- DL manuals
- IBM
- Software
- BS029ML - WebSphere Portal Server
- Self Help Manual
IBM BS029ML - WebSphere Portal Server Self Help Manual
ibm.com
/redbooks
Red
paper
Front cover
IBM WebSphere Portal V6
Self Help Guide
Philip Monson
Fang Feng
Jerry Dancy
Shadi Albouyeh
Chakravarthy Kunapareddy
Stephanie Martin
James Roca
John Chambers
Key recommendations for optimal
configuration and use
Problem avoidance,
determination, and resolution
Best practices for security
and maintenance
Summary of BS029ML - WebSphere Portal Server
Page 1
Ibm.Com /redbooks red paper front cover ibm websphere portal v6 self help guide philip monson fang feng jerry dancy shadi albouyeh chakravarthy kunapareddy stephanie martin james roca john chambers key recommendations for optimal configuration and use problem avoidance, determination, and resolution...
Page 3
International technical support organization ibm websphere portal v6 self help guide january 2008 redp-4339-00
Page 4
© copyright international business machines corporation 2008. All rights reserved. Note to u.S. Government users restricted rights -- use, duplication or disclosure restricted by gsa adp schedule contract with ibm corp. First edition (january 2008) this edition applies to ibm websphere portal versio...
Page 5: Contents
© copyright ibm corp. 2008. All rights reserved. Iii contents notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Vii trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 6
Iv ibm websphere portal v6 self help guide 2.6.5 ltpa token generation with webseal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.6.6 other tivoli access manager considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.6.7 ldap directory servers . . . . . . ...
Page 7
Contents v 4.3.5 reading portal runtime logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 4.3.6 typical security configuration problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 chapter 5. Websphere portal runtime and services . . . . . ...
Page 8
Vi ibm websphere portal v6 self help guide ibm education assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 how does the ibm education assistant help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 how can i access th...
Page 9: Notices
© copyright ibm corp. 2008. All rights reserved. Vii notices this information was developed for products and services offered in the u.S.A. Ibm may not offer the products, services, or features discussed in this document in other countries. Consult your local ibm representative for information on th...
Page 10: Trademarks
Viii ibm websphere portal v6 self help guide trademarks the following terms are trademarks of the international business machines corporation in the united states, other countries, or both: aix 5l™ aix® cloudscape™ developerworks® domino® db2® electronic service agent™ hacmp™ i5/os® ibm® lotus® os/3...
Page 11: Preface
© copyright ibm corp. 2008. All rights reserved. Ix preface this ibm® redpaper focuses on considerations for the optimal configuration and use of ibm websphere® portal server. We provide you with the information you need to deploy and manage your websphere portal infrastructure, with the goal of pro...
Page 12: Become A Published Author
X ibm websphere portal v6 self help guide chakravarthy kunapareddy is a senior technical consultant and an ibm certified professional working with ascendant technology ( http://www.Atech.Com ), a premier ibm business partner. He has over six years of consulting experience with the ibm suite of produ...
Page 13: Comments Welcome
Preface xi your efforts will help increase product acceptance and customer satisfaction. As a bonus, you will develop a network of contacts in ibm development labs, and increase your productivity and marketability. Find out more about the residency program, browse the residency index, and apply onli...
Page 14
Xii ibm websphere portal v6 self help guide.
Page 15: Introduction
© copyright ibm corp. 2008. All rights reserved. 1 chapter 1. Introduction this chapter provides you with an overview of this redpaper, highlights some of the new features in ibm websphere portal version 6, and provides a general description of what will be covered in each chapter. 1.
Page 16
2 ibm websphere portal v6 self help guide 1.1 purpose of this redpaper the websphere portal self help guide focuses on the who, what, where, when, and why of a websphere portal server version 6 deployment. The goal of this guide is to introduce and explain the various scenarios that you should consi...
Page 17
Chapter 1. Introduction 3 1.2 ibm websphere portal server overview figure 1-1 shows an overview of ibm accelerators for websphere portal. Figure 1-1 ibm accelerators for websphere portal ibm websphere portal version 6 is an enterprise portal solution with the complete portal services that are necess...
Page 18
4 ibm websphere portal v6 self help guide 1.3 what is new in websphere portal version 6 figure 1-2 shows an example of a business portal solution. Figure 1-2 example of business portal solution ibm websphere portal version 6.0 delivers new features, functions, and performance that helps to improve t...
Page 19
Chapter 1. Introduction 5 responsiveness and reliability, delivered by a leader in the enterprise portal market. 1.4 administration improvements there are a number of enhancements and new features in version 6 that are central to administration. Some of the highlights include: portal configuration m...
Page 20
6 ibm websphere portal v6 self help guide 1.5 structure of the redpaper figure 1-3 gives an overview of the structure of this redpaper. Figure 1-3 structure of this guide this section describes how the redpaper was constructed and provides a summary of the information that is contained within the ch...
Page 21
Chapter 1. Introduction 7 functional challenges, can affect even the best thought out and executed deployments. In appendix a, “using ibm tools to find solutions and promote customer self-help” on page 169, we discuss the usage of the various support tools to enable customers to self- recover from o...
Page 22
8 ibm websphere portal v6 self help guide.
Page 23: Architecture and Planning
© copyright ibm corp. 2008. All rights reserved. 9 chapter 2. Architecture and planning ibm understands and recognizes that many customers need to make important decisions about their websphere portal server solution, both prior to and during a deployment. With intimate knowledge of the challenges a...
Page 24
10 ibm websphere portal v6 self help guide 2.1 building the right portal architecture websphere portal server architectures come in many shapes and forms. This is in part attributed to the demands of modern day e-business, where the need to establish a robust, open, scalable, and strategic infrastru...
Page 25
Chapter 2. Architecture and planning 11 presentation integration this integration approach represents the simplest method of incorporating content into a websphere portal server deployment and is based solely upon the ability to screen scrape, either through the deployment of an iframe or web clippi...
Page 26
12 ibm websphere portal v6 self help guide inter-enterprise communication, or adopted as an enterprise wide standard for leveraging an esb, for example. Web services are not built to be high performing, so are not suitable for transactions that require very large throughput. Messaging messaging inte...
Page 27
Chapter 2. Architecture and planning 13 the following recommendations are made with regards to the selection of the most appropriate connectivity technology: use web services when portability or interface standardization is a prime concern. Use messaging when high qos constraints and loose coupling ...
Page 28
14 ibm websphere portal v6 self help guide 2.1.5 addressing non-functional requirements capturing the non-functional requirements is a preliminary task that not only provides a starting point for selecting and sizing the physical components of a portal solution, but also establishes such key aspects...
Page 29
Chapter 2. Architecture and planning 15 the following non-functional requirements are documented to articulate the critical elements of a successful implementation: availability backup and recovery capacity estimates and planning disaster recovery extensibility/flexibility failure management perform...
Page 30
16 ibm websphere portal v6 self help guide x, the actual anticipated estimated rises to 7,500 concurrent clients after two years time, which then increases the percentage to 18.75%. Normally, it is common for business requirements to state that a portal should be able to handle x number of clients c...
Page 31
Chapter 2. Architecture and planning 17 aspects of a solution architecture. By contrast, the operational model provides the description and configuration of the hardware and software technologies needed to deliver the required solution characteristics and capabilities, within the constraints of tech...
Page 32
18 ibm websphere portal v6 self help guide http server the http server provides the front end to the solution. It allows for greater concurrency and resource off loading from the portal server tier, by serving static content (html pages, for example) and dynamic content (jsp™ fragments) by way of we...
Page 33
Chapter 2. Architecture and planning 19 information systems. A modification of the product information on one eis triggers a business application that processes the data and propagates it to the other enterprise information systems. Ldap directory server a directory is often described as a database,...
Page 34
20 ibm websphere portal v6 self help guide 2.2.2 node characterization at the specification level it is strongly advised that the specification level attributes for each node in a contending websphere portal server architecture are clearly defined and documented. As such, each node should be describ...
Page 35
Chapter 2. Architecture and planning 21 2.3 operational architectures increasingly, websphere portal server customers are interested in deploying a portal in a business critical environment. However, such a requirement raises the question about how best to address such needs in terms of selecting th...
Page 36
22 ibm websphere portal v6 self help guide there are several approaches for clustering a websphere portal server version 6.0.1 implementation. The following section outlines each in detail. The single clustered architecture in a standard websphere portal server v6.0.X clustered architecture, two or ...
Page 37
Chapter 2. Architecture and planning 23 figure 2-2 a single clustered architecture key features of this architecture are: a single load balanced http server cluster (http cluster) that spans two or more physical nodes. A single webshere portal server cluster (portal cluster) deployed in a single web...
Page 38
24 ibm websphere portal v6 self help guide the multiple clustered architecture new to websphere portal server version 6.0.1 is the ability to architect multiple portal clusters within the same websphere cell. Indeed, the websphere portal server version 6.0 information center describes just such an a...
Page 39
Chapter 2. Architecture and planning 25 community data between different portal clusters, and the cluster members that participate in each, ensures consistency at the user interaction level (new to portal server v6.0.X). That is, any user customization made against one portal cluster member, by a us...
Page 40
26 ibm websphere portal v6 self help guide two independent websphere cells (cell a and cell b). Each websphere portal server cluster consists of at least two physical nodes per cluster or cell (so that each cluster is in highly available its own right). The websphere plug-in resident in each http se...
Page 41
Chapter 2. Architecture and planning 27 be propagated between clusters. This in part was attributed to the fact that the internal object ids associated with the various elements of a deployment could not be guaranteed to be unique. Any attempt, therefore, to deploy a bi-directional database replicat...
Page 42
28 ibm websphere portal v6 self help guide undertaken during a period of scheduled outage, such as during the weekend or overnight, when the respective users of the solution may be unaffected by any downtime. Alternatively, in-situ maintenance can be performed by adhering to the ibm documented 24x7 ...
Page 43
Chapter 2. Architecture and planning 29 caveat that websphere portal server prior to v6.0.X did not support database domains, the possibility that such data could be readily shared between portal instances was not feasible; the only option was the one-way transfer of such data between environments. ...
Page 44
30 ibm websphere portal v6 self help guide 2.4.4 moving a configuration between environments a common deployment approach in any it implementation is to provide separate environments for development, quality assurance, performance testing, pre-production, and production (or some subset of these). As...
Page 45
Chapter 2. Architecture and planning 31 2.5.1 scalability as mentioned previously, the ability to scale websphere portal server v6.0.1, or any other websphere application server for that matter, is essentially achieved by clustering. Clustering allows requests to be workload managed (wlm'ed) between...
Page 46
32 ibm websphere portal v6 self help guide 2.5.3 websphere queuing mechanism in order to understand how to maximize performance, it is necessary to understand the websphere queuing mechanism. Websphere implements a componentized architecture, channeling requests through a number of queues. These que...
Page 47
Chapter 2. Architecture and planning 33 the ability to queue requests in the network layer is a critical part of the websphere queuing mechanism. For example, if there are more connection requests than available web container threads, then connections start to backlog, waiting for threads to be free...
Page 48
34 ibm websphere portal v6 self help guide 2.5.5 separation of wcm from portal servers although wcm is an integrated sub-component of websphere portal server v6.0.1, for reasons attributed to performance and scalability, one ibm recommended best practice is that wcm is externalized in its own instan...
Page 49
Chapter 2. Architecture and planning 35 architecting a minimum of three web servers is also recommended from the point of view that, if a web server should fail or be taken out of service in a two-server model, then the remaining server has the potential to become overloaded. Load balancing is most ...
Page 50
36 ibm websphere portal v6 self help guide 2.5.8 portlet application jvm considerations portlet applications, like any other java based applications, when deployed into websphere portal server, reside within the same jvm and therefore share resources, such as jvm heap space and the web container thr...
Page 51: 2.6 Security
Chapter 2. Architecture and planning 37 2.6 security security within the enterprise has become increasingly more important and complex as distributed systems and internet technology have merged. The issue can hardly be ignored, as security breaches are announced in the news on a daily basis. While s...
Page 52
38 ibm websphere portal v6 self help guide external security managers also address much larger problems, such as enterprise sso (single sign-on), complex authentication, and centralized authorization. 2.6.3 single sign-on (sso) single sign-on (sso) is the term used to describe a system or mechanism ...
Page 53
Chapter 2. Architecture and planning 39 sso is a function of the underlying websphere application server instance. As such, there is no concept of a reverse authenticating proxy server, which could otherwise be place in a dmz for added security. Pseudo-sso is achieveable with the use of the credenti...
Page 54
40 ibm websphere portal v6 self help guide single sign-off one often neglected aspect of sso is the allied sign-off or sign out action associated with a user session. This is especially important because it is not uncommon for the back-end servers participating in the sso realm to create and issue t...
Page 55
Chapter 2. Architecture and planning 41 all communication should be over ssl; the link from webseal to the web server must use client certificate authentication, and the same must be true for the link from the web server to the embedded web container of the underlying websphere application server in...
Page 56
42 ibm websphere portal v6 self help guide webseal high availability the failure or outage, either scheduled or unscheduled, of a webseal server will result in the need for a user to re-authenticate unless a suitable mechanism is configured to handle such conditions. Load balancer affinity normally ...
Page 57
Chapter 2. Architecture and planning 43 one may wish to consider cars as an alternative to exploiting the generic unix syslogd for centrally collecting audit events in a distributed environment, as the standard syslogd does not provide encryption or any guarantee of delivery by being based on udp. 2...
Page 58
44 ibm websphere portal v6 self help guide figure 2-5 ldap basic dit design ldap schema design by default, the websphere portal server configuration assumes that the underlying ldap directory schema uses the object class applicable to the selected ldap directory version, for example, inetorgperson w...
Page 59
Chapter 2. Architecture and planning 45 iteratively searching through the member list of all groups. A second limitation of the lotus domino ldap implementation is that the number of members in a group is limited by the size of the field. To work around this issue, nested groups can be implemented, ...
Page 60
46 ibm websphere portal v6 self help guide bottleneck, as this will have the potential to impact the overall performance of websphere portal server. When using ldap over ssl (ldaps), care should be taken when utilizing a load balancer as described above. Ldaps not only establishes a jndi context aga...
Page 61
Chapter 2. Architecture and planning 47 in this section, we provide a high-level overview of the two of the most common deployment options. The dual cluster with two lines of production architecture figure 2-6 depicts a dual clustered websphere portal server v6.0.X architecture supporting “two lines...
Page 62
48 ibm websphere portal v6 self help guide the geographically deployed architecture in a geographically deployed websphere portal server v6.0.X architecture, as shown in figure 2-7, each geography maintains its own set of databases. Each database would be highly available in its own right. However, ...
Page 63
Chapter 2. Architecture and planning 49 websphere portal server instance associated with a stand-alone wcm deployment can be managed on the same machine in isolation. 2.7.4 database high availability to safeguard against catastrophic failure of the proposed websphere portal server solution, it is es...
Page 64
50 ibm websphere portal v6 self help guide figure 2-8 gives an overview of the db2 hadr. Figure 2-8 db2 hadr without hadr, the length of time it takes to cut over from a database failure is unpredictable. It can take several minutes or hours before the failure is solved and the database is available...
Page 65
Chapter 2. Architecture and planning 51 failure and issue the takeover hadr command. There is no requirement to configure it to do any disk takeover, ip address takeover, or anything else, so the configuration is straightforward. When it detects that the primary has failed, hacmp or tsa will run the...
Page 66
52 ibm websphere portal v6 self help guide project. For a complete listing of available patterns, consult the ibm patterns for e-business web site at: http://www.Ibm.Com/developerworks/patterns adopt the portal build & validate methodology in establishing a portal build & validate methodology, we ac...
Page 67
Chapter 2. Architecture and planning 53 deployment and cutover plan deployment can impose a great deal of change and stress for any organization. Therefore, ensuring a smooth deployment is a key factor in satisfying any stakeholder. A deployment and cutover plan, as such, should minimize the impact ...
Page 68
54 ibm websphere portal v6 self help guide.
Page 69
© copyright ibm corp. 2008. All rights reserved. 55 chapter 3. Websphere portal installation this chapter contains information that will guide you through the installation of your websphere portal server. This chapter includes the following topics: installation database transfer enable security prob...
Page 70: 3.1 Installation
56 ibm websphere portal v6 self help guide 3.1 installation there is a great deal of information contained in this chapter so in an effort to prevent you from feeling overwhelmed, we recommend that you review the content that most relates to your environment. 3.1.1 how do i prepare my system for ins...
Page 71
Chapter 3. Websphere portal installation 57 preparing a linux machine: http://publib.Boulder.Ibm.Com/infocenter/wpdoc/v6r0/topic/com.Ibm.Wp.Ent.Doc/wp f/os_linux.Html preparing a solaris machine: http://publib.Boulder.Ibm.Com/infocenter/wpdoc/v6r0/topic/com.Ibm.Wp.Ent.Doc/wp f/os_solaris.Html prepar...
Page 72
58 ibm websphere portal v6 self help guide – validates the operating system. Installs websphere application server base. Websphere application server base is upgraded to v6.0.2.9. Websphere application server fixes installed: http://www-1.Ibm.Com/support/docview.Wss?Rs=688&context=sshrkx&context=ssb...
Page 73
Chapter 3. Websphere portal installation 59 the key difference between the custom installation scenario and the typical install is seen during the validation phase when the currently installed websphere application server version is detected and a check is done to see if any websphere application se...
Page 74
60 ibm websphere portal v6 self help guide empty install the empty portal installation scenario installs websphere portal without the installation and deployment of default portlets and without the pages that are normally created with the typical and custom installation scenarios. The empty portal i...
Page 75
Chapter 3. Websphere portal installation 61 figure 3-1 empty portal default page if you are attempting to improve portal startup performance, you may try to stop applications that are not needed. Another area where startup performance (and memory usage) could be saved is to disable applications that...
Page 76
62 ibm websphere portal v6 self help guide bookmarks.War xslt.War sql.War cppmail.War bannerad.War csv.War domdoc.War exchange3.War marketwatch.War welcomeportlet.War blurb.War spellcheckerservice.War lotusdocviewer.War exchange2003.War quickplaceinline.War lwp_cai lwp_tai content_j2ee dmdesktop icm...
Page 77
Chapter 3. Websphere portal installation 63 download sites, then refer to the websphere portal v6.0 components outlined in this document: http://www-1.Ibm.Com/support/docview.Wss?Rs=688&uid=swg24012969 now that you have the appropriate e-assembly or e-assy image name, perform the following steps to ...
Page 78
64 ibm websphere portal v6 self help guide for more information about self registration of users, refer to the websphere portal information center section titled “signing up to the portal” and “adding new users” located at: http://publib.Boulder.Ibm.Com/infocenter/wpdoc/v6r0/topic/com.Ibm.Wp.Ent.Doc...
Page 79: 3.2 Database Transfer
Chapter 3. Websphere portal installation 65 systemout.Log the loading of websphere portal begins with the trace output, as shown in example 3-6. Example 3-6 systemout.Log trace output [ 7/30/07 18:09:03:781 edt] 00000016 webgroup a srve0169i: loading web module: websphere portal server. [7/30/07 18:...
Page 80
66 ibm websphere portal v6 self help guide 3.2.1 planning and considerations websphere portal v6 provides new options to address scalability and redundancy in your enterprise deployments. If you choose to transfer to an external database, we recommend that you do so before you add a large amount of ...
Page 81
Chapter 3. Websphere portal installation 67 database domains with websphere portal server v6, the content repository has been separated into database domains. The separation of domains increases the flexibility for organizations by permitting: single instances of websphere portal server to share por...
Page 82
68 ibm websphere portal v6 self help guide 4. If you are connecting to an external database remotely, create the database(s) you plan to utilize as instructed in the infocenter instructions. Users of db2 have the convenience of having websphere portal server create the databases locally by running ....
Page 83
Chapter 3. Websphere portal installation 69 table 3-1 database transfer preparation checklist 3.2.3 what is about to happen we recommend that you perform the database transfer before you use websphere portal extensively if you choose to transfer data to another supported database, since large amount...
Page 84
70 ibm websphere portal v6 self help guide if you want to transfer your data to another supported database, you will need to follow the steps specific to the type of database you are using, for example, db2, oracle, or sql server™. By this point, you should have planned for the database you wish to ...
Page 85
Chapter 3. Websphere portal installation 71 for windows: wpsconfig.Bat database-transfer -drelease.Dbpassword=password -dcustomization.Dbpassword=password-dcommunity.Dbpassword=password -djcr.Dbpassword=password -dwmm.Dbpassword=password -dfeedback.Dbpassword=password -dlikeminds.Dbpassword=password...
Page 86: 3.3 Enable Security
72 ibm websphere portal v6 self help guide 3. Once websphere portal server is up and running and you have verified that there are no errors, open a web browser and direct it to one of the following url (depending on your deployment configuration): – single server deployment: http:// hostname.Example...
Page 87
Chapter 3. Websphere portal installation 73 system requirements it is important to conduct a preliminary review of your system hardware and software in both new and existing ldap infrastructures to ensure that they meet the supported levels for websphere portal server. The infocenter is routinely up...
Page 88
74 ibm websphere portal v6 self help guide filtering group information: the default filter information provided with your ldap server is very generic in nature and geared toward searching and entire directory. Custom filters should be used to drill down to the subset of users in the ldap tree to red...
Page 89
Chapter 3. Websphere portal installation 75 2. Ldap design: while it is possible to set up websphere portal server with only one user and one group, this is not advisable. The ldap schema design and directory information tree (dit) should ideally be thoughtfully planned and agreed to by all stake ho...
Page 90
76 ibm websphere portal v6 self help guide 6. For most platforms, you have the option of enabling security manually using the command line, or transferring the database using the configuration wizard. Regardless of the process you choose, you will need to modify the wpconfig.Properties and the helpe...
Page 91
Chapter 3. Websphere portal installation 77 3.3.3 what is about to happen after installation, websphere portal version 6 is installed with security enabled so the websphere portal is functional right after installation and the configuration is suitable for a simple environment like unit tests or dev...
Page 92
78 ibm websphere portal v6 self help guide once you have selected the type of ldap for which you wish to configure security, proceed with the installation, the creation of required users and groups, the setup, disabling security, configuring, and verification of the ldap. When configuring domino dir...
Page 93
Chapter 3. Websphere portal installation 79 user registry → tivoli directory server/ibm secureway/domino directory/active directory/novell edirectory/sun™ system directory server → configuring (your specific ldap user registry name here) → non-realm/realm support in the infocenter at: http://publib....
Page 94: 3.4 Problem Determination
80 ibm websphere portal v6 self help guide 2. Shut down your websphere portal server and back up the systemerr.Log and systemout.Log files located in the wp_root/log directory. Once the logs have been backed up, delete the existing systemerr.Log and systemout.Log files so that fresh log files are cr...
Page 95
Chapter 3. Websphere portal installation 81 should help you determine at what point the installation is failing to get a better idea of how to go about correcting the issue on your system. In addition to the wpsinstall.Log, you will also need to review the logs that can be found in the system define...
Page 96
82 ibm websphere portal v6 self help guide multiple domains if the dbuser, dburl, and dbpassword properties are not the same values across domains, the dbdomain.Datasourcename value should be changed for those domains that differ from the rest. The value for the dbdomain.Datasourcename should not be...
Page 97
Chapter 3. Websphere portal installation 83 incorrect privileges for the ldapbindid unless anonymous searches are allowed, the ldapbindid should have, at a minimum, permission to read and search a subset of the directory information tree specified in the ldap suffix entry. Confirm the privileges of ...
Page 98
84 ibm websphere portal v6 self help guide.
Page 99: Websphere Portal Security
© copyright ibm corp. 2008. All rights reserved. 85 chapter 4. Websphere portal security ibm websphere portal provides personalized access to applications and processes, ranging from small and simple applications to complex enterprise information systems. It aggregates the content from different dat...
Page 100
86 ibm websphere portal v6 self help guide 4.1 planning and considerations in this section, we will address the basic concepts, planning issues, and considerations while configuring websphere portal security. 4.1.1 the basics ibm websphere portal provides personalized access to applications and proc...
Page 101
Chapter 4. Websphere portal security 87 figure 4-1 the general view of a websphere portal deployment 4.1.2 websphere member manager (wmm) websphere member manager for websphere application server handles member data and profiles. In the context of wmm, four types of members are supported: person, gr...
Page 102
88 ibm websphere portal v6 self help guide currently, wmm support the following major commercial ldap servers: ibm tivoli directory server microsoft® active directory® sunone directory server ibm lotus domino application server novell edirectory wmm implements the wmmldap as an abstraction layer, in...
Page 103
Chapter 4. Websphere portal security 89 when an application, such as websphere portal, uses member manager, the application may have its own application-specific repository for data that is related to the member in member manager. This means the application needs a linkage for the data of a member m...
Page 104
90 ibm websphere portal v6 self help guide for accessing the user profile and group information, wmm provides the custom member repository (cmr) module. The two classes are: com.Ibm.Websphere.Wmm.Registry.Wmmuserregistry (cur) com.Ibm.Ws.Wmm.Db.Databaserepository (cmr) and can be respectively found ...
Page 105
Chapter 4. Websphere portal security 91 for all details about sso, ltpa and related topics, refer to the websphere application server information center. 4.1.5 websphere portal login process it is very important to understand the basic login process in websphere portal security. It is the key in fin...
Page 106
92 ibm websphere portal v6 self help guide registry configured in websphere application server, and then, if this authentication succeeds, creates the ltpa cookie. Taking the stackable feature of the jaas model, the portal_ltpa jaas configuration can also be extended by custom login modules, such th...
Page 107
Chapter 4. Websphere portal security 93 to obtain details, refer to the white paper understanding and configuring websphere portal login and logout , found at: http://www.Ibm.Com/developerworks/websphere/library/techarticles/0706_buchwald/070 6_buchwald.Html 4.1.6 portal access control (pac) the acc...
Page 108
94 ibm websphere portal v6 self help guide understanding the hierarchy of protected resources is the key to having a clear picture of the permissions assigned to the nodes on the tree. The permission inheritance plays a crucial role in the runtime decision making of the portal access control. Figure...
Page 109
Chapter 4. Websphere portal security 95 when the pac configuration is to be persisted, the datastore persistence layer is called to pass the configuration data to the portal database. The portal access control runtime decision module has to retrieve the persisted permission data through the datastor...
Page 110
96 ibm websphere portal v6 self help guide the general guidelines for configuring pac are summarized in the white paper performance tuning of portal access control , found at: http://www.Ibm.Com/developerworks/websphere/library/techarticles/0508_buehler/0508 _buehler.Html although this white paper w...
Page 111
Chapter 4. Websphere portal security 97 webseal, a component in tivoli access manager, acts as a reverse proxy server that intercepts all web requests coming into the portal web site. When a protected resource is accessed and the user has not been authenticated, webseal challenges the user by consul...
Page 112
98 ibm websphere portal v6 self help guide 4.2.2 reconfigure security in websphere portal version 6, the resource permissions are all keyed on the extid of the users or groups. This makes the security reconfiguration much more involved. The reason is that switching the ldap server implies all extids...
Page 113
Chapter 4. Websphere portal security 99 in the following discussion, we assume the user ids used for the purposes above are all different. After the discussion, readers can easily extrapolate the cases if the user ids may play multiple roles. The portal admin user’s password is not stored in any of ...
Page 114
100 ibm websphere portal v6 self help guide you can extend an existing standard ldap objectclass such as inetorgperson to incorporate the new attributes. This must be done using the ldap server utility and in the ldap server. In the websphere member manager (wmm), you need to add this new objectclas...
Page 115
Chapter 4. Websphere portal security 101 client certificate permits portal server to use tam authentication services. The default expiration date of this client certificate is 365 days. The portal configuration tasks cannot be used to reconfigure the client certificate. You have to run the following...
Page 116: 4.3 Problem Determination
102 ibm websphere portal v6 self help guide – updates “wp authencationservice” to enable the jaas login module portal_login. As of the writing of this redpaper, portal development is testing a new configuration task for supporting tai++, with which we no longer create callbackheaderslist.Properties ...
Page 117
Chapter 4. Websphere portal security 103 document system changes you should always document the system changes made, no matter whether it is a configuration change, or deployment of applications, or a fix pack or interim fixes. The change logs should be made available online, such that other people ...
Page 118
104 ibm websphere portal v6 self help guide the audit log entries would look like the ones shown in example 4-2. Example 4-2 audit log examples [08/08/07 19:07:37:703 edt] i audit 0000011447bbb24a000000020000069d84c32de6073235ad5834768ac19ebc8ad33e21210000011447 bbb24a000000020000069d84c32de6073235a...
Page 119
Chapter 4. Websphere portal security 105 files, such as configtrace.Log, systemout.Log, and systemerr.Log, as well as trace.Log, if any traces are enabled. Always keep the evidence for the “crime scene”. A verification checklist of a working system with security enabled after the security is enabled...
Page 120
106 ibm websphere portal v6 self help guide depending on the environment, you may want to increase the size of log file and the historical copies of these files to a larger value. For example, you can set the file size to 20 mb and the number of files to 10. Thus, you would effectively have about ar...
Page 121
Chapter 4. Websphere portal security 107 the most commonly used portal security trace strings ( authbase >) are: com.Ibm.Wps.Engine.*=all:com.Ibm.Wps.Puma.*=all:com.Ibm.Wps.Services.Puma.*=all:co m.Ibm.Wps.Sso.*=all:com.Ibm.Wps.Services.Authentication.*=all in most problems related to security, we r...
Page 122
108 ibm websphere portal v6 self help guide the traces can be enabled statically through the websphere application server’s administrative console (under the configuration tab), or by directly editing the file server.Xml for that application server. Alternatively, the traces can also be enabled dyna...
Page 123
Chapter 4. Websphere portal security 109 when the traces are enabled statically, the trace specification should be shown at the top of the log: [8/2/07 11:51:32:609 edt] 0000000a manageradmin i tras0017i: the startup trace state is *=info:com.Ibm.Ws.Wmm.*=all:com.Ibm.Websphere.Wmm.*=all:wsmm=all:com...
Page 124
110 ibm websphere portal v6 self help guide one of the often asked question is how we can see whether the browser has received the ltpa token, especially during debugging of single sign-on problems. If the browser supports javascript, the most straightforward way is to type javascript:alert(document...
Page 125
Chapter 4. Websphere portal security 111 interceptorclassname="com.Ibm.Ws.Security.Web.Tamtrustassociationinterceptorplus"/> singlesignon xmi:id="singlesignon_1" requiresssl="false" domainname="acme.Com" enabled="true"/> bytearray="d7zrpa3tyjvf5+xscycdphr4oav4ciirp0y1xrhjpjwyeujbrxsprd3pstzl9r4e22jc...
Page 126
112 ibm websphere portal v6 self help guide value="c:/ibm/websph~1/portal~1/wmm/wmmwasadmin.Xml" required="true"/> userregistryrealm " value="corpldap.Acme.Com:389" required="false"/> serverid="uid=wasadmin,ou=people,ou=dept,o=acme.Com" serverpassword="{xor}hb8rew8ahy0\=" realm="corpldap.Acme.Com:38...
Page 127
Chapter 4. Websphere portal security 113 value="com.Ibm.Ws.Security.Common.Auth.Module.Wsclientloginmoduleimpl"/> moduleclassname="com.Ibm.Ws.Security.Common.Auth.Module.Proxy.Wsloginmoduleproxy" authenticationstrategy="required"> value="com.Ibm.Ws.Security.Common.Auth.Module.Wsloginmoduleimpl"/> mo...
Page 128
114 ibm websphere portal v6 self help guide authdataentries xmi:id="jaasauthdata_1174051597218" alias="wp6vm_c/samples" userid="samples" password="{xor}lg4+mi8zoiw=" description="jaas alias for websphere samples"/> password="{xor}dtovmz48ogg2kzcgmcotgz0eozi2mq8oow==" description="jaas alias for data...
Page 129
Chapter 4. Websphere portal security 115 websphere member manager (wmm) configuration files the main configuration files for the websphere member manager (wmm) are inside the directory /wmm, which is outside of the scope of the websphere application server. In a clustered environment, in order for t...
Page 130
116 ibm websphere portal v6 self help guide defaultprofilerepository="ldap1"/> rdnattrtypes="cn" defaultparentmember="ou=groups,ou=dept,o=acme.Com" defaultprofilerepository="ldap1"/> uuid="la" adapterclassname="com.Ibm.Ws.Wmm.Lookaside.Db.Lookasideadapter" supportdynamicattributes="true" datasourcen...
Page 131
Chapter 4. Websphere portal security 117 rdnattrtypes="cn" objectclassesforread="groupofuniquenames" objectclassesforwrite="groupofuniquenames" searchbases="ou=groups,ou=dept,o=acme.Com"/> within the wmm configuration, the default realm name is set to portal. If you prefer a different name, you can ...
Page 132
118 ibm websphere portal v6 self help guide wmmldapserverattributes.Xml this file maps the wmm attribute reference names to the actual attribute names in ldap server. The wmm attribute name is like a logical name and used in the calls to wmm. They can be different from the ones used in the ldap serv...
Page 133
Chapter 4. Websphere portal security 119 make sure the location of this pointer in the cluster configuration is correct. In order for the admin user to be able to access the virtual portals configured with the realms defined, we recommend adding the admin user “wpsadmin” to every realm, as shown in ...
Page 134
120 ibm websphere portal v6 self help guide to the jvm runtime log files to show the correlations of the events by matching their timestamps. Application server startup the first thing to look for is whether there are any exceptions. Not all exceptions are critical to the portal server. Some of them...
Page 135
Chapter 4. Websphere portal security 121 adminconsole application startup unlike version 5.1, the adminconsole application now is running on the application server, websphere_portal, using the default port 10027. The following lines identify its successful startup: [8/2/07 11:53:00:672 edt] 0000000a...
Page 136
122 ibm websphere portal v6 self help guide since pumaservice is the base for websphere portal security, its failure would cause the portal server to fail. Configtrace.Log this file contains important messages for all configuration tasks. It should never be discarded. The portal configuration comman...
Page 137
Chapter 4. Websphere portal security 123 if the bind user has the password problem with the ldap server, the access to the ldap server might be prohibited and the authentication would also fail. In this case, you may see ldap error code: insufficient access rights in the log. Login failure imagine t...
Page 138
124 ibm websphere portal v6 self help guide slow login when customers report a problem of slow login, usually they mean the span between the time when they submit their user id and password, and the time when the first page is rendered. It is beneficial to understand what happens after the user id a...
Page 139
Chapter 4. Websphere portal security 125 ... [8/3/07 11:27:54:562 edt] 0000003f authenticatio 1 com.Ibm.Wps.Services.Authentication.Authenticationserviceimpl wasauthentication (1) new logincontext [8/3/07 11:27:54:562 edt] 0000003f authenticatio 1 com.Ibm.Wps.Services.Authentication.Authenticationse...
Page 140
126 ibm websphere portal v6 self help guide objectid: [extidimpl '9eaeopd8ms4743d0jm466jd4jm46ghc4mm074bd6jm8c4jo2mh56kpd46socg1' [87d99d40-1f62-102b-8d53-bdbac147b8f0 / user, domain: [domain: rel]]] descriptor: com.Ibm.Wps.Datastore.Impl.Principaldescriptorimpl@1c8717ba objectid: [extidimpl '9eaeop...
Page 141
Chapter 4. Websphere portal security 127 if you suspect the page rendering is the bottleneck, try to eliminate the portlets on the page one at a time to find the most time consuming ones, and move them to the secondary pages. The design of the welcome page should be kept as simple as possible to avo...
Page 142
128 ibm websphere portal v6 self help guide association interceptor configuration. Further investigation should be done with the traces enabled, using the trace strings given in table 4-5 on page 107. The more complicated cases are from the failure of multiple servers. Besides the things mentioned a...
Page 143
Chapter 4. Websphere portal security 129 badpaddingexception occurred in this case, and is due to different ltpa keys being used to generate the ltpa token; the failing server could not decrypt the ltpa token. Problems in search of users or groups the manage users and groups portlet plays important ...
Page 144
130 ibm websphere portal v6 self help guide if you have trouble finding either users or groups, use an ldap tool to verify that the settings in the wmm configuration is correct. When wmm issues search requests to the ldap server, it generates the search filter to use the parameters “wmmsecurityattri...
Page 145
Chapter 4. Websphere portal security 131 the search base to verify whether the user is in every one of them. When configuring websphere application server security, you can take advantage of this feature if the underlying ldap has such an attribute. For example, in the case of ibm tivoli directory s...
Page 146
132 ibm websphere portal v6 self help guide check configtrace.Log when any of the configuration tasks fail, the first thing to look into is configtrace.Log. When you find the message build failed, scroll up to find the failure error messages close, which should look like something similar to: run-pd...
Page 147
Chapter 4. Websphere portal security 133 [8/17/07 16:45:23:294 edt] 2934440 servletinstan e srve0100e: did not realize init() exception thrown by servlet portal: javax.Servlet.Unavailableexception: initialization of one or more services failed. In this case, an expired client certificate caused the ...
Page 148
134 ibm websphere portal v6 self help guide a lot of pac related problems are due to the settings in the pac cache settings. People should understand that the cache settings in a production environment is very different from those in a development environment. In a development or test environment, t...
Page 149
Chapter 4. Websphere portal security 135 the commonly seen ssl handshake problems are summarized in table 4-6. Table 4-6 ssl handshake exceptions reference the websphere information center for details about these exceptions and how to resolve them. Step 2: verify certificates depending on what key o...
Page 150
136 ibm websphere portal v6 self help guide.
Page 151: Websphere Portal Runtime and
© copyright ibm corp. 2008. All rights reserved. 137 chapter 5. Websphere portal runtime and services in this chapter, we discuss the websphere portal server v6.0.X runtime architecture and the important components that are involved. We will also discuss optimizing the environment, performance tunin...
Page 152: 5.1 Overview
138 ibm websphere portal v6 self help guide 5.1 overview websphere portal server provides an extensible framework for interacting with enterprise applications, content, people, and processes. As such, websphere portal server acts as a central access point for content, aggregating and displaying cont...
Page 153
Chapter 5. Websphere portal runtime and services 139 in addition, websphere portal server leverages the foundation capabilities provided by websphere application server or websphere process server (certain restrictions apply). 5.1.2 portal foundation and framework although it is usual to refer to we...
Page 154
140 ibm websphere portal v6 self help guide the jsp views of a portlet can use websphere personalization rules and recommendations in the same way that any jsp page does. This allows the content within the portlet to be personalized, based on the rules and recommendations. Rule and recommendations c...
Page 155
Chapter 5. Websphere portal runtime and services 141 cache manager service is responsible for managing the different caches used in websphere portal version 6.0.X. The portal provides two different types of caches: shared and non-shared. The shared caches are cluster aware. This means that deleting ...
Page 156: 5.2 Optimization
142 ibm websphere portal v6 self help guide registry service loads and caches a small number of objects that are regularly accessed in the engine. This improves performance; however, the trade off is that the cached objects are possibly stale compared to their database counterparts. This applies par...
Page 157
Chapter 5. Websphere portal runtime and services 143 for more information about websphere portal server performance tuning and a detailed explanation of the parameters, refer to the official ibm websphere portal version 6.0 tuning guide , found at: http://www-1.Ibm.Com/support/docview.Wss?Uid=swg270...
Page 158
144 ibm websphere portal v6 self help guide setting the jvm heap size to or greater than 1 gb on aix necessitates reducing maxdata (the boundary between the permissible data area and the shared memory region in the aix memory model). However, this shift effectively steals segments from the data area...
Page 159
Chapter 5. Websphere portal runtime and services 145 %cpu. More gc threads (-xgcthreads n ) will provide more mark stacks (and queues), which means less likelihood of a mark stack overflow. A java heapdump analysis may also help. Just-in-time compiler (jit or jitc) by default, the ibm jvm ships with...
Page 160
146 ibm websphere portal v6 self help guide as the portal server places a greater demand on jvm memory, you should increase the java minimum and maximum heap sizes accordingly. To view or modify the sun jvm settings from the websphere application server administrative console, select servers → appli...
Page 161
Chapter 5. Websphere portal runtime and services 147 if you experience performance degradation and high %cpu, consider enabling a verbose garbage collection (gc) trace either through the websphere application server administrative console check box or by using the -verbose:gc parameter. Full gc cycl...
Page 162
148 ibm websphere portal v6 self help guide 5.2.5 web container the web container serves to “gate” the amount of incoming http requests. The larger the number of threads, the higher the number of concurrent requests are allowed to enter the web container. At some point, however, the number of concur...
Page 163
Chapter 5. Websphere portal runtime and services 149 custom web container settings in addition to the generic parameters just discussed, there exists a number of custom parameters that can be further defined to improve the characteristics of the web container. Among these, control of a web container...
Page 164
150 ibm websphere portal v6 self help guide adopting this approach fits well with the paradigm that the websphere queuing mechanism is designed to converge towards the back end, where resources are deemed more expensive. Of course, you should ensure that the total number of maximum connections speci...
Page 165
Chapter 5. Websphere portal runtime and services 151 security cache timeout websphere application server caches security information related to each authenticated user to save, repeating subsequent user-registry lookups when a user’s security credential expires. This setting controls how long, in se...
Page 166
152 ibm websphere portal v6 self help guide advanced ldap filters we highly recommend that the websphere advanced ldap security filter settings are checked for the most appropriate values according to your chosen ldap directory server. Failing to corroborate these settings will not only lead to prob...
Page 167
Chapter 5. Websphere portal runtime and services 153 table 5-11 session management settings however, the full implication of reducing the httpsession timeout should be understood. Unlike the ltpatoken timeout setting, which is an absolute timeout value, the httpsession timeout is based on inactivity...
Page 168
154 ibm websphere portal v6 self help guide added support for wmm ldap connection pooling by default, wmm creates a single ldap connection and reuses this connection for all subsequent requests. This is, of course, in addition to the ldap connection established and reused by the underlying websphere...
Page 169
Chapter 5. Websphere portal runtime and services 155 table 5-15 memberofattributename support 5.2.10 portal configuration services tuning as discussed in 5.1.3, “portal services” on page 140, portal functionality is partially achieved through the deployment of a pluggable framework of services. As s...
Page 170
156 ibm websphere portal v6 self help guide access control data management service for improved performance during portal access control lookups, you should avoid using ldap directories configured with nested groups (a group or groups inside a group). If this is the case and your ldap directory is n...
Page 171
Chapter 5. Websphere portal runtime and services 157 caches may also be shared among all users or maintained on an individual user basis. As this can effect the legitimacy of the caches, we do not recommend modifying the sharing scope of any of the default cache instances. Clustered portal environme...
Page 172
158 ibm websphere portal v6 self help guide installations. Table 5-19 shows the default and recommended values for the deployment service. Table 5-19 deployment service consult the information center for additional parameters that can be modified. Navigator service several attributes found under the...
Page 173
Chapter 5. Websphere portal runtime and services 159 table 5-21 portlet container service consult the information center for additional parameters that can be modified. Puma service the options configured under the puma service affect the performance characteristics of the internal puma layer, the f...
Page 174: 5.3 Problem Determination
160 ibm websphere portal v6 self help guide 5.3 problem determination dealing with websphere portal server problems can at first seem a daunting prospect, even to the most accomplished portal administrator. However, with a little knowledge and direction, you can quickly become the master of a situat...
Page 175
Chapter 5. Websphere portal runtime and services 161 refer to appendix a, “using ibm tools to find solutions and promote customer self-help” on page 169 for the tools available to diagnose crashes and hangs. Jvm crashes under normal conditions, java is supposed to catch exceptions and handle them. S...
Page 176
162 ibm websphere portal v6 self help guide refer to the ibm java sdk infocenter for more information about using the dbx utility, found at: http://publib.Boulder.Ibm.Com/infocenter/javasdk/v6r0/index.Jsp?Topic=/com.Ibm.Jav a.Doc.Diagnostics.60/diag/problem_determination/i5os_dbx_sysdump.Html jvm ha...
Page 177
Chapter 5. Websphere portal runtime and services 163 which is owned by: thread "deadlockthread 0" (0x41daad00) which is waiting for: sys_mon_t:0x00039b40 infl_mon_t: 0x00039b80: java/lang/integer@004b22a0/004b22ac: which is owned by: thread "deadlockthread 1" (0x41dab100) the process has become caug...
Page 178
164 ibm websphere portal v6 self help guide login delay. There are a number of components involved with the portal login, such as the database, ldap, wmm configurations, and so on. Portal login is explained in chapter 4, “websphere portal security” on page 85. In our environment, we had ibm webspher...
Page 179
Chapter 5. Websphere portal runtime and services 165 you access the xml configuration interface using a command-line tool. This command-line client is a small separate program that connects to the server using a http/https connection. You can therefore use it remotely. You can use the xml configurat...
Page 180
166 ibm websphere portal v6 self help guide – some vi editors of unix systems cause problems when handling large files. This depends on the implementation of the vi editor. For example, if you use a vi editor to modify an xml script with more than 40.000 lines, parts of the file contents might get t...
Page 181
Chapter 5. Websphere portal runtime and services 167 for more information about some common problems and solutions with the xml access tool, refer to the websphere portal server infocenter at: http://publib.Boulder.Ibm.Com/infocenter/wpdoc/v6r0/index.Jsp?Topic=/com.Ibm.Wp.En t.Doc/wps/adxmltrb.Html ...
Page 182: 5.5 Runtime Monitoring
168 ibm websphere portal v6 self help guide 5.5 runtime monitoring in today’s market, there are probably hundreds of monitoring tools, so finding the right tool for your environment is a huge challenge even before you think about “how to monitor”. So, choosing the right monitoring tool is definitely...
Page 183
© copyright ibm corp. 2008. All rights reserved. 169 appendix a. Using ibm tools to find solutions and promote customer self-help the information in this appendix is intended to be a guide on what tools to install and how to use those tools to best enable and promote customer self-help within your o...
Page 184: Ibm Support Assistant (Isa)
170 ibm websphere portal v6 self help guide ibm support assistant (isa) ibm support assistant (isa) is free and is the ibm premier self-help tool. Isa represents ibm’s strategic direction and continued commitment to improving self-help. Isa is essential to truly enable and promote customer self-help...
Page 185
Appendix a. Using ibm tools to find solutions and promote customer self-help 171 do you wish for advanced, easy-to-use tools designed to diagnose errors? Included in isa is a new tool workbench that provides you with the problem determination tools that ibm support itself uses to resolve issues. Goi...
Page 186
172 ibm websphere portal v6 self help guide figure a-1 isa download page before choosing the install code and beginning the download, there a couple thing to consider. First, you have two options on how to use isa in your websphere portal server environment: local: install isa on the websphere porta...
Page 187
Appendix a. Using ibm tools to find solutions and promote customer self-help 173 second, once you have decided where isa will be installed and running, then you have another decision to make based on the os of the machine that will be running isa: for windows and linux download and install isa v3.1....
Page 188
174 ibm websphere portal v6 self help guide best practices once isa has been installed into your environment, the next step is to obtain the desired product plug-ins so you can begin using the full power of the tool to perform research and investigate problems. As previously mentioned, use the updat...
Page 189
Appendix a. Using ibm tools to find solutions and promote customer self-help 175 next, scroll down and choose the plug-ins listed in figure a-2 on page 174 and click the install button to install the websphere application server and websphere portal server plug-ins. See figure a-3. Figure a-3 instal...
Page 190
176 ibm websphere portal v6 self help guide once the plug-ins are installed, the isa tool will prompt you for a restart. Once isa has been restarted, you can navigate to the updater feature again and click installed plug-ins , and you should see the four plug-ins we just installed. See figure a-4. F...
Page 191
Appendix a. Using ibm tools to find solutions and promote customer self-help 177 service: the service feature can be used to create a pmr through esr, and also provide the ability to automate log collection. Ibm workplace for customer support: if you are using isa v3.1 and you are a premium support ...
Page 192
178 ibm websphere portal v6 self help guide from the results listed in figure a-5, you can investigate further for any known problems to avoid. Figure a-5 search for known problems a typical problem determination scenario may be something like the following. The websphere portal server fails to star...
Page 193
Appendix a. Using ibm tools to find solutions and promote customer self-help 179 in this example, we will search for the error code dsra0010e by entering the error code in the search box and then selecting the scope of the search. Again, we have chosen to search all repositories: ibm software suppor...
Page 194
180 ibm websphere portal v6 self help guide after selecting these search options, click search and wait for isa to populate the results in the left hand pane, as shown in figure a-7. Figure a-7 initial search results as you can see in figure a-7, the search returns items from each repository and lis...
Page 195
Appendix a. Using ibm tools to find solutions and promote customer self-help 181 so at this point, let us see if we can narrow the results. So, we use the same settings, but we further qualify the search with the string “dsra0010e xj004”, as shown in figure a-8. Figure a-8 narrowed search string and...
Page 196
182 ibm websphere portal v6 self help guide for further details about the individual features offered by isa, refer to the document, “the support authority: getting help from the ibm support assistant”. The particularly useful guide can be found at: http://www.Ibm.Com/developerworks/websphere/techjo...
Page 197
Appendix a. Using ibm tools to find solutions and promote customer self-help 183 use case examples - tools the tools feature can be used to access some of the same tooling that ibm level 2 support uses to troubleshoot problems. To gain access to the available tools, you must first install the indivi...
Page 198
184 ibm websphere portal v6 self help guide once the tool plug-in has been installed, the tool will be listed under the tools feature, as shown in figure a-11. Figure a-11 available tools for further details about the individual features offered by isa refer the document, “the support authority: get...
Page 199
Appendix a. Using ibm tools to find solutions and promote customer self-help 185 the approach on how to collect logs depends on how you decided to implement isa into your environment: local: if you installed isa into the same box as the websphere portal server, then you can simply use the isa interf...
Page 200
186 ibm websphere portal v6 self help guide figure a-12 log collection list once the logs are collected, use the login to esr link to launch the esr tool to create a new pmr. During this process, you will be allowed to attach the previous log collection to the pmr. By doing this task, the logs will ...
Page 201
Appendix a. Using ibm tools to find solutions and promote customer self-help 187 the typical scenario for collecting logs through a remote isa using the portable collector would be similar to the following: a problem occurs in the websphere portal server environment. You attempt to use self-help tec...
Page 202
188 ibm websphere portal v6 self help guide figure a-13 create the portable collector once the portable collector has been created and moved to the websphere portal server machine, you simply extract the jar and execute the startcollector script. This script runs in console mode. Simply step through...
Page 203: Ibm Support Site
Appendix a. Using ibm tools to find solutions and promote customer self-help 189 once the logs are local, use the login to esr link to launch the esr tool to create a new pmr. During this process, you will be allowed to attach the log collection to the pmr. By doing this task, the logs will be made ...
Page 204
190 ibm websphere portal v6 self help guide consider the arrangement of information on the support page. The topmost sections of the page begin with a left navigation field, which highlights particular areas of interest, an introductory section, and a right column usually containing general ibm supp...
Page 205
Appendix a. Using ibm tools to find solutions and promote customer self-help 191 from the top, readers will see flashes or news items that have been published and are of critical importance or otherwise should be brought to all visitors’ attention. Examples are shown above, and have also been used t...
Page 206
192 ibm websphere portal v6 self help guide perhaps the single most valuable tool on the support page is the search box. See figure a-16. Figure a-16 the websphere portal product support page’s search box this is the primary input mechanism for finding the answers you need to the questions you might...
Page 207
Appendix a. Using ibm tools to find solutions and promote customer self-help 193 to find the cause, the administrators visits the support page ( http://www.Ibm.Com/software/genservers/portal/support/ ) and enters the message code into the search box. See figure a-17. Figure a-17 text entry into the ...
Page 208
194 ibm websphere portal v6 self help guide the url for our advanced search page is simply: http://www.Ibm.Com/support/advsrch.Wss?Rs=688 the advanced search page for websphere portal can be seen in figure a-20. Figure a-20 advanced search for websphere portal each of the items above is self-explana...
Page 209
Appendix a. Using ibm tools to find solutions and promote customer self-help 195 though originally designed as guidance for directed help for customers opening problem tickets (pmrs), the intrepid do it yourself enthusiast can use these documents to help isolate the problematic area for a variety of...
Page 210
196 ibm websphere portal v6 self help guide other areas covered include installation/configuration, security/administration, content/document management, and portlets/development/customization. Many of the diagnostic collections of data covered in these mustgather documents have also been automated ...
Page 211: Ibm Online Communities
Appendix a. Using ibm tools to find solutions and promote customer self-help 197 overall, the best practice is to take time to familiarize yourself with the resources available on the product support page, especially those discussed above. Gaining experience with the page and how to use it to your a...
Page 212: Ibm Rss Feeds
198 ibm websphere portal v6 self help guide from this page, you can link to the “get started” information for blogs, forums, podcasts, and wikis. Best practices one of the most powerful community resources is the websphere portal server newsgroup and forum. The websphere portal server product team m...
Page 213: Ibm Support Toolbar
Appendix a. Using ibm tools to find solutions and promote customer self-help 199 best practices for best practice approaches to using ibm rss feeds to promote self-help, refer to the following article, “introduction to syndication, (rss) really simple syndication”, found at: http://www.Ibm.Com/devel...
Page 214
200 ibm websphere portal v6 self help guide search button enter the desired search string directly into the text box on the toolbar and then click the search button to search across all of ibm support, or narrow it to a specific product, as shown in figure a-25. Figure a-25 toolbar search button all...
Page 215
Appendix a. Using ibm tools to find solutions and promote customer self-help 201 see figure a-26. Figure a-26 toolbar all support button websphere button the websphere button allows quick access to product specific support tools, including: quick access to product specific software and support pages...
Page 216: Ibm Education Assistant
202 ibm websphere portal v6 self help guide see figure a-27. Figure a-27 toolbar websphere button ibm education assistant the ibm education assistant is a tool designed to provide guidance and instruction for various tasks or procedures. How does the ibm education assistant help ibm education assist...
Page 217
Appendix a. Using ibm tools to find solutions and promote customer self-help 203 how can i access the ibm education assistant the ibm education assistant software page can be found at the following link: http://www-306.Ibm.Com/software/info/education/assistant/ from this page, you can link to conten...
Page 218
204 ibm websphere portal v6 self help guide the ibm education assistant is always being updated with new content, so check back regularly to see if any new content is available. From the main page, click the lotus software link to access the websphere portal server specific content. See figure a-29....
Page 219
Appendix a. Using ibm tools to find solutions and promote customer self-help 205 how does the ibm guided activity assistant help the ibm guided activity assistant aims to help you answer the following questions: what should i do next? What diagnostic data should i analyze? What tool should i use to ...
Page 220
206 ibm websphere portal v6 self help guide to launch igaa, open isa and go to the tools feature and select the ibm guided activity assistant (igaa) tool. See figure a-30. Figure a-30 access ibm guided activity assistant via ibm support assistant best practices the most complete documentation on iga...
Page 221: Maintenance: Fix Strategy,
© copyright ibm corp. 2008. All rights reserved. 207 appendix b. Maintenance: fix strategy, backup strategy, and migration strategy this appendix discusses best practice approaches and procedures used during the maintenance phase of a websphere portal deployment. B.
Page 222: Backup Strategy
208 ibm websphere portal v6 self help guide backup strategy a complete and thoroughly tested backup and recovery procedure is essential for any production environment. Websphere portal server is no different. You should develop complete disaster recovery strategies and approaches and test those proc...
Page 223
Appendix b. Maintenance: fix strategy, backup strategy, and migration strategy 209 our approach to backup we recommend the following approach to backup: 1. Determine the time of day when the maintenance window takes place, preferably when the load on the cluster is the lowest. 2. Based on your envir...
Page 224
210 ibm websphere portal v6 self help guide 10.Start the individual portal application servers on nodes 1 through 5 through the deployment manager administrative console. 11.Stop the individual portal application servers on nodes 6 through 10 using the deployment manager administrative console. 12.S...
Page 225: Fix Strategy
Appendix b. Maintenance: fix strategy, backup strategy, and migration strategy 211 – make a copy after every major configuration (database server, ldap server, web server, and so on). – if all else fails, you can restore from the cloudscape based backup, replace the default wpconfig.Properties file,...
Page 226
212 ibm websphere portal v6 self help guide refresh pack a package that may include new features and fixes, such as v6.0.1. Refresh packs are cumulative, so v6.0.2* would include features and fixes contained in v6.0.1, as well as any subsequent fix packs and interim fixes published for v6.0.1. Refre...
Page 227
Appendix b. Maintenance: fix strategy, backup strategy, and migration strategy 213 this section describes two different approaches to help you avoid problems (maintenance) and correct or prevent problems (fix) in your environment. Overview of the maintenance strategy among the most beneficial action...
Page 228
214 ibm websphere portal v6 self help guide environment, as covered in the topic “performing upgrades in a 24x7 environment.” this document can be found at: http://publib.Boulder.Ibm.Com/infocenter/wpdoc/v6r0/index.Jsp?Topic=/com.Ibm.Wp.En t.Doc/wpf/clus_upgrade.Html our approach to maintenance a we...
Page 229
Appendix b. Maintenance: fix strategy, backup strategy, and migration strategy 215 releases. It is very important to monitor the system as well as the product support page for any late-breaking news regarding the mdv during this qa period. Refer to the mdv’s readme, release notes, and any subsequent...
Page 230
216 ibm websphere portal v6 self help guide websphere portal also ships with a variety of portlets available and installed for your use, if desired. Most of these portlets will make their updates available from the ibm websphere portal business solutions catalog found at: http://catalog.Lotus.Com/wp...
Page 231
Appendix b. Maintenance: fix strategy, backup strategy, and migration strategy 217 table b-2 distribution channels by fix type when a fix is needed to correct a problem you have encountered, it rarely happens at a good time. Ibm continues to invest resources into ensuring that such a fix is well tes...
Page 232
218 ibm websphere portal v6 self help guide some additional best practices operate your production environment on as recent a service release as possible, and keep a mirror of your production environment available for testing upgrades and interim fixes before applying them to production. Never “test...
Page 233: Migration Strategy
Appendix b. Maintenance: fix strategy, backup strategy, and migration strategy 219 with these directions in mind, it is a best practice to keep your application server (and process server, if in use) at the current fix levels, as well as your portal. Be sure to check for any specific recommendations...
Page 234
220 ibm websphere portal v6 self help guide access control user customization virtual portals markups global settings portal resources workplace web content manager content and components document manager content personalization rules credential vault slots the migration process first collects the f...
Page 235
Appendix b. Maintenance: fix strategy, backup strategy, and migration strategy 221 before beginning the migration, test that you can access and run the server, but do not make any customization to the websphere portal server at this time. The only apps that should be installed by you before migratio...
Page 236
222 ibm websphere portal v6 self help guide the migrationtrace.Log file contains a running list of each sub-task that the migration has run along with the time stamp that it occurred. This is helpful when mapping an error in either the websphere portal server log (systemout.Log) or the migrationmess...
Page 237
Appendix b. Maintenance: fix strategy, backup strategy, and migration strategy 223 not possible in ibm websphere portal v6.0 and above. You will need to remove the offending acl from the source portal and rerun the export and restart the import. Missing users from the ldap if users have been removed...
Page 238
224 ibm websphere portal v6 self help guide after locating the error code in the logs that caused the migration to stop, if the error itself does not have a recommendation to resolve the issue, the next place to check is the websphere portal server support web site. Here you can enter the error code...
Page 239: Related Publications
© copyright ibm corp. 2008. All rights reserved. 225 related publications the publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this paper. Ibm redbooks publications for information about ordering these publications, see ...
Page 240
226 ibm websphere portal v6 self help guide.
Page 242: Red
® redp-4339-00 international technical support organization building technical information based on practical experience ibm redbooks are developed by the ibm international technical support organization. Experts from ibm, customers and partners from around the world create timely technical informat...