Teamcenter 10.1

Web Application Deployment Guide

Publication Number PLM00015 J Proprietary and restricted rights notice

This software and related documentation are proprietary to Siemens Product Lifecycle Management Software Inc. © 2013 Siemens Product Lifecycle Management Software Inc. All Rights Reserved. Siemens and the Siemens logo are registered trademarks of Siemens AG. Teamcenter is a trademark or registered trademark of Siemens Product Lifecycle Management Software Inc. or its subsidiaries in the United States and in other countries. All other trademarks, registered trademarks, or service marks belong to their respective holders.

2 Web Application Deployment Guide PLM00015 J Contents

Proprietary and restricted rights notice ...... 2

Getting started deploying Web applications ...... 1-1 Deployment considerations ...... 1-1 Before you begin ...... 1-2 Teamcenter Web application deployment interface ...... 1-2 Determining your requirements ...... 1-2 Basic concepts of Teamcenter Web application deployment ...... 1-3

Teamcenter Web application deployment ...... 2-1 Teamcenter Web application deployment ...... 2-1 Basic deployment ...... 2-1 Basic deployment with front-end HTTP (Web) server ...... 2-7 Clustered deployment with front-end HTTP server ...... 2-25 Deploying clustered with front-end load-balanced HTTP servers ...... 2-31

Global Services Web application deployment ...... 3-1 Global Services Web application deployment ...... 3-1

Teamcenter client communication system and proxy server configuration ...... A-1 Teamcenter client communication system and proxy server configuration . . . . A-1 Reverse proxy servers ...... A-4 Enabling File Management System (FMS) URL path extensions ...... A-4 FMS server cache (FSC) SSL client credentials (two-way SSL) ...... A-4 File Management System (FMS), reverse proxy, and two-way SSL configuration details ...... A-5 Configuring Kerberos authentication on the Web tier ...... A-15

Troubleshooting four-tier architecture deployment ...... B-1

Glossary ...... C-1

Index ...... Index-1

Figures

HSE deployment configuration ...... 1-4 H-SE deployment configuration ...... 1-5 H-SE* deployment configuration ...... 1-6 H*-SE* deployment configuration ...... 1-7

PLM00015 J Web Application Deployment Guide 3 Contents

Teamcenter client communication system architecture ...... A-2

4 Web Application Deployment Guide PLM00015 J Chapter 1 Getting started deploying Web applications

Deployment considerations ...... 1-1

Before you begin ...... 1-2

Teamcenter Web application deployment interface ...... 1-2

Determining your requirements ...... 1-2

Basic concepts of Teamcenter Web application deployment ...... 1-3

PLM00015 J Web Application Deployment Guide

Chapter 1 Getting started deploying Web applications

Deployment considerations Deployment of your Teamcenter Web applications is an important step in setting up your Teamcenter environment. How you deploy the Web application is determined by how you intend to use Teamcenter and can affect the application’s performance. 1. Consider the high-level requirements of your deployment. For more information about high-level requirements, see Determining your requirements.

2. Review the different supported deployment configurations to determine which is best for your enterprise. For descriptions of the supported configurations, see Basic concepts of Teamcenter Web application deployment.

3. Determine your application server. The application server you use may impact your deployment configuration. Not all configurations are supported for all application servers. For information about the supported configurations for Teamcenter Web applications, see Teamcenter Web application deployment. Global Services Web applications are supported for basic deployments only. For the information about the versions of application servers certified for your platform, see the Siemens PLM Software Certification Database:

http://support.industrysoftware.automation.siemens.com/ certification/teamcenter.shtml

Note Siemens PLM Software certifies third-party software applications with the latest patches available when the certification testing is performed. If you encounter problems deploying a Teamcenter Web application, ensure that you have installed the latest patches for your application server.

Teamcenter and Global Services Web applications support IPv6 for Web tier communications for the following application servers: • JBoss 7.1

• WebSphere 8.5

PLM00015 J Web Application Deployment Guide 1-1 Chapter 1 Getting started deploying Web applications

• WebLogic 12c Note Support for IPv6 requires a dual stack application server host and a dual stack Teamcenter server host. For information about supporting IPv6 and dual stack networks on you application server hose, see your Windows, UNIX, or Linux server documentation.

Before you begin

Prerequisites You must have administrator privileges to use the application servers administration tools. You must have performed Web application installation as described in the appropriate Teamcenter server installation guides (for Windows or UNIX/Linux). Enable a Web The Web tier application is enabled by deploying it in the application application server and, depending on your configuration, its associated proxy component in the Web server. Configure a Web Teamcenter Web applications are configured during installation application and in the application server after deployment. Start a Once your Teamcenter Web Application is deployed, it is Teamcenter Web running. If you need to stop, start, or restart the application at application a later time, you must use the application server administration tools to perform these actions.

Teamcenter Web application deployment interface The application server administration tools provide the interface for deploying your Web application.

Determining your requirements How you configure your servers that run your Teamcenter Web tier application depends on your enterprise requirements for scalability (concurrent users and processes) and data availability (server fail over). An HTTP front-end cluster provides better performance for static Web content. Clustering application servers provides better performance for dynamic content and ensures availability because the Teamcenter application has multiple instances that allow a particular application server to fail without causing the Teamcenter data to be inaccessible. To determine the best configuration for your installation you must be familiar with the installation, use, and performance tuning of the servers you choose for deploying the Web tier application. For information about server performance, see the documentation provided with your server and the System Administration Guide. Does your environment require IPv6 support? This requirement determines the application servers that you can choose for your deployment.

1-2 Web Application Deployment Guide PLM00015 J Getting started deploying Web applications

Basic concepts of Teamcenter Web application deployment You should understand the following terms.

Term Definition Basic deployment Basic deployment on an enterprise (J2EE) application (HSE) server. The HTTP Web server (H), servlet container (S), and enterprise Java™ bean (EJB) container (E) are all provided on the same platform as part of the same process. The Teamcenter Web tier application (EAR file bundling the WAR file) is deployed on a J2EE application server that has a built-in HTTP listener, such as JBoss Application Server, Oracle WebLogic Server, and IBM WebSphere Application Server. Deploying a separate HTTP Web server to listen to the incoming request is not required. Basic deployment A stand-alone HTTP Web server is configured as the with front-end HTTP front-end to a J2EE application server. Web server (H-SE) Clustered A stand-alone HTTP Web server is configured with a cluster deployment with of Web application server instances. The HTTP Web server front-end HTTP Web routes requests to a cluster of J2EE application servers. The server (H-SE*) Teamcenter Web tier application (EAR file bundling the WAR file) is deployed in each application server instance in the cluster. Clustered Multiple HTTP Web server instances are configured with deployment a load balancer and a cluster of J2EE application server with front-end, instances. A load balancer in front of the HTTP Web servers load-balanced balances the load for incoming requests and HTTP Web HTTP Web servers servers route that request to the cluster of application (H*-SE*) servers. In this configuration, the Teamcenter Web tier application (EAR file bundling the WAR file) is deployed in each application server instance in the cluster. Typically, HTTP Web servers must be configured for this type of distributed environment. Enterprise archive An enterprise application that requires a J2EE application (EAR) server. Network load HTTP Web servers are configured to allow each HTTP Web balancing (NLB) server in the load balanced cluster (see Web server farm) to respond to a virtual IP address. Requests to this virtual IP are intercepted and routed to a machine running one of the Web servers in the cluster. Web archive (WAR) A Web application that requires an HTTP Web server and servlet engine.

PLM00015 J Web Application Deployment Guide 1-3 Chapter 1 Getting started deploying Web applications

Term Definition Web server farm Multiple HTTP Web servers are configured as self contained (redundant) servers in a cluster. The Web servers serve a single IP address that allows any of the servers that are available to handle a request the address. This provides improved performance and reliability.

The following figures show each of the deployment configurations for Teamcenter Web tier applications. r r r e e e t t t r r r r n n n l e e e e e e e o v v v v c c c r r r r o e e e e P m m m S S S S a a a

e e e

T T T

s s e c c A s s e c c A

a t a D e h c a C a t a D e h c a C e h r r c r r e e a l l e e g g o o C v v a a

r r o o n n e e e P P a a e S S r M M T a t a s s D

e e c h c c y A r a a C d n u o r e B B t

J p s E a / s e d P e c A

S c n J e a o

t c , r t r s E e u P l n

I o S v r r s o H e e j S R a / M r / e r n e v e t r s e i S L P T T H t n t e i n l t e i C n l

e i C l

C

HSE deployment configuration

1-4 Web Application Deployment Guide PLM00015 J Getting started deploying Web applications r r r e e e t t t r r r r n n n l e e e e e e e o v v v v c c c r r r r o e e e e P m m m S S S S a a a

e e e

T T T

s s e c c A s s e c c A

a t a D e h c a C a t a D e h c a C e h c a r r r r e e C l l

e e g g o o e v v a a r r o o e a n n r e e t P P a a T a S S s M M s D

e e c h c c A a y r C a d n r u e B t o J p E B a /

e d P s c A

S s n J e a e

t c , E t c r s e u o l S n I r o v r s P e e

r S R / o j a M r H n e i v l g l r u a l e P w S

e y r P i x T Z F o r T M P H D t n t e i n l t e i C n l

e i C l

C

H-SE deployment configuration

PLM00015 J Web Application Deployment Guide 1-5 Chapter 1 Getting started deploying Web applications r r r e e e t t t r r r n n n r e e e e e e l e v v v c c c o r r r v r o e e e m m m e P S S S a a a S

e e e

T T T

s s e c c A s s e c c A

a t a D e h c a C a t a D e h c a C e h r r c r r e e a l l e e g g o o C v v a a

r r o o n n e e e P P a a e a S S t r M M a T s s D

e e c h c c A a y C r a d r r r n e e e B B B u t t t J J J p p p o E E E a a a / / / B e e e d d d

P P P c c c A A A s

S S S n n n * s J J J e e e a a a ]

t t t c c c , , , e t t t r r r s s s E c e e e u u u l l l n n n S I I I o o o o v v v [ r r r r s s s e e e e e e P

S S S R R R r / / / o j a M * H r n e i v g r l u e l l S P a

y P Z w x T e o T r r M i P H F D t n t e i n l t e i C n l

e i C l

C

H-SE* deployment configuration

1-6 Web Application Deployment Guide PLM00015 J Getting started deploying Web applications r r r e e e t t t r r r n n n r e e e e e e l e v v v c c c o r r r v r o e e e m m m e P S S S a a a S

e e e

T T T

s s e c c A s s e c c A

a t a D e h c a C a t a D e h c a C e h r r c r r e e a l l e e g g o o C v v a a

r r o o n n e e e P P a a e S S a r t M M T a s s D

e e c h c c A a C r r r e e e B B B t t t J J J y p p p r E E E a a a / / / a e e e d d d P P P c c c d A A A

S S S n n n * n J J J e e e a a a ]

t t t u c c c , , , t t t r r r s s s E o e e e u u u l l l n n n S I I I o o o B v v v [

r r r s s s s e e e e e e s S S S R R R / / / e c o r P

r o j a * M H r r r n n n e e e i i i v v v g g g r r r u u u e e e l l l S S S P P P

y y y P P P x x x T T T o o o T T T r r r P P P H H H l l r a e w c d e Z n r a i a o l F M L a D B t n t e i n l t e i C n l

e i C l

C

H*-SE* deployment configuration

PLM00015 J Web Application Deployment Guide 1-7

Chapter 2 Teamcenter Web application deployment

Teamcenter Web application deployment ...... 2-1

Basic deployment ...... 2-1 Deploy on JBoss application server (HSE) ...... 2-2 Deploy on WebSphere application server ...... 2-4 Provide isolation for multiple HTTP sessions ...... 2-6 Deploy on WebLogic application server (HSE) ...... 2-6

Basic deployment with front-end HTTP (Web) server ...... 2-7 Deploying on JBoss application server with IIS front end (H-SE) ...... 2-7 Deploy the Teamcenter Web application ...... 2-7 Install and configure the Tomcat ISAPI Redirector ...... 2-9 Install and configure the Tomcat ISAPI Redirector on Windows Server 2008 ...... 2-12 Configure Microsoft Internet Information Services ...... 2-14 Configure Microsoft Internet Information Services on Windows Server 2008 ...... 2-15 Deploy on WebSphere application server (H-SE) ...... 2-16 Deploy on WebSphere application server ...... 2-16 Configure the HTTP Web server ...... 2-19 Provide isolation for multiple HTTP sessions ...... 2-19 Deploy on WebLogic application server/Apache HTTP server (H-SE) . . . . . 2-20 Deploy the Teamcenter Web application ...... 2-20 Configure the Apache HTTP server ...... 2-21 Deploy on WebLogic application server/WebLogic Express server (H-SE) . . 2-21 Deploy the Teamcenter Web application ...... 2-21 Deploy the Teamcenter proxy application ...... 2-22 Deploy on WebLogic server/Internet Information Server (IIS) 7 ...... 2-22 Deploy the Teamcenter Web application ...... 2-23 Configure Microsoft Internet Information Services 7 ...... 2-23

Clustered deployment with front-end HTTP server ...... 2-25 Override TreeCache settings ...... 2-25 Deploying on WebLogic application server/WebLogic Express Web server (H-SE*) ...... 2-26 Deploy the Teamcenter Web application ...... 2-26 Configure WebLogic Express as the front-end Web server for a cluster ...... 2-27 Deploying on WebLogic server/Apache Web server (H-SE*) ...... 2-29 Deploy the Teamcenter Web application ...... 2-30

PLM00015 J Web Application Deployment Guide Configure Apache HTTP (Web) server as the listener for a cluster . . . . 2-31 Deploy WebSphere application server cluster with HTTP (Web) server . . . . 2-31

Deploying clustered with front-end load-balanced HTTP servers ...... 2-31 Configure Microsoft IIS load balancing ...... 2-32

Web Application Deployment Guide PLM00015 J Chapter 2 Teamcenter Web application deployment

Teamcenter Web application deployment All of the deployment procedures assume that you have installed your application server per the instructions provided with the application server and that you have created the required Teamcenter Web applications (EAR and, if required, WAR files) as described in the appropriate Teamcenter server installation guide (for Windows or UNIX/Linux). Teamcenter Web tier applications require a four-tier Teamcenter environment. After you deploy your Web tier application, you must start the Teamcenter Server Manager before you can use the thin client. For information about starting the Teamcenter Server Manager, see the System Administration Guide. Caution You may get an error message, similar to the following, that appears in the Java output and is identified in the hs_err_* file as an error in a compiler thread. # # An unexpected error has been detected by HotSpot Virtual Machine: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6da225d6, pid=6472, tid=4916 # # Java VM: Java HotSpot(TM) Server VM (1.5.0_05-b05 mixed mode) # Problematic frame: # V [jvm.dll+0x1e25d6] # # An error report file with more information is saved as hs_err_pid6472.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp #

This is a known issue with certain versions of JVM. For more information about this error and workarounds for this problem, see Troubleshooting four-tier architecture deployment.

Note These procedures use a slash character as the directory path delimiter except in procedures that are specific to Windows systems.

Basic deployment These basic deployments procedures provide instructions for deploying the Teamcenter Web tier application (EAR file bundling a WAR file) in selected configurations on selected J2EE application servers.

PLM00015 J Web Application Deployment Guide 2-1 Chapter 2 Teamcenter Web application deployment

Note For information about versions of operating systems, third-party software, Teamcenter software, and system hardware certified for your platform, see the Siemens PLM Software Certification Database: http://support.industrysoftware.automation.siemens.com/ certification/teamcenter.shtml Instructions for enabling secure socket layer (SSL) on an application server are provided in the application server documentation. For more information, see the vendor documentation for the following application servers: • JBoss • WebSphere • WebLogic

Note If you use SSL with your Teamcenter Web tier application, you must set the WEB_protocol thin client preference in Teamcenter to https://. For information about using Teamcenter preferences, see the Rich Client Interface Guide.

Deploy on JBoss application server (HSE) Caution Recent versions of JBoss configure the Java virtual machine (JVM) to prefer the IPv4 stack. This can cause socket errors when the server manager starts due to a mismatch in protocols between the Web tier and server manager hosts. For more information, see Troubleshooting four-tier architecture deployment.

Note This procedure assumes that you downloaded and installed the JBoss 7.1.0 final version and you are using the stand-alone server location for deploying your Teamcenter Web application.

1. Copy the Teamcenter EAR (by default, tc.ear) file to the following directory:

jboss-as-7.1.0.Final standalone deployments

2. Define JMX as a global module. a. Expand the configurations directory and open the standalone. file.

jboss-as-7.1.0.Final standalone configuration

b. Locate the subsystem element for the urn:jboss:domain subsystem, and add the following global-modules element content:

2-2 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

Locate the deployment-scanner element and add the deployment-timeout attribute with a value of 600 as follows:

c. If you require IPv6 support, locate the interface element for the public interface and modify its contents as follows:

3. Define a dependency to allow the JBoss connector module to use JMX MBeans. a. Expand the main directory and open the module.xml file.

jboss-as-7.1.0.Final modules org jboss as connector main

b. Locate the dependencies element, and add the following module element:

4. To allow the Teamcenter Web application to listen to nonloopback addresses, configure JBoss using the information in the JBoss documentation: https://docs.jboss.org/author/display/AS71/Management+tasks

Tip Check Command line parameters and Interfaces and ports in the JBoss documentation.

5. If you require IPv6 support, open the standalone_conf script file in your JBoss installation bin directory and add the following settings:

-Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=false

PLM00015 J Web Application Deployment Guide 2-3 Chapter 2 Teamcenter Web application deployment

6. Open a command shell and ensure you have defined the JAVA_HOME environment variable, and set it to the location of your Java installation. The Teamcenter Web application requires Java 1.7.

7. Start the server by typing standalone (standalone.sh on UNIX) -b host-name in the command shell. Note You must start the application server instance with the bind option to enable connections from clients running on a host different from the application server host. The simplest way to do this is to start the server with the -b host-name option. Substitute the host name or IP address of the local host for host-name. However, this has some security implications. For information about JBoss security, see the JBoss documentation at: http://www.jboss.org/community/docs/DOC-12188

Note If the Web tier encounters errors obtaining JCA connections under peak activity, increase the Max_Pool_Size context parameter value for your Teamcenter Web application. For information about changing this context parameter value, see Troubleshooting four-tier architecture deployment.

Deploy on WebSphere application server This procedure deploys one instance of WebSphere Application Server hosting the Teamcenter Web tier application (EAR file bundling WAR file): For more information, see the complete WebSphere documentation: http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss? PAG=C11&SSN=12HFE0003463254433&TRL=TXT&WRD=WebSphere+ Application+Server+v8&PBL=&LST=ALL&RPP=10&submit=Go 1. Install the WebSphere application server by itself on a single machine. This enables the internal HTTP transport train suitable for handling a low level of Web requests. For information, see the WebSphere application server documentation:

http://www.redbooks.ibm.com/redbooks/SG247971/wwhelp/wwhimpl/java/html/ wwhelp.htm

2. Start the WebSphere integrated solutions console. For more information about the console, see the WebSphere documentation.

3. In the navigation tree, expand Applications and click Install New Application.

4. In the Preparing for the application installation pane, type the path to, or browse to, the location of the Teamcenter Web tier EAR file in the Full path box. Select Prompt me only when additional information is required and click Next.

5. Accept the default Select installed options for enterprise applications and modules and click Next.

2-4 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

6. In the Map modules to servers pane, if you have multiple server instances, select the check boxes for all modules and map them to the same server instance. Click Next again.

7. In the summary pane, click Finish. Wait for WebSphere to complete the application deployment.

8. When WebSphere displays a message indicating the application deployed successfully, scroll to the bottom of the page and click Manage Applications.

9. In the Enterprise Application pane, click the Teamcenter application name.

10. In the Configuration page, click the Teamcenter application name.

11. Click Manage Modules under Modules.

12. Click JETIResourceAdapter in the Module column.

13. Click Resource Adapter under Additional Properties.

14. Click J2C connection factories under Additional Properties.

15. Click com.teamcenter.jeti.resourceadapter.spi.IJetiConnectionFactory in the Name column.

16. Type jca/enterprise-app-reg-id/Adapter in the JNDI name box and click Apply.

Note The value that was assigned to the Enterprise Application Registration ID context parameter for the Teamcenter Web tier application is what you enter for enterprise-app-reg-id in this step. The default value is JETI. If you intend to deploy multiple EAR file instances in the same WebSphere instance, this value must be different for each deployment.

17. Click Connection pool properties under Additional Properties.

18. Type 500 in the Maximum connections box and 0 in the Minimum connections box.

Note The Maximum connections value constrains the number of concurrently executing tcserver requests. Each client has an executing request for a small percentage of its duration. Therefore, this number can be significantly smaller than the number of concurrent users or clients. If the Web tier encounters errors obtaining JCA connections during peak activity, increase the Maximum connections value.

19. Click Apply, scroll to the top of the page, and click Save. Your application is now deployed and can be started.

20. In the Enterprise Applications pane, select the Teamcenter Web application check box and click Start.

PLM00015 J Web Application Deployment Guide 2-5 Chapter 2 Teamcenter Web application deployment

Provide isolation for multiple HTTP sessions If you deploy multiple applications in the same application server instance, HTTP session cookies may be overwritten by browsers connecting to different applications. To avoid this, configure the application server to provide separate cookie paths: 1. Log on to the Integrated Solution Console, expand Applications in the navigation tree, and click Enterprise Applications.

2. In the Enterprise Applications pane, click the Teamcenter application link.

3. Click Session Management under Web Modules Properties.

4. Click Override session Management under General Properties.

5. Click the Enable cookies link and type a slash (/) followed by the Teamcenter Web application name. For example, if you use the default Web application name, type /tc.

Deploy on WebLogic application server (HSE)

This procedure deploys one instance of an Oracle WebLogic Server hosting the Teamcenter Web tier application (EAR file bundling WAR file). Caution If you do not deploy your Teamcenter Web application in a domain by itself, the client-side session cookie can be overwritten by the other applications in the domain. For information about preventing this, see Troubleshooting four-tier architecture deployment.

1. Start the WebLogic server administration console. For information about the console, see the WebLogic server documentation:

http://docs.oracle.com/cd/E21764_01/apirefs.1111/e13952/core/index.html

2. In the left pane, click Deployments.

3. In the right pane, click Install.

4. In the Install Application Assistant, click Browse next to the Deployment Archive box and navigate to the location of the Teamcenter Web tier application (tc.ear by default) and click Next.

5. Accept the default Install this deployment as an application option and click Next.

6. Click Finish to accept all the default settings and then click Save.

7. Click Deployments and select the Teamcenter Web tier application check box.

8. Ensure the application State indicates Active and the Health indicates OK. If not, click Start, select Servicing all requests, and click Yes in the Start Deployments dialog box.

2-6 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

Note If the Web tier encounters errors obtaining JCA connections during peak activity, increase the Max_Pool_Size context parameter value for your Teamcenter Web application. For information about changing this context parameter value, see Troubleshooting four-tier architecture deployment. If WebLogic reports an error (BEA-000402) due to more active sockets than socket readers, add the -Dweblogic.ThreadPoolSize=100 parameter when starting the application server.

Basic deployment with front-end HTTP (Web) server Each of the supported applications servers can be configured to use a front-end HTTP server. The HTTP servers that you can use vary according to the application server you are using.

Deploying on JBoss application server with IIS front end (H-SE)

This procedure: • Deploys the Teamcenter Web tier application (EAR file bundling the WAR file) on the JBoss Application Server

• Installs and configures the Tomcat ISAPI Redirector on a Windows Server or Windows Server 2008.

• Configures the Microsoft Internet Information Services (IIS) as the front-end listener (Web server) on a Microsoft Windows Server host or a Windows Server 2008 host. Note As a precondition, the ISAPI Extensions feature of the IIS Application must be activated to allow integration with the Tomcat ISAPI redirector.

Deploy the Teamcenter Web application Caution Recent versions of JBoss configure the Java virtual machine (JVM) to prefer the IPv4 stack. This can cause socket errors when the server manager starts due to a mismatch in protocols between the Web tier and server manager hosts. For more information, see Troubleshooting four-tier architecture deployment.

Note This procedure assumes that you downloaded and installed the JBoss 7.1.0 final version and you are using the stand-alone server location for deploying your Teamcenter Web application.

1. Copy the Teamcenter EAR (by default, tc.ear) file to the following directory:

jboss-as-7.1.0.Final standalone

PLM00015 J Web Application Deployment Guide 2-7 Chapter 2 Teamcenter Web application deployment

deployments

2. Define JMX as a global module. a. Expand the configurations directory and open the standalone.xml file.

jboss-as-7.1.0.Final standalone configuration

b. Locate the subsystem element for the urn:jboss:domain subsystem, and add the following global-modules element content: Locate the deployment-scanner element and add the deployment-timeout attribute with a value of 600 as follows:

c. If you require IPv6 support, locate the interface element for the public interface and modify its contents as follows:

3. Microsoft IIS uses the AJP 1.3 protocol to forward requests to JBoss. If the default port for the AJP 1.3 protocol (8009) is not available on your host running JBoss, update the port number in the following element in the JBoss-installation/standalone/ /configuration/standalone.xml file: Record this value for use when you configure the redirector.

4. Define a dependency to allow the JBoss connector module to use JMX MBeans. a. Expand the main directory and open the module.xml file.

jboss-as-7.1.0.Final modules org jboss

2-8 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

as connector main

b. Locate the dependencies element, and add the following module element:

5. To allow the Teamcenter Web application to listen to nonloopback addresses, configure JBoss using the information in the JBoss documentation: https://docs.jboss.org/author/display/AS71/Management+tasks Tip Check Command line parameters and Interfaces and ports in the JBoss documentation.

6. If you require IPv6 support, open the standalone_conf script file in your JBoss installation bin directory and add the following settings: -Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=false

7. Open a command shell and ensure you have defined the JAVA_HOME environment variable, and set it to the location of your Java installation. The Teamcenter Web application requires Java 1.7.

8. Start the server by typing standalone (standalone.sh on UNIX) -b host-name in the command shell. Note You must start the application server instance with the bind option to enable connections from clients running on a host different from the application server host. The simplest way to do this is to start the server with the -b host-name option. Substitute the host name or IP address of the local host for host-name. However, this has some security implications. For information about JBoss security, see the JBoss documentation at: http://www.jboss.org/community/docs/DOC-12188

Note If the Web tier encounters errors obtaining JCA connections under peak activity, increase the Max_Pool_Size context parameter value for your Teamcenter Web application. For information about changing this context parameter value, see Troubleshooting four-tier architecture deployment.

Install and configure the Tomcat ISAPI Redirector You must install the Tomcat ISAPI Redirector and configure the Windows registry for the redirector. If you are installing on a Windows Server 2008 host, you must install the redirector as described in Install and configure the Tomcat ISAPI Redirector on Windows Server 2008. You must also create the workers.properties and uriworkermap.properties files for the redirector.

PLM00015 J Web Application Deployment Guide 2-9 Chapter 2 Teamcenter Web application deployment

For additional information about the settings in these files, see the Tomcat documentation: http://tomcat.apache.org/connectors-doc/ 1. Create a directory (for example, iis75-jboss7) for the redirector in a location accessible to Microsoft IIS that contains the following directories: • bin • conf • log • wwwroot

2. Download the ISAPI Redirector from a mirror site for the Web site: http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/ Note • Only the DLL file (isapi_redirector–1.2.35 .dll or later version) is required.

• Record the name and location of the Tomcat ISAPI Redirector installation directory for later use.

• Download the 32-bit or 64-bit redirector as appropriate for your host.

3. Configure Windows registry settings on the host where IIS and ISAPI Redirector are installed. a. In the ISAPI Redirector installation directory, create a file with a .reg extension. The name of this file is discretionary (isapi_redirector.reg is recommended).

b. Add the following contents to the .reg file: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\ Jakarta Isapi Redirector\1.0] "extension_uri"="/jakarta/isapi_redirect.dll" "log_file"="D:\\iis75–jboss7\\logs\\jk_iis.log" "log_level"="debug" "worker_file"="D:\\iis75–jboss7\\workers.properties" "worker_mount_file"="D:\\iis75–jboss7\\uriworkermap.properties" "uri_select"="unparsed" Siemens PLM Software recommends that you use debug for the log_level entry when you initially configure the redirector to get all messages. You can change this after you have tested your installation and determined that it is working properly. The following table provides a brief description of these entries:

Name Description extension_uri Represents the IIS virtual directory including the ISAPI Redirector file. log_file Defines the name and location of the ISAPI Redirector log file. log_level Defines the level of debug messages written to the ISAPI Redirector log file. Valid values are debug, info, error, and emerg.

2-10 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

Name Description worker_file Defines the location of the ISAPI redirector worker.properties file. worker_mount_file Defines the location of the ISAPI redirector uriworkermap.properties file.

For more information about these registry settings, see the Apache Tomcat Connector – Reference Guide:

http://tomcat.apache.org/connectors-doc/reference/iis.html

c. Change the following lines in the .reg file to reflect your directory settings: A. For log_file, enter the location of the logs directory you created and the name of the log file. The log file itself is created later by the ISAPI Redirector.

B. For worker_file, enter a location for the worker definition file. It is recommended that you create this file in the directory where you installed the Tomcat ISAPI Redirector. You create this file later.

C. For the worker_mount_file, enter a location for the worker-URI map file. You create this file later.

D. For the extension_uri, enter tomcat.

d. In the ISAPI Redirector installation directory, right-click the isapi_redirector.reg file and choose Merge.

e. After receiving a confirmation message from Windows, check the ISAPI Redirector settings using the Microsoft Registry Editor program (regedit.exe) to ensure the registry settings are correct. For information about using the Microsoft Registry Editor, see the Microsoft Windows online help.

4. Create a text file with contents similar to the following: # Define node1 (one node required for H_SE) worker.list=node1 worker.node1.port=8009 worker.node1.host=host-name1 worker.node1.type=ajp13

The default port is 8009. If you changed this AJP port number in JBoss configuration when you configured the Tomcat ISAPI Redirector, use that value. The host-name value is the host where you run JBoss.

5. Save the file as workers.properties in the directory you defined for it in the registry file.

6. Create a text file with contents similar to the following: # Send all /tc requests to node1 /tc/*=node1

PLM00015 J Web Application Deployment Guide 2-11 Chapter 2 Teamcenter Web application deployment

Replace tc with the name of your Teamcenter Web application (tc by default). This configures the redirector to forward all requests with the /tc/* signature to node1.

7. Save the file as uriworkermap.properties. Save this file in the same directory as the workers.properties file.

Install and configure the Tomcat ISAPI Redirector on Windows Server 2008 You must install the Tomcat ISAPI Redirector and configure the Windows registry for the redirector. You must also create the workers.properties and uriworkermap.properties files for the redirector. For additional information about the settings in these files, see the Tomcat documentation: http://tomcat.apache.org/connectors-doc/ 1. Create a directory (for example, iis75-jboss7) for the redirector in a location accessible to Microsoft IIS that contains the following directories: • bin • conf • log • wwwroot

2. Download the ISAPI Redirector from a mirror site for the Apache Tomcat Web site: http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/ Note • For 64-bit operating systems, download the AMD 64-bit redirector not the Itanium 64-bit redirector.

• Only the DLL (isapi_redirector-1.2.35 .dll or later version) file is required.

• Record the name and location of the Tomcat ISAPI Redirector installation directory for later use.

Rename the downloaded file to isapi_redirect.dll.

3. Configure Windows registry settings on the Windows Server 2008 host. a. In the ISAPI Redirector installation directory, create a file with a .reg extension. The name of this file is discretionary (isapi_redirector.reg is recommended).

b. Add the following contents to the .reg file: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\ Jakarta Isapi Redirector\1.0] "extension_uri"="/jakarta/isapi_redirect.dll" "log_file"="D:\\iis75–jboss7\\logs\\jk_iis.log" "log_level"="debug" "worker_file"="D:\\iis75–jboss7\\workers.properties" "worker_mount_file"="D:\\iis75–jboss7\\uriworkermap.properties" "uri_select"="unparsed" Siemens PLM Software recommends that you use debug for the log_level entry when you initially configure the redirector to get all messages. You can

2-12 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

change this after you have tested your installation and determined that it is working properly. The following table provides a brief description of these entries:

Name Description extension_uri Represents the IIS virtual directory including the ISAPI Redirector file. log_file Defines the name and location of the ISAPI Redirector log file. log_level Defines the level of debug messages written to the ISAPI Redirector log file. Valid values are debug, info, error, and emerg. worker_file Defines the location of the ISAPI redirector worker.properties file. worker_mount_file Defines the location of the ISAPI redirector uriworkermap.properties file. uri_select Determines how the forwarded URI is handled. Unparsed indicates the original request URI is forwarded. Siemens PLM Software recommends this option. Rewriting the URI and forwarding the rewritten URI does not work correctly.

For more information about these registry settings, see the Apache Tomcat Connector – Reference Guide:

http://tomcat.apache.org/connectors-doc/reference/iis.html

c. Change the following lines in the .reg file to reflect your directory settings: A. For log_file, enter the location of the logs directory you created and the name of the log file. The log file itself is created later by the ISAPI Redirector.

B. For worker_file, enter a location for the worker definition file. Siemens PLM Software recommends that you create this file in the directory where you installed the Tomcat ISAPI Redirector. You create this file later.

C. For the worker_mount_file, enter a location for the worker-URI map file. You create this file later.

D. For the extension_uri, enter tomcat.

d. In the ISAPI Redirector installation directory, right-click the isapi_redirector.reg file and choose Merge.

e. After receiving a confirmation message from Windows, check the ISAPI Redirector settings using the Microsoft Registry Editor program (regedit.exe) to ensure the registry settings are correct. For information about using the Microsoft Registry Editor, see the Microsoft Windows online help.

PLM00015 J Web Application Deployment Guide 2-13 Chapter 2 Teamcenter Web application deployment

4. Create a text file with contents similar to the following: # Define node1 (one node required for H_SE) worker.list=node1 worker.node1.port=8009 worker.node1.host=host-name1 worker.node1.type=ajp13

The default port is 8009. If you changed this AJP port number in JBoss configuration when you configured the Tomcat ISAPI Redirector, use that value. The host-name value is the host where you run JBoss.

5. Save the file as workers.properties in the directory you defined for it in the registry file.

6. Create a text file with contents similar to the following: # Send all /tc requests to node1 /tc/*=node1

Replace tc with the name of your Teamcenter Web application (tc by default). This configures the redirector to forward all requests with the /tc/* signature to node1.

7. Save the file as uriworkermap.properties. Save this file in the same directory as the workers.properties file.

Configure Microsoft Internet Information Services If you are using a Windows Server 2008 host, perform the procedure described in Configure Microsoft Internet Information Services on Windows Server 2008 instead of this procedure. 1. Open the IIS Manager and choose Start→Administrative Tools→Internet Information Services (IIS) Manager.

2. In the Connections pane, expand your computer name until you see Sites.

3. Add a new Web site for your deployment: a. Right-click Sites and choose Add Web Site.

b. In the Add Web Site dialog box, type a name for the site in the Site name box, for example, iis75-jboss75.

c. In the Physical path box, type or browse to the location of the wwroot directory you created in Install and configure the Tomcat ISAPI Redirector on Windows Server 2008.

d. In the Port box, type a value for the binding port, for example, 8028, and click OK.

4. Add a virtual directory: a. In the Connections pane, right-click your new site name and choose Add Virtual Directory.

2-14 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

b. In the Alias box, type jakarta.

c. In the Physical path box, type the path or browse to the bin directory you created in Install and configure the Tomcat ISAPI Redirector on Windows Server 2008 and click OK.

5. Add an ISAPI filter: a. Right-click Default Web Site and choose Properties.

b. Click the ISAPI Filters tab and click Add.

c. In the Filter name box, type tomcat.

d. In the Executable box, type isapi_redirector.dll or click Browse to navigate to it, and click OK.

6. Add a extension: a. Click Web Service Extensions.

b. In the details pane, click Add a new Web service extension.

c. In the Extension name box, type tomcat.

d. Click Add.

e. In the Path to file box, type the path or click Browse to navigate to the isapi_redirector.dll file, and click OK.

f. Select the Set extension status to Allowed check box and click OK.

Configure Microsoft Internet Information Services on Windows Server 2008 1. Open the IIS Manager and choose Start→Administrative Tools→Internet Information Services (IIS) Manager.

2. In the Connections pane, expand your computer name until you see Sites.

3. Add a new Web site for your deployment: a. Right-click Sites and choose Add Web Site.

b. In the Add Web Site dialog box type a name for the site in the Site name box, for example, iis75-jboss75.

c. In the Physical path box, type or browse to the location of the wwwroot directory you created in Install and configure the Tomcat ISAPI Redirector on Windows Server 2008.

d. In the Port box, type a value for the binding port, for example, 8028 .

e. Clear the Start Web site immediately check box and click OK.

4. Add a virtual directory:

PLM00015 J Web Application Deployment Guide 2-15 Chapter 2 Teamcenter Web application deployment

a. In the Connections pane, right-click your new site name and choose Add Virtual Directory.

b. In the Alias box, type jakarta.

c. In the Physical path box, type the path or browse to the bin directory you created in Install and configure the Tomcat ISAPI Redirector on Windows Server 2008 and click OK.

5. Configure a handler mapping: a. In the Connections pane, select you new site name.

b. Right-click Handler Mappings and select Open Feature.

c. In the Handler Mappings pane, double-click ISAPI-dll.

d. In the Edit Module Mapping dialog box, type an asterisk (*) character in the Request path box

e. Click the browse button next to the Executable box and browse to the location of the isapi_redirector.dll file.

f. Click Request Restrictions and clear the Invoke handler only if request is mapped to check box on the Mapping tab.

g. Click the Verbs tab and ensure the All verbs option is selected.

h. Click the Access tab, ensure the Execute option is selected, and click OK.

i. In the Connections pane, select you new site name and click Start in the Actions pane (on the right side under Manage Web Site).

To access the Web site, enter a URL in the following format: http://:/console/login/LoginForm.jsp

Deploy on WebSphere application server (H-SE) This procedure deploys the Teamcenter Web tier application (EAR file bundling the WAR file) on IBM WebSphere Application Server and configures IBM HTTP server as the front-end Web server.

Deploy on WebSphere application server You must set up the following WebSphere components for this configuration: Note This sequence is recommended by the WebSphere Launchpad program. The process assumes that you have separate hosts for the application server (host A) and the Web server (host B). WebSphere provides installation wizards to aid you in this process. The wizards are accessed from the launchpad.exe application.

For more information, see the complete WebSphere documentation: http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?

2-16 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

PAG=C11&SSN=12HFE0003463254433&TRL=TXT&WRD=WebSphere+ Application+Server+v8&PBL=&LST=ALL&RPP=10&submit=Go 1. Install the WebSphere application server on host A. Use the installation wizard for WebSphere Application Server.

2. Install the IBM HTTP server with the required plug-in on host B. Use the installation wizard for IBM HTTP Server. If using a different Web server, skip this wizard and install the Web server per the vendors instructions on host B.

3. If using a previously installed IBM HTTP server or a different Web server, install the Web server plug-in on host B. Use the installation wizard for Web Server plug-ins.

4. Copy the configureWeb-server-name script file from the plugins-install-root/bin directory on host B to the profiles-install-root/profile-name/bin directory on host A.

5. In a command shell, run the configureWeb-server-name script. This creates a Web server definition file for the integrated solutions console. You can now use the console to manage the Web server.

6. Start the WebSphere application server.

7. Start the WebSphere integrated solutions console. For more information about the console, see the WebSphere documentation.

8. Propagate the Web server plug-in file and configure the Web server to accept all content. For an IBM HTTP server: Note For most other Web servers, you must manually apply the Web server plug-in file to the Web server environment, However, It may be possible to propagate some other Web server plug-in files in this manner.

• In the navigation tree, expand Servers and select Web servers.

• In the Web servers pane, click Propagate Plug-in.

• Expand Servers→Web Servers→Web-server-name→Plug-in properties. Note If you have load-balanced clustered Web servers in your configuration, you must update the plug-in configuration on each Web server. You can also locate the plugin-cfg.xml file for your Web server, manually set the AcceptAllContent value to true, and push the change to the other Web servers. For information about the IBM HTTP Web server configuration, see the IBM documentation: ftp://ftp.software.ibm.com/software/webserver/appserv /library/v60/ihs_60.pdf

• Select AcceptAllContent from the Accept content for all requests list and click OK.

PLM00015 J Web Application Deployment Guide 2-17 Chapter 2 Teamcenter Web application deployment

9. In the navigation tree, expand Applications and click Install New Application.

10. In the Preparing for the application installation pane, type the path to, or browse to, the location of the Teamcenter Web tier EAR file in the Full path box. Select Prompt me only when additional information is required and click Next.

11. Accept the default Select installed options for enterprise applications and modules and click Next.

12. In the Map modules to servers pane, if you have multiple server instances, select the check boxes for all modules and map them to the same server instance. Click Next again.

13. In the summary pane, click Finish. Wait for WebSphere to complete the application deployment.

14. When WebSphere displays a message indicating the application deployed successfully, scroll to the bottom of the page and click Manage Applications.

15. In the Enterprise Application pane, click the Teamcenter application name.

16. In the Configuration page, click the Teamcenter application name.

17. Click Manage Modules under Modules.

18. Click JETIResourceAdapter in the Module column.

19. Click Resource Adapter under Additional Properties.

20. Click J2C connection factories under Additional Properties.

21. Click com.teamcenter.jeti.resourceadapter.spi.IJetiConnectionFactory in the Name column.

22. Type jca/enterprise-app-reg-id/Adapter in the JNDI name box and click Apply. Note The value that was assigned to the Enterprise Application Registration ID context parameter for the Teamcenter Web tier application is what you enter for enterprise-app-reg-id in this step. The default value is JETI. If you intend to deploy multiple EAR file instances in the same WebSphere instance, this value must be different for each deployment.

23. Click Connection pool properties under Additional Properties.

24. Type 500 in the Maximum connections box and 0 in the Minimum connections box. Note The Maximum connections value constrains the number of concurrently executing tcserver requests. Each client has an executing request for a small percentage of its duration. Therefore, this number can be significantly smaller than the number of concurrent users or clients. If the Web tier encounters errors obtaining JCA connections during peak activity, increase the Maximum connections value.

2-18 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

25. Click Apply, scroll to the top of the page, and click Save.

Configure the HTTP Web server 1. Open the Teamcenter site_specific.properties file and modify the following properties: portalCommunicationTransport=http HTTP_SERVER_1.URI=http://host-name:port-number/tc-name/webclient Replace host-name and port-number with the WebSphere application server host name and HTTP listening port number. Replace tc-name with your Teamcenter Web application name; by default, this value is tc.

2. In the Integrated Solutions Console navigation tree, expand Environment→Virtual Host and click default_host.

3. Click Host Aliases under Additional Properties and click New.

4. Type the Web server listening port number in the Port box and click OK.

5. In the navigation tree, expand Environment→Update global web server plug-in configuration and click OK.

6. Propagate the plug-in configuration file to the Web server. The Web server plug-in configuration service propagates the plugin-cfg.xml file automatically for IBM HTTP server. For all other Web servers, propagate the plug-in configuration file manually. For information about propagating the plug-in configuration file, see the WebSphere application server documentation. Note If the plug-in configuration service does not propagate the configuration file properly for an IBM HTTP server, you must manually copy the file to the Web server plug-in directory.

a. Copy the plugin-cfg.xml file from the profile-root/config/cells/ cell-name/nodes/web-server-name-node/servers/web-server-name directory on the host where your WebSphere application server is installed.

b. Paste the file into the plugins-root/config/web-server-name directory on the host where the Web server is installed.

c. Restart the Web server.

Provide isolation for multiple HTTP sessions If you deploy multiple applications in the same application server instance, HTTP session cookies may be overwritten by browsers connecting to different applications. To avoid this, configure the application server to provide separate cookie paths: 1. Log on to the Integrated Solution Console, expand Applications in the navigation tree, and click Enterprise Applications.

2. In the Enterprise Applications pane, click the Teamcenter application link.

3. Click Session Management under Web Modules Properties.

PLM00015 J Web Application Deployment Guide 2-19 Chapter 2 Teamcenter Web application deployment

4. Click Override session Management under General Properties.

5. Click the Enable cookies link and type a slash (/) followed by the Teamcenter Web application name. For example, if you use the default Web application name, type /tc.

Deploy on WebLogic application server/Apache HTTP server (H-SE)

This procedure deploys one instance of the Teamcenter Web tier application (EAR file) hosted on Oracle WebLogic (application) Server and configures an Apache HTTP server that is used as the Web tier server.

Deploy the Teamcenter Web application This procedure deploys one instance of an Oracle WebLogic Server hosting the Teamcenter Web tier application (EAR file bundling WAR file).

Caution If you do not deploy your Teamcenter Web application in a domain by itself, the client-side session cookie can be overwritten by the other applications in the domain. For information about preventing this, see Troubleshooting four-tier architecture deployment.

1. Start the WebLogic server administration console. For information about the console, see the WebLogic server documentation:

http://docs.oracle.com/cd/E21764_01/apirefs.1111/e13952/core/index.html

2. In the left pane, click Deployments.

3. In the right pane, click Install.

4. In the Install Application Assistant, click Browse next to the Deployment Archive box and navigate to the location of the Teamcenter Web tier application (tc.ear by default) and click Next.

5. Accept the default Install this deployment as an application option and click Next.

6. Click Finish to accept all the default settings and then click Save.

7. Click Deployments and select the Teamcenter Web tier application check box.

8. Ensure the application State indicates Active and the Health indicates OK. If not, click Start, select Servicing all requests, and click Yes in the Start Deployments dialog box.

2-20 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

Note If the Web tier encounters errors obtaining JCA connections during peak activity, increase the Max_Pool_Size context parameter value for your Teamcenter Web application. For information about changing this context parameter value, see Troubleshooting four-tier architecture deployment. If WebLogic reports an error (BEA-000402) due to more active sockets than socket readers, add the -Dweblogic.ThreadPoolSize=100 parameter when starting the application server.

Configure the Apache HTTP server You must install the Apache HTTP server and configure it so that it can communicate with the your Teamcenter application on the WebLogic application server. 1. Install the Apache HTTP server on a separate host from the WebLogic server host. For information for installing Apache HTTP server on a specific type of host, see the Apache Web server documentation:

http://httpd.apache.org/docs/2.4/platform/

2. Install and configure the Apache HTTP server plug-in as described in the Oracle WebLogic documentation: http://docs.oracle.com/cd/E21764_01/web.1111/e14395/apache.htm#CDEGCBAC

Deploy on WebLogic application server/WebLogic Express server (H-SE) This procedure deploys one instance of the Teamcenter Web tier application (EAR file) hosted on Oracle WebLogic (application) Server and one instance of the Teamcenter proxy application (WAR file) hosted on a WebLogic Express (WLX) server. In this configuration, WLX is used as the Web tier providing a JSP/servlet container in a four-tier architecture supporting the Teamcenter enterprise application.

Deploy the Teamcenter Web application This procedure deploys one instance of an Oracle WebLogic Server hosting the Teamcenter Web tier application (EAR file bundling WAR file). Caution If you do not deploy your Teamcenter Web application in a domain by itself, the client-side session cookie can be overwritten by the other applications in the domain. For information about preventing this, see Troubleshooting four-tier architecture deployment.

1. Start the WebLogic server administration console. For information about the console, see the WebLogic server documentation:

http://docs.oracle.com/cd/E21764_01/apirefs.1111/e13952/core/index.html

2. In the left pane, click Deployments.

PLM00015 J Web Application Deployment Guide 2-21 Chapter 2 Teamcenter Web application deployment

3. In the right pane, click Install.

4. In the Install Application Assistant, click Browse next to the Deployment Archive box and navigate to the location of the Teamcenter Web tier application (tc.ear by default) and click Next.

5. Accept the default Install this deployment as an application option and click Next.

6. Click Finish to accept all the default settings and then click Save.

7. Click Deployments and select the Teamcenter Web tier application check box.

8. Ensure the application State indicates Active and the Health indicates OK. If not, click Start, select Servicing all requests, and click Yes in the Start Deployments dialog box. Note If the Web tier encounters errors obtaining JCA connections during peak activity, increase the Max_Pool_Size context parameter value for your Teamcenter Web application. For information about changing this context parameter value, see Troubleshooting four-tier architecture deployment. If WebLogic reports an error (BEA-000402) due to more active sockets than socket readers, add the -Dweblogic.ThreadPoolSize=100 parameter when starting the application server.

Deploy the Teamcenter proxy application 1. Generate the Teamcenter WebLogic proxy WAR file. For information, see the Teamcenter server installation manual (for Windows or UNIX/Linux).

2. Install WebLogic Express and create a domain for deploying the WebLogic proxy WAR file.

3. Deploy the WebLogic proxy WAR file in WebLogic Express. For information, see Deploying New Applications and Modules in the WebLogic Express documentation. Note Ensure your clients connect to the WebLogic Express host and port, rather than the Web application server.

Deploy on WebLogic server/Internet Information Server (IIS) 7 You can use IIS 7 as your HTTP server on Windows 2008 servers in an H-SE configuration. You must configure the WebLogic server proxy (WLS proxy) DLLs in this configuration. You can choose to use either 32-bit DLLs or 64-bit DLLs. This procedures uses the 32-bit DLLs. For information about installing IIS7 on Windows 2008 servers, see the following URL: http://learn.iis.net/page.aspx/29/installing-iis7-on-windows-server-2008/

2-22 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

Deploy the Teamcenter Web application This procedure deploys one instance of an Oracle WebLogic Server hosting the Teamcenter Web tier application (EAR file bundling WAR file). Caution If you do not deploy your Teamcenter Web application in a domain by itself, the client-side session cookie can be overwritten by the other applications in the domain. For information about preventing this, see Troubleshooting four-tier architecture deployment.

1. Start the WebLogic server administration console. For information about the console, see the WebLogic server documentation:

http://docs.oracle.com/cd/E21764_01/apirefs.1111/e13952/core/index.html

2. In the left pane, click Deployments.

3. In the right pane, click Install.

4. In the Install Application Assistant, click Browse next to the Deployment Archive box and navigate to the location of the Teamcenter Web tier application (tc.ear by default) and click Next.

5. Accept the default Install this deployment as an application option and click Next.

6. Click Finish to accept all the default settings and then click Save.

7. Click Deployments and select the Teamcenter Web tier application check box.

8. Ensure the application State indicates Active and the Health indicates OK. If not, click Start, select Servicing all requests, and click Yes in the Start Deployments dialog box.

Note If the Web tier encounters errors obtaining JCA connections during peak activity, increase the Max_Pool_Size context parameter value for your Teamcenter Web application. For information about changing this context parameter value, see Troubleshooting four-tier architecture deployment. If WebLogic reports an error (BEA-000402) due to more active sockets than socket readers, add the -Dweblogic.ThreadPoolSize=100 parameter when starting the application server.

Configure Microsoft Internet Information Services 7 1. Copy the iisproxy.dll and iisforward.dll files available in the WLSHOME\Server\plugin\win\32 or WLSHOME\Server\plugin\win\x64 directory to the directory that you want as your home folder for your IIS Web site. Change the directory security properties to allow execute permission to its contents.

PLM00015 J Web Application Deployment Guide 2-23 Chapter 2 Teamcenter Web application deployment

Note Ensure that you copy the DLL file from the 32 directory for 32-bit operating systems or the x64 directory for 64-bit operating systems. These are not interchangeable and cause errors if you copy the wrong DLL file.

2. Open the IIS Manager and choose Start→Administrative Tools→Internet Information Services (IIS) Manager.

3. In the Connections pane, expand your computer name entry until you see Sites.

4. Create a new Web site with the home folder set to the directory that contains the DLLs you copied in step 1: a. Right-click Sites and choose Add a Web Site.

b. In the Add Web Site dialog box, type a name for your Web site in the Site name box, for example, IISWLS, and click the browse button ( ) next to the Physical path box.

c. In the Browse for Folder dialog box, browse to the directory that contains the iisproxy.dll and iisforward.dll files and click OK.

d. In the Port box, type a unique port number, for example 8088, and click OK.

5. Add ISAPI Filters: a. In the Connections pane, select your new Web site and double-click ISAPI Filters in the Web site Home pane. Note You may have to scroll down in the Home pane to access ISAPI Filters.

b. Click Add in the Actions pane (on the right).

c. In the Add ISAPI Filter dialog box, type a name for the filter in the Filter name box, for example, iisforward, and click the button next to the Executable box.

d. In the Open dialog box, browse to the iisforward.dll file location, double-click the file name, and click OK.

6. Configure a handler mapping: a. In the Connections pane, select your new Web site and double-click Handler Mappings in the Web site Home pane.

b. In the right pane, click Add Script Map.

c. In the Add a Script Map dialog box, type *.wlforward in the Request path box and click the button next to the Executable box.

d. Browse to the Web site’s home folder and select the iisproxy.dll file.

e. Type a name for the script map in the Name box, for example, iisproxy, and click OK.

2-24 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

f. Click Yes in the Add a Script Map dialog box to allow the ISAPI extension.

7. Create an iisproxy.ini file in the directory that contains the DLLs. This file must contain the following information: WebLogicHost=dns-name-or-ip-address WebLogicPort=listening-port-for-WLS WlForwardPath=/tc-Web-application—name Debug=ALL DebugConfigInfo=ON The WebLogicPort value is 7001 by default. The WlForwardPath value points to the Web application that the proxy forwards to (tc is the default for the Teamcenter Web application). If you want to forward to all Web applications, set this value to /. The debug values are optional and are set for debugging purposes. The default log file for debug messages is C:\TEMP\wlproxy.log.

8. Restart IIS.

To access the Web site, enter a URL in the following format: http://host-name:port-number/console/login/LoginForm.jsp

Clustered deployment with front-end HTTP server Setting up an application server cluster can be a very complex process and can vary depending on your particular hardware, performance requirements, or availability requirements. The following instructions provide information specific to the Teamcenter Web tier application. The application server documentation available from the vendor provides the best source for the cluster set up process and is referenced at several points in the following procedures. Note If you intend to run two instances of an applications server on the same host using a single EAR file (not typical), you must override the TreeCacheTCP.xml file (if you are using TCP mode). To do this, change the end_port value to allow bind port rollover. This is not required if you are using multicast mode. For information about changing this setting, see Override TreeCache settings.

Note Siemens PLM Software does not support clustered deployment of Teamcenter Web applications on JBoss.

Override TreeCache settings 1. Use the jar command to extract the TreeCacheTCP.xml file from the JETIServerAccessor.jar file inside the EAR file.

2. Locate the TCP element in the TreeCacheTCP.xml file and increase the end_port parameter value by the number of application server instances you are running on the host. For example:

PLM00015 J Web Application Deployment Guide 2-25 Chapter 2 Teamcenter Web application deployment

This change allows the Teamcenter Web Application, when running on multiple application server instances on the same host, to initialize the TreeCache by binding to a vacant port within the designated range.

3. Copy the TreeCacheTCP.xml file into the startup class path of your application servers as follows: Note This is required to override this configuration file in the EAR file. You must restart all servers instances involved after copying this file to the indicated directories.

• For WebLogic, copy the file to the domain root directory. The domain root is the directory where there can be multiple standalone application servers or cluster members.

• For WebSphere, copy the file to the profile root directory. The profile root is the directory where there can be multiple standalone application servers or cluster members.

• For JBoss, copy the file to the bin directory of each server instance.

• For Oracle Application Server, copy the file to the home directory of each application server instance, typically the install-root/j2ee/home directory.

Deploying on WebLogic application server/WebLogic Express Web server (H-SE*) This procedure: • Deploys Teamcenter Web tier applications (EAR file bundling the WAR file) on a Oracle WebLogic Server cluster.

• Configures WebLogic Express (WLX) server as the front-end Web tier server for the cluster. In this configuration, WLX is used as the Web tier providing a JSP/servlet container in a four-tier architecture supporting the Teamcenter enterprise application.

• Deploys one instance of the Teamcenter proxy application (WAR file) hosted on the WebLogic Express (WLX) server. Note For the list of currently supported Web application servers and HTTP Web servers for each operating system, see the Siemens PLM Software Global Technical Access Center (GTAC).

Deploy the Teamcenter Web application This procedure deploys one instance of an Oracle WebLogic Server hosting the Teamcenter Web tier application (EAR file bundling WAR file). Caution If you do not deploy your Teamcenter Web application in a domain by itself, the client-side session cookie can be overwritten by the other applications in the domain. For information about preventing this, see Troubleshooting four-tier architecture deployment.

2-26 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

1. Start the WebLogic server administration console. For information about the console, see the WebLogic server documentation:

http://docs.oracle.com/cd/E21764_01/apirefs.1111/e13952/core/index.html

2. In the left pane, click Deployments.

3. In the right pane, click Install.

4. In the Install Application Assistant, click Browse next to the Deployment Archive box and navigate to the location of the Teamcenter Web tier application (tc.ear by default) and click Next.

5. Accept the default Install this deployment as an application option and click Next.

6. Click Finish to accept all the default settings and then click Save.

7. Click Deployments and select the Teamcenter Web tier application check box.

8. Ensure the application State indicates Active and the Health indicates OK. If not, click Start, select Servicing all requests, and click Yes in the Start Deployments dialog box.

Note If the Web tier encounters errors obtaining JCA connections during peak activity, increase the Max_Pool_Size context parameter value for your Teamcenter Web application. For information about changing this context parameter value, see Troubleshooting four-tier architecture deployment. If WebLogic reports an error (BEA-000402) due to more active sockets than socket readers, add the -Dweblogic.ThreadPoolSize=100 parameter when starting the application server.

Configure WebLogic Express as the front-end Web server for a cluster WebLogic Express Server (WLX) is designed for deploying simple Web applications and can be used as a Web tier in a four-tier Teamcenter environment. 1. Create the Teamcenter – Web Tier Proxy solution: a. Launch the Web Application Manager (insweb).

b. Click Add to begin creating the Web application.

c. In the Add Web Application dialog box: A. Type a name for the application in the Name box, for example, WebLogic Cluster Proxy.

B. Accept the default value for Staging Location or enter a different directory.

C. (Optional) Type a description of the application in Description box.

PLM00015 J Web Application Deployment Guide 2-27 Chapter 2 Teamcenter Web application deployment

D. Click Advanced Web Application Options. Type a name for the deployable file in the Deployable File Name box (alphanumeric characters only) and clear the Automatically Build Deployable File check box.

E. Make sure the Disk Locations for Install Images box includes the path to the Web_tier directory on the Teamcenter software distribution image.

F. Click Solutions. In the Select Solutions dialog box, clear all preselected solutions and select only the Teamcenter – Web Tier Proxy solution. Note Do not change the default solution type (Thin Client) in the Solution Type box.

d. Click OK. Note The default context parameter values are acceptable.

e. Click OK to begin building the solution. The Web Application Manager displays the status of the installation in the Progress dialog box. When the installation is complete, click OK to close the Progress dialog box. Note Do not exit the Web Application Manager.

2. Open the web.xml file in the staging-directory/webapp_root/WEB-INF directory for the solution and comment the following lines: ProxyServlet weblogic.servlet.proxy.HttpProxyServlet redirectURL localhost:7001 WebLogicHost localhost WebLogicPort 7001 ProxyServlet /

3. Modify web.xml to uncomment the following lines: Replace :| : with the host name and port number for each WebLogic server participating in the cluster.

4. If the context root of the proxy WAR file does not match the context root of the Teamcenter Web application: a. Open the weblogic.xml file in this same directory.

b. Modify the following entry to match the context root Teamcenter Web application (EAR file) deployed in the application server where the proxy forwards requests: /tc

5. In the Web Application Manager, select the solution name and click Modify.

6. Click Generate Deployable File and click OK.

Note When the Web Application Manager finishes generating the deployable file, you can exit the application.

7. Install WebLogic Express and create a domain for deploying the Teamcenter proxy WAR file. For information creating domains and deploying WAR files in WebLogic, see the WebLogic server documentation: http://www.oracle.com/technetwork/middleware/weblogic/ documentation/weblogic-server-096635.htmll

8. Deploy the Teamcenter – Web Tier Proxy file in WebLogic Express.

Note Ensure your clients connecting to the proxy Web application use the host and port of the front-end server (WebLogic Express). Clients must not connect to any of the Web application servers in the cluster.

Deploying on WebLogic server/Apache Web server (H-SE*)

This procedure:

PLM00015 J Web Application Deployment Guide 2-29 Chapter 2 Teamcenter Web application deployment

• Deploys the Teamcenter Web tier application (EAR file bundling the WAR file) on a Oracle WebLogic Server cluster.

• Configures Sun Java System Web Server running as the front-end HTTP listener for the cluster.

Deploy the Teamcenter Web application

This procedure deploys one instance of an Oracle WebLogic Server hosting the Teamcenter Web tier application (EAR file bundling WAR file).

Caution If you do not deploy your Teamcenter Web application in a domain by itself, the client-side session cookie can be overwritten by the other applications in the domain. For information about preventing this, see Troubleshooting four-tier architecture deployment.

1. Start the WebLogic server administration console. For information about the console, see the WebLogic server documentation:

http://docs.oracle.com/cd/E21764_01/apirefs.1111/e13952/core/index.html

2. In the left pane, click Deployments.

3. In the right pane, click Install.

4. In the Install Application Assistant, click Browse next to the Deployment Archive box and navigate to the location of the Teamcenter Web tier application (tc.ear by default) and click Next.

5. Accept the default Install this deployment as an application option and click Next.

6. Click Finish to accept all the default settings and then click Save.

7. Click Deployments and select the Teamcenter Web tier application check box.

8. Ensure the application State indicates Active and the Health indicates OK. If not, click Start, select Servicing all requests, and click Yes in the Start Deployments dialog box.

Note If the Web tier encounters errors obtaining JCA connections during peak activity, increase the Max_Pool_Size context parameter value for your Teamcenter Web application. For information about changing this context parameter value, see Troubleshooting four-tier architecture deployment. If WebLogic reports an error (BEA-000402) due to more active sockets than socket readers, add the -Dweblogic.ThreadPoolSize=100 parameter when starting the application server.

2-30 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

Configure Apache HTTP (Web) server as the listener for a cluster 1. Install the Apache HTTP server on a separate host from the WebLogic server host. For information for installing Apache HTTP server on a specific type of host, see the Apache Web server documentation:

http://httpd.apache.org/docs/2.4/platform/

2. Install and configure the Apache HTTP server plug-in as described in the Oracle WebLogic documentation: http://docs.oracle.com/cd/E21764_01/web.1111/e14395/apache.htm#CDEGCBAC

3. Configure the WebLogic Server cluster and deploy your Teamcenter Web application to the cluster as described in the Using Clusters documentation in the Oracle WebLogic System Administration documentation: http://docs.oracle.com/cd/E21764_01/web.1111/e13709/toc.htm

Deploy WebSphere application server cluster with HTTP (Web) server

This configuration is basically the same as described in Deploy on WebSphere application server (H-SE) with the additional requirement that you have the optional WebSphere application server Deployment Manager. 1. Ensure the WebSphere application server, including the optional IBM HTTP server or Sun Web server and its corresponding plug-in, and the optional WebSphere application server deployment manager, are installed. For more information, see the following topics in the WebSphere Application Server documentation.

• Installing your application serving environment

• Balance workloads by clustering application servers

• Establishing high availability (HA) for failover

2. Perform the steps described in Deploy on WebSphere application server (H-SE).

3. Ensure the Teamcenter EAR file and all its modules are deployed to all cluster instances.

4. Ensure the plug-in configuration file is propagated to all cluster members and the HTTP server side.

Deploying clustered with front-end load-balanced HTTP servers This configuration requires that you setup an H-SE deployment, as described in Basic deployment with front-end HTTP (Web) server and then configure an external load balancer for the HTTP (Web) servers to create a Web server farm. There are various external load balancers available and each has to be configure according to the vendors instructions. Therefore, Siemens PLM Software cannot provide

PLM00015 J Web Application Deployment Guide 2-31 Chapter 2 Teamcenter Web application deployment

instructions for all possible configurations. You can use the Microsoft IIS load balancing instructions as a guide.

Configure Microsoft IIS load balancing

This procedure provides instructions for configuring the network load balancing mechanism provided with Microsoft IIS 6.0. Ensure that each host is self-sufficient with resources duplicated on each one. The Teamcenter database, whether a single or distributed database, must be on host separate from the Web and application servers. Network load balancing (NLB) aids in the process of creating a farm. A farm is a redundant cluster of several Web servers serving a single IP address. Each machine can be configured to route the requests to the J2EE application server where your Web tier is deployed. Each server in the cluster is fully self-contained, which means it is able to function without requiring any other server in the cluster. If any machine in the cluster is unavailable, NLB rebalances the incoming requests to the running servers in the cluster. The servers in the cluster must be able to communicate with each other to exchange information about their current processor and network load and to determine when a server is unavailable. NLB can provide reasonably close to 1:1 performance improvement for each server added to the cluster. NLB requires a minimum of two servers running Windows Server 2003. Each server must have at least one network card (NIC) and a fixed IP address. For best performance, Siemens PLM Software recommends you have two adapters in each server; one mapped to the real IP address (dedicated IP) and one mapped to the virtual IP address (cluster IP). NLB uses advanced networking features of network adapters. Therefore, low end adapters, especially those for nonserver hosts, may not support the required NDIS protocols. 1. Select an available IP address on the same class C network segment as the fixed IP addresses for the virtual IP address.

2. On any server, start the Network Load Balancing Manager in one of these ways: • Choose Start→Administrative Tools→Network Load Balancing Manager.

• At a command prompt, type NLBmgr.

3. In the Network Load Balancing Manager dialog box, right-click the Network Load Balancing Clusters root node and choose New cluster.

4. Define the cluster parameters: a. Type the virtual IP address you selected for the cluster in the IP address box.

b. Type a subnet mask in the Subnet mask box. You must use the same subnet mask for all servers in the cluster. Note The Full Internet name value is only for reference and is used primarily for displaying the name of the server. However, if you have a domain configured for the server you may use that domain name.

c. If your server has more than one network adapter, click Unicast for the Cluster operation mode. If you are using a single adapter, Siemens PLM Software recommends that you select Multicast to allow both the NLB traffic and the native IP traffic to move through the same network adapter.

2-32 Web Application Deployment Guide PLM00015 J Teamcenter Web application deployment

Note Multicast is slower than Unicast as both kinds of traffic must be handled by the network adapter but it is the only way to remotely configure all machines centrally for servers with one network adapter.

d. Clear the Allow Remote Control check box and click Next. Note If you need this functionality, enable it after you have the cluster running.

5. Click Next in the Cluster IP addresses dialog box.

6. Define the standard port rules: a. Click Add.

b. Select the All check box and type 80 in both the From and To boxes.

c. Click Both for Protocols.

d. Click Multiple hosts for Filtering mode and None for Affinity.

e. Click OK.

7. Define the secure port rules: a. Click Add.

b. Select the All check box and type 443 in both the From and To boxes.

c. Click Both for Protocols.

d. Click Multiple hosts for Filtering mode and Single for Affinity.

e. Click OK.

8. Connect the master host as a node in the cluster: a. Type the IP address of the host you want as the master in the Host box. Note Node 1 is the master, which means that it receives requests and acts as the routing manager. Although when the load is high on this node, other machines may take over for the master.

b. Click Connect.

c. Click Next.

d. In the Host Parameters dialog box, select 1 from the Priority list. Note Priority sets a unique ID for each node in the cluster. The lower the number the higher the priority.

e. Click Finish. The Network Load Balancing Manager configures your network adapter. The network connection flashes on and off a few times during this configuration

PLM00015 J Web Application Deployment Guide 2-33 Chapter 2 Teamcenter Web application deployment

process on the sever you are configuring as a host. When the configuration is complete, the Status column displays Converged for the node.

9. In the Network Load Balancing Manager, right-click the cluster domain and choose Connect.

10. Repeat step 8 until all nodes have been added to the cluster.

2-34 Web Application Deployment Guide PLM00015 J Chapter 3 Global Services Web application deployment

Global Services Web application deployment ...... 3-1 Creating the Global Services tables ...... 3-1 Configuring application servers for Global Services ...... 3-3 Deploy the Global Services application ...... 3-4 Deploy on Websphere 8 ...... 3-5 Deploy on WebLogic 12.1.1.0 ...... 3-6 Deploy on JBoss 7.1 ...... 3-9 Configuring Data Exchange orchestration ...... 3-13 Configure the application server for ODE ...... 3-13 Configure ODE to use an Oracle database ...... 3-15 Configuring Global Services for HTTPS ...... 3-16 Configure the application server for SSL ...... 3-16 Configuring File Management System for SSL ...... 3-17 Generate a key store and private key ...... 3-17 Obtain a signed certificate ...... 3-18 Update the FSC and FMS configuration ...... 3-19 Configure Global Services application as a trusted client ...... 3-19 Install the Global Services signer certificate to Teamcenter rich client ...... 3-20 Install the Global Services signer certificate to Teamcenter thin client ...... 3-20 Configure the Teamcenter Enterprise Global Services end point variable ...... 3-20 Modify Teamcenter preferences for SSL ...... 3-21

PLM00015 J Web Application Deployment Guide

Chapter 3 Global Services Web application deployment

Global Services Web application deployment

Deploying Global Services requires that you have available information about the database that Global Services uses as its datastore. If you are using a Teamcenter database as your datastore, you must know the type of database prior to staring the application deployment procedure. This information is determined during the Teamcenter server installation process. If you are not using a Teamcenter database as your datastore, you must create the Global Services required tables manually. For information about manually creating your Global Services tables, see Creating the Global Services tables.

Creating the Global Services tables

Global Services stores product configuration, connection configuration, SSO security, and business object files in a data store. This data store must be accessible to Global Services through a JDBC connection using JNDI. This connection is set up in your application server and the steps required are specific to the application server. In most cases, the setup requires creating a data source and a connection pool. For specific information about creating a connection pool and data store, see your application server and database documentation. You can use Teamcenter Environment Manager (TEM) to create the Global Services tables in Teamcenter during the server installation process. If you are not using a Teamcenter database as your data store, you can create or upgrade the Global Services required tables in your database using the scripts supplied in the database specific directory of the Teamcenter 10.1 Global Services – Application Directory solution staging location. These directories are located under:

webapp_root database

Caution The Global Services tables are referenced by third-party software that requires case-insensitive collation types. Therefore, if your database server’s default collation is case insensitive, you must alter your Global Services database to case-insensitive (CI) collation after you create it. For information about configuring a database for CI collation, see the comments in the database sql files.

PLM00015 J Web Application Deployment Guide 3-1 Chapter 3 Global Services Web application deployment

Caution A datastore created by a Global Services instance deployed on a given server must not be accessed by Global Services instances deployed on a server that runs a different operating system. This is especially important if there are text files in the datastore containing characters other than US ASCII characters.

Record the database name and type; you must have this information during the deployment procedure. Teamcenter provides the following Global Services database scripts:

Note The script files contain comments that provide additional information about their purpose and use.

Create scripts

File name Purpose oracle_create_tcgs.sql Creates the Global Services tables in the sqlserver_create_tcgs.sql indicated database that has not previously db2_create_tcgs.sql contained Global Services table data. hsqldb_create_tcgs.sql oracle_drop_tcgs.sql Drops the Global Services tables from the sqlserver_drop_tcgs.sql indicated database that has previously hsqldb_drop_tcgs.sql contained Global Services table data so the create script can be used to create an empty data store. This allows the Global Services application to install the initial content the next time the application is accessed.

Upgrade scripts

File name Purpose oracle_upgrade_tcgs_v20070.sql Upgrade from Teamcenter 2007 to the sqlserver_upgrade_tcgs_v20070.sql current release oracle_upgrade_tcgs_v20071.sql Upgrade from Teamcenter 2007.1 to the sqlserver_upgrade_tcgs_v20071.sql current release oracle_upgrade_tcgs_v200711.sql Upgrade from Teamcenter 2007.1.1 to the current release oracle_upgrade_tcgs_v200712.sql Upgrade from Teamcenter 2007.1.2 to the current release oracle_upgrade_tcgs_v200713.sql Upgrade from Teamcenter 2007.1.3 to the current release oracle_upgrade_tcgs_v200714.sql Upgrade from Teamcenter 2007.1.4 to the current release oracle_upgrade_tcgs_v200715.sql Upgrade from Teamcenter 2007.1.5 to the current release oracle_upgrade_tcgs_v200716.sql Upgrade from Teamcenter 2007.1.6 to the current release

3-2 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

File name Purpose oracle_upgrade_tcgs_v200717.sql Upgrade from Teamcenter 2007.1.7 to the current release oracle_upgrade_tcgs_v200718.sql Upgrade from Teamcenter 2007.1.8 to the current release oracle_upgrade_tcgs_v20072.sql Upgrade from Teamcenter 2007.2 to the sqlserver_upgrade_tcgs_v20072.sql current release oracle_upgrade_tcgs_v80000.sql Upgrade from Teamcenter 8 to the sqlserver_upgrade_tcgs_v80000.sql current release oracle_upgrade_tcgs_v80001.sql Upgrade from Teamcenter 8.1 to the sqlserver_upgrade_tcgs_v80001.sql current release oracle_upgrade_tcgs_v80002.sql Upgrade from Teamcenter 8.2 to the sqlserver_upgrade_tcgs_v80002.sql current release

db2_upgrade_tcgs_v80003.sql Upgrade from Teamcenter 8.3 to the sqlserver_upgrade_tcgs_v80003.sql current release oracle_upgrade_tcgs_v80003.sql db2_upgrade_tcgs_v8000301.sql Upgrade from Teamcenter 8.3.0.1 to the sqlserver_upgrade_tcgs_v8000301.sql current release

Configuring application servers for Global Services

Several tasks must be performed to configure the application server for Global Services. Some of these tasks may require using the application server administration tool. See your application server documentation for more specific information about how to perform these tasks. Global Services supports the IPv6 protocol. However, if want to install Global Services in an environment that the supports IPv6 protocol, the application server must be installed on a dual-stack server. For information about supporting IPv6 and dual stack networks on you application server host, see your Windows, UNIX, or Linux server documentation. Perform the setup as described in the following topic for your application server: • Deploy on Websphere 8

• Deploy on WebLogic 12.1.1.0

• Deploy on JBoss 7.1

After you deploy the Web tier application, as a minimum you must perform the initial configuration, as described in the Global Services Configuration Guide, to enable Global Services. http://appserver-host:port-number/GS-app-context-root/controller/index Replace appserver-host and port-number with the host name and port number the application server uses. Replace GS-app-context-root with the context root the application server uses for the Global Services Web tier application; this is usually the EAR file name without the extension.

PLM00015 J Web Application Deployment Guide 3-3 Chapter 3 Global Services Web application deployment

The data store is populated with the initial content the first time that you access the Global Services Web tier application.

Deploy the Global Services application The following provides information for deploying the Global Services EAR file. If you are familiar with deploying applications on your application server, this information may be sufficient to allow you to perform the installation. For more detailed instructions, see the appropriate application server topic. Note Global Services no longer supplies solutions (Gateway for Oracle Manufacturing and Gateway for SAP) or Oracle Manufacturing or SAP connectors. These are replaced by third-party integration products. These products are available from GTAC in the Integrations section of Full Product Releases file downloads. The documentation for installing, administering, or configuring these integrations is included in the same location. You must have a valid WebKey user name and password to access the integration products.

1. Start the application server administration tool if your application server has one. Note If you are configuring Oracle application server 10g v10.1.2, type –Xmx256 and dedicated connection=true in Java Options in your OC4J instance’s Server Properties page.

2. Create a connection pool and a data source that uses it. Choose an appropriate driver for your database. The following table provides suggested driver values. Note It is recommended that you set the maximum connection pool size to 1000 to ensure enough connections are available for processing.

JDBC database Driver class Driver type Default port DB2 COM.ibm.db2.jdbc.app.DB2Driver IBM Type 2 DB2 Driver 5000 MySQL org.gjt.mm.mysql.Driver MySQL Type 4 Driver 3306 Oracle oracle.jdbc.pool.OracleDriver Oracle Thin Driver 1521 SQL server com.microsoft.sqlserver.jdbc. Other 1433 SQLServerXADataSource

Provide user name and password values to connect to the database for a database user with read and write access. The ApplicationInstance context parameter determines the JNDI name for the data store. This parameter value is defined when you build the Global Services Web tier application and is used at the beginning of the JNDI name. The JNDI name is GlobalServicesInstance1/jdbc/GlobalServicesDB if you accept the default value for the context parameter. Provide the URL the JDBC connection uses to connect to the database, for example: Oracle database:

jdbc:orcle:thin:@host-name:port-number:Oracle-SID

3-4 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

3. Create the following queues if you have included the Teamcenter 10.1 Global Services - JMS Messaging solution in your Web application: jms.actionDestination=javax/jms/action

jms.responseDestination=javax/jms/response

4. Deploy the enterprise application you generated as described in the documentation for your application server. Caution If you are deploying on a WebSphere application server, do not select the Precompile JSP option. This causes the deployment to fail.

Deploy on Websphere 8 Note Do not enable application server security on the application server where you deploy the Global Services Web application

1. Before you deploy the Global Services application (EAR) file, complete the following: a. Download the binary archive file from the Apache Tomcat site at the following link: http://tomcat.apache.org/download-70.cgi

b. Use an archive management tool, such as 7-Zip file manager, to extract the servlet-api.jar file in the lib directory of the Tomcat archive file into a directory accessible to the application server. Note the path to the file for later use.

c. Open the Global Services Web application EAR file in 7-Zip file manager and delete the EAR/lib/asix2-jaxws-1.4.jar file.

2. Start the WebSphere integrated solutions console and expand Servers→Server Types in the navigation tree pane and click WebSphere application servers.

3. In the Application servers section, click the server name (server1 by default).

4. In the Application servers pane, expand Java and Process Management under Server Infrastructure and click Process definition.

5. Click Java Virtual Machine under Additional Properties.

6. Type the following parameters in the Generic JVM arguments box: -Dorg.apache.ode.rootDir = full-path-to-Ode-working-directory -Dcom.ibm.websphere.webservices.DisableIBMJAXWSEngine=true

7. Type the full path and filename for each of the following files, delimited by semicolons, into the Classpath box. Note The path to the servlet-api.jar file was noted in a previous step. This must be the last entry in the Classpath property. The other files are located in the WEB_ROOT/staging-directory/earapp_root/lib directory.

commons-io-1.4.jar

PLM00015 J Web Application Deployment Guide 3-5 Chapter 3 Global Services Web application deployment

commons-fileupload-1.2.jar woden-api-1.0M8.jar commons-codec-1.3.jar commons-httpclient-3.1.jar commons-logging-1.1.1.jar -1.2.15.jar servlet-api.jar

8. Click OK, Save , and restart the application server.

9. Deploy the ODE Web applications as described in Configure the application server for ODE.

10. Configure the deployed ODE Web application: a. Click the deployed ODE Web application and click Manage Modules under the Modules section in the Enterprise Applications pane.

b. Click Apache-Axis2 in the Module column.

c. Choose Classes loaded with local class loader first (parent last) from the Class loader order list.

11. Configure the axis2 properties in Global Services. a. Set the axis2.max.connections property value in the globalservices.properties file to a positive numeric value approximately three times the expected number of concurrent connections to ODE from Global Services. Tip You can start with a low two-digit number if you do not expect a large number of transfer requests. If you experience time-out exceptions, increase the value. You can set properties by manually editing in the globalservices.properties file in the Global Services datastore or using the Global Services Web Manager interface.

For information about managing the Global Services datastore, see the Global Services Configuration Guide.

b. (Optional) Set the ode-axis2.db.pool.max property in the globalservices.properties file. This property is associated with the axis2.max.connections property and is set to 20 by default. If you expect a large number of concurrent connections to ODE or experience time-out exceptions, increase the value.

c. Restart the application server.

Deploy on WebLogic 12.1.1.0 1. Start the WebLogic server administration console. For online help for the WebLogic server administration console, see the WebLogic server documentation.

3-6 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

2. In the left pane of the console, click Deployments.

3. In the right pane, click Install.

4. Navigate to the location of the Global Services EAR and click Next.

5. Continue to click Next until you reach the pane that asks if you want to immediately update the application configuration.

6. Select No and click Finish. In the Deployments page, WebLogic displays the Global Services enterprise application.

7. In the Domain Structure tree, expand Services and Domain, then select Data Sources.

8. In the Summary of Data Sources pane, click New.

9. Enter the following for the data source properties and click Next:

Name Type a name that identifies the data source. This name is used in the configuration file (config.xml) to identify this data source in the administration console. JNDI Name Type the JNDI name defined by the ApplicationInstance context parameter when you built the Web tier application. The JNDI name is GlobalServicesInstance1/jdbc/ GlobalServicesDB if you accept the default value for the context parameter. Database Type Select the Teamcenter database type if you are using it for your data store. If you created your gs_runtime_resources table manually, select that database type. Database Driver Select the driver that corresponds to the type of database you are using for your data store. See the table in Deploy the Global Services application for a list of suggested drivers.

10. Ensure Supports Global Transactions is selected, select One-Phase Commit, and click Next.

11. Enter the following for the connection pool properties and click Next:

Database Name Type the SID of the Teamcenter database defined during the Teamcenter server installation process. If you created your gs_runtime_resources table manually, type the name of the database where you created the table. Host Name Type the DNS name or IP address of the server that hosts the database.

PLM00015 J Web Application Deployment Guide 3-7 Chapter 3 Global Services Web application deployment

Port Type the port number on which the database server listens for connection requests. Database User Name Type the database user account name that you want to use for each connection in the data source. Properties If you are using a MySQL database, type the autoReconnect property with the value set to true, for example: autoReconnect=true Password and Confirm Type the password for the database user account. Password

Note It is recommended that you set the maximum connection pool size to 1000 to ensure enough connections are available for processing.

12. Review the connection parameters and click Test Configuration. If there are any configuration errors, go back and correct them. If the test is successful, click Next.

13. Select the servers or clusters on which you want to deploy the data source and click Finish.

14. If you installed the Teamcenter 10.1 Global Services - JMS Messaging solution, you must create the required queues.

Note You can use any JMS provider that you desire. You can also create a separate JMS server or JMS module to contain your queues. For more information, see the WebLogic Server Administration Console Help.

a. In the administration console, expand Services and Messaging and click JMS Modules.

b. In the JMS Modules page, click the desired module name and click New in the Summary of Resources table.

c. Choose Queue for the type of resource and click Next.

d. In the Create a New JMS System Module page, type javax/jms/action in the JNDI Name box and click Finish.

Note You can provide a queue name if you do not want to use the default provided.

e. Repeat this process (step 14) using javax/jms/response for the JNDI Name value.

Note Not all changes take effect immediately. For information, see the WebLogic documentation.

3-8 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

Deploy on JBoss 7.1 1. Add an administrative user in the management realm: a. Open a command shell and ensure that the JAVA_HOME and JBOSS_HOME environment variables are set.

b. Change to the bin directory of JBOSS_HOME and type the following command: add-user The JBoss add-user utility displays prompts for the type of user, realm, user name, and password. The utility displays default values for user type and realm in parentheses. Press Enter to accept the default values for user type and realm (Management User and ManagementRealm). What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): Note the user name and password values you enter.

2. Open the standalone.xml file in the following location:

JBOSS_HOME standalone configuration

Locate the following entry: Replace this entry with: Locate the following entry: Replace this entry with:

PLM00015 J Web Application Deployment Guide 3-9 Chapter 3 Global Services Web application deployment

For development and testing purposes, you can make the JBoss management console accessible to remote hosts by editing the inet-address element:

Warning Allowing remote access to the JBoss management console is a security risk. Use this configuration only during development and testing.

3. If you are deploying the Teamcenter 10.1 Global Services Framework - Ode BPEL Enterprise Application solution for any reason: a. Using an archive file management tool, such as 7-Zip File Manager, expand the ODE archive (tcgs-ode.EAR in the following example) file and remove the Persistence.xml file from the META–INF locations:

tcgs-ode.EAR tcgs-ode.WAR WEB-INF lib ode-dao-jpa-1.3.5.jar META-INF ode-bpel-store-1.3.5.jar META-INF

b. Open the standalone startup batch file or shell script in the following location:

JBOSS_HOME bin standalone

Add the following entry prior to the JBoss bootstrap environment section:

set JAVA_OPTS=”-Dorg.apache.ode.rootDir=full path to ode-working-dir” %JAVA_OPTS%

echo ======echo. echo JBoss Bootstrap Environment

4. Define the JDBC data source: a. Create a directory structure that contains a main directory as its most subordinate child directory under the modules directory of the JBOSS_HOME location, for example:

JBOSS_HOME modules

3-10 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

foo myjdbcdriver main

You can use any valid directory name for the foo and myjdbcdriver directories.

b. Copy the database drive file or files to the main directory.

c. Create a module.xml file in the main directory that contains the following: For the name attribute (directory-structure) value, type the directory structure you created without the main directory. Use periods for the path separator, for example: For the path attribute (driver-file-name) value, type the database driver file name. For example, for an Oracle database:

d. Open the standalone.xml file that you edited in step 2, locate the drivers element, and add a driver element as child to the element: . . driver-class-name Type any unique value for the name (driver-name) attribute value and for the module (directory-structure) attribute value, type the same value you used for the name attribute in module.xml file. Type the driver class name in the data-source-class element, for example:

oracle.jdbc.driver.OracleDriver

e. Locate the datasource element, and add a datasource element as child to the element: . . driver-URL driver-name

PLM00015 J Web Application Deployment Guide 3-11 Chapter 3 Global Services Web application deployment

datasource-username datasource-password Type the data source JNDI name for the jndi-name (data-source-JNDI-name) attribute value. This value must have a java:/ prefix. Type the URL of the JDBC connection for the database for the connection-url (driver-URL) element value. For example, for an Oracle database connection:

jdbc:orcle:thin:@host-name:port-number:Oracle-SID Type the driver class name in the data-source-class element, for example:

oracle.jdbc.driver.OracleDriver Type the user name used to connect to the database in the user-name element and the password associated with that user in the password element.

5. Deploy the EAR file:

a. Open the JBoss console in a browser on the host where JBoss is running:

http://localhost:9990/console

b. Log on, click Runtime in the top right corner, and click Manage Deployments in the left pane.

Note You may have to click Deployments in the left pane to expose Manage Deployments.

c. Click Add Content in the Deployments pane and click Browse in the Upload dialog box.

d. Navigate to the location of the Global Services Web application EAR file (tcgs.ear by default) and click Open.

e. After JBoss finishes deploying the application, click the application’s Enable button in the Deployments pane.

You must start the JBoss application server instance with the bind option to enable connections from clients running on a host different from the application server host. The simplest way to do this is to start the server with the -b myhost option. Substitute the host name or IP address of the local host for myhost, for example:

standalone -b 0.0.0.0 However, this has some security implications. For information about JBoss security, see the JBoss documentation: http://community.jboss.org/wiki/SecureJBoss

3-12 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

Configuring Data Exchange orchestration

Global Services uses the standard Apache Orchestration Director Engine (ODE) for business processing execution language (BPEL) functionality. The ODE is set up by default to use the built in Derby database for its event tracking. You must perform the following tasks to set up ODE for Data Exchange and to use the Teamcenter Oracle database for BPEL event tracking.

Configure the application server for ODE When the Teamcenter 10.1 Global Services Framework - Ode BPEL enterprise application solution is required, you must perform the following steps: Note Create the Teamcenter 10.1 Global Services Framework - Ode BPEL enterprise application solution before performing these steps and perform these steps prior to deploying your Web application. When you create the Web application, you must enter values for the TCGS_WS_URL and TCGS_ODE_URL context parameters. These values must match the values you supply for the globalservices.webservices.url and globalservices.ode.url properties respectively, in the globalservices.properties file. It is recommended that you set the maximum connection pool size to 1000 to ensure enough connections are available for processing.

1. Create an ODE working directory that is accessible to the application server. For example, on a UNIX system, create the /mnt/disk1/ode-working-dir directory.

2. Copy the contents of the ode-working-dir directory located in the WEB_ROOT\staging-directory\earapp_root directory.

3. Deploy the Web application as described in the topic for your application server.

4. Modify the application server Java start options for your application server: • For WebSphere application servers: a. Log on to the WebSphere Integrated Solutions Console and expand Servers in the left pane.

b. Select Application servers and select the server where you deployed the Global Services Web application.

c. Click the Configuration tab, and in the Server Infrastructure section, expand Java and Process Management and select Process Definition.

d. In the Additional Properties section, select Java Virtual Machine.

e. Locate the Generic JVM arguments box and add the following argument at the end of its contents: -Dorg.apache.ode.rootDir=complete-path-to-ode-working-dir -Dcom.ibm.websphere.webservices.DisableIBMJAXWSEngine=true complete-path-to-ode-working-dir represents the path to the directory you created in step 1.

PLM00015 J Web Application Deployment Guide 3-13 Chapter 3 Global Services Web application deployment

Note You may also define this property in your application server’s user-defined properties.

f. Download the globalservices.properties file from the Global Services data store, update the properties as follows, and upload the file to the data store:

Note The globalservices.context.root property defined in previous releases of Global Services is no longer supported.

Property Value

globalservices.webservices. Specifies the URL of the Global url Services Web services WAR file within the Global Services Ode BPEL enterprise application, for example: globalservices.webservices.url = http://localhost:8080/tcgs-ws This is used by services that must send HTTP SOAP requests to other web services. globalservices.ode.url Specifies the URL to the Global Services Ode BPEL enterprise application, for example: globalservices.ode.url = http://localhost:8080/tcgs-ode This is used by services that must send HTTP SOAP requests to BPEL processes.

For information about managing the Global Services data store, see the Global Services Configuration Guide.

• For WebLogic application servers: a. Use an archive management tool, such as 7-Zip File Manager, to copy the xercesImpl-2.9.0.jar file from the Global Services Web application EAR file (tcgs.ear by default) to the ODE.WAR/WEB-IND/Lib location in the ODE Web application EAR file (ode.ear by default).

b. Add the following JVM argument to the application server startup command. -Dorg.apache.ode.rootDir=complete-path-to-ode-working-dir complete-path-to-ode-working-dir represents the path to the directory you created in step 1.

c. Redeploy the ODE Web application.

3-14 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

Configure ODE to use an Oracle database The Apache Orchestration Director Engine (ODE) uses the built-in database by default for its event tracking. When you install the Global Services Framework feature on your Teamcenter server, you also get Oracle tables required for ODE event tracking. The following steps are required to change ODE to use the Oracle tables: Caution If you use the Apache Derby database, you may encounter concurrency problems.

1. Check the default settings in the ode-axis2.properties file. For most setups, no changes are required. The comments in the file provide information about the settings. Change settings as required. # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the , Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ## ODE-AXIS2 Configuraiton Properties ## http://ode.apache.org/index.html ### ode-axis2.db.mode ## Database Mode ("INTERNAL", "EXTERNAL", "EMBEDDED") ## What kind of database should ODE use? ## * "EXTERNAL" - ODE will use an app-server provided database and pool. ## The "ode-axis2.db.ext.dataSource" property will need to ## be set. ## Ode also supports: ## * "EMBEDDED" - ODE will create its own embbeded database (Derby) ## and connection pool (Minerva). ## * "INTERNAL" - ODE will create its own connection pool for a user- ## specified JDBC URL and driver. ## ### ode-axis2.db.ext.dataSource ## External Database [JNDI Name] ## JNDI Name of the DataSource for the ODE database. This is only ## used if the "ode-axis2.db.mode" property is set to "EXTERNAL" ## ### ode-axis2.dao.factory ## DAO Connection Factory class. ## This property is used to enable Hibernate as the JPA implementation. ## Hibernate Configuraiton Properties ## See http://www.hibernate.org/docs.html ###hibernate.dialect ## The classname of a Hibernate org.hibernate.dialect.Dialect ## which allows Hibernate to generate SQL optimized for a particular ## relational database. If you leave this setting blank, Hibernate ## will actually attempt to choose the correct org.hibernate.dialect.Dialect ## implementation based on the JDBC metadata returned by the JDBC driver. ## Example settings: ## RDBMS Dialect ## DB2 org.hibernate.dialect.DB2Dialect ## Oracle (any version) org.hibernate.dialect.OracleDialect ## Oracle 9i org.hibernate.dialect.Oracle9iDialect ## Oracle 10g org.hibernate.dialect.Oracle10gDialect ## Microsoft SQL Server org.hibernate.dialect.SQLServerDialect ## ###hibernate.hbm2ddl.auto ## Automatically validates or exports schema DDL to the database when the ## SessionFactory is created. With create-drop, the database schema will ## be dropped when the SessionFactory is closed explicitly. ## ###hibernate.current_session_context_class ## Supply a custom strategy for the scoping of the "current" Session. ## See Section 2.5 of Hibernate manual, “Contextual sessions” for more ## information about the built-in strategies. ## e.g. jta | thread | managed | custom.Class ##

PLM00015 J Web Application Deployment Guide 3-15 Chapter 3 Global Services Web application deployment

###hibernate.transaction.manager_lookup_class ## e.g. classname.of.TransactionManagerLookup ## The classname of a TransactionManagerLookup. Examples: ## org.hibernate.transaction.JBossTransactionManagerLookup JBoss ## org.hibernate.transaction.WeblogicTransactionManagerLookup Weblogic ## org.hibernate.transaction.WebSphereTransactionManagerLookup WebSphere ## org.hibernate.transaction.WebSphereExtendedJTATransactionLookup WebSphere 6 ## Default settings ode-axis2.db.mode=EXTERNAL ode-axis2.db.ext.dataSource=GlobalServicesInstance1/jdbc/GlobalServicesDB ode-axis2.dao.factory=org.apache.ode.daohib.bpel.BpelDAOConnectionFactoryImpl #hibernate.hbm2ddl.auto=update hibernate.current_session_context_class=jta #hibernate.transaction.manager_lookup_class= #hibernate.dialect=

2. For WebSphere application servers, copy the wsdl4j-1.6.2.jar file from the WEB_ROOT/staging-directory/earapp_root/lib directory to the WAS_HOME/AppServer/java/jre/lib/ext directory WAS_HOME is the WebSphere installation directory.

Configuring Global Services for HTTPS

You can configure one-way secure socket layer (SSL) communication for your Teamcenter Global Services transfers. The configuration required includes: • Configuring the application server

• Configuring File Management System (FMS) to use SSL

• Installing the Global Services signer certificate to the Teamcenter rich client

• Installing the Global Services signer certificate to the Teamcenter thin client

• Modifying the Teamcenter Enterprise configuration variables for SSL

• Modifying the Teamcenter preferences for SSL

Configure the application server for SSL You must configure the application server where you have the Global Services Web application deployed for SSL. Any other application server that contains Teamcenter Web products that are communicating with Global Services must also be configured for SSL. In general, you perform the following configuration in the application server: • Create a key store The key store is normally Java key store (JKS) type. You must have the path to, and file name of, the key store file.

• Import/identify the certificate authority file to the application server The application server must have access to certificate authority (CA) file you will use for your SSL communications.

• Configure SSL listening port You must set the SSL port number for your application server default value.

3-16 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

Note For WebSphere application servers, you must enable the States Federal Information Standard (FIPS) algorithms. The Use the United States Federal Information Standard (FIPS) algorithms option is located under Security | SSL certificate and key Management section in the WebSphere integrated solutions console.

Instructions for enabling secure socket layer (SSL) on an application server are provided in the application server documentation. See Deploy the Global Services application for additional information about application server SSL configuration.

Configuring File Management System for SSL You must configure File Management System (FMS) to use a purchased vendor certificate authority that is supported by standard distributions of the Java runtime environment. The following variables are used in these procedures: key store-file Represents the key store file name. This file is conforms to the Java-based storage standard with public and private keys that are stored in an encrypted key store. Individual keys and certificates within this cryptographic storage can have individual password protection. key store-password Represents the password required to manage the key store. FSC-myhost Represents an alias name for the certificate. The certificate is bound to the host so use a name that indicates the FSC host. This is a similar naming convention to the FSC configuration file name (FSC_host-name_user-name). FSC-myhost Represents the certificate alias password. This password is -password required to retrieve the certificate. FSC-myhost .csr Represents the certificate signing request (CSR) file name. This file requires a .csr extension. This file contains the certificate signing request information that you send to the signing authority. FSC-myhost .cer Represents the certificate file name. This is the file returned by the signing authority and should have a .cer file extension.

Generate a key store and private key 1. From a command prompt, go to the FSC_HOME directory.

2. Type the following command and prompt replies to create a key store: keytool -genkey -key store key store-file -keyalg RSA -alias FSC-myhost Enter key store password: key store-password What is your first and last name? [Unknown]: myhost.mydomain.com What is the name of your organizational unit? [Unknown]: mycompany What is the name of your organization? [Unknown]: mycompany What is the name of your City or Locality? [Unknown]: mycity What is the name of your State or Province? [Unknown]: mystate

PLM00015 J Web Application Deployment Guide 3-17 Chapter 3 Global Services Web application deployment

What is the two-letter country code for this unit? [Unknown]: my Is CN=myhost.mydomain.com, OU=mycompany, O=mycompany, L=mycity, ST=mystate, C=my correct? [no]: yes

Enter key password for (RETURN if same as key store password): FSC-myhost-password

3. Verify the key entry by typing the following command and prompt replies:

keytool -list -key store key store-file Enter key store password: key store-password key store type: jks key store provider: SUN The command output should be similar to:

Your key store contains 1 entry fsc-myhost, Nov 8, 2007, keyEntry, Certificate fingerprint (MD5): 59:B6:2D:38:24:16:45:1B:47:2A:E9:06:55:80:B3:C6

4. Back up the key store file to a secure location. The private key is stored in this file and is unrecoverable if the file or passwords are lost.

Obtain a signed certificate

You must create a certificate signing request (CSR) and submit it to a certificate authority (CA) to receive the signed certificate. The process of submitting the CSR and receiving the signed certificate from the CA varies by signing authority.

1. Generate a CSR from the private key by typing the following command and prompt replies in your FSC_HOME directory:

keytool -certreq -key store key store-file -alias FSC-myhost -file FSC-myhost.csr Enter key store password: key store-password Enter key password for FSC-myhost-password

2. Open the fsc-myhost.csr file and verify the contents are similar to the following:

-----BEGIN NEW CERTIFICATE REQUEST----- MIIBtjCCAR8CAQAwdjELMAkGA1UEBhMCbXkxEDAOBgNVBAgTB215c3RhdGUxDzANBgNVBAcTBm15 Y2l0eTESMBAGA1UEChMJbXljb21wYW55MRIwEAYDVQQLEwlteWNvbXBhbnkxHDAaBgNVBAmTE215 aG9zdC5teWRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ0h3iF8KBEN2UKw hw1dw+RlxGwcsptLA3EI+6rAKa32dg/4FY89zBcUG02413X0BxQWcsRznYWFDJHLK4En7I2xeJNs ORwJfBeF9yW6d4lzaWA6LATFr5T3DHafF6mSRNPl+739mpGuQr44AXBQWqZoOMhecc+n/ErekMlZ dgWTAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQCQJTqujL7GIXz0is0fUoAxtCydMiX1BeVHU+l/ IqcTh4BX8V3vJmm+kHwwKn3yeih+WJzYmDdNh/uaKxO7txyFdPPDd1bdIosFc4XIZwys0jFKwGqf MUjB9wgaKgHSRQTtCOPBEO/ClLjm8ocFNQBWysYVevAZQAmEMp90BxBt/Q== -----END NEW CERTIFICATE REQUEST-----

3. Submit the CSR file to the certificate signing authority and receive the signed certificate using the process defined by the signing authority.

4. Import the signed certificate into the FSC server by typing the following command and prompt replies in your FSC_HOME directory:

keytool -import -trustcacerts -key store key store—file -file FSC-myhost.cer -alias FSC-myhost Enter key store password: key store-password Enter key password for FSC-myhost-password

3-18 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

Update the FSC and FMS configuration 1. Configure the FSC key store by specifying the following properties in the fsc.$FSCID.properties file in your FSC_HOME directory: com.teamcenter.fms.servercache.key store.file=key store-file com.teamcenter.fms.servercache.key store.password=key store-password com.teamcenter.fms.servercache.key store.ssl.certificate.password=FSC-myhost-password

2. Configure the FMS master file for SSL through the following as required: • Update the existing HTTP connection

• Add an additional connection

• Assign clients to particular connections

3. Modify any of the following bootstrap configuration values to use the new scheme (or port) as required: • Any values in fcc.xml files

• The Fms_BootStrap_Urls preference

For an example one-way SSL FSC and FMS configuration, see Configuring Global Services for HTTPS.

Configure Global Services application as a trusted client This process depends on the application server you are using for your Global Services Web application. Similar process to the ones provided for WebSphere and WebLogic is required for the other supported application servers.

For WebSphere: 1. Log on to the Integrated Solutions Console and navigate to the Key stores and certificates section (Security→SSL certificate and key management→Key stores and certificates).

2. Select the key stores that you create for the Global Services Web application certificate and for the File Management System (FMS) certificate and click Exchange Signers.

3. Select the FMS key store and add it as a signer for the Global Services Web application.

For WebLogic: 1. Open a command shell and navigate to the Java Runtime Environment (JRE) for your WebLogic domain where you Global Services Web application is deployed.

2. Import the FMS certificate to the Java cacerts key store using the Java keytool -import utility.

PLM00015 J Web Application Deployment Guide 3-19 Chapter 3 Global Services Web application deployment

Install the Global Services signer certificate to Teamcenter rich client 1. Open a command shell and navigate to: TC_ROOT portal jre lib security

2. Import the certificate using the Java keytool -import utility, for example: keytool -import –alias myprivateroot –keystore ..\lib\security\cacerts –file c:\root.cer

3. Use the keytool utility to verify the security certificate was added to the portal key store, for example: keytool –list –keystore ..\lib\security\cacerts The rich client is configured as a trusted client. Try a transfer between sites using the rich client to verify the configuration.

Install the Global Services signer certificate to Teamcenter thin client You must import the certificate for the Global Services Web application into the internet browsers that you use to access your Teamcenter thin client. This process varies by browser and operating system. The following procedures are for the currently supported Firefox and Internet Explorer versions on Windows but can be used as a guide for other browsers and operating systems.

For Firefox: 1. Choose Tools→Options and click Advanced.

2. Click View Certificates and click the Your Certificates tab.

3. Click Import and navigate to the certificate file and click Open. Type the certificate’s pass phase when prompted and click OK.

For Internet Explorer: 1. Choose Tools→Internet Options and click the Content tab.

2. Click Certificates and click the Personal tab.

3. Click Import and follow the wizard instructions to install the certificate. Select the High Security option to prevent Internet Explorer from saving your pass phrase.

Configure the Teamcenter Enterprise Global Services end point variable 1. In the Teamcenter Enterprise Administration Editor choose GMS Configuration.

2. In the GMS Configuration pane, type the https URL for the Global Services application as the value for Teamcenter Global Services URL and click Finish.

Alternatively, you can edit the GS_END_POINT value in the config.cfg file.

3-20 Web Application Deployment Guide PLM00015 J Global Services Web application deployment

Note Secure Socket Layer (SSL) communication with Global Services is not supported in Teamcenter Enterprise 2005SR1 release.

Modify Teamcenter preferences for SSL

Note It is recommended that you configure Global Services for HTTP communications and verify it is functional before switching to SSL.

1. In the Organization application, select the node of the remote site definition from the Organization List tree.

2. Modify the value in the TcGS URL box to the HTTPS URL for the Global Services Web application and click Modify.

3. Select the node of the local site definition from the Organization List tree.

4. Modify the value in the TcGS URL box to the HTTPS URL for the Global Services Web application and click Modify.

5. Choose Edit→Options and click Search in the Options dialog box.

6. Search for TC_gms and modify the values for the following preferences as indicated:

Preference Value TC_gms_server HTTPS URL of your Global Services Web application. TC_gms_server_ca_file File name of the trusted CA certificates in PEM format.

Note You can omit setting the value for the TC_gms_server_ca_path preference if you include the full path the file in this preference. TC_gms_server_ca_path Path to the trusted CA certificates file. TC_gms_sso_enabled FALSE

Note SSO does not support HTTPS communications.

7. Locate the Web_protocol preference and change its value to https://.

PLM00015 J Web Application Deployment Guide 3-21

Appendix A Teamcenter client communication system and proxy server configuration

Teamcenter client communication system and proxy server configuration . . . . A-1

Reverse proxy servers ...... A-4

Enabling File Management System (FMS) URL path extensions ...... A-4

FMS server cache (FSC) SSL client credentials (two-way SSL) ...... A-4

File Management System (FMS), reverse proxy, and two-way SSL configuration details ...... A-5 Basic File Management System (FMS) configuration ...... A-5 Configuration element details ...... A-6 FCS configuration files ...... A-7 Configuration file content – bootstrap references ...... A-8 One-way SSL configuration ...... A-8 Configuration element details ...... A-9 FSC configuration files ...... A-9 Configuration file changes – bootstrap references ...... A-10 New configuration files – property and keystore files ...... A-10 Configuring two-way SSL between FMS server caches (FSCs) ...... A-11 Configuration element details ...... A-12 FSC configuration files ...... A-12 Configuration file changes – bootstrap references ...... A-13 Configuration file changes–property and keystore files ...... A-13

Configuring Kerberos authentication on the Web tier ...... A-15 Configure IIS reverse proxy for Security Services login service ...... A-15 Configure JBoss 5.10 ISAPI with IIS 7 for Security Services login service ...... A-17

PLM00015 J Web Application Deployment Guide

Appendix A Teamcenter client communication system and proxy server configuration

Teamcenter client communication system and proxy server configuration Note Teamcenter currently supports IBM WebSEAL and CA SiteMinder commercial single sign-on (SSO) products for reverse proxy servers. Security Services is required when using these reverse proxy servers. For more information, see Security Services Installation/Customization.

Teamcenter provides the Teamcenter client communication system (TCCS) application that contains the TcProxyClient component to support forward and reverse proxy servers. This component detects form-based and 401-based challenges from reserve proxy servers. It uses the criteria defined in the reverseproxy_config.xml file to identify form-based challenges from a reverse proxy and uses the Apache HTTP client library to detect 401-based challenges. If the reverseproxy_config.xml file is not available, the component uses default criteria defined for the type of reverse proxy server (only WebSEAL is supported if the configuration file does not exist). For information about TCCS configuration files, see the System Administration Guide. The following figure shows the TCCS architecture.

PLM00015 J Web Application Deployment Guide A-1 Appendix A Teamcenter client communication system and proxy server configuration

Teamcenter client communication system architecture The TcServerProxy (TSP) manages HTTP communications for Teamcenter server (tcserver) requests. It accepts client requests over secured pipes using a proprietary protocol and submits the requests over HTTP to the Web tier endpoint. You can use the tspstat utility to administer and obtain runtime statistics from the TcServerProxy component. The FMS client cache (FCC) runs within the TCCS container. The TCCS application is started when you start the FCC (startfcc command). The FCC accepts client requests over secure pipe connections and submits them to the appropriate FMS server cache (FSC) process. The FCC uses the TcProxyClient component and forward proxy configuration to support forward and reverse proxy servers. Hooks to the java.net package are used to integrate the forward proxy library and the Jakarta Commons HTTP state into the java.net processing. The Teamcenter model event manager (TcMEM) component manages event synchronization across SOA clients sharing the same Teamcenter server instance. For form-based challenges, the TcProxyClient component examines the response for content type. For a 200 response, if the content type is not text/html the component does no further processing. When the TcProxyClient component detects a challenge from a reverse proxy server, it passes the URL for the reverse proxy server to Teamcenter Security Services which returns a cookie corresponding to a valid session for

A-2 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

the reverse proxy. The cookie patterns for the proxy servers are defined in the tcsso_rp_cookienamepattern context parameter during the TCCS installation process as part of the Security Services configuration. The TcProxyClient component also supports one-way and two-way SSL using smart card client certificate or soft client-certificate authentication. Client-certificate authentication is more secure than any of the other supported forms of authentication. A client certificate can be either of the following: • A smart card containing a certificate that complies with the PKCS#11 standard. Smart-card authentication is an example of two-factor authentication (2FA). Two-factor authentication requires the presentation of something the user knows and something the user has.

Note Smart-card authentication is supported only for a 32-bit Java Runtime Environment (JRE). It is not supported for a 64-bit JRE.

• A file containing a certificate that complies with PKCS#12 standard. Commonly used file extensions are .p12, .pfx, and .jks. Teamcenter supports soft certificates for both 32- and 64-bit JREs.

Teamcenter client communication system (TCCS) supports client-certificate authentication for the rich client, Client for Office, Lifecycle Visualization, stand-alone Electronic Design Automation (EDA), Solid Edge, and NX applications. You can configure the server to display a notice and consent logon banner when a user connects to a Teamcenter client using smart card or soft certificate authentication. Teamcenter displays the notice defined by the banner.txt file in the login service WAR file. This file is located in the root folder of the Login Service WAR file. If the banner.txt file is empty or contains only whitespace characters, Teamcenter does not display the notice. The consent to log on dialog box provides a cancel button. If the user clicks Cancel, the connection to Teamcenter is prohibited. For more information, see the Security Services Installation/Customization guide and the Teamcenter server installation guides (for Windows and UNIX/Linux). The pattern is defined as a case-insensitive string that can contain wildcard characters (*) for matching one or more characters at their position in the string. The literal * character can be include by preceding it with the backslash (\) escape character. You can include a wildcard at the beginning or end of the string or both. The following examples are valid patterns: *string string* *string* stri\*ng You can also include a wildcard character within a string, for example: *coo*kie co*ok*ie For more information about cookies and TCCS, see Security Services Installation/Customization. For information about managing and configuring TCCS, see the System Administration Guide.

PLM00015 J Web Application Deployment Guide A-3 Appendix A Teamcenter client communication system and proxy server configuration

Reverse proxy servers Teamcenter client communication system (TCCS) supports form-based challenge from reverse proxy servers: • IBM WebSEAL

• CA SiteMinder

Enabling File Management System (FMS) URL path extensions FMS URL path extensions are always enabled. The configuration elements that require additional path information can include: • parentfsc address in the fcc.xml file. This value can be only entered from the fcc_only installer. No other FCC installer supports this; therefore, the fcc.xml file must be modified manually.

• fscmaster address in the fsc.xml file.

• multisite fsc addresses in the fmsmaster.xml file.

• Fms_BootStrap_Urls preference values. Note The /tc/fms/fmsenterpriseid path extension is not configurable. Reverse proxies must be configured to map to this path extension.

FMS server cache (FSC) SSL client credentials (two-way SSL) FMS SSL configuration is not fully supported by the installers. Additional steps are required to generate certificates and configure the FSC property and keystore files. Two-way SSL configuration can be enabled only after first successfully configuring for SSL. Caution The password specified for the com.teamcenter.fms.servercache.keystore.password property and the com.teamcenter.fms.servercache.keystore.ssl.certificate.password property must be identical. These properties are contained in the fsc.properties files.

Note The com.teamcenter.fms.allowuntrustedcertificates property cannot be used with two-way SSL. This property can only be used for trusting one-way SSL self-signed certificates.

Additional configuration steps for enabling two-way SSL The following additional steps are required to configure two-way SSL: 1. Modify the fmsmaster FSC address and/or the connection element to add the following value:

A-4 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

address=”https://fscmidzone.yourcompany.com:4544 options=”needclientauth”> or

2. Uncomment or add the following properties in the fsc.properties file to point to the existing keystore that was created to support the initial SSL configuration: javax.net.ssl.keyStore=${FMS_HOME}/keystore javax.net.ssl.keyStorePassword=keystorepassword javax.net.ssl.trustStore=${FMS_HOME}/keystore javax.net.ssl.trustStorePassword=keystorepassword

3. Add trusted certificates to the keystore that can validate the clients that are allowed to connect. Note The trusted certification from the CA, for example the thawte premium server CA certificate, is required in addition to the client certificate.

File Management System (FMS), reverse proxy, and two-way SSL configuration details This section describes how to configure an FMS system with the following characteristics: • All client traffic is directed to a reverse proxy server.

• All client traffic uses one-way SSL.

• Several logical and/or physical zones exist behind the reverse proxy. These are separated by firewalls.

• Reverse proxy sends traffic to an FMS Server Cache (FSC) located within the same zone (using one-way SSL).

• Another FSC in another zone hosts the real volumes.

• FSC-to-FSC communication across the zones requires two-way SSL.

Basic File Management System (FMS) configuration

This example describes the basic FMS server caches (FSCs), groups, and client maps. The target configuration consists of two FSCs behind a reverse proxy server. All clients are in front of the reverse proxy. There are three zones in this example: • Client zone All clients are on one side of the reverse proxy server. All communication is routed through the reverse proxy to the backend servers. The only resource the clients communicate with is the reverse proxy server.

PLM00015 J Web Application Deployment Guide A-5 Appendix A Teamcenter client communication system and proxy server configuration

• Middle zone The location of the reverse proxy, Web tier, first FSC, and LDAP.

• Resource zone The second FSC, volumes, and Oracle.

The following fmsmaster_FSC_fscmidzone_infodba.xml file is the master configuration file used in this example.

Configuration element details

Element Definition fscgroup Describes either a group of FSCs on a LAN or a network of FSCs that have defined entry and exit FSCs. This configuration is simple because there is only one real FSC in each group; therefore, declared entries and exits are not required. There are two defined fscgroups: midzone Represents the middle zone. reszone Represents the resource zone.

A-6 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

Element Definition FSC The FSC for each zone is defined within the groups and one FSC is defined to represent the reverse proxy server, as follows: FSC_fscmidzone_infodba The FSC in the middle tier acts as a cache and performs the role of an FSC configuration master. This means it serves the master configuration file. FSC_fscreszone_infodba The FSC in the resource tier mounts the volume and it is a configuration slave to the FSC_fscmidzone_infodba FSC. FSC_proxy_infodba This FSC represents the reverse proxy server. It is required so that the clientmap elements can point to the FSC (address) for assignment. Clients should be assigned to the reverse proxy address, not to any of the real FSC servers. clientmap Clients are to be mapped to a single FSC (WebSEAL or SiteMinder); therefore, only a single comprehensive clientmap that assigns all clients to the reverse proxy is required. There are no volumes in the assigned group; therefore, you do not have to turn off direct routing to prevent the FCC from attempting to reach FSCs hosting volumes directly within the group.

FCS configuration files The following configuration files are associated with the real FSCs: • FSC_fscmidzone_infodba The FSC that is the FMS configuration master.

o $FSC_HOME/fmsmaster_FSC_fscmidzone_infodba.xml Master FMS configuration file. For more information, see Configuration element details, earlier in this appendix.

o $FSC_HOME/FSC_fscmidzone_infodba.xml FSC configuration file that specifies the fscid and master/slave state.

• FSC_fscreszone_infodba o $FSC_HOME/fmsmaster_FSC_fscreszone_infodba.xml Local copy of the master FMS configuration file.

o $FSC_HOME/FSC_fscreszone_infodba.xml FSC configuration file that specifies the fscid and master/slave state.

PLM00015 J Web Application Deployment Guide A-7 Appendix A Teamcenter client communication system and proxy server configuration

Configuration file content – bootstrap references Bootstrap references must be changed to point to the reverse proxy (FSC) rather than to any of the real backend FSCs. You must also add the default URL context to all of the bootstrap references in the site context form: protocol://host[:port]/tc/fms/fmsenterpriseid $FMS_HOME/fcc.xml ......

$FSC_HOME/FSC_fscmidzone_infodba.xml ... ...

$FSC_HOME/FSC_fscreszone_infodba.xml This is the slave fsc.xml file that points to the master FSC. This is on the same side of the reverse proxy; therefore, a direct reference is used here.

... ...

Fms_BootStrap_Urls preference This value is used to bootstrap other FMS client integrations. The value must be appropriate for clients outside of the WebSEAL or SiteMinder reverse proxy; therefore, it points to the reverse proxy. For example, for a WebSEAL reverse proxy: http://webseal.yourcompany.com:80/tc/fms/471539747 For example, for a SiteMinder reverse proxy:

http://siteminder.yourcompany.com:80/tc/fms/471539747

One-way SSL configuration This section describes how to configure one-way SSL between the clients, the reverse proxy, and the FSC servers. Note This example uses purchased certificates.

The following fmsmaster_FSC_fscmidzone_infodba.xml file is the master configuration file used in this example.

Configuration element details

Element Definition FSC The addresses defined for the FSCs specify https. This causes the listener to be configured for SSL. The port on the FSC representing the reverse proxy is changed to use 443 rather than 80.

FSC configuration files The following configuration files are associated with the real FSCs: • FSC_fscmidzone_infodba Specifies the FMS configuration master.

o $FSC_HOME/fmsmaster_FSC_fscmidzone_infodba.xml The master FMS configuration file.

o $FSC_HOME/FSC_fscmidzone_infodba.xml FSC configuration file that specifies the fscid and master/slave state.

o $FSC_HOME/fsc.FSC_fscmidzone_infodba.properties Additional properties for this FSC used to configure the keystore.

o $FSC_HOME/keystore.FSC_fscmidzone_infodba.jks Keystore for this FSC.

• FSC_fscreszone_infodba Specifies the FMS configuration slave.

o $FSC_HOME/fmsmaster_FSC_fscreszone_infodba.xml Local copy of the master FMS configuration file.

o $FSC_HOME/FSC_fscreszone_infodba.xml FSC configuration file that specifies the fscid and master/slave state.

o $FSC_HOME/fsc.FSC_fscreszone_infodba.properties Additional properties for this FSC used to configure the keystore.

PLM00015 J Web Application Deployment Guide A-9 Appendix A Teamcenter client communication system and proxy server configuration

o $FSC_HOME/keystore.FSC_fscreszone_infodba.jks The keystore for this FSC.

Configuration file changes – bootstrap references Bootstrap references must be changed to use the new port on the reverse proxy (FSC) and to configure the keystores. $FMS_HOME/fcc.xml ... ...

Fms_BootStrap_Urls preference This value is used to bootstrap other FMS client integrations. The value must be appropriate for clients outside of the WebSEAL or SiteMinder reverse proxy; therefore, it points to the reverse proxy. For example, for WebSEAL: http://webseal.yourcompany.com:443/tc/fms/471539747 For example, for SiteMinder:

http://siteminder.yourcompany.com:443/tc/fms/471539747

New configuration files – property and keystore files Note Only use $FMS_HOME, not $FSC_HOME, in FMS configuration files. Always use UNIX-style path separators (/).

$FSC_HOME/fsc.FSC_fscmidzone_infodba.properties The property file used to configure the keystore.

# fsc.FSC_fscmidzone_infodba.properties com.teamcenter.fms.servercache.keystore.file=$

$FSC_HOME/keystore.FSC_fscmidzone_infodba The keystore for this FSC. The keystore must contain the private key and certificate for the local machine. fscmidzone> keytool -list -v -keystore keystore.FSC_fscmidzone_infodba.jks -storepass keystore.FSC_fscmidzone_infodba.password Keystore type: jks Keystore provider: SUN Your keystore contains 1 entries Alias name: fscmidzone.yourcompany.com Creation date: Jan 23, 2008 Entry type: keyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=fscmidzone.yourcompany.com, OU=QA, O=YOUR Corp, L=Plano, ST=Texas, C=US Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 485099dcc36d1ea9d773ba153022a951 Valid from: Thu Jan 10 16:44:38 CST 2008 until: Thu Mar 27 13:20:25 CDT 2008 Certificate fingerprints: MD5: 86:7E:16:59:99:E6:6F:B6:27:9B:92:19:E7:65:EB:A2 SHA1: 6A:D1:64:7A:0A:E1:CB:62:D3:EF:91:BF:E9:A0:CE:AF:A3:3D:E4:1E Certificate[2]:

A-10 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

Owner: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 1 Valid from: Wed Jul 31 19:00:00 CDT 1996 until: Thu Dec 31 17:59:59 CST 2020 Certificate fingerprints: MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A SHA1: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A ******************************************* *******************************************

$FSC_HOME/fsc.FSC_fscreszone_infodba.properties The property file used to configure the keystore.

# fsc.FSC_fscreszone_infodba.properties com.teamcenter.fms.servercache.keystore.file=$

$FSC_HOME/keystore.FSC_fscreszone_infodba The keystore for this FSC. The keystore must contain the private key and certificate for the local machine. fscreszone> keytool -list -v -keystore keystore.FSC_fscreszone_infodba.jks -storepass keystore.FSC_fscreszone_infodba.password Keystore type: jks Keystore provider: SUN Your keystore contains 1 entries Alias name: fscreszone.yourcompany.com Creation date: Jan 23, 2008 Entry type: keyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=fscreszone.yourcompany.com, OU=QA, O=YOUR Corp, L=Plano, ST=Texas, C=US Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 485099dcc36d1ea9d773ba153022a951 Valid from: Thu Jan 10 16:44:38 CST 2008 until: Thu Mar 27 13:20:25 CDT 2008 Certificate fingerprints: MD5: 86:7E:16:59:99:E6:6F:B6:27:9B:92:19:E7:65:EB:A2 SHA1: 6A:D1:64:7A:0A:E1:CB:62:D3:EF:91:BF:E9:A0:CE:AF:A3:3D:E4:1E Certificate[2]: Owner: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 1 Valid from: Wed Jul 31 19:00:00 CDT 1996 until: Thu Dec 31 17:59:59 CST 2020 Certificate fingerprints: MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A SHA1: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A ******************************************* *******************************************

Configuring two-way SSL between FMS server caches (FSCs) Building on the one-way SSL configuration example, this section describes how two-way SSL is configured exclusively for FSC to FSC traffic. The following fmsmaster_FSC_fscmidzone_infodba.xml file is the master configuration file used in this example.

PLM00015 J Web Application Deployment Guide A-11 Appendix A Teamcenter client communication system and proxy server configuration

address="https://fscmidzone.yourcompany.com:4545" options="needclientauth">

Configuration element details

Element Definition FSC The FSC elements specify options=”needclientauth”. This causes the default connection to require a two-way SSL handshake. The default connection is defined in the address attribute of the fsc element. In this example, the port number is changed to 4545. connection A new connection element is added (using the original SSL port number 4544) to the FSC_fscmidzone_infodba FSC to continue to support the one-way SSL connection that reverse proxy is configured to use. clientmap There is an additional clientmap element to map clients that are already inside the midzone to the one-way SSL connection of the midzone FSC. (The Teamcenter Engineering Data Integration Services Adapter is one such client.)

FSC configuration files The following configuration files are associated with the real FSCs: • FSC_fscmidzone_infodba Specifies the FMS configuration master.

o $FSC_HOME/fmsmaster_FSC_fscmidzone_infodba.xml Master FMS configuration file.

o $FSC_HOME/FSC_fscmidzone_infodba.xml

A-12 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

FSC configuration file that specifies the fscid and master/slave state.

o $FSC_HOME/fsc.FSC_fscmidzone_infodba.properties Additional properties for this FSC used to configure the keystore.

o $FSC_HOME/keystore.FSC_fscmidzone_infodba.jks The keystore for this FSC.

• FSC_fscreszone_infodba Specifies the FMS configuration slave.

o $FSC_HOME/fmsmaster_FSC_fscreszone_infodba.xml Local copy of the master FMS configuration file.

o $FSC_HOME/FSC_fscreszone_infodba.xml FSC configuration file that specifies the fscid and master/slave state.

o $FSC_HOME/fsc.FSC_fscreszone_infodba.properties Additional properties for this FSC used to configure the keystore.

o $FSC_HOME/keystore.FSC_fscreszone_infodba.jks The keystore for this FSC.

Configuration file changes – bootstrap references None of the bootstrap references change; they continue to point to the reverse proxy HTTPS address.

Configuration file changes–property and keystore files Note Only use $FMS_HOME, not $FSC_HOME in FMS configuration files. Always use UNIX-style path separators (/).

$FSC_HOME/fsc.FSC_fscmidzone_infodba.properties Property file used to configure the keystore.

# fsc.FSC_fscmidzone_infodba.properties com.teamcenter.fms.servercache.keystore.file=${FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks com.teamcenter.fms.servercache.keystore.password=keystore.FSC_fscmidzone_infodba.password com.teamcenter.fms.servercache.keystore.ssl.certificate.password=keystore.FSC_fscmidzone_infodba.password # these are not needed for 1-way SSL javax.net.ssl.keyStore=${FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks javax.net.ssl.keyStorePassword=keystore.FSC_fscmidzone_infodba.password javax.net.ssl.trustStore=${FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks javax.net.ssl.trustStorePassword=keystore.FSC_fscmidzone_infodba.password

$FSC_HOME/keystore.FSC_fscmidzone_infodba The keystore for this FSC. The keystore just contain the private key and certificate for the local machine and it must also contain the trusted (CA) certificate for any clients you want to accept. Note You can optionally import individual certificates for each client rather than importing the signer certificate.

PLM00015 J Web Application Deployment Guide A-13 Appendix A Teamcenter client communication system and proxy server configuration

fscmidzone> keytool -list -v -keystore keystore.FSC_fscmidzone_infodba.jks -storepass keystore.FSC_fscmidzone_infodba.password Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: fscmidzone.yourcompany.com Creation date: Jan 23, 2008 Entry type: keyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=fscmidzone.yourcompany.com, OU=QA, O=YOUR Corp, L=Plano, ST=Texas, C=US Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 485099dcc36d1ea9d773ba153022a951 Valid from: Thu Jan 10 16:44:38 CST 2008 until: Thu Mar 27 13:20:25 CDT 2008 Certificate fingerprints: MD5: 86:7E:16:59:99:E6:6F:B6:27:9B:92:19:E7:65:EB:A2 SHA1: 6A:D1:64:7A:0A:E1:CB:62:D3:EF:91:BF:E9:A0:CE:AF:A3:3D:E4:1E Certificate[2]: Owner: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 1 Valid from: Wed Jul 31 19:00:00 CDT 1996 until: Thu Dec 31 17:59:59 CST 2020 Certificate fingerprints: MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A SHA1: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A ******************************************* ******************************************* Alias name: thawte premium server ca Creation date: Feb 20, 2008 Entry type: trustedCertEntry Owner: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 1 Valid from: Wed Jul 31 19:00:00 CDT 1996 until: Thu Dec 31 17:59:59 CST 2020 Certificate fingerprints: MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A SHA1: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A ******************************************* *******************************************

$FSC_HOME/fsc.FSC_fscreszone_infodba.properties The property file used to configure the keystore.

# fsc.FSC_fscreszone_infodba.properties com.teamcenter.fms.servercache.keystore.file=${FMS_HOME}/keystore.FSC_fscreszone_infodba.jks com.teamcenter.fms.servercache.keystore.password=keystore.FSC_fscreszone_infodba.password com.teamcenter.fms.servercache.keystore.ssl.certificate.password=keystore.FSC_fscreszone_infodba.password # these are not needed for 1-way SSL javax.net.ssl.keyStore=${FMS_HOME}/keystore.FSC_fscreszone_infodba.jks javax.net.ssl.keyStorePassword=keystore.FSC_fscreszone_infodba.password javax.net.ssl.trustStore=${FMS_HOME}/keystore.FSC_fscreszone_infodba.jks javax.net.ssl.trustStorePassword=keystore.FSC_fscreszone_infodba.password

$FSC_HOME/keystore.FSC_fscreszone_infodba The keystore for this FSC. The keystore must contain the private key and certificate for the local machine, and it must also contain the trusted (CA) certificate for any clients you want to accept.

Note You can optionally import individual certificates for each client rather than importing the signer certificate.

A-14 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

fscreszone> keytool -list -v -keystore keystore.FSC_fscreszone_infodba.jks -storepass keystore.FSC_fscreszone_infodba.password Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: fscreszone.yourcompany.com Creation date: Jan 23, 2008 Entry type: keyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=fscreszone.yourcompany.com, OU=QA, O=YOUR Corp, L=Plano, ST=Texas, C=US Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 485099dcc36d1ea9d773ba153022a951 Valid from: Thu Jan 10 16:44:38 CST 2008 until: Thu Mar 27 13:20:25 CDT 2008 Certificate fingerprints: MD5: 86:7E:16:59:99:E6:6F:B6:27:9B:92:19:E7:65:EB:A2 SHA1: 6A:D1:64:7A:0A:E1:CB:62:D3:EF:91:BF:E9:A0:CE:AF:A3:3D:E4:1E Certificate[2]: Owner: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 1 Valid from: Wed Jul 31 19:00:00 CDT 1996 until: Thu Dec 31 17:59:59 CST 2020 Certificate fingerprints: MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A SHA1: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A ******************************************* ******************************************* Alias name: thawte premium server ca Creation date: Feb 20, 2008 Entry type: trustedCertEntry Owner: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 1 Valid from: Wed Jul 31 19:00:00 CDT 1996 until: Thu Dec 31 17:59:59 CST 2020 Certificate fingerprints: MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A SHA1: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A ******************************************* *******************************************

Configuring Kerberos authentication on the Web tier You must configure Microsoft Internet Information Services (IIS) and the application server that you are using to enable Kerberos authentications.

Configure IIS reverse proxy for Security Services login service

You must have Microsoft Internet Information Services (IIS) installed (IIS 7 for Windows Server 2008 or IIS 7.5 for Windows Server 2008 R2). 1. Copy the iisproxy.dll and iisforward.dll files available in the WebLogic_Home\Server\plugin\win\32 or WLSHOME\Server\plugin\win\x64 directory to the directory that you want as your home folder for your IIS Web site. This can be any directory accessible to IIS.

Note Ensure that you copy the DLL file from the 32 directory for 32-bit operating systems or the x64 directory for 64-bit operating systems. These are not interchangeable and cause errors if you copy the wrong DLL file.

2. To open the IIS Manager, choose Start→Administrative Tools→Internet Information Services (IIS) Manager.

PLM00015 J Web Application Deployment Guide A-15 Appendix A Teamcenter client communication system and proxy server configuration

3. In the navigation tree, expand your host name entry until you see Sites.

4. Create a new Web site with the home folder set to the directory that contains the DLLs you copied in step 1: a. Right-click Sites and choose Add a Web Site.

b. In the Add Web Site dialog box, type a name for your new Web site in the Site Name box, for example IIS7_WebLogic103, and click the browse button ( ) next to the Physical path box.

c. In the Browse for Folder dialog box, browse to the directory that contains the iisproxy.dll and iisforward.dll files and click OK.

d. In the Port box, type a unique port number (for example, 8088) and click OK.

5. Configure the Web site application pool: a. In the navigation tree, click Application Pools.

b. Under Application Pools, right-click your Web site name and choose Advanced Settings.

c. In the Advanced Settings dialog box, select True for Enable 32-Bit Applications.

6. Configure the Web site authentication: a. In the navigation tree, select your Web site name and double-click Authentication under the IIS section.

b. In the Authentication pane, select Disabled for Anonymous Authentication.

c. Select Enabled for Windows Authentication. This is the 401 negotiate setting.

d. Under Actions in the right pane, click Providers and ensure Negotiate and NTLM are in the Enabled Providers box. If they are not, select them from the Available Providers list and click Add.

Note This configures IIS to attempt to authenticate using Kerberos and fall back to NTLM if Kerberos authentication is unsuccessful. Do not select Negotiate:Kerberos as this prevents fall back NTLM authentication.

e. Under Actions in the right pane, click Advanced Settings and ensure Enable Kernel-mode authentication is selected.

7. Configure the Web site ISAPI filters: a. In the navigation tree, click your Web site name and double-click ISAPI Filters in the IIS section.

b. In the right pane, click Add under Actions.

A-16 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

c. In the Add ISAPI Filter dialog box, type IISForward in the Filter name box, browse to the iisforward.dll file in the Executable box, and click OK.

8. Configure a handler mapping: a. In the navigation tree, click your Web site name and double-click Handler Mappings in the IIS section.

b. In the right pane, click Add Script Map under Actions.

c. In the Add a Script Map dialog box, type *.wlforward in the Request path box, browse to the iisproxy.dll file in the Executable box type IISProxy in the Name box, and click OK.

9. Create an iisproxy.ini file in the directory that contains the DLLs. This file must contain the following information. WebLogicHost= WebLogicPort= WlForwardPath=/examplesWebApp Debug=ALL DebugConfigInfo=ON

The WebLogicHost value is the host for the Security Services Login Service application. The WebLogicPort value is the port for the Security Services Login Service application. The WlForwardPath value is the name of the Security Services Login Service Web application. The debug values are optional and are set for debugging purposes. The default log file for debug messages is C:\TEMP\wlproxy.log. For more information about the contents of the iisproxy.ini file, see the WebLogic documentation: http://docs.oracle.com/cd/E14571_01/web.1111/e14395/isapi.htm

10. In the right pane, click Restart under Manage Web Site.

Configure JBoss 5.10 ISAPI with IIS 7 for Security Services login service You must install the Tomcat ISAPI Redirector version 1.2.31 or later and configure the Windows registry for the redirector. You must also create the workers.properties and uriworkermap.properties files for the redirector. For additional information about the settings in these files, see the Tomcat documentation. 1. Create a directory where you want to install the Tomcat ISAPI Redirector on the Windows Server 2008, for example: D:\jboss_iis

2. Create the a directory structure on the Windows Server 2008 host for the new Web site: jboss_iis This is the top level Web site directory. Its name can be anything but it is recommended that you use an easily identified name such as jboss_iis.

PLM00015 J Web Application Deployment Guide A-17 Appendix A Teamcenter client communication system and proxy server configuration

\bin This is the ISAPI redirector install directory. It contains the redirector dll file and its registry file.

\conf Contains the ISAPI redirector configuration files.

\log Contains the ISAPI redirector log files.

\wwwroot This is the physical location of the Web site.

3. Download the ISAPI Redirector from the Apache Tomcat Web site and save it in the ISAPI redirector install (bin) directory. Note • Download the latest version of the 32-bit redirector (isapi_redirector-version.dll) file, not the 64-bit redirector.

• Only the isapi_redirector .dll file is required.

Rename the downloaded file to isapi_redirect.dll.

4. Configure Windows registry settings on the Windows Server 2008 host. a. In the ISAPI redirector install bin directory, create a file with a .reg extension. The name of this file is discretionary (isapi_redirector.reg is recommended).

b. Create an isapi_redirect.reg windows registry file with the following contents: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\ Jakarta Isapi Redirector\1.0] "extension_uri"="/jakarta/isapi_redirect.dll" "log_file"="d:\\jboss_iis\\log\\jk_iis.log" "log_level"="debug" "worker_file"="d:\\jboss_iis\\conf\\workers.properties" "worker_mount_file"="d:\\jboss_iis\\conf\\uriworkermap.properties" ”uri_select”=”unparsed” It is recommended that you use debug for the log_level entry when you initially configure the redirector to get all messages. You can change this after you have tested your installation and determined that it is working properly. The following table provides a brief description of these entries:

Name Description extension_uri Represents the IIS virtual directory including the ISAPI Redirector file. log_file Defines the name and location of the ISAPI Redirector log file. log_level Defines the level of debug messages written to the ISAPI Redirector log file. Valid values are debug, info, error, and emerg.

A-18 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

Name Description worker_file Defines the location of the ISAPI redirector worker.properties file. You create this file later. worker_mount_file Defines the location of the ISAPI redirector uriworkermap.properties file. You create this file later. uri_select Determines how the forwarded URI is handled. Unparsed indicates the original request URI is forwarded. Siemens PLM Software recommends this option. Rewriting the URI and forwarding the rewritten URI does not work correctly.

c. In the ISAPI Redirector installation directory, right-click the isapi_redirector.reg file and choose Merge.

d. After receiving a confirmation message from Windows, check the ISAPI Redirector settings using the Microsoft Registry Editor program (regedit.exe) to ensure the registry settings are correct. For information about using the Microsoft Registry Editor, see the Microsoft Windows online help.

5. Create a text file with contents similar to the following: # Define node1 (one node required for H_SE) worker.list=node1 worker.node1.port=8009 worker.node1.host=host-name1 worker.node1.type=ajp13

The default port is 8009. If you could not use the default value and you changed the AJP port number in JBoss configuration when you configured the Tomcat ISAPI Redirector, use that value. The port is set (and can be modified) in the JBoss_home\server\default\deply\jbossweb.sar\server.xml file. The host-name value is the host where you run JBoss.

6. Add or modify the following Connector element attributes to the AJP 1.3 connector configuration (JBoss_home\server\default\deply\jbossweb.sar\server.xml) file: IIS forwards requests to JBoss using the AJP 1.3 protocol on this port, this must be set to allow access to the remote user name (getRemoteUser method).

7. Save the file as workers.properties in the conf directory. This must match the path you defined for it in the registry file.

8. Create a text file with contents similar to the following: # Send all /tc requests to node1 /tc/*=node1

PLM00015 J Web Application Deployment Guide A-19 Appendix A Teamcenter client communication system and proxy server configuration

Replace tc with the name of your Teamcenter Security Services Login Service Web application. This configures the redirector to forward all requests with the /tc/* signature to node1.

9. Save the file as uriworkermap.properties. Save this file in the conf directory.

10. To open the IIS Manager, choose Start→Administrative Tools→Internet Information Services (IIS) Manager.

11. In the navigation tree, expand your host name entry until you see Sites.

12. Create a new Web site with the home folder set to the directory you created in step 1: a. Right-click Sites and choose Add a Web Site.

b. In the Add Web Site dialog box, type a name for you new Web site in the Site Name box, for example jboss-iis.

c. Click the browse button next to the Physical path box.

d. In the Browse for Folder dialog box, browse to the wwwroot directory you created in step 1 and click OK.

e. In the Port box, type a unique port number (for example, 8128) and click OK.

13. Configure the Web site authentication: a. In the navigation tree, select your Web site name and double-click Authentication under the IIS section.

b. In the Authentication pane, select Disabled for Anonymous Authentication.

c. Select Enabled for Windows Authentication. This is the 401 negotiate setting.

d. Under Actions in the right pane, click Providers and ensure Negotiate and NTLM are in the Enabled Providers box. If they are not, select them from the Available Providers list and click Add. Note This configures IIS to attempt to authenticate using Kerberos and fall back to NTLM if Kerberos authentication is unsuccessful.

e. Under Actions in the right pane, click Advanced Settings and ensure Enable Kernel-mode authentication is selected.

14. Configure the Web site ISAPI filters: a. In the navigation tree, click your Web site name and double-click ISAPI Filters in the IIS section.

b. In the right pane, click Add under Actions.

c. In the Add ISAPI Filter dialog box, type jkfilter in the Filter name box, browse to the isapi_redirect.dll file in the Executable box, and click OK.

A-20 Web Application Deployment Guide PLM00015 J Teamcenter client communication system and proxy server configuration

15. Create a virtual directory for your Web site: a. In the navigation tree, right-click your Web site name and choose Add Virtual Directory.

b. In the Add Virtual Directory dialog box, type jakarta in the Alias box.

Note The alias value can be anything but it must match the first value in the extension_uri entry in the isapi_redirect_reg file.

c. Browse to the d:\jboss_iis\bin directory in the Physical path box and click OK.

16. Configure a handler mapping: a. In the navigation tree, click your Web site name and double-click Handler Mappings in the IIS section.

b. In the right pane, double-click ISAPI-dll under Actions.

c. In the Edit Module Mapping dialog box, type * in the Request path box (remove any existing entry) and browse to the isapi_redirector.dll file in the Executable box.

d. Click Request Restrictions and click the Verbs tab in the Request Restriction dialog box and ensure the All verbs option is selected.

e. Click the Access tab, ensure the Execute option is selected, and click OK.

17. If your redirector is a 32-bit dll, enable 32-bit applications: a. In the navigation pane, select Application Pools.

b. Select your Web site name and click Advanced Settings under Edit Application Pool in the right pane.

c. In the Advanced Settings dialog box, select True for Enable 32-Bit Applications.

18. In the right pane, click Restart under Manage Web Site.

PLM00015 J Web Application Deployment Guide A-21

Appendix B Troubleshooting four-tier architecture deployment

PLM00015 J Web Application Deployment Guide

Appendix B Troubleshooting four-tier architecture deployment

Identify the problem you encountered in your four-tier rich client architecture and perform the solution described.

Problem Solution Web tier application fails during When a host has multiple IP addresses, the JGroups software initialization with an error and JDK software arbitrarily choose one of them to use as containing the following: the address to bind to for a server connection port. In some situations, as when using a Windows Network Load Balancer, Error during login. not all local IP addresses are accessible to other hosts on the com.teamcenter.presentation. network. If the chosen IP address is not accessible, other webclient.actions com. cluster peers are not able to open sockets to that port. teamcenter.jeti.util. JetiResourceConfiguration To avoid this error, specify a particular bind address using the Exception: TreeCache bind.address Java system property, for example: initialization failed Dbind.address=123.456.78.91 Java arguments can be specified in different ways on different application servers. For example, for a WebLogic managed server, use the WebLogic console server/Configuration/Server Start/Arguments field. For more information, consult the application server’s documentation. Error indicating no server pool Either the server manager is not started or TreeCache communication is not occurring. Ensure that you correctly coordinated the server manager and Web tier TreeCache configuration settings. For information about coordinating these settings, see the appropriate server installation guide (for Windows or UNIX/Linux). If you are using TCP communication, look for the GMS address during both application server startup and server manager startup. The GMS address indicates the service port obtained. It should be within the range of ports pinged by TreeCache peers.

PLM00015 J Web Application Deployment Guide B-1 Appendix B Troubleshooting four-tier architecture deployment

Problem Solution Delays in opening a connection The Web tier may be attempting a connection to the from the Web tier to a Teamcenter Teamcenter server on an IP address that is unavailable. server If the SERVER_HOST parameter is not specified in the server manager configuration, the Teamcenter server writes all IP addresses found in the host’s network configuration to its CORBA interoperable object reference (IOR). If the host has multiple addresses and the primary address is not reachable, the Teamcenter Web tier logs the following warning: The connection to the pool with ID pool—ID is not available. Primary Address Host is IP-address and the Primary Address Port is port; In addition to the Primary Address, additional address(es) were found. Please ensure that the Primary Address used is the right one. This address can be changed by configuring the SERVER_HOST parameter. Inspect the Web tier log file for status messages reported during server manager startup. If the server manager log contains a message similar to this, set the SERVER_HOST parameter in the serverPool.properties file to the correct IP address for the host. Warnings of discarded messages These warnings indicate that you have two clusters on the same port (multicast) or set of ports (TCP). Your environment is working because you used different names for each cluster, but this is not an optimal environment for performance. Siemens PLM Software recommends configuring a different port or set of ports for each environment. Error messages about the server These messages indicate that the pool ID is in use by another manager pool ID server manager in the TreeCache cluster. Either place the server managers in different clusters or configure a distinct pool ID. Occasionally, TreeCache instances fail to accept connections and report handleJoin errors. Typically this error disappears if you restart one or more cluster members. handleJoin errors occur at To get additional information, increase the logging level for startup the tree cache and jgroups classes for both the application server and server manager: 1. Copy the log4j.xml file in the server manager run-time directory (TC_ROOT\pool_manager) to the application server instance startup directory. By default, the server manager run-time directory includes a log4j.xml file, but it logs only the warning level information. The default configuration sends log output to the console and the following files: TC_ROOT\pool_manager\logs\ServerManager\ process\serverManager.log APPSERVER_ROOTlogs\WebTier\processWebTier.log

B-2 Web Application Deployment Guide PLM00015 J Troubleshooting four-tier architecture deployment

Problem Solution

2. Edit log4j.xml so that more information is logged at run time. For example, to increase the log4j output for the JBossCache and jgroup classes to the INFO level, edit the file:

The JMX HTTP adaptor allows you to view the status of the server pool and dynamically change the pool configuration values (the values are not persistent). Access this functionality from the following URL: http://host-name:jmx-port Replace host-name with the name of the host running the server manager. Replace jmx-port with the number of the port running the JMX HTTP adaptor. This port number is defined on the JMX HTTP Adaptor Port parameter when you install the server manager. Configuration is correct, but Determine from logs whether users are frequently losing a run-time errors occur server due to the server timing out and are then having a new server assigned. Server startup can consume a great amount of CPU. Consider increasing timeout values and/or the pool size. Either the server manager Check the internet protocol configuration on the server fails to start when employing manager host and the Web tier host and ensure that they multicast TreeCache mode or match. Some application servers configure the Java virtual the following error message is machine (JVM) to prefer the IPv4 stack. This is the case received: with recent versions of JBoss. Therefore, you must alter the Exception in thread "main" preferIPv4Stack Java property on the server manage host java.net.SocketException: to match the Web tier configuration. Can’t assign requested address. By default, Java prefers to use Internet Protocol Version 6 (IPv6) addresses. Incomplete IPv6 configuration can cause Java socket exceptions that prevent the server manager from starting. For example, an IBM AIX server might be configured to have an IPv6 loopback address ::1 but no IPv6 ethernet address. Detect this problem on AIX with the command: netstat –ni

PLM00015 J Web Application Deployment Guide B-3 Appendix B Troubleshooting four-tier architecture deployment

Problem Solution

If this is the case, either complete the IPv6 upgrade configuration as documented in the IBM System Management Guide or uncomment the following line in the mgrstart script: #JVM_ARGS="${JVM_ARGS} -Djava.net.preferIPv4Stack=true" This line adds the –Djava.net.preferIPv4Stack=true Java option, instructing the JVM to use IPv4 addresses for the server manager.

Note If the Web application server is running on the same host as the server manager, add this Java option to the Web application startup script also.

On a machine with multiple IP addresses, it may be necessary to configure the address used by the TreeCache. This address can be added to the TreeCacheTCP.xml file (for TCP mode) or the TreeCacheMcast.xml file (for Mcast mode). In the server manager, this file can be found in the TC_ROOT/pool_manager directory. In the J2EE application it can be found in the file JETIServerAccessor.jar in the staging area of the Web Application Manager. For Mcast mode, locate the UDP configuration line and add bind_addr=desired-address. For TCP mode, locate the TCP configuration line and add bind_addr=desired-address. Out-of-memory messages from Review and adjust as necessary the settings for the following Web application server running kernel parameters: on HP-UX platform max_thread_proc maxfiles maxusers Particularly, the default max_thread_proc value of 64 is not sufficient for running the Web application server. The optimum values depend on the traffic level and machine capabilities. TreeCache connection failure Terminating a server manager instance by sending it a signal after restarting or redeploying does not clean up the TreeCache data stored in other four-tier components regarding the terminated pool. When this server manager is restarted, it cleans up this information. However, termination of a server manager in this way sometimes leaves the TreeCache communication mechanisms in a corrupted state and the server manager is not able to rejoin the TreeCache cluster. The problem can be resolved by stopping all four-tier components (the application servers and server managers) in the TreeCache cluster and then restarting them all. This problem can usually be avoided by shutting the server manager down cleanly through the server manager Administrative Interface. For information about using the server manager administrative interface, see the System Administration Guide.

B-4 Web Application Deployment Guide PLM00015 J Troubleshooting four-tier architecture deployment

Problem Solution

A similar problem can occur after the Teamcenter Web tier application is redeployed on the application server without stopping and restarting the application server. In this case, an extra TreeCache instance from the earlier deployment might still be running in the application server and this can interfere with proper functioning of the TreeCache. This can usually be resolved by stopping and restarting the application server. Due to a Java run-time issue on Linux, these problems are more likely if the four-tier component is run with the nohup command on Linux and the process is terminated by sending it a signal. TreeCache initialization fails The following error messages in the log files indicate that the when starting the server TreeCache port is already in use: manager or Web tier application FATAL - None - 2007/07/27-16:11:13,244 UTC - host- TreeCache initialization failed: com.teamcenter.jeti.serverassigner.ServerAssigner org.jgroups.ChannelException: failed to start protocol stack Caused by: java.lang.Exception: exception caused by TCP.start(): java.net.BindException: No available port to bind to

This error indicates that the TreeCache local service port you have configured is already in use either by another TreeCache instance or by some other process. To resolve this problem, choose a different port and restart/redeploy the reconfigured server manager or Web tier application. CFI_error displays when running When you run AIE Export in batch mode, Teamcenter displays AIE export in batch mode a CFI error. This error occurs because jt.exe (Microsoft Task Scheduler) file is missing from the %WINDOWS% directory. To resolve this problem, perform the following steps: 1. Download the jt.zip utility from the following Web site: ftp://ftp.microsoft.com/reskit/win2000

2. Expand the jt.exe file from the jt.zip file and copy it to your TC_ROOT\bin directory. Server manager is not If your server manager is joining a existing TreeCache used/recognized by the Web cluster, the TreeCache Peers parameter for the server tier application when the manager must contain the host name and port number of manager is restarted without a Web application server running the Web tier application restarting the Web tier or the host/port pair of a server manager that has the Web application server configured as a peer. In a simple environment with one manager and one Web tier instance, you should configure the server manager to have the Web tier instance as a peer and the Web tier application must contain the server manager host and local service port in the TreeCache Peers context parameter. This allows you to start the server manager or the application server independently. For information about installing the server manager, see the Installation on Windows Servers Guide. For information about

PLM00015 J Web Application Deployment Guide B-5 Appendix B Troubleshooting four-tier architecture deployment

Problem Solution starting and managing the server manager, see the System Administration Guide. For information about Web application context parameters, see the Installation on Windows Servers Guide. A server manager crash occurs An error message, similar to the following, appears in the with an error in the Java output Java output and is identified in the hs_err_* file as an error that indicates the JVM detected in a compiler thread. an unexpected error # # An unexpected error has been detected by HotSpot Virtual Machine: # # SIGSEGV (11) at pc=ab2727b4, pid=183, tid=9 # # Java VM: Java HotSpot(TM) Server VM (1.5.0.03 jinteg:02.13.06-15: # 51 PA2.0 (aCC_AP) mixed mode) # Problematic frame: # V [libjvm.sl+0xa727b4] # # An error report file with more information is saved as # hs_err_pid183.log # # Please report this error to HP customer support. # ./run.sh[175]: 183 Abort(coredump) Excerpt from the hs_err_* file: # # An unexpected error has been detected by HotSpot Virtual Machine: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6da225d6, pid=1272, # tid=3168 # # Java VM: Java HotSpot(TM) Server VM (1.5.0_05-b05 mixed mode) # Problematic frame: # V [jvm.dll+0x1e25d6] # ------T H R E A D ------Current thread (0x26a0adb0): JavaThread "CompilerThread1" daemon [ _thread_in_native, id=3168] . . . Current CompileTask: opto:1020 s! org.jacorb.orb.Delegate.request(Lorg/omg/CORBA/Object; Ljava/lang/String;Z)Lorg/omg/CORBA/portable/OutputStream; (266 bytes) This is due to a known Java defect affecting the JVM. It may occur when there are enough calls to the server to cause the JRE to dynamically compile the relevant CORBA method. Sun recommends the following workarounds: • Add the JVM parameter –XX:-EliminateLocks. (Some versions of Java do not support this parameter.)

• Use the .hotspot_compiler file to disable the compilation of the jacorb Delegate.request() method. See the documentation for your Java version to determine the proper location and contents of this file.

• Move to a later JVM.

B-6 Web Application Deployment Guide PLM00015 J Troubleshooting four-tier architecture deployment

Problem Solution During a server manager On some platforms or machines, the jgroups code used startup or J2EE Web application by TreeCache in the Teamcenter server manager or the deployment the following error Teamcenter J2EE application may fail to initialize when message is received when using using mcast mode. This may be caused by using IPv6. This multicast mode: is to known to occur when using a Linux host but may also java.net.BindException: occur in other configurations. Can’t assign requested address The following is a typical exception message with this error: ERROR - 2007/07/29-00:55:20,866 UTC - cili6008 - Error initializing JBoss Cache com.teamcenter.jeti.serversubpoolmanager. ServerPoolManager org.jgroups.ChannelException: failed to start protocol stack at org.jgroups.JChannel.connect(JChannel.java:393) at org.jboss.cache.TreeCache.startService(TreeCache.java: 1249) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(Service MBeanSupport.java:274) at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport. java:181) at com.teamcenter.jeti.SharedStore.init(SharedStore.java:144) at com.teamcenter.jeti.serversubpoolmanager.ServerPoolManager.init Cache(ServerPool Manager.java:2092) at com.teamcenter.jeti.serversubpoolmanager.ServerPoolManager.fini shInit(ServerPoolManager.java:449) at com.teamcenter.jeti.serversubpoolmanager.ServerManager.main(Ser verManager.java:1480) Caused by: java.lang.Exception: exception caused by UDP.start(): java.net.BindException: Cannot assign requested address at org.jgroups.stack.Protocol.handleSpecialDownEvent(Protocol.java :600) at org.jgroups.stack.DownHandler.run(Protocol.java:117) If this occurs during server manager startup, uncomment the last line in the following block of the mgrstart script file, and restart the server manager. # Uncomment this line to tell Java to prefer IPv4 addresses. # This can fix socket errors on systems that do not have a fully # functional IPv6 configuration. A similar change may be needed # in the startup script for a J2EE application server. #JVM_ARGS="${JVM_ARGS} -Djava.net.preferIPv4Stack=true" If this error occurs during J2EE application deployment, consult your application server vendor’s documentation for the proper JVM arguments settings. Another possible solution is to use TCP mode instead of mcast mode for both the Teamcenter server manager and J2EE application. A CORBA COMM_FAILURE This error usually indicates one of the following: error is reported in the Web tier 1. The Teamcenter server has terminated while processing a request.

2. The Teamcenter server encountered a serious error (for example, failed memory allocation) while attempting to process a request.

The message generally does not indicate a problem in the Web tier itself. Teamcenter server syslog files may contain information useful in diagnosing the root cause of Teamcenter server failures.

PLM00015 J Web Application Deployment Guide B-7 Appendix B Troubleshooting four-tier architecture deployment

Problem Solution After publishing an item to A Teamcenter Web application deployed on a Sun Java System an ODS, the Sun Java System Application Server can become unresponsive. This can occur Application Server becomes especially when: unresponsive. • You publish and item to the default ODS site that is also the site publishing the item.

• You attempt to view the published item’s details in the home folder.

To correct this problem, ensure that you have set the Thread Count and Initial Thread Count to at least the minimum values required (25 and 15 respectively) and restart the application server.

Note Depending on Teamcenter Web tier activity, you may have to set these values higher than the minimum to get the best performance. Client-side Java session cookies Multiple applications deployed in the same WebLogic domain are overwritten by Web tier can cause client session cookies to overwrite each other. To applications deployed in the avoid this, deploy your Teamcenter Web application in a same domain on a WebLogic domain by itself or ensure each application has a separate application server. cookie path. To set your Web application session cookie path: 1. Navigate to the WEB-ROOT/staging-directory/webapp_root/WEB-INF directory for the application.

Note WEB_ROOT is the location where you installed the Web Application Manager (insweb), and staging-directory is the directory where the specific Web application was generated. For information about building J2EE Web applications with the Web Application Manager, see the Teamcenter server installation guide (for Windows or UNIX/Linux).

2. Open the weblogic.xml file and add the following elements: CookiePath /deployable-name Replace deployable-name with the deployable file name set in the Web Application Manager, for example, tc.

3. Launch the Web Application Manager (insweb).

4. Select the Web application name and click Modify.

B-8 Web Application Deployment Guide PLM00015 J Troubleshooting four-tier architecture deployment

Problem Solution

5. In the Modify Web Application dialog box, click Generate Deployable File.

6. In the Generate Deployable File dialog box, click OK. The Web Application Manager displays the status of the installation in the Progress dialog box. When the installation is complete, click OK to close the Progress dialog box.

7. Click OK to close the Modify Web Application dialog box. During peak activity, the Web The Teamcenter Web application is using all available tier encounters errors obtaining connections in the connection pool. To avoid this, increase JCA connections. the number of available connections by increasing the Max_Pool_Size context parameter value in the Web application EAR file. To set your Web application maximum connection pool size: 1. Launch the Web Application Manager (insweb). For information about building J2EE Web applications with the Web Application Manager, see the Teamcenter server installation guide (for Windows or UNIX/Linux).

2. Select the Web application name and click Modify.

3. In the Modify Web Application dialog box, click Modify Context Parameters.

4. In the Modify Context Parameters dialog box, locate Max_Pool_Size, double-click the Value column, and type a larger number.

5. Click OK and click Generate Deployable File.

6. In the Generate Deployable File dialog box, click OK. The Web Application Manager displays the status of the installation in the Progress dialog box. When the installation is complete, click OK to close the Progress dialog box.

7. Click OK to close the Modify Web Application dialog box.

8. Redeploy the EAR file in your application server.

PLM00015 J Web Application Deployment Guide B-9 Appendix B Troubleshooting four-tier architecture deployment

Problem Solution Chinese characters are If you use a nonnative language operating system version of displayed as square blocks Windows, you must install and enable the Multilingual User in the Teamcenter rich client. Interface (MUI) pack to ensure the language font is displayed properly. 1. Download and install the MUI pack for Windows from Microsoft.

2. Open the Regional and Language Options dialog box in the Windows Control Panel.

3. In the Languages tab, set the required language for the menus and dialogs.

4. In the Advanced tab and the Regional Options tab, set the required language. JBoss 5.1.0 GA displays an The following error message displays during JBoss startup: error message during startup AttachmentStore MC bean (org.jboss.system.server.profileservice. when installed on Sun Solaris repository.abstractAttachmentStore)configuration does not specify the parameter type for constructor operating system. This is a known JBoss bug (JBAS-6981). You must edit the profile.xml file for your application server instance. Using the default server as an example, edit the {jboss-5.1.0.GS}/server/default/conf/boodstrap/profile.xml file as follows: 1. Locate the following parameter element in the file: . . .

2. Update the parameter element to include a class attribute:

3. Save the file and restart the application server.

B-10 Web Application Deployment Guide PLM00015 J Troubleshooting four-tier architecture deployment

Problem Solution During successive calls to get During large Global Services transactions, such as a activity status in the Global replication manager transaction during site consolidation Services user interface, out of orchestration, you may encounter a Java out of memory memory errors are displayed. error from the application server. This usually is caused by repeated checks on activity status (AuditActivity business object) from the Global Services user interface. The Java virtual machine (JVM) size grows with each call to get the status. To avoid this, reduce the application server’s Java memory property to between 1200m and 1500m (-Xmx1200m or -Xmx1500m, respectively). Teamcenter Web application The Teamcenter Web application takes longer than the fails to deploy on JBoss with the default 60 seconds the JBoss deployment scanner allows for following error messsage: deployments. Add the deployment-timeout attribute to the deployment-scanner element and set the value to at least Did not receive a response to the deployment operation 600 seconds before attempting to deploy the Web application. within the allowed timeout period [60 seconds]. Check of the deployment. For more information, see Deploy on JBoss application server (HSE).

PLM00015 J Web Application Deployment Guide B-11

Appendix C Glossary

PLM00015 J Web Application Deployment Guide

Appendix C Glossary

B

basic deployment (HSE) Basic deployment on an enterprise (J2EE) application server. The HTTP Web server (H), servlet container (S), and Enterprise JavaBean (EJB) container (E) are all provided on the same platform as part of the same process. The Teamcenter Web tier application (EAR file bundling the WAR file) is deployed on a J2EE application server that has a built-in HTTP listener, such as JBoss Application Server, Oracle WebLogic Server, and IBM WebSphere Application Server. Deploying a separate HTTP Web server to listen to the incoming request is not required.

basic deployment with front-end HTTP Web server (H-SE) Stand-alone HTTP Web server is configured as the front-end to a J2EE application server.

BLOB Binary large object; attribute type of undefined structure. BLOBs are stored as binary images within an object.

business object Logical grouping of data attributes and properties that are manipulated at the enterprise level. A Global Services business object allows users to query for and update information in multiple data sources.

business object definition file File that contains the XML-based definition of a Global Services business object.

C

clustered deployment (H*-SE) Multiple HTTP servers configured in a cluster. All requests are sent to the cluster, which routes the request to a J2EE application server that is available to process the request. The Teamcenter Web tier application (EAR file bundling the WAR file) is deployed in each application server instance in the cluster.

clustered deployment with front-end, load-balanced HTTP Web servers (H*-SE*) Multiple HTTP Web server instances are configured with a load balancer and a cluster of J2EE application server instances. A load balancer in front of the HTTP Web servers balances the load for incoming requests and HTTP Web servers route that request to the cluster of application servers.

PLM00015 J Web Application Deployment Guide C-1 Appendix C Glossary

In this configuration, the Teamcenter Web tier application (EAR file bundling the WAR file) is deployed in each application server instance in the cluster. Typically, HTTP Web servers must be configured for this type of distributed environment.

clustered deployment with front-end HTTP Web server (H-SE*) Stand-alone HTTP Web server is configured with a cluster of Web application server instances. The HTTP Web server routes requests to a cluster of J2EE application servers. The Teamcenter Web tier application (EAR file bundling the WAR file) is deployed in each application server instance in the cluster.

D

data source System that manages enterprise data and can be accessed by Teamcenter. Examples are product knowledge management (PKM) systems, product lifecycle management systems, relational databases, enterprise resource planning (ERP) systems, component and supplier management (CSM) systems, mechanical design automation (MDA) systems, purchasing systems, systems engineering GroupWare, and maintenance, repair, and overhaul (MRO) systems.

datastore Java Database Connectivity (JDBC) database instance used to store the Global Services configuration and business object definition (BOD) information. The majority of the objects in the datastore are stored as serialized objects for improved performance. The configuration and BOD files are serialized during the process of uploading them to the datastore. Global Services users with administrator privileges can access the Configuration Object form in Global Services that allows them to add, remove, and update objects in the datastore. See also business object definition file.

E

enterprise archive (EAR) Enterprise application that requires a J2EE application server.

enterprise tier Teamcenter architectural tier that comprises a configurable pool of Teamcenter C++ server processes and a server manager. Larger sites can distribute the pool of server processes across multiple hosts. Smaller sites can run the pool of servers on the same host as the Web tier.

H

H*-SE See clustered deployment (H*-SE).

H*-SE* See clustered deployment with front-end, load-balanced HTTP Web servers (H*-SE*).

HSE See basic deployment (HSE).

H-SE See basic deployment with front-end HTTP Web server (H-SE).

C-2 Web Application Deployment Guide PLM00015 J Glossary

H-SE* See clustered deployment with front-end HTTP Web server (H-SE*).

J

JDBC connector Enterprise JavaBean that connects Global Services to data sources using the Java Database Connectivity (JDBC) API. The JDBC connector is provided as part of Global Services.

N

network load balancer (NLB) HTTP Web servers are configured to allow each HTTP Web server in the load balanced cluster to respond to a virtual IP address. Requests to this virtual IP are intercepted and routed to a machine running one of the Web servers in the cluster.

O

Oracle home Directory in which Oracle software is installed on the Oracle server node.

Oracle system identifier (SID) Alphanumeric word used to identify a collection of processes and associated memory structures as belonging to a particular Oracle database instance. The ORACLE_SID environment variable defines the Teamcenter-Oracle system identifier.

P

preference Configuration variable stored in a Teamcenter database and read when a Teamcenter session is initiated. Preferences allow administrators and users to configure many aspects of a session, such as user logon names and the columns displayed by default in a properties table.

S

site preference Teamcenter preference that applies to the entire site.

SQL See Structured Query Language.

Structured Query Language ANSI standard command and embedded language for manipulating data in a relational database.

W

Web Application Manager Graphical installation utility that generates supporting Web files (WAR and EAR format) for a named Web application. Web Application Manager also installs the rich client distribution server and creates distribution server instances.

PLM00015 J Web Application Deployment Guide C-3 Appendix C Glossary

Web archive (WAR) Web application that requires an HTTP Web server and servlet engine.

Web tier Teamcenter architectural tier that comprises a Java application running in a Java 2 Enterprise Edition (J2EE) application server. The Web tier is responsible for communication between the client tier and enterprise tier.

C-4 Web Application Deployment Guide PLM00015 J Index

A ApplicationInstance ...... 3-4, 3-7 Activity status table ...... 3-1 Context root ...... 2-4, 2-18 allowuntrustedcertificates property . . . A-4 CookiePath parameter ...... B-9 Apache HTTP server ...... 2-20 Cookies overwritten ...... 2-6, 2-19 Apache Web server ...... 2-29, 2-31 CORBA error in Web tier ...... B-7 Application server administration . . . . . 1-2 Create a handler mapping . . . . . A-17, A-21 Application server hangs after publishing an Create a new IIS Web site ...... 2-24, item ...... B-8 A-16, A-20 Application server stops responding . . . B-8 Create an IIS handler script map . . . . . 2-24 ApplicationInstance context Create proxy initialization file ...... 2-25 parameter ...... 3-4, 3-7 autoReconnect connection pool D property ...... 3-8 Data availability ...... 1-2 axis2.max.connections property ...... 3-6 Data source ...... 3-4, 3-7 data store B Creating ...... 3-1 Basic deployment ...... 1-3 Table ...... 3-1 WebSphere Application Server ...... 2-4 data store table ...... 3-1 BEA-000402 error ...... 2-7, Database tables 2-21–2-23, 2-27, 2-30 Activity status ...... 3-1 JBoss ...... 3-12 data store ...... 3-1 Message log ...... 3-1 Reactor result ...... 3-1 C Default Web site ...... 2-24, A-16, A-20 Cannot assign requested address . . . . . B-7 Deployment status ...... 3-7 Chinese characters in Windows ...... B-10 Deployment with front-end HTTP server clientmap element ...... A-7, A-12 WebSphere Application Server . . . . . 2-16 Cluster host:port ...... 2-29 Deployment, basic ...... 2-6, Clustered with front-end HTTP ...... 1-3 2-20–2-21, 2-23, 2-26, 2-30 Clustered with front-end load balanced . . 1-3 Front-end HTTP Web server COMM_FAILURE error ...... B-7 WebSphere application server/IBM Commit ...... 3-7 HTTP server ...... 2-16 Configuration data ...... 3-1 Deployment, clustered Configure a handler mapping ...... 2-16 Front-end HTTP Web server Configuring a JNDI data store WebLogic server/Apache Web connection ...... 3-4 server ...... 2-29 Configuring FMS ...... A-5 WebLogic server/WebLogic Configuring Web application ...... 1-2 Express ...... 2-26 connection element ...... A-12 Load-balanced HTTP Web server Connection factory, JETIAdapter . . 2-5, 2-18 WebSphere application server/IBM Connection pool database name ...... 3-7 HTTP (Web) server ...... 2-31 Connection pool driver ...... 3-4 WebSphere application server/Sun Web Connection pool properties ...... 2-5, 2-18 server ...... 2-31 Context parameter Deployment, distributed ...... 2-20–2-21

PLM00015 J Web Application Deployment Guide Index-1 Index

Deployment, H-SE FSC element ...... A-7, A-9, A-12 Front-end HTTP Web server fscgroup element ...... A-6 JBoss application server/Microsoft IIS ...... 2-7 G Distributed deployment Apache HTTP/WebLogic ...... 2-20 Gateway for Oracle EBS integration WebLogic Express/WebLogic ...... 2-21 (T40) ...... 3-4 Dynamic content ...... 1-2 Global Services Java memory error . . . . B-11 Global Services properties ...... 3-6 E Global Services third party integrations ...... 3-4 Elements globalservices.properties file ...... 3-6 clientmap ...... A-7, A-12 GlobalServicesDB ...... 3-4, 3-7 connection ...... A-12 FSC ...... A-7, A-9, A-12 fscgroup ...... A-6 H Enable port rollover ...... 2-25 H*-SE* ...... 1-3 Enabling a deployed Web application . . . 1-2 H-SE ...... 1-3 Enabling two-way SSL ...... A-4 H-SE* ...... 1-3 Error during JBoss startup ...... B-10 HP-UX, kernel parameters ...... B-4 Errors hs_err_* ...... 2-1, B-6 COMM_FAILURE ...... B-7 HSE ...... 1-3 IPv6 ...... B-7 HTTP Web servers ...... 2-2 Java ...... 2-1, B-6 java.net.BindException ...... B-7 I mcast ...... B-7 Pool ID not available ...... B-2 IBM HTTP server ...... 2-16, 2-31 Restarting server manager ...... B-6 IBM HTTP server plug-in ...... 2-19 Server manager ...... B-6 IIS SERVER_HOST parameter ...... B-2 ISAPI filter ...... 2-15 TreeCache ...... B-5 Web service extension ...... 2-15 extension_uri registry entry ...... 2-10, IIS default Web site ...... 2-24, A-16, A-20 2-13, A-18 IIS virtual directory ...... 2-14–2-15 IIS Web site ...... 2-14–2-15 F Installations JBoss server ...... 3-9 Fail over ...... 1-2 WebLogic server ...... 3-6 Failed to start new thread error ...... B-11 IPv6 mcast mode ...... B-7 Files ISAPI filter ...... 2-15 Global Services properties ...... 3-6 ISAPI Redirector ...... 2-7 globalservices.properties ...... 3-6 isapi_redirector.reg file . . . . 2-10, 2-12, A-18 hs_err_* ...... 2-1, B-6 isapi_redirector.reg . . . . . 2-10, 2-12, A-18 JETIServerAccessor.jar ...... 2-25 J Proxy WAR ...... 2-22, 2-27 Java error ...... 2-1, B-6 TreeCacheTCP.xml ...... 2-25 Java out of memory error ...... B-11 uiworkermap.properties . . 2-9, 2-12, A-17 java.lang.OutOfMemoryError ...... B-11 web.xml ...... 2-28 java.net.BindException ...... B-7 Windows registry ...... 2-10, 2-12, A-18 JBoss workers.properties ...... 2-9, 2-12, A-17 Security ...... 3-12 FMS SSL configuration ...... A-4 JBoss 5.1.0 GA ...... B-10 FMS URL path extensions ...... A-4 JBoss application server ...... 2-7 Four-tier architecture JCA connection parameter ...... B-9 Troubleshooting deployment ...... B-1 JETIServerAccessor.jar file ...... 2-25 Front-end HTTP ...... 1-3 JNDI data store ...... 3-4

Index-2 Web Application Deployment Guide PLM00015 J Index

K axis2.max.connections ...... 3-6 Kernel parameters ...... B-4 Proxy WAR file ...... 2-22 Publishing to default ODS hangs application server ...... B-8 L log_file registry entry . . . . . 2-10, 2-13, A-18 R log_level registry entry . . . . 2-10, 2-13, A-18 Reactor result table ...... 3-1 Redirector directory ...... 2-10, 2-12, A-17 M Redirector logs ...... A-17 Manager, NLB ...... 2-32 Max_Pool_Size parameter ...... B-9 S Maximum connections ...... 2-5, 2-18 SAP (T4S) integration ...... 3-4 mcast error ...... B-7 SAP integration ...... 3-4 Message log table ...... 3-1 Security in JBoss ...... 3-12 Microsoft IIS ...... 2-7, 2-14–2-15 Server manager Microsoft IIS 7 ...... 2-23, A-15 J2EE based, troubleshooting ...... B-2 Minimum connections ...... 2-5, 2-18 Server manager error ...... B-6 Server manager restart error ...... B-6 N SERVER_HOST parameter ...... B-2 Network load balancing, see NLB serverPool.properties file ...... B-2 New IIS Web site ...... 2-14–2-15 Session cookies ...... B-9 NLB ...... 1-3 Session cookies overwritten on the Cluster parameters ...... 2-32 client ...... B-9 Master host node ...... 2-33 Specifying a specific bind address when a host Network load balancing manager . . . 2-32 has multiple IP addresses ...... B-1 NLBmgr command ...... 2-32 SSL Requirements ...... 2-32 Application server ...... 3-16 Secure port rules ...... 2-33 SSL configuration Standard port rules ...... 2-33 One-way ...... A-8 WebSphere application server/IBM HTTP Two-way ...... A-4 (Web) server ...... 2-31 Starting ****OBSOLETE**** ...... 2-22 Not enough storage is available to process this Starting a Teamcenter Web command error ...... B-11 application ...... 1-2 Starting JBoss ...... 3-12 Startup error with JBoss installed on O Solaris ...... B-10 One-phase commit ...... 3-7 Static content ...... 1-2 One-way SSL configuration ...... A-8 Sun Java System Application Server Oracle Manufacturing integration . . . . . 3-4 hangs ...... B-8 Override end_port value ...... 2-25 Sun Java System Application Server is unresponsive ...... B-8 P Supported application servers ...... 2-2 Supports global transactions ...... 3-7 Parameters ApplicationInstance ...... 3-4, 3-7 CookiePath ...... B-9 T Kernel ...... B-4 TCP element ...... 2-25 Max_Pool_Size ...... B-9 TESIS integrations ...... 3-4 Prerequisites for Web application Tomcat Redirector directory ...... 2-10, deployment ...... 1-2 2-12, A-17 Preventing cookies from being TreeCache initialization fails ...... B-5 overwritten ...... 2-6, 2-19 TreeCache initialization failure ...... B-1 Property TreeCache local service port ...... B-5

PLM00015 J Web Application Deployment Guide Index-3 Index

TreeCache peers ...... B-6 Deployment, front-end HTTP server TreeCacheTCP.xml file ...... 2-25 WebSphere Application Server . . 2-16 Troubleshooting WebLogic Express ...... 2-21 Four-tier deployment ...... B-1 Web tier initialization failure when using Server manager ...... B-2 Windows Network Load Balancer . . . . B-1 Two-way SSL configuration ...... A-4 Web Tier Proxy WAR file ...... 2-27 web.xml file ...... 2-28 U WebLogic Overwritten session cookie ...... B-9 uiworkermap.properties file ...... 2-9, WebLogic deployments ...... 2-6, 2-12, A-17 2-20–2-21, 2-23, 2-27, 2-30, 3-7 Unexpected error detected by HotSpot . . B-6 WebLogic Express ...... 2-26 uri_select registry entry ...... 2-13, A-19 WebLogic Express (Web server) ...... 2-27 WebLogic server ...... 2-26, 2-29 V WebLogic Server ...... 2-6, 2-20–2-21, 2-23, 2-26, 2-30 Virtual directory ...... 2-14–2-15 Apache Web tier ...... 2-20 WebLogic Express Web tier ...... 2-21 W WebSphere J2C connection factory ...... 2-5, 2-18 Web server farm ...... 1-4 Maximum connections ...... 2-5, 2-18 Web service extension ...... 2-15 Minimum connections ...... 2-5, 2-18 Web tier Setting cookie path ...... 2-6, 2-20 Apache HTTP Web Modules Properties ...... 2-6, 2-19 WebLogic Server ...... 2-20 WebSphere application server . . . 2-16, 2-31 connection problems ...... B-2 WebSphere Application Server . . . . 2-4, 2-16 Deployment, basic Windows JBoss application server/Microsoft Chinese characters ...... B-10 IIS ...... 2-7 Windows registry ...... 2-10, 2-12, A-18 WebLogic Server ...... 2-6, extension_uri ...... 2-10, 2-13, A-18 2-20–2-21, 2-23, 2-26, 2-30 log_file ...... 2-10, 2-13, A-18 WebSphere Application Server . . . 2-4 log_level ...... 2-10, 2-13, A-18 WebSphere application server/IBM uri_select ...... 2-13, A-19 HTTP server ...... 2-16 worker_file ...... 2-11, 2-13, A-19 Deployment, clustered worker_mount_file ...... 2-11, 2-13, A-19 WebLogic server/Apache Web worker_file registry entry . . 2-11, 2-13, A-19 server ...... 2-29 worker_mount_file registry entry . . . . . A-19 WebLogic server/WebLogic worker_mount_file registry entry . . . . . 2-13 Express ...... 2-26 worker_mount_file registry entry . . . . . 2-11 WebSphere application server/IBM workers.properties file . . . . . 2-9, 2-12, A-17 HTTP (Web) server ...... 2-31

Index-4 Web Application Deployment Guide PLM00015 J