into them In this way, you could have Profiles, Communities, and Search on their own server with Activities, Homepage, Forums, Blogs, and Wikis on another – But no failover There would be multiple defined WAS clusters to support each application group on each server instance Expanding the environment would entail creating a new server instance as a cluster member of one of the clusters; all the applications installed in that cluster would appear on that new server instance providing failover 22
  23. 23. Choosing ApplicationsSome applications are really not optional–Profiles–SearchSome are a core part of everything Connections is–Homepage–CommunitiesSome are applications you may not think areapplicable for your environment just yet–Blogs–Wikis–Metrics 23
  24. 24. Installing Applications LaterDepending upon which WAS deployment modelyou chose, installing applications after initialConnections launch can be difficult–But not impossibleIf you installed everything onto a single serverinstance under WAS, then your additionalapplications will also install into that serverinstanceIf you installed multiple clusters, then you couldchoose to create a new cluster and server instancejust for the new applications 24
  25. 25. Installing Applications Later (cont.)Deciding what applications you want immediatelyand what you might want in the future is a criticalpart of your pre-installation planning processIf in doubt, install everything. You can always hidethe items from the menus until you are ready.Many of the applications in Connectionscomplement each other. Installing only a subset ofapplications (unless you are 100% sure that is allyou will need) could mean risking the overallsuccess of your project. 25
  26. 26. Choosing LDAPLDAP is used for two things in Connections–Authenticating users – making it performance- critical–Populating profiles – making it data-criticalLDAP isn’t usually something you install, it’susually something you have already–Most companies have a central directory of users, whether that’s in Active Directory, Domino, or something else 26
  27. 27. LDAP DataWhat’s critical is the data quality of the content in theLDAP source directory– GIGO – garbage in, garbage out • Don’t populate your shiny new Connections environment with muddy dataLDAP could be a single or occasional “pull” of minimaldata, such as new user registrations/deleted users witheverything else populated directly in PEOPLEDB underyour Connections data storeMore likely, you will use your LDAP directory to gatheruser information, such as job title, phone number,location, and manager and populate that into PEOPLEDB 27
  28. 28. Designing ProfilesProfiles are at the core of everything Connections doesThey are also key to a social environment– Don’t underestimate the value of photographs and other quality data, such as job titles, locations, and managers in ProfilesYou can have different Profile Types that map , display and allowediting of different fields– You can also add additional fields to Profiles and customize labelsLaunching Connections with completed Profiles for all users hasbeen proven a significant factor in achieving buy in of the technologyExpect to go through several iterations of Profile formats and layoutsduring your pilot stage and beyond– This is good. It means people are engaging with the system and want to make it better and more useful. 28
  29. 29. Building A Plan 29
  30. 30. Start with a PlanThings you need to decide before downloading asingle file:–How many servers will you have?–Where will WebSphere be installed?–What applications are you installing?–What optional components, such as a proxy cache, are you installing?–What LDAP server will you be using?–What SMTP server will you be connecting to for sending external mail?–What database server will you be using and where will it be located? 30
  31. 31. Plan Now To Save Problems LaterThings you need to decide before installing– fully qualified hostnames for servers, these aren’t easy to change later– name and password for database administrator– name and password for WebSphere administrator (avoid special characters)– name and password for Lotus Connections database user (lcuser is default)– name and password for Cognos user– the base_dn and search scope for selecting your LDAP users for setting up profiles and authentication– where connections shared data will be stored, things like file attachments uploaded in wikis or activities , the location must be accessible to all servers– what languages people will be entering data in, so you can configure the search engine to be multi language 31
  32. 32. Start with a Plan — ProfilesIt will take some time to decide how you want yourProfiles to look–What information will come from LDAP and what will be entered locally–Where photos will come from • Pre-populating photos and profiles before you pilot to users is an enormous step in gaining buy in of the system–Validate the LDAP data quality and fix • Does your “country” attribute contain consistent wording for countries • Does your “location” attribute match what you would like to present as “location” on business cards 32
  33. 33. Planning SecurityEach application within Connections has its ownset of roles that determine what people can doThink about what you might want people to be ableto do/not do–Having groups in your LDAP directory makes it easier to manage roles within applicationsYou can’t modify application security untilinstallation is complete–It doesn’t affect your decisions for installing, but it is something you need to consider in advance 33
  34. 34. Saving The Pain 34
  35. 35. Tools You May Find UsefulRDPPuTTYSofterraText Editor for large text files (Editpad Notepad+etc)NoMachine (for Linux)WinSCP (for file transfer to *ix boxes) 35
  36. 36. Patching and VersionsIBM’s System Requirements are very specificabout patch versions supported for all OS andserver components–Verify before you start–Newer isn’t always better if it has not been tested and verified for supportAlways patch as you install and in preparation forthe next step–It’s always tempting to race ahead, installing everything planning to patch later, but that may cause failure of other elements or loss of features 36
  37. 37. Patching and Versions (cont.)Build all the servers you need, and install and patch theoperating systems to the level needed by the systemrequirementsGet the files in place on the servers– I like to download everything to one server and then distribute from there– I use WinSCP for copying files onto Linux servers • www.winscp.netThe install files are all compressed; depending on diskspeed, they may take time to uncompress– Always transfer the compressed file to the destination server, then uncompress in place 37
  38. 38. Patching WebSphere and IHSBoth WebSphere and IHS patch use a utility calledthe Update Installer–This is a separate WebSphere product you need to download and install • You should always work with the latest version of Update Installer that you can findWebSphere and IHS fixpacks are available fordownload via the Maintenance Download Wizard(including Update Installer)–The downloads should have a .pak extension. If they have a extension, then you need to rename them. 38
  39. 39. Hostnames and DNSServer names and hostnames are critical whendesigning a Connections environment–They can’t be easily changed after install–Single Sign-On is supported only if servers use the same domain extension • and are differentServer names are used for WebSphere naming of cellsand servers, so shouldn’t be more than 8 charactersMake your naming something that is specific to therole of the machine/application, not the location–Profiles is a better name than SRV44WIN-LOC 39
  40. 40. Hostnames and DNS (cont.)Write down a list of hostnames for all your servers andapplicationsIf you are installing multiple servers as part of yourConnections deployment, each will have its ownhostname– Even if you use a load balancer, each application internally will have its own hostname/urlMake sure all hostnames are registered in DNS andresolvable from every serverBefore starting the install, confirm you can ping everyserver from the server you are installing on– Including itself 40
  41. 41. Passwords for AdministrationDuring installation, you will be asked to set names and passwordsfor several things, so decide what they will be in advance– DB2 administrator account– Lotus Connections DB2 account– WebSphere administration account– Cognos administration account • One for each serverAdministration accounts for the OS to install under– You can install as something other than administrator rights, but it requires extra steps and isn’t recommendedI try and use consistent naming and password patterns for myaccounts and passwords– I keep all my WebSphere admin accounts the same to avoid confusion 41
  42. 42. ResourcesDon’t skimp on server resources, especially diskand memoryIf you run out of memory mid way through aninstall you’ll have to roll back to an earlier stateand unless you have a virtual snapshot that isn’tgoing to be easyIf you virtualise you can always dial back memorylater if it’s not being usedJVM errors in the logs are usually lack of resourceand can cause very strange side effects 42
  43. 43. DownloadsIt’s going to take a day to download all the varioussoftware - do that and get it in place on the servers.–The fixpacks for the software are all in different places, it will take you time to find itIf the servers are remote to your download locationthat could take another day especially as you haveto uncompress most of the installersDon’t leave finding and downloading software untilthe day you plan to install! 43
  44. 44. WorksheetsCreating a spreadsheet or worksheet to store all thedetails about your installs will prove invaluable toyou–IBM has supplied some with the Connections documentation to help you • Worksheet_for_installing_IBM_Connections_ic40–These worksheets can be copied and pasted into a spreadsheet, where they can be used as a starting point and modified to fit the documentation needed for your environment 44
  45. 45. WebSphere Worksheet Sample 45
  46. 46. LDAP Worksheet Sample 46
  47. 47. Test Before StartTest your LDAP server configuration works– Bind credentials you are using– The scope you intend to use gives you the users and groups you want– LDAP performance is goodTest your DNS works– Ping everything, from everywhere, under all possible names (server name and assigned hostname)If using an existing database server test:– The account you will be using to access it– The rights that account has (can it create databases and maintain them?)– Performance 47
  48. 48. Some Bonus Tips For When You’re Installing...Virtualise, always virtualise if it’s WebSphereTake snapshots after each step and remember to snapshot all related servers atonce as well as either taking snapshots or backing up the data storesPay attention to the documentation, especially the mandatory and optionalinstructions for when you’ve completed the Connections install– Most of it isn’t optional and is mandatoryMost WebSphere errors are either memory (JVM) related or database (SQL)related– if in doubt reboot– check the database server is responding and the databases don’t need re- indexingIf you’re using DB2 then IBM supply a series of scripts with Connections toenable you to perform database maintenance , look for the connections.sqldirectory in your install files and use the scripts– Database maintenance should be part of your designIf you’re getting “odd” behaviour, try a reboot, if a reboot fixes your problem andthen the problem re-occurs, you need more memory 48
  49. 49. Now The Good NewsIf you plan the actual install can be completed andtested in 3 days comfortably Off You Go & Good Luck! 49
  50. 50. Thank you...Gab 50
  51. 51. Thank (IM) (IM) (skype) (IM) gabrielladavis (skype) 51
  52. 52. Legal Disclaimer© IBM Corporation 2009. All Rights Reserved.The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, thispublication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying thatany activities undertaken by you will result in any specific sales, revenue growth or other results.IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.IJava and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.Other company, product, or service names may be trademarks or service marks of others. 52