Plan and Prepare Your Environment For FileNet P8

FileNet P8
Version 5.2.1
Plan and Prepare Your Environment for

FileNet P8
IBM
GC19-3955-04
FileNet P8
Version 5.2.1
Plan and Prepare Your Environment for

FileNet P8
IBM
GC19-3955-04
Note
Before using this information and the product it supports, read the information in Notices on page 185.
This edition applies to version 5.2.1 of IBM FileNet Content Manager (product number 5724-R81), version 5.2.1 of
IBM Case Foundation (product number 5724-R76), and to all subsequent releases and modifications until otherwise
indicated in new editions.
Copyright IBM Corporation 2001, 2016.
US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
ibm.com and related resources . . . . vii Choosing a standby index area activation
Contacting IBM . . . . . . . . . . . . . vii policy for IBM Content Search Services . . 28
Configuring AIX, HPUX, HPUXi, Linux, Linux
Planning and preparing for FileNet P8 on System z, or Solaris . . . . . . . . 28
Configuring AIX, HPUX, HPUXi, Linux,
installation . . . . . . . . . . . . . 1 Linux on System z, or Solaris for FileNet
Planning the installation . . . . . . . . . . 1 P8 servers (all components) . . . . . . 29
FileNet P8 Platform sample architecture . . . . 1 Configuring Content Platform Engine
Installation scenarios. . . . . . . . . . . 2 servers (AIX, HPUX, HPUXi, Linux, Linux
Overview of installation types . . . . . . 3 on System z, or Solaris) . . . . . . . 29
Single server scenario . . . . . . . . . 6 Configuring IBM Content Search Services
Standard distributed scenario . . . . . . . 7 servers (AIX, Linux, Linux on System z,
Content Platform Engine distributed Solaris) . . . . . . . . . . . . . 30
installation scenario . . . . . . . . . 7 Configuring Application Engine (Solaris) 32
IBM Content Search Services distributed Configuring Application Engine or
installation scenario . . . . . . . . . 8 Workplace XT servers (Linux) . . . . . 33
Application Engine distributed installation Configuring Microsoft Windows . . . . . 33
scenario . . . . . . . . . . . . . 9 Configuring Windows for FileNet P8
Multiple domain scenario. . . . . . . . 10 servers . . . . . . . . . . . . . 33
Definition of installation roles . . . . . . . 11 Configuring Windows for .NET and COM
Using the installation and upgrade worksheet . . 13 compatibility clients . . . . . . . . 33
Running the Customize Worksheet macro . . 13 Configuring Windows for Content Platform
Autofiltering and sorting the Worksheet . . . 14 Engine on Active Directory . . . . . . 34
Performing the required installation preparation Adding inbound rules to the Windows
tasks. . . . . . . . . . . . . . . . . 15 2008 firewall . . . . . . . . . . . 34
IT administrator installation tasks . . . . . . 15 Configuring the network . . . . . . . . 34
Creating Content Platform Engine operating Prerequisites to configuring your network 34
system accounts . . . . . . . . . . . 16 Synchronizing machine clocks . . . . . 35
Creating the Content Platform Engine Creating a local or shared directory for the
application server installation administrator 17 shared configuration files (Application
Creating the Content Platform Engine Engine or Workplace XT) . . . . . . . 35
application server installation group . . . 18 Storage area options for object stores . . . . 35
Creating Content Platform Engine installer Advantages of advanced storage areas . . . 36
account . . . . . . . . . . . . . 19 Replication models for advanced storage areas 37
Creating Content Platform Engine Preparing advanced storage areas . . . . . 39
operating system user account . . . . . 19 Preparing file servers for file storage areas . . 40
Creating Configuration Manager user . . 20 Configuring file servers for file storage
Creating the Content Platform Engine user areas . . . . . . . . . . . . . 40
account for DB2 for Linux, UNIX and Configuring account settings on file servers 41
Windows . . . . . . . . . . . . 21 Configuring the remote access protocol on
Creating the Content Platform Engine user the client machine . . . . . . . . . 43
account for DB2 for z/OS . . . . . . 21 Using IBM Support data collection tools . . . 44
Creating the Content Platform Engine Security administrator installation tasks . . . . 45
instance accounts for DB2 for z/OS . . . 22 Security planning considerations . . . . . 45
Creating Application Engine or Workplace XT Configuring directory server. . . . . . . 48
accounts . . . . . . . . . . . . . 22 Configuring Windows Active Directory . . 49
Creating the Application Engine or Configuring Active Directory Lightweight
Workplace XT installer account . . . . . 23 Directory Services (AD LDS). . . . . . 49
Creating the Application Engine or Configuring Oracle Directory Server
Workplace XT deployment account . . . 25 Enterprise Edition . . . . . . . . . 50
Preparing for IBM Content Search Services . . 25 Configuring Novell eDirectory . . . . . 51
Creating IBM Content Search Services Configuring Oracle Internet Directory . . 51
accounts . . . . . . . . . . . . 26 Configuring IBM Tivoli Directory Server. . 52
Choosing a load balancing method for IBM Configuring IBM virtual member manager 52
Content Search Services servers. . . . . 27 Configuring CA Directory . . . . . . 57
Copyright IBM Corp. 2001, 2016 iii

Creating the application server administrative Configuring WebSphere for Content Platform
console user (WebSphere). . . . . . . . 57 Engine . . . . . . . . . . . . . . 99
Creating Content Platform Engine directory Creating the WebSphere profile for
server accounts . . . . . . . . . . . 58 Content Platform Engine . . . . . . 100
Creating Content Platform Engine Specifying the WebSphere environment
bootstrap account . . . . . . . . . 59 variables . . . . . . . . . . . . 101
Creating the GCD administrator . . . . 61 Setting the primary administrative user
Creating the object store administrator . . 62 name . . . . . . . . . . . . . 103
Creating directory service user (Active Setting host aliases for deployment on
Directory) . . . . . . . . . . . . 63 multiple servers . . . . . . . . . 103
Creating directory service user (AD LDS) 64 Setting permissions for the Configuration
Creating directory service user (Oracle Manager user . . . . . . . . . . 103
Directory Server Enterprise Edition) . . . 65 Configuring the load-balancer or proxy
Creating directory service user (Novell server . . . . . . . . . . . . . 104
eDirectory) . . . . . . . . . . . 65 Preparing for database failover support 104
Creating directory service user (IBM Tivoli Configuring WebLogic Server for Content
Directory Server) . . . . . . . . . 66 Platform Engine . . . . . . . . . . 104
Creating directory service user (Oracle Configuring JBoss Application Server for
Internet Directory) . . . . . . . . . 67 Content Platform Engine . . . . . . . 108
Creating directory service user (CA Configuring JBoss Application Server for
Directory) . . . . . . . . . . . . 68 Content Platform Engine . . . . . . 108
Creating the workflow system Strengthening Content Platform Engine
administrator . . . . . . . . . . . 68 server security under JBoss Application
Creating workflow system groups . . . . 69 Server . . . . . . . . . . . . . 111
Creating Application Engine or Workplace XT Configuring JBoss Application Server
directory server accounts . . . . . . . . 70 clusters . . . . . . . . . . . . 111
Creating the Application Engine or Configuring application servers (high
Workplace XT administrator account . . . 70 availability environments) . . . . . . . 111
Database administrator installation tasks . . . 70 | Configuring WebSphere Application Server
Creating Content Platform Engine database | for IBM Content Navigator . . . . . . . 112
accounts . . . . . . . . . . . . . 71 | Configuring WebLogic Server for IBM
Creating a Content Platform Engine | Content Navigator. . . . . . . . . . 112
database user for DB2 for Linux, UNIX and Configuring WebSphere Application Server
Windows . . . . . . . . . . . . 72 for Application Engine or Workplace XT . . 112
Creating a database user for DB2 for z/OS 73 Configuring WebLogic Server for Application
Creating a Content Platform Engine Engine or Workplace XT . . . . . . . . 113
database user for Oracle . . . . . . . 74 Configuring JBoss Application Server for
Creating a Content Platform Engine Application Engine or Workplace XT . . . 114
database user for SQL Server . . . . . 75 Starting or stopping an application server
Preparing Microsoft SQL Server . . . . . 75 instance . . . . . . . . . . . . . 114
Microsoft SQL Server database planning. . 75 Resolving the names of existing data sources 114
Verifying that Microsoft SQL Server is Application Engine/Workplace XT in a
ready for FileNet P8 . . . . . . . . 76 highly available environment . . . . . . 115
Preparing Oracle server . . . . . . . . 81 Configuring the application server for
Oracle database planning . . . . . . . 81 Application Engine/Workplace XT in a
Verifying that Oracle server is installed for highly available environment . . . . . 115
FileNet P8 . . . . . . . . . . . . 82 Configuring load-balancer or proxy server 116
Preparing DB2 for z/OS servers . . . . . 87 Planning for Workplace/Workplace XT
Verifying that DB2 for z/OS server is shared settings . . . . . . . . . . 116
installed for FileNet P8 . . . . . . . 88 Accessing the documentation . . . . . . 117
Preparing the DB2 for Linux, UNIX and
Windows server . . . . . . . . . . . 89 Planning and preparing for FileNet P8
DB2 for Linux, UNIX and Windows upgrade . . . . . . . . . . . . . . 119
database planning . . . . . . . . . 89
Planning the upgrade. . . . . . . . . . . 119
Verifying that DB2 for Linux, UNIX and
Upgrade scenarios . . . . . . . . . . . 119
Windows is installed for FileNet P8 . . . 91
Upgrade on an existing server instance . . . 121
Application Server administrator installation
Upgrade with migration to a new server
tasks. . . . . . . . . . . . . . . . 95
instance . . . . . . . . . . . . . 122
Creating application server accounts . . . . 97
Migration upgrade overview and
Creating the application server
roadmap . . . . . . . . . . . . 122
administrator . . . . . . . . . . . 98
Upgrade planning considerations. . . . . . 124
iv Planning for FileNet P8

Upgrade system requirements for FileNet P8 125 Planning for DB2 for Linux, UNIX and
Upgrade system requirements for FileNet P8 Windows database upgrades . . . . . 145
expansion products . . . . . . . . . 125 Planning for DB2 for z/OS database
FileNet P8 eForms . . . . . . . . . 125 upgrades . . . . . . . . . . . . 147
Content Federation Services . . . . . 125 Planning for Oracle database upgrades 147
IBM Enterprise Records . . . . . . . 125 Planning for SQL Server database
Upgrading or migrating the underlying upgrades . . . . . . . . . . . . 148
vendor software supported by Content Planning the IBM Content Search Services
Platform Engine . . . . . . . . . . 126 upgrade . . . . . . . . . . . . . 151
Planning Process Engine upgrades (versions Application Server administrator upgrade tasks 151
4.5.1, 5.0.0, 5.1.0) . . . . . . . . . . 126 Creating the application server administrator 152
Definition of upgrade roles . . . . . . . . 127 Starting or stopping an application server
Using the installation and upgrade worksheet 128 instance . . . . . . . . . . . . . 153
Running the Customize Worksheet macro 129 Configuring the application server for
Autofiltering and sorting the Worksheet . . 130 Content Platform Engine . . . . . . . 154
Performing the required upgrade preparation tasks 130 FileNet P8 administrator upgrade tasks. . . . 154
IT administrator upgrade tasks . . . . . . 131 Enabling the Asynchronous Processing
Creating operating system accounts for dispatcher . . . . . . . . . . . . 155
upgrades . . . . . . . . . . . . . 132 Preparing Process Engine for upgrade
Creating the Content Platform Engine (upgrades from versions 4.5.1, 5.0.0, 5.1.0) . . 156
installer account . . . . . . . . . 132 Collecting settings for peupgrade wizard
Creating the Process Engine upgrade (upgrades from versions 4.5.1, 5.0.0, 5.1.0) . . 156
account (upgrades from versions 4.5.1, Collecting configuration information for
5.0.0, 5.1.0) . . . . . . . . . . . 133 Process Engine DbExecute connections
Creating Configuration Manager user . . 134 (upgrades from 4.5.1) . . . . . . . . . 159
Creating the Content Platform Engine | Saving Component Manager custom settings
application server installation account . . 135 | for CE_Operations (upgrades from V5.1 or
Creating the Content Platform Engine | earlier) . . . . . . . . . . . . . 160
application server installation group. . . 135
Configuring AIX, HPUX, HPUXi, Linux, Appendix A. Preparing non-English
Linux on System z, and Solaris . . . . . 136 environments for installing FileNet P8. 163
Configuring AIX, HPUX, HPUXi, Linux,
IT administrator . . . . . . . . . . . . 163
Linux on System z, and Solaris FileNet P8
Operating system considerations . . . . . . 164
servers (all components). . . . . . . 137
Microsoft Windows . . . . . . . . . . 165
Configuring Content Platform Engine
Configuring locale and support for other
servers (AIX, HPUX, HPUXi, Linux, Linux
languages in an AIX, HPUX, HPUXi, Linux,
on System z, and Solaris) . . . . . . 137
Linux on System z, or Solaris system . . . . 165
Assigning directory permissions to a new
Security administrator . . . . . . . . . . 165
installer account on AIX, HPUX, HPUXi,
Extended characters and user names . . . . 165
Linux, Linux on System z, or Solaris . . 137
Database administrator . . . . . . . . . . 166
Configuring Microsoft Windows . . . . . 138
Installing Microsoft SQL Server . . . . . . 166
Configuring Windows for FileNet P8
Installing Oracle server . . . . . . . . . 166
servers . . . . . . . . . . . . 139
Installing the DB2 for Linux, UNIX and
Configuring Windows for .NET and COM
Windows server . . . . . . . . . . . 166
compatibility clients . . . . . . . . 139
| Installing the DB2 for z/OS server . . . . . 167
Configuring Windows for Active Directory 139
Application Server administrator . . . . . . . 167
Adding inbound rules to Windows 2008
| Configuring character encoding on WebSphere
and 2012 firewalls . . . . . . . . . 139
| Application Server . . . . . . . . . . 167
Configuring operating system elements. . . 140
Configuring character encoding on JBoss
Configuring network communications . . 140
Application Server . . . . . . . . . . 168
Synchronizing machine clocks . . . . . 140
Configuring character coding on WebLogic
Using IBM Support data collection tools . . 140
Server . . . . . . . . . . . . . . . 168
Security administrator upgrade tasks . . . . 141
FileNet P8 administrator . . . . . . . . . 168
Security upgrade planning considerations 142
Configuring Process Task Manager for
Creating Content Platform Engine directory
Application Engine and Workplace XT . . . . 168
server accounts for upgrades . . . . . . 142
Limitations on installing in a non-English
Creating the application server
environment. . . . . . . . . . . . . . 168
administrative console user (WebSphere
Application Server) . . . . . . . . 142
Database administrator upgrade tasks . . . . 143 Appendix B. FileNet P8 ports . . . . 171
Database administrator planning . . . . . 143 Content Platform Engine ports . . . . . . . 172
Contents v
Application Engine and Workplace XT ports . . . 176 Content Services for FileNet Image Services ports 182
Process Simulator ports . . . . . . . . . . 176
Content Search Services ports . . . . . . . . 177 Notices . . . . . . . . . . . . . . 185
Rendition Engine and Content Platform Engine Trademarks . . . . . . . . . . . . . . 187
ports for LIQUENT . . . . . . . . . . . 178 Privacy policy considerations . . . . . . . . 188
Database ports . . . . . . . . . . . . . 180
IBM System Dashboard for Enterprise Content
Index . . . . . . . . . . . . . . . 191
Management ports . . . . . . . . . . . 181
vi Planning for FileNet P8

ibm.com and related resources
Product support and documentation are available from ibm.com.
Support and assistance
From ibm.com, click Support & downloads and select the type of support that you
need. From the Support Portal, you can search for product information, download
fixes, open service requests, and access other tools and resources.
IBM Knowledge Center
You can view the product documentation online in IBM Knowledge Center or in
an Eclipse-based information center that you can install when you install the
product. By default, the information center runs in a web server mode that other
web browsers can access. You can also run it locally on your workstation.
Use the following links to view the IBM Knowledge Center online product
documentation that is appropriate for your configuration. For IBM FileNet P8
documentation, see http://www.ibm.com/support/knowledgecenter/
SSNW2F_5.2.1/. For IBM Content Foundation, see http://www.ibm.com/support/
knowledgecenter/SSGLW6_5.2.1/.
PDF publications
See the PDF publications that are available for your product at the following links:
Product Website
IBM FileNet P8 Platform http://www.ibm.com/support/
publication library docview.wss?uid=swg27042122
IBM Content Foundation http://www.ibm.com/support/
publication library docview.wss?uid=swg27042128
Contacting IBM
For general inquiries, call 800-IBM-4YOU (800-426-4968). To contact IBM
customer service in the United States or Canada, call 1-800-IBM-SERV
(1-800-426-7378).
Contacting IBM
For general inquiries, call 800-IBM-4YOU (800-426-4968). To contact IBM customer
service in the United States or Canada, call 1-800-IBM-SERV (1-800-426-7378).
For more information about how to contact IBM, including TTY service, see the
Contact IBM website at http://www.ibm.com/contact/us/.
Copyright IBM Corp. 2001, 2016 vii

viii Planning for FileNet P8
Planning and preparing for FileNet P8 installation
To prepare to install FileNet P8, you must review the planning information before
you begin. You must also complete the prerequisite tasks assigned to the various
roles.
Planning the installation
You must review the installation planning information before your FileNet P8
installation so that you know what kind of deployments are supported,
understand how the tasks in the installation tasks are organized by role, and
know how to use the Installation and Upgrade Worksheet.
Performing the required installation preparation tasks on page 15
To efficiently carry out the required installation preparation tasks, you must
assign your staff to carry out the tasks that are organized by administrative
role.
Planning the installation

You must review the installation planning information before your FileNet P8
installation so that you know what kind of deployments are supported, understand
how the tasks in the installation tasks are organized by role, and know how to use
the Installation and Upgrade Worksheet.
FileNet P8 Platform sample architecture
You can distribute FileNet P8 Platform components and expansion products
across a variety of machines.
Installation scenarios on page 2
Depending on how you plan to use your FileNet P8 system, you might make
different choices in how you install the components. You can review the
possible FileNet P8 environment scenarios to help you plan your installation
process.
Definition of installation roles on page 11
The installation tasks and the rows in the Installation and Upgrade Worksheet
are organized by administrative roles. Your organization might have different
roles, and some of the responsibilities of listed roles will vary from those
assigned by default in this documentation.
Using the installation and upgrade worksheet on page 13
The Installation and Upgrade Worksheet is a Microsoft Excel spreadsheet
(p8_worksheet.xls). The worksheet describes the properties and parameters
required to complete FileNet P8 installation, upgrade, and configuration
programs, and provides a way to record the values you assign to these
properties and parameters.
FileNet P8 Platform sample architecture

You can distribute FileNet P8 Platform components and expansion products across
a variety of machines.
The following graphic shows just one of many possible configurations of a FileNet
P8 Platform installation.
Copyright IBM Corp. 2001, 2016 1

Platform Additional
components components
Application server-based
Content Platform IBM FileNet IBM

Engine Collaboration Enterprise IBM FileNet
Services Records Case
Analyzer
Workplace XT
IBM CMIS IBM
for FileNet IBM FileNet
Datacap Case
Content Manager IBM Application
Engine Monitor
Case
Manager (Workplace)
Documentation IBM FileNet
server Content Image
(if installed locally) Navigator Services
Ethernet
Database Directory
Process Rendition
servers server
Simulator Engine
IBM
Content
External Search
client Services
workstation File storage servers,
fixed content devices,
advanced storage servers
Tools Third-party products Windows only
installed with
Content
Platform Engine
To understand this graphic, keep in mind the following details:

v Use this graphic for general informational purposes only. Consult documentation
and the system requirements for full information about collocation, prerequisites,
and supported platforms.
v If you are installing IBM Content Navigator, you can find its planning and
installation information at Planning, installing, and configuring IBM Content
Navigator.
v Installing documentation locally is not required if you link to the online version
of the documentation on www.ibm.com.
v For information about installing components on a single server, see Single
server scenario on page 6.
v The graphic does not show components in a high availability or clustered
configuration.
v Not all additional components are shown. Check with your service
representative for availability of other products.
Related concepts:
Overview of installation types on page 3
Before putting your FileNet P8 system into production, it is often a good idea to
install it several times, with each installation fulfilling a different purpose.
Installation scenarios
Depending on how you plan to use your FileNet P8 system, you might make
different choices in how you install the components. You can review the possible
FileNet P8 environment scenarios to help you plan your installation process.
Overview of installation types on page 3
Before putting your FileNet P8 system into production, it is often a good idea
to install it several times, with each installation fulfilling a different purpose.
Single server scenario on page 6
You can install FileNet P8 by using the Composite Platform Installation Tool.
This tool installs all the middleware products and all the FileNet P8
components on a single server in one installation session.
Standard distributed scenario on page 7
In a typical distributed installation scenario, you install the FileNet P8 platform
components on a system of networked servers. You can install some
components as stand-alone applications, or install multiple instances of a single
component.
2 Planning for FileNet P8

Multiple domain scenario on page 10
In a multiple domain installation scenario, a master domain maintains a set of
self-contained tenant domains. Each tenant domain appears to its clients as a
separate independent domain.
Overview of installation types

Before putting your FileNet P8 system into production, it is often a good idea to
install it several times, with each installation fulfilling a different purpose.
During your planning phase, you decide which of the installation scenarios, such
as the single server, the standard distributed, or the high availability scenario,
would be best to use for the following types of installations:
v Proof of concept
v Development
v Test
v Preproduction
v Disaster recovery
v Production
Proof of concept system
A proof of concept system can be used to demonstrate basic functionality,
such as document management and simple workflow, to a prospective
customer, a development partner, or a set of users.
This system might be a single-server configuration of just the core FileNet
P8 components you want to demonstrate. Or it could be the core
components plus one or more expansion products that are important to
your intended development activities or your audience.
The Composite Platform Installation Tool (CPIT) provides a quick way to
create a proof of concept system on one server. It automatically configures
the underlying required software and applies a baseline set of default
FileNet P8 configuration settings. However, make sure that you are aware
of the following factors:
v It does not install IBM Content Search Services or configure other
add-ons or expansion products.
v It uses WebSphere Application Server, DB2 for Linux, UNIX and
Windows, and Tivoli Directory Server only. This is the only
configuration installed and configured by the Composite Platform
Installation Tool.
v After a Composite Platform Installation Tool installation, consider
upgrading the components to the latest supported fix pack levels. You
can also add more products to the installation or interface with
components and products that are installed on other computers.
v It installs onto one server only.
v The Installation and Upgrade Worksheet is not needed when you use
the Composite Platform Installation Tool.
Before you install a proof of concept system, make the following decisions:
v Decide whether using the Composite Platform Installation Tool is
sufficient to achieve your proof of concept, or whether you need a more
complex system, with multiple servers and essential add-ons, or with
different components. In this case, you would probably follow the
standard distributed scenario.
Planning and preparing for FileNet P8 installation 3

v Decide whether to keep your proof of concept system in place without
major modifications, at least during the early stages, in order to have a
working example of the original installation as a reference.
v Decide whether you intend to use the proof of concept system as a
development or test system.
Follow either the single server scenario or the standard distributed
installation scenario, including high availability elements if appropriate, to
install your proof of concept system.
Development system
A development system is used by software developers to design and
implement code for custom applications.
A development system should be only large enough to accommodate your
development team and to contain the components required by the system
under design. In some cases, more than one development system might be
required, for example, if developers are working on different subprojects
that could conflict or require unique capacity. The development system
might not need to be as carefully controlled as a test system. For example,
you could install products or debugging tools on a development system, or
make environmental changes that are not recommended for production or
intended for final documentation. This flexibility might not be advisable
for a test system that is meant to exercise the production configuration.
| It is acceptable to use the same authentication realm for the proof of
| concept system as for the development and test systems, though you might
| want some special accounts to use for just testing purposes. The benefit of
| using the same authentication realm is that these systems can use the same
| directory server (LDAP) accounts and authentication realms, which makes
| the subsequent development and test systems easier to configure.
Before you install a development system, make the following decisions:
v Decide whether to use an existing proof of concept system as the basis
for the development system.
v Decide whether to install one of the bundled FileNet P8 client
applications even if your customized solution will not use these
products. For example, you might want to compare your customized
application with the FileNet P8 clients.
v Decide which APIs are needed to code your custom application, and
then include the components that are required to implement those APIs.
v Decide whether you want to collocate FileNet P8 components on the
same server. Collocation is not a best practice in a production
environment but can be a good option for development systems,
especially if server resources are scarce and underlying system
performance is not a major concern. See the P8 Related Requirements
document for information on collocation.
v Decide what kind of content storage areas you want to configure. For
your development system, you might want to use a database storage
area, which is easier to configure than a file storage area that is based in
a file system.
| Unless your development system requirements can be met by using the
| single server scenario, follow the standard distributed installation scenario,
| including high availability elements if appropriate, to install your
| development system.

Test system
A test system is used to evaluate the quality of the applications during
development and to assess all subsequent changes to the code after the
product is released. A test system is also used to evaluate product
upgrades and fix packs before applying them to other systems, such as
production systems that are already rolled out across your enterprise.
An important usage of a test system is to make sure that you have the
correct versions of each software component. The owners of the test system
must therefore be careful to control all changes to it. Configure your test
system exactly as described in the installation documentation and by the
hardware and software requirements. Control, maintain, and track the
elements of your test system as carefully as possible so that testing
integrity can be assured. Typically, a test system is backed up so that it can
be returned to a known state without reinstalling all the software
components. In many cases, you can use the same authentication realm for
the test and development systems, unless you have security restrictions
within your organization.
| Before you install a test system, make the following decisions to be able to
| validate the functionality, usability and performance of the customer's
| applications.
| v Decide how large your test system must be to provide an adequate
| testing environment for activities such as code assessment, installation
| and upgrade testing, functional testing, and performance monitoring.
| v If your production system is expected to be a high availability
| environment, you might decide not to configure high availability on test
| systems but rather to use the preproduction system for testing under
| high availability conditions before installing the software into
| production.
| v Decide whether you want to collocate FileNet P8 components on the
| same server. Collocation is not a best practice in a production
| environment but can be a good option for test systems, especially if
| server resources are scarce and you must increase or maintain system
| performance.
Unless your test system's requirements can be met using the single server
scenario, follow the standard distributed installation scenario, including
high availability elements if appropriate, to install your test system.
Preproduction system
A preproduction system is used to try out changes before making those
changes on a production environment.
It should be as similar to the production system as you can reasonably
implement. Do not assume that a version change or some new code that
runs acceptably on the test system will run acceptably on a production
system; it must be tested first on a system that closely approximates the
production configuration. The greater the difference between the
preproduction system and the production environment, the greater your
risk when implementing new software. For example, if the production
system has a cluster of 20 servers, the preproduction system would need a
cluster of at least two servers, and ideally more. Final performance testing
is often done on the preproduction systems, so the closer it is to the
production system, the more reliable your performance test results will be.
As a best practice, all changes that are successfully tested on a test system
should first be implemented on the preproduction system before being
added to the production system.

If a preproduction system includes IBM Content Search Services, it must
have access to at least some of the documents to be searched. This access
might be accomplished by providing a complete synchronized replica of
the data, or only a subset of the data.
Before you install a preproduction system, make the following decisions:
v Decide whether you need to install fixed content devices in your
preproduction system. Because of the difficulties implementing a fixed
content device or other very large storage devices, you might decide to
implement such devices only on the production system.
v Decide how large a data set you need to approximate the production
system stored content and workflow information for preproduction
functional testing.
Follow the standard distributed installation scenario, including high
availability elements if appropriate, to install your preproduction system.
Disaster recovery system
Because it is designed to provide business continuity after a natural or
human-induced disaster, a disaster recovery system is often geographically
remote from production. Such a system is not designed to be instantly
enabled to replace a production system that is no longer available, because
this is generally accomplished by implementing high availability and
failover features into the production environment itself.
Production system
A production system is the full-featured, fully tested live system that has
access to all content and workflows, on the full suite of platform hardware
and software, configured to access your entire set of users and groups, that
supports your application.
Follow the standard distributed installation scenario, including high
availability elements if appropriate, to install your production system.
Single server scenario

You can install FileNet P8 by using the Composite Platform Installation Tool. This
tool installs all the middleware products and all the FileNet P8 components on a
single server in one installation session.
The result is a FileNet P8 system most typically used for the following tasks:
v Developing and demonstrating proofs of concept
v Previewing technology
v Demonstrating and understanding content and process management
functionality
v Configuring a basic content and process management solution
If you plan to run a single server installation by using the Composite Platform
Installation Tool, you do not need to do most of the preparation tasks that you
must perform for any of the other installation scenarios. Also, you do not need to
fill out the Installation and Upgrade Worksheet. The Composite Platform
Installation Tool provides all the values needed for a fully functional FileNet P8
system.
For details on collocating some FileNet P8 components, see Related Requirements,

available on the IBM FileNet P8 system requirements web page.

Standard distributed scenario
In a typical distributed installation scenario, you install the FileNet P8 platform
components on a system of networked servers. You can install some components
as stand-alone applications, or install multiple instances of a single component.
In a standard distributed environment, you install FileNet P8 on a number of

servers, according to the way you plan to use your system. This configuration
model can vary from a simple system with one stand-alone component per server
to a complex system with multiple instances, virtual servers, and managed
deployments.
Most FileNet P8 platform components work with middleware applications such as

web application servers, databases, and directory service applications. This guide
provides additional considerations and preparation tasks by role for the
administrators of these middleware applications. For details on which types and
versions of these applications work together in a FileNet P8 platform environment,
see IBM FileNet P8 system requirements
You can choose to collocate some FileNet P8 platform components. For details on
collocation decisions, see the IBM FileNet P8 system requirements.
If you plan to use related add-on products with your FileNet P8 platform
environment, review the installation documentation for the add-ons before you
install and configure FileNet P8.
Creating multiple instances of FileNet P8 platform components
You can install or deploy multiple instances of Content Platform Engine on a single
web application server.
Using multiple instances of Content Platform Engine means that you can provide a
different repository of content for different areas within an organization. For
example, you could create an instance for use by a Research and Development
group, and create a separate instance for use by a Human Resources group.
Content Platform Engine distributed installation scenario
In a typical distributed installation scenario, you install the FileNet P8 Platform
components on a system of networked servers. You can install some
components as stand-alone applications, or install multiple instances of a single
component.
IBM Content Search Services distributed installation scenario on page 8
In a typical distributed installation scenario you can install IBM Content Search
Services. You can also install IBM Content Search Services to run with
supported custom applications that use IBM FileNet P8 Platform development
tools to operate.
Application Engine distributed installation scenario on page 9
You can install Application Engine as a stand-alone application. You can also
install multiple instances of Application Engine.
Content Platform Engine distributed installation scenario:
In a typical distributed installation scenario, you install the FileNet P8 Platform

components on a system of networked servers. You can install some components
as stand-alone applications, or install multiple instances of a single component.

Stand-alone deployment
| When you deploy Content Platform Engine as a stand-alone application, you

| configure a single application server. You must configure your Content Platform
| Engine instances and deploy those Content Platform Engine instances on a single
| server, by using a single directory for the component files.
Managed deployment
When you deploy Content Platform Engine in a WebSphere Application Server

managed environment, you can install and configure Content Platform Engine on
any managed node. Then, use the application server administration console to
deploy the bootstrapped Content Platform Engine EAR file to the servers on each
managed node or to a cluster.
When you deploy Content Platform Engine in an Oracle WebLogic Server

managed environment, you can install and configure Content Platform Engine on
any managed server. Then, use the application server administration console to
deploy the bootstrapped Content Platform Engine EAR file to any of the managed
servers. The managed servers can be in a cluster.
JBoss Application Server has no managed deployment capability.
Non-managed deployment
| When you deploy Content Platform Engine in a WebSphere Application Server or

| WebLogic Server non-managed environment, you install and configure Content
| Platform Engine on any Content Platform Engine server in the environment. After
| you configure the bootstrapped Content Platform Engine EAR file on this first
| server, you are directed to copy the bootstrapped EAR file to each of the other
| servers. Then, deploy the bootstrapped EAR file on all of the servers.
When you deploy Content Platform Engine in a JBoss Application Server

environment, install and configure Content Platform Engine on an initial server in
the environment. Then, copy the Content Platform Engine EAR file from the initial
server to the other servers in the environment.
IBM Content Search Services distributed installation scenario:
| In a typical distributed installation scenario you can install IBM Content Search
| Services. You can also install IBM Content Search Services to run with supported
| custom applications that use IBM FileNet P8 Platform development tools to
| operate.
Single instance single server deployment
When you deploy a single instance of IBM Content Search Services on a
single server, you must configure your IBM Content Search Services server
for mixed mode (indexing and searching).
Multiple instance single server deployment
You can deploy multiple instances of IBM Content Search Services on a
single server for load balancing and performance. You can configure each
instance of IBM Content Search Services for mixed mode (indexing and
searching) or dedicated mode (indexing or searching) to maximize your
processing requirements.
Multiple instance multiple server deployment
You can deploy multiple instances of IBM Content Search Services on
multiple servers in a farm configuration for load balancing, performance
and high availability. For high availability, you need to ensure that there
are multiple instances running with mixed mode (indexing and searching)
on multiple servers. For dedicated mode (indexing or searching), you need
to ensure that you have a pair of instances for each mode.
Application Engine distributed installation scenario:
You can install Application Engine as a stand-alone application. You can also install
multiple instances of Application Engine.
Stand-alone deployment
When you deploy Application Engine as a stand-alone application, you configure a

single application server. You must configure your Application Engine instances
and deploy those Application Engine instances on a single server, using a single
directory for the configuration files.
Multi-instance deployment
If you want to deploy multiple Application Engine instances, install and deploy
Application Engine on separate servers.
Each Application Engine instance is isolated from the others, and there is no
exchange of information between the instances. For example, you can dedicate a
Application Engine instance for use by a certain group. This creates a distinct
Workplace interface for the group, and you can configure permissions, settings,
and functions accordingly. For another group, you might want to configure a
separate instance of the Workplace application with different settings. Each
instance has its own user and site preferences. All instances provide an interface to
the Content Platform Engine object stores.
Managed deployment
When you deploy Application Engine with WebSphere Application Server Network
Deployment in a managed mode, you must install and configure Application
Engine on all managed cluster nodes (using the administrative console for the
deployment manager) that are assigned to Application Engine.
When you deploy Application Engine in an Oracle WebLogic Server managed

environment, you must install and configure Application Engine on the
administrative node to avoid cross-network configuration issues. Install and
configure Application Engine on the administration server. Then use the
administration server tools to deploy the Application Engine WAR or EAR file to
the managed servers. The managed servers can be in a cluster.
JBoss Application Server has no managed deployment capability.
Non-managed deployment
When you deploy Application Engine in a WebSphere Application Server or

WebLogic Server non-managed environment, or a JBoss Application Server
environment, you install, configure, and deploy Application Engine on every
server in the environment.

Multiple domain scenario
In a multiple domain installation scenario, a master domain maintains a set of
self-contained tenant domains. Each tenant domain appears to its clients as a
separate independent domain.
Cloud service providers can host services for multiple customers by using the
multiple domain installation scenario. In this scenario, the service provider runs a
master FileNet P8 domain and one or more tenant domains within the same set of
Content Platform Engine servers, thereby reducing the overhead of deploying
separate application server instances of Content Platform Engine for each customer.
Tenants are isolated from each other and operate independently of other tenants.
For example, a tenant object store cannot be accessed from the master domain or
from the other tenant domains.
The physical infrastructure and storage resources in this environment are

controlled by the master domain, which allows the service provider to configure
and manage the multi-tenant infrastructure. Examples include physical devices,
servers, and sites. Tenant domains expose a read-only copy of these objects. Other
tenant domain objects are controlled by the tenant. Examples include the directory
configuration, add-ons, object stores, and isolated regions. Some of these objects are
initially set to the value in the master, but can then be modified by the tenant.
Tenant domain users cannot access or modify anything in the master domain or in
other tenant domains.
A master domain has a property that, when it is set, distinguishes it from a

stand-alone domain and allows it to have tenant domains.
| Important: Migration paths to or from a multi-domain configuration are not

| supported. You cannot migrate existing stand-alone domains into a multi-domain
| configuration or convert a multi-domain configuration into a stand-alone domain.
To access the master domain in a multi-domain configuration, client applications

would specify the same type of URL that would be used to access a normal
stand-alone domain. To access a tenant domain, a ?tenantId=<tenant_identifier>
parameter is appended to the server URL. This convention applies to both Content
Engine and Process Engine client applications.
Applying a patch or an upgrade to Content Platform Engine server software affects

all tenants simultaneously. In other words, you cannot patch or upgrade just a
single tenant.
Each tenant has a single database connection. The tenant GCD database, and all
object stores and isolated regions, use this shared database connection. The service
provider designates what database each tenant uses. A tenant can be configured to
use the same database as either the master domain or another tenant, but the
recommended configuration is for each tenant to use a separate database.
In cloud-based scenarios, the cloud provider defines the authentication scheme,

which typically is some type of federated identity management. The cloud
provider sets the AuthenticationRealmName property of each tenant domain;
Content Platform Engine then ensures that only users who have been authenticated
against the tenant's WebSphere realm can access resources within that tenant
domain. Each tenant could be configured to replicate its users and groups into a
cloud-based directory for use by the tenant domain for authorization purposes.

It is recommended to use email address as the UserNameAttribute for the
directory configuration in the master domain. Doing so avoids a conflict in which a
user in a tenant domain might have the same user name as a user in the master
domain; neither user would be able to log in.
In a multiple domain scenario, Content Platform Engine must use WebSphere

Application Server. Multiple domains are supported only for new installations and
not for upgrades. In addition, support for a multiple domain configuration is
currently limited to custom applications. At time of writing, IBM client applications
that use Content Platform Engine as their foundation (such as IBM Content
Navigator and IBM Case Manager) do not support a multiple domain
configuration. For custom applications, support for a multiple domain
configuration is limited to applications that use the Content Engine and Process
Engine Java APIs. Custom applications that were written using some other
interface (such as IBM CMIS or Process Engine REST Service) are not supported in
a multiple domain configuration.
Also note that, in the multiple domain model, there is no mechanism to partition
processing resources (such as memory, CPU cycles, threads, and database
connections) so as to prevent one tenant from using a disproportionate amount of
resources. Because of this, multiple domain configurations are primarily suited for
more narrow applications where the solution does not expose the full capabilities
of the Content Engine and Process Engine APIs. For most customers with a need to
support multiple business units, hosting multiple virtualized P8 domains on
shared hardware is the preferred approach. This approach does provide the ability
to limit the resources used by any tenant, and is therefore more appropriate for
most customers who want to share hardware resources across multiple
applications.
Definition of installation roles

The installation tasks and the rows in the Installation and Upgrade Worksheet are
organized by administrative roles. Your organization might have different roles,
and some of the responsibilities of listed roles will vary from those assigned by
default in this documentation.
Installation administrator
v Runs FileNet P8 installation programs during initial setup.
v Runs Configuration Manager during initial setup, followed by starting IBM
Administration Console for Content Platform Engine.
v Runs FileNet P8 upgrade programs during upgrades.
v Abbreviated as IA. Responsible for coordinating the information described in
this worksheet. The information itself will require the input from the other roles.
The role of IA is usually filled by an IBM FileNet Certified Professional (FCP).
Information technology administrator

v Responsible for the networking and operating systems settings required by
FileNet P8.
v Responsible for performing certain security configurations.
v Abbreviated as ITA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of ITA in the Role column.

Security administrator
v Responsible for configuring the directory servers required by FileNet P8
components.
v Creates and maintains directory server user and group accounts.
v Abbreviated as SA. Responsible for providing the information in the rows in the
Installation and Upgrade Worksheet with a value of SA in the Role column.
Database administrator
v Creates, configures, maintains database installations and database or table
spaces.
v Responsible for creating database accounts needed by FileNet P8.
v For purposes of this documentation, the database administrator is expected to
have responsibilities regarding the JDBC data sources.
v Abbreviated as DBA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of DBA in the Role column.
Application server administrator

v Responsible for providing the application servers required by FileNet P8.
v Responsible for application server administrative accounts.
v Abbreviated as ASA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of ASA in the Role column.
FileNet P8 administrator
v This role designation refers to the administrator or administrators who perform
regular maintenance of Content Platform Engine.
v The administrator who logs on to IBM Administration Console for Content
Platform Engine by using the gcd_admin account or an object_store_admin account
is considered a FileNet P8 administrator.
v Abbreviated as P8A. Responsible for providing the information in the rows of
the Installation and Upgrade Worksheet with a value of P8A in the Role column.
Related concepts:
required to complete FileNet P8 installation, upgrade, and configuration programs,
and provides a way to record the values you assign to these properties and
parameters.
IT administrator installation tasks on page 15
The Information Technology administrator must prepare the network and
operating systems, and carry out certain security configurations to prepare your
environment for FileNet P8.
Security administrator installation tasks on page 45
The Security administrator must prepare the security environment for the FileNet
P8 platform, including planning the security environment, configuring the
directory server, and creating accounts.
Database administrator installation tasks on page 70
The database administrator must prepare the databases that are required for
FileNet P8, which includes gathering information about data sources, creating
databases and database accounts.

Application Server administrator installation tasks on page 95
The Application Server Administrator must prepare the application servers for
FileNet P8, including planning deployment, creating administrative accounts, and
configuring JDBC drivers for Content Platform Engine.
Using the installation and upgrade worksheet

parameters.
Administrators who are preparing the environment for installation or upgrade of

FileNet P8 components must use the worksheet during their preparation tasks to
record the appropriate values and provide them to the Installation Administrator
who runs the installation or upgrade programs.
Some of the features of the Installation and Upgrade Worksheet are:

v Instructions: describes the worksheet and includes a button that runs the
Customize Worksheet macro.
v The two highlighted columns, Property or Parameter and ENTER YOUR
VALUE HERE, provide the simplest view of the requirement. The others add
identifying information and help you sort and filter the rows usefully.
v The Role column assigns each row to an administrator and uses the following
acronyms:
IA: Installation Administrator
ITA: Information Technology Administrator
ASA: Application Server Administrator
DBA: Database Administrator
SA: Security Administrator
P8A: FileNet P8 Administrator
v Property definitions are contained in the column titled Description.
v Some rows, though not all, contain a hyperlink in the IC help link column.
Click this hyperlink to run a query against the online documentation, which
opens with the Search Results pane showing the topics that contain the words in
the query phrase. Browse the search results until you have enough information
to be able to enter a value in the Worksheet row.
Running the Customize Worksheet macro
The Customize Worksheet macro lets you extract only those rows that describe
your environment.
Autofiltering and sorting the Worksheet on page 14
There are several ways to organize the Worksheet to make finding properties
and entering values easier.

your environment.
Important: For support of the full range of built-in filter and macro features, use
Microsoft Excel to view the Installation and Upgrade Worksheet file. You can use
other spreadsheet programs to view the file; however, filter and macro support can

vary. For example, in Calc from OpenOffice.Org, the column filters work as
expected, but the Customize Worksheet button does not.
To run the Customize Worksheet macro:

1. Open the Installation and Upgrade Worksheet (p8_worksheet.xls) and click the
Instructions worksheet (also called a tab).
2. Scroll down until you see the button representing the Customize Worksheet
macro. Click the button.
3. Select the components and options that describe the environment you are
preparing for FileNet P8.
v Installation or Upgrade
v FileNet P8 Components
v Application Server type
v Operating system
v Database type
v Directory Server type
v Number of object stores (adds new sets of rows for creating additional data
sources)
v Name of customized sheet
4. Click OK. The macro copies the rows that fulfill your selection criteria into a
new worksheet with the name you entered. Enter the values for your
environment into this new worksheet.
5. Click the name of the new worksheet at the bottom of the Excel window. Add
your preparation values into this new worksheet.
6. Notice that the new worksheet has buttons at the top titled Show Installer
View and Show Full View, depending on its state. The Show Installer View
displays only those columns that you need while running installation or
configuration programs.
Autofiltering and sorting the Worksheet

There are several ways to organize the Worksheet to make finding properties and
entering values easier.
AutoFiltering is a quick way to display only those rows that meet a certain
criterion.
To use AutoFilter:
1. Make sure AutoFiltering is enabled. (Select the entire row with the column
headers, then click Data > Filter > Autofilter.) AutoFilter arrows will appear to
the right of the column labels.
2. Click the AutoFilter arrow in the Installation or Configuration Program
column header and select the program you are interested in (for example, CPE
installer).
3. For a custom AutoFilter, click the AutoFilter arrow in any column header,
select Custom, and use the dialog box to define a filter that will show rows
that meet your criteria.
4. To turn off AutoFiltering in a column, click the column AutoFilter arrow and
select (All).
5. To reorder rows alphabetically, do a Sort:
a. Click anywhere in a column, for example, Column A Role.

The only possible values in the Role column are ASA, SA, DBA, ITA, and
P8A. Sorting on Role therefore groups the rows by this attribute, in
alphabetic order. Several other columns also have a limited number of
possible values which means they can be usefully sorted.
b. Click the Sort Ascending icon in the Excel toolbar, or use the Data > Sort
menu command. The rows sort on Role.
Sorting the Worksheet reassigns row numbers. If you refer to rows by
number, be aware that row numbers change if you change the sort order.
Performing the required installation preparation tasks

To efficiently carry out the required installation preparation tasks, you must assign
your staff to carry out the tasks that are organized by administrative role.
Some tasks require input that results from other preparation tasks performed by
other administrator roles. While performing the tasks, record results in the
Installation and Upgrade Worksheet. See the Using the installation and upgrade
worksheet on page 13 topic for details.
To prepare the IBM FileNet P8 environment, perform the tasks assigned to the
following roles.
IT administrator installation tasks
Security administrator installation tasks on page 45
The Security administrator must prepare the security environment for the
FileNet P8 platform, including planning the security environment, configuring
the directory server, and creating accounts.
Database administrator installation tasks on page 70
Application Server administrator installation tasks on page 95
FileNet P8, including planning deployment, creating administrative accounts,
and configuring JDBC drivers for Content Platform Engine.
IT administrator installation tasks

v Review all rows assigned to the IT administrator (ITA) in the Using the
installation and upgrade worksheet on page 13. While you complete the
following preparation tasks, provide values for the rows that are appropriate to
your installation.
Tip: With the Data > Filter > AutoFilter command enabled, as it is by default in
the worksheet file (p8_worksheet.xls), perform the following actions to quickly
see only the properties assigned to a particular role:
Click the AutoFilter drop-down arrow in the Role column header and select
ITA.

Further filter the result set by clicking the AutoFilter drop-down arrow in
any of the other columns and selecting a value or clear a filter by selecting
All.
v If you are installing in a non-English environment, review Preparing
non-English environments for installing FileNet P8 before you begin your
preparation tasks.
Creating Content Platform Engine operating system accounts
You must create several operating system accounts.
Creating Application Engine or Workplace XT accounts on page 22
Several operating system accounts are needed to install and deploy Application
Engine or Workplace XT.
Preparing for IBM Content Search Services on page 25
If you are installing IBM Content Search Services, you must do some things to
get ready.
Configuring AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris on
page 28
The FileNet P8 system components require some specific configuration settings
on the machines where you install them.
Configuring Microsoft Windows on page 33
Perform certain operating system procedures on all Windows-based servers
where you will install FileNet P8.
Configuring the network on page 34
You must perform certain configurations on the network before installing
FileNet P8 platform.
Storage area options for object stores on page 35
An object store has several options for storage areas. You need to determine the
appropriate types of storage areas for your requirements.
Advantages of advanced storage areas on page 36
Advanced storage areas offer several advantages over other types of storage
areas.
Replication models for advanced storage areas on page 37
If you use advanced storage areas for your object stores, you need to choose a
replication model that best suits your storage requirements.
Preparing advanced storage areas on page 39
Before you create an advanced storage area, you need to complete the following
planning-related actions:
Preparing file servers for file storage areas on page 40
To prepare for file storage, you must configure file servers for file storage areas,
configure a remote access protocol, and prepare the file servers where file
storage areas are to be located.
Using IBM Support data collection tools on page 44
The IBM Support data collection tools can help you troubleshoot problems with
your installed IBM FileNet P8 products by collecting and analyzing
problem-related diagnostic data.
Creating Content Platform Engine operating system accounts

You must create several operating system accounts.
Accounts are referred to in documentation in the following ways:

v By a display name; for example, Database User Name. An account's display
name is how the FileNet P8 user interface, such as a setup program or dialog
box, refers to the account. Many accounts have both a display name and a
variable.
v By a variable designator; for example cpe_db_user, using lower-cased italics and
underscores. The variable is intended to show that you must designate your
own account to act in the role described by the variable. The variable is the
unique identifier for a particular account.
If you see a reference to an account that you do not understand, search the
documentation for that reference.
Creating the Content Platform Engine application server installation
administrator
An operating system account you used to install the Content Platform Engine
application server.
Creating the Content Platform Engine application server installation group on
page 18
An operating system group account to which several Content Platform Engine
accounts must belong.
Creating Content Platform Engine installer account on page 19
An operating system account you use to install Content Platform Engine.
Creating Content Platform Engine operating system user account on page 19
The account you use to create and configure the shared root directory of a file
storage area or content cache area.
Creating Configuration Manager user on page 20
An operating system account you use to run Configuration Manager.
Creating the Content Platform Engine user account for DB2 for Linux, UNIX
and Windows on page 21
An operating system account on the database server that Content Platform
Engine uses to access DB2 for Linux, UNIX and Windows.
Creating the Content Platform Engine user account for DB2 for z/OS on page
21
An operating system user account that Content Platform Engine uses to connect
to DB2 for z/OS databases containing the GCD and object stores.
Creating the Content Platform Engine instance accounts for DB2 for z/OS on
page 22
Operating system and database user and group accounts that Content Platform
Engine uses to connect to DB2 for z/OS.
Creating the Content Platform Engine application server installation

administrator:
An operating system account you used to install the Content Platform Engine
application server.
1. Create the following operating system account:
Content Platform Engine application server installation administrator
Unique identifier
cpe_appserver_install_user
Description
The cpe_appserver_install_user account is needed during the
installation process to perform the following tasks:
v Create and configure the application server/domain/profile
for Content Platform Engine.
v Start or stop the application server instance when needed.
If you are prompted for credentials (which might happen if
WebSphere Global security is enabled or if WebLogic is in
Production Mode), pass in the credentials of the
appserver_admin or appserver_console_user. See those entries for
more information.
v Modify the application server files or directories as needed
for deploying Content Platform Engine using the
Configuration Manager tool.
v Provide create, read and write permissions for directories on
devices or drives that are used for external Content Platform
Engine file storage.
cpe_appserver_install_user must belong to the
cpe_appserver_install_group.
2. Record this value in your customized Installation and Upgrade Worksheet.

To find this property, search the worksheet for instances of
cpe_appserver_install_user.
Creating the Content Platform Engine application server installation group:

Content Platform Engine application server installation group
Unique identifier
cpe_appserver_install_group
Description
An operating system group account. You will be instructed to
grant certain permissions to this group during Content Platform
Engine installation and configuration.
The user accounts in cpe_appserver_install_group will perform the
following tasks:
v Give operating system privileges to the directories used for
Content Platform Engine installation and for the application
server's instance/domain/profile.
v Configure and deploy the Content Platform Engine EAR files
which require access to the application server's
instance/domain/profile directories.
v Have permissions on devices/drives to read and write that
are designated for external Content Platform Engine file
storage.
Minimum required permissions
Use your local machine's administrative tools to add the
following accounts to this group:
v cpe_appserver_install_user
v cpe_install_user
v config_mgr_user


Creating Content Platform Engine installer account:

1. If installing Content Platform Engine on Windows, create the following
operating system account:
Content Platform Engine installer account (Windows)
Unique identifier
cpe_install_user
Description
An operating system account used to run the Content Platform
Engine installation program.
Use Windows administrative tools to add cpe_install_user to the
Local Administrators group and to the
2. If installing Content Platform Engine on AIX, Solaris, HPUX, HPUXi, Linux,
Linux on System z, create the following operating system account
Content Platform Engine installer account (AIX, HPUX, HPUXi, Linux, Linux
on System z, or Solaris)
Unique identifier
cpe_install_user
Description
Use your administrative tools to grant cpe_install_user at least
the following permissions:
v Read, write, and execute permissions to the device or
location where:
Content Platform Engine is to be installed.
The application server instance/domain/profile has been
installed.
v Write permission to the directories where you create file
storage areas, index areas, and content caches.
v Write permission on the /tmp directory.
v Membership in the cpe_appserver_install_group.

To find this property, search the worksheet for instances of cpe_install_user.
Creating Content Platform Engine operating system user account:
The account you use to create and configure the shared root directory of a file
storage area or content cache area.
Content Platform Engine operating system user
Unique identifier
cpe_os_user

Description
An operating system account you must log on as to create and
configure the shared root directory of a file storage area or
content cache area.
The operating system user who logs on to the Content Platform
Engine server and starts the local application server process is
the account that must be used to secure the folders and files in
a file storage area. From a practical standpoint, the account that
is used to install the application server should be the same
account that is used to start the application server process. As
an administrator, you will always log in using the same
cpe_os_user account to secure the folders and files in the file
system that Content Platform Engine will use for a file storage
area.
Windows
For Windows-based Content Platform Engine and file
storage areas, cpe_os_user must reside in the same
Windows domain or in trusted Windows domains as
the servers that host Content Platform Engine and the
file storage area.
For Windows-based file storage areas and using
WebSphere: you must set the WebSphere service to
logon as the cpe_os_user.
AIX, HPUX, HPUXi, Linux, Linux for System z, Solaris
For AIX, HPUX, HPUXi,Linux, Linux for System z, or
Solaris-based Content Platform Engine and file storage
areas, configuring security requires the use of NFS.

To find this property, search the worksheet for instances of cpe_os_user.
Creating Configuration Manager user:

Configuration Manager user
Unique identifier
config_mgr_user
Description
An operating system account you will use to run Configuration
Manager.
config_mgr_user must belong to the cpe_appserver_install_group.
(Windows only) Using Active Directory tools, add
config_mgr_user to either the Power Users group or the Local
Administrators group.
At several points in the installation process you will be
instructed to grant additional permissions to config_mgr_user,
including the following permissions:

v Execute permission to the Configuration Manager executable
file, configmgr.exe (Windows) or configmgr.sh (AIX, HPUX,
HPUXi, Linux, Linux for System z, Solaris).
v Read and write permission to the directory where
Configuration Manager will create the configuration XML
files. For example:
the directory you specify using the optional -path
parameter when you run Configuration Manager.
the default directory, ce_install_path/tools/configure/
profiles, if you do not specify a path parameter.

To find this property, search the worksheet for instances of config_mgr_user.
Creating the Content Platform Engine user account for DB2 for Linux, UNIX and
Windows:
An operating system account on the database server that Content Platform Engine
uses to access DB2 for Linux, UNIX and Windows.
Remember: The user name length is restricted to no more than eight

characters.
Content Platform Engine database user (DB2 for Linux, UNIX and Windows)
Unique identifier
cpe_db_user
Description
This user account is granted database permissions for Content
Platform Engine access to the DB2 database. Separate accounts
can be used for each object store, but are not required.
Additional database-specific permissions must be added by the
DBA.
Access to the DB2 for Linux, UNIX and Windows GCD
database and each object store database.
See the DBA section for the database permissions required by
this account.

To find this property, search the worksheet for instances of cpe_db_user.
Creating the Content Platform Engine user account for DB2 for z/OS:
An operating system user account that Content Platform Engine uses to connect to
DB2 for z/OS databases containing the GCD and object stores.
Content Platform Engine database user (DB2 for z/OS)
Unique identifier
cpedbuser
Description

Operating system user accounts on the database server. Use one
account for the GCD (for example, cpedbuser1) and one for
object stores (for example, cpedbuser2).
DB2 for z/OS does not allow underscores in account names.
The DBA grants this account permissions for Content Platform
Engine access to the DB2 database.

To find this property, search the worksheet for instances of cpedbuser.
Creating the Content Platform Engine instance accounts for DB2 for z/OS:
Operating system and database user and group accounts that Content Platform
Engine uses to connect to DB2 for z/OS.
Instance owner and instance owner primary group (DB2 for z/OS)
Unique identifiers
cpe_db_db2_ instanceowner and cpe_db_db2_group
Description
Operating system user and group that must exist on the
database server. The cpe_db_db2_ instanceowner will create
databases and set a number of configuration parameters.
The DBA grants these accounts permissions for Content
Platform Engine access to DB2 for z/OS.

Creating Application Engine or Workplace XT accounts

Several operating system accounts are needed to install and deploy Application
Engine or Workplace XT.

variable.
Create the following users and groups. All IBM FileNet Workplace accounts, as
well as accounts for other client applications and expansion products that use
Content Platform Engine or Application Engine, must have passwords.

Creating the Application Engine or Workplace XT installer account
An operating system account that you use to run the installation program for
Application Engine or Workplace XT.
Creating the Application Engine or Workplace XT deployment account on
page 25
Creating the Application Engine or Workplace XT installer account:
An operating system account that you use to run the installation program for
Application Engine or Workplace XT.
Application Engine or Workplace XT installer account (Windows)
Unique identifier
ae_install_user or wpxt_install_user
Description
The operating system account you will use to log on to a
Windows machine and launch the Application Engine or
Workplace XT installation program.
This account must be a Windows Local administrator or a user
with equivalent permissions.
If the P8TASKMAN_HOME environment variable exists, you
must grant read and write permission to the ../Common
Files/taskmaninstances.xml file. The default location for
Common Files for Windows: C:\Program Files\IBM\FileNet\
Common Files.
The installer account (ae_install_user or wpxt_install_user) must
be granted read/write/execute permission to these directories
and files:
Installation paths (ae_install_path or wpxt_install_path)
Grant ae_install_user read and write permission to the
ae_install_path.
Grant wpxt_install_user read and write permission to the
wpxt_install_path.
WebSphere Application Server
WAS_HOME/profiles/default/installedApps/
node_name/app_engine_war.ear/app_engine.war
WAS_HOME/profiles/default/config/cells/
machine_name/Node01cell/nodes/machine_name/
Node01/serverindex.xml
WebLogic
WL_HOME\server\bin/startWLS.sh or start
WLS.cmd
Oracle\Middleware\user_projects\domains\
domain_name/config/config.xml
JBoss JBOSS_HOME/bin/run.sh or run.bat

JBOSS_HOME/server/default/conf/login-
config.xml (on both Content Platform Engine
and Application Engine servers)
Installation paths (BPMClient_directory)
BPMClient_directory.
Default BPMClient directory (Windows):
c:\Program Files\IBM\FileNet\BPMClient
Application Engine or Workplace XT installer account (AIX, HPUX, Linux,
Solaris)
Unique identifier
ae_install_user or wpxt_install_user
Description
The operating account you will use to log on to a AIX, HPUX,
Linux, or Solaris machine and launch the Application Engine or
Workplace XT installation program.
If the P8TASKMAN_HOME environment variable exists, you
must grant read and write permission to the ../Common
Files/taskmaninstances.xml file. The default location for
Common Files: /opt/IBM/FileNet/CommonFiles.
The installer account (ae_install_user or wpxt_install_user) must
be granted read/write/execute permission to these directories
and files:
Installation paths (ae_install_path or wpxt_install_path)
ae_install_path.
wpxt_install_path.
WAS_HOME/profiles/default/installedApps/
node_name/app_engine_war.ear/app_engine.war
machine_name/Node01cell/nodes/machine_name/
Node01/serverindex.xml
WebLogic
WL_Home/server/bin/startWLS.sh or start
WLS.cmd
Oracle/Middleware/user_projects/domains/
domain_name/config/config.xml
JBoss JBOSS_home/bin/run.sh or run.bat
JBOSS_home/server/default/conf/login-
config.xml (on both Content Platform Engine
and Application Engine servers)

Installation paths (BPMClient_directory)
Default BPMClient directory (AIX, HPUX, Linux,
Solaris):
/opt/IBM/FileNet/BPMClient

To find this property, search the worksheet for instances of ae_install_user or
wpxt_install_user.
Creating the Application Engine or Workplace XT deployment account:

Application Engine or Workplace XT deployment account
Unique identifier
ae_deploy_user or wpxt_deploy_user
Description
This account will have permissions to deploy an application. It
can be the same as the Application Engine or Workplace XT
installer account.
The deployment account (ae_deploy_user or wpxt_deploy_user)
must be granted read/write/execute permission to these
directories and files:
WAS_HOME/profiles/default/installedApps/node_name/
app_engine_war.ear/app_engine.war
machine_name/Node01cell/nodes/machine_name/Node01/
serverindex.xml
WebLogic 10.x
WL_Home/wlserver_10.3/server/bin/startWLS.sh or
start WLS.cmd
WL_Home/user_projects/domains/domain_name/config/
config.xml
JBoss JBOSS_home/bin/run.sh or run.bat
JBOSS_home/server/default/conf/login-config.xml (on
both Content Platform Engine and Application Engine
servers)

To find this property, search the worksheet for instances of ae_deploy_user or
wpxt_deploy_user.
Preparing for IBM Content Search Services

If you are installing IBM Content Search Services, you must do some things to get
ready.

Important: It is a best practice for Content Platform Engine storage areas and IBM
Content Search Services full-text indexes to not share the same root directory, disk,
or volume. Otherwise, disk I/O contention will cause degraded performance.
Creating IBM Content Search Services accounts
If you are installing IBM Content Search Services, you must create new IBM
Content Search Services accounts.
Choosing a load balancing method for IBM Content Search Services servers
on page 27
To optimize indexing and search performance, you need to decide on a method
to balance the load among the IBM Content Search Services servers.
Choosing a standby index area activation policy for IBM Content Search
Services on page 28
To maintain a uniform distribution of input/output among the disks used for
searching and indexing, you need to keep a steady number of open index areas.
Creating IBM Content Search Services accounts:
If you are installing IBM Content Search Services, you must create new IBM
Content Search Services accounts.

variable.
Creating the IBM Content Search Services operating system account
The operating system account that you use to start and stop the IBM Content
Search Services software.
Creating the IBM Content Search Services installer account on page 27
An operating system account you use to install IBM Content Search Services.
Creating the IBM Content Search Services operating system account:
The operating system account that you use to start and stop the IBM Content
Search Services software.
1. Use your operating system tools to create the following operating system
account on the IBM Content Search Services server:
IBM Content Search Services operating system account
Unique identifier
css_os_user
Description
Use this account to run the IBM Content Search Services
startup and shutdown commands.
This account must be an operating system user with rights to

run the IBM Content Search Services startup and shutdown
commands. By default, the css_install_user can also run these
commands.

To find this property, search the worksheet for instances of css_os_user.
Creating the IBM Content Search Services installer account:
An operating system account you use to install IBM Content Search Services.
1. Use your operating system tools to create the following operating system
account:
IBM Content Search Services installer account
Unique identifier
css_install_user
Description
Run the IBM Content Search Services installation program
using this account.
On Windows, this account must be a Windows Local
administrator or a user with equivalent permissions.
Read/write/execute permission to the css_install_path.

To find this property, search the worksheet for instances of css_install_user.
Choosing a load balancing method for IBM Content Search Services servers:
To optimize indexing and search performance, you need to decide on a method to

balance the load among the IBM Content Search Services servers.
By default Content Platform Engine uses a built-in load-balancing algorithm to

assign IBM Content Search Services servers to indexes according to the indexing
workload of the servers. The assignments are based on the number of index
servers and the resources that are available to each server. If you want to override
this built-in algorithm, you can use Administration Console for Content Platform
Engine to create affinity groups and manually dedicate IBM Content Search
Services servers to specific index areas.
An affinity group is a group of one or more servers that are dedicated to one or
more index areas. A server that is a member of an affinity group can serve only
index areas that are assigned to that affinity group and that belong to the same site
as the server. A server that is not a member of an affinity group can serve only
index areas that do not belong to an affinity group and belong to the same site as
the server.
With an affinity group, the administrator can limit the load balancing for an index
area to the servers that are members of the group. These servers do the indexing
and searching of full-text indexes. All servers in the group must have equal access
to the root directory of the index area. The affinity group should include servers
that can do indexing and searching.
The affinity group improves performance because you can index your data on a
disk that is local to IBM Content Search Services. The downside is that Content
Platform Engine cannot provide failover. If the local disk that hosts the index area
fails, all indexing and search requests to that index area fail.
To avoid the possibility of a single point of failure for an affinity group, do not
store full-text index data on local (non-shared) disks. Instead, store your index data
on shared disks with data redundancy, as described in IBM Content Search
Services distributed installation scenario on page 8.
If you must use local disks, be sure to implement data redundancy by using a high
availability strategy for failover of the IBM Content Search Services server and the
disks, provided by Veritas, Microsoft Cluster Server, or IBM PowerHA.
Choosing a standby index area activation policy for IBM Content Search
Services:
To maintain a uniform distribution of input/output among the disks used for

searching and indexing, you need to keep a steady number of open index areas.
To maintain a constant number of index areas in open state, Content Platform

Engine needs to open a standby index area as soon as any other index area
becomes full. If no standby index areas are available, then Content Platform Engine
logs a warning.
To implement this policy, the Content Platform Engine administrator needs to

create some standby index areas in advance and assign a priority to each one.
Content Platform Engine uses the priority to determine which standby index area
to open when another index area becomes full.
The administrator also uses the priority to decide on the storage that is allocated to
the index area and to create a backup policy. By default, the priority of each index
area is zero, the highest priority.
Configuring AIX, HPUX, HPUXi, Linux, Linux on System z, or

Solaris
The FileNet P8 system components require some specific configuration settings on
the machines where you install them.
Configuring AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris for
FileNet P8 servers (all components) on page 29
When configuring AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris,
ensure the hosts file contents, ensure the minimum required disk and temp
space, and determine your port requirements.
Configuring Content Platform Engine servers (AIX, HPUX, HPUXi, Linux,
Linux on System z, or Solaris) on page 29
If Content Platform Engine is configured for full-text indexing, video
transcription, or thumbnail generation, then before you start the Content
Platform Engine installation on AIX, Linux, Solaris, or Linux on System z, you
must ensure that the fsize and nofiles parameters are set to their unlimited
value.
Configuring IBM Content Search Services servers (AIX, Linux, Linux on
System z, Solaris) on page 30
Before you start the IBM Content Search Services installation on AIX, Linux,
Solaris, or Linux on System z, you must ensure that certain ulimit settings are
set to their unlimited value.

Configuring Application Engine (Solaris) on page 32
When Solaris starts up, it takes the first several ports, called anon ports, to use
for its communication daemons.
Configuring Application Engine or Workplace XT servers (Linux) on page 33
To configure Linux-based servers for Application Engine or Workplace XT, you
must ensure that Linux libraries are installed.
Configuring AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris for

FileNet P8 servers (all components):
When configuring AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris,

ensure the hosts file contents, ensure the minimum required disk and temp space,
and determine your port requirements.
To configure AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris for FileNet
P8 servers:
1. Ensure hosts file contents. On each FileNet P8 server that does not use DNS
(Domain Name Service) or NIS (Network Information Service), the /etc/hosts
file must contain the name and Internet Protocol (IP) address of all servers it
will communicate with, including the remote database server, if applicable.
2. Ensure minimum required disk space and temp space for installation. See IBM
FileNet P8 system requirements.
3. Determine port requirements. Consult with the application server, database,
and FileNet P8 administrators to determine port requirements for all the
servers in your installation environment.
4. If you intend to install FileNet P8 components interactively, ensure that each
FileNet P8 server running on AIX, HPUX, HPUXi, Linux, Linux on System z, or
Solaris uses the X Window system. If you are going to install components from
a remote machine, verify that the remote machine has an X Window terminal
emulator. If you will use a Windows client to connect to the AIX, HPUX,
HPUXi, Linux, Linux on System z, or Solaris server to install, either set the
DISPLAY environment variable to the null (blank) value, or start X Window on
the server before you begin the silent installation or uninstallation procedure.
5. For Red Hat Linux 5.x or higher, change the security setting before installation.
Red Hat Enterprise Linux versions 5.x or higher have a security feature that
can cause errors during installation. For details on resolving the issue before
you install, see System requirements: Hardware and software requirements for
IBM FileNet P8. Search for the term SELinux.
Configuring Content Platform Engine servers (AIX, HPUX, HPUXi, Linux, Linux
on System z, or Solaris):
If Content Platform Engine is configured for full-text indexing, video transcription,

or thumbnail generation, then before you start the Content Platform Engine
installation on AIX, Linux, Solaris, or Linux on System z, you must ensure that the
fsize and nofiles parameters are set to their unlimited value.
The fsize parameter controls the maximum file size; the nofiles parameter
controls the maximum number of open files per process.
To ensure that the values of fsize and nofiles are set to their unlimited value:
1. Run the following command to check the value of the fsize parameter:
ulimit -f

If the parameter value is already unlimited (-1), continue at step 3.
2. Open for editing one of the following files, which contain the fsize parameter.
Set the parameter value to -1, and save your edit.
Table 1. Name of the file to be edited
Operating System File name
AIX /etc/security/limits
Solaris, Linux, HP-UX, HP-UXi, and Linux /etc/security/limits.conf
on System z
3. Run the following command to check the value of the nofiles parameter:
ulimit -n
The value of nofiles is unlimited if it is one of the following values,

depending on your operating system:
Table 2. Unlimited value
Operating system Unlimited value
AIX and Solaris -1
HP-UX, HP-UXi, Linux, and Linux on 65536
System z
If the value is already unlimited, continue at step 5.

4. Open for editing (if it is not already open) one of the following files, which
contain the nofiles parameter. Set the parameter to its unlimited value, and
save your edit.
Operating system File name
Solaris, Linux, HP-UX, HP-UXi, and Linux /etc/security/limits.conf
on System z
5. Log out of the current session. If you changed the value of fsize or nofiles,
log back in for the changes to take effect.
Configuring IBM Content Search Services servers (AIX, Linux, Linux on System
z, Solaris):
Before you start the IBM Content Search Services installation on AIX, Linux,
Solaris, or Linux on System z, you must ensure that certain ulimit settings are set
to their unlimited value.
The IBM Content Search Services installation startup script checks the ulimit value
of the fsize and nofiles parameters. The fsize parameter controls the maximum
file size; the nofiles parameter controls the maximum number of open files per
process. If the values are not set to unlimited, the startup script attempts to change
them to unlimited. If the startup script cannot change the value to unlimited, a
warning is generated.
The ulimit value for the rss parameter (which controls the maximum resident set
size) and for the maximum size of virtual memory must also be set to unlimited.
(The installation startup script does not check these values.)

To ensure that the values of fsize, nofiles, rss, and virtual memory are set to
their unlimited value:
1. Run the following command to check the value of the fsize parameter:
ulimit -f
If the parameter value is already unlimited (-1), continue at step 3.

2. Open for editing one of the following files, which contains the fsize parameter.
Set the parameter value to -1, and save your edit.
Operating System File name
Solaris, Linux, and Linux on System z /etc/security/limits.conf
3. Run the following command to check the value of the nofiles parameter:
ulimit -n
The value of nofiles is unlimited if it is one of the following values,

depending on your operating system:
AIX and Solaris -1
Linux and Linux on System z 65536
If the value is already unlimited, continue at step 9 on page 32.

contains the nofiles parameter. Set the parameter to its unlimited value, and
save your edit.
5. Run the following command to check the value of the rss parameter:
ulimit -m
The value of rss is unlimited if it is one of the following values, depending on

your operating system:
AIX and Solaris -1
If the value is already unlimited, continue at step 9 on page 32.

contains the rss parameter. Set the parameter to its unlimited value, and save
your edit.

7. Run the following command to check the value for the maximum size of
virtual memory:
ulimit -v
The value for the maximum size of virtual memory is unlimited if it is one of
the following values, depending on your operating system:
AIX and Solaris -1
If the value is already unlimited, continue at step 9.

8. Run the following command to set the value for the maximum size of virtual
memory to unlimited:
Table 10. Command to set unlimited value
Operating system Command
AIX and Solaris ulimit v -1
Linux and Linux on System z ulimit v 65536
9. Log out of the current session. If you changed any of the ulimit values, log
back in for the changes to take effect.
Configuring Application Engine (Solaris):
When Solaris starts up, it takes the first several ports, called anon ports, to use for
its communication daemons.
By default, the maximum tcp_smallest_anon_port is 32768. FileNet P8 uses several

ports higher than 32768.
To use these ports on Solaris-based systems, you must first enable the ports by
setting the smallest anon port to 32778. By doing so, the ports used by Solaris
communication daemons will be 32778 or greater, leaving 32777 available for
FileNet P8 use.
The Solaris platform provides several different tools, such as the netstat command,
to determine if a port is in use.
1. Determine the current tcp_smallest_anon_port setting. From the command line,
enter the following command: ndd -get /dev/tcp tcp_smallest_anon_port
2. Enable port 32777. If the port returned in the step above is less than 32778, you
must enable port 32777. Edit the /lib/svc/method/net-init file. Add the
following line before the exit 0 entry at the bottom of the file:
ndd -set /dev/tcp tcp_smallest_anon_port 32778

3. Reboot the Application Engine server to force the release of ports required by
the Application Engine that might be in use by the operating system. Failure to
reboot after these changes are made can result in the port being unavailable,
generating OpenSocket errors.
Configuring Application Engine or Workplace XT servers (Linux):
To configure Linux-based servers for Application Engine or Workplace XT, you

must ensure that Linux libraries are installed.
To install Application Engine or Workplace XT on Linux, several legacy libraries

are required. You must install the compat-libstdc++ packages on your Red Hat
system before beginning your install of Application Engine or Workplace XT.
Configuring Microsoft Windows

Perform certain operating system procedures on all Windows-based servers where
you will install FileNet P8.
Configuring Windows for FileNet P8 servers
To configure Windows for FileNet P8 servers, ensure the minimum disk and
temporary space and determine the port requirements.
Configuring Windows for .NET and COM compatibility clients
Microsoft .NET Framework is a prerequisite for installing .NET API Clients and
COM Compatibility clients. Some clients might also require the installation of
Microsoft Web Services Enhancements (WSE).
Configuring Windows for Content Platform Engine on Active Directory on
page 34
If Windows Active Directory is your directory service, set the primary DNS
server IP address on your Content Platform Engine machine to the IP address
of the machine where DNS is installed.
Adding inbound rules to the Windows 2008 firewall on page 34
Configure inbound rules in the Windows 2008 firewall to allow the following
ports access.
Configuring Windows for FileNet P8 servers:
To configure Windows for FileNet P8 servers, ensure the minimum disk and
temporary space and determine the port requirements.
To configure Windows for FileNet P8 servers:

v Ensure minimum required disk space and temporary space for installation. See
the IBM FileNet P8 system requirements web page.
v Determine port requirements. Consult with the application server, database, and
FileNet P8 administrators to determine port requirements for all the servers in
your installation environment. Also see the FileNet P8 ports section of the
Planning and preparing for IBM FileNet P8 documentation.
v If you intend to deploy Content Platform Engine on a Windows Server 2008 host
that is configured with Simplified Chinese, the host must have an English name.
Configuring Windows for .NET and COM compatibility clients:
To configure Windows for .NET and COM compatibility clients:

1. If you have client programs that use Windows Communication Foundation
(WCF) to access Content Platform Engine, ensure that .NET 3.x is installed.
WCF is embedded with .NET 3.x or later and requires an SSL secured network
connection to Content Platform Engine.
2. Backward compatibility is provided for client programs that use Web Services
Enhancements (WSE) to access Content Platform Engine. These clients require
the installation of .NET 2.x and WSE 3.0.
Configuring Windows for Content Platform Engine on Active Directory:
If Windows Active Directory is your directory service, set the primary DNS server
IP address on your Content Platform Engine machine to the IP address of the
machine where DNS is installed.
Adding inbound rules to the Windows 2008 firewall:
Configure inbound rules in the Windows 2008 firewall to allow the following ports
access.
Open all of the ports that are appropriate in your configuration.
Port Protocol Used for

32771 TCP RMI
32775 TCP This is the primary IBM System Dashboard for
Enterprise Content Management listener port.
Internal port number HTTP In a cluster configuration, set it to a non-zero
value in Administration Console for Content
Platform Engine and use that port number
here to open it in the Windows 2008 firewall.
Configuring the network

You must perform certain configurations on the network before installing FileNet
P8 platform.
Prerequisites to configuring your network
A small number of tasks are required to ensure proper network
communications before you install FileNet P8 platform. Perform the
prerequisite tasks in any order.
Synchronizing machine clocks on page 35
FileNet P8 processes require that you synchronize the clocks on all of the
machines that are running FileNet P8 servers and FileNet P8 clients.
Creating a local or shared directory for the shared configuration files
(Application Engine or Workplace XT) on page 35
You can create a local or shared directory for the shared configuration files in
highly available environments.
Prerequisites to configuring your network:
A small number of tasks are required to ensure proper network communications

before you install FileNet P8 platform. Perform the prerequisite tasks in any order.
v Ensure TCP/IP settings. Verify the TCP/IP settings on the UNIX and Windows
servers and IBM Administration Console for Content Platform Engine clients
that are configured for FileNet P8 enable the servers and clients to communicate
with one another.

v Ensure availability of required port numbers. Several port numbers are required
by the various FileNet P8 components.
Synchronizing machine clocks:
FileNet P8 processes require that you synchronize the clocks on all of the machines
that are running FileNet P8 servers and FileNet P8 clients.
1. Make sure that the machine clocks on all FileNet P8 servers, including Content
Platform Engine, Application Engine, as well as all database servers and those
of FileNet P8 client applications including Workplace XT, Rendition Engine,
IBM Case Manager, and so on, are synchronized. Errors that might arise if they
are not synchronized include those of authentication, cooperative locking,
communication between servers, and others.
| 2. You can run a clock synchronization utility to synchronize all of the clocks on
| your Java virtual machines with a reliable time source. If the clocks get out of
| sync by 60 seconds or more, you can configure a scheduler in the clock
| synchronization utility to periodically synchronize the time of the clocks.
Creating a local or shared directory for the shared configuration files

(Application Engine or Workplace XT):
You can create a local or shared directory for the shared configuration files in
highly available environments.
Remember: At a minimum, the user running the install and the Application
Engine/Workplace XT processes needs write access to this directory.
Do not use one of the cluster servers for the file location as this creates a single
point of failure. The bootstrap.properties file could, theoretically, be placed on a
local Windows share or local NFS export directory from any of the systems in the
Application Engine/Workplace XT cluster (that is, shared out from the default file
location from the first installation). However, if the local system holding the file
would go down, other Application Engine/Workplace XT instances will be unable
to find the bootstrap.properties file and will return error messages.
Storage area options for object stores

An object store has several options for storage areas. You need to determine the
appropriate types of storage areas for your requirements.
An object store can have up to four types of storage areas, and multiple instances
of each type, for the content of documents and business objects. The name of each
storage area in an object store must be unique.
advanced storage area
An advanced storage area supports these underlying advanced storage
devices: OpenStack cloud storage and file system storage. One or more
advanced storage devices can be associated with an advanced storage area.
An advanced storage area supports native content replication for disaster
recovery and online backups solutions. In addition, an advanced storage
area leverages the Content Platform Engine sweep service to perform
queue processing for replication, content deletion, and abandoned content
backout.
An advanced storage area can coexist with other storage areas: database,
file system, or fixed content. Data can be moved between an advanced

storage area and other types of storage areas. And, like other storage areas,
advanced storage areas can be assigned to storage policies.
file storage area
A file storage area stores content in a file system. A file storage area is
usually not on the machine where Content Platform Engine is installed. A
file storage area cannot reside on a write-once-read-many (WORM) device.
fixed storage area
A fixed storage area resides on a large-capacity, (possibly) write-once, fixed
content device. A fixed storage area uses a file storage area directory
structure as a temporary staging area before migrating files to permanent
storage on the external device. Multiple fixed storage areas can share the
same fixed content device, or a fixed storage area can have its own fixed
content device.
database storage area
A database storage area stores content as binary large objects (BLOBs) in a
database.
Related concepts:
Storage area types
Advantages of advanced storage areas

Advanced storage areas offer several advantages over other types of storage areas.
Advanced storage areas have two main advantages over other storage areas: They
support content replication over storage devices, and they offer storage on
OpenStack-based cloud objects. Advanced storage areas also offer direct content
upload. That is, content uploaded by a client application to an advanced storage
area goes directly to a storage device without needing to be written to temporary
storage.
The core features that advanced storage areas support are as follows:
Support for Content Platform Engine content replication
Content Platform Engine can replicate content to more than one type of
storage device and to multiple instances of the same type. Mounting of file
system replicas between sites is not required. If Content Platform Engine
determines that it has connectivity to a cross-site replica, it reads or writes
to the replica directly. The advanced storage area implements a
connectivity detection scheme, caching the results, and using this
information when reading or writing to a replica.
If server communication is configured for a site, then server
communication is the favored route to content in a different site. If direct
connectivity between sites is not available, then server communication
must be configured to allow content to be accessed across sites.
Direct connectivity for a file system storage device means that the file
system is mounted across the WAN between sites to every Content
Platform Engine server. If server communication is not configured, then
direct connectivity is required.
Support for direct use of cloud object storage
Content Platform Engine can transfer content to a cloud object, and
without needing to use temporary disk storage.
Support for direct upload of content

Content flows directly from a client application as a single stream to the
storage device; the content is never written to temporary storage. Only a
single instance of Content Platform Engine is involved in the upload.
Support for replica repair
If a replica contains damaged (missing or incorrect) content, Content
Platform Engine can detect the damage and re-replicate the correct content
to the replica.
The following table summarizes the differences between advanced storage areas
and other storage areas in terms of their support of core features:
Table 11. Core feature support by advanced storage areas and other types of storage areas
Supported by advanced storage Supported by other types of storage
Core feature areas? areas?
File storage yes yes
Database storage no yes
OpenStack-based cloud storage yes no
Fixed content storage no yes
Replication yes no
Direct content upload yes no
Replica repair yes no
Replication models for advanced storage areas

If you use advanced storage areas for your object stores, you need to choose a
replication model that best suits your storage requirements.
Advanced storage areas are designed to be flexible enough to support a wide

variety of replication models, including the following common modes: traditional
high availability/disaster recovery, remote site, and grid storage. Configuring
replicas can sometimes be complex. By using Administration Console for Content
Platform Engine, an administrator can configure common and complex custom
replication models.
Traditional high availability/disaster recovery
The traditional high availability/disaster recovery replication model
consists of an active (main) data center, a passive bunker data center, and a
passive disaster recovery data center. The bunker data center and the
disaster recovery data center provide database redundancy for content.
They are passive in the sense that they are activated only during a failover.
The database and content are synchronously replicated from the active
data center to the bunker data center, and asynchronously replicated from
the active data center to the disaster recovery data center. Bunker data
centers and disaster recovery data centers differ only in how they receive
database and content (synchronously or asynchronously). If the main data
center fails, the bunker data center is started and takes on the role of the
main data center. Replication to the disaster recovery data center is
synchronous until the main data center is restored.
The following figure illustrates normal operation for this replication model:

Main data center Bunker data center Disaster recovery data center
Content Platform
Engine
Object Object
Object Storage store Storage store Storage
store device database device database device
database replica replica replica replica replica
Synchronous Content Platform Engine content replication Asynchronous
Database system replication
The following figure illustrates a failover:

Main data center Bunker data center Disaster recovery data center
Content Platform
Engine
Object Object
Object Storage store Storage store Storage
store device database device database device
database replica replica replica replica replica
Content Platform Engine Synchronous

content replication writes
Remote site
The remote site replication model extends the high availability/disaster
recovery model by adding support for replication to and from a replica on
a remote site. Content is synchronously written to the local site (Content
Platform Engine 1 and 2) and asynchronously written to the remote site
(Content Platform Engine 3A and 4A).
The following figure illustrates content being ingested in Content Platform
Engine 1:
Content Content Content Content

Platform Platform Platform Platform
Engine Engine Engine Engine
1 2 3A 4A
Storage Storage Storage Storage

device device device device
replica replica replica replica
The following figure illustrates content being ingested in Content Platform

Engine 3:

Content Content Content Content
Platform Platform Platform Platform
Engine Engine Engine Engine
1 2 3A 4A
Storage Storage Storage Storage

device device device device
replica replica replica replica
Grid storage
The grid storage model uses cloud storage. The cloud content stores are
not tied to any of specific Content Platform Engine site. Content is
uploaded to any of the Content Platform Engine instances. Content is
synchronously written to two of the three cloud content stores, and
asynchronously written to the third store.
The following figure illustrates content being written to the cloud stores:
Site 1 Site 2 Site 3
Content Platform Content Platform Content Platform

Engine Engine Engine
Cloud object storage Cloud object storage Cloud object storage

replica 1 replica 2 replica 3
Preparing advanced storage areas

Before you create an advanced storage area, you need to complete the following
planning-related actions:
v Create a storage plan that is based on your replication requirements. See
Replication models for advanced storage areas on page 37 for an overview of
supported replication models.
v Consider whether you require site-setting overrides for replication.
v Decide on key configuration settings for an advanced storage area. For storing
content, do you need compression, duplication suppression, or encryption? For
deleting content, which method of removal satisfies your security requirements?
v Consider your need to assign the advanced storage area to a storage policy. Do
you want to distribute content between storage areas, where the system
evaluates configured criteria to determine which area to store the content?
After your storage plan is in place, create one or more advanced storage devices to
connect to the advanced storage area. You can use OpenStack cloud storage and
file system storage as advanced storage devices. You must create the advanced
storage devices before you can create an advanced storage area for an object store.

Preparing file servers for file storage areas
To prepare for file storage, you must configure file servers for file storage areas,
configure a remote access protocol, and prepare the file servers where file storage
areas are to be located.
Configuring file servers for file storage areas
You must configure file servers for the initial file storage areas of the object
stores to be created, and for additional file storage areas of existing object
stores.
Configuring account settings on file servers on page 41
The following table shows the operating system user and group on the machine
where Content Platform Engine is to be deployed that are involved in securing
file storage areas. The user and group must be defined in the directory service
that the operating system uses to authenticate users, which is not necessarily
the same directory service that Content Platform Engine Server uses.
Configuring the remote access protocol on the client machine on page 43
When configuring the remote file access protocol (NFS or CIFS), the client
machine is the one where Content Platform Engine Server or IBM Content
Search Services are running. Configuring the remote access protocol (NFS or
CIFS) means designating a directory (where content is be stored) so that it
appears to be on the local file system of the client machine.
Configuring file servers for file storage areas:
You must configure file servers for the initial file storage areas of the object stores
to be created, and for additional file storage areas of existing object stores.
See IBM FileNet P8 system requirements for currently supported operating systems
for file servers.
Configuring a file server for file storage areas involves the following general steps,
which are described in more detail in the procedures later in this task.
To configure file servers for file storage areas:

1. Create or designate an existing top-level directory on the file server where file
storage areas will reside.
2. Secure the directory so only Content Platform Engine Server can access it.
3. Expose the directory via the remote file access protocol that applies to the
operating system of the file server.
4. (Best practice) Under the top-level directory, create a subdirectory for each file
storage area you intend to create. If you decide to put a file storage area
directly within a top-level directory, rather than in a subdirectory, and you later
decide to create an additional file storage area on this file server, you will have
to create another top-level directory for it, because you will not be able to use
the previously created top-level directory.
Remote file access protocols on page 41
The supported remote file access protocols between Content Platform Engine
and a file server are Common Internet File System (CIFS), Network File System
(NFS), and Distributed File System (DFS). DFS is supported if you are using it
to manage a file storage area; however, the replication feature of DFS is not
supported.

Remote file access protocols:
The supported remote file access protocols between Content Platform Engine and a
file server are Common Internet File System (CIFS), Network File System (NFS),
and Distributed File System (DFS). DFS is supported if you are using it to manage
a file storage area; however, the replication feature of DFS is not supported.
The communication method between the Content Platform Engine computer and
the file server depends on the operating systems that are running on the two
computers. To upgrade a file store, you must use some type of CIFS, NFS, or DFS
gateway.
You can use an iSCSI device as a Windows CIFS share with Content Platform
Engine servers as follows:
v You can mount an iSCSI device on one computer and then share that drive to
another computer as a Windows CIFS share.
v You cannot mount an iSCSI device on multiple computers where the Content
Platform Engine servers on the different computers can access the same storage
area on the iSCSI device.
Install a UPS power supply backup system on each file server to enable graceful
shutdown. Loss or corruption of data occurs if a file server does not shut down
gracefully.
Configuring account settings on file servers:
The following table shows the operating system user and group on the machine
where Content Platform Engine is to be deployed that are involved in securing file
storage areas. The user and group must be defined in the directory service that the
operating system uses to authenticate users, which is not necessarily the same
directory service that Content Platform Engine Server uses.
The user and group account variables in this table are placeholders for the actual
account names that you designate.
Table 12. User and group account names
Users and Groups Role
Content Platform Engine operating system The user under which Content Platform
user (cpe_os_user) Engine server runs (typically, the user that
starts Content Platform Engine server).
Content Platform Engine operating system The group that contains:
group (cpe_os_group) v Content Platform Engine operating system
user
Configuring a file server based on AIX, HPUX, HPUXi, Linux, Linux on

System z, or Solaris on page 42
You need to create a directory and specify permissions for the Content Platform
Engine operating system user before you can create a storage area.
Configuring a Windows-based file server for a Windows client using CIFS on
page 42
You must configure security permissions on the directories where file storage
areas are going to be located.

Configuring a Windows-based file server for an AIX, HPUX, HPUXi, Linux,
Linux on System z, or Solaris client using NFS on page 43
To configure Windows Services for NFS, use the procedures in Microsoft
documentation.
Configuring a file server based on AIX, HPUX, HPUXi, Linux, Linux on System z, or
Solaris:
You need to create a directory and specify permissions for the Content Platform
Engine operating system user before you can create a storage area.
To configure a file server based on AIX, HPUX, HPUXi, Linux, Linux on System z,
or Solaris:
1. Log on to the file server as a user with read/write access to the device where
you want to create a storage area.
2. Create or designate a directory for the first storage area where content will be
stored (as in, fsa1). For example:
$ mkdir /opt/filenet/file_stores/fsa1
3. Set the Content Platform Engine operating system user as the owner of fsa1
and give group access permission to the Content Platform Engine operating
system group. For example:
chown cpe_os_user:cpe_os_group fsa1
Tip: The UID (user ID) for cpe_os_user and the GID (group ID) for cpe_os_group
on the file server must match the UID and GID for the same user and group on
the machine where Content Platform Engine and Content Search Engine are
running. This will normally be true if all machines use the same directory
service, but they might be different.
4. Change the permissions on fsa1 so that cpe_os_user and cpe_os_group both have
read/write/execute privileges and all other users have no privileges:
chmod 0770 fsa1
5. Via NFS, export fsa1. Alternatively, if the file server will host more than one
file storage area, export the parent directory. In the latter case, for example,
export /opt/filenet/file_stores, rather than /opt/filenet/file_stores/fsa1,
and then create a separate subdirectory to serve as the root of each file storage
area.
Tip: It is a best practice to restrict trusted hosts to just those on which an

instance of Content Platform Engine Server or Content Search Engine is
executing. Root access should also be restricted. Refer to the AIX, HPUX,
HPUXi, Linux, Linux on System z, or Solaris administrator manual for details
on exporting files in NFS.
Configuring a Windows-based file server for a Windows client using CIFS:
You must configure security permissions on the directories where file storage areas
are going to be located.
To configure a Windows-based file server:

1. Log on to the Windows file server as cpe_os_user.
2. Create (or designate) a directory fsa1 where content will be stored. For
example: C:\filenet\file_stores\fsa1
3. Navigate in Windows Explorer to fsa1, right-click the file icon, and choose
Properties.

4. In the Security tab, click Advanced.
5. In the Advanced Security Settings dialog box:
a. Grant Full Control to cpe_os_user and cpe_os_group, and select This Folder,
subfolders, and files from the Apply to drop-down list.
b. Remove all other users and groups in the Permission entries table.
c. Click OK.
6. In the Sharing tab, perform the following tasks:
a. Click Share this folder and click Permissions.
b. Grant Full control to cpe_os_user and cpe_os_group.
c. Remove all other users and groups in the Permission entries table.
d. Click OK.
Configuring a Windows-based file server for an AIX, HPUX, HPUXi, Linux, Linux on
System z, or Solaris client using NFS:
To configure Windows Services for NFS, use the procedures in Microsoft

documentation.
To configure Windows Services for NFS:

1. Do all the steps in Configuring a Windows-based file server for a Windows
client using CIFS on page 42.
2. Use the procedures in Microsoft documentation to configure Windows Services
for NFS to expose fsa1.
Tip:
v Windows Services for NFS is an optional Windows component.
v As part of configuring Windows Services for NFS, you must set up a
mapping of Windows users and groups to the AIX, HPUX, HPUXi, Linux,
Linux on System z, or Solaris users and groups. When setting up the
mapping for cpe_os_user and cpe_os_group, you must specify the same UID
(UNIX user ID) and GID (UNIX group ID) that these accounts have on the
machine where Content Platform Engine Server is installed.
Configuring the remote access protocol on the client machine:
When configuring the remote file access protocol (NFS or CIFS), the client machine
is the one where Content Platform Engine Server or IBM Content Search Services
are running. Configuring the remote access protocol (NFS or CIFS) means
designating a directory (where content is be stored) so that it appears to be on the
local file system of the client machine.
To configure remote access protocol:

v To configure AIX, HPUX, HPUXi, Linux, or Solaris-based Content Platform
Engine Server to communicate with an AIX, HPUX, HPUXi, Linux, Solaris or
Windows file server via NFS:
1. On the application server where you are going to deploy Content Platform
Engine Server, log on as the user who launched the application server.
2. Mount the exported NFS file system (from step 5 on page 42 of Configuring
a file server based on AIX, HPUX, HPUXi, Linux, Linux on System z, or
Solaris on page 42) onto a local directory on the Content Platform Engine

machine. The mount point must be in the same location in the local file
system on all machines where Content Platform Engine Server is going to be
installed.
For example, on Linux or AIX:
mount filesrv:/opt/filenet/file_stores/home/filenet/file_stores
where filesrv is the host name of the file server where the exported NFS file
system is located.
In this example, all Content Platform Engine Server machines (including
machines that are part of the same server farm or cluster) must mount the
remote file system at /home/filenet/file_stores.
v To configure Windows-based Content Platform Engine Server to communicate
with a Windows file server via CIFS:
1. If both Content Platform Engine Server and the file server are in the same
Windows domain, no action is required. If they are in different domains,
establish access to the file server machine from the machine where you will
install Content Platform Engine Server.
Using IBM Support data collection tools

IBM Support data collection tools automate the gathering and sending of
appropriate diagnostic data to IBM Support for investigation and resolution of
installation, upgrade, or runtime problems in IBM FileNet P8 products. Typically
you would run an IBM Support data collection tool after installing or upgrading
the product, or when the IBM FileNet P8 system is in production.
To use an IBM Support data collection tool, your IBM FileNet P8 product must be
supported by the tool and must have Internet access to the IBM Support back-end
servers where the collected data is analyzed. If your product does not meet these
requirements, IBM Support can assist you in determining the most effective
manual method to collect and deliver the diagnostic data for analysis.
Two IBM Support Assistant data collection tools are available, at the IBM Support
Assistant Data Collectors website:
v IBM Support Assistant Data Collector is a web-based tool that can be used at
any time; there is nothing to install.
v IBM Support Assistant Lite Data Collector must be installed on the servers
where you installed or upgraded your IBM FileNet P8 products before it can be
used. By installing the tool before your IBM FileNet P8 system goes into
production, you avoid the possibility of not being able to install it after a
runtime problem occurs.
To determine which IBM Support data collection tool supports your IBM FileNet
P8 product:
1. Browse to the IBM Support Assistant Data Collectors website.
2. Find an IBM Support data collection tool that supports your product:
v To determine whether IBM Support Assistant Data Collector supports your
product, complete the following substeps:
a. Click the Data Collectors tab on the IBM Support Assistant Data
Collectors home page, and then click Launch.

b. Expand the I need to collect data for drop-down list. If your product is
listed, then you can use IBM Support Assistant Data Collector.
v To determine whether IBM Support Assistant Lite Data Collector supports
your product, complete the following substeps:
Collectors home page.
b. Choose Enterprise Content Management in the Select a brand to begin
the download process drop-down list.
c. Expand the Select a product to access the download page drop-down
list. If your product is listed, then you can use IBM Support Assistant Lite
Data Collector.
3. Follow the instructions on the web page for the tool that supports your product
to use the tool directly or to install it, as needed.
Security administrator installation tasks

The Security administrator must prepare the security environment for the FileNet
P8 platform, including planning the security environment, configuring the
directory server, and creating accounts.
Review all rows assigned to the Security administrator (SA) in the Installation and
Upgrade Worksheet. While you complete the following preparation tasks, provide
values for the rows that are appropriate to your installation.
With the Data > Filter > AutoFilter command enabled, as it is by default in the
worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties assigned to a particular Role:
v Click the AutoFilter drop-down arrow in the Role column header and select
SA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any
of the other columns and selecting a value or clear a filter by selecting All.
Security planning considerations
Information in this section is provided to assist in the security planning process
but is not a complete description of any security feature or level of support.
Configuring directory server on page 48
The Security administrator must perform certain configurations on the directory
server that will provide the authentication repository for your FileNet P8
system.
Creating the application server administrative console user (WebSphere) on
page 57
An LDAP account to which you have granted the WebSphere Application
Server administrative role.
Creating Content Platform Engine directory server accounts on page 58
Content Platform Engine requires several directory server accounts that must be
provided during installation.
Creating Application Engine or Workplace XT directory server accounts on
page 70
Directory server accounts are needed to administer Application Engine or
Workplace XT.
Security planning considerations

Information in this section is provided to assist in the security planning process
but is not a complete description of any security feature or level of support.

Authentication and authorization are separate processes.
Authentication (logon security) is separate from authorization (object and
process security). You must configure your JAAS login on the Content
Platform Engine application server so that any user or group that can
successfully log on to FileNet P8 resources can also be authorized to work
within FileNet P8 interfaces, using the Content Platform Engine directory
service provider connection.
Configuration Manager captures configuration information to create your
application server authentication provider; or you can use an
authentication provider that already exists on the application server.
Immediately following the initial Content Platform Engine deployment,
you will use IBM Administration Console for Content Platform Engine to
configure the Content Platform Engine authorization by creating a
Directory Configuration.
Logins are done through JAAS.
FileNet P8 uses Java Authentication and Authorization Service (JAAS) for
authentication, which is a process that occurs between a Java EE client
application, a Java EE application server, and one or more JAAS login
modules. This process does not involve any FileNet P8 code.
FileNet P8 platform uses JAAS for authentication only, not for
authorization on stored objects. Also, it does not support Java Security
Manager.
Determine single sign-on (SSO) requirements.
Content Platform Engine ability to use JAAS-based authentication means
that if a single sign-on (SSO) provider writes a JAAS LoginModule for a
supported application server, then clients of FileNet P8 applications hosted
in that application server can use that SSO solution. See Single Sign-On
Solutions for IBM FileNet P8 at ibm.com/redbooks for configuration
information.
Determine Kerberos applicability.
You can use Kerberos for SSO authentication between .NET applications or
other products that use it, provided you use Windows Active Directory as
the directory server.
Decide how many authentication realms you require.
At least one authentication realm is required, which you create during an
initial installation by running the Configuration Manager Configure LDAP
task. After making sure that the first realm is working properly, you can
configure additional realms, depending on your security model and
requirements.
Make sure that you have a directory service provider in place.
Directory services are provided by third-party directory servers. Refer to
the IBM FileNet P8 system requirements for the list of supported products.
Starting with version 5.2, Content Platform Engine supports heterogeneous
directory server configurations when running in an IBM virtual member
manager environment. (To use virtual member manager, Content Platform
Engine requires WebSphere Application Server version 7.0 or above.) For
all other directory environments, only homogenous LDAP server
combinations are supported, meaning that a single FileNet P8 domain can
be configured to use only one of the supported directory servers.
Understand the users and groups required for FileNet P8.
All general administrative users and groups needing access to FileNet

P8-based applications must reside in one of the supported directory
servers. The planning and preparation tasks provide instructions for
creating the administrative accounts required for installation and initial
configuration.
(WebLogic only) Any WebLogic authentication provider must be dedicated to
FileNet P8.
For performance reasons, do not share any authentication provider that is
used by WebLogic for deployed FileNet P8 components with applications
used for other purposes.
You can configure Content Platform Engine to use email or UPN for login
You can assign the directory server's email attribute or, for Active
Directory, the userPrincipalName (UPN) to be the user short name that is
used for login. Instructions in the IBM FileNet P8 Platform Installation and
Upgrade Guide provide a link to a procedure that explains how to do this.
(WebSphere only) Choose Stand-alone or Federated repository type.
There is an option in the Configuration Manager Configure LDAP task to
select whether the WebSphere Application Server repository type is
Stand-alone LDAP registry or Federated repositories. To have
Configuration Manager use your repository type setting, select the
Configuration Manager option Set as current active user registry.
If you choose Stand-alone LDAP registry
Configuration Manager changes the administrative console user
login to the account you enter as the Administrative console user
name. This account must reside in the Stand-alone LDAP registry
location. The existing administrative console user login, if any,
becomes invalid.
To have Configuration Manager replace an existing Stand-alone
LDAP registry configuration, you must enable the Configuration
Manager option Overwrite existing repository.
If you choose Federated repositories
By choosing the Federated repositories option in Configuration
Manager, you are adding a new LDAP realm to an existing
Federated LDAP repository. The administrative console user name
that you provide must be a unique user across all federated realms.
Avoid overlapping realm definitions
In the Configuration Manager task Configure LDAP, if you set the
WebSphere Application Server LDAP repository type option to
Federated repositories, do not enter repositories with overlapping
suffixes as they are not supported. For example, the following two
repositories with overlapping Base entry distinguished names are
not supported:
v dc=ibm,dc=com
v dc=filenet,dc=ibm,dc=com
This restriction especially applies to Active Directory parent and
child domains, since by definition parent/child domains in AD
have overlapping suffixes.
The repositories in the next example are supported, because they
are sibling repositories and do not overlap:
v dc=tivoli,dc=ibm,dc=com
v dc=filenet,dc=ibm,dc=com

Administrative security must be enabled
Configuration Manager does not change the state of WebSphere
administrative security. If it was on before running Configuration
Manager, then it stays on; if it was off before, then it stays off.
WebSphere Application Server security domains
Content Platform Engine supports WebSphere Application Server
security domains, a feature that is introduced in WebSphere
Application Server 7.0. Security domains allow administrators to
define multiple security configurations for use in a single cell or
application server. By default, all administrative and user
applications in WebSphere Application Server use the same global
security configuration. However, with security domains, you can
create additional security configurations if you want to specify
different security attributes for some or all of your user
applications. For example, you can define different settings (such
as a different user registry) for user applications than for
administrative applications. You can also define separate security
configurations for user applications that are deployed to different
servers and clusters.
To use security domains, you deploy Content Platform Engine in
the normal way, and then use your WebSphere Application Server
administrative console to create a security domain and to assign
Content Platform Engine to it. Content Platform Engine code then
automatically honors this domain setting. All Content Platform
Engine servers and clients must be in one of the available
WebSphere security domains. Also, the Content Platform Engine
bootstrap account (cpe_bootstrap_admin) must be present in both the
WebSphere Application Server global security configuration and
the security domain that applies to the Content Platform Engine; or
you can skip the bootstrap login at the server startup by setting the
JVM argument
-Dcom.filenet.engine.init.BGThreadsAsBootstrapId=false.
Configuring directory server

The Security administrator must perform certain configurations on the directory
server that will provide the authentication repository for your FileNet P8 system.
Configuring Windows Active Directory on page 49
You can configure Microsoft Windows Active Directory to be the directory
service for FileNet P8.
Configuring Active Directory Lightweight Directory Services (AD LDS) on
page 49
You can configure Active Directory Lightweight Directory Services (AD LDS) to
be the directory service for FileNet P8.
Configuring Oracle Directory Server Enterprise Edition on page 50
You can configure Oracle Directory Server Enterprise Edition to be the directory
Configuring Novell eDirectory on page 51
You can configure Novell eDirectory to be the directory service for FileNet P8.
Configuring Oracle Internet Directory on page 51
You can configure Oracle Internet Directory to be the directory service for
FileNet P8.
Configuring IBM Tivoli Directory Server on page 52
You can configure IBM Tivoli Directory Server to be the directory service for
FileNet P8.
Configuring IBM virtual member manager on page 52
You can configure IBM virtual member manager to be the directory service for
FileNet P8.
Configuring CA Directory on page 57
You can configure CA Directory to be the directory service for FileNet P8.
Configuring Windows Active Directory:
You can configure Microsoft Windows Active Directory to be the directory service
for FileNet P8.
In a multi-domain Active Directory environment, a logon will fail for any account
whose user name and password in a parent/child domain does not match those in
a child/parent domain.
If you have an Active Directory failover configuration, you can configure FileNet
P8 to follow this failover sequence whenever Content Engine attempts to authorize
an already authenticated user. You can do this during Content Engine installation
while running the Create a Directory Configuration wizard, or at any time after.
Server Side Sorting (SSS) must be enabled. This is because FileNet P8 components
call on Content Platform Engine to perform searches using a sorted paging
mechanism. Note that SSS is normally enabled by default but is sometimes
disabled due to concerns with performance.
DNS forwarders provide external DNS lookup functionality. If you are working in
an "isolated" network, a DNS forwarder is not required. However, if you want to
access the Internet or other network resources, then a DNS forwarder pointing to a
DNS server that serves the external resources (for example, the Internet) is
required.
To enable DNS forwarders:

1. On the machine that is configured as the Windows DNS Server, log on with an
account that can configure the DNS components.
2. Start DNS. For example, on Windows 2008, choose Start > All Programs >
Administrative Tools > DNS .
3. Right-click the your_computer_name container and select Properties.
4. Select the Forwarders tab and verify the check box for Enable forwarders is
selected. If this feature is grayed out (unavailable), you must reconfigure your
DNS server.
5. If you selected the check box, add an appropriate IP address and click OK. This
IP address can be the IP address of a DNS server that allows traffic to the
Internet.
Configuring Active Directory Lightweight Directory Services (AD LDS):
You can configure Active Directory Lightweight Directory Services (AD LDS) to be
the directory service for FileNet P8.

You can use AD LDS as a standalone directory service, or you can synchronize AD
LDS with Active Directory, using Microsoft's built-in tools. Synchronization is
invisible to FileNet P8 applications and authentication. It is a best practice to
establish the connection between Active Directory and AD LDS before installing
IBM FileNet P8. Consult your AD LDS documentation for full information.
Configuring Oracle Directory Server Enterprise Edition:
You can configure Oracle Directory Server Enterprise Edition to be the directory
On Windows servers, Oracle Directory Server Enterprise Edition should be

installed on an NTFS hard drive partition.
If there are more than 2,000 users in the Directory Server, you must increase the
resource limits to correctly display users in FileNet P8. IBM recommends setting
this limit to -1 (unlimited). You can either set this limit for the entire LDAP server
or for the individual FileNet P8 users.
Setting the resource limits for the entire Oracle Directory Server Enterprise
Edition (v 5.2)
User resource limits take precedence over server resource limits. Existing users
who have a value specified for resource limits will not be affected by the
changes made in the following steps.
Setting the resource limits for individual FileNet P8 users (Oracle Directory
Server Enterprise Edition) on page 51
Set resource limits any time you add IBM FileNet P8 users to your configured
Oracle Directory Server Enterprise Edition.
Setting the resource limits for the entire Oracle Directory Server Enterprise Edition (v
5.2):
User resource limits take precedence over server resource limits. Existing users
who have a value specified for resource limits will not be affected by the changes
made in the following steps.
To set the resource limits:

1. On the server where Oracle Directory Server Enterprise Edition (formerly
named Sun Java System Directory Server) is installed, log in with an account
that has rights to modify the Oracle Directory Server Enterprise Edition
environment.
2. Run the Oracle Directory Server Enterprise Edition console and log in.
3. Expand the Domain > Server Group containers and select your Directory
Server.
4. Right-click and select Open.
5. Select the Configuration tab.
6. Select the Performance container.
7. Select the Client Control tab.
8. For the LDAP group box, ensure that Size limit and Look-through limit are
both set to Unlimited.

9. If changes were made, click Save.
10. Select the Tasks tab and Restart the Directory Server if changes were made.
Setting the resource limits for individual FileNet P8 users (Oracle Directory Server
Enterprise Edition):
Set resource limits any time you add IBM FileNet P8 users to your configured
Oracle Directory Server Enterprise Edition.
To set the resource limits for individual users:

1. From the Oracle Directory Server Enterprise Edition console, expand the
Domain > Server Group containers and select your Directory Server. Then
click Open.
2. Select the Directory tab.
3. From the left pane, select the Object (OU, etc.) that contains the user(s) you
want to change.
4. For each FileNet P8 user whose limit you want to change, complete the
following steps:
a. From the right pane, double-click the user name.
b. Select Properties.
c. On the left pane of the Properties dialog box, select Account.
d. Enter -1 in the Look through limit and size limit fields.
e. Click OK.
5. Restart the Directory Server.
Configuring Novell eDirectory:
You can configure Novell eDirectory to be the directory service for FileNet P8.
Make sure to consider the following requirements:

v The Windows server where Novell eDirectory Server is installed must have an
NTFS hard drive partition.
v The Novell eDirectory administrator might have to create an index if the sorting
attribute is not in the list of default attributes shipped by eDirectory.
v Access control settings in FileNet P8 require that all users have Browse access on
the directory server. If you do not want to set Browse access at the individual
user level, it is a best practice to establish a Public trustee for the realm.
v FileNet P8 supports cross-realm group memberships. This means that FileNet P8
supports a configuration in which a group is in one realm while some or all of
its users are in another.
v Server Side Sorting (SSS) must be enabled. This is because FileNet P8
components call on Content Platform Engine to perform searches using a sorted
paging mechanism. Note that SSS is normally enabled by default but is
sometimes disabled due to concerns with performance.
Configuring Oracle Internet Directory:
You can configure Oracle Internet Directory to be the directory service for FileNet
P8.

v When installing Oracle Internet Directory (OID) using the Oracle Universal
Installer, you must at a minimum select to install the Oracle Internet Directory
component. The Oracle Universal Installer will ensure that certain other
components that OID requires will also be installed.
v If Oracle Internet Directory is installed on a Windows server, it must have an
NTFS hard drive partition.
v The security administrator might have to create an index if the sorting attribute
is not in the list of default attributes shipped by Oracle Internet Directory.
Configuring IBM Tivoli Directory Server:
You can configure IBM Tivoli Directory Server to be the directory service for
FileNet P8.
If your system requires continuous availability and a high degree of reliability, you
should configure failover for authorization.
Configuring IBM virtual member manager:
You can configure IBM virtual member manager to be the directory service for
FileNet P8.
A directory service provider, called VMM Provider, is implemented to retrieve

users and groups from virtual member manager repositories. VMM Provider is
used only with WebSphere Application Server version 7.0 or above that is
configured for Federated Repositories.
Virtual member manager is a system component of WebSphere Application Server.

It performs Java Authentication and Authorization Service (JAAS) authentication
by WebSphere Federated Repository, which is a type of WebSphere Application
Server login module. Virtual member manager repositories are therefore the same
as WebSphere federated repositories. In addition to serving as a WebSphere
Application Server authentication provider, virtual member manager is also treated
by Content Platform Engine as a virtual directory service. When you use
WebSphere Application Server as the hosting application server, you can configure
Content Platform Engine to retrieve users and groups from virtual member
manager for the purposes of authorization.

WebSphere Server
Content Platform Engine
VMM Provider
VMM
VMM API
Adapter SPI
File LDAP Custom

Repository Repository Repository
Virtual member manager provides the following benefits:

v Support for heterogeneous directory services, such as both Active Directory and
Tivoli Directory Server.
v Support for heterogeneous repositories, such as LDAP repositories and file
repositories.
Not all virtual member manager repositories support server-side sorting. To keep
the behavior the same across repositories, VMM Provider does not retrieve the
entire search result set; it retrieves only the first N principals from virtual member
manager repositories for Principal Search. The value of N is defined by the page
size of findUsers() or findGroups() method in the Content Platform Engine Realm
class. VMM Provider returns only the first page of search result for Principal
Search.
Configuring a virtual member manager LDAP repository
You can configure IBM virtual member manager to use an approved LDAP
repository to be the directory service for FileNet P8.
Configuring a virtual member manager file repository on page 55
You can configure IBM virtual member manager to use a file-based repository
to be the directory service for FileNet P8.
Configuring a virtual member manager custom repository on page 56
You can configure IBM virtual member manager to use a custom repository to
Configuring a virtual member manager LDAP repository:
You can configure IBM virtual member manager to use an approved LDAP
repository to be the directory service for FileNet P8.
You must provide and configure one or more LDAP repositories that are certified
for use by WebSphere Application Server.
This task describes the values that you must provide when you configure Content
Platform Engine using Configuration Manager.
Configuring Content Platform Engine to use virtual member manager LDAP

repositories is slightly different from configuring a typical Content Platform
Engine-LDAP connection.

1. To prepare Content Platform Engine to connect to a directory server through
virtual member manager specify the following properties in Configuration
Manager and Administration Console for Content Platform Engine:
Configuration Manager Configure LDAP

task property Enter this value
Directory service provider type Specify the directory server that you are
using behind IBM virtual member manager.
(Content Platform Engine points to IBM
virtual member manager that points to the
LDAP you specify with this property.)
Examples include Active Directory and
eDirectory.
Note: If you use multiple LDAPs, use the
WebSphere administrative console to add
more LDAP repositories.
WebSphere Application Server LDAP Select Federated repositories.
repository type Note: This value ensures that Content
Platform Engine uses virtual member
manager.
Set as current active user registry Select the check box.
Configuration Manager Bootstrap and Text

Extraction task property Enter this value
Bootstrap user name (cpe_bootstrap_admin) Use an account that exists in the IBM virtual
member manager LDAP repository.
Note: Record this value in your

customized Installation and Upgrade
Worksheet. To find this property, search the
worksheet for instances of
cpe_bootstrap_admin.
Administration Console for Content

Platform Engine Create a New Domain
wizard property Enter this value
Directory Service Provider type IBM virtual member manager
Note: You do not need to specify values for
any of the other directory service properties,
such as Host, Port, User Base DN, or User
Search Filter.

worksheet for instances of ACCE: New
Domain wizard.
2. Record these values in your customized Installation and Upgrade

Worksheet. To help find these properties, search the worksheet for instances of
virtual member manager.
3. Log in to the WebSphere administrative console as a local WebSphere
administrative user.
a. Navigate to Security > Global security > Federated repositories.

b. Verify that only two repositories are in the realm:
o=defaultWIMFileBasedRealm, and the one you created. Keep the file
repository in the list because you must use the local WebSphere
administrative user.
c. If there are other unrelated repositories in the list, delete them, save the
change, and restart WebSphere Application Server.
Configuring a virtual member manager file repository:
You can configure IBM virtual member manager to use a file-based repository to
An installation of WebSphere Application Server automatically has a file repository

ready to use, along with a local WebSphere administrative user. A file-based
repository can be used by about 1000 users and 50 groups. The number of groups
that are defined and the number of users per group affect the performance of
searching for the group membership of a user.
This task describes the values that you should provide while you carry out steps
that are described elsewhere. It is assumed that you already have a file-based
repository that is populated with the user and group accounts that are required by
your application.
Configuring Content Platform Engine to use virtual member manager file-based

repositories is slightly different from configuring a normal Content Platform
Engine-LDAP connection.
1. Verify that you have a file repository in the realm:
a. Log in to WebSphere Application Server Administrative Console as a local
WebSphere administrative user.
b. Navigate to Security > Global security > Federated repositories.
c. Make sure you see only the Base Entry o=defaultWIMFileBasedRealm. If
there are other unrelated repositories in the list, delete them, save the
change, and restart WebSphere Application Server.
2. To prepare Content Platform Engine to use VMM file repository:

Do not run the Configure LDAP task. Do not provide values for the Configure
LDAP task.

Bootstrap user name (cpe_bootstrap_admin) Use an account that resides in the virtual
member manager file-based repository.


Search Filter.

Domain wizard.
3. Record these values in your customized Installation and Upgrade

Worksheet. To help find these properties, search the worksheet for instances of
virtual member manager.
Configuring a virtual member manager custom repository:
You can configure IBM virtual member manager to use a custom repository to be
the directory service for FileNet P8.
For Custom user repositories, you must provide an adapter which implements the
com.ibm.wsspi.wim.Repository interface. While IBM will support these custom
configurations, you must be prepared to work with the vendor who provided the
custom adapter implementation, as well as the underlying user repository. IBM
Support cannot take responsibility for issues that require changes to either the
adapter or the underlying user repository.
This task describes the values you should provide while you carry out steps that
are described elsewhere. It is assumed that you have already provided a custom
repository populated with the user and group accounts required by your
application.
Configuring Content Platform Engine to use virtual member manager custom

repositories is different than configuring a normal Content Platform Engine-LDAP
connection.
To prepare Content Platform Engine to connect to a directory server through

virtual member manager using a custom repository:

Do not run the Configure LDAP task. Do not provide values for the Configure
LDAP task.

Bootstrap user name (cpe_bootstrap_admin) Use an account that resides in the virtual
member manager custom repository.


Search Filter.

Domain wizard.
Configuring CA Directory:
You can configure CA Directory to be the directory service for FileNet P8.

v The Windows server where CA Directory Server is installed must have an NTFS
hard drive partition.
v The CA Directory administrator might have to create an index if the sorting
attribute is not in the list of default attributes shipped by CA Directory.
v FileNet P8 supports cross-realm group memberships. This means that FileNet P8
supports a configuration in which a group is in one realm while some or all of
its users are in another.
Creating the application server administrative console user

(WebSphere)
An LDAP account to which you have granted the WebSphere Application Server
administrative role.
1. Create the following directory service account:
WebSphere administrative console user

Unique identifier
appserver_console_user
Description
The appserver_console_user account is an LDAP account to which
you have granted the WebSphere Application Server
administrative role so that it can log in to the WebSphere
administrative console.
v If your WebSphere repository type is Stand-alone LDAP
registry, when you run the Configuration Manager Configure
LDAP task, enter the credentials of a valid LDAP user
account to be the appserver_console_user for the entry labeled
Administrative console user name. Configuration Manager
grants this account WebSphere administrative console
administrative rights. Alternatively, you can enter an LDAP
account that you have already configured as a console
administrator.
v If your WebSphere Application Server LDAP repository type
is Federated repositories, you can use the same user account
defined as your appserver_admin. However, if you specify a
user for the Administrative console user name that is
different from appserver_admin, it must be unique across all
federated realms including the WebSphere Application Server
local file-based repository.

appserver_console_user.
Creating Content Platform Engine directory server accounts

Content Platform Engine requires several directory server accounts that must be
provided during installation.

variable.
Create the following users and groups:

Creating Content Platform Engine bootstrap account on page 59
An account that Content Platform Engine uses to establish a connection with
the application server, access the application server's JNDI tree, look up the
data sources for accessing the GCD, and start up Content Platform Engine
background tasks.
Creating the GCD administrator on page 61
A directory service account that has Full Control access to the Content Platform
Engine domain object.

Creating the object store administrator on page 62
A directory service account that has Full Control access to a Content Platform
Engine object store.
Creating directory service user (Active Directory) on page 63
A directory service account that Content Platform Engine uses to connect to the
directory server.
Creating directory service user (AD LDS) on page 64
directory server.
Creating directory service user (Oracle Directory Server Enterprise Edition)
on page 65
directory server.
Creating directory service user (Novell eDirectory) on page 65
directory server.
Creating directory service user (IBM Tivoli Directory Server) on page 66
directory server.
Creating directory service user (Oracle Internet Directory) on page 67
directory server.
Creating directory service user (CA Directory) on page 68
directory server.
Creating the workflow system administrator on page 68
A directory server user account that is used by workflow to create isolated
regions.
Creating workflow system groups on page 69
Directory server groups whose members can manage workflows.
Creating Content Platform Engine bootstrap account:
An account that Content Platform Engine uses to establish a connection with the
application server, access the application server's JNDI tree, look up the data
sources for accessing the GCD, and start up Content Platform Engine background
tasks.
1. Create the following LDAP account:
Content Platform Engine bootstrap account
Unique identifier
cpe_bootstrap_admin
Description
The cpe_bootstrap_admin, also known as the Content Platform
Engine system user, is an account that is stored in the
CEMPBoot.properties file that is archived in the Content
Platform Engine EAR file. You enter the bootstrap account's
credentials while running the Configuration Manager's
Configure Bootstrap Properties task. Any deployments of the
EAR file for the same FileNet P8 domain must use the same
credentials for the bootstrap account.
Content Platform Engine uses this account to authenticate to
the application server and access the data sources named in the
GCDConnection property. Content Platform Engine will not be
able to start if this user is not able to authenticate.
In keeping with the principle of granting to an account only
those permissions necessary to accomplish its purpose, do not
use the cpe_bootstrap_admin account to serve in the role of
gcd_admin. This can happen if you log in as cpe_bootstrap_admin
the first time you start IBM Administration Console for Content
Platform Engine following initial installation. Doing this places
cpe_bootstrap_admin on the security tab of the FileNet P8
domain object with Full Control access rights. The result is that
the cpe_bootstrap_admin is functioning as the gcd_admin. This is
not a recommended configuration. If it is your configuration,
consider using IBM Administration Console for Content
Platform Engine to add a new gcd_admin account to the security
of the FileNet P8 domain object, making sure to grant Full
Control to the P8 domain, and then removing the
cpe_bootstrap_admin from the security tab of the P8 domain.
To make sure it is not misused or locked out by accident, do
not use cpe_bootstrap_admin as an all-purpose account. For
example, if a user tried to log on to some other application
using the cpe_bootstrap_admin account and provided the wrong
password several times, thereby exceeding the number of
allowable login failures, this account could be locked out of the
directory server, depending on your local policies. This would
mean that Content Platform Engine would not start.
If possible, exempt cpe_bootstrap_admin from policies requiring
periodic password change.
If you change your system's login parameters so that the
cpe_bootstrap_admin credentials are no longer valid, the result
would be that Content Platform Engine will not be able to start.
For example, if you modified the User Short Name Attribute
or User Search Filter, in the application server's authentication
provider and in the IBM Administration Console for Content
Platform Engine P8 Domain Properties > Modify Directory
Configuration > User property sheet, from samAccountName to
distinguishedName, you would also need to use the
Configuration Manager bootstrap task to make the same change
in the Content Platform Engine EAR file.
Restriction: If you are deploying Content Platform Engine on

an application server with federated user repositories and with
multiple realms in your FileNet P8 domain, be sure that no two
realms contain the same short name for this user; otherwise,
this user will not be able to authenticate.
The account must be a directory server account that resides in
the realm that has been configured for Content Platform Engine
authentication.
An exception to this rule is that if you are using IBM virtual
member manager, the bootstrap account must reside in the
file-based repository if your repository is file-based, or in the
custom repository if your repository is a custom repository.

If your application server is WebSphere Application Server and
your database is DB2 for z/OS, the account used for
cpe_bootstrap_admin must be a member of at least the
WebSphere Monitor role. This is required because Content
Platform Engine must add custom properties to the data
sources, and the Monitor role is the minimum privilege
required to read data source properties.
If you are using WebSphere Application Server security
domains, see Security planning considerations for additional
requirements for cpe_bootstrap_admin.

To find this property, search the worksheet for instances of cpe_bootstrap_admin.
Related tasks:
Creating the GCD administrator
Creating the GCD administrator:
1. Create the following directory server account:
GCD administrator
Unique identifier
gcd_admin
Description
The gcd_admin is able to create, modify, and delete Content
Platform Engine domain resources.
The gcd_admin account must reside in the directory service
realm specified in Configuration Manager's Configure LDAP
task.
A GCD administrator can grant Full Control rights to
additional users and groups, thereby making them GCD
administrators as well. Being a GCD administrator does not
automatically make you an object_store_admin, which is assigned
on the object store's own property sheet.
Log on to IBM Administration Console for Content Platform
Engine as gcd_admin in order to:
v Create the GCD by launching the Configure New Domain
Permissions wizard the first time you start IBM
Administration Console for Content Platform Engine to
establish the FileNet P8 domain.
v Carry out administrative tasks for the FileNet P8 domain.
Use IBM Administration Console for Content Platform Engine
to grant Full Control access to the Content Platform Engine
domain object.

To find this property, search the worksheet for instances of gcd_admin.

Creating the object store administrator:
A directory service account that has Full Control access to a Content Platform
Engine object store.
Object Store administrator and group
Unique identifier
object_store_admin or object_store_admin_group
Description
A directory service account that can administer an object store
by having Full Control access to it. You can also grant Full
Control to an object store to group accounts, thereby making all
members of the group object store administrators.
Each time a gcd_admin runs the Object Store Wizard, you are
asked to specify the users and groups who should have
administrative access to the object store. Each object store could
therefore have a different set of object store administrators.
Conversely, if you want the same groups to administer all
object stores in the FileNet P8 domain, you must add them
while creating each new object store using the Object Store
Wizard. By default, the GCD administrator creating the object
store also becomes an object store administrator, but you can
remove it if your security design requires dedicated accounts
for each object store and GCD.
Object store administrative rights do not include the ability to
add, move, or remove object stores, fixed content devices,
content cache areas, or any of the other FileNet P8 domain
resources. These permissions are granted only to GCD
administrators.
An object store administrator is not also a GCD administrator
unless also specifically granted those permissions. This means
that an object store administrator who is not also a GCD
administrator would have to request that a GCD administrator
create a new domain resource like an object store. Once these
objects are created by the GCD administrator, however, the
object store administrator can populate the object store with
new classes and folders, store content in the file storage area,
assign markings, and so on.
The list of object store administrators is available for viewing
and modifying in the IBM Administration Console for Content
Platform Engine Object Store > Properties > Security property
page. You can add or remove users or groups from this list at
any time later on.
Tip: Keeping the number of accounts assigned as object store

administrators or object store users as small as possible will
improve performance and simplify administration. The best
way to do this is to use group accounts instead of large
numbers of individual users. Groups can have as many
members as you want and can contain other groups.

Use IBM Administration Console for Content Platform Engine
to grant an object_store_admin or object_store_admin_group Full
Control access to one or more object stores.

To find this property, search the worksheet for instances of object_store_admin
and object_store_admin_group.
Creating directory service user (Active Directory):
directory server.
Directory service (bind) user account (Active Directory)
Unique identifier
cpe_service_user
Description
Provide the fully qualified distinguished name of
cpe_service_user as the directory service bind user name while
running Configuration Manager and also when you run the
Administration Console for Content Platform Engine Directory
Configuration Wizard.
cpe_service_user performs the following roles:
v Acts as the bind user specified by the application server to
search through realms to authenticate a user when the user
logs in to a Content Platform Engine client.
v Acts as the user specified in the GCD that searches users and
groups to authorize access to a specific FileNet P8 object after
a user has been authenticated.
cpe_service_user as the LDAPBindDN while running
Configuration Manager and also when you run the
Configuration Wizard. Available for viewing and modifying in
the Administration Console for Content Platform Engine
Directory configuration tab.
The Directory Service User cannot be accessed using referrals.
Use Active Directory tools to grant cpe_service_user at least the
following minimum rights to all entries (including user and
group entries) in each security realm that is configured for your
FileNet P8 domain:
v Read access rights (specifically the Read All Properties
permission) to the forest-wide configuration directory
partition and the domain directory partition in each desired
domain in the Active Directory forest. Because Authenticated
Users by default is a member of the Pre-Windows 2000
Compatible Access group which has these permissions, you
will need to assign the permissions to cpe_service_user only if
the default is modified or Authenticated Users access rights
are restricted.

To find this property, search the worksheet for instances of cpe_service_user.
Creating directory service user (AD LDS):
directory server.
Directory service (bind) user account (Active Directory Lightweight Directory
Service) (AD LDS, formerly known as ADAM)
Unique identifier
cpe_service_user
Description
An AD LDS user account that Content Platform Engine uses to
connect to a single Microsoft AD LDS partition. To configure
this, perform the following steps:
a. Start ADAM ADSI Edit under Start > All Programs >
ADAM.
b. Connect to the partition. Expand partition in left-hand pane
and click the CN=Roles node.) Be sure you have selected
the CN=Roles container in the partition not under the
CN=Configuration.)
c. In the right-hand pane right-click the CN=Readers group
and select Properties.
d. In the Attributes list double-click the member attribute.
e. Click Add ADAM Account.

f. Enter the full DN of the user to be designated as the service
user while running the Content Platform Engine installation
program, and click OK.
g. Click OK and click OK again.

Creating directory service user (Oracle Directory Server Enterprise Edition):
directory server.
Directory service (bind) user account (Oracle Directory Server Enterprise
Edition)
Unique identifier
cpe_service_user
Description
Use your directory server's tools to grant cpe_service_user at
least the following minimum rights to all entries (including
user and group entries) in each security realm that is
configured for your FileNet P8 domain: Read, Search, Compare.

Creating directory service user (Novell eDirectory):
directory server.
Directory service (bind) user account (Novell eDirectory)
Unique identifier
cpe_service_user
Description
configured for your FileNet P8 domain: Read and Compare.

Creating directory service user (IBM Tivoli Directory Server):
directory server.
Directory service (bind) user account (IBM Tivoli)
Unique identifier
cpe_service_user
Description


Creating directory service user (Oracle Internet Directory):
directory server.
Directory service (bind) user account (Oracle Internet Directory)
Unique identifier
cpe_service_user
Description


Creating directory service user (CA Directory):
directory server.
Directory service (bind) user account (CA Directory)
Unique identifier
cpe_service_user
Description

Creating the workflow system administrator:
A directory server user account that is used by workflow to create isolated regions.

The variable name for this account has been changed from earlier releases. It was
formerly referred to as the pe_region_admin, but the permissions are the same.
1. Create the following account:
Workflow system administrator
Unique identifier
workflow_system_admin
Description
A directory server user account that has Full Control access
rights to the FileNet P8 domain, and has also been granted
rights through its membership in the workflow_admin_group. The
workflow_system_admin therefore has permissions equivalent to
the gcd_admin but should be used only for workflow purposes.
Content Platform Engine permissions can be granted by a
gcd_admin who uses IBM Administration Console for Content
Platform Engine to add the workflow_system_admin to the ACL
of the FileNet P8 domain and grant it Full Control.
Permissions are granted by using your directory server tools to
add the workflow_system_admin to the workflow_admin_group. The
workflow_admin_group permissions are configured while running
IBM Administration Console for Content Platform Engine.
Full Control access rights on the FileNet P8 domain.
Membership in the workflow_admin_group.

workflow_system_admin.
Creating workflow system groups:
Directory server groups whose members can manage workflows.

1. Create the following directory server groups:
Workflow system administration group
Unique identifier
workflow_system_admin_group
Description
Members of this group are granted privileges for administering
the workflow system by the Administration Console for
Content Platform Engine.
Workflow system configuration group
Unique identifier
workflow_system_config_group
Description
Members of this group are granted privileges for configuring
the workflow system by the Administration Console for
2. Provide these group names while configuring database connection points in
Administration Console for Content Platform Engine.

To find these properties, search the worksheet for instances of
workflow_system_admin_group and workflow_system_config_group.
Creating Application Engine or Workplace XT directory server

accounts
Directory server accounts are needed to administer Application Engine or
Workplace XT.

variable.
Create the following users and groups. All IBM FileNet Workplace accounts, as
well as accounts for other client applications and expansion products that use
Content Engine or Application Engine, must have passwords.
Creating the Application Engine or Workplace XT administrator account
Creating the Application Engine or Workplace XT administrator account:

Application Engine or Workplace XT administrator account
Unique identifier
ae_admin_user or wpxt_admin_user
Description
This account serves in the role of Application Engine or
Workplace XT administrator. You will specify this account as a
member of the Application Engine or Workplace XT
administrator role when you set bootstrap preferences. The
account must have a password.

To find this property, search the worksheet for instances of ae_admin_user or
wpxt_admin_user.
Database administrator installation tasks

Review all rows that are assigned to the database administrator (DBA) in the
Installation and Upgrade Worksheet. While you complete the following preparation
tasks, provide values for the rows that are appropriate to your installation. (Your
organization might have different roles, and some of the responsibilities of listed
roles vary from the roles that are assigned by default in this documentation.)
the worksheet file (p8_worksheet.xls), complete the following actions to quickly
see only the properties assigned to a particular Role:
DBA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any of
the other columns and selecting a value or clear a filter by selecting (All).
As an alternative, you can use the Customize Worksheet filtering macro, which is
in the Instruction tab on the Installation and Upgrade Worksheet.
If you are installing in a non-English environment, review the information and

procedures in Appendix A, Preparing non-English environments for installing
FileNet P8, on page 163 before you begin your preparation tasks.
If you are installing Content Platform Engine in a highly available environment, it

is important that you follow the high availability steps within the Content Platform
Engine installation tasks. If Content Platform Engine is not available due to a
system failure, the other components are affected as well.
If you plan to tune the performance of your databases, review the information in
Tuning FileNet P8 databases before you begin.
Creating Content Platform Engine database accounts
Use your database tools to create new or designate existing database accounts
for Content Platform Engine.
Preparing Microsoft SQL Server on page 75
Plan the SQL Server installation and configuration, install the software, and
configure database components for FileNet P8 components after reviewing the
requirements.
Preparing Oracle server on page 81
Plan the Oracle installation and configuration, install the software, and
requirements.
Preparing DB2 for z/OS servers on page 87
Plan the DB2 for z/OS installation and configuration, install the software, and
configure database components.
Preparing the DB2 for Linux, UNIX and Windows server on page 89
Plan and prepare your IBM DB2 for Linux, UNIX and Windows server for
FileNet P8 installation.
Creating Content Platform Engine database accounts

Use your database tools to create new or designate existing database accounts for

variable.

Create the following users and groups. After the IT Administrator creates operating
system users and groups for DB2 databases, you must grant database permissions
to those accounts.
Creating a Content Platform Engine database user for DB2 for Linux, UNIX
and Windows
An operating system account on the database server that Content Platform
Engine uses to access DB2 for Linux, UNIX and Windows databases containing
the GCD and object stores.
Creating a database user for DB2 for z/OS on page 73
A database account that Content Platform Engine uses to access DB2 for z/OS.
This account is initially created as an operating system account.
Creating a Content Platform Engine database user for Oracle on page 74
A database user account that Content Platform Engine uses to connect to Oracle
databases containing the GCD and object stores.
Creating a Content Platform Engine database user for SQL Server on page 75
A database user account that Content Platform Engine uses to connect to SQL
Server databases containing the GCD and object stores.
Creating a Content Platform Engine database user for DB2 for Linux, UNIX and
Windows:
An operating system account on the database server that Content Platform Engine
uses to access DB2 for Linux, UNIX and Windows databases containing the GCD
and object stores.
1. Create the following database user account after the database instance has been
created:
Remember: The user name length is restricted to no more than eight

characters.
Content Platform Engine database user (DB2 for Linux, UNIX and Windows)
Unique identifier
cpe_db_user
Description
The IT administrator (ITA) creates this operating system
account, after which the database administrator (DBA) grants it
additional database permissions. Separate accounts can be used
for each object store, but are not required.
Do not create databases with the RESTRICTIVE option.
| Minimum required permissions
| Use your database tools to grant the following database
| permissions to this user account:
| v GRANT CONNECT ON DATABASE TO cpe_db_user
| v GRANT CREATETAB ON DATABASE TO cpe_db_user
| v GRANT USE OF TABLESPACE UserTablespace TO cpe_db_user
| v GRANT USE OF TABLESPACE UserTemporaryTablespace TO
| cpe_db_user
| v GRANT SELECT on SYSIBM.SYSVERSIONS TO cpe_db_user
| v GRANT SELECT on SYSCAT.DATATYPES TO cpe_db_user

| v GRANT SELECT on SYSCAT.INDEXES TO cpe_db_user
| v GRANT SELECT on SYSIBM.SYSDUMMY1 TO cpe_db_user
| v GRANT USAGE on workload
| SYSDEFAULTUSERWORKLOAD TO cpe_db_user
| v GRANT IMPLICIT_SCHEMA on DATABASE TO cpe_db_user
| For added security in a shared database environment, you can
| remove the Connect privilege from the Public group.
| Grant the following permissions if you want to use dedicated
| table spaces for Data, Index, and LOB.
| v GRANT USE OF TABLESPACE UserDataTablespace TO
| cpe_db_user
| v GRANT USE OF TABLESPACE UserIndexTablespace TO
| cpe_db_user
| v GRANT USE OF TABLESPACE UserLOBTablespace TO
| cpe_db_user
| v GRANT USE OF TABLESPACE UserTemporaryTablespace TO
| cpe_db_user

Creating a database user for DB2 for z/OS:
A database account that Content Platform Engine uses to access DB2 for z/OS.
This account is initially created as an operating system account.
1. Make sure you have already created the operating system account cpedbuser for
DB2 for z/OS. This procedure grants database permissions to that operating
system account.
2. Use your database tools to grant the following permissions to the
already-created cpedbuser:
Content Platform Engine database user (DB2 for z/OS)
Unique identifier
cpedbuser
Description
The cpedbuser must have DBADM authority of the DB2 instance
that will be used by the workflow system software.
DB2 for z/OS does not allow underscores in account names.
In a farmed or cluster configuration, each workflow system
must be configured to use the same database user name.
Grant the following database permissions to this user:
v GRANT DBADM ON DATABASE cpe_databasename TO
cpedbuser
v GRANT USE OF STOGROUP storagegroupname TO cpedbuser
v GRANT USE OF BUFFERPOOL buffer_pool_name TO
cpedbuser
v GRANT EXECUTE ON PACKAGE NULLID.* TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSINDEXES TO cpedbuser

v GRANT SELECT ON SYSIBM.SYSDUMMY1 TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSSEQUENCES TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSTABLES TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSVIEWS TO cpedbuser
v GRANT SELECT ON SYSIBM.SYSDATABASE TO cpedbuser
v (Required if you want to use data source sharing) GRANT
CREATEIN, ALTERIN, DROPIN ON SCHEMA * TO
cpedbuser

To find this property, search the worksheet for instances of cpedbuser.
Creating a Content Platform Engine database user for Oracle:
A database user account that Content Platform Engine uses to connect to Oracle
databases containing the GCD and object stores.
1. Create the following database account after creating the database instance:
Content Platform Engine database user (Oracle)
Unique identifier
cpe_db_user
Description
The owner account that Content Platform Engine uses to access
Oracle. Use one account for the object store and one for the
GCD.
In order to share database connections in Oracle, you must
grant additional privileges to cpe_db_user . See the topic Sharing
database connections in Oracle.
Grant each cpe_db_user at least the following permissions:
v CREATE SESSION
v CREATE TABLE
v CREATE VIEW
v CREATE SEQUENCE
v Alter user set QUOTA UNLIMITED on all table spaces used
by db user
v SELECT on pending_trans$
v SELECT on dba_2pc_pending
v SELECT on dba_pending_transactions
v SELECT on DUAL
v SELECT on product_component_version
v SELECT on USER_INDEXES
v EXECUTE on dbms_xa


Creating a Content Platform Engine database user for SQL Server:
A database user account that Content Platform Engine uses to connect to SQL
Server databases containing the GCD and object stores.
1. Create the following database account after the SQL Server instance is created:
Content Platform Engine database user (SQL Server)
Unique identifier
cpe_db_user
Description
The database accounts that Content Platform Engine uses to
access SQL Server. You can use the same account for the GCD
and object store databases. Or you can use one (for example,
cpe_db_user1 ) for the GCD database and one for the object
stores (for example, cpe_db_user2 .
cpe_db_user must be a SQL Server account. It does not have to
be an account in the configured directory service.
Use your database tools to grant each cpe_db_user at least the
following database access permissions:
v db_datawriter
v db_datareader
v db_ddladmin
v public
Add these accounts to SQL Server's master database and grant
the public role to each. When you perform the procedure
described in the section on Configuring the JDBC distributed
transaction components, these accounts will also be granted the
SqlJDBCXAUser role.

Preparing Microsoft SQL Server

Plan the SQL Server installation and configuration, install the software, and
requirements.
Microsoft SQL Server database planning
Determine whether Microsoft SQL Server database components are dedicated to
individual FileNet P8 components or shared components after you review the
requirements
Verifying that Microsoft SQL Server is ready for FileNet P8 on page 76
To prepare your databases before installing FileNet P8, you must install the
SQL Server software and configure the database components for your
installation.
Microsoft SQL Server database planning:
Determine whether Microsoft SQL Server database components are dedicated to

individual FileNet P8 components or shared components after you review the
requirements

In a shared configuration, multiple FileNet P8 components can store their data in a
single database. Most components allow for data to be collocated. However, it is
recommended to keep some in dedicated databases:
v The global configuration database: it is recommended not share this database.
v Object stores and their workflow system data, which is part of a single
application family can be collocated given the factors that are listed in the
following paragraph.
v Rendition Engine data
v IBM Content Navigator configuration data: sharing the IBM Content Navigator
database with the global configuration database is not supported.
When you decide about whether to share a database for multiple components,
consider the following factors:
v Database backup/recovery requirements allow for the data in a single database
to be backed up and recovered together.
v Database security allows for collocation of data.
v Sharing of a database might allow for more efficient usage of database resources
like database connections.
| Important: READ_COMMITTED_SNAPSHOT is required for the database where

| the Content Platform Engine schema is installed. To enable
| READ_COMMITTED_SNAPSHOT for the object store, see the instructions in
| Creating a Microsoft SQL Server database for an object store.
The file groups in the database can optionally be shared.
For SQL Server database requirements for Rendition Engine, see the IBM FileNet
Rendition Engine Installation and Upgrade Guide.
Verifying that Microsoft SQL Server is ready for FileNet P8:
To prepare your databases before installing FileNet P8, you must install the SQL
Server software and configure the database components for your installation.
Installing and configuring Microsoft SQL Server
Install and configure SQL Server software and create one or more instances.
Creating a Microsoft SQL Server database for the Content Platform Engine
GCD on page 77
Create a database for the Content Platform Engine global configuration
database (GCD) on Microsoft SQL Server.
Creating a Microsoft SQL Server database for an object store on page 78
Create a Microsoft SQL Server database for an object store.
Enabling XA transactions on page 80
Configure the Windows server to enable XA transactions.
Reducing deadlock errors in Microsoft SQL Server on page 81
High Microsoft SQL Server concurrency causes transaction deadlock errors
because writers block access, by readers, to database resources. You can reduce
the likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option
for your database.
Installing and configuring Microsoft SQL Server:
Install and configure SQL Server software and create one or more instances.

Create and configure one or more database instances for use by FileNet P8
components based on these requirements.
1. Create one or more instances for use by FileNet P8 software or verify that such
instances exist.
2. If you create an instance, indicate an appropriate name based on which
databases will use the instance.
3. Verify that the authentication mode is Mixed Mode.
4. Select the database collation settings: Choose one of the following from the
collation options:
v Dictionary order, case-insensitive, for use with 1252 Character Set (or any
case-insensitive SQL Server collation). Case-insensitive collation is the
Microsoft default and the setting most used in FileNet P8 environments
(because it offers search results without regard to character case).
v Dictionary order, case sensitive, for use with 1252 Character Set (or any
case-sensitive SQL Server collation). Select case-sensitive SQL Server collation
only if your site requires (and will continue to require) searches that must
differentiate uppercase from lowercase characters. If you plan to use the
Content Platform Engine with CFS/IS, you must configure case sensitive.
The FileNet Image Services database is configured as case sensitive and the
Content Platform Engine database must match.
Important: Select your SQL Server collation setting carefully. If you want to
switch from case-sensitive to case-insensitive collation after significant user
activity, switching collation settings after installation can be difficult and
time-consuming. If you have a case-sensitive database and you want to perform
a case-insensitive search (programmatically or otherwise), you might encounter
serious performance degradation on SQL Server because the database cannot
use column, or property, indexes in these cases.
5. See IBM FileNet P8 system requirements for required operating system and
database patch sets and service packs. Verify that the required service pack is
installed before proceeding.
6. Record the values for the database server name and database port number in
your customized Installation and Upgrade Worksheet.
To find these properties, set the Autofilter for Column E Installation or

Configuration Program for CM: Configure Object Store JDBC Data Sources
(object store 1) or CM: Configure GCD JDBC Data Sources. Then set the
Autofilter for Column D ISV Component Vendor to SQL Server. If your
customized worksheet shows more than one object store, create and provide
values for all of them.
Creating a Microsoft SQL Server database for the Content Platform Engine GCD:
Create a database for the Content Platform Engine global configuration database
(GCD) on Microsoft SQL Server.
Do not share the database that is used for the GCD with object stores or IBM
Content Navigator configuration data.
1. Create the database with a minimum size of 100 MB. In Microsoft SQL Server,
the PRIMARY file group holds the database system objects. Create an extra file
group and designate it as the default file group to hold the FileNet P8 tables.

Record the values for the Database name, the Database port number, and the
file group name in your customized Installation and Upgrade Worksheet. To
find these properties, set the Autofilter for Column E Installation or
Configuration Program for CM: Configure GCD JDBC Data Sources. Then,
set the Autofilter for Column D ISV Component Vendor to SQL Server.
2. READ_COMMITTED_SNAPSHOT must be enabled for the GCD. Run the
following command:
ALTER DATABASE mydbname SET READ_COMMITTED_SNAPSHOT ON
| Important: The user who runs the command must be the only user who is
| connected to the database when this command is run. For more information,
| see the Microsoft SQL Server documentation that was provided with your
| database.
Creating a Microsoft SQL Server database for an object store:
Create a Microsoft SQL Server database for an object store.
| If you want to add a workflow system to an object store that does not already
| have one, the workflow system can use the file groups that are used by the object
| store. Alternatively, you can create new file groups for the workflow system,
| according to the rules on file group names and minimum sizes that are
| documented here.
1. Use your Database tools to create a database for an object store. In Microsoft
SQL Server, the PRIMARY file group holds the database system objects. Create
an extra file group and designate it as the default file group to hold the FileNet
P8 tables.
Table 13. File group names and minimum sizes
File group Name Minimum Size (MB) Description
data 400 The default name of the data
file group that is used
byContent Platform Engine.
Record this value in your

customized Installation and
Upgrade Worksheet. To find
this property, use the
Autofilter down arrow in
Column F, Property or
Parameter (in user interface),
to select Data tablespace
name.

Table 13. File group names and minimum sizes (continued)
File group Name Minimum Size (MB) Description
index (optional) 300 The default name of the
optional default index file
group that is used by
Content Platform Engine. If
you do not create an index
file group, the data file group
is used for indexes.

to select Index tablespace
name.
lob (optional) 300 The default name of the
optional default LOB file
group that is used by
Content Platform Engine. If
you do not create a LOB file
group, the data file group is
used for LOB data.

to select LOB tablespace
name.
temp 160 The default temporary file
group, which is required for
Content Platform Engine use.
2. READ_COMMITTED_SNAPSHOT must be enabled for the object store

database. Run the following command:
ALTER DATABASE mydbname SET READ_COMMITTED_SNAPSHOT ON
| Important: The user who runs the command must be the only user who is
| connected to the database when this command is run. For more information,
| see the Microsoft SQL Server documentation that was provided with your
| database.
3.
Record the values for the database name, the database port number, and the
file group names in your customized Installation and Upgrade Worksheet. To

(object store 1). Then, set the Autofilter for Column DISV Component Vendor
to SQL Server. If your customized worksheet shows more than one object
store, create and provide values for all of them.
Enabling XA transactions:
Perform these steps on every Microsoft SQL Server that will contain a Content
Platform Engine database.
1. Download the Microsoft SQL Server JDBC Driver that is referenced in IBM
FileNet P8 system requirements for Content Platform Engine SQL Server
databases.
Tip: Installation procedures for JDBC settings can vary by release. See the
Microsoft website for full details.
2. Copy the sqljdbc_xa.dll from the JDBC installation directory to the binn
folder of the instance, although a pre-2.0 version of the driver also functions
correctly from the tools\binn folder. For the 32-bit version of Microsoft SQL
Server , use the sqljdbc_xa.dll file in the x86 folder. For the 64-bit version of
Microsoft SQL Server, use the sqljdbc_xa.dll file in the x64 folder.
3. Log on as the sa administrator or as a user with equivalent permissions and
execute the database script xa_install.sql on the master database on every SQL
Server instance that will participate in distributed transactions.
Important: Use SQL Server database credentials, not Windows credentials, to

log on. Windows Integrated Logon to SQL Server is not supported with IBM
FileNet P8.
This script installs sqljdbc_xa.dll as an extended stored procedure and creates
the SqlJDBCXAUser role in the Master database.
4. Add each database account (cpe_db_user) that Content Platform Engine uses to
access SQL Server to the SqlJDBCXAUser role. This action grants permissions
to those accounts to participate in distributed transactions with the JDBC
driver.
5. From Control Panel, open Administrative Tools, and then open Component
Services.
6. Expand Component Services, right-click My Computer, and then select
Properties.
7. Expand Distributed Transaction Coordinator and right-click Local DTC.
8. Click the MSDTC tab, and then click Security Configuration.
9. Select the Enable XA Transactions check box, and then click OK to restart the
Microsoft DTC service.
10. Click OK again to close the Properties dialog box, and then close Component
Services.
11. Stop and then restart the Microsoft SQL Server.

Reducing deadlock errors in Microsoft SQL Server:
High Microsoft SQL Server concurrency causes transaction deadlock errors because
writers block access, by readers, to database resources. You can reduce the
likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option for your
database.
To reduce deadlock errors in a Microsoft SQL Server database:

1. Shut down all the servers and clients that can connect to your database
(dbName), and make sure that there are no other connections to Microsoft SQL
Server.
2. Connect to Microsoft SQL Server and issue the following SQL command to
determine whether snapshot isolation is enabled for dbName:
SELECT name, is_read_committed_snapshot_on FROM sys.databases
where name=dbName
If snapshot isolation is enabled for dbName, skip the remainder of this

procedure.
3. Issue the following command to enable snapshot isolation for dbName:
ALTER DATABASE dbName SET READ_COMMITTED_SNAPSHOT ON
4. Restart Microsoft SQL Server and issue the following SQL command to confirm
that the Snapshot Isolation setting is in effect for dbName:
where name=dbName
Preparing Oracle server

Plan the Oracle installation and configuration, install the software, and configure
database components for FileNet P8 components after reviewing the requirements.
Oracle database planning
Determine whether Oracle database components will be dedicated to individual
FileNet P8 components or shared and review other Oracle database
requirements.
Verifying that Oracle server is installed for FileNet P8 on page 82
To prepare your database before installing FileNet P8, you must install the
Oracle software and configure the database components for your installation.
Oracle database planning:
Determine whether Oracle database components will be dedicated to individual

FileNet P8 components or shared and review other Oracle database requirements.

single database. Most components allow for data to be collocated. However, the
best practice is to keep some in dedicated table spaces:
v The global configuration database: it is best practice to not share this table space.
v Object stores and their workflow system data although those part of a single
application family can be collocated given the factors listed below. If you
configure object stores in separate databases, you have more flexibility and
control with security access, backup scheduling and execution, updates, and
scheduled outages.

v IBM Content Navigator configuration data: Using the same table space for the
IBM Content Navigator configuration data and the global configuration database
(GCD) is not supported.
When you make the decision about whether to share a database for multiple
components, consider the following factors:
v Database backup/recovery requirements should allow for the data that resides
in a single database to be backed up and recovered together.
v Database security should allow for collocation of data.
For an Oracle database to be used by Rendition Engine, see the IBM FileNet
Rendition Engine Installation and Upgrade Guide.
Make sure the machine hosting the database satisfies all preinstallation
requirements specified in the Oracle installation documentation.
Refer toIBM FileNet P8 system requirements for required operating system and
database patch sets, and service packs. The Oracle patches are available at the
Oracle website. The Oracle patch installation procedure might be less complicated
if you do it before you create any databases.
Content Platform Engine supports the Oracle Advanced Security functionality of

secure data transfer across network protocol boundaries.
Plan to use locally managed table spaces. For performance reasons, IBM
recommends that you create locally managed, rather than dictionary managed,
table spaces. (The table spaces you create via Oracle Database assistant (dbca) are
locally managed by default.)
There are no requirements to install Oracle client software on the Content Platform
Engine if the database is remote.
Verifying that Oracle server is installed for FileNet P8:
To prepare your database before installing FileNet P8, you must install the Oracle
software and configure the database components for your installation.
Installing an Oracle database engine and creating databases on page 83
Install the Oracle software and configure the database server. Create one or
more databases, depending on whether one or more FileNet P8 components
will share the database.
Creating an Oracle table space for the Content Platform Engine GCD on page
84
Create a table space for the Content Platform Engine global configuration
database on Oracle.
Creating Oracle table spaces for a Content Platform Engine object store on
page 84
Create Oracle table spaces for a Content Platform Engine object store.
Configuring automatic transaction recovery on page 86
In a distributed database environment, Oracle MTS Recovery Service
(automatically installed with Oracle Services for Microsoft Transaction Server)
can resolve in-doubt transactions on the computer that started the failed
transaction.

Installing an Oracle database engine and creating databases:
Install the Oracle software and configure the database server. Create one or more
databases, depending on whether one or more FileNet P8 components will share
the database.
The following procedure shows the minimal choices (specific to the needs of
Content Platform Engine) for installing a database engine. Consult Oracle
installation documentation for complete preinstallation requirements and
instructions.
To install an Oracle database engine:

1. Choose the following from the list of available product components:
v Oracle Server
v Oracle Net Services
Oracle Net Listener
v Oracle Development Kit
Oracle Call Interface (OCI)
v Oracle Documentation (recommended)
2. Transaction Processing (also known as OLTP) is the required configuration
type.
3. Start the listener and the Oracle database service/processes if they have not
started automatically.
4. Create one or more databases, depending on whether one or more FileNet P8
components will share the database.
FileNet P8 requires the following settings for Oracle databases:
Database configuration type
Transaction Processing (also known as OLTP) is the required
configuration type.
Server process type
Dedicated Server Mode
Database character set
Set the regular character set to AL32UTF8. It is not required to set the
national character set (NLS_NCHAR_CHARACTERSET) to a specific
value. You can take the default.
Collating sequence for ORDER BY queries
Set the collating sequence for ORDER BY queries (NLS_SORT) to
BINARY.
Collation behavior of the database session
Set the collation behavior of the database session (NLS_COMP) to
BINARY.
Record the values for the Database server name, Database name, and the
Database port number in your customized Installation and Upgrade Worksheet.
To find these properties, set the Autofilter for Column E Installation or
Configuration Program for CM: Configure GCD JDBC Data Sources. Then set
the Autofilter for Column D ISV Component Vendor to Oracle. In addition, set
the Database server name, Database name, and the Database port number for
the CM: Configure Object Store JDBC Data Sources.

Creating an Oracle table space for the Content Platform Engine GCD:
Create a table space for the Content Platform Engine global configuration database
on Oracle.
At least two Oracle table spaces must be created for the Content Platform Engine.
One table space is needed for the global configuration database user and one for a
single object store user. Do not share the database user for the GCD with the object
store database user or with the IBM Content Navigator.
1. Create a user (cpe_db_user), password, and default table space in the Oracle
database for the global configuration database (GCD). See Creating Content
Platform Engine database accounts for information about the user and required
permissions.
2. Table space names must contain only alphanumeric and underscore characters.
Names must start with an alphabetic character and must be at most 30
characters long. For performance reasons, specify locally managed, instead of
dictionary managed, table spaces. (The table spaces you create with Oracle
Enterprise Manager are locally managed by default.)
The following table shows the recommended minimum sizes of the permanent
and temporary table spaces for the GCD. (The table space names shown in the
table are arbitrary.)
Table 14. Recommended table sizes for the GCD table spaces
Table space Name Table space Type Minimum Size Description
gcd Permanent 100 MB Permanent table
space for the GCD
tempgcd Temporary 2 GB Temporary table
space for the GCD
3.
Record the values for the Database user name, the Database password, and the
table space names in your customized Installation and Upgrade Worksheet. To
Configuration Program for CM: Configure GCD JDBC Data Sources. Then set
the Autofilter for Column D ISV Component Vendor to Oracle.
Creating Oracle table spaces for a Content Platform Engine object store:
Create Oracle table spaces for a Content Platform Engine object store.
Use your database tools to create table spaces for an object store. Do not share the
database user for the GCD with the object store database user.
| have one, the workflow system can use the table spaces that are used by the object
| store. Alternatively, you can create new table spaces for the workflow system,
| according to the rules on table space types and minimum sizes that are
| documented here.
1. Create a user (cpe_db_user), password, and default table space in the Oracle
database for an object store that Content Platform Engine will access. See
Creating Content Platform Engine database accounts for information about the
user and required permissions.

2. Create the required and any optional table spaces for a Content Platform
Engine object store. Note that the index and LOB table spaces are optional.
Table space names used by Content Platform Engine must contain only
alphanumeric and underscore characters. Names must start with an alphabetic
character and must be at most 30 characters long.
For performance reasons, specify locally managed, instead of dictionary
managed, table spaces. (The table spaces you create via Oracle Enterprise
Manager are locally managed by default.)
The following table shows the recommended table space names, types, and
minimum sizes:
Table 15. Recommended table space names, types, and minimum sizes
Table space Name Table space Type Minimum Size (MB) Description
data_ts Permanent 400 This is the default
name of the data
table space used by
Content Platform
Engine.
Record this value in

your customized
Installation and
Upgrade Worksheet.
To find this property,
use the Autofilter
drop-down arrow in
Column F, Property
or Parameter (in user
interface), to select
Data table space
name.
index_ts (optional) Permanent 300 This is the default
name of the optional
default index table
space used by
Content Platform
Engine. If you do not
create an index table
space, the data table
space will be used for
indexes.

your customized
Installation and
Upgrade Worksheet.
use the Autofilter
drop-down arrow in
Column F, Property
Index table space
name.

Table 15. Recommended table space names, types, and minimum sizes (continued)
Table space Name Table space Type Minimum Size (MB) Description
lob_ts (optional) Permanent 300 This is the default
name of the optional
default LOB table
space used by
Content Platform
Engine. If you do not
create a LOB table
space, the data table
space will be used for
LOB data.

your customized
Installation and
Upgrade Worksheet.
use the Autofilter
drop-down arrow in
Column F, Property
LOB table space
name.
temp_ts Temporary 2 GB This is the default
temporary table
space, required for
Content Platform
Engine use.
3.
Record the values for the Database user name, the Database password, and the
table space names in your customized Installation and Upgrade Worksheet. To
(object store 1). Then set the Autofilter for Column D ISV Component Vendor
to Oracle . If your customized worksheet shows more than one object store,
create and provide values for all of them.
Configuring automatic transaction recovery:
In a distributed database environment, Oracle MTS Recovery Service

(automatically installed with Oracle Services for Microsoft Transaction Server) can
resolve in-doubt transactions on the computer that started the failed transaction.
v Enable automatic transaction recovery by performing the tasks shown in the
section on Scheduling Automatic Microsoft Transaction Server Recovery in the
Oracle Services for Microsoft Transaction Server Developer's Guide (Oracle Part
Number A95496-01).

v If you are using an Oracle Fail Safe configuration, perform the procedure shown
in the section on Modifying Registry Values for Oracle Fail Safe Configurations
in the Oracle Services for Microsoft Transaction Server Developer's Guide (Oracle Part
Number A95496-01).
Preparing DB2 for z/OS servers

Plan the DB2 for z/OS installation and configuration, install the software, and
configure database components.
DB2 for z/OS planning considerations

best practice is to keep some in dedicated databases:
v The global configuration database (GCD): it is best practice to not share this
database.
scheduled outages.
v Because schema names have global visibility within a DB2 for z/OS server,
make sure to use a separate schema name for every object store that is created
on your server. This is necessary even when the schemas reside in different
databases within a shared DB2 for z/OS server.
The database must be remote.
The DB2 for z/OS database must be remote from Content Platform Engine.
Use System Managed Storage (SMS).
Configure system managed storage for Content Platform Engine databases.
Use UTF-8 collation
Use UTF-8 collation settings by configuring CCSID UNICODE.
Add SDSNLOD2 into the LNKLST.
The SDSNLOD2 library must be added into the LNKLST.
Use TCP/IP as the default protocol.
Set TCP/IP as the default network protocol.
Determine the maximum size of the content elements your users store.
Determine the maximum size of the content elements your users store. The
size affects setting up database storage areas or file storage areas. When
you create an object store, a database storage area is provided by default,
allowing you to store content as database BLOBs. You can also create one
or more file storage areas to store content on local or remote file systems. If

your users store large individual documents or other content elements, use
only file storage areas. Otherwise, users can encounter memory-related
errors when retrieving or indexing the large content.
Important: Controlled tests with limited concurrency exhibited errors

when run with files that were 300 MB or larger. Factors affecting this
file-size limitation include driver and application server memory demands,
other activity such as concurrent retrieval or indexing of large content, and
JVM memory allocations.
Set CACHE DYNAMIC SQL for Content Platform Engine
The CACHEDYN subsystem parameter on the DSNTIP8 panel controls
whether prepared, dynamic SQL statements are to be cached. Content
Platform Engine requires that this parameter be set to YES for proper
metadata authoring to occur.
Set performance and optimization parameters for Content Platform Engine
Set both of the following parameters, also on the DSNTIP8 panel, to YES:
SKIP UNCOMMITTED INSERTS (SKIPUNCI) and EVALUATE
UNCOMMITTED (EVALUNC).
Features not supported.
In this regard:
v There is no support for partitioned databases or databases created with
the RESTRICTIVE clause (or, from the Control Center, with Restrict
access to system catalogs selected in the Create Database Wizard).
v Parallelism is not supported. Set CDSSRDEF=1 to disable it.
Verifying that DB2 for z/OS server is installed for FileNet P8
Plan the DB2 for z/OS installation and configuration. Some rules apply to
sharing of instances and databases.
Verifying that DB2 for z/OS server is installed for FileNet P8:
Plan the DB2 for z/OS installation and configuration. Some rules apply to sharing
of instances and databases.
Record the values for the following settings as you work through the database
installation. This information must be entered during subsequent installation and
configuration of Content Platform Engine. Be aware that DB2 for z/OS allows only
alphanumeric characters.
v DB2 Server name. Record both the TCP/IP address and the fully qualified
domain name.
v Content Platform Engine dedicated database names
v DB2 instance name
v DB2 instance port numbers
v User IDs and passwords for Content Platform Engine DB2 users (operating
system users who have been granted permissions on the database)
Creating and updating the DB2 for z/OS databases for Content Platform
Engine on page 89
At least two DB2 for z/OS databases are required to install Content Platform
Engine.
Installing the DB2 for z/OS license and modifying the classpath for Content
Platform Engine on page 89
Install the DB2 for z/OS license file on the Content Platform Engine server and
add it to the classpath.

Creating and updating the DB2 for z/OS databases for Content Platform Engine:
At least two DB2 for z/OS databases are required to install Content Platform
Engine.
| have one, the workflow system can use the database that is used by the object
| store. Alternatively, you can create a new database for the workflow system,
| according to the rules on page size that are documented here.
1. Use your database tools to create two DB2 for z/OS databases: one for the
Content Platform Engine GCD, one for a single Content Platform Engine object
store. All must have 32 KB page sizes.
2. Record the values for the Content Platform Engine GCD database in your
customized Installation and Upgrade Worksheet. To find these properties, set
the Autofilter for Column E Installation or Configuration Program for CM:
Configure GCD JDBC Data Sources. Then set the Autofilter for Column D ISV
Component Vendor to DB2 for z/OS.
3. Record the values for the Content Platform Engine object store database in
your customized Installation and Upgrade Worksheet. To find these properties,
set the Autofilter for Column E Installation or Configuration Program for
CM: Configure Object Store JDBC Data Sources (object store 1). The Autofilter
for Column D ISV Component Vendor should still be set to DB2 for z/OS. If
it is not, then set it to that value.
Installing the DB2 for z/OS license and modifying the classpath for Content Platform
Engine:
Install the DB2 for z/OS license file on the Content Platform Engine server and
add it to the classpath.
Install the license jar in the same location as the JDBC driver jar
(db2jcc_license_cisuz.jar).
Install the license file and modify the environment classpath.
Preparing the DB2 for Linux, UNIX and Windows server

Plan and prepare your IBM DB2 for Linux, UNIX and Windows server for FileNet
P8 installation.
DB2 for Linux, UNIX and Windows database planning
Determine whether IBM DB2 for Linux, UNIX and Windows database
components will be dedicated to individual FileNet P8 components or shared
and review other IBM DB2 for Linux, UNIX and Windows database
requirements.
Verifying that DB2 for Linux, UNIX and Windows is installed for FileNet P8
on page 91
To prepare your DB2 for Linux, UNIX and Windows databases before installing
FileNet P8, you must install the DB2 for Linux, UNIX and Windows software
and configure the database components for your installation.
DB2 for Linux, UNIX and Windows database planning:
Determine whether IBM DB2 for Linux, UNIX and Windows database components
will be dedicated to individual FileNet P8 components or shared and review other
IBM DB2 for Linux, UNIX and Windows database requirements.

best practice is to keep some in dedicated databases:
v The global configuration database: it is best practice to not share this database.
scheduled outages.
DB2 for Linux, UNIX and Windows version 9.7 is required for workflow system
data to support GB18030 character sets.
IBM FileNet P8 does not support partitioned DB2 databases or databases created
with the RESTRICTIVE clause (or, from the Control Center, with Restrict access to
system catalogs selected in the Create Database Wizard).
Plan to use automatic storage for table spaces. For performance reasons, IBM
recommends that you create table spaces using automatic storage, rather than
database managed or system managed table spaces.
Plan to use SERVER authentication.
Set the DB2 codeset to UTF-8.
Set the page size to 32 KB.
Determine the maximum size of the content elements your users store. The size
affects setting up database storage areas or file storage areas. When you create an
object store, a database storage area is provided by default, allowing you to store
content as database BLOBs. You can also create one or more file storage areas to
store content on local or remote file systems. If your users store large individual
documents or other content elements, use only file storage areas. Otherwise, users
can encounter memory-related errors when retrieving or indexing the large
content.
Important: Controlled tests with limited concurrency exhibited errors when run
with files that were 300 MB or larger. Factors affecting this file-size limitation
include driver and application server memory demands, other activity such as
concurrent retrieval or indexing of large content, and JVM memory allocations.

Verifying that DB2 for Linux, UNIX and Windows is installed for FileNet P8:
To prepare your DB2 for Linux, UNIX and Windows databases before installing
FileNet P8, you must install the DB2 for Linux, UNIX and Windows software and
configure the database components for your installation.
Installing DB2 for Linux, UNIX and Windows and creating DB2 instances
Create DB2 for Linux, UNIX and Windows instances for Content Platform
Engine.
Creating the DB2 database and table space for the Content Platform Engine
GCD on page 92
Create a database and table space for the Content Platform Engine global
configuration database on DB2 for Linux, UNIX and Windows.
Creating the DB2 database and table spaces for a Content Platform Engine
object store on page 92
Create a database and table spaces for a Content Platform Engine object store
on DB2 for Linux, UNIX and Windows. Each additional object store will require
an additional table space and a unique table space user.
Installing DB2 for Linux, UNIX and Windows and creating DB2 instances:
Create DB2 for Linux, UNIX and Windows instances for Content Platform Engine.
To install DB2 for Linux, UNIX and Windows and create DB2 instances:
1. Install the IBM DB2 for Linux, UNIX and Windows software. Make note of the
TCP/IP port number assigned to the instance or instances. The port number
assigned can be found in the /etc/services file, associated with the DB2
instance(s) just created. After a successful installation, the DB2 instance should
be up and running.
2. Refer to the IBM FileNet P8 system requirements for required operating-system
and database patch sets, and service packs.
3. Set TCP/IP as the default protocol.
4. Set or verify the following parameter settings by entering the following
command in the DB2 command-line processor:
DB2 for Linux, UNIX and Windows version 9.7
db2set DB2_WORKLOAD=FILENET_CM
db2set DB2_MINIMIZE_LISTPREFETCH=ON
db2set DB2_OPTPROFILE=ON
DB2 for Linux, UNIX and Windows version 9.7 Fix Pack 8 or later:
Set CUR_COMMIT=ON
| DB2 for Linux, UNIX and Windows version 10.5 or later:

| db2set DB2_WORKLOAD=FILENET_CM
| Set CUR_COMMIT=ON
5. Connect to your object store databases by entering the following command:
db2 connect to db_name user user_name using password
where
v db_name is the name of your object store database
v user_name is the user ID used to access the object store database
v password is the password for the user ID used to to access the object store
database
Issue the following command:
db2 update db cfg using cur_commit ON
| 6. After making these changes, stop and restart the database using db2stop and
| db2start.
Creating the DB2 database and table space for the Content Platform Engine GCD:
Create a database and table space for the Content Platform Engine global
configuration database on DB2 for Linux, UNIX and Windows.
v Do not share the database used for the GCD with object stores or IBM Content
Navigator configuration data.
v The database name needs to be unique and from 1 to 8 characters long. The
table space name must be at most 18 characters long.
v Drop the default user [regular] table space - USERSPACE1 after creating the
database.
v Update the following configuration parameter. Set the value, minimally, to the
value indicated here:
APPLHEAPSZ 2560
1. Create the table space for the GCD. The following table shows the
recommended minimum size for the table space for the GCD.
Minimum Page Size

Content Platform Engine table space Minimum Size (MB) (KB)
GCD_ts 256 32 (required)
Configure as LARGE type and

automatic storage.
2.
Record the values for the Database user name and the Database password in
your customized Installation and Upgrade Worksheet. To find these properties,
set the Autofilter for Column E Installation or Configuration Program for CM:
Configure GCD JDBC Data Sources. Then set the Autofilter for Column D
ISV Component Vendor to Oracle.
Creating the DB2 database and table spaces for a Content Platform Engine object store:
Create a database and table spaces for a Content Platform Engine object store on
DB2 for Linux, UNIX and Windows. Each additional object store will require an
additional table space and a unique table space user.

v Do not share the database used for the GCD with object stores or IBM Content
Navigator configuration data.
v The database name needs to be unique and from 1 to 8 characters long. The
table space name must be at most 18 characters long.
v Drop the default user [regular] table space - USERSPACE1 after creating the
database.
v Update the following configuration parameter. Set the value, minimally, to the
value indicated here:
APPLHEAPSZ 2560
| have one, the workflow system can use the table spaces that are used by the object
| store. Alternatively, you can create new table spaces for the workflow system,
| according to the rules on table space types and minimum sizes that are
| documented here.
If you are creating a table space for a new object store on an existing system,
define the new table space with the same table space type and storage method
used for existing object store table spaces.
The following table shows the recommended table space names, types, and
minimum sizes:
Table 16. Recommended table space names, types, and minimum sizes
Minimum Size Minimum Page
table spaces (MB) Size (KB) Description
data_ts 768 32 (required) This is the
default name of
Configure as LARGE type and the data table
automatic storage. space used by
Content Platform
Engine.
Record this value

in your
customized
Installation and
Upgrade
Worksheet. To
find this property,
use the Autofilter
drop-down arrow
in Column F,
Property or
Parameter (in
user interface), to
select Data table
space name.

index_ts 512 32 (required) This is the
default name of
(optional) the optional
default index
Configure as LARGE type and table space used
automatic storage. by Content
Platform Engine.
If you do not
create an index
table space, the
data table space
will be used for
indexes.
Record this value

in your
customized
Installation and
Upgrade
Worksheet. To
find this property,
use the Autofilter
drop-down arrow
in Column F,
Property or
Parameter (in
user interface), to
select Index table
space name.

lob_ts 512 32 (required) This is the
default name of
(optional ) the optional
default LOB table
Configure as LARGE type and space used by
automatic storage. Content Platform
Engine. If you do
not create a LOB
table space, the
data table space
will be used for
LOB data.
Record this value

in your
customized
Installation and
Upgrade
Worksheet. To
find this property,
use the Autofilter
drop-down arrow
in Column F,
Property or
Parameter (in
user interface), to
select LOB table
space name.
user temporary ts 80 32 (required) This is the
default user
temporary table
space, required
for Content
Platform Engine
use.
system temporary ts 80 32 (required) This is the
default system
temporary table
space, required
for Content
Platform Engine
use.
Application Server administrator installation tasks

FileNet P8, including planning deployment, creating administrative accounts, and
configuring JDBC drivers for Content Platform Engine.
Content Platform Engine, IBM FileNet Workplace XT, and Application Engine are
Java EE application server-based applications. You must install these applications
in a homogeneous Java EE environment in which all of your application servers
and their version numbers are identical.

If a user application is required for your system and you have not built or
customized one using the FileNet P8 API toolkits, you can install one of the
following general user interfaces:
v Workplace XT
v Application Engine / Workplace
v IBM Content Navigator
Even if you have your own customized application, it is a best practice to install
one of these applications for testing and support purposes. The applications must
use Enterprise Java Bean (EJB) transport.
If the application server where you are deploying Content Platform Engine is
running on most 64-bit JVMs, it is a best practice to create no more than 150 object
stores. However, if sufficient system and database resources are available, IBM
WebSphere Application Server 7.0 or higher with the 64-bit IBM JVM and
WebSphere Compressed Reference Technology supports up to 500 object stores.
Content Platform Engine is a resource-intensive enterprise application. Running

Content Platform Engine and other Java EE applications on the same machine is
possible but not a best practice. Other Java EE applications will compete with
Content Platform Engine for the same CPU, memory, and disk I/O resources, and
increase the complexity of the installation and the risk of the deployment, because
configurations will not match what has been qualified by FileNet P8 Engineering.
Although you might need to host Content Platform Engine and other applications
on the same machine, it is preferable to host Content Platform Engine on its own
machine or logical partition. If an architecture requires Content Platform Engine
and a non-P8 Java EE application to be on the same machine, be sure to
thoroughly test the configuration in your integration environment before deploying
them into production.
If you are installing in a non-English environment, review the considerations and

procedures in Appendix A, Preparing non-English environments for installing
FileNet P8, on page 163 before you begin your preparation tasks.
Review all rows assigned to the Application Server Administrator (ASA) in the
Installation and Upgrade Worksheet. While you complete the following preparation
tasks, provide values for the rows that are appropriate to your installation.
the worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties that are assigned to a particular Role:
ASA.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any of
the other columns and selecting a value or clear a filter by selecting (All).
Creating application server accounts on page 97
Create new or designate existing application server accounts.
Configuring WebSphere for Content Platform Engine on page 99
You must prepare IBM WebSphere Application Server before you install
Content Platform Engine. You must create a WebSphere profile for the Content
Platform Engine application and set the environment variables for the database
connection.

Configuring WebLogic Server for Content Platform Engine on page 104
You need to configure WebLogic Server after installing it on the machine where
you are going to install and deploy Content Platform Engine.
Configuring JBoss Application Server for Content Platform Engine on page
108
JBoss Application Server requires some configurations before you install
Configuring application servers (high availability environments) on page 111
You must configure application servers for high availability.
Configuring WebSphere Application Server for IBM Content Navigator on
page 112
You must install WebSphere Application Server on the machine where you are
going to install and deploy IBM Content Navigator.
Configuring WebLogic Server for IBM Content Navigator on page 112
You must install WebLogic Server on the machine where you are going to
install and deploy IBM Content Navigator.
Configuring WebSphere Application Server for Application Engine or
Workplace XT on page 112
going to install and deploy Application Engine or Workplace XT.
Configuring WebLogic Server for Application Engine or Workplace XT on
page 113
You must install Oracle WebLogic Server on the machine where you are going
to install and deploy Application Engine or Workplace XT.
Configuring JBoss Application Server for Application Engine or Workplace
XT on page 114
You must install JBoss Application Server on the machine where you are going
to install and deploy Application Engine or Workplace XT.
Starting or stopping an application server instance on page 114
You need to be able to start or stop an application server instance when
working with Content Platform Engine.
Resolving the names of existing data sources on page 114
You must create data sources for the global configuration database and your
object store databases. Configuration Manager does not create a new data
source with the same name as that of an existing data source. If you want to
reuse a data source name, you must resolve data source naming conflicts before
using Configuration Manager to configure the JDBC data sources.
Application Engine/Workplace XT in a highly available environment on page
115
You can install and configure Application Engine/Workplace XT in a highly
available FileNet P8 environment to provide access to the FileNet P8 content on
the corresponding Application Engine/Workplace XT Web application.
Accessing the documentation on page 117
The base documentation URL identifies the server where the IBM FileNet P8
documentation is located. You must decide whether you want to access the
online documentation in IBM Knowledge Center or a locally installed
information center.
Creating application server accounts

Create new or designate existing application server accounts.

variable.
Creating the application server administrator
An application server administrator used while configuring Content Platform
Engine.
Creating the application server administrator:

Engine.
1. Create the following application server account:
Unique identifier
appserver_admin
Description
In Configuration Manager, when you run the Set
Properties for WebSphere Application Server task, enter
the credentials of the appserver_admin account in the
field labeled Application server administrator user
name. Configuration Manager uses the appserver_admin
account to run configuration tasks.
WebSphere administrative security is enabled
You have two options for creating the
appserver_admin user account. You can use the
local file-based account usually defined while
creating the WebSphere profile. Or, you can use
WebSphere tools to grant administrative rights
to an LDAP account and optionally remove the
file-based account created earlier.
The appserver_admin user account must have
WebSphere administrator permissions
throughout the Content Platform Engine
installation process. Afterwards, you can reduce
the account to a lesser role, such as
Configurator.
WebSphere administrative security is not enabled
If you decide not to enable WebSphere
administrative security during profile creation,
then no special credentials are required to log
in to the WebSphere administrative console.
You can enter any string into the Configuration

Manager field labeled Application server
administrator user name. However, remember
that to run Content Platform Engine,
WebSphere administrative security must be
enabled. When you do enable it and the
WebSphere administrative console requests an
account to use as the administrative user, enter
the appserver_admin.
Oracle WebLogic Server
Properties for Oracle WebLogic Server task, enter the
credentials of the appserver_admin account in the field
labeled Application server administrator user name.
Configuration Manager uses the appserver_admin
This user is defined when you create a new WebLogic
domain. The WebLogic Configuration wizard requires
you to enter the Administrator user name and
password. This user is created as an internal WebLogic
application, file-based account. (It is not an LDAP or
operating system account.) Use the appserver_admin
account to log in to the Oracle WebLogic Server
administration console.
JBoss Content Platform Engine does not require a JBoss
administrative account.

To find this property, search the worksheet for instances of appserver_admin.
Configuring WebSphere for Content Platform Engine

You must prepare IBM WebSphere Application Server before you install Content
Platform Engine. You must create a WebSphere profile for the Content Platform
Engine application and set the environment variables for the database connection.
Content Platform Engine is an enterprise application running on a Java application

server and should be made highly available in a high availability environment. In
this configuration, an administrative server manages a number of application
server instances. Applications and configuration changes are implemented by using
an administrative server/interface and sent to each cluster node. In this type of
configuration the application server software provides the components to build
and deploy the highly available enterprise application.
Important: You must use Configuration Manager, rather than a manual method, to
create the data sources that Content Platform Engine uses to connect to a database.
A data source that you create manually (by interacting directly with an application
server interface) can include, by default, many unnecessary and potentially
harmful custom properties. Also, for some combinations of database type and
application server type, Configuration Manager adds some special custom
properties to the data source it creates, which you might fail to include if you
create the data source manually. Without these added custom properties, runtime
errors can occur when Content Platform Engine tries to connect to a database.
1. Creating the WebSphere profile for Content Platform Engine on page 100
You must create an IBM WebSphere Application Server profile for Content
Platform Engine if you do not already have a profile.

2. Specifying the WebSphere environment variables on page 101
You must specify the IBM WebSphere Application Server environment variables
so that Content Platform Engine can access its databases.
3. Setting the primary administrative user name on page 103
If you are using IBM WebSphere Application Server federated repositories for
LDAP authentication, you must ensure that the name you entered for the
WebSphere Application Server primary administrative user name is unique
across all realms.
4. Setting host aliases for deployment on multiple servers on page 103
If you are deploying Content Platform Engine to multiple IBM WebSphere
Application Server servers on the same WebSphere node, you must define the
host alias and port numbers.
5. Setting permissions for the Configuration Manager user on page 103
Configuration Manager must be run by an operating system account that has
been granted certain directory permissions.
6. Configuring the load-balancer or proxy server on page 104
You can configure the load-balancer or proxy server to manage user requests
over multiple application servers.
7. Preparing for database failover support on page 104
You need to compare the default parameter values for database failover and
determine whether to retain them.
Creating the WebSphere profile for Content Platform Engine:
You must create an IBM WebSphere Application Server profile for Content
Platform Engine if you do not already have a profile.
To create the WebSphere profile for Content Platform Engine:

1. Run the command script at one of the following (default) locations to create a
new profile.
Option Description
AIX /usr/IBM/WebSphere/AppServer/bin/
manageprofiles.sh
HPUX, HPUXi, Linux, Linux for System z, /opt/IBM/WebSphere/AppServer/bin/
Solaris manageprofiles.sh
Windows C:\Program Files\IBM\WebSphere\AppServer\
bin\manageprofiles.bat
2.
Record application server values in your customized Installation and Upgrade

Worksheet. To find these properties, use the Autofilter drop-down arrow in
Column E, Installation or Configuration Program, to select CM: Create New
Installation Profile. Then use the Autofilter drop-down arrow in Column D,
ISV Component Vendor, to select WebSphere.
3. Grant write permission to the group cpe_appserver_install_group (the user who
runs Configuration Manager belongs to this group) on the following files in the
logs directory of the WebSphere profile for Content Platform Engine:
v wsadmin.traceout
v wsadmin.valout

You can find these files in one of the following locations:
Option Description
AIX /usr/IBM/WebSphere/AppServer/profiles/
profile_name/logs
HPUX, HPUXi, Linux, Linux for System z, /opt/IBM/WebSphere/AppServer/profiles/
Solaris profile_name/logs
Windows C:\Program Files\IBM\WebSphere\AppServer\
profiles\profile_name\logs
where profile_name is the name of the WebSphere profile (for example,

AppServer01).
Specifying the WebSphere environment variables:
You must specify the IBM WebSphere Application Server environment variables so
that Content Platform Engine can access its databases.
See IBM FileNet P8 system requirements for information on the JDBC driver file for
the database type that you need for the global configuration database (GCD) or for
an object store or Case Analyzer store you create later. The version of the JDBC
driver file must match the version of the JDK on the system where WebSphere
Application Server is installed.
To specify the WebSphere environment variables:

1. Install JDBC drivers on each WebSphere Application Server node where you
will deploy Content Platform Engine.
a. Obtain the JDBC drivers for your database type.
DB2 Access the IBM website and find the version of the Redistributable
DB2 JDBC Driver that matches the version of the JDK on the system
where WebSphere Application Server is installed.
Microsoft SQL Server
Access the Microsoft Support website and find the version of the
SQL Server JDBC Driver that matches the version of the JDK on the
system where WebSphere Application Server is installed.
Oracle To obtain the JDBC driver file, browse to the web page that pertains
to the Oracle Database version that you are using:
v Oracle Database 11g Release 2 JDBC Drivers:
http://www.oracle.com/technetwork/database/enterprise-
edition/jdbc-112010-090769.html
v Oracle Database 12.1.0.1 JDBC Driver & UCP Downloads:
http://www.oracle.com/technetwork/database/features/jdbc/
jdbc-drivers-12c-download-1958347.html
b. Extract and copy the JDBC driver file to the following suggested location:
AIX, HPUX, HPUXi, Linux, Solaris
/opt/jars
Do not copy the file to ...WebSphere/AppServer/lib/ext.
Windows
C:\jars
Do not copy the file to ...WebSphere\AppServer\lib\ext.

2. Start the WebSphere Application Server administrative console and log on to
your Content Platform Engine profile as appserver_console_user, the
Administrator Console User and complete the following substeps to configure
the Content Platform Engine nodes or cluster (if applicable).
a. Navigate to Environment > WebSphere Variables.
b. Select Cell scope from the All scopes list.
c. Set the value of the variable to the JDBC driver path that you specified
when you installed the JDBC drivers on the IBM WebSphere Application
Server machine. (If the variable does not exist, create it and then set its
value.)
d. Select Node scope from the All scopes list. In a cluster configuration, select
Node scope for all the nodes in the Content Platform Engine cluster.
e. In the table of substitution variables, click the item name in the Name
column that corresponds to the JDBC environment variable for your
database type in the Database environment variables table below.
Table 17. Database environment variables
Database JDBC Environment Variable
SQL Server MICROSOFT_JDBC_DRIVER_PATH
Oracle ORACLE_JDBC_DRIVER_PATH
DB2 (JDBC 4.0)
DB2_JCC_DRIVER_PATH
f. Set the value of the name_JDBC_DRIVER_PATH item to the JDBC driver

path you specified (/opt/jars or C:\jars).
g. Optional: Select Server scope from the All scopes list. This step is not
required unless you defined the JDBC_DRIVER_PATH variable at the server
scope level.
h. In the table of substitution variables, click the item name in the Name
column that corresponds to the JDBC environment variable for your
database type in the Database environment variables table.
i. Set the value of the name_JDBC_DRIVER_PATH item to the JDBC driver
path you specified (/opt/jars or C:\jars).
j. Save your changes to the master configuration.
3. Navigate to Servers > Application servers > server1 > Java and Process
Management > Process Definition > Java Virtual Machine, and set the initial
and maximum heap sizes, where server1 is the name of the server where you
will deploy Content Platform Engine.
a. Set the values for the initial and maximum heap sizes:
Table 18. Values for initial and maximum heap size
Parameter Value (in MB)
Initial Heap Size At least 512
Maximum Heap Size 1024 or a size consistent with available RAM
on the machine where WebSphere
Application Server is installed
b. Set the following JVM parameters:

v -Duser.language=en
v -Duser.region=US
v -Duser.country=US

c. Save your changes to the master configuration.
4. Optional: Increase the maximum transaction timeout to prevent administrative
processes from failing:
a. Navigate to the screen containing the Maximum transaction timeout
parameter:
v Click Servers > Server Types > WebSphere application servers > server1
> [Container Settings] Container Services > Transaction Service.
b. Click the Configuration tab, and set the Maximum transaction timeout
parameter value to at least 600 (seconds), and increase the Total transaction
lifetime timeout as well.
Important: If the timeout value is not large enough, some administrative

processes (such as adding an expansion product) might fail.
c. Click Apply and then click Save.
5. Repeat this procedure as needed for any object store that uses a different
database type.
Setting the primary administrative user name:
If you are using IBM WebSphere Application Server federated repositories for
LDAP authentication, you must ensure that the name you entered for the
WebSphere Application Server primary administrative user name is unique across
all realms.
Setting host aliases for deployment on multiple servers:
If you are deploying Content Platform Engine to multiple IBM WebSphere

Application Server servers on the same WebSphere node, you must define the host
alias and port numbers.
To set the host alias:

1. Log in to the WebSphere administrative console.
2. Navigate to Environment > Virtual Hosts > default host > Host Aliases.
3. If you are using SSL, add an alias for the SSL port number, such as port 9081.
4. Add an alias for the non-SSL port number, such as port 9444.
5. Click Apply.
Setting permissions for the Configuration Manager user:
Configuration Manager must be run by an operating system account that has been
granted certain directory permissions.
1. Set permissions for the Configuration Manager user (config_mgr_user) on the
WebSphere Application Server profile directory and all its subdirectories where
Content Platform Engine will be deployed:
Option Description
AIX, HPUX, HPUXi, Linux, Solaris Read, write, and execute permissions
Windows Read & Execute, and Write permission
2. Set write permission for the Configuration Manager user on the WebSphere lib
directory, for example /opt/IBM/WebSphere/AppServer/lib.

Configuring the load-balancer or proxy server:
You can configure the load-balancer or proxy server to manage user requests over
multiple application servers.
Load-balancers and proxy-servers are typically used to direct users to different

instances throughout a highly available application server configuration. When one
server goes down the system automatically redirects the user to another running
server instance.
If you use a load-balancer or proxy server in this configuration you must use the
virtual name when performing installation steps that require a server name for a
Content Platform Engine server, with the exception of IBM Administration Console
for Content Platform Engine and other administrative applications.
Session affinity is required for Application Engine and Workplace XT only.
Preparing for database failover support:
You need to compare the default parameter values for database failover and
determine whether to retain them.
If you enable it to do so, Configuration Manager automatically assigns default

values to the database failover parameter values when it runs the tasks to
configure JDBC data sources for the global configuration database and object
stores.
The following table shows the default values that Configuration Manager assigns
to the database failover parameters.
Table 19. Retries for new connections
Parameter Value
Number of retries for new connections 100
Retry interval for new connections 3 seconds
Retry interval for existing connections 0 seconds
To determine whether to let Configuration Manager set these values, you need to
compare these default values with the values that are optimized for your database
cluster. If you enableConfiguration Manager to assign default values, you can still
change them before you deploy Content Platform Engine.
Configuring WebLogic Server for Content Platform Engine

You need to configure WebLogic Server after installing it on the machine where
you are going to install and deploy Content Platform Engine.
Before you install and deploy Content Platform Engine on a WebLogic Server
machine, you must create a WebLogic Server domain and install JDBC drivers.
(The drivers must be installed on the WebLogic Server machine whether your
database is collocated or not).
Content Platform Engine is an enterprise application running on a Java application

server and can be configured in a high availability environment. In this
configuration, an administrative server manages a number of application server
instances. Applications and configuration changes are implemented by using an

administrative server/interface and sent to each cluster node. In this type of
configuration, the application server software provides the components to build
and deploy the highly available enterprise application.
To configure WebLogic Server:

1. Use the WebLogic Configuration wizard to create a WebLogic Server domain
for Content Platform Engine. In the following steps, use the domain name
FNCEDomain. Keep in mind the following as you configure the domain:
a. Set the server start mode to Production mode.
b. Select the appropriate Java Development Kit (JDK) for your environment, as
specified in the IBM FileNet P8 system requirements at IBM FileNet P8 system
requirements at .
2. Use the WebLogic Administration Console to configure the following settings:
a. Optional: Create a WebLogic Server authentication provider. You can use
the Content Platform Engine Configuration Manager tool to create a
WebLogic Server authentication provider later on, or you can create the
provider now by using the WebLogic Console.
Important: In some situations (for example, if you have a single-sign-on

provider, such as Netegrity SiteMinder), Configuration Manager cannot
configure a WebLogic authentication provider.
b. For performance reasons set the parameters that control searches within the
authentication provider, as shown in the following table:
Table 20. Authentication provider search parameters
Parameter Value Description
Group Membership Searching unlimited Group searches are unlimited
in depth
Max Group Membership 0 Only direct group members
Search Level are found
If you encounter performance problems, change the Group Membership

Searching parameter value to limited.
c. If you do not use Configuration Manager to configure your LDAP settings,
set the Control Flag value. Set the Control Flag to REQUIRED to allow
logons to FNCEDomain by LDAP-authenticated users in the Default
Authenticator who are not in the active security realm of FNCEDomain. The
Configuration Manager tool sets this flag when you run the Configure
LDAP task.
d. If you are using multiple authentication providers in an Active Directory
environment of multi-forest domains, reorder (as needed) the list of
providers so that the most frequently used provider is first in the list, and

the least frequently used is last. Reordering is necessary to prevent logon
failures when FileNet P8 Workplace is being accessed by many users
simultaneously.
e. Specify the following heap sizes for the JVM:
Initial Java heap size (-Xms):
512 MB
Maximum Java heap size (-Xmx):
1024 MB
f. Set the following JVM parameters:
v -Duser.region=US
v -Duser.country=US
3. See IBM FileNet P8 system requirements at IBM FileNet P8 system requirements
at for information about the JDBC driver file for the database type that you
need for the GCD or for an object store that you create later.
4. Depending on your database, use one of the following procedures to install the
JDBC drivers.
DB2
a. Obtain the latest version of the Redistributable DB2 JDBC Driver
from the IBM web site that matches the version of the JDK on your
WebLogic Server machine.
b. Add the db2jcc.jar and db2jcc_license_cu.jar files to the
WebLogic Server classpath. by editing the file startWebLogic.cmd or
startWebLogic.sh for the WebLogic Server domain you created. For
example:
set CLASSPATH=%CLASSPATH%;c:\db2\jdbc\db2jcc.jar;c:\db2\
jdbc\db2jcc_license_cu.jar
a. Download and unzip the version of SQL Server JDBC Driver from
Microsoft Support that matches the version of the JDK on your
WebLogic Server machine. Place the JDBC driver file in a directory
jdbc_path on your application server machine, such as:
/opt/jars
Windows
C:\jars
b. Perform the following step, depending on your operating system
type.
Edit the file startWebLogic.sh by inserting the following
two lines immediately after the first occurrence of the line
CLASSPATH=...
JDBC_PATH="jdbc_path/sqljdbc20/enu/sqljdbc4.jar"
CLASSPATH="$JDBC_PATH:$CLASSPATH"
Windows
Edit the file startWebLogic.cmd (by default, in the directory
C:\WL_HOME\user_projects\domains\bin\FNCEDomain ) for

the WebLogic domain you created. Insert the following two
lines immediately after the first occurrence of the line
CLASSPATH=...
set JDBC_PATH=jdbc_path\sqljdbc_1.0\enu\sqljdbc.jar
set CLASSPATH=%JDBC_PATH%;%CLASSPATH%
Oracle
a. Check to see if the Oracle JDBC Driver file is already on your
WebLogic machine by searching for ojdbc##.jar in the
wls_install_path/server/lib directory, where wls_install_path is the
WebLogic Server installation path.
b. If no Oracle JDBC Driver file is present, download the file (the one
that matches the version of the JDK on your WebLogic Server
machine) from the Oracle JDBC Driver Downloads web site to a
directory on the WebLogic machine.
Restriction: If you intend to install add-ons (extensions to IBM

FileNet P8 core components), and your Content Platform Engine
database is Oracle, your Oracle JDBC Driver file requirements might
be more restrictive. For the required version and patch number, see
the IBM FileNet P8 system requirements.
c. From the Oracle web site, apply the patch Oracle Patch
Ojdbc##.jar.
d. For the WebLogic Server domain that you created, apply the
following changes:
Windows
In the file startWebLogic.cmd, insert the following two lines
immediately after the first set CLASSPATH line:
set JDBC_PATH=jdbc_path\ojdbc##.jar
set CLASSPATH=%JDBC_PATH%;%CLASSPATH%
In the file startWebLogic.sh, insert the following two lines
immediately after the first CLASSPATH line:
JDBC_PATH="jdbc_path/ojdbc##.jar"
CLASSPATH="$JDBC_PATH:$CLASSPATH"
5. If your application server uses the IBM JVM, edit the JAVA_OPTIONS variable
to improve performance.
AIX (WebLogic version 9.2 with IBM Java 5 SR2 JDK only) Add the
following line to the setDomainEnv.sh file file. Do not type any line
breaks.
JAVA_OPTIONS="$JAVA_OPTIONS
-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"
HPUX, HPUXi, Linux, Solaris
Immediately before the SAVE_JAVA_OPTIONS=$JAVA_OPTIONS line in the
startWebLogic.sh file, insert the following line. Do not type any line
breaks.
JAVA_OPTIONS="$JAVA_OPTIONS -Dprogram.name=$PROGNAME
-Dfilenet.pe.peorb.pool.min=2 -Dfilenet.pe.peorb.pool.max=5"
Windows
Immediately before the set SAVE_JAVA_OPTIONS=%JAVA_OPTIONS% line in
the startWebLogic.cmd file, insert this line. Do not type any line breaks.
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dprogram.name=%PROGNAME%
-Dfilenet.pe.peorb.pool.min=2 -Dfilenet.pe.peorb.pool.max=5

6. Stop and then start WebLogic Server.
7. Give the Configuration Manager user, config_mgr_user, the following
permissions:
a. Read, write, and execute permission on the domain directory
../users_projects/domains/your_domain.
b. Read and execute permission on the ../common/bin directory.
8.

Installation Profile. Then, use the Autofilter drop-down arrow in Column D,
ISV Component Vendor, to select WebLogic.
Configuring JBoss Application Server for Content Platform

Engine
JBoss Application Server requires some configurations before you install Content
Platform Engine.
Ensure that JBoss Application Server is installed on the machine where you intend
to deploy Content Platform Engine.
Note: JBoss Application Server clusters do not use a separate administrative server,
and configuration changes are implemented on each cluster node separately in a
highly available environment.
Configuring JBoss Application Server for Content Platform Engine
JBoss Application Server requires some configurations before you install
Strengthening Content Platform Engine server security under JBoss
Application Server on page 111
In FileNet P8 environments the Content Platform Engine server assumes that a
user's short name passed to it by means of an IIOP request from Application
Engine, Workplace XT, or an associated custom application has been properly
authenticated and can be trusted.
Configuring JBoss Application Server clusters on page 111
JBoss Application Server servers can be grouped together into a cluster for
performance or to provide high availability. This guide provides only minimal
instructions for setting up a JBoss Application Server cluster.
Configuring JBoss Application Server for Content Platform Engine:
JBoss Application Server requires some configurations before you install Content
Platform Engine.

Ensure that JBoss Application Server is installed on the machine where you intend
to deploy Content Platform Engine.
Note: JBoss Application Server clusters do not use a separate administrative server,
and configuration changes are implemented on each cluster node separately in a
highly available environment.
To configure JBoss Application Server for Content Platform Engine:

1. Navigate to the configuration file set directory.
Option Description
Standard deployment jboss_install_dir/server
Cluster deployment (required for high jboss_install_dir/all
availability)
2. Create a new configuration file set by copying the configuration file set to a
new directory. For JBoss Application Server 5.0.0 and higher, the configuration
file set is the standard subdirectory. For JBoss Application Server versions less
than 5.0.0, the configuration file set is the default directory.
Option Description
Standard deployment Copy the configuration file set to a new
directory within the /server directory. For
example, copy the files to
jboss_install_dir/server/server1.
Cluster deployment Copy the configuration file set to a new
directory within the /all directory. For
example, copy the files to
jboss_install_dir/all/server1.
jboss_install_dir is the directory where JBoss is installed.

3.

Installation Profile. Then use the Autofilter drop-down arrow in Column D,
ISV Component Vendor, to select JBoss.
4. In the jboss_install_dir/bin directory, edit the configuration file run.conf
(AIX, HPUX, and Linux), run.bat (Windows and JBoss 5.0), or run.conf.bat
(Windows and JBoss 5.1):

a. Add a line to specify the path to the JAVA Development Kit (JDK) on the
machine where JBoss Application Server is installed, as shown in the
following example:
JAVA_HOME="path_to_Java_JDK"
b. In the JAVA_OPTS line, change the -Xms and -Xmx values from -Xms128m
-Xmx512m to -Xms512m -Xmx1024m.
c. Set the following JVM parameters:
v -Duser.region=US
v -Duser.country=US
d. Save your edits.
5. Refer to theIBM FileNet P8 system requirements for information on the JDBC
driver file for the database type that you need for the GCD or for an object
store you will be creating later.
6. Install JDBC drivers on the JBoss Application Server machine, as follows:
a. Obtain the JDBC drivers, depending on your database type.
DB2 Find the latest version of the Redistributable DB2 JDBC Driver 4.0
driver from the IBM website by searching for JDBC 4.0.
Find the version of Microsoft JDBC Driver at Microsoft Support that
matches the version of the JDK on the JBoss Application Server
machine.
Oracle Access the Oracle JDBC Driver Downloads website and find the
JDBC driver file that matches the version of the JDK on the JBoss
Application Server machine.
b. Place the file JDBC driver file in the CLASSPATH.
Standard deployment
Copy the JDBC driver file to the jboss_install_dir/server/
server1/lib directory.
Cluster deployment
Copy the JDBC driver file to the jboss_install_dir/all/server1/
lib directory.
7. If you are deploying multiple instances of Content Platform Engine on the
same server, do the following for each additional instance:
a. Copy the configuration file set that you just created and modified from the
jboss_install_dir/server/server1 directory to a new directory. Use a
separate directory for each instance. For example, copy the
jboss_install_dir/server/server1 directory to jboss_install_dir/server/
server2 and jboss_install_dir/server/server3.
b. Assign unique port numbers to each instance. Refer to your JBoss
Application Server documentation for details.
8. If it is not already running, start the web application server as follows, and
leave the command window open:
Option Description
AIX, HPUX, Linux, Solaris, and JBoss 5.0 ./run.sh -c server1 -b 0.0.0.0
and 5.1
Windows and JBoss 5.0 run.bat -c server1 -b 0.0.0.0
Windows and JBoss 5.1 run.conf.bat -c server -b 0.0.0.0

Strengthening Content Platform Engine server security under JBoss Application
Server:
In FileNet P8 environments the Content Platform Engine server assumes that a

user's short name passed to it by means of an IIOP request from Application
Engine, Workplace XT, or an associated custom application has been properly
authenticated and can be trusted.
WebSphere Application Server and Oracle WebLogic Suite have mechanisms such
as Lightweight Third-Party Authentication (LTPA) keys to secure IIOP
communications, which establishes this sort of trust relationship between Java
Virtual Machines (JVMs). However, because JBoss Application Server has no such
feature to prevent unauthenticated access, a security risk is exposed between the
Content Platform Engine JVM and the calling application's JVM.
To mitigate the risk of passing unauthenticated user short names to Content

Platform Engine server under JBoss Application Server, place a firewall on the
Content Platform Engine server to allow only trusted JVMs associated with
Application Engine, Workplace XT, or custom applications to connect to the
Content Platform Engine JVM IIOP port.
Configuring JBoss Application Server clusters:
JBoss Application Server servers can be grouped together into a cluster for
performance or to provide high availability. This guide provides only minimal
instructions for setting up a JBoss Application Server cluster.
Because JBoss Application Server clusters do not have an administrative server,

you will choose a single JBoss Application Server on which to install and configure
the first instance of Content Platform Engine, then copy the necessary files to the
rest of the nodes in the cluster.
In a highly available JBoss cluster environment Application Engine and Content

Platform Engine must reside in separate JBoss clusters. Unless given a unique
name, all JBoss nodes will be part of the cluster "Default."
| To effectively run load balancing tasks, all instances of the Content Platform
| Engine must reside in a single JBoss cluster. EJB load balancing cannot span
| multiple JBoss clusters.
For each Application Engine node, uniquely name the cluster something other than
default.
Update the JBoss startup file on both Application Engine cluster nodes from:
JBOSSSH=${JBOSSSH:-"$JBOSS_HOME/bin/run.sh -c $JBOSS_CONF -b $JBOSS_HOST"}
to
JBOSSSH=${JBOSSSH:-"$JBOSS_HOME/bin/run.sh -c $JBOSS_CONF -b $JBOSS_HOST"}
-Djboss.partition.name=JBossP8AE
Configuring application servers (high availability environments)

You must configure application servers for high availability.
Configure the application server on each node with the following modification:

v WebSphere Application Server:
Follow the instructions for configuring WebSphere Application Server for
Content Platform Engine, but set the JDBC parameters for the nodes by using
the administrative console, not the individual servers.
v WebLogic Server:
Follow the instructions Guide for configuring WebLogic Server for Content
Platform Engine.
v JBoss Application Server:
Follow the instructions for configuring JBoss Application Server for Content
Platform Engine, but use JBOSS_DIST/all as the base configuration file set
instead of JBOSS_DIST/server.
| Configuring WebSphere Application Server for IBM Content

| Navigator
| You must install WebSphere Application Server on the machine where you are
| going to install and deploy IBM Content Navigator.
| Review the information that is provided in Planning for your web application
| server to prepare for the IBM WebSphere Application Server configuration.
| For instructions on configuring WebSphere Application Server for IBM Content

| Navigator, see the topics in Preparing WebSphere Application Server for IBM
| Content Navigator components.
| Configuring WebLogic Server for IBM Content Navigator

| You must install WebLogic Server on the machine where you are going to install
| and deploy IBM Content Navigator.
| Review the information that is provided in Planning for your web application
| server to prepare for the Oracle WebLogic Server configuration.
| For instructions on configuring WebLogic Server for IBM Content Navigator, see
| the topics in Preparing Oracle WebLogic Server for IBM Content Navigator
| components.
Configuring WebSphere Application Server for Application

Engine or Workplace XT
going to install and deploy Application Engine or Workplace XT.
Application Engine or Workplace XT can be collocated with Content Platform

Engine as long as the server is appropriately sized. However, each instance of the
Application Engine or Workplace XT and each instance of the Content Platform
Engine must run in its own JVM. For assistance in sizing your system, access the
IBM FileNet P8 Platform support site.
To configure WebSphere Application Server:

1. Verify that the application server is set to use JSESSIONID as the default cookie
name. To avoid forcing end users to log in individually to applets such as
Process Designer, Search Designer, and Process Simulator, configure the
application server to use JSESSIONID as cookie name, and not use
application-unique cookie names. Using JSESSIONID is typically the default
setting for the supported application servers. Both Application Engine and
Workplace XT use cookie names to pass session information between
Application Engine or Workplace XT and the client browser.

2. Determine the Initial and Maximum Heap Size. Refer to your application server
vendor's recommendation for Initial and Maximum heap size values. You will
use this information when you configure WebSphere Application Server after
you install Application Engine or Workplace XT.
3. When WebSphere is running as a service and a UNC path is specified in
web.xml for configuration, upload, and download directories, the account that is
specified to run the WebSphere service must have permissions to the share of
the UNC path.
Configuring WebLogic Server for Application Engine or

Workplace XT
You must install Oracle WebLogic Server on the machine where you are going to
install and deploy Application Engine or Workplace XT.
Application Engine or Workplace XT can be collocated with Content Platform

Engine as long as the server is appropriately sized. However, each instance of
IBM FileNet P8 Platform support site.
To configure WebLogic Server:

Workplace XT use cookie names for passing session information between
2. Create a WebLogic Server domain before installing and deploying Application
Engine or Workplace XT. Refer to your WebLogic Server documentation for
detailed instructions.
Important: You will perform further configuration on Workplace XT after you

perform the installation.
3. Enable trust between the Content Platform Engine WebLogic domain and the
Application Engine or Workplace XT WebLogic domain. If you have already
configured a trust on the Content Platform Engine, perform these steps only on
the Application Engine or Workplace XT server.
a. Prepare the WebLogic Administration Console for editing.
b. In the advanced security settings for your domain, enter the same password
for both the Content Platform Engine domain and the Application Engine or
Workplace XT domain.
c. Save and activate your changes.
d. Restart the server if needed.
e. Repeat this procedure in each domain for which you want to enable trust.
Important: If you are enabling this feature in a managed server

environment, you must stop the Administration server and all the Managed
Servers in both domains and then restart them. If this step is not performed,
servers that were not rebooted will not trust the servers that were rebooted.
Refer to your WebLogic Server documentation for more information.

Configuring JBoss Application Server for Application Engine or
Workplace XT
You must install JBoss Application Server on the machine where you are going to
install and deploy Application Engine or Workplace XT.
Application Engine and Workplace XT can be collocated with Content Platform

Engine as long as the server is appropriately sized. However, each instance of
FileNet P8 support site.
To configure JBoss Application Server:

1. In a high availability clustered server environment, verify that the Content
Platform Engine and Application Engine/Workplace XT clusters have different
names. See Configuring JBoss Application Server clusters on page 111
Workplace XT use cookie names for passing session information between
Important: You will perform further configuration on JBoss Application Server

after you perform the installation.
Starting or stopping an application server instance

You need to be able to start or stop an application server instance when working
with Content Platform Engine.
To start or stop an application server instance:
Depending on your application server type, run one of the following commands to
start or stop an application server instance:
Table 21. How to start or stop an application server instance
Command to start an Command to stop an
Application server type application server instance application server instance
WebSphere Application startServer stopServer
Server
JBoss Application Server run stop
Oracle WebLogic Server startWebLogic stopWebLogic
In a high availability environment, when instructed to start or stop an application

server instance, start or stop the nodes unless otherwise specified.
Resolving the names of existing data sources

You must create data sources for the global configuration database and your object
store databases. Configuration Manager does not create a new data source with the
same name as that of an existing data source. If you want to reuse a data source
name, you must resolve data source naming conflicts before using Configuration
Manager to configure the JDBC data sources.

Complete this procedure only if you already created data source names by using
your application server administration tools, and you want to use Configuration
Manager to create data sources with the same names.
To resolve the names of existing data sources:

1. Use your application server administration tools to determine if the data source
names that you selected already exist.
2. If you have a duplicate data source name that you want to use, manually
delete the existing data source from your application server. See your
application server documentation for more information.
Application Engine/Workplace XT in a highly available

environment
You can install and configure Application Engine/Workplace XT in a highly
available FileNet P8 environment to provide access to the FileNet P8 content on
the corresponding Application Engine/Workplace XT Web application.
Complete these additional Application Server Administrator planning and

preparation tasks for Application Engine/Workplace XT in a highly available
environment.
Configuring the application server for Application Engine/Workplace XT in a
highly available environment
You can create clusters of supported application servers.
Configuring load-balancer or proxy server on page 116
Before installing and configuring Application Engine or Workplace XT in a
highly available environment, verify that your load balancer or proxy server
has been set up correctly.
Planning for Workplace/Workplace XT shared settings on page 116
You can store Workplace/Workplace XT settings in a shared configuration
directory for high availability environments. This directory can reside on a
shared device as needed.
Configuring the application server for Application Engine/Workplace XT in a

highly available environment:
You can create clusters of supported application servers.
Application Engine/Workplace XT is an enterprise application running on a Java

application server and should be made highly available by using either of the
following configurations:
Application Server clusters

v (WebSphere, WebLogic) Managed Application Server Clusters
An administrative server manages a number of application server instances.
Applications and configuration changes are implemented by using an
administrative server/interface and sent to each cluster node.
In this type of configuration the application server software provides the
components to build and deploy the highly available enterprise application.
v (JBoss) Application Server Clusters
JBoss application server clusters do not use a separate administrative server, and
configuration changes are implemented on each cluster node separately.

Farm of independent Application Server instances.
A number of separate server instances run independently behind a load-balancer

or proxy device. No central administration server is used. You must install and
deploy on each farm node.
Configuring load-balancer or proxy server:
Before installing and configuring Application Engine or Workplace XT in a highly

available environment, verify that your load balancer or proxy server has been set
up correctly.
v A load balancing or proxy device will typically direct users to different instances
throughout the group of highly available servers. When one server goes down a
user is automatically directed to an already running instance.
v The load-balancing device can be a hardware or software implementation of a
proxy or load-balancer.
See the application server software's hardware and software support
requirements to determine the supported load-balancing or proxy device
supported for you configuration.
v Application Engine and Workplace XT do not support directory security when
using IIS as a proxy in front of WebSphere Application Server.
Identify the Base URL for the load balancer or proxy server When installing any
components that request the URL of a deployed Workplace or Workplace XT
instance in a highly available configuration, you must use the URL that directs
users to your load-balancing or proxy device.
Tip: Do not specifying a single Application Engine/Workplace XT server. This will

introduce a single point of failure in the environment.
If you are using load-balancer or proxy device in your configuration you must use
the load-balancer or proxy device to log on to Workplace or Workplace XT for the
first time. Doing this ensures that the Base URL setting, which must be set to the
load-balancer or proxy URL, is correctly set.
If the application is deployed to a farm of application servers, and a load-balancer
is configured for this farm, then a URL could be:
Application Engine: http://loadbalancer URL:loadbalancer port/Workplace
Workplace XT: http://loadbalancer URL:loadbalancer port/WorkplaceXT Use
this URL when completing the installation steps.
Planning for Workplace/Workplace XT shared settings:
You can store Workplace/Workplace XT settings in a shared configuration

directory for high availability environments. This directory can reside on a shared
device as needed.
v If you deploy your Workplace/Workplace XT Web application as a Windows
service on WebSphere, do not use mapped drives to reference shared
configuration folders. Instead, use a UNC share. Note that UNC shares cannot
be Windows administrative shares such as \\host\c$.
v If the share is mountable the mount must be online when Workplace/Workplace
XT is started and accessed.
v If the shared configuration directory is not accessible an error page is returned
when a user tries to access the Workplace/Workplace XT sign-in page.
v Aside from the shared configuration directory no other Application
Engine/Workplace XT software has to reside on shared storage.

v Overwriting of configuration files on subsequent installations.
If you are performing an installation by using a shared configuration
directory be aware that all installations of Application Engine/Workplace XT
will replace any files that exist in the shared configuration directory.
If an installation has been completed and settings such as the bootstrap
information have already been set then any subsequent installations by using
the same shared configuration directory will result in the files being
overwritten, losing any settings that have been made.
To preserve the settings in the shared configuration directory you should back
up the files in the shared configuration directory and restore them when you
have completed the installation.
Remember: This is not an issue for configurations where all Application

Engine/Workplace XT installations are performed at the same time, but for
cases where the installer must be run again (to add a node to the
configuration for example).
Accessing the documentation

The base documentation URL identifies the server where the IBM FileNet P8
documentation is located. You must decide whether you want to access the online
documentation in IBM Knowledge Center or a locally installed information center.
The simplest way to access documentation is by using the IBM FileNet P8 online
documentation at http://www.ibm.com/support/knowledgecenter/SSNW2F_5.2.1.
However, if this is not possible, for example because your application is in an
environment where internet access is not available, you can install documentation
on a local application server and deploy the help as a web application. The
following table compares the options.
Table 22. Comparing IBM Knowledge Center online documentation and the local information
center
Online documentation Local information center
Requires internet access Yes No
Requires local application No Yes
server
Supports mixed versions of No Yes
IBM FileNet P8 components
Is customizable No Yes
If you install the information center locally, you can use an application server that
is uniquely dedicated for that purpose, or you can use one that is prepared for
Content Platform Engine, Application Engine, or Workplace XT.
To determine the value for the base documentation URL for your documentation:
1. Determine the base documentation URL as follows, depending on which
documentation option you have chosen to use:
Option Description
Online documentation in IBM Knowledge http://www.ibm.com/support/
Center knowledgecenter/SSNW2F_5.2.1/

Option Description
Locally installed information center http://server-name:port/application-
name/topic/
server-name
The name of the server where the IBM
FileNet P8 local information center will
be installed.
port
The optional port number.
application-name
The name of the deployed IBM FileNet
P8 documentation application. The
application name is typically p8docs.
For a server-name of myserver, a port of

8080, and an application-name of p8docs, the
base documentation URL is
http://myserver:8080/p8docs/topic/.
2.
Record the base documentation URL in your customized Installation and

Upgrade Worksheet for each instance of that property for each component that
requires it. To find this property, search the worksheet for instances of
Documentation server URL or Documentation URL in Column F, Property or
Parameter (in user interface).
Option Description
Workplace XT Append com.ibm.p8.xt.user.doc/ to the
initial portion of the base documentation
URL. For example, the base documentation
URL for Workplace XT would be
http://www.ibm.com/support/
knowledgecenter/SSNW2F_5.2.1/
com.ibm.p8.xt.user.doc/.
Workplace Append com.ibm.p8.doc/ to the initial
portion of the base documentation URL. For
example, the base documentation URL for
Workplace would be http://www.ibm.com/
support/knowledgecenter/SSNW2F_5.2.1/
com.ibm.p8.doc/.
All other components Enter only the initial portion of the base
documentation URL, for example,
http://www.ibm.com/support/
knowledgecenter/SSNW2F_5.2.1/.

Planning and preparing for FileNet P8 upgrade
To prepare to upgrade your FileNet P8 installation, you must review the upgrade
planning information to determine what kind of upgrade you will carry out. You
must also complete the prerequisite tasks assigned to the various Roles.
Planning the upgrade
Carefully review the information provided to plan your FileNet P8 system
upgrade.
Performing the required upgrade preparation tasks on page 130
To efficiently carry out the required upgrade preparation tasks, assign a
member of your staff to carry out the tasks assigned to each role.
Planning the upgrade

Carefully review the information provided to plan your FileNet P8 system
upgrade.
In version 5.2, the Content Engine, Process Engine, and Case Analyzer were
combined and now run as a single deployed application. This is the Content
Platform Engine. This content and workflow management software runs on every
application server instance where it is deployed. It is recommended that you
contact your IBM representative to review capacity planning and load balancing
before you upgrade.
All data in the existing global configuration database, object stores, and workflow
system are automatically upgraded when you deploy the upgraded Content
Platform Engine EAR file.
Upgrade scenarios
Upgrade planning depends on the details of your existing installation. The
starting version and platform choices all influence the upgrade path of your
existing components.
Upgrade planning considerations on page 124
Review all upgrade planning information related to requirements for upgrading
an FileNet P8 system and expansion products, as well as other vendor products
associated with the FileNet P8.
Definition of upgrade roles on page 127
Your organization may have different roles, and some of the responsibilities of
listed roles will vary from those assigned by default.
required to complete FileNet P8 installation, upgrade, and configuration
programs, and provides a way to record the values you assign to these
properties and parameters.
Upgrade scenarios
Upgrade planning depends on the details of your existing installation. The starting
version and platform choices all influence the upgrade path of your existing
components.

Starting with version 5.2, Content Engine, Process Engine, and Case Analyzer are
combined into the Content Platform Engine. The Content Platform Engine server is
installed from a single installation program, and configured and deployed as a
single application server instance.
Table 23. Versions of components that can be upgraded.
Versions of components that can be

Component upgraded to FileNet P8 5.2.1
Content Platform Engine 5.2.0
Content Engine 4.5.1, 5.0.0, or 5.1.0
Process Engine 4.5.1, 5.0.0, or 5.1.0
Application Engine Application Engine software is not being
updated in the 5.2.1 FileNet P8 software
release.
(For upgrades from 5.2.0): The only

requirement is to update Content Platform
Engine client files on all Application Engine
servers.
(For upgrades from 4.5.1, 5.0.0, 5.1.0) Follow

the appropriate version of the Application
Engine upgrade instructions.
Workplace XT Workplace XT software is not being updated
in the 5.2.1 FileNet P8 software release.
(For upgrades from 5.2.0): The only

requirement is to update Content Platform
Engine client files on all Workplace XT
servers.
(For upgrades from 4.5.1, 5.0.0, 5.1.0) Follow

Workplace XT upgrade instructions. See
Installing the latest Content Engine Client
files on Workplace XT servers.
IBM Content Navigator IBM Content Navigator software is not being
updated in the 5.2.1 FileNet P8 software
release.
The only requirement is to update Content

Platform Engine client files on all IBM
Content Navigator servers.
IBM Content Search Services 5.0, 5.1, or 5.2
IBM Legacy Content Search Engine If you are running IBM Legacy Content
Search Engine and you want your system to
retain the ability to do content-based searches
after the upgrade of the system is complete,
you cannot upgrade directly from version
4.5.1 to version 5.2.1 software. You must first
upgrade FileNet P8 to version 5.1 and
complete the migration from IBM Legacy
Content Search Engine to IBM Content
Search Services. You can then upgrade from
version 5.1 to 5.2.1.

Important: If the system you are upgrading is running WebSphere Application
Server version 6.1, you must do an upgrade with a migration. The new application
server instance must be deployed on at least version 7 of WebSphere Application
Server.
(For upgrades from versions 4.5.1, 5.0.0 and 5.1.0) Content Engine, Process Engine,
and the following associated components must be upgraded together:
v Application Engine and depending on which version of Application Engine you
are upgrading from, the upgrade could be only the installation of a fix pack.
v IBM FileNet Workplace XT
v IBM Content Search Services
v Rendition Engine
v IBM FileNet Content Federation Services
v Case Analyzer and IBM FileNet Process Simulator can be upgraded at the same
time if you need full access to all case and simulation data after the upgrade.
However, you could upgrade these components later, such as the following
weekend. All backlogged data will be processed after those upgrades are
complete. See the Case Analyzer and IBM FileNet Process Simulator
documentation for information on upgrading those components.
(For upgrades from versions 5.2.0) Content Platform Engine and the following
associated components must be upgraded together:
v Application Engine client files
v IBM FileNet Workplace XT client files
v IBM Content Navigator client files
v IBM Content Search Services
v Rendition Engine
v IBM FileNet Content Federation Services
v Case Analyzer and IBM FileNet Process Simulator can be upgraded at the same
time if you need full access to all case and simulation data after the upgrade.
However, you could upgrade these components later, such as the following
weekend. All backlogged data will be processed after those upgrades are
complete. See the Case Analyzer and IBM FileNet Process Simulator
documentation for information on upgrading those components.
See the FileNet P8 Fix Pack Compatibility Matrices for a list of product-component
versions from which you can start an upgrade. .
Upgrade on an existing server instance
You can complete an upgrade on an existing server instance.
Upgrade with migration to a new server instance on page 122
An upgrade can be accomplished while also migrating from one server instance
to another. The new server instance could be on new hardware, or could be on
existing hardware. Making such a change is often part of the motivation for
doing the upgrade and it is important to have a well-understood process.
Upgrade on an existing server instance

You can complete an upgrade on an existing server instance.
(For upgrades from 5.2.0) This upgrade scenario assumes you are upgrading
Content Platform Engine on the application server where it is currently deployed
and making configuration changes to that deployment.
Planning and preparing for FileNet P8 upgrade 121

(For upgrades from 4.5.1, 5.0.0, or 5.1.0) This upgrade scenario assumes you are
upgrading Content Engine on the application server where it is currently deployed
and making configuration changes to that deployment to include Process Engine
information.
| A server that was formerly a Process Engine server could also be used to install
| Content Platform Engine and Case Analyzer. This requires an installation of the
| same application server software that is installed on the other Content Platform
| Engine servers. Handle the configuration of this server like an upgrade with
| migration to a new server instance. Then add the new server as another node in
| the Content Platform Engine application server cluster.
Upgrade with migration to a new server instance

An upgrade can be accomplished while also migrating from one server instance to
another. The new server instance could be on new hardware, or could be on
existing hardware. Making such a change is often part of the motivation for doing
the upgrade and it is important to have a well-understood process.
Migration upgrade overview and roadmap
The goal of an upgrade that involves a migration to a new server instance is to
minimize the unavailability of the production system.
Migration upgrade overview and roadmap:
The goal of an upgrade that involves a migration to a new server instance is to

minimize the unavailability of the production system.
Upgrading large FileNet P8 systems involves significant work. The upgrade can be
particularly challenging if you are changing the underlying platform of major
system components, such as Content Platform Engine. Using this approach, you
might install and configure a new server instance, such as for the application
server or database server. The initial installation and configuration work can be
done without impacting the production system.
At a high level, complete the upgrade migration procedures by using the following
steps. Some steps are repeated for each major FileNet P8 component:
v Determine a time when you can run the upgrade, which must be done when
nobody is altering the production system data. The copy of the production data
(replica) must reflect the production system. Otherwise the upgrade is not on
current data.
| v Set up a second system that contains a copy of production data. With this
| approach, you can revert to the original system if you encounter problems
| during the upgrade. You can also do some of the initial installation and
| configuration without impact to the production system. This second system lets
| you move to different server instances, replacing or updating hardware for
| application servers or database servers. Try to reuse as many of the
| configuration settings as possible from the original system on the second system
| to reduce any configuration issues that might arise in the upgrade.
v On the second system, run all upgrade tasks that might alter data in a
production system.
v Typically, the file stores are also relocated to the new platform. If you do not
relocate your file stores, you must take extra steps to ensure that the file stores
can be accessed from the new system.
v Conduct various validation tests that use the production applications on the
upgraded replica system.

Migration roadmap
The migration roadmap lists the major steps that are required to upgrade
FileNet P8 onto a different set of servers. Use this roadmap as a template
for your own plan.
Table 24. Steps required to complete a migration upgrade.
Migration task. Where to go for instructions.
h Learn about upgrading FileNet P8. Upgrade planning considerations on page 124
h Create a replica of your FileNet P8 environment. This v Version 4.5.1: http://www.ibm.com/support/
scenario involves installing a new environment with the knowledgecenter/SSNW2F_4.5.1/welcome.html
same servers and same version of FileNet P8 as your
v Version 5.0.0: http://www.ibm.com/support/
production system.
v The GCD, object store, and Process Engine databases in com.ibm.p8toc.doc/ic-homepage.html
the replica must be backups of the databases that are
v Version 5.1.0: http://www.ibm.com/support/
used on the production system. If the database accounts
required by FileNet P8 are not included in the backup,
com.ibm.p8toc.doc/ic-homepage.html
create new instances of the accounts and use the same ID
and password as on your production system. v Version 5.2.0: http://www.ibm.com/support/
v The replica must use the same LDAP provider, LDAP
com.ibm.p8toc.doc/
configuration settings, and LDAP-based security accounts
filenetcontentmanager_5.2.0.htm
as the production system.
v The replica application server can start with a new
Configuration Manager profile or a copy of the
production Configuration Manager profile. The
installation instructions have sections for both these
possibilities.
v On the new Content Platform Engine computer, complete
the installation preparation tasks for the Application
Server administrator except for the tasks that are related
to Application Engine or Workplace XT, as these
components are not being upgraded now.
v As part of an upgrade or if you are moving Workplace
XT from 1.1.4 to 1.1.5, you might apply fix packs to
Application Engine or Workplace XT because the older
version is supported by older FileNet P8 releases.
v If you still have a copy of the installation and upgrade
worksheet for your production system, use it to help you
install the replica system. Do not use this older version of
the worksheet for upgrades.
h Download the 5.2.1 installation and upgrade worksheet. Using the installation and upgrade worksheet on
Run the customization macro and select Upgrade for the page 128
Procedure Type option. Use the customized worksheet to
enter values that are required for an upgrade.
h Prepare the replica for upgrade. Follow the steps in the Performing the required upgrade preparation
upgrade preparation instructions. tasks on page 130
Depending on your replica system, not all upgrade

preparation instructions apply to migration upgrades.
h Upgrade the replica. Follow the steps in the 5.2.1 upgrade
instructions. Upgrade instructions have separate sections for
whether you are working with a new configuration profile
in the replica or copied your former configuration profile
into the replica.
h When the replica system is tested and is ready for
production, disconnect the former system and make the
replica your new production system.

Tip: Because large-system upgrades involve interacting with many system
components, a common approach is to go through a test upgrade run first. In this
scenario, you complete the upgrade on a test system, and then discard the test
system after you verify the integrity of the upgrade. You preserve the original
production system in case the upgrade fails and to minimize outages to the
production system. Running a test upgrade first takes more time than doing the
upgrade immediately, but it can minimize risk. The test upgrade approach involves
extra steps to completely replicate the production data. Replication is needed to
simulate production activities by using a duplicated system.
You can practice the upgrade of your production environment by using either of
these two methods:
v Upgrade the lower environments first by running practice upgrades in the
following order:
Upgrade the development environment
Upgrade the various test environments
Upgrade the production environment
This method tests the process and validate that your applications are functioning
correctly at each environment level before you move production to the next
level.
v Practice the upgrade of the production environment by using the new
production environment.
Early in the project cycle, copy the existing production databases and file
storage areas into the new environment
Each time that you practice the upgrade, you apply only the updates that
were made to the data since the last practice run.
This method reduces the time that is needed to complete the final upgrade in
the required maintenance window. All of the required FileNet P8 and custom
application software is already installed in the new environment. You run only
incremental changes to the replicas of databases and file storage areas.
Upgrade planning considerations

Review all upgrade planning information related to requirements for upgrading an
FileNet P8 system and expansion products, as well as other vendor products
associated with the FileNet P8.
Upgrade system requirements for FileNet P8 on page 125
Before you upgrade FileNet P8, verify that all components are at the minimum
supported versions, including fix pack levels.
Upgrade system requirements for FileNet P8 expansion products on page 125
To upgrade the FileNet P8 Platform expansion products, in addition to the tasks
described in those products' own Installation and Upgrade Guides, you must
carry out certain tasks regarding Content Platform Engine.
Upgrading or migrating the underlying vendor software supported by Content
Platform Engine on page 126
To remain in a supported configuration, some upgrade scenarios might require
that you also upgrade or migrate the underlying vendor software, such as the
application server or database server software.
Planning Process Engine upgrades (versions 4.5.1, 5.0.0, 5.1.0) on page 126
Upgrades of versions 4.5.1, 5.0.0, and 5.1.0 require the use of a Process Engine
upgrade wizard.

Upgrade system requirements for FileNet P8
Before you upgrade FileNet P8, verify that all components are at the minimum
supported versions, including fix pack levels.
Apply the required minimum level FileNet P8 software updates for the release you
are currently running before you upgrade.
Applying a fix pack for one component might require fix packs for other
components. Prior to applying any fix pack, review the FileNet P8 Fix Pack
Compatibility Matrices to ensure compatibility between all installed components.
Upgrade system requirements for FileNet P8 expansion products

To upgrade the FileNet P8 Platform expansion products, in addition to the tasks
described in those products' own Installation and Upgrade Guides, you must carry
out certain tasks regarding Content Platform Engine.
FileNet P8 eForms
If FileNet P8 eForms is installed, undeploy it before upgrading Application
Engine. You can redeploy after the Application Engine upgrade is completed.
Content Federation Services
IBM FileNet Content Federation Services must be at the same version level as
IBM Enterprise Records
Depending upon which version of the records management product you are
using, there are tasks you must perform before you upgrade your Content
Platform Engine software. You must use different upgrade tools depending on
the version of records management software you are running.
FileNet P8 eForms:
If FileNet P8 eForms is installed, undeploy it before upgrading Application Engine.

You can redeploy after the Application Engine upgrade is completed.
For more information, see the appropriate topics for upgrading in the IBM FileNet
P8 eForms Installation and Upgrade Guide.
Content Federation Services:
IBM FileNet Content Federation Services must be at the same version level as
If IBM FileNet Content Federation Services is not at the same version level as
Content Platform Engine, shut it down and upgrade it to the same version level
after Content Engine has been upgraded.
For more information, see readme file that accompanied the latest IBM FileNet
Content Federation Services fix pack.
IBM Enterprise Records:
Depending upon which version of the records management product you are using,
there are tasks you must perform before you upgrade your Content Platform
Engine software. You must use different upgrade tools depending on the version of
records management software you are running.

For more information, see the appropriate topic for upgrading your object stores in
the IBM Enterprise Records Installation and Upgrade Guide.
Upgrading or migrating the underlying vendor software

supported by Content Platform Engine
To remain in a supported configuration, some upgrade scenarios might require that
you also upgrade or migrate the underlying vendor software, such as the
application server or database server software.
Upgrading the underlying vendor software
For specifics on how to upgrade the underlying vendor software, see the
appropriate vendor documentation. Complete these vendor software upgrades
before you begin the upgrade but as part of the entire upgrade process.
Migrating the underlying vendor software
As an alternative to upgrading the existing instances of the underlying software,

you can choose to use a migration process. Migration involves creating a new
instance of the underlying software and then moving data and configuration
settings. Some steps in the upgrade procedures show where you must complete
different actions when you use a new application server or database server
instance.
| Important: If the system you are upgrading is running WebSphere Application

| Server, you must upgrade WebSphere Application Server with a migration. The
| new application server instance must be deployed on a later version of WebSphere
| Application Server. For more information, see IBM FileNet P8 system requirements.
Any new databases into which you migrate data must be populated by using the
database vendors appropriate database tools, such as backup and restore tools or
export and import tools. Perform database migration tasks only after you shut
down existing Content Platform Engine software and back up the databases. These
shutdown and backup actions help to ensure that all data that was in production is
moved to the new upgraded system.
Planning Process Engine upgrades (versions 4.5.1, 5.0.0, 5.1.0)

Upgrades of versions 4.5.1, 5.0.0, and 5.1.0 require the use of a Process Engine
upgrade wizard.
Upgrading Process Engine 4.5.1, 5.0.0, or 5.1.0 requires the following steps, which
are explained in the upgrade instructions:
v Install the Content Platform Engine and IBM Case Foundation 5.2.1 software on
an existing Content Engine application server or on a new application server.
v Define data sources for any Process Engine database that is not already shared
with an object store.
v Deploy the combined Content Platform Engine on the application server.
v Run the pre-upgrade wizard to gather configuration information for Process
Engine. Upon completion of the wizard, the upgrade of the Process Engine
database and isolated regions starts.
After the upgrade, the Process Engine is no longer a separate component. There is
a single deployment of both the Process Engine and Content Engine components in
the new Content Platform Engine. Each existing Process Engine database becomes

a legacy workflow system in the Content Platform Engine. You administer legacy
workflow systems, as well as new workflow systems, with the Administration
Console for Content Platform Engine.
| To move a legacy workflow system to the 5.2 style collocation model, you use the
| Region Move tool that is provided under Tools in the installation package. For
| detailed information on how to run the Region Move tool, see
| http://www-01.ibm.com/support/docview.wss?uid=swg27036552.
There are no longer any dependencies on the IBM FileNet Image Services software
and no IBM FileNet Image Services software is installed. You can remove the older
versions of Process Engine and IBM FileNet Image Services after successfully
installing the Content Platform Engine software and upgrading the database.
The Database administrator and FileNet P8 administrator upgrade tasks provide

more details.
Definition of upgrade roles

Your organization may have different roles, and some of the responsibilities of
listed roles will vary from those assigned by default.
The tasks in this guide as well as the rows in the Installation and Upgrade
Worksheet are organized by administrative roles, listed below.
| Installation administrator
| v Runs the FileNet P8 component installers and upgrade programs.
| v Runs the FileNet Configuration Manager tool, followed by launching IBM
| Administration Console for Content Platform Engine.
| v Abbreviated as IA. Responsible for coordinating the information described in
| this worksheet. The information itself will require the input from the other roles.
| The role of IA is usually filled by a FileNet P8 Certified Professional (FCP).
Information technology administrator

v Responsible for the networking and operating systems settings required by the
FileNet P8 components.
v Responsible for performing certain security configurations.
v Abbreviated as ITA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of ITA in the Role column.
For tasks assigned to the ITA, see IT administrator upgrade tasks on page 131.
v Responsible for configuring the directory servers required by FileNet P8
components.
v Creates and maintains directory server user and group accounts.
v Abbreviated as SA. Responsible for providing the information in the rows in the
Installation and Upgrade Worksheet with a value of SA in the Role column.
For tasks assigned to the SA, see Security administrator upgrade tasks on page
141.

v Creates, configures, maintains database installations and databases or table
spaces.
v Responsible for creating database accounts needed by FileNet P8 Platform
components.
v Performs database backups.
v For purposes of this documentation, the database administrator is expected to
have responsibilities regarding the Java Database Connectivity (JDBC) data
sources.
v Abbreviated as DBA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of DBA in the Role column.
For tasks assigned to the DBA, see Database administrator upgrade tasks on
page 143.

v Responsible for providing the application servers required by FileNet P8
Platform components.
v Responsible for application server administrative accounts.
v Abbreviated as ASA. Responsible for providing the information in the rows in
the Installation and Upgrade Worksheet with a value of ASA in the Role column.
For tasks assigned to the ASA, see Application Server administrator upgrade
tasks on page 151.
v This role designation actually refers to the administrator or administrators who
perform regular maintenance of Content Platform Engine and any client
applications.
v The administrator who logs on to IBM Administration Console for Content
Platform Engine using the gcd_admin account or an object_store_admin account is
considered an FileNet P8 administrator.
v Abbreviated as P8A. Responsible for providing the information in the rows of
the Installation and Upgrade Worksheet with a value of P8A in the Role column.
For tasks assigned to the P8A, see FileNet P8 administrator upgrade tasks on
page 154.
Using the installation and upgrade worksheet

parameters.
Administrators who are preparing the environment for installation or upgrade of

FileNet P8 components must use the worksheet during their preparation tasks to
record the appropriate values and provide them to the Installation Administrator
who runs the installation or upgrade programs.
Some of the features of the Installation and Upgrade Worksheet are:

v Instructions: describes the worksheet and includes a button that runs the
Customize Worksheet macro.
v The two highlighted columns, Property or Parameter and ENTER YOUR
VALUE HERE, provide the simplest view of the requirement. The others add
identifying information and help you sort and filter the rows usefully.
v The Role column assigns each row to an administrator and uses the following
acronyms:
IA: Installation Administrator
ITA: Information Technology Administrator
ASA: Application Server Administrator
DBA: Database Administrator
SA: Security Administrator
P8A: FileNet P8 Administrator
v Property definitions are contained in the column titled Description.
v Some rows, though not all, contain a hyperlink in the IC help link column.
Click this hyperlink to run a query against the online documentation, which
opens with the Search Results pane showing the topics that contain the words in
the query phrase. Browse the search results until you have enough information
to be able to enter a value in the Worksheet row.
your environment.
Autofiltering and sorting the Worksheet on page 130
There are several ways to organize the Worksheet to make finding properties
and entering values easier.

your environment.
Important: For support of the full range of built-in filter and macro features, use
Microsoft Excel to view the Installation and Upgrade Worksheet file. You can use
other spreadsheet programs to view the file; however, filter and macro support can
vary. For example, in Calc from OpenOffice.Org, the column filters work as
expected, but the Customize Worksheet button does not.
To run the Customize Worksheet macro:

1. Open the Installation and Upgrade Worksheet (p8_worksheet.xls) and click the
Instructions worksheet (also called a tab).
2. Scroll down until you see the button representing the Customize Worksheet
macro. Click the button.
3. Select the components and options that describe the environment you are
preparing for FileNet P8.
v Installation or Upgrade
v FileNet P8 Components
v Application Server type
v Operating system
v Database type
v Directory Server type
v Number of object stores (adds new sets of rows for creating additional data
sources)
v Name of customized sheet
4. Click OK. The macro copies the rows that fulfill your selection criteria into a
new worksheet with the name you entered. Enter the values for your
environment into this new worksheet.
5. Click the name of the new worksheet at the bottom of the Excel window. Add
your preparation values into this new worksheet.
6. Notice that the new worksheet has buttons at the top titled Show Installer
View and Show Full View, depending on its state. The Show Installer View
displays only those columns that you need while running installation or
configuration programs.
Autofiltering and sorting the Worksheet

There are several ways to organize the Worksheet to make finding properties and
entering values easier.
AutoFiltering is a quick way to display only those rows that meet a certain
criterion.
To use AutoFilter:
1. Make sure AutoFiltering is enabled. (Select the entire row with the column
headers, then click Data > Filter > Autofilter.) AutoFilter arrows will appear to
the right of the column labels.
2. Click the AutoFilter arrow in the Installation or Configuration Program
column header and select the program you are interested in (for example, CPE
installer).
3. For a custom AutoFilter, click the AutoFilter arrow in any column header,
select Custom, and use the dialog box to define a filter that will show rows
that meet your criteria.
4. To turn off AutoFiltering in a column, click the column AutoFilter arrow and
select (All).
5. To reorder rows alphabetically, do a Sort:
a. Click anywhere in a column, for example, Column A Role.
The only possible values in the Role column are ASA, SA, DBA, ITA, and
P8A. Sorting on Role therefore groups the rows by this attribute, in
alphabetic order. Several other columns also have a limited number of
possible values which means they can be usefully sorted.
b. Click the Sort Ascending icon in the Excel toolbar, or use the Data > Sort
menu command. The rows sort on Role.
Sorting the Worksheet reassigns row numbers. If you refer to rows by
number, be aware that row numbers change if you change the sort order.
Performing the required upgrade preparation tasks

To efficiently carry out the required upgrade preparation tasks, assign a member of
your staff to carry out the tasks assigned to each role.
To prepare the FileNet P8 environment, complete the tasks assigned to each role.
Some tasks require input that results from other preparation tasks performed by
other administrator roles. For information about assigning and defining these roles,
see Definition of upgrade roles on page 127.
While performing the tasks, record the results in the Installation and Upgrade
Worksheet where indicated.

IT administrator upgrade tasks
environment for FileNet P8 upgrade.
Security administrator upgrade tasks on page 141
The Security administrator must prepare the security environment for FileNet
P8 upgrade, including planning the security environment, and creating
accounts.
Database administrator upgrade tasks on page 143
The Database administrator prepares the databases required for FileNet P8
upgrade.
Application Server administrator upgrade tasks on page 151
FileNet P8 upgrade.
FileNet P8 administrator upgrade tasks on page 154
The FileNet P8 administrator must carry out several tasks to prepare your
environment for your FileNet P8 upgrade.
IT administrator upgrade tasks

environment for FileNet P8 upgrade.
v Review all rows assigned to the IT Administrator for Upgrade in the
Installation and Upgrade Worksheet. Provide values for any rows appropriate to
your installation that you have not yet completed.
the shipping worksheet file (p8_worksheet.xls), perform the following actions to
quickly see only the properties assigned to a particular role:
ITA.
All.
v Configure the operating systems to prepare for component upgrade.
Creating operating system accounts for upgrades on page 132
Operating system accounts are required during the upgrade process.
Configuring AIX, HPUX, HPUXi, Linux, Linux on System z, and Solaris on
page 136
Prepare your AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris-based
server for FileNet P8.
Configuring Microsoft Windows on page 138
Verify that the following Windows server configuration changes have been
made in preparation for upgrading FileNet P8 software.
Configuring operating system elements on page 140
Configure the network to prepare for your FileNet P8 upgrade. You must
ensure proper network communications and access rights.
Using IBM Support data collection tools on page 140

Creating operating system accounts for upgrades
Operating system accounts are required during the upgrade process.

variable.
Creating the Content Platform Engine installer account
Creating the Process Engine upgrade account (upgrades from versions 4.5.1,
5.0.0, 5.1.0) on page 133
An operating system account you use to run the Process Engine upgrade
wizard.
Creating Configuration Manager user on page 134
Creating the Content Platform Engine application server installation account
on page 135
Create a new or designate an existing application server account to be used
while upgrading Content Platform Engine.
Creating the Content Platform Engine application server installation group on
page 135
Creating the Content Platform Engine installer account:
If you are upgrading on the same machine where Content Platform Engine (or
Content Engine) was previously installed, use the same installer account that you
originally used to install that software. The installation program requires this to
detect that it is an upgrade and to use the same installation path.
If you are upgrading on a new machine, where Content Platform Engine has never
been installed, create the cpe_install_user as explained here.
If your operating system is AIX, HPUX, HPUXi, Linux, Linux on System z, or

Solaris and you do not know the account that was used to install Content Platform
Engine (or Content Engine), skip this procedure and see the procedure Assigning
directory permissions to a new installer account on AIX, HPUX, HPUXi, Linux,
Linux on System z, or Solaris.
1. If installing Content Platform Engine on Windows, create the following
operating system account:
Content Platform Engine installer account (Windows)

Unique identifier
cpe_install_user
Description
Use Windows administrative tools to add cpe_install_user to the
Local Administrators group and to the
2. If installing Content Platform Engine on AIX, HPUX, Linux, Solaris, create the
following operating system account:
Content Platform Engine installer account (AIX, HPUX, HPUXi, Linux, Linux
on System z, or Solaris)
Unique identifier
cpe_install_user
Description
Use your administrative tools to grant cpe_install_user at least
the following permissions:
v Read, write, and execute permissions to the device or
location where:
Content Platform Engine is to be installed.
The application server instance/domain/profile has been
installed.
v Write permission to the directories where you create file
storage areas, index areas, and content caches.
v Write permission on the /tmp directory.
v Membership in the cpe_appserver_install_group.

To find this property, search the worksheet for instances of cpe_install_user.
Creating the Process Engine upgrade account (upgrades from versions 4.5.1, 5.0.0,
5.1.0):
An operating system account you use to run the Process Engine upgrade wizard.
Process Engine upgrade user account
Unique identifier
pe_upgrade_user
Description
v A directory server user account that has Full Control access
rights to the FileNet P8 domain, and has also been granted
rights through its membership in the
workflow_system_admin_group.
v Content Platform Engine permissions can be granted by a
gcd_admin who uses IBM Administration Console for Content

Platform Engine to add the pe_upgrade_user to the ACL of the
FileNet P8 domain and grant it Full Control.
v Use your directory server tools to add the pe_upgrade_user to
the workflow_system_admin_group. The
workflow_system_admin_group in the current release is the
same as the pe_admin_group that you created in the previous
release.
v Full Control access rights on the FileNet P8 domain.
v Membership in the workflow_system_admin_group.

To find this property, search the worksheet for instances of pe_upgrade_user.
Creating Configuration Manager user:
If you are upgrading on the same machine where Content Platform Engine (or
Content Engine) was previously installed, use the same Configuration Manager
user account that you originally used during installation. The program requires
this to detect that it is an upgrade and to use the same installation values.
If you are upgrading on a new machine, where Content Platform Engine (or
Content Engine) has never been installed, create config_mgr_user, as explained here.
Configuration Manager user
Unique identifier
config_mgr_user
Description
An operating system account you will use to run Configuration
Manager.
config_mgr_user must belong to the cpe_appserver_install_group.
(Windows only) Using Active Directory tools, add
config_mgr_user to either the Power Users group or the Local
Administrators group.
At several points in the installation process you will be
instructed to grant additional permissions to config_mgr_user,
including the following permissions:
v Execute permission to the Configuration Manager executable
file, configmgr.exe (Windows) or configmgr.sh (AIX, HPUX,
HPUXi, Linux, Linux for System z, Solaris).
v Read and write permission to the directory where
Configuration Manager will create the configuration XML
files. For example:
the directory you specify using the optional -path
parameter when you run Configuration Manager.
the default directory, ce_install_path/tools/configure/
profiles, if you do not specify a path parameter.

To find this property, search the worksheet for instances of config_mgr_user.
Creating the Content Platform Engine application server installation account:
Create a new or designate an existing application server account to be used while

upgrading Content Platform Engine.
Create this account if it does not already exist. The upgrade instructions tell you
when to use it. In earlier releases, this account was identified as
ce_appserver_install_user.
Content Platform Engine application server installation administrator
Unique identifier
cpe_appserver_install_user
Description
The cpe_appserver_install_user account is needed during the
installation process to perform the following tasks:
v Create and configure the application server for Content
Platform Engine.
v Start or stop the application server when needed.
v Modify the application server files or directories as needed
for deploying Content Platform Engine using the
Configuration Manager tool.
v Provide create, read and write permissions for directories on
devices or drives that are used for external Content Platform
Engine file storage.
cpe_appserver_install_user must belong to the
Use your local machine's administrative tools to grant
cpe_appserver_install_user at least the following permissions:
v For Windows, cpe_appserver_install_user must be a member of
the Local Administrators Group.
v For UNIX, cpe_appserver_install_user must have read, write,
and execute permissions to the Content Platform Engine
installation directory.

cpe_appserver_install_user.
Creating the Content Platform Engine application server installation group:

when to use it. In earlier releases, this account was identified as
ce_appserver_install_group.

Content Platform Engine application server installation group
Unique identifier
cpe_appserver_install_group
Description
An operating system group account. You will be instructed to
grant certain permissions to this group during Content Platform
Engine installation and configuration.
The user accounts in cpe_appserver_install_group will perform the
following tasks:
v Give operating system privileges to the directories used for
Content Platform Engine installation and for the application
server's instance/domain/profile.
v Configure and deploy the Content Platform Engine EAR files
which require access to the application server's
instance/domain/profile directories.
v Have permissions on devices/drives to read and write that
are designated for external Content Platform Engine file
storage.
Use your local machine's administrative tools to add the
following accounts to this group:
v cpe_appserver_install_user
v cpe_install_user
v config_mgr_user

Configuring AIX, HPUX, HPUXi, Linux, Linux on System z, and

Solaris
Prepare your AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris-based
server for FileNet P8.
Configuring AIX, HPUX, HPUXi, Linux, Linux on System z, and Solaris
FileNet P8 servers (all components) on page 137
To ensure hosts file contents, the /etc/hosts file must have the Internet
Protocol (IP) address of the servers to be used.
Configuring Content Platform Engine servers (AIX, HPUX, HPUXi, Linux,
Linux on System z, and Solaris) on page 137
The system checks for the default file-creation permissions for the user who
will upgrade Content Platform Engine.
Assigning directory permissions to a new installer account on AIX, HPUX,
HPUXi, Linux, Linux on System z, or Solaris on page 137
Upgrades of the Content Platform Engine (or Content Engine) software are
normally done by the same user who originally installed the software. If this is
account cannot be used for some reason, designate a new account and assign
certain directory permissions to it.

Configuring AIX, HPUX, HPUXi, Linux, Linux on System z, and Solaris FileNet
P8 servers (all components):
To ensure hosts file contents, the /etc/hosts file must have the Internet Protocol
(IP) address of the servers to be used.
1. Ensure hosts file contents. On each AIX, HPUX, HPUXi, Linux, Linux on
System z, or Solaris-based FileNet P8 server that does not use DNS (Domain
Name Service) or NIS (Network Information Service), the /etc/hosts file must
contain the name and IP address of all servers it will communicate with,
including the remote database server, if applicable.
2. Consult with the application server, database, and FileNet P8 administrators to
determine port requirements for all the servers in your environment. For
details, see Appendix B, FileNet P8 ports, on page 171.
Configuring Content Platform Engine servers (AIX, HPUX, HPUXi, Linux, Linux
on System z, and Solaris):
| The system checks for the default file-creation permissions for the user who will
| upgrade Content Platform Engine.
Content Platform Engine running on an AIX, HPUX, HPUXi, Linux, Linux on
System z, or Solaris-based application server
Use the umask utility program to set the default file-creation permissions
mask for the Java Virtual Machine (JVM) instance that hosts Content
Platform Engine so that the owner (the user running JVM) and the
members of the owners group have read/write/execute access
permissions, and all others have no access:
umask u=rwx,g=rwx,o=
This mask setting ensures that the access permissions on files and
directories created by Content Platform Engine are identical to those you
must specify when creating file storage areas on AIX, HPUX, HPUXi,
Linux, Linux on System z, or Solaris file servers.
Tip: This umask setting is required for the user (cpe_install_user) who runs
the Content Platform Engine installer program, but does not need to be in
the .profile file of the user.
Assigning directory permissions to a new installer account on AIX, HPUX,

HPUXi, Linux, Linux on System z, or Solaris:
Upgrades of the Content Platform Engine (or Content Engine) software are
normally done by the same user who originally installed the software. If this is
account cannot be used for some reason, designate a new account and assign
certain directory permissions to it.
If the old cpe_install_user account, the one you used to install Content Platform
Engine (or Content Engine) is not available, use the following procedure to assign
the necessary directory permissions to a new and different cpe_install_user user
account which you will use to upgrade Content Platform Engine:
1. Make sure you know the old cpe_install_user account. If you do not know, log
on to the application server as any user and run the ls -l command from a
shell prompt to determine the ownership of the Content Platform Engine (or
Content Engine) installation directory and the files it contains. The default
installation directory is one of the following locations:

v Default path on version 4.5: /opt/FileNet/ContentEngine
v Default path on version 5: /opt/IBM/FileNet/ContentEngine
Important: If the old cpe_install_user no longer exists, contact IBM Software

Support for assistance.
2. Designate an operating system account that will become the new
cpe_install_user.
3. Log on to the application server as the old cpe_install_user, navigate to the
ContentEngine directory, and recursively give ownership of this directory and
all its files and subdirectories to the new cpe_install_user account. For example,
if Content Platform Engine (or Content Engine) is installed at
/opt/FileNet/ContentEngine, run the following command to give ownership
to the new cpe_install_user:
chown -R cpe_install_user /opt/FileNet/ContentEngine
4. Log on to the application server as the appserver_admin user who initially
installed the application server and created the application server instance.
5. Navigate to the application server instance directory and give group rights to
the cpe_appserver_install_group (whose members are the cpe_install_user and
cpe_appserver_install_user). For example:
chgrp -R cpe_appserver_install_group /opt/IBM/Websphere/Appserver
/profiles/Appsvr01
6. Give cpe_appserver_install_group read/write permissions. For example:
chmod -R 775 /opt/IBM/Websphere/Appserver/profiles/Appsvr01
7. Log off the application server and log back on as the new cpe_install_user.
8. Grant read, write, and execute permissions on the Content Platform Engine
directories to the new cpe_install_user, as follows:
chmod -R +rwx /opt/FileNet/ContentEngine
9. Copy the Install Shield directory from the $HOME directory of the old
cpe_install_user to the $HOME of the new cpe_install_user, and grant read, write,
and execute permissions to the new cpe_install_user.
10. Record the value of the new cpe_install_user in your customized

Installation and Upgrade Worksheet. To find this property, search the
worksheet for instances of cpe_install_user.
Configuring Microsoft Windows

Verify that the following Windows server configuration changes have been made
in preparation for upgrading FileNet P8 software.
Configuring Windows for FileNet P8 servers on page 139
Make sure your Windows servers comply with the requirements for the
upgraded version of FileNet P8.
Configuring Windows for .NET and COM compatibility clients on page 139
Configuring Windows for Active Directory on page 139
If you are using Windows Active Directory for your directory service, set the
primary DNS.
Adding inbound rules to Windows 2008 and 2012 firewalls on page 139
Configure inbound rules in the Windows firewall to allow the following ports
access.

Configuring Windows for FileNet P8 servers:
Make sure your Windows servers comply with the requirements for the upgraded
version of FileNet P8.
v See the IBM FileNet P8 system requirements for details on required Windows
Service Packs and patches.
v Consult with the application server, database, and FileNet P8 administrators to
determine port requirements for all the servers in your installation environment.
For details, see Appendix B, FileNet P8 ports, on page 171.
Configuring Windows for .NET and COM compatibility clients:
To configure Windows for .NET and COM compatibility clients:

1. If you have client programs that use Windows Communication Foundation
(WCF) to access Content Platform Engine, ensure that .NET 3.x is installed.
WCF is embedded with .NET 3.x or later. Applications which were developed
to use the Content Engine .Net API from release 5.0 or later can operate with
either WSE or WCF, automatically adapting to whichever is installed (which
may be both). However, unlike WSE, WCF requires an SSL secured network
connection to the Content Platform Engine.
2. Backward compatibility is provided for client programs that use Web Services
Enhancements (WSE) to access Content Platform Engine. These clients require
the installation of .NET 2.x and WSE 3.0. Applications which were developed to
use the Content Engine .Net API for release 4.5.1 or earlier require that WSE be
installed.
Configuring Windows for Active Directory:
If you are using Windows Active Directory for your directory service, set the
primary DNS.
If Windows Active Directory is your directory service, set the primary DNS server
IP address on your Content Platform Engine application server to the IP address of
the machine where DNS is installed.
Adding inbound rules to Windows 2008 and 2012 firewalls:
Configure inbound rules in the Windows firewall to allow the following ports
access.
Port Protocol Used for

32771 TCP RMI
32775 TCP The primary IBM System Dashboard for
Enterprise Content Management listener port.
Internal port number HTTP In a cluster configuration, set the internal port
number to a nonzero value in Administration
Console for Content Platform Engine. Use that
port number here to open it in the Windows
firewall.

Configuring operating system elements
Configure the network to prepare for your FileNet P8 upgrade. You must ensure
proper network communications and access rights.
Configuring network communications
Ensure that your TCP/IP settings are configured so that your servers and
clients can communicate with one another.
Synchronizing machine clocks
FileNet P8 processes require that you synchronize the clocks on all of the
machines that are running FileNet P8 servers and FileNet P8 clients.
Configuring network communications:
Ensure that your TCP/IP settings are configured so that your servers and clients
can communicate with one another.
Complete the following prerequisite tasks in any order:

v Ensure TCP/IP settings. Verify the TCP/IP settings on the UNIX and Windows
servers and IBM Administration Console for Content Platform Engine clients
that are configured for FileNet P8 enable the servers and clients to communicate
with one another.
v Ensure NetBIOS over TCP/IP is enabled on Windows.
v Ensure availability of required port numbers. Several port numbers are required
by the various FileNet P8 components. Appendix B, FileNet P8 ports, on page
171
Synchronizing machine clocks:
FileNet P8 processes require that you synchronize the clocks on all of the machines
that are running FileNet P8 servers and FileNet P8 clients.
1. Make sure that the machine clocks on all FileNet P8 servers, including Content
Platform Engine, Application Engine, as well as all database servers and those
of FileNet P8 client applications including Workplace XT, Rendition Engine,
IBM Case Manager, and so on, are synchronized. Errors that might arise if they
are not synchronized include those of authentication, cooperative locking,
communication between servers, and others.
| 2. You can run a clock synchronization utility to synchronize all of the clocks on
| your Java virtual machines with a reliable time source. If the clocks get out of
| sync by 60 seconds or more, you can configure a scheduler in the clock
| synchronization utility to periodically synchronize the time of the clocks.
Using IBM Support data collection tools

IBM Support data collection tools automate the gathering and sending of
appropriate diagnostic data to IBM Support for investigation and resolution of
installation, upgrade, or runtime problems in IBM FileNet P8 products. Typically
you would run an IBM Support data collection tool after installing or upgrading
the product, or when the IBM FileNet P8 system is in production.
To use an IBM Support data collection tool, your IBM FileNet P8 product must be
supported by the tool and must have Internet access to the IBM Support back-end
servers where the collected data is analyzed. If your product does not meet these

requirements, IBM Support can assist you in determining the most effective
manual method to collect and deliver the diagnostic data for analysis.
Two IBM Support Assistant data collection tools are available, at the IBM Support
Assistant Data Collectors website:
v IBM Support Assistant Data Collector is a web-based tool that can be used at
any time; there is nothing to install.
v IBM Support Assistant Lite Data Collector must be installed on the servers
where you installed or upgraded your IBM FileNet P8 products before it can be
used. By installing the tool before your IBM FileNet P8 system goes into
production, you avoid the possibility of not being able to install it after a
runtime problem occurs.
To determine which IBM Support data collection tool supports your IBM FileNet
P8 product:
1. Browse to the IBM Support Assistant Data Collectors website.
2. Find an IBM Support data collection tool that supports your product:
v To determine whether IBM Support Assistant Data Collector supports your
product, complete the following substeps:
Collectors home page, and then click Launch.
b. Expand the I need to collect data for drop-down list. If your product is
listed, then you can use IBM Support Assistant Data Collector.
v To determine whether IBM Support Assistant Lite Data Collector supports
your product, complete the following substeps:
Collectors home page.
b. Choose Enterprise Content Management in the Select a brand to begin
the download process drop-down list.
c. Expand the Select a product to access the download page drop-down
list. If your product is listed, then you can use IBM Support Assistant Lite
Data Collector.
3. Follow the instructions on the web page for the tool that supports your product
to use the tool directly or to install it, as needed.
Security administrator upgrade tasks

The Security administrator must prepare the security environment for FileNet P8
upgrade, including planning the security environment, and creating accounts.
v Review all rows assigned to the Security Administrator (SA) for upgrades in the
Installation and Upgrade Worksheet. Provide values for any rows appropriate to
your installation that you have not yet completed.
SA.
All.

Security upgrade planning considerations
Review the security requirements for systems being upgraded.
Creating Content Platform Engine directory server accounts for upgrades
Create new or designate existing directory server installation accounts for
Security upgrade planning considerations

Review the security requirements for systems being upgraded.
v It is a best practice not to change realms (your authenticated users and groups),
during an upgrade.
v If the new Content Platform Engine version does not support the directory
server (LDAP) version you are already using, migrate the LDAP directory before
upgrading.
v Contact your IBM FileNet representative if you intend to change directory
servers.
Creating Content Platform Engine directory server accounts for

upgrades
Create new or designate existing directory server installation accounts for Content
Platform Engine.

variable.
Creating the application server administrative console user (WebSphere
Application Server)
An LDAP account to which you have granted the WebSphere Application
Server administrative role.
Creating the application server administrative console user (WebSphere

Application Server):
An LDAP account to which you have granted the WebSphere Application Server
administrative role.
when to use it.
1. Create the following directory service account:
WebSphere administrative console user
Unique identifier
appserver_console_user
Description
The appserver_console_user account is an LDAP account to which

you have granted the WebSphere Application Server
administrative role so that it can log in to the WebSphere
administrative console.
v If your WebSphere repository type is Stand-alone LDAP
registry, when you run the Configuration Manager Configure
LDAP task, enter the credentials of a valid LDAP user
account to be the appserver_console_user for the entry labeled
Administrative console user name. Configuration Manager
grants this account WebSphere administrative console
administrative rights. Alternatively, you can enter an LDAP
account that you have already configured as a console
administrator.
v If your WebSphere Application Server LDAP repository type
is Federated repositories, you can use the same user account
defined as your appserver_admin. However, if you specify a
user for the Administrative console user name that is
different from appserver_admin, it must be unique across all
federated realms including the WebSphere Application Server
local file-based repository.

appserver_console_user.
Database administrator upgrade tasks

The Database administrator prepares the databases required for FileNet P8
upgrade.
v Review all rows assigned to the Database Server Administrator in the
Installation and Upgrade Worksheet. While you complete the following
preparation tasks, provide values for the rows that are appropriate to your
installation.
DBA.
All.
v Upgrade your database to a version that is supported by FileNet P8 prior to
upgrading the FileNet P8 software. See FileNet P8 Hardware and Software
Requirements for version information.
Database administrator planning
To prepare for an upgrade, review database requirements and complete other
planning tasks.
Planning the IBM Content Search Services upgrade on page 151
Empty the IBM Content Search Services index request table before you upgrade
Database administrator planning

To prepare for an upgrade, review database requirements and complete other
planning tasks.

You must upgrade to the appropriate database versions and patches before you
upgrade FileNet P8 components. For minimum database software version and fix
pack requirements, see IBM FileNet P8 system requirements.
Rather than upgrading your existing database, it is a best practice to create a new
database instance on a version of the database that is supported by the new
FileNet P8 components. Import data for, or restore backups of, your existing
Content Platform Engine (or your Content Engine and Process Engine) data into
the new database. Then retarget your JDBC Content Engine data sources to the
new database. This approach allows you to leave the existing production system in
place while you do the prerequisite steps for the new database.
FileNet P8 systems with IBM Case Manager (for upgrades from

versions 5.0.0, or 5.1.0)
Before upgrading FileNet P8 to version 5.2.1, Process Engine isolated regions that
are used in an IBM Case Manager configuration must be located in the
corresponding Content Engine object store database or table space.
For version 5.0 and 5.1 FileNet P8 systems, new installations configured with IBM
Case Manager were required to have common Oracle or DB2 for Linux, UNIX and
Windows table spaces for the Process Engine isolated region and Content Engine
object store. For Microsoft SQL Server, new installations configured with IBM Case
Manager were required to have a common database for the Content Engine object
store and the Process Engine isolated region. For systems that were upgraded to
version 5.0 or 5.1, where IBM Case Manager was then added, there was no
requirement for Process Engine and Content Engine databases to be common.
Important: For version 5.0 or 5.1 systems not in compliance with the common
database or table space requirement, you must move any Process Engine isolated
regions into the appropriate Content Engine object stores before you upgrade. A
tool has been provided on the Content Platform Engine installation media for that
purpose. See the techdoc documenting the tool for moving isolated regions.
Process Engine (for upgrades from versions 5.0.0, or 5.1.0)
Starting with the 5.2 version of FileNet P8, the Content Engine and Process Engine
are deployed together as a single application server instance. In addition, the
database is handled as a single entity. New workflow systems and isolated regions
are created in object stores, and all database connections require data sources.
Existing Process Engine systems become legacy workflow systems and the
databases are separate from any new workflow systems.
As a part of the upgrade you will create data sources for any existing Process
Engine databases. If you are upgrading from version 5.0 of Process Engine and had
multiple virtual servers, each virtual server had a unique database and each of
those databases will require a data source and those data sources will also be
targeted to the new database. Upgrade the Content Engine, Process Engine, and
Case Analyzer software and complete all upgrade procedures before you allow
users to access information in the new database.
To upgrade the Process Engine database, identify the existing database user name
and password. In versions of Process Engine older than 5.0, the default was the
f_sw user. Record this database user name and password in the Installation and
Upgrade Worksheet as the pe_db_user and password.

Planning for DB2 for Linux, UNIX and Windows database upgrades
Review upgrade requirements for DB2 for Linux, UNIX and Windows
databases.
Planning for DB2 for z/OS database upgrades on page 147
Review upgrade requirements for DB2 for z/OS databases.
Planning for Oracle database upgrades on page 147
Review upgrade requirements for Oracle databases.
Planning for SQL Server database upgrades on page 148
Review upgrade requirements for Microsoft SQL Server databases.
Planning for DB2 for Linux, UNIX and Windows database upgrades:
Review upgrade requirements for DB2 for Linux, UNIX and Windows databases.
For minimum version and fix pack requirements, see IBM FileNet P8 system
requirements.
In some cases, it is possible to exceed the maximum rowsize of 32 KB for the

Content Platform Engine database during the upgrade. See the technote Adding
properties to a class with the IBM FileNet Content Engine on DB2 receives error stating
that the length exceeds the capacity of the database (Technote 21384306) for information
about diagnosing and resolving the problem for a Content Engine database. Use
the diagnosis steps from the technote before you upgrade to determine how close
the database is to exceeding the row size, and the resolution steps to reduce the
amount of row size space being used before you upgrade.
Databases that are used for Content Platform Engine must be configured with a
minimum of 32 KB page sizes and a UTF-8 code page. Versions of Process Engine
before version 5.0 supported smaller page sizes. Older versions of Process Engine
also supported additional code pages. Use the procedures in the techdoc How to
determine if your Process Engine DB2 database has the correct tablespace pagesize and/or
code page for upgrading to Process Engine 5.0 (Techdoc 7020392) to determine whether
page size or code page changes are required before you upgrade to version 5.2.1.
To install DB2 for Linux, UNIX and Windows and create DB2 instances:
1. Set or verify the following instance and database settings. Settings and values
vary depending on database versions.
DB2 for Linux, UNIX and Windows versions 9.7, 9.8, 10.1:
2. Connect to your object store databases by entering the following command:
db2 connect to db_name user user_name using password
where
v db_name is the name of your object store database
v user_name is the user ID used to access the object store database
v password is the password for the user ID used to to access the object store
database
Issue the following command:

db2 update db cfg using cur_commit ON
3. After making these changes, stop and restart the database using db2stop and
db2start.
DB2 for Linux, UNIX and Windows 10.5 (or later) supports an extended row size
by default. This means that you can create properties without exceeding the record
length limit for the page size, because column allocation sizes are no longer
counted against the limit during column creation. If an updated or inserted value
causes the sum of the bytes across all columns to exceed the physical record length
limit of the page size, DB2 for Linux, UNIX and Windows stores a descriptor (24
bytes) in the column. The descriptor points to an off-row location. For databases
that you upgraded to DB2 for Linux, UNIX and Windows 10.5 (or later) from a
release prior to DB2 for Linux, UNIX and Windows 10.5, issue this command to
enable extended row size support:
UPDATE DATABASE CONFIGURATION FOR dbName USING EXTENDED_ROW_SZ ENABLE
When you add a new property to a class, Content Platform Engine determines
whether extended row size is enabled for the DB2 for Linux, UNIX and Windows
10.5 (or later) database. Making this determination requires having the SELECT
privilege (granted by default) on a view:
SELECT ON SYSIBMADM.DBCFG
If extended row size is enabled for a DB2 for Linux, UNIX and Windows database,
even if table overflow is enabled on an object store, Content Platform Engine does
not overflow tables when you add a property to a class. That is, all columns are
added to the original table.
If extended row size is not enabled for a DB2 for Linux, UNIX and Windows
database, or if you revoked the view permission, rows are limited to 32 KB (at
column allocation time), and Content Platform Engine overflows tables if overflow
is enabled on an object store.
If your system has existing overflow tables and you upgraded to DB2 for Linux,
UNIX and Windows 10.5 (or later), and you enabled extended-row-size support,
DB2 for Linux, UNIX and Windows adds new columns to the original table, not
the overflow table. Content Platform Engine associates new properties with the
overflow table only if it determines that a property can reuse an existing column
that is no longer used.
Planning for Process Engine DB2 for Linux, UNIX and Windows database
upgrades (upgrades from versions 4.5.1, 5.0.0, 5.1.0)
For versions 4.5.1, 5.0.0, and 5.1.0, there are some additional requirements for
upgrading Process Engine.
Planning for Process Engine DB2 for Linux, UNIX and Windows database upgrades
(upgrades from versions 4.5.1, 5.0.0, 5.1.0):
For versions 4.5.1, 5.0.0, and 5.1.0, there are some additional requirements for
upgrading Process Engine.
The following requirements are in addition to those discussed in Database

administrator planning.
The recommended upgrade scenario is to make a test copy of the Process Engine
database. Ensure the copy of the database is at least DB2 Version 9.7 for Linux,

UNIX and Windows with 32K page sizes configured. Complete the upgrade on
that copy. Doing the upgrade with a database copy will also let you determine
how long the upgrades will take.
Changes to string fields
Process Engine string fields are modified for all Process Engine user tables by
increasing the length by an expansion factor. This expansion value is to allow for
the additional space requirements for character-based string fields. String fields are
modified by increasing the length by the defined factor.
Record the value to indicate your choice to expand string fields by a size
factor in your customized Installation and Upgrade Worksheet. Set the value
between three and six. To find this property, filter on peupgrade and search the
worksheet for instances of the Database Column Size Factor parameter.
| DB2 additional database changes
| After the upgrade, use the pedbconvert tool to make the following changes:
| v Enable date fields exceeding the 2038 date.
| v Support of character strings:
| Enable support for GB18030 characters. GB18030 character support also
| requires DB2 Version 9.7 for Linux, UNIX and Windows or higher.
| Enable properly truncated strings with multi-byte characters, where a partial
| character is not left at the end of a string.
| Number of bytes (expansion factor) for character sets no longer required.
| Provide better performance when using indexes that have one or more string
| keys.
| Use of the pedbconvert tool is recommended for workflow systems that support
| multi-byte characters in an international global environment. Customers who do
| not have multi-byte systems should also run the pedbconvert tool, but it can be
| run after the upgrade. See techdoc 7036559 for information. The technote is
| applicable to all upgrades from 4.5.1 and also to 5.0 systems that have upgraded
| previously from earlier releases but have not run the 5.0 advanced upgrade tool,
| techdoc 7019393.
Planning for DB2 for z/OS database upgrades:
Review upgrade requirements for DB2 for z/OS databases.
requirements. No additional actions are required to prepare the DB2 for z/OS
database for a FileNet P8 upgrade.
For information on support for DB2 for z/OS in earlier releases of FileNet P8, see
the techdoc DB2 for zOS is supported with Content Manager 5.2.0 starting in 5.2.0 FP2
(Techdoc 7038918).
Planning for Oracle database upgrades:
Review upgrade requirements for Oracle databases.

Update to the appropriate database versions and patches before you upgrade
FileNet P8 components. For minimum patch requirements, see IBM FileNet P8
system requirements.
Content Platform Engine databases must be configured with AL32UTF8 character

sets. It is not required to set the national character set
(NLS_NCHAR_CHARACTERSET) to a specific value; you can take the default. If
you change the character set for an existing database, the workflow system or
legacy workflow system locale must not change when the database character set is
converted to AL32UTF8.
Any Oracle database users must have the following permission for the upgrade:
SELECT on USER_INDEXES
Planning for Content Platform Engine (or Content Engine) Oracle database
upgrades
If you have set the oracle.jdbc.V8Compatible flag to true for your Content
Platform Engine (or Content Engine) database, as documented in the Enabling
Oracle Data Index Use in the FileNet Content Engine technical notice (see
http://www.ibm.com/support/docview.wss?uid=swg21397282), you need to set
the flag to false. The flag is not supported in Oracle 11g and is not needed in
version 5.2.1 Content Platform Engine databases.
For object stores upgraded from version 4.5.1, as part of the auto-upgrade of
Oracle-based Content Engine data, table columns defined by the DATE property
are automatically converted to the TIMESTAMP property, even if there is an index
on the DATE property. However, auto-upgrade will not be able to perform this
conversion on function-based indexes, such as the descending (DESC) keyword,
that involve the DATE property. Because it is not feasible to resolve this conversion
failure within the auto-upgrade framework, plan to manually convert DATE
columns with function-based indexes to TIMESTAMP columns by dropping these
indexes, altering the property and recreating the index. Upgrade procedures direct
you to complete this procedure after the auto-upgrade finishes.
Planning for Process Engine Oracle database upgrades
The following database changes are automatically made for system and user data
during the database upgrade:
v Process Engine date and time fields are changed from 32-bit to 64-bit to enable
date fields exceeding the 2038 date.
v Process Engine string fields are converted from byte-based to character-based
strings.
Planning for SQL Server database upgrades:
Review upgrade requirements for Microsoft SQL Server databases.
requirements.
Planning for Process Engine SQL Server database upgrades (upgrades from
version 5.0.0) on page 149
For version 5.0.0, plan the Process Engine SQL Server database upgrade. Plan
carefully to determine whether there are prerequisites for doing the Process
Engine upgrade.

Enabling XA transactions on page 150
Reducing deadlock errors in Microsoft SQL Server on page 151
High Microsoft SQL Server concurrency causes transaction deadlock errors
because writers block access, by readers, to database resources. You can reduce
the likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option
for your database.
Planning for Process Engine SQL Server database upgrades (upgrades from version
5.0.0):
For version 5.0.0, plan the Process Engine SQL Server database upgrade. Plan
carefully to determine whether there are prerequisites for doing the Process Engine
upgrade.
The following requirements are in addition to the requirements discussed in

Database administrator planning .
The recommended upgrade scenario is to make a test copy of the Process Engine
database. Complete the upgrade on that copy. Doing the upgrade with a database
copy also lets you to determine how long the upgrades take.
| READ_COMMITTED_SNAPSHOT must be enabled for the SQL Server database

| where the Process Engine schema is installed. You can enable
| READ_COMMITTED_SNAPSHOT before or after you upgrade the database. To
| enable READ_COMMITTED_SNAPSHOT for the object store, see the instructions
| in Creating a Microsoft SQL Server database for an object store.
Changes to string fields
Process Engine string fields are modified for all Process Engine user tables by
increasing the length by an expansion factor. This expansion value is to allow for
the additional space requirements for character-based string fields. String fields are
modified by increasing the length by the defined factor.
Record the value to indicate your choice to expand string fields by a size
factor in your customized Installation and Upgrade Worksheet. Set the value
between three and six. To find this property, filter on peupgrade and search the
worksheet for instances of the Database Column Size Factor parameter.
| SQL Server additional database changes
| After the upgrade, use the pedconvert tool to make the following changes:
| v Enable date fields that exceed the 2038 date.
| v Support of character strings:
| Enable support for GB18030 characters by using nvarchar instead of varchar
| in the Process Engine database schema.
| Enable properly truncated strings with multi-byte characters, where a partial
| character is not left at the end of a string.
| Provides better performance when it uses indexes that have one or more
| string keys.
| Number of bytes (expansion factor) for character sets no longer required.

| Use of the pedconvert tool is recommended for workflow systems that support
| multi-byte characters in an international global environment. Customers who do
| not have multi-byte systems also run the pedconvert tool, but it can be run after the
| upgrade. See techdoc 7036559 for information. The technote is applicable to all
| upgrades from 4.5.1 and also to 5.0 systems that previously upgraded from earlier
| releases but have not run the 5.0 advanced upgrade tool, techdoc 7019393.
Enabling XA transactions:
Perform these steps on every Microsoft SQL Server that will contain a Content
Platform Engine database.
1. Download the Microsoft SQL Server JDBC Driver that is referenced in the IBM
FileNet P8 system requirements document for Content Platform Engine SQL
Server databases.
Tip: Installation procedures for JDBC settings can vary by release. See the
Microsoft website for full details.
2. Copy the sqljdbc_xa.dll from the JDBC installation directory to the binn
folder of the instance, although a pre-2.0 version of the driver also functions
correctly from the tools\binn folder. For the 32-bit version of Microsoft SQL
Server , use the sqljdbc_xa.dll file in the x86 folder. For the 64-bit version of
Microsoft SQL Server, use the sqljdbc_xa.dll file in the x64 folder.
3. Log on as the sa administrator or as a user with equivalent permissions and
execute the database script xa_install.sql on the master database on every SQL
Server instance that will participate in distributed transactions.
Important: Use SQL Server database credentials, not Windows credentials, to

log on. Windows Integrated Logon to SQL Server is not supported with IBM
FileNet P8.
This script installs sqljdbc_xa.dll as an extended stored procedure and creates
the SqlJDBCXAUser role in the Master database.
4. Add each database account (cpe_db_user) that Content Platform Engine uses to
access SQL Server to the SqlJDBCXAUser role. This action grants permissions
to those accounts to participate in distributed transactions with the JDBC
driver.
5. From Control Panel, open Administrative Tools, and then open Component
Services.
6. Expand Component Services, right-click My Computer, and then select
Properties.
7. Expand Distributed Transaction Coordinator and right-click Local DTC.
8. Click the MSDTC tab, and then click Security Configuration.
9. Select the Enable XA Transactions check box, and then click OK to restart the
Microsoft DTC service.
10. Click OK again to close the Properties dialog box, and then close Component
Services.
11. Stop and then restart the Microsoft SQL Server.

Reducing deadlock errors in Microsoft SQL Server:
High Microsoft SQL Server concurrency causes transaction deadlock errors because
writers block access, by readers, to database resources. You can reduce the
likelihood of deadlock by setting the READ_COMMITTED_SNAPSHOT ON option for your
database.
To reduce deadlock errors in a Microsoft SQL Server database:

1. Shut down all the servers and clients that can connect to your database
(dbName), and make sure that there are no other connections to Microsoft SQL
Server.
2. Connect to Microsoft SQL Server and issue the following SQL command to
determine whether snapshot isolation is enabled for dbName:
where name=dbName
If snapshot isolation is enabled for dbName, skip the remainder of this

procedure.
3. Issue the following command to enable snapshot isolation for dbName:
ALTER DATABASE dbName SET READ_COMMITTED_SNAPSHOT ON
4. Restart Microsoft SQL Server and issue the following SQL command to confirm
that the Snapshot Isolation setting is in effect for dbName:
where name=dbName
Planning the IBM Content Search Services upgrade

Empty the IBM Content Search Services index request table before you upgrade
For systems configured with IBM Content Search Services, plan to flush as many
index requests as possible before starting the upgrade. Part of the automatic
upgrade of the Content Platform Engine (or Content Engine) database includes a
change to the index request table. If there are more than 500,000 records in that
table when the automatic upgrade runs, a new required index will not be created.
A message will be logged and the database administrator must manually build the
new index before upgrading the IBM Content Search Services software. This index
must exist before the Content Platform Engine and IBM Content Search Services
software is used for production.
To determine the size of the index request table:

1. Run the following SQL query on the database table associated with the index
requests using your native database tools:
SELECT COUNT (*) FROM IndexRequests
2. If the SQL query result shows one or more entries, let IBM Content Search
Services process the entries before you initiate the upgrade.
Application Server administrator upgrade tasks

FileNet P8 upgrade.
v Review all rows assigned to the Application Server Administrator (ASA) in the
Installation and Upgrade Worksheet. While you complete the preparation tasks,
provide values for the rows that are appropriate to your installation.

ASA.
All.
Engine.
Starting or stopping an application server instance on page 153
You need to be able to start or stop an application server instance when
working with Content Platform Engine.
Configuring the application server for Content Platform Engine on page 154
You can deploy Content Platform Engine only on certain versions of application
servers. Therefore, you must determine if and when to upgrade the application
server where the current version of Content Platform Engine (or Content
Engine) is deployed before upgrading to a new version.

Engine.
when to use it.
1. Create the following application server account:
Unique identifier
appserver_admin
Description
Properties for WebSphere Application Server task, enter
the credentials of the appserver_admin account in the
field labeled Application server administrator user
name. Configuration Manager uses the appserver_admin
WebSphere administrative security is enabled
You have two options for creating the
appserver_admin user account. You can use the
local file-based account usually defined while
creating the WebSphere profile. Or, you can use
WebSphere tools to grant administrative rights
to an LDAP account and optionally remove the
file-based account created earlier.
The appserver_admin user account must have
WebSphere administrator permissions
throughout the Content Platform Engine

installation process. Afterwards, you can reduce
the account to a lesser role, such as
Configurator.
WebSphere administrative security is not enabled
If you decide not to enable WebSphere
administrative security during profile creation,
then no special credentials are required to log
in to the WebSphere administrative console.
You can enter any string into the Configuration
Manager field labeled Application server
administrator user name. However, remember
that to run Content Platform Engine,
WebSphere administrative security must be
enabled. When you do enable it and the
WebSphere administrative console requests an
account to use as the administrative user, enter
the appserver_admin.
Oracle WebLogic Server
Properties for Oracle WebLogic Server task, enter the
credentials of the appserver_admin account in the field
labeled Application server administrator user name.
Configuration Manager uses the appserver_admin
This user is defined when you create a new WebLogic
domain. The WebLogic Configuration wizard requires
you to enter the Administrator user name and
password. This user is created as an internal WebLogic
application, file-based account. (It is not an LDAP or
operating system account.) Use the appserver_admin
account to log in to the Oracle WebLogic Server
administration console.
JBoss Content Platform Engine does not require a JBoss
administrative account.

To find this property, search the worksheet for instances of appserver_admin.
Starting or stopping an application server instance

You need to be able to start or stop an application server instance when working
with Content Platform Engine.
To start or stop an application server instance:
Depending on your application server type, run one of the following commands to
start or stop an application server instance:
Table 25. How to start or stop an application server instance
WebSphere Application startServer stopServer
Server
JBoss Application Server run stop

Table 25. How to start or stop an application server instance (continued)
Oracle WebLogic Server startWebLogic stopWebLogic
In a high availability environment, when instructed to start or stop an application

server instance, start or stop the nodes unless otherwise specified.
Configuring the application server for Content Platform Engine

You can deploy Content Platform Engine only on certain versions of application
servers. Therefore, you must determine if and when to upgrade the application
server where the current version of Content Platform Engine (or Content Engine) is
deployed before upgrading to a new version.
To determine the order of upgrading Content Platform Engine and the application
server on which it is deployed:
1. Consult the IBM FileNet P8 system requirements documentation for both the
existing version of software and the new version. Determine if a version of
your application server is supported by both your existing version of Content
Platform Engine (or Content Engine) and the new version of Content Platform
Engine.
2. Upgrade your application server and Content Platform Engine (or Content
Engine) according to the criteria in the following table:
Option Description
If you deployed your current version of 1. Upgrade the Content Platform Engine
Content Platform Engine (or Content software. It is not necessary to upgrade
Engine) on an application server version your application server.
that is supported by the new version of
2. (optional) Upgrade the application server
to a newer version that is supported by
the new version of Content Platform
Engine
If you deployed your current version of 1. Upgrade to an application server version
Content Platform Engine (or Content that both the current version of Content
Engine) on an application server version Platform Engine (or Content Engine) and
that is not supported by the new version of the new version of Content Platform
Content Platform Engine Engine support.
2. Upgrade Content Platform Engine to the
new version.
If you deployed your current version of 1. Perform a migration upgrade by creating
Content Platform Engine (or Content a new instance of the application server
Engine) on an application server version using a version that is supported by the
that is not supported by the new Content new Content Platform Engine.
Platform Engine and an application server
2. Upgrade Content Platform Engine
version that is supported by both your
working through the topics on
existing Content Platform Engine (or
configuring Content Platform Engine into
Content Engine) and the new Content
a new application server instance using
Platform Engine version does not exist
an existing Configuration Manager
profile.
FileNet P8 administrator upgrade tasks

The FileNet P8 administrator must carry out several tasks to prepare your
environment for your FileNet P8 upgrade.

Review all rows assigned to the FileNet P8 Administrator (P8A) in the Installation
and Upgrade Worksheet. While you complete the following preparation tasks,
provide values for the rows that are appropriate to your installation.
the worksheet file (p8_worksheet.xls), perform the following actions to quickly see
only the properties assigned to a particular role:
P8A.
v Further filter the result set by clicking the AutoFilter drop-down arrow in any
of the other columns and selecting a value or clear a filter by selecting All.
Enabling the Asynchronous Processing dispatcher
You must enable the Asynchronous Processing dispatcher to ensure that the
object stores progress to a completed or ready state as part of an upgrade.
Preparing Process Engine for upgrade (upgrades from versions 4.5.1, 5.0.0,
5.1.0) on page 156
Repair any inconsistencies between Process Engine queues and rosters in the
Process Engine database, reconcile user security information and prepare Case
Analyzer data for upgrade.
Collecting settings for peupgrade wizard (upgrades from versions 4.5.1, 5.0.0,
5.1.0) on page 156
Collect the values for all settings in the peupgrade wizard. The values are
needed for Process Engine upgrades from versions 4.5.1, 5.0.0, and 5.1.0.
Collecting configuration information for Process Engine DbExecute
connections (upgrades from 4.5.1) on page 159
DbExecute connection information must be provided to the peupgrade tool for
Process Engine upgrades from Version 4.5.1. Collect the current configuration
information for all of your existing DbExecute aliases before you upgrade.
Saving Component Manager custom settings for CE_Operations (upgrades
from V5.1 or earlier) on page 160
Save Component Manager custom settings for CE_Operations in each isolated
region before you upgrade. You need to restore the settings after the upgrade is
complete.
Enabling the Asynchronous Processing dispatcher

You must enable the Asynchronous Processing dispatcher to ensure that the object
stores progress to a completed or ready state as part of an upgrade.
For each object store to be upgraded, you must enable the Asynchronous
Processing dispatcher on at least one Content Platform Engine (or Content Engine)
server in the site where the object store is located.
(For upgrades from 5.2.0 to 5.2.1) To enable the Asynchronous Processing

dispatcher for one Content Platform Engine server:
1. Start the FileNet P8 administration tool.
a. (For upgrades from 5.2.0 to 5.2.1) Start Administration Console for Content
Platform Engine.
b. (For upgrades from 4.5.1, 5.0.0 or 5.1.0) Start Enterprise Manager.
2. (For upgrades from 5.2.0 to 5.2.1) Click the domain root node and then click the
Asynchronous Processing Subsystem tab. Select Enable Dispatcher.
3. (For upgrades from 4.5.1, 5.0.0 or 5.1.0) Right-click the domain root node or the
node of the object store to be upgraded and click Properties. Click the
Asynchronous Processing tab and select Enable Dispatcher.

Preparing Process Engine for upgrade (upgrades from versions
4.5.1, 5.0.0, 5.1.0)
Repair any inconsistencies between Process Engine queues and rosters in the
Process Engine database, reconcile user security information and prepare Case
Analyzer data for upgrade.
v (upgrades from 4.5.1) Use the vwverify program to repair any inconsistencies
between Process Engine queues and rosters in the Process Engine database.
v (upgrades from 5.0 or later) Use the PEVerify program to repair any
inconsistencies between Process Engine queues and rosters in the Process Engine
database. See Techdoc 7022275 for information.
v If there are unused isolated regions with no connection point, remove those
regions before the upgrade.
Collecting settings for peupgrade wizard (upgrades from

versions 4.5.1, 5.0.0, 5.1.0)
Collect the values for all settings in the peupgrade wizard. The values are needed
for Process Engine upgrades from versions 4.5.1, 5.0.0, and 5.1.0.
During the upgrade of Process Engine, you run peupgrade. After you provide
information to the program, you run it to upgrade the Process Engine database.
The values can be provided to peupgrade in a wizard or in a property file that is
an input file to the program. The information that you must gather varies
depending on whether you are upgrading from Version 5.0 or 5.1, or from Version
4.5.1. Record these values in your customized Installation and Upgrade

Worksheet. To find these properties, search the worksheet for instances of
peupgrade.
The following table shows the information that is required and where to collect it
on the source Process Engine system. Several values are not on the source system
but are needed for the upgrade. For each property name, record the value in your
Installation and Upgrade worksheet. Property names in this table reflect the name
in the peupgrade wizard user interface.
Table 26. peupgrade upgrade values
4.5.1 property name and 5.0 or 5.1 property name
Property name location and location Comments
Server DNS name Server or load balancer Server or load balancer
name in FileNet Enterprise name in FileNet Enterprise
Manager, Isolated Region Manager, Isolated Region
properties. properties.
Naming service port Process Engine Naming service port in the The default value is 32776.
Communication Port (IOR Process Task Manager on On V5.0, every virtual
port) in the Process Task the Process Engine server. server has a different port.
Manager on the Process In Enterprise Manager, this
Engine server. In Enterprise port is called the
Manager, this port is called Communication Port.
the Communication Port.
Operating system character From the command line, From the command line, This property is the
set (AIX, HPUX, HPUXi, enter locale charmap enter locale charmap character set on the original
Linux, Linux on System Z, server.
Solaris)

Table 26. peupgrade upgrade values (continued)
Operating system character For information about For information about This property is the
set (Windows) identifying the locale in identifying the locale in character set on the original
Windows, see the Microsoft Windows, see the Microsoft server.
documentation. documentation.
Administration group This property is the This property is the
Administrator Group, on Administrator Group, on
the Process Engine server, the Process Engine server,
in Process Task Manager, on in Process Task Manager, on
the Security tab. the Security tab.
Configuration group This property is the This property is the
Configuration Group, on Configuration Group, on
the Process Engine server, the Process Engine server,
in Process Task Manager, on in Process Task Manager, on
the Security tab. the Security tab.
Database schema name By default, f_sw. Database Might still be f_sw if this This property is for the
administrator must provide. system was originally Process Engine database. It
installed on a version is the schema where the
earlier than 5.0 and then workflow tables reside on
upgraded to 5.0. Database the target system.
administrator must provide.
XSL/XSD file location (AIX, By default, on the source By default, on the source These directories and their
HPUX, HPUXi, Linux, system: /fnsw/local/sd/xsl system: contents need to be on a
Linux on System Z, Solaris) and /fnsw/local/sd/xsd install_path/data/ drive that is available at the
pesvr.virtual_servername/ time of the upgrade for the
xsl and peupgrade program. They
install_path/data/ must also be for available
pesvr.virtual_servername/ for the Content Platform
xsd Engine after the upgrade.
This property might be a
shared drive or you might
copy them to a local drive
on the new server in the
case of a migration
upgrade.
XSL/XSD file location By default, on the source By default, on the source These directories and their
(Windows) system: \fnsw_loc\sd\xsl system: contents need to be on a
and \fnsw_loc\sd\xsd install_path\data\ drive that is available at the
pesvr.virtual_servername\ time of the upgrade for the
xsl and peupgrade program. They
install_path\data\ must also be for available
pesvr.virtual_servername\ for the Content Platform
xsd Engine after the upgrade.
This property might be a
shared drive or you might
copy them to a local drive
on the new server in the
case of a migration
upgrade.

Table 26. peupgrade upgrade values (continued)
Database column size factor Choose the expansion Not applicable This expansion value is to
(DB2 for Linux, UNIX and factor. allow for the additional
Windows space requirements for
character-based string
fields. String fields are
modified by increasing the
length by the defined factor.
Database column size factor Choose the expansion Not applicable This expansion value is to
(SQL Server) factor. allow for the additional
space requirements for
character-based string
fields. String fields are
modified by increasing the
length by the defined factor.
Database connection name Choose from the dropdown Choose from the dropdown Every region that you
(existing) list. list. upgrade needs a connection
point. IBM Case Manager
with shared databases for
Process Engine and Content
Engine has existing
connection points. If for any
other reason Content
Engine and Process Engine
are sharing a database,
there is also an existing
connection point.
Database connection name If Process Engine and
(define a new connection) Content Engine are not in
the same database, you
need to define a new
connection name.
Data source name If the 5.0 or 5.1 Process The name that is entered
Engine database is being for peupgrade must match
shared with an object store, the data source name that is
this property is the data defined in Configuration
source name of the object Manager.
store.
XA data source name If the 5.0 or 5.1 Process The name that is entered
Engine database is being for peupgrade must match
shared with an object store, the XA data source name
this property is the XA data that is defined in
source name of the object Configuration Manager.
store.
DbExecute connection See Collecting configuration Not applicable If you need a custom URL,
information for Process you cannot do the upgrade
Engine DbExecute silently and must use the
connections. GUI.
| Collect the database type

| information for all of the
| existing DBExecute
| connections.

Collecting configuration information for Process Engine
DbExecute connections (upgrades from 4.5.1)
DbExecute connection information must be provided to the peupgrade tool for
Process Engine upgrades from Version 4.5.1. Collect the current configuration
information for all of your existing DbExecute aliases before you upgrade.
Collect DbExecute connection information and record it in your Installation and

Upgrade worksheet. The DbExecute connection information must be provided to
the peupgrade tool. You run the peupgrade tool during the upgrade of Process
Engine to Content Platform Engine Version 5.2.1.
To collect DbExecute alias configuration information for Process Engine, log on to

the Process Engine v4.5.1 server and locate existing information.
1. Change your working directory to the following:
Option Description
AIX, HPUX, HPUXi, Solaris /fnsw/local/sd
Windows \fnsw_loc\sd
2. Each connection has a file associated with the following naming scheme
.alias.bin
Note the names for all aliases.

3. Collect the connection information for each alias by running vwtool with the
listdbconfig option as follow:
a. Start vwtool at a command prompt as follows:
vwtool -Y pe_service_username+pe_service_username_password
b. Enter the following command at the prompt:
listdbconfig alias
c. For each database type, the information returned is as follows:
Oracle global database name
SQL Server
SQL Server name
database name
DB2 database alias
4. Using the information for every existing connection, collect the following
information. Record the values in your Installation and Upgrade worksheet.
v Database type
v Database name
v Database host name
v Database port
v Database user name
v Database password
As an alternative to the database host name and port, use a connection URL
string. Your URL can vary, depending on your configuration, but default URLs
that can be configured are as follows:
v jdbc:sqlserver://DBhost:DBport;DatabaseName=DBName
v jdbc:db2://DBhost:DBport/DBName
v jdbc:oracle:thin:@DBhost:DBport:DBName

| Saving Component Manager custom settings for CE_Operations
| (upgrades from V5.1 or earlier)
| Save Component Manager custom settings for CE_Operations in each isolated
| region before you upgrade. You need to restore the settings after the upgrade is
| complete.
| Before you upgrade FileNet P8 from version 5.1 or earlier, you must make note of
| the logon and password for the adapter. If you extended the CE_Operations queue
| with exposed fields or database indexes, you must also save these custom settings
| before you upgrade. You must manually restore these settings and values after the
| upgrades of the Content Platform Engine software and the Process Engine
| database are complete.
| Important: Other customizations or extensions to the CE_Operations component

| queue are not supported. These customizations might cause the Process Engine
| database upgrade to fail. Contact IBM Support for assistance before you proceed
| with the upgrade if the CE_Operations queue has customizations other than
| exposed fields or database indexes.
| You can use Administration Console for Content Platform Engine if it is available
| or the Process Configuration Console in Workplace or Workplace XT to save the
| CE_Operations settings. The console that you select is used to configure the queue,
| but that does not imply that the component queue runs in Content Platform
| Engine or Workplace.
| To save the Component Manager custom settings for CE_Operations:

| 1. Start Process Configuration Console by using Workplace or Workplace XT:
| Table 27. Starting Process Configuration Console
| Option Select
| Workplace Select Admin > Process Configuration
| Console.
| Workplace XT Select Tools > Administration > Process
| Configuration Console
|
| 2. Save the custom settings for the CE_Operations queue in each isolated region:
| a. Go to an isolated region node and choose Export to XML from the Action
| menu.
| b. In the Export window, click Browse and specify a file name and location on
| your local drive or network for the exported data.
| Tip: Use the XML file extension for the file name.
| c. Choose the export type Export selected components and select the
| CE_Operations queue from the Component Queues. Then click Next.
| d. On the Summary page, confirm that the export contains only the
| CE_Operations queue, and then click Finish to complete the export.
| e. Repeat the preceding substeps for the other isolated regions.
| 3. Save the adapter settings for the CE_Operations queue in each isolated region:
| a. Go in Process Configuration Console for an isolated region to the isolated
| region node > Component Queues > CE_Operations.
| b. Right-click the CE_Operations node and choose Properties to view its
| properties.

| c. Open the Adapter tab and make note of the JAAS Credentials settings; you
| need it later in the upgrade process.
| d. Repeat the preceding substeps for the other isolated regions.

Appendix A. Preparing non-English environments for
installing FileNet P8
To run FileNet P8 components in a non-English environment, certain conditions
must be met. Review the following considerations and tasks, organized by
administrator role, if you plan to run FileNet P8 in a non-English environment.
By default, Content Platform Engine uses Oracle Outside In Search Export for text
extraction on PDF documents. For right-to-left language PDF documents, you can
optionally use Apache PDFBox technology for text extraction. To use PDFBox, you
set a JVM property on Content Platform Engine. For more information, see the
topics in Administering FileNet P8 > Administering Content Platform Engine.
For information on how IBM Content Search Services extracts text from documents
that are sent to it by IBM Content Collector, see Administering FileNet P8 >
Administering Content Platform Engine > Retrieving documents > Finding
objects with content-based retrieval > Making object text searchable > Indexable
document types and text extraction.
IT administrator
Depending on the operating system, the IT administrator installs either a
localized version of the operating system, or the operating system language
pack.
Security administrator on page 165
The FileNet P8 security administrator installation role includes configuring and
maintaining directory servers.
Database administrator on page 166
The FileNet P8 database administrator installation role includes configuring
database installations and table spaces, and creating database accounts.
Application Server administrator on page 167
To support Unicode UTF-8 characters, all FileNet P8 domain application servers
must be properly configured and must have all fix packs installed.
FileNet P8 administrator on page 168
The FileNet P8 administrator configures Process Task Manager for Application
Engine and Workplace XT.
Limitations on installing in a non-English environment on page 168
There are certain limitations on installing FileNet P8 in non-English
environments.
IT administrator
Depending on the operating system, the IT administrator installs either a localized
version of the operating system, or the operating system language pack.
Operating system considerations on page 164
In addition to any operating system platforms, the IT administrator must
consider the FileNet P8 components that will be installed in a non-English
environment.
Microsoft Windows on page 165
Use the localized Microsoft Windows version when available. If the localized
version is not available, use the English version with the appropriate regional
setting.

Configuring locale and support for other languages in an AIX, HPUX, HPUXi,
Linux, Linux on System z, or Solaris system on page 165
Add language fonts for your AIX, HPUX, HPUXi, Linux, Linux on System z, or
Solaris operating system if you need to display an X Window desktop in a
specific-language user interface. Follow your operating system administration
guide to install other language fonts.
Operating system considerations

In addition to any operating system platforms, the IT administrator must consider
the FileNet P8 components that will be installed in a non-English environment.
Application Engine or Workplace XT
Application Engine and Workplace XT can be installed:

v In any locale on any of the supported AIX, HPUX, HPUXi, Linux, Linux on
System z, and Solaris platforms
v On any localized version of Windows or in any region on the English version of
Windows
Remember: The Application Engine and Workplace XT setting must match the
Content Platform Engine setting. Otherwise, workflows can experience unexpected
problems such as errors related to the way characters display.
Content Platform Engine can be installed:

v In any locale on any of the supported AIX, HPUX, HPUXi, Linux, Linux on
System z, and Solaris platforms
Windows
If you intend to install Content Platform Engine in a path that contains

non-English characters, you must specify each such character in the path by its
escaped Unicode representation (for example, \u4EF6).
IBM Content Search Services
IBM Content Search Services can be installed:

v In any locale on any of the supported AIX, Linux, Linux on System z, and
Solaris platforms
Windows
When you run the installation program for IBM Content Search Services, you
specify a configuration data directory and an installation directory. If any
component of either of these directory names contains non-English characters, the
installation program appears to complete normally; but the program creates an
installation directory whose name contains random characters instead of the name
that you specified.
This installation failure occurs whether you install the first instance or an
additional instance of IBM Content Search Services. To prevent the failure, use only
English characters in the name of each component of the configuration data
directory and the installation directory.

Microsoft Windows
Use the localized Microsoft Windows version when available. If the localized
version is not available, use the English version with the appropriate regional
setting.
Use the Regional Options Control Panel to change the regional setting. For more
information, see the Windows help system.
If you intend to install IBM Content Search Services to a path that contains
non-English characters, ensure that your version of Windows supports the locale of
the non-English characters. If the native Windows command shell displays the
non-English characters correctly, the locale is supported.
Attention: The IBM Content Search Services temporary directory cannot contain
non-English characters. If you install to a non-English path, change the location of
the temporary directory to a path that contains English characters only. Use the
command-line configuration tool (configTool) to set the tempDirPath parameter.
Configuring locale and support for other languages in an AIX,

HPUX, HPUXi, Linux, Linux on System z, or Solaris system
Add language fonts for your AIX, HPUX, HPUXi, Linux, Linux on System z, or
Solaris operating system if you need to display an X Window desktop in a
specific-language user interface. Follow your operating system administration
guide to install other language fonts.
Configure your X-session manager application to use the fonts for your operating
system. See your X-session manager application administration guide for details
about adding fonts or accessing them on the server. Make sure to add a locale for
the language that is used and also to add the UTF-8 locale. Set the server locale to
the UTF-8 locale.
For information about right-to-left languages, see the Oracle support document
Enabling Outside In Technology for Bidirectional Arabic and Hebrew Text.
The FileNet P8 security administrator installation role includes configuring and
maintaining directory servers.
Extended characters and user names
Note the following considerations for localized FileNet P8 accounts.
Extended characters and user names

Note the following considerations for localized FileNet P8 accounts.
v With Microsoft Active Directory, Content Platform Engine supports extended
characters in user names and passwords for all Latin1, Latin2, Arabic, and
double-byte languages
v Content Platform Engine does not support extended (double-byte) characters in
LDAP attributes for authentication purposes. These attributes include, but are
not limited to, such items as cn (common name), ou (organizational unit), or dc
(domain component). ASCII characters are required for these attributes.
v The Content Platform Engine locale must match directory server locale to
manage non-ASCII user names correctly.
Appendix A. Preparing non-English environments for installing FileNet P8 165

v AIX, HPUX, HPUXi, Linux, Linux on System z, and Solaris systems can support
Latin1, Latin2, Arabic, and double-byte user names simultaneously.
The FileNet P8 database administrator installation role includes configuring
database installations and table spaces, and creating database accounts.
Installing Microsoft SQL Server
During installation, the Microsoft SQL Server installer program detects the
Windows regional setting and sets the Microsoft SQL Server language setting
accordingly. Use the regional setting selected by the installation program
throughout the entire Microsoft SQL Server installation.
Installing Oracle server
Create the database using the AL32UTF8 database character set.
Installing the DB2 for Linux, UNIX and Windows server
Use the UTF-8 codeset for the DB2 for Linux, UNIX and Windows database
server.
| Installing the DB2 for z/OS server on page 167
When you install the DB2 for z/OS database server in a non-English
environment, use UTF-8 collation settings by configuring CCSID UNICODE.
Installing Microsoft SQL Server

During installation, the Microsoft SQL Server installer program detects the
Windows regional setting and sets the Microsoft SQL Server language setting
accordingly. Use the regional setting selected by the installation program
throughout the entire Microsoft SQL Server installation.
Microsoft does not recommend changing the selected regional setting unless you
have to match the regional setting to the collation of another instance of Microsoft
SQL Server or to the Windows regional setting of another computer. Localized
versions of Microsoft SQL Server are available in French, German, Spanish, Italian,
Japanese, Korean, and Simplified and Traditional Chinese.
The collation settings must match the language settings on the system. Searching
for other languages that do not match the database collation setting will result in
invalid search and sort results.
Installing Oracle server

Create the database using the AL32UTF8 database character set.
Set the regular character set to AL32UTF8. It is not required to set the national
character set (NLS_NCHAR_CHARACTERSET) to a specific value. You can take
the default. The national character set applies to the data types NCHAR /
NVARCHAR2 / NCLOB which the Content Platform Engine does not use.
Installing the DB2 for Linux, UNIX and Windows server

Use the UTF-8 codeset for the DB2 for Linux, UNIX and Windows database server.

| Installing the DB2 for z/OS server

| When you install the DB2 for z/OS database server in a non-English environment,
| use UTF-8 collation settings by configuring CCSID UNICODE.
| The collation settings must match the language settings on the system. Searching
| for other languages that do not match the database collation setting will result in
| invalid search and sort results.
Application Server administrator

To support Unicode UTF-8 characters, all FileNet P8 domain application servers
must be properly configured and must have all fix packs installed.
| Configuring character encoding on WebSphere Application Server
FileNet P8 requires two WebSphere settings: com.ibm.CORBA.ORBCharEncoding, to
specify the native encoding set of character data that Object Request Broker
uses, and com.ibm.websphere.security.BasicAuthEncoding, to match the
encoding used by Basic Authentication for Web Services so that client
applications can access web services.
Configuring character encoding on JBoss Application Server on page 168
Set the appropriate codesets to UTF-8.
Configuring character coding on WebLogic Server on page 168
| Configuring character encoding on WebSphere Application

| Server
| FileNet P8 requires two WebSphere settings: com.ibm.CORBA.ORBCharEncoding, to
| specify the native encoding set of character data that Object Request Broker uses,
| and com.ibm.websphere.security.BasicAuthEncoding, to match the encoding used
| by Basic Authentication for Web Services so that client applications can access web
| services.
| To set character encoding parameters on WebSphere Application Server:

| 1. Log on to the WebSphere administrative console.
| 2. In the navigation pane, click Servers > Server Types > WebSphere application
| servers > server_name, where server_name is the name of one of your
| application servers.
| 3. In the Container services section, click ORB service > Custom properties >
| New.
| 4. In the Name field, enter com.ibm.CORBA.ORBCharEncoding, set the value to UTF8,
| and save your changes.
| 5. In the Server Infrastructure section, click Java and process management >
| Process definition > Java virtual machine > Custom properties > New.
| 6. In the Name field, enter com.ibm.websphere.security.BasicAuthEncoding, set
| the value to UTF8, and save your changes.
| 7. Restart the application server.
| 8. Repeat steps 2 through 7 for your other application servers.

Configuring character encoding on JBoss Application Server
To configure the correct character encoding:

1. Open the file JBOSS_HOME//server/(default)/deploy/jboss-web.sar/
server.xml for editing and set the following value:
<Connector port="8080" URIEncoding="UTF-8">
2. Open the file JBOSS_HOME/bin/run.bat or JBOSS_HOME/bin/run.sh for editing
and set the following value:
JAVA_OPTS=JAVA_OPTS -Dfile.encoding=utf-8
Configuring character coding on WebLogic Server

To configure the correct character encoding, set the following Interop-Orb-Protocol

(IIOP) attributes:
v Default Char Codeset to "UTF-8"
v Default Wide Char Codeset to "UTF-8"
The FileNet P8 administrator configures Process Task Manager for Application
Engine and Workplace XT.
Configuring Process Task Manager for Application Engine and Workplace XT
In AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris environments,
verify that the LC_TIME and LC_MESSAGES environment variables are set to
C before you run Process Task Manager in Application Engine or Workplace
XT. Failure to set these variables can result in an error in a non-English locale.
Configuring Process Task Manager for Application Engine and

Workplace XT
In AIX, HPUX, HPUXi, Linux, Linux on System z, or Solaris environments, verify
that the LC_TIME and LC_MESSAGES environment variables are set to C before
you run Process Task Manager in Application Engine or Workplace XT. Failure to
set these variables can result in an error in a non-English locale.
Limitations on installing in a non-English environment

There are certain limitations on installing FileNet P8 in non-English environments.
Important: For additional limitations, see the release notes.
Process Task Manager
If Application Engine, Workplace XT, or Content Platform Engine is installed on

any operating system other than Windows, Process Task Manager (vwtaskman)
takes too long to launch when it is run under a UTF-8 locale using remote CDE
shells such as X Window, Exceed, Xmanager, etc). Verify that the X Window
application can handle Unicode fonts to fix this problem. Also, verify that any
independent software vendor applications are configured correctly. The
command-line interface functionality is not affected.

Process Designer
To import a user-defined XSD file that contains non-English characters in Process

Designer, run the following command to convert characters to the Unicode
encoding format to match an operating system other than Windows Content
Platform Engine in a UTF-8 locale, and then import the XSD file into Process
Designer.
Java -cp pe.jar filenet.vw.toolkit.utils.FileConverter /in filename
/out outfilename
Composite Platform Installation Tool

The Composite Platform Installation Tool, which installs a single-server FileNet P8
environment, is not supported on Simplified Chinese Microsoft Windows 2008 R2.
IBM Case Manager
IBM Case Manager requires language support on the Content Platform Engine
server to support authored language solution templates.
Important: Case Manager Builder displays unreadable characters in Step Editor for
double-byte (east Asian) characters. To resolve the problem, install the correct
language pack on the Case Manager Builder Server.
IBM FileNet Image Services
In IBM FileNet Image Services, navigate to fn_edit > System Attributes > Client
Character Set, enter MS932, and restart the IBM FileNet Image Services service. This
configuration setting ensures that Japanese characters in property values are
synchronized in both directions between IBM FileNet Image Services and Content
Platform Engine.
Rendition Engine
Rendition Engine supports only English and Japanese operating system languages.
You can install and run Rendition Engine on any language version of Windows,
provided that you set the Windows Region/Language configuration to either
English or Japanese.
With one exception, IBM FileNet Rendition Engine supports only the English
versions of authoring applications. The exception is that Rendition Engine supports
the Japanese versions of Microsoft Office, Microsoft Project, and Microsoft Visio.
For more information, see Microsoft Windows operating system help for further
information about adding additional language support.

Appendix B. FileNet P8 ports
Port numbers that are used by FileNet P8 components are listed along with
information such as communication protocols, the source and target components,
whether load balancers are supported, and other information specific to the
component ports.
The following conditions apply to the ports that are used by the FileNet P8
components:
v The port numbers are default values, but can be changed to other unique port
numbers.
v The default port number and communication protocol must be open on the
target server.
v Replies and responses to the requestor are made unless specified otherwise.
v No long-lived connections are established between FileNet P8 components
unless specified for the port. The connection is closed after the initiator opens a
connection with the recipient and the recipient responds.
Content Platform Engine ports on page 172
The Content Platform Engine ports information is presented in multiple tables
that list the port names, port numbers, communication protocols, and
descriptions.
Application Engine and Workplace XT ports on page 176
The Application Engine and Workplace XT servers ports table lists the port
names, port numbers, communication protocols, and description for its use.
Process Simulator ports on page 176
The Process Simulator ports information, which is segmented into multiple
tables, lists the port names, port numbers, communication protocols, and
description for its use.
Content Search Services ports on page 177
The Content Search Services ports information, which is segmented into
multiple tables, lists the port names, port numbers, communication protocols,
and description for its use.
Rendition Engine and Content Platform Engine ports for LIQUENT on page
178
The following tables list the Rendition Engine and Content Platform Engine
ports information for LIQUENT.
Database ports on page 180
The database ports information, which is segmented into multiple tables, lists
the port names, port numbers, communication protocols, and description for its
use.
IBM System Dashboard for Enterprise Content Management ports on page
181
The IBM System Dashboard for Enterprise Content Management ports
information, which is segmented into multiple tables, lists the port names, port
numbers , communication protocols, and description for it use.
Content Services for FileNet Image Services ports on page 182
The following tables list the port numbers used by IBM FileNet Content
Services for FileNet Image Services.

Content Platform Engine ports
The Content Platform Engine ports information is presented in multiple tables that
list the port names, port numbers, communication protocols, and descriptions.
Table 28. Content Platform Engine ports
Application Transport level Default port
Port name level protocol protocol number From To
LDAP LDAP TCP 389 Content Directory server
Platform
Engine server
LDAP (SSL ) LDAP TCP 636 Content Directory server
Platform
Engine server
LDAP Global Catalog LDAP TCP 3268 Content Global Catalog
Platform server
Engine server
LDAP Global Catalog (SSL) LDAP TCP 3269 Content Active Directory
Platform Global Catalog
Engine server server
WebSphere WSI HTTP TCP 9080 Content Content Platform
Platform Engine server
Engine client
WebSphere WSI (SSL) HTTPS TCP 9443 Content Content Platform
Engine,
Administration
Console for
Content
Platform
Engine,
Component
Manager
(Workplace
XT), or a
custom
application
WebSphere EJB IIOP TCP 2809 Content Content Platform
Engine client
WebLogic EJB / WSI HTTP, T3, and TCP 7001 Content Content Platform
IIOP Platform Engine server
Engine client
WebLogic EJB / WSI (SSL) HTTPS, T3S, and TCP 7002 Content Content Platform
IIOP Platform Engine server
Engine client
JBoss EJB JNP TCP 1099 Content Content Platform
Engine client
JBoss WSI HTTP TCP 8080 Content Content Platform
Engine client
JBoss WSI (SSL) HTTPS TCP 8443 Content Content Platform
Engine client

Table 28. Content Platform Engine ports (continued)
JBoss IIOP IIOP TCP 3528 Content Content Platform
Engine client
JBoss IIOP (SSL) IIOP TCP 3529 Content Content Platform
Engine client
Kerberos Login RFC 1510 TCP or UDP 88 Content Active Directory
Platform KDC
Engine client
Table 29. Content Platform Engine ports - continued

Port name Supports SSL?
LDAP No
LDAP (SSL ) Yes
LDAP Global Catalog No
LDAP Global Catalog (SSL) Yes
WebSphere WSI No
WebSphere WSI (SSL) Yes
WebSphere EJB Yes
WebLogic EJB / WSI No
WebLogic EJB / WSI (SSL) Yes
JBoss EJB Yes
JBoss WSI No
JBoss WSI (SSL) Yes
JBoss IIOP Yes
JBoss IIOP (SSL) Yes
Kerberos Login No

Port name Notes
LDAP The port is on the directory server and specified on the Content Platform Engine
server for authentication.
LDAP (SSL ) The port is on the directory server and specified on the Content Platform Engine
for authentication through SSL.
LDAP Global Catalog The port is used for the Active Directory only.
LDAP Global Catalog (SSL) The port is used for the Active Directory only.
WebSphere WSI The port is on the WebSphere Application Server for Content Platform Engine. The
port is used for communication with Content Platform Engine by clients through
WSI.
WebSphere WSI (SSL) HTTPS over SSL or TLS. (Port 9080 is the non-SSL HTTP port.) Content Platform
Engine and custom applications use WSI. Port 9443 is on the WebSphere
Application Server for Content Platform Engine. The port is used for
communication with Content Platform Engine by clients through WSI.
Appendix B. FileNet P8 ports 173

Table 30. Content Platform Engine ports - continued (continued)
Port name Notes
WebSphere EJB The port is on the WebSphere Application Server for Content Platform Engine. The
port is used for communication with Content Platform Engine by clients through
EJB and for request forwarding between Content Platform Engine servers.
WebLogic EJB / WSI The port is on the WebLogic Server for Content Platform Engine supports both EJB
and WSI. The port is used for communication with Content Platform Engine by
clients and for request forwarding between Content Platform Engine servers.
WebLogic EJB / WSI (SSL) The port is on the WebLogic Server for Content Platform Engine supports both EJB
and WSI. The port is used for communication with Content Platform Engine by
clients using SSL and for request forwarding between Content Platform Engine
servers.
JBoss EJB The port is on the JBoss Application Server for Content Platform Engine. The port
is used for communication with Content Platform Engine by clients through EJB
and for request forwarding between Content Platform Engine servers.
JBoss WSI The port is on the JBoss Application Server for Content Platform Engine. The port
is used for communication with Content Platform Engine by clients through WSI.
JBoss WSI (SSL) The port is on the JBoss Application Server for Content Platform Engine. The port
is used for communication with Content Platform Engine by clients through WSI
using SSL.
JBoss IIOP The port is on the JBoss Application Server for Content Platform Engine. The port
is used for communication with Content Platform Engine by clients through IIOP.
JBoss IIOP (SSL) The port is on the JBoss Application Server for Content Platform Engine. The port
is used for communication with Content Platform Engine by clients through IIOP.
Kerberos Login The port is used for Kerberos authentication support only.
Table 31. Content Platform Engine ports

SMTP (Email Notification) SMTP TCP 25 Content Email server
Platform
Engine server
Process Task Manager / RMI TCP 32771 (for Process Task Component
Component Manager version 1 of Manager on the Manager /
version 1 communications Component Application Process Task
port Manager) Engine server Manager
communication
Component Manager Event RMI TCP 32773 (for Content Component
Port backward Platform Manager version
compatibility Engine server 1 on the
with version 1 Application
of Component Engine server
Manager)
Rules Listener RMI TCP 32774 (for Content Rules Listener
Rules Engine Platform
using Rules Engine server
Connectivity
Framework)
Content Platform Engine HTTP (only for TCP 0 (randomly Content Content Platform
server to server clusters) assigned port Platform Engine server
communication port number) Engine server

Table 32. Content Platform Engine portscontinued
Reply or
Response to Long lived Supports SSL
Port name requestor? sessions? Load Balancer? and TLS?
SMTP (Email Notification) No No No Yes
Process Task Manager / Component Yes Yes No No
Manager version 1 communications port
Component Manager Event Port Yes Yes No No
Rules Listener Yes Yes No No
Content Platform Engine server to server Yes Yes No No
communication port

Port name Notes
SMTP (Email Notification) The port is on the SMTP server and is configured for Content Platform Engine
email notification in Administration Console for Content Platform Engine.
Communication on this port is one-way, from the Content Platform Engine server
to the email server.
Process Task Manager / This port is on the Application Engine server for Process Task Manager to
Component Manager version 1 communicate with the Component Managers.
communications port
Component Manager Event Port The port is on the Application Engine server, configured through the Process Task
Manager. This port number must match the port used for the Component Manager
Event Port on the Application Engine.
Communication on this port is one-way from the Content Platform Engine server
to the Component Manager.
Rules Listener The port is on the Content Platform Engine server.
Communication on this port is bidirectional from the Content Platform Engine

server to the Rules Listener
Content Platform Engine server For a cluster configuration only. If there is a firewall between the Content Platform
to server communication port Engine server instances of a cluster, this value should be set to a specific assigned
port number and that port value should be allowed in the firewall configuration.
The port is set for the workflow system. The port number is the internal port
number, which is the field name for this in the Administration Console for Content
Platform Engine. In a cluster configuration, this port needs to be set in
Administration Console for Content Platform Engine and it needs to be opened in
the firewall.
Communication on this port is bidirectional between Content Platform Engine

servers in a cluster.

Application Engine and Workplace XT ports
The Application Engine and Workplace XT servers ports table lists the port names,
port numbers, communication protocols, and description for its use.
Table 34. Application Engine and Workplace XT server ports
Default port
Port name number Notes
WebSphere 9080 The port is on the WebSphere Application Server for clients to
connect to Workplace and Workplace XT.
WebSphere SSL 9443 The port is on the WebSphere Application Server for clients to
connect to Workplace and Workplace XT through SSL.
WebLogic 7001 The port is on the WebLogic Server for clients to connect to
Workplace and Workplace XT.
WebLogic SSL 7002 The port is on the WebLogic Server for clients to connect to
Workplace and Workplace XT through SSL.
JBoss 8080 The port is on the JBoss Application Server for clients to connect to
Workplace and Workplace XT.
JBoss SSL 8443 The port is on the JBoss Application Server for clients to connect to
Workplace and Workplace XT through SSL.
BPM Web Services Reliable 32767 The port is configured and used on the Application Engine server,
messaging client port for a Component Manager instance.
Content Platform Engine 32771 The port is on the Windows Content Platform Engine server for
(RMI) Process Task Manager to communicate with the Windows Content
Platform Engine Services Manager. Specify this port number in the
jpemgr.properties file, in the jpemgr.port parameter on the Content
Platform Engine.
This port is on the Application Engine server for Process Task

Manager to communicate with the Component Managers and the
Windows Process Workplace (or Workplace XT) Services Manager.
Set the port in Process Task Manager on the Application Engine as
the Registry Port.
Component Manager (Event 32773 The port is on the Application Engine server, and is used when the
Port) Component Manager (running on the Application Engine Server) is
configured to be triggered by events, instead of polling. This port
number must match the port used for the Component Manager
Event Port on the Content Platform Engine.
Process Simulator ports

The Process Simulator ports information, which is segmented into multiple tables,
lists the port names, port numbers, communication protocols, and description for
its use.
Table 35. Process Simulator ports
Registry port RMI TCP 32771 Process Task Process
Manager Simulator
Return RMI TCP 0 Application Process
Engine Simulator

Table 36. Process Simulator portscontinued
Reply or
Response to Long lived
Port name requestor? sessions? Load Balancer? Supports SSL?
Registry port Yes No No No
Return Yes No No No
Table 37. Process Simulator portscontinued

Port name Notes
Registry port The port is on the Process Simulator server. The Process Task Manager application
on the Process Simulator server communicates with the Process Simulator server
process on this port. The Application Engine also communicates with the Process
Simulator server process on this port.
Return The port is on the Process Simulator server and is used to communicate with the
Application Engine server.
By default an anonymous port number is used. However, if the Process Simulator

server resides behind a firewall it will be necessary to specify an explicit port by
entering a value other than 0.
Content Search Services ports

The Content Search Services ports information, which is segmented into multiple
tables, lists the port names, port numbers, communication protocols, and
description for its use.
Table 38. Content Search Services ports
Content Search Services proprietary TCP 8191 Content Engine Content Search
server Services
Table 39. Content Search Services portscontinued

Reply or
Content Search Services server Yes No No Yes (for P8
version 5.1)
Table 40. Content Search Services portscontinued

Port name Notes
Content Search Services server The port is located on the Content Search Services server and is used for
communication between the Content Search Services server and the Content
Engine.

Rendition Engine and Content Platform Engine ports for LIQUENT
The following tables list the Rendition Engine and Content Platform Engine ports
information for LIQUENT.
Table 41. Rendition Engine and Content Platform Engine ports for LIQUENT
Transport level Default port
Port name protocol number From To
LIQUENT input port TCP/IP 2867 (COM Content Platform Rendition Engine
Repository only) Engine and
Rendition Engine
LIQUENT notify port TCP/IP 2868 Rendition Engine Content Platform
Engine and
Rendition Engine
LIQUENT event port TCP/IP 2869 Content Platform Rendition Engine
Engine and
Rendition Engine
LIQUENT admin port TCP/IP 2870 Content Platform Rendition Engine
Engine and
Rendition Engine
LIQUENT file transfer port TCP/IP 2871 Content Platform Content Platform
Engine and Engine and
Rendition Engine Rendition Engine
LIQUENT job queue port TCP/IP 2872 Rendition Engine Rendition Engine
Table 42. Rendition Engine and Content Platform Engine ports for LIQUENT - continued
Reply or
LIQUENT input port Yes No No No
LIQUENT notify port Yes No No No
LIQUENT event port Yes No No No
LIQUENT admin port Yes No No No
LIQUENT file transfer port Yes No No No
LIQUENT job queue port Yes No No No
Table 43. Rendition Engine and Content Platform Engine ports for LIQUENTcontinued
Port name Notes
LIQUENT input port The port allows for distributed processing of jobs on the Rendition Engine servers
when there are more than one Rendition Engine server. A Rendition Engine server
or Rendition Engine client (Content Platform Engine Publishing server) on which a
job is submitted makes the load balancing decision on where to run the job. If the
job is sent to another Rendition Engine server for execution then it uses the other
Rendition Engine server's input port to do so.

Table 43. Rendition Engine and Content Platform Engine ports for LIQUENTcontinued (continued)
Port name Notes
LIQUENT notify port The port is also related to the distributed processing of jobs on the Rendition
Engine servers. When a job is sent to another Rendition Engine server, then the
originating Rendition Engine server or Rendition Engine client (Content Platform
Engine Publishing server) is notified on this port by the other Rendition Engine
server when the other Rendition Engine server has finished processing the job.
One case of this is when the Rendition Engine server is notifying the Rendition
Engine client (Content Platform Engine Publishing server) that a conversion job
has completed.
LIQUENT event port The port is used by each Rendition Engine server to send or receive events. These
events are used by the Rendition Engine server to keep each other informed of
current activities. The LIQUENT Domain Manager on the Rendition Engine server
uses these events for the job status display.
LIQUENT admin port The port is used by each Rendition Engine server for internal administrative
functions. The primary use is for each Rendition Engine server to publish its
current activity statistics (for example, how busy the business services are) for use
by other Rendition Engine servers to make load balancing decisions.
LIQUENT file transfer port This port is used for transferring source, temporary, and result files between
Rendition Engine servers as well as between Rendition Engine servers and
Rendition Engine clients (Content Platform Engine Publishing servers).
LIQUENT job queue port This port is for job queuing by the render business service on all Rendition Engine
servers.
Tip: If the LIQUENT port number assigned to the Rendition Engine/LIQUENT

software conflicts with the port number required by another application or service
that runs on the Rendition Engine server or the Content Platform Engine
Publishing server, then the default values can be changed in the LIQUENT Domain
Manager on the Rendition Engine server.
The above port numbers are the default values set by the Rendition Engine
installer for the COM Repository in the LIQUENT Vista domain, which represents
the Rendition Engine server itself. When a Content Platform Engine Publishing
server is configured to point to the Rendition Engine server, one must create a
"Java Repository" in the LIQUENT Vista domain that represents the Content
Platform Engine Publishing server as a Java client to the Rendition Engine server,
and this repository will also have the same default port number values.
The database port number is not specified directly by the Rendition Engine
servers LIQUENT software, but it is specified for the Rendition Engine client in
the Content Platform Engine Publishing server's Rendition Engine Connection
object (for the JDBC connection from the Rendition Engine client module to the
Rendition Engine database server).

Database ports
The database ports information, which is segmented into multiple tables, lists the
port names, port numbers, communication protocols, and description for its use.
Table 44. Database ports
DB2 for Linux, UNIX, and JDBC or CLI TCP 50000 Content DB2
Windows Platform
Engine, Case
Analyzer and
IBM Content
Navigator
DB2 for z/OS JDBC or CLI TCP 446 Content DB2
Platform
Engine, Case
Analyzer and
IBM Content
Navigator
Oracle JDBC or OCI TCP 1521 Content Oracle
Platform
Engine, IBM
Content
Navigator, Case
Analyzer, and
Rendition
Engine
Microsoft SQL Server JDBC or TDS TCP 1433 Content Microsoft SQL
Platform Server
Engine, IBM
Content
Navigator, Case
Analyzer, and
Rendition
Engine
Table 45. Database ports - continued

Reply or Response
Port name to requestor? Long lived sessions? Load Balancer?
DB2 for Linux, UNIX, and Windows Yes No Yes
DB2 for z/OS Yes No Yes
Oracle Yes No Yes
Microsoft SQL Server Yes No Yes
Table 46. Database ports - continued

Port name Notes
DB2 for Linux, UNIX, DB2 for Linux, UNIX, and Windows default port. Port 50000 or
and Windows higher can be used.
DB2 for z/OS The default port for DB2 for z/OS is typically changed. Refer to
your database administrator for the port numbers in use.
Oracle Oracle DB default listener. Alternative port is 2483 (TTC) or 2484
(TTC SSL).

Table 46. Database ports - continued (continued)
Port name Notes
Microsoft SQL Server The port is the default port for SQL Server.
IBM System Dashboard for Enterprise Content Management ports

The IBM System Dashboard for Enterprise Content Management ports information,
which is segmented into multiple tables, lists the port names, port numbers ,
communication protocols, and description for it use.
Table 47. IBM System Dashboard for Enterprise Content Management ports
Listener (first) TCP/IP TCP 32775 IBM System IBM System
Dashboard for Dashboard for
Enterprise Enterprise
Content Content
Management Management
client (such as, Listener
System (running on
Dashboard / Content Platform
FSM) Engine,
Application
Engine, FileNet
Image Services,
and other
servers)
Listener (subsequent) TCP/IP TCP OS defined IBM System IBM System
Dashboard for Dashboard for
Enterprise Enterprise
Content Content
Management Management
client (such as, Listener
IBM System (running on
Dashboard for Content Platform
Enterprise Engine,
Content Application
Management / Engine, FileNet
FSM) Image Services,
and other
servers)
Table 48. IBM System Dashboard for Enterprise Content Management portscontinued
Reply or
Listener (first) Yes Yes No No
Listener (subsequent) Yes Yes No No

Table 49. IBM System Dashboard for Enterprise Content Management portscontinued
Port name Notes
Listener (first) This is the primary "pilot port" for connection to the IBM System Dashboard for
Enterprise Content Management server. This port also registers the secondary
allocated ports and communicates those numbers to the Dashboard. If needed, an
administrator can use the PchConfig.properties file to override the OS-defined
property and define a specific range of ports to use.
Listener (subsequent) If the first listener port is allocated, the OS will allocate additional ports for
managers to connect to listeners on the IBM System Dashboard for Enterprise
Content Management server. If needed, an administrator can use the
PchConfig.properties file to override the OS-defined property and define a
specific range of ports to use.
Content Services for FileNet Image Services ports

The following tables list the port numbers used by IBM FileNet Content Services
for FileNet Image Services.
Table 50. Content Services for FileNet Image Services ports
Application level Transport level Default port
Port name protocol protocol number From To
tms Custom TCP 32768 administrator FileNet Image
Services server
cor Custom TCP 32769 FileNet Image FileNet Image
Services, FileNet Services server
Image Services
Toolkit, or
Content Engine
server
nch Custom UDP 32770 Content Engine FileNet Image
server Services server
fn_snmpd SNMP UDP 161 SNMP Mgmt FileNet Image
Services
snmp trap SNMP UDP 162 SNMP Mgmt SNMP Mgmt
fn_trapd SNMP UDP 35225 FileNet Image SNMP Mgmt
Services
Native default SNMP UDP 8000 SNMP Mgmt HP-UX OS
SNMP port (HP
only)
IBM FileNet P8 SNMP UDP 8001 SNMP Mgmt fn_snmp (HP and
specific SNMP port Sun)
(HP and Solaris
only)
tpi Custom UDP anonymous FileNet Image FileNet Image
Services Toolkit Services
or FileNet Image
Services

Table 51. Content Services for FileNet Image Services portscontinued
Reply or
tms Yes No No No
cor Yes Caller is No No
responsible for
closing the
connection
nch Yes No No No
fn_snmpd Yes No No No
snmp trap No No No No
fn_trapd No No No No
Native default SNMP port (HP only) Yes No No No
FileNet P8 specific SNMP port (HP and Yes No No No
Solaris only)
tpi Yes No No No
Table 52. Content Services for FileNet Image Services portscontinued

Port name Notes
tms tms is the Task Manager service. TM_daemon listens for requests from initfnsw
running on the same or a different system analogous to COR_Listen listening for
RPCs.
cor cor is the Courier service. COR_Listen listens on this port for incoming RPC
requests.
nch nch is the NCH daemon. NCH_daemon listens on this port. Pre-4.1.2 listened for
broadcasts, and so on, Post 4.1.2, listens only for old print servers to verify that
NCH is up.
fn_snmpd fn_snmpd is the FileNet Image Services Simple Network Management Protocol
daemon. It listens for SNMP requests from the native OS SNMP daemon. The
native SNMP daemon listens on this port and communicates with fn_snmpd
through other local port. fn_snmpd does not listen on this port.
snmp trap This port is a well-known OS trap daemon port for listening to trap messages. All
FileNet Image Services trap messages received by fn_trapd daemon are eventually
routed to this port.
fn_trapd fn_trapd is the FileNet Image Services trap daemon, which listens for notifications
of the end of FileNet Image Services background processes running on the server
and sys logs information.
Native default SNMP port (HP All non-FileNet Image Services based SNMP requests are routed to this port for
only) native SNMP processing.
FileNet P8 specific SNMP port All FileNet Image Services based SNMP requests are routed to this port for
(HP and Solaris only) fn_snmpd daemon processing.
tpi Used for migration notification. The requester gets the anonymous UDP socket and
waits on completion. When the migration is complete, the ds_notify and pri_notify
processes send TPI notifications to signal completion of a task.
Important: On AIX, HPUX, HUPUXi, Linux, Linux on System z, and Solaris

platforms, FileNet Image Services port assignments are made in the /etc/services
file.

Notices
This information was developed for products and services offered in the US. This
material may be available from IBM in other languages. However, you may be
required to own a copy of the product or product version in that language in order
to access it.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing

Legal and Intellectual Property Law
IBM Japan Ltd.
19-21, Nihonbashi-Hakozakicho, Chuo-ku
Tokyo 103-8510, Japan
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS

PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may
not apply to you.
This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
IBM Director of Licensing

IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
Such information may be available, subject to appropriate terms and conditions,

including in some cases, payment of a fee.
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
The performance data discussed herein is presented as derived under specific

operating conditions. Actual results may vary.
The client examples cited are presented for illustrative purposes only. Actual
performance results may vary depending on specific configurations and operating
conditions.
The performance data and client examples cited are presented for illustrative
purposes only. Actual performance results may vary depending on specific
configurations and operating conditions.
Information concerning non-IBM products was obtained from the suppliers of

those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Statements regarding IBM's future direction or intent are subject to change or

withdrawal without notice, and represent goals and objectives only.
This information is for planning purposes only. The information herein is subject to
change before the products described become available.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which

illustrate programming techniques on various operating platforms. You may copy,

modify, and distribute these sample programs in any form without payment to
IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating
platform for which the sample programs are written. These examples have not
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or
imply reliability, serviceability, or function of these programs. The sample
programs are provided "AS IS", without warranty of any kind. IBM shall not be
liable for any damages arising out of your use of the sample programs.
Each copy or any portion of these sample programs or any derivative work, must
include a copyright notice as follows:
Copyright IBM Corp. 2016

Portions of this code are derived from IBM Corp. Sample Programs.
Privacy policy considerations on page 188
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the Web at "Copyright and
trademark information" at http://www.ibm.com/legal/copytrade.shtml
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered
trademarks or trademarks of Adobe Systems Incorporated in the United States,
and/or other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other

countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, and service names may be trademarks or service marks
of others.
Terms and conditions for product documentation
Permissions for the use of these publications are granted subject to the following
terms and conditions.
Applicability
http://www.ibm.com/legal/us/en/copytrade.shtml
Personal use
Notices 187
You may reproduce these publications for your personal, noncommercial use
provided that all proprietary notices are preserved. You may not distribute, display
or make derivative work of these publications, or any portion thereof, without the
express consent of IBM.
Commercial use
You may reproduce, distribute and display these publications solely within your
enterprise provided that all proprietary notices are preserved. You may not make
derivative works of these publications, or reproduce, distribute or display these
publications or any portion thereof outside your enterprise, without the express
consent of IBM.
Rights
Except as expressly granted in this permission, no other permissions, licenses or

rights are granted, either express or implied, to the publications or any
information, data, software or other intellectual property contained therein.
IBM reserves the right to withdraw the permissions granted herein whenever, in its
discretion, the use of the publications is detrimental to its interest or, as
determined by IBM, the above instructions are not being properly followed.
You may not download, export or re-export this information except in full
compliance with all applicable laws and regulations, including all United States
export laws and regulations.
IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE

PUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY,
NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
Privacy policy considerations

IBM Software products, including software as a service solutions, (Software
Offerings) may use cookies or other technologies to collect product usage
information, to help improve the end user experience, to tailor interactions with
the end user or for other purposes. In many cases no personally identifiable
information is collected by the Software Offerings. Some of our Software Offerings
can help enable you to collect personally identifiable information. If this Software
Offering uses cookies to collect personally identifiable information, specific
information about this offerings use of cookies is set forth below.
This Software Offering does not use cookies or other technologies to collect
personally identifiable information.
If the configurations deployed for this Software Offering provide you as customer
the ability to collect personally identifiable information from end users via cookies
and other technologies, you should seek your own legal advice about any laws
applicable to such data collection, including any requirements for notice and
consent.
For more information about the use of various technologies, including cookies, for
these purposes, See IBMs Privacy Policy at http://www.ibm.com/privacy and
IBMs Online Privacy Statement at http://www.ibm.com/privacy/details the

section entitled Cookies, Web Beacons and Other Technologies and the IBM
Software Products and Software-as-a-Service Privacy Statement at
http://www.ibm.com/software/info/product-privacy.
Notices 189
Index
Special characters authentication (continued)
Windows Active Directory 49
Content Platform Engine application
server installation group 135
.NET Windows AD LDS 49 Content Platform Engine installation
configuring Windows 33, 139 account 19
Content Platform Engine operating
A B system database user account 21

Content Platform Engine operating
Bootstrap administrator 59
accounts 97 system instance accounts 22
Application Engine 22, 70 Content Platform Engine operating
Content Platform Engine 58 system user account 19, 134
Content Platform Engine C Content Platform Engine ports 172
upgrade 132, 142 CA Directory 57 Content Platform Engine ports for
IBM Content Search Services 26, 27 CE_Operations custom settings 160 LIQUENT 178
workflow 69 CFS database user 143 Content Platform Engine servers
Advance storage areas CIFS configuring on AIX, Linux, Solaris 29
replication models 37 configuring a Windows-based file Content Platform Engine system user 59
Advanced storage area server for a Windows client 42 Content Platform Engine user account for
advantages 36 COM compatibility clients DB2 for Linux, UNIX and Windows 21
Advanced storage areas configuring Windows 33, 139 Content Search Services ports 177
preparing 39 config_mgr_user 20 cpe_db_user 72
AIX, HPUX, HPUXi, Linux, Linux on Configuration Manager
System z, and Solaris 137 setting permissions for user 103
Application Engine configurations
sample 1
D
configuring Linux 33 data collection tools
configuring Solaris 32 Configure Windows servers 33
IBM Support Assistant Data
creating shared directories 35 configuring a file server 42
Collector 44, 140
pre-installation tasks 115 configuring account settings on file
IBM Support Assistant Lite Data
Application Engine and Workplace XT servers 41
Collector 44, 140
ports 176 configuring Active Directory 139
data sources
Application Engine operating system configuring application servers in high
resolving names of 115
account 25, 70 availability environments 111
database
Application Engine operating system configuring Content Platform
configuring automatic transaction
database user account 23, 152 Engine 109
processing (Oracle) 86
application server configuring FileNet P8 components 137
creating 89
configuration 115 configuring the application server
GCD (Oracle) 84, 92
LDAP user account 57, 142 forContent Platform Engine 154
GCD (SQL Server) 77
server cluster 115 configuring the network 34
installing and configuring (SQL
server farm 115 Configuring Windows
Server) 77
user account 98 Active Directory 139
object store (Oracle) 84
application server installation group 135 Content Federation Services 125
object store (SQL Server) 78
application server instance Content Platform Engine 89
storage area 40
starting or stopping 114, 153 configuring AIX, HPUX, HPUXi,
database failover support
ASA Linux, Linux on System z, and
preparing 104
installation tasks 95 Solaris 137
database ports 180
upgrade tasks 151 configuring JBoss Application
database user 72
asynchronous processing dispatcher Server 109
DB2
enabling before upgrade 155 configuring remote access
install for FileNet P8 platform 91
authentication protocol 43
installing 91
CA Directory 57 configuring the application
JDBC drivers 104, 108
IBM Tivoli Directory Server 52 server 154
planning for upgrades 145, 147
IBM virtual member manager 52 configuring Windows 34
WebLogic 104
Novell eDirectory 51 deployment on multiple servers 103
WebSphere 108
Oracle Directory Server Enterprise primary administrative user
DB2 for Linux UNIX and Windows
Edition 50 name 103
plan for FileNet P8 platform 90
Oracle Internet Directory 51 remote file access protocols 41
preparing for FileNet P8 89
virtual member manager custom setting host aliases 103
DB2 for Linux, Unix and Windows 72
repository 56 WebSphere 100
DB2 for z/OS
virtual member manager file WebSphere environment
install for Content Platform
repository 55 variables 101
Engine 87
virtual member manager LDAP Content Platform Engine application
install for FileNet P8 platform 88
repository 53 server installation account 135
installing license 89

DB2 for z/OS database user 73 IBM Support (continued) maximum file size
DBA IBM Support Assistant Lite Data maximum number of open files per
installation tasks 70 Collector 44, 140 process
upgrade tasks 143 IBM System Dashboard for Enterprise setting to unlimited 29, 30
DBexecute alias 159 Content Management ports 181 setting to unlimited 29, 30
deployment IBM Tivoli Directory Server 52 Microsoft SQL Server
planning 2 IBM virtual member manager 52 reducing deadlock errors 81, 151
directory servers install Content Platform Engine 19 migration upgrade
CA Directory 57 Install Oracle 83 migrating the Windows platform to
IBM Tivoli Directory Server 52 installation UNIX
IBM virtual member manager 52 ASA tasks 95 goal overview 122
Novell eDirectory 51 DBA tasks 70 multi-instance deployment
Oracle Directory Server Enterprise ITA tasks 15 Application Engine 9
Edition 50 planning 1
Oracle Internet Directory 51 planning and preparing 1
virtual member manager custom
repository 56
SA tasks 45
installation and upgrade worksheet 128
N
network
virtual member manager file 55 Installation and Upgrade Worksheet 13
configuring for FileNet P8
virtual member manager LDAP installation scenarios
components 140
repository 53 IBM Content Search Services 8
prerequisites to configuring 34
Windows Active Directory 49 installing localized version of operating
new server instance
Windows AD LDS 49 system 163
changing application server
directory service bind account 63, 64, 65, installing operating system language
hardware 122
66, 67, 68 pack 163
changing database server
DNS forwarder 49 ITA
hardware 122
documentation server installation tasks 15
NFS
installing 117 upgrade tasks 131
configuring a Windows-based file
domain 113
server for a non-Windows client 43
non-managed deployment
J Application Engine 9
E JBoss Content Platform Engine 8
encrypted NTFS devices 40 configure for Content Platform Novell eDirectory 51
Encryption products for storage 40 Engine 108
configuring clusters 111
JBoss Application Server 109 O
F configuring for Application
Engine 114
object store
file servers DB2 database 93
configuring for Workplace XT 114
configuring account settings 41 object store (SQL Server ) database
JDBC drivers 108
file storage area creating 78
install for DB2 104, 108
configuring 40 object store administrator 62
install for SQL Server 104
defined 40 operating system considerations 164
WebLogic 104
FileNet Image Services ports 182 Oracle 81
install for Oracle 104
FileNet P8 eForms 125 create databases 83
WebSphere 108
Filenet P8 ports 171 install for FileNet P8 platform 82
Fix Packs and Test Fixes JDBC drivers
minimum level required 125 WebLogic 104
fixed storage area 40 K plan for FileNet P8 platform 81
Kerberos 46 planning for upgrades 148
Oracle database user 74
G Oracle Directory Server Enterprise
GCD (SQL Server) database L Edition
setting resource limits for users 51
creating 77 load balancer
Oracle Directory Server Enterprise
GCD administrator 61 configuring 116
Edition (v 5.2)
load balancing
setting resource limits for directory
configuring 104
server 50
I IBM Content Search Services
locale and support for other
27
Oracle Internet Directory 51
IBM Content Search Services
languages 165
installation scenarios 8
standby index area policy 28
IBM Content Search Services servers
P
configuring on AIX, Linux, Solaris 30 M P8A
upgrade tasks 155
IBM Support managed deployment
ports 171, 172, 176, 177, 178, 180, 181,
data collection tools 44, 140 Application Engine 9
182
IBM Support Assistant Data Content Platform Engine 8
pre-installation tasks
Collector 44, 140
Application Engine 115

preparing for database failover
support 104
U Windows AD LDS 49
Windows inbound rules 139
preparing for FileNet P8 81 UNIX Windows-based file server
Process Engine configuring for FileNet P8 configuring for a non-Windows client
preparing for upgrades 156 components 29 using NFS 43
Process Simulator ports 176 upgrade 122 configuring for a Windows client
profile 100 ASA tasks 151 using CIFS 42
proxy server DBA tasks 143 workflow system administrator 69
configuring 104, 116 ITA tasks 131 Workplace
on existing server instance 121 avoid logon failures in multi-forest
planning 119 domains 104
planning and preparing 119
R planning considerations 124
shared settings 116
Workplace XT
realm 46 SA tasks 141 creating shared directories 35
Reducing deadlock errors upgrade application server Workplace XT operating system
Microsoft SQL Server 81, 151 strengthening Content Engine for account 25, 70
remote file access protocols 41 JBoss security 111 worksheet 13
Rendition Engine ports 178 upgrade expansion products 125 autofiltering and sorting 14, 130
Replication models 37 Content Federation Services 125 running the customize macro 13, 129
resolving names of data sources 115 FileNet P8 eForms 125 using the installation and upgrade
roles Records Manager 126 worksheet 128
definition of installation 11 upgrade tasks
definition of upgrade 127 P8A 155
upgrading Content Engine
upgrading the underlying vendor X
S software 126 XA transactions
enabling 80, 150
SA upgrading FileNet P8
installation tasks 45 configuring AIX, HPUX, HPUXi,
upgrade tasks 141 Linux, Linux on System z, and
scenarios Solaris 136
distributed 8 Upgrading Process Engine
multiple domain 10 background information 126
standard distributed 9 using localized version of Microsoft
security Windows 165
install considerations 46
upgrade considerations 142
server cluster V
application server 115 virtual member manager custom
server farm repository 56
application server 115 virtual member manager file
Single Sign-On 46 repository 55
SQL Server virtual member manager LDAP
install for FileNet P8 platform 76 repository 53
JDBC drivers 104
plan for FileNet P8 platform 76
planning for upgrades 148
preparing for FileNet P8 75
W
WebLogic 104 WebLogic
SQL Server database user 75 configure for Content Engine 104
SSO WebLogic Server
Kerberos 46 configuring for Application
planning considerations 46 Engine 113
requirements 46 configuring for Workplace XT 113
stand-alone deployment WebSphere
Application Engine 9 configure for Content Platform
Content Platform Engine 8 Engine 99
standby index area policy configuring for Application
choosing 28 Engine 112
IBM Content Search Services 28 configuring for Workplace XT 112
Storage areas 40 primary administrative user
Storage plan name 103
creating 35 WebSphere profile for Content Platform
Creating a storage plan 35 Engine 100
synchronizing time and date 35 Windows
configuring for FileNet P8
components 138, 139
Windows 2008 inbound rules 34
Windows Active Directory 49
Index 193
IBM
Product Number: 5724-R76

5724-R81
GC19-3955-04

Plan and Prepare Your Environment For FileNet P8

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Plan and Prepare Your Environment For FileNet P8

Uploaded by

Copyright:

Available Formats

FileNet P8

Plan and Prepare Your Environment for

Plan and Prepare Your Environment for

Copyright IBM Corp. 2001, 2016 iii

iv Planning for FileNet P8

vi Planning for FileNet P8

Support and assistance

IBM Knowledge Center

Copyright IBM Corp. 2001, 2016 vii

Planning the installation

FileNet P8 Platform sample architecture

Copyright IBM Corp. 2001, 2016 1

Content Platform IBM FileNet IBM

To understand this graphic, keep in mind the following details:

2 Planning for FileNet P8

Overview of installation types

Planning and preparing for FileNet P8 installation 3

4 Planning for FileNet P8

Planning and preparing for FileNet P8 installation 5

Single server scenario

For details on collocating some FileNet P8 components, see Related Requirements,

6 Planning for FileNet P8

In a standard distributed environment, you install FileNet P8 on a number of

Most FileNet P8 platform components work with middleware applications such as

Creating multiple instances of FileNet P8 platform components

Content Platform Engine distributed installation scenario:

In a typical distributed installation scenario, you install the FileNet P8 Platform

Planning and preparing for FileNet P8 installation 7

| When you deploy Content Platform Engine as a stand-alone application, you

When you deploy Content Platform Engine in a WebSphere Application Server

When you deploy Content Platform Engine in an Oracle WebLogic Server

JBoss Application Server has no managed deployment capability.

| When you deploy Content Platform Engine in a WebSphere Application Server or

When you deploy Content Platform Engine in a JBoss Application Server

IBM Content Search Services distributed installation scenario:

Application Engine distributed installation scenario:

When you deploy Application Engine as a stand-alone application, you configure a

When you deploy Application Engine in an Oracle WebLogic Server managed

JBoss Application Server has no managed deployment capability.

When you deploy Application Engine in a WebSphere Application Server or

Planning and preparing for FileNet P8 installation 9

The physical infrastructure and storage resources in this environment are

A master domain has a property that, when it is set, distinguishes it from a

| Important: Migration paths to or from a multi-domain configuration are not

To access the master domain in a multi-domain configuration, client applications

Applying a patch or an upgrade to Content Platform Engine server software affects

In cloud-based scenarios, the cloud provider defines the authentication scheme,

10 Planning for FileNet P8

In a multiple domain scenario, Content Platform Engine must use WebSphere

Definition of installation roles

The role of IA is usually filled by an IBM FileNet Certified Professional (FCP).

Information technology administrator

Planning and preparing for FileNet P8 installation 11

Application server administrator

12 Planning for FileNet P8

Using the installation and upgrade worksheet

Administrators who are preparing the environment for installation or upgrade of

Some of the features of the Installation and Upgrade Worksheet are:

Running the Customize Worksheet macro

Planning and preparing for FileNet P8 installation 13

To run the Customize Worksheet macro:

Autofiltering and sorting the Worksheet

14 Planning for FileNet P8