Modifying the Process Admin Console settings and behavior Restricting access to the Process Admin Console You

can restrict access to both default pages and pages that you add to the IBM Business Process Manager Process Admin Console. Before you begin If the Process Admin Console is open in a browser window or tab, close the window or tab. About this task To restrict access to pages that you add, be sure to select only those Participant Groups that contain the appropriate users when you add functions using services. By default, only the internal tw_admins group has access to all pages of the Process Admin Console. For each page in the Process Admin Console, you can change the access restriction or grant access to additional users as described in the following procedure. Procedure 1. 2. Open the install_root\BPM\Lombardi\process-server\config\console.xml file in a text editor. Locate the item that corresponds to the page for which you want to change access restriction. For example, you may want to grant users in the internal tw_authors group access to the Process Monitor page. If so, you must find the following item: <item name="Process Monitor" link="cs_processmonitor/summary.lsw" codeType="JSP"><constraint type="role" value="tw_admins"/></item> Choose one of the following options for editing the constraints: Option Grant access to additional users Description Adding an additional constraint grants access to additional users. o o Example: Add the following constraint: <constraint type="role" value="tw_authors"/> Result: The item now has two constraints: <item name="Process Monitor" link="cs_processmonitor/summary.lsw" codeType="JSP"><constraint type="role" value="tw_admins"/><constraint type="role" value="tw_authors"/></item>

3.

Reduce access for existing users (if more than one constraint exists)

Removing a constraint changes access restriction for a particular page. o o Example: Remove the tw_authors access from the constraint: <constraint type="role" value="tw_authors"/> Result: The remaining constraint allows only the tw_admins to have access to the page: <item name="Process Monitor" link="cs_processmonitor/summary.lsw" codeType="JSP"><constraint type="role" value="tw_admins"/></item>

Change the group of users who can access a page

Changing the value changes the group of users who can access a page. o Example: Change the role value from tw_admins to tw_authors in the following example: <constraint type="role" value="tw_admins"/> to <constraint type="role" value="tw_authors"/> Result: The constraints now give members of the internal tw_authors group to have exclusive access to the Task Cleanup page: <item name="Task Cleanup" link="cs_cleanup.lsw" codeType="JSP"><constraint type="role" value="tw_authors"/></item>

1|Page

4. Results

Stop and restart the Process Server.

Any user included in the internal tw_authors group should now be able to log in to the Process Admin Console and access the Process Monitor. Parent topic: Modifying the Process Admin Console settings and behavior

Adding functions to the Process Admin Console using services You can add functions to the Process Admin Console by creating a service in the Designer and then adding a page for the service to the Process Admin Console. Procedure 1. 2. 3. 4. Create a service in the Designer in IBM BPM Process Designer that includes the functionality you want to add. Click the Overview tab for the service. From the Exposed As drop-down list, select Administration Service. Use the Select button (next to Expose To) to choose the participant groups to whom you want to make the administration service available. This setting determines which IBM BPM user is able to access the new page in the Process Admin Console. Tip: When you create or edit participant groups in the Designer, you can define which users are part of those groups. Removing functions from the Process Admin Console You can remove pages that are, by default, part of the Process Admin Console. Before you begin If the IBM Business Process Manager Process Admin Console is open in a browser window or tab, close the window or tab. Procedure To remove default pages from the Process Admin Console, perform the following steps: 1. 2. Open the install_root\BPM\Lombardi\process-server\config\console.xml file. Locate the item that corresponds to the page that you want to remove. For example, you might want only your database administrators to perform cleanup of data generated by Process Server in the task table and so you decide to remove the Task Cleanup functionality from the Process Admin Console. In this case, you need to find the following item: <item name="Task Cleanup" link="cs_cleanup.lsw" codeType="JSP"><constraint type="role" value="tw_admins"/></item> 3. 4. 5. Comment out the item so that the corresponding page is not displayed in the Process Admin Console. Use the following syntax for comments: <!-- --> Save the console.xml file. Verify the page is no longer available by logging in to the Process Admin Console. For example, if you commented out the Task Cleanup item, the Task Cleanup page is no longer available.

2|Page

Changing the tw_admin password in IBM Business Process Manager (BPM) after installation Problem(Abstract) After your install IBM Business Process Manager, you attempt to change the tw_admin password value. However, the following error occurs in the SystemOut.log file: CWLLG2003E: GetSubject for userName=tw_admin failed in ServiceLocator. Symptom The complete error in the SystemOut.log file is: CWLLG2003E: GetSubject for userName=tw_admin failed in ServiceLocator. Error: javax.naming.AuthenticationException: Login failed: com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed. [Root exception is com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed.]. javax.naming.AuthenticationException: Login failed: com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed. [Root exception is com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed.] [..] Caused by: com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4512E The password match failed. [..] Caused by: com.ibm.websphere.security.PasswordCheckFailedException: CWWIM4512E The password match failed. Resolving the problem To change the tw_admin password after you installed IBM Business Process Manager, complete the following steps: 1. Log on to the Process Administrative console using the administrative account. The administrative account has the user name and password that you specified when the product was installed. Change the password for the tw_admin account in the Process Administrative console. Log into the WebSphere Application Server Administrative Console. Change the BPMAdmin_Auth_Alias password through the WebSphere Application Server Administrative Console. To change the password, complete the following steps: 1. Click Security > Global security. 2. On the right side, under Authentication, click JAASConfiguration > J2C Authentication data. 3. Navigate to BPMAdmin_Auth_Alias. 4. Change the BPMAdmin_Auth_Alias password. Modify the tw_admin password for the roles that are associated with the tw_admin administrative user name using one of the following methods: o Go to Enterprise Applications > IBM_BPM_Teamworks_<node and server location> > User RunAs roles . For example: Enterprise Applications > IBM_BPM_Teamworks_Node01_Server01 > User RunAs roles. Change the password for the roles with which the tw_admin administrative user name is associated and apply the change. For example, if the twem and twuser roles are associated with the tw_admin user name, change the password for those roles.

2. 3. 4.

5.

Run the util\Security\bpmModifyMapRunAsRole.py utility to update the password for the administrative user for the system applications. Standalone environment: wsadmin -username user_name -password password -f bpmModifyMapRunAsRole.py -usr user -pwd pwd -nodeName node serverName server where: user_name is the administrative user password is the administrative password user is the user to be set for the run as roles pwd is the pwd to be set for the run as roles node is the name of the node server is the name of the server

3|Page

Clustered environment wsadmin -username user_name -password password -f bpmModifyMapRunAsRole.py -usr user -pwd pwd -clusterName cluster where: user_name is the admin user password is the admin password usr is the user to be set for the run as roles pwd is the pwd to be set for the run as roles cluster is the name of the cluster

Important: You must run the bpmModifyMapRunAsRole.py utility twice in a clustered environment. For example: wsadmin -user username -password admin -f C:\WAS_INSTALL_LOCATION\util\Security\bpmModifyMapRunAsRole.py -usr tw_admin -pwd admin -clusterName BPM.AppTarget -applicationName Teamworks

wsadmin -user username -password admin -f C:\WAS_INSTALL_LOCATION\util\Security\bpmModifyMapRunAsRole.py -usr tw_admin -pwd admin -clusterName BPM.Support applicationName PerformanceDW Log out of the WebSphere Application Server administrative console. Restart the server.

Note: For a Network Deployment clustered environment, replace the previous last two steps (#6 and 7) with the following steps: 1. Synchronize the nodes that contain Process Center, Process Server, or Performance Data Warehouse cluster members. Complete these steps: 1. In the administrative console, click System administration > Nodes. 2. Select all of the nodes. 3. Click Full Resynchronize. 4. Stop and restart all of the clusters and servers. Restart the cluster members.

2.

Extracting a signer certificate WebSphere Application Server uses the certificates that reside in keystores to establish trust for a Secure Sockets Layer (SSL) connection. The first step in enabling IBM Process Designer users to access is to extract the appropriate signer certificate from the remote WebSphere Application server. The extracted certificate is saved as Distinguished Encoding Rules (DER) file that you can then install in your local trust store. Procedure Complete the following steps to acquire the signer certificate. 1. 2. 3. 4. 5. 6. 7. Log in to the administrative console for the remote application server as an administrator. In the navigation panel, click Security > SSL certificate and key management > Key stores and certificates. Click NodeDefaultTrustStore > Signer certificates. Enable the root option, and then clickExtract. Enter the path and file name to which you want to save the certificate. Set the Data type field to the value Binary DER data. Click OK.

What to do next Install the signer certificate in the IBM Process Server trust store. Parent topic: Configuring access to a secure application server

4|Page

Installing a signer certificate in IBM Process Server trust store Signer certificates establish the trust relationship in SSL communication. After you extract the signer certificate from WebSphere Application Server, you must add it to the IBM Process Server trust store. Before you begin Extract the signer certificate. You must stop the IBM Process Server if it is running. Procedure Complete the following steps to install the signer certificate to the trust store for the IBM Process Server: 1. Transfer the Distinguished Encoding Rules (DER) file from the preceding procedure to a file system location that is accessible to the IBM Process Server. For example, you can use a shared drive. 2. On the IBM Process Server host system, go to [IBM_BPM_home]/AppServer/java/bin and invoke ikeyman. 3. Click Key Database File > Open. 4. Set the value of Key database type to JKS. 5. Set the value of Location to [IBM_BPM_home]/AppServer/java/jre/lib/security. 6. Set the value of File Name to cacerts. 7. ClickOK. 8. Provide a password. The default password is changeit. 9. Click Signer Certificates > Add. 10. Specify the location of the DER file, and then click OK. 11. Enter a label for the certificate, and then click OK. 12. Start IBM Process Server. Resetting the Process Portal start page for a user The My Tasks > Open Tasks view is the Process Portal default start page. Users can bookmark a different view or page as their start page, and then return to using the default start page as needed. About this task Although users can reset their own start page in Process Portal, sometimes, it might be necessary for someone with administrative privileges to reset the start page on a users behalf. Procedure 1. 2. 3. 4. In the Server Admin area of the Process Admin Console, click User Management > Bulk User Attribute Assignment. Click View by Attribute, and select the Portal Default Page attribute. Enter the user ID for the user in the User field, and click Search. The current value for the users Process Portal start pag e is shown, for example: /tasks/queries?query=name_of_saved_search. Reset the start page to the Process Portal default start page. In the Specify a Value and Assign it to the Selected Users section, delete the entry in the Value field, and click Assign.

Results The next time the user logs on to Process Portal, the My Tasks > Open Tasks view is displayed as the users start page. Parent topic: Administering Process Portal

5|Page

Enabling tracing for widgets in Process Portal spaces For debugging purposes, you can enable tracing for your widgets from the administrative console. Tracing functionality must be configured on the application server instance where Business Space is installed. Procedure 1. 2. 3. 4. 5. Open the administrative console and click Resources > Resource Environment > Resource Environment Provider On the Resource environment providers page, click Mashups_ConfigService. Under Additional Properties, click Custom properties. The list of custom properties opens. Click isDebug, change the Value field to true, and then click OK. Click traceConfig. In the Value field, add the components that you want to trace, separated by commas with no spaces in between. The format must be similar to the following example: com.ibm.mm.iwidget.*,com.ibm.mashups.*,com.ibm.bspace.* for Business Space or com.ibm.wbimonitor.* for IBM Business Monitor. Note: Browser performance degradation can occur when too many components are listed. 6. 7. Results A debugging console is displayed at the bottom of the page the next time you log in to Process Portal spaces. Note: When tracing has been enabled in addition to the Debug Console, Firebug Lite is also loaded. Because Firebug Lite opens as a pop-up window, you might receive an error message if your browser has been configured to block pop-ups. This can be resolved by disabling the pop-up blocker for your space URL and then restarting the browser. What to do next To save a copy of the trace file, click Save in the debugging console. Parent topic: Administering Process Portal spaces Click OK and then save your changes to the master configuration. Restart the application server instance.

Reviewing logs for messages You can review logs for information or error messages to see what is happening in Process Portal spaces. About this task When an important event or error occurs, an information or error marker is displayed. When you click the marker, the System Message window is opened to display the message for the event or error. The event or error is also recorded using the logging capabilities of WebSphere Application Server. Procedure You can review these messages in log files in the following locations. 1. 2. Check the log files in profile_root/logs/ffdc. Check the log files in profile_root/logs/server_name.

6|Page

Monitoring Lombardi servers The Process Admin console enables you to monitor the performance of the Process Servers in your environment. And, when necessary, you can view Lombardi logs from the Process Admin console to help resolve issues. Read the following sections to learn more:

Monitoring Process Server performance Monitoring processes and services Viewing Process Server logs

Before performing any of the tasks in the following sections, go to the Process Admin console and log in as described in Accessing the Process Admin console. Monitoring Process Server performance The Process Admin console includes an Instrumentation monitor to help identify performance bottlenecks in Process Server and to capture instrumentation data that you can use to further analyze any performance issues. To access the Instrumentation monitor and display the most recent data: 1. 2. 3. In the Server Admin area of the Process Admin console, click the indicator next to Monitoring to list the available monitoring options. Click the Instrumentation option. Click the Refresh button. To automatically refresh the displayed data, select the time interval that you want from the drop-down menu. Note: To reset all values to 0, click the Reset button. This enables you to monitor performance as data is collected. To log instrumentation data to an external .dat file: 1. 2. 3. In the Server Admin area of the Process Admin console, click the indicator next to Monitoring to list the available monitoring options. Click the Instrumentation option. Click the Start Logging button. The Instrumentation monitor displays the path and file to which the data is saved. The file is created and stored on the host of the Lombardi server that you are currently monitoring. 4. Click the Stop Logging button to end data capture to the log file.

Monitoring processes and services The Process Admin console includes a Process Monitor that enables administrators to view the processes and services that are running on Process Server, and also to stop any problematic processes or services. For example, you may need to stop a service that causes an exception or a service that is stuck in a repeating loop. The Process Monitor includes the following tabs:

Summary Shows you how many active services and processes are currently consuming CPU resources. Also shows which services and processes are most expensive in terms of the total time, total number of instances, and the total number of steps needed to execute them. Data displayed Active Processes Currently Executing Active Services Currently Executing Most Expensive Services Description Total number of process instances currently executing on this server that are potentially problematic. Total number of services currently executing on this server that are potentially problematic. Name, total running time, and the number of steps required for each executed service deemed most costly on this server.

7|Page

Data displayed Most Expensive Processes Most Expensive Service Steps

Description Name, total running time, and the number of steps required for each executed process deemed most costly on this server. Service name, step name, total running time, and total number of instances required to run each executed step deemed most costly on this server. (If any sub-services are associated with the step, the Process Monitor displays those sub-service names as well.) Process name, step name, total running time, and total number of instances required to run each executed step deemed most costly on this server. (If any sub-processes are associated with the step, the Process Monitor displays those sub-process names as well.)

Most Expensive Process Steps

Processes Shows the following data for all processes on this server: Data displayed Active Processes Currently Executing Description Name, enter time (start time), duration (running time), and total number of steps for each process instance currently running on this server that is potentially problematic. For example, if a process instance is stuck in a repeating loop, it is shown in this list. Name, last enter time (most recent start time), last duration (running time from most recent execution), total duration (cumulative running time), and total number of steps for processes previously started, but not currently active, on this server. This category includes process instances that are active but not running at this moment. For example, if a process instance is waiting for an event, it is included in this category. Name, last enter time (most recent start time), last duration (running time from most recent execution), total duration (cumulative running time), and total number of steps for processes that executed successfully on this server.

Active Processes Not Currently Executing

Completed Processes

Services Shows the following data for all services on this server: Data displayed Active Services Currently Executing Name, enter time (start time), duration (running time), and total number of steps for each service currently running on this server that is potentially problematic. For example, if a service is stuck in a repeating loop, it is shown in this list. Name, last enter time (most recent start time), last duration (running time from most recent execution), total duration (cumulative running time), and total number of steps for services previously started, but not currently active, on this server and for services that executed successfully on this server. This category includes two types of services: (1) services that completed successfully and (2) services that were previously started but are not currently executing. For example, if a service is waiting for an event, it is included in this category.

Active Services Not Currently Executing/Completed Services

To access the Process Monitor:

1. 2. 3.

In the Server Admin area of the Process Admin console, click the indicator next to Monitoring to list the available monitoring options. Click the Process Monitor option. Click the option that you want: Summary, Processes, or Services.

To stop an active process: 1. 2. 3. 4. Access the Process Monitor as described in the preceding task. Click the Processes option. Under Active Processes Currently Executing, click the name of the process that you want to stop. Click the Halt Process button.

8|Page

The halted process now appears in the Active Processes Not Currently Executing list. To stop an active service: 1. 2. 3. 4. Access the Process Monitor as described in the preceding task. Click the Services option. Under Active Services Currently Executing, click the name of the service that you want to stop. Click the Halt Service button.

The halted service now appears in the Active Services Not Currently Executing/Completed Services list. Viewing Process Server logs Lombardi logs data about its performance and actions in several different types of log files. The physical log files are stored on Process Server, but you can view these logs from the Process Admin console. The following table describes the logs available with Lombardi and the data that each provides. By default, you can access all of the following logs from the Process Admin Console.

9|Page

Note: See Configuring available log files to learn how to customize the list of log files that is available from the Process Admin Console. Log file TW BPD Engine TW Console TW Debug TW Error TW EventManager TW Exp/Imp TW Limit TW JavaScript WS UCA Execution WS Inbound WS Outbound To view Lombardi logs: 1. 2. 3. 4. 5. 6. 7. In the Server Admin area of the Process Admin console, click the indicator next to Monitoring to list the available monitoring options. Click the View Logs option. From the Log Name drop-down list, select the log that you want to view. (The preceding table describes each available log.) From the # of Lines drop-down list, select the number of lines that you'd like to view. If you want to view oldest log entries first, click the Ascending check box. (By default, the check box is disabled and the newest log entries are shown first.) To find a particular word or phrase in the log file, enter the string to search for in the Filter text box. Click the Refresh button to ensure you are viewing the most recent data available from Process Server. Note: See to learn how to configure the list of log files that is available Configuring available log files By editing the 50AppServer.xml file, which you can find in [Lombardi_home]/process-server/config/system, you can establish: Description Records errors generated as a result of process instance execution on the current server. Records actions that have occurred in the Process Admin console. Records warnings from the Process Server. Records Lombardi Java exceptions. Records historical information about Event Manager processing. Records the process export and import transactions in Lombardi Authoring Environment. Records Process Server limit overruns. You can configure Process Server limits in the 99Local.xml file in [Lombardi_home]/process-server/config/system. Records any logging associated with JavaScript log functions like log.info() or log.debug(). Basically, this log records anything you write out to the log in a Server Script component. Records errors generated as a result of Undercover Agent (UCA) execution. Records calls to published Lombardi Web services. Records data about Web services that a Lombardi process consumes.

1. 2. 3. 4.

Which log files can be viewed from the Process Admin Console The default location for log files generated by Lombardi components Open the 50AppServer.xml file in a text editor (for example, Notepad). Find the <log-watcher> section. Make the appropriate edits to the path for each log file whose default location you want to change. If you want a particular log file to be inaccessible from the View Logs page, comment out or remove the log name element for that log.

Parent topic: Managing Lombardi Process Servers

10 | P a g e

Learn how to register a Process Center using the HTTPS protocol.

AshokPC will act as the local or central Process Center 66PC will be the remote or satellite Process Center.

You can use the HTTP or HTTPS protocol to communicate between the two Process Centers. Note that when using the HTTP protocol, the user name and password must be identical on both Process Centers. In our case the two Process Centers do not have identical user names and passwords, therefore we need to use the HTTPS protocol. The following table describes the environment used for the configuration in this article. Software Version Shared resources directory IBM Installation Manager 1.5 WebSphere Application Server 8.0.0.3 IBM Business Process Manager Advanced 8.0.0.0 Installation Location Variable C:\IBM\Shared <SRD_HOME> C:\Program Files (x86)\IBM\Installation Manager <IM_HOME> C:\IBM\WebSphere\AppServer8 <WAS_HOME> C:\IBM\WebSphere\AppServer8 <BPM_HOME>

Configuring cross-cell security Before specifying the HTTPS protocol, you need to set up a security trust between the participating Process Centers. There are two major steps to doing this: 1. 2. Signer certificates need to be extracted and stored. LTPA keys need to be shared.

This is done using the administrative console. Make sure the Process Server is running on both machines. Configure SSL by exchanging the server SSL certificates To configure the local Process Center certificate, do the following: 1. 2. 3. Open the administrative console and log in as the administrator. Select Security => SSL certificate and key management =>Key stores and certificates => NodeDefaultTrustStore => Signer certificates . Click Retrieve from port. Figure 1. Retrieve signer certificate from default store

4.

Enter the fully-qualified host name and SSL port (the admin host secure port) of the remote Process Center server, specify an alias name, and click Retrieve signer information, as shown in Figure 2.

11 | P a g e

Figure 2. Certificate alias and local Process Center connection details

5. 6.

Click OK to save the root signer certificate in the local trust store. You should see a new certificate, named 66cert, listed under Signer certificates, as shown in Figure 3.

12 | P a g e

Figure 3. Details retrieved about the new certificate

7.

Click Save to save the master configuration.

To configure the local Process Center certificate, do the following: 1. Repeat steps 1 thru 4 above for the remote Process Center. Remember that the host name and port will be different: they will be those of the local Process Center server, as shown in Figure 4. Tip: It's recommended that you always use fully-qualified host names rather than IP addresses.

13 | P a g e

Figure 4. Certificate alias and remote Process Center connection details

2.

You should see a new certificate named ashokcert, listed under Signer certificatesas shown in Figure 5.

14 | P a g e

Figure 5. New certificate details

Back to top Share LTPA keys In this step, you start with the remote Process Center. To share the remote Process Center LTPA key, do the following: Note: The assumption is you are still logged into the administrative console as administrator. 1. 2. 3. Select Security => Global Security, and in the Authentication section, click LTPA. In the Cross-cell single sign-on section of the next screen, shown in Figure 6, enter a password and a fully-qualified key file name. Click Export keys, then OK.

15 | P a g e

Figure 6. Specify SSO details on remote Process Center

4.

You should see the message: "The keys were successfully exported to the file C:\66KeyFile. Transfer the exported key file in binary mode to the file system of the local Process Center.

To share the local Process Center LTPA key, do the following: 1. 2. Repeat steps 1 and 2 above on the local Process Center. Remember the password must be the same as that used on the remote Process Center. Click Import keys, then OK, as shown in Figure 7.

16 | P a g e

Figure 7. Specify SSO details on local Process Center

3.

You should see the message: "The keys were successfully imported from the file C:\66KeyFile."

The two Process Centers now share the same LTPA keys. Registering a Process Center If development teams want to share toolkits between Process Centers, administrators can register one Process Center with another. Enable a local Process Center for registration To enable a local Process Center for registration, do the following: 1. 2. 3. 4. Open the Process Center (either using Process Designer or a web browser). Click the Admin tab and click Registration. Select Enable Registration and Sharing. Enter a unique name (in this example AshokPC) for the Process Center, as shown in Figure 8.

17 | P a g e

Figure 8. Enter a name for the local Process Center

5.

The registered Process Center AshokPC is displayed, as shown in Figure 9. Figure 9. Local Process Center is registered

Enable a remote Process Center for registration To enable a remote Process Center for registration, do the following: 1. 2. 3. Repeat steps 1-3 above on the remote Process Center. Name the Process Center 66PC. The registered Process Center 66PC is displayed.

You can register the Process Center via the administrative console on either the local Process Center or the remote Process Center. We will initiate the sharing on the Remote Process Center. To register the Process Center, do the following: 1. 2. 3. Complete steps 1-3 from the previous section on the remote Process Center. Click Create Registration. In the Create Registration dialog, select Remote Process Center and enter the Remote Process Center URL. In our case, we have to use the HTTPS protocol and corresponding defaulthost secure port, as shown in Figure 10. Then click Register.

18 | P a g e

Figure 10. Register remote Process Center

Once the other Process Center is successfully registered, it is listed in the Registration window. 4. Select Admin => Registration on the local Process Center, and you should see the remote Process Center listed, as shown in Figure 11. Figure 11. Process Center in Registration screen

Back to top Sharing, using, and searching If you click the Process Apps tab, you should now be able to see the toolkits from the other Process Center. Searching across Process Centers In Process Designer, you can click the down arrow in the search field at the top right, as shown in Figure 12, to set the scope of searches to include the shared Process Center. The image on the left shows the search screen of the local Process Center (AshokPC). Notice that 66PC is listed under Location. The image on the right shows the search screen of the remote Process Center (66PC). Notice that AshokPC is listed there.

19 | P a g e

Figure 12. Search screen showing shared Process Centers

Release before sharing Before you can share a toolkit with another Process Center, you have to set its status to Released by doing the following: 1. 1. 2. In the local Process Center, go to the Toolkits tab. Click on the toolkit you want to share. On the Snapshots screen, shown in Figure 13, click the New dropdown and select Status. Figure 13. Select snapshot status

3.

In the Set Snapshot Status dialog, shown in Figure 14, select Released, and click OK.

20 | P a g e

Figure 14. Set snapshot status

The toolkit status changes to Released and the toolkit can now be shared. Share before searching Before you can search for a toolkit in another Process Center, you need to first share the toolkit by doing the following: 1. On the Toolkits tab of the local Process Center, under Manage, click Share Toolkit with other Process Centers, as shown in Figure 15. Figure 15. Share toolkit

2.

On the Toolkits tab, the particular toolkit that was just shared will have a new shared icon next to it, as shown in Figure 16. Figure 16. Toolkit showing shared icon

You can now search for the toolkit from the other Process Center. Search and subscribe You can use the search field (with the magnifying glass icon) to search for and subscribe to a shared toolkit as follows: 1. 2. 3. From the remote Process Designer, enter toolkit in the search field. Keep the scope as Process Designer and select the local Process Center(AshokPC). Click Search. One shared toolkit should be returned, as shown in Figure 17.

21 | P a g e

4.

Click Subscribe to subscribe to the shared toolkit and reuse it in the remote Process Designer. Figure 17. Subscribe to the shared toolkit

5. 6.

Once the subscription is successful, you will see the Open in Designer option. Finally, select Toolkits => Snapshots screen, then click Check for Updates to see whether a new version of the toolkit was released on the other Process Center, as shown in Figure 18. Figure 18. Released toolkit

How do I increase the heap size available to Eclipse? Some JVMs put restrictions on the total amount of memory available on the heap. If you are getting OutOfMemoryErrors while running Eclipse, the VM can be told to let the heap grow to a larger amount by passing the -vmargs command to the Eclipse launcher. For example, the following command would run Eclipse with a heap size of 256MB: eclipse [normal arguments] -vmargs -Xmx256M [more VM args] The arguments after -vmargs are directly passed to the VM. Run java -X for the list of options your VM accepts. Options starting with -X are implementation-specific and may not be applicable to all VMs. You can also put the extra options in eclipse.ini. Here is an example; -startup plugins/org.eclipse.equinox.launcher_1.0.100.v20080501.jar --launcher.library plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.0.100.v20080428-1330 -showsplash org.eclipse.platform -vm /usr/lib/jvm/java-1.5.0-sun/jre/bin/java -vmargs -Xms512m -Xmx1024m -XX:+UseParallelGC -XX:PermSize=256M -XX:MaxPermSize=512M

22 | P a g e

How an IBM BPM 75 Process Centre keeps track of the Process Servers it manages

If you have a Process Centre managing several Process Server environments, you might wonder where the Process Centre stores data about the hostnames and port numbers for these environments. The answer is that it stores this in its BPMDB database in a table called LSW_SERVER. This table contains a single line per Process Server containing, amongst other things, the TCP port number that it should be contacted on for deployments etc. (errr.... it also contains the plain text password of the tw_author account so make sure you dont let too many people look at it) Where does this information originate from I asked myself. Well, it turns out the Proces Server reads it from its 99Local.xml (or 100Custom.xml if you've chosen to overide things in the proper fashion) and sends it with every heartbeat to the Process Centre (good old Wireshark told me this) - you can confirm this if you manaully update the port number in the database table and watch up magically change back a few minutes later :) Unfortunately 99Local.xml is not commented awfully well. The section in quesion is.... <server-name>ProcessServer01</server-name> <server-description>A running process server</server-description> <server-host>my_proc_server_hostname</server-host> <server-port>9443</server-port>

When I first saw this in the Process Servers own 99Local.xml it didn't make sense, after all, why would you tell the Process Server about itself I wondered. Now I realize this is the data that get's sent in the heartbeat and subsequently ends up in the LSW_SERVER table. NOTE: if you do decide to follow best practice and define this in 100Custom.xml.. remember to add the required attributes (highlighted in red below) <server-name merge="replace">ProcessServer01</server-name> <server-description merge="replace">A running process server</server-description> <server-host merge="replace">my_proc_server_hostname</server-host> <server-port merge="replace">9443</server-port>

Steps to follow for Business Space when moving from a standalone LDAP to federated repositories with LDAP Technote (troubleshooting) Problem (Abstract) It is highly recommended that you finalize the security strategy before developing a large number of Business Space artifacts. If you are moving from a standalone LDAP to federated repositories with LDAP, you will need to ensure that the access for the existing spaces is configured manually. This technote lists the steps used when helping a customer recover access to the spaces after a move to federated repositories with LDAP. Symptom After moving from a standalone LDAP to federated repositories with LDAP, Business Space users may not have access to their previous spaces. Cause The format used for the userid in Business Space for a standalone LDAP, is different from the format used in Business Space for federated repositories with LDAP. Environment All Diagnosing the problem If users are not unable to access their previous spaces or pages, after moving from a standalone LDAP to federated repositories with LDAP, use this technote to resolve the issue.

23 | P a g e

Resolving the problem The following steps are circumvention and not a supported procedure by the products.

The switch to federated repositories with LDAP requires these steps: Get a text dump of the following tables from the Mashup / Business Space database: o SPACENODE_LOD o AC_MEMBER, o AC_RESOURCE, o AC_ROLE o ACCOUNT (Business Space V7.5 and later) 2. Update the administrative user. Check that the following Mashup Config Service properties are correct for the new security strategy: com.ibm.mashups.adminGroupName displaySpaceAdminFeaturesGroup MashupAdminForOOBSpace noSecurityAdminInternalUserOnly 3. Fix the space owners and access control: o Method 1: The best recommendation is to use a new clean Mashup/Business Space database. 1. Make notes of all the spaces in the system and who owns them. 2. Make notes of all the shares, and access levels for all the spaces and pages. 3. Export all the user spaces. 4. Reset the Business Space/Mashups database so they are clean with no current content. 5. Switch the security setup to use federated repositories with LDAP. 6. Change the adminGroupName value to just the login name value, rather than the full group DN. This does not need to be done with Business Space V7.5+ if the default J2EEAdmin.role is used. That will use the security role configured for Mashup and Business Space applications. 7. Start the system. 8. Before logging into Business Space, log into the WebSphere administrative console to set a runtime trace setting of: info:com.ibm.mm.was.user.*=all. 9. Log in as the admin user. After login, check the trace and validate that the user is being recognized as an admin. The trace will have a checkAdminUser() method trace point which will show if the user is recognized as an admin. Correct this situation as needed. 10. Edit oobLoadedStatus.txt file to load the System Spaces. Then restart the WebSphere server. Log into Business Space and verify that the Welcome space is shown. 11. Have each space owner re-import their spaces and redo the shares or access to spaces and pages. Method 2: Use this method if you do not want to reset the database. You will need to work with IBM Support and Services team to ensure all steps are done correctly. Executing this method incorrectly can cause database corruption. 0. Make notes of all the spaces in the system and who owns them. 1. Make notes of all the shares for all the spaces and pages. 2. Delete the System Spaces. 3. Switch the security setup to use federated repositories with LDAP. 4. Update the administrator and administrative group rights: Business Space V7.0 only: 1. Update the ConfigService.properties file. Find the property value of com.ibm.mashups.adminGroupName=. 2. Under a standalone system the property value is the full DN. Federated repositories configurations use the login name only (i.e. "administrators"). 3. Run the Business Space task to update the WebSphere configuration with the value from this file. 4. You can also change the above through the admin console. Business Space V7.5 and later: 1. Update J2EERole.Admin for the mm.was<NODE> application. 2. The standalone LDAP configuration uses the full DN value and this should be changed to the short name: E.g. from uid=admin,cn=groups,dc=ibm,dc=com --> admin. 3. This allows the designated administrator user to log in, and be recognized as a member of the above group or role. Log in as the administrative user and reassign the Space owners. 5. Edit the oobLoadedStatus.txt file to load the System Spaces. Then restart the WebSphere server. Log in into Business Space and verify that the Welcome space is shown. 6. For each space which now has an owner showing as "No owner", use Space Manager to find and assign the original owner to the space (Actions->Edit Settings->Change owner). The space record now gets an owner based on the externalID gathered from the LDAP, rather than the DN from the LDAP. The original owner can be found in the table output referenced in step 1. 1.

24 | P a g e

The Space owners can now log in, and since they can see their spaces now, they will need to set up the Space shares again. Changing the admin user to an LDAP defined user: Typically the original defaultWIMFileBasedRealm consists of the contents in fileRegistry.xml. When Mashups are installed, they use fileRegistry.xml to store the admin user. Business Space V7.5.1 also configures the J2EEAdmin.Role for this admin user from fileRegistry.xml. Administrators can add one or more LDAP Servers later. The issue often arises that the implementer wants to use a user in the LDAP Server for administrative purposes, and disable the fileRegistry.xml as a source for users.

7.

Recommended procedure: 1. 2. 3. 4. 5. 6. 7. 8. 9. Enable additional user(s) and or group(s) from an LDAP Server for J2EERole.Admin. Log in as the original admin user and transfer ownership of all non-System spaces to a new admin user. Delete the Welcome space and other System spaces. Use The WebSphere administrative console to remove the original file based repository. This will likely require new credentials for the Realm since the original admin ID is not going to be valid anymore. A Stop/Start will be required, so stop the server. In ConfigServices.properties assign a new MashupAdminForOOBSpaces property value with a new admin user. Run the Business Space task to load this change. Start the server and verify that admin users can log into the WebSphere administrative console. Mark the oobLoadedStatus.txt file to re-import the OOB Spaces. Restart the server and verify that the OOB Space (Welcome Space) is visible and is owned by the user designated in Step 5. Verify that the admin users can see all the spaces on the system.

IMPORTANT: After moving to federated repositories with LDAP, you will need to delete the entries in the old format, from the following database tables:

Linking business processes and enterprise services together using IBM Business Process Manager Advanced
Business service specification A common rule of thumb to distinguish between a business process and a business service is to assess how the business views the activity. Asking "would the business ever be interested in monitoring the steps involved in this activity?" can help define whether the activity should be considered a process or a service. If the business has no desire to understand the mechanics of the activity, that suggests it should be defined as a service. If the business wants to monitor or drive the individual steps involved in the activity, that is an indicator of a process rather than a black-box service. In addition, the granularity of a service that is used by a business process should be something that has meaning in business terms. There may be many lower levels of granularity that expose technical functions necessary to contribute to a business service, but these are not of interest to the business and therefore should not be referenced by a business process. Separation of business and technical services Following the advice above, there is a logical layering in a BPM built on service-oriented architecture (SOA) in which each layer has defined responsibilities and consumes the services provided by layers below it. Figure 1 shows an example of an SOA-layered architecture. At the Consumers layer, a client channel interacts with a business process or, if appropriate, directly consumes business services in the Services layer (green indicates business services as defined above while orange denotes lower level of granularity technical services).

25 | P a g e

Figure 1. SOA layered architecture

Taking this architecture in the context of BPM Advanced, business processes (and linked sub-processes) are implemented as business process diagrams (BPDs) and any business services that are to be consumed by BPDs should be exposed as AIS services, as shown in Figure 2. The example business service shown is directly consumed by the channel and does not need to be exposed as an AIS; instead it might be exposed as a SOAP-based web service or a RESTful web service.

Figure 2. Role of AIS in architecture

Now let's look at the lower-level technical services that are composed in order to expose the business service. These technical services (Figure 3 shows an example of one such service) should be implemented in Integration Designer and are not exposed to the business process (BPD) and therefore do not need to be associated with the Process Center.

26 | P a g e

Figure 3. Example of a technical service

In the rest of this article, we'll look at how to achieve this separation of concerns in BPM Advanced through an illustrative scenario. AIS specification in Process Designer We've already discussed the differentiation between business and technical services. This section shows you how to define an AIS that complies with the recommended approach described previously. Note that an AIS is a bit of a misnomer what it is really providing is an Advanced Integration Service Operation because it provides the ability to define a single operation of a service. Having followed a service design exercise, a logical service may then result in a number of related AIS definitions, one for each operation. As the AIS is a service with relevance to the business, the business author is likely to define the service interface in Process Designer, potentially taking input from a technical integration specialist about recommended practices for good service design. The mapping between this business-level service and the lower-level technical service implementations will be performed later by the integration specialist using IBM Integration Designer. If you haven't already done so, you should go ahead and import the relevant .twx file into your environment so that you can examine the referenced components described in this section (either Order_Facade_TK 8.0 v1.1.twx or Order_Facade_TK 7.5.1 v1.0.twx depending on the version of BPM Advanced you're using). For the example scenario, the business author has specified the AIS interface contract (Get Customer Invoice AIS), as shown in Figure 4.

Figure 4. AIS definition

The interface represents the retrieval of an invoice for a customer where the customer number and the order number are supplied and the returned data is modeled in the data structure InvoiceDetails.

27 | P a g e

Figure 5 shows the detail of the data structure. The fields added are those the business author has identified as being necessary based on the requirements of the business process that will make use of these fields downstream of the call to the backend systems. You'll see later that this structure will be constructed by making various calls to existing services and mapping from this business-relevant data to the existing data structures provided. You'll also see that there are additional data elements provided in existing technical services that are not needed by the business service and so do not need to be mapped.

Figure 5. Business object referenced by AIS

Associating AIS with technical implementation This section covers in detail the technical services that are used to implement the AIS. In order to follow the description, you should import the relevant Project Interchange file into a new Integration Designer workspace and then associate the Order Faade Toolkit with the components imported into Integration Designer. Depending on your environment the file to use will either be AISExemplarPatternPI_8_0.zip or AISExemplarPatternPI_7_5_1.zip. Figure 6 shows how your workspace should look after importing the Project Interchange zip.

Figure 6. Integration Designer after PI import

28 | P a g e

You need to associate the Order Faade Toolkit with the workspace (first make sure that you have added the necessary access rights to the toolkit using the Process Center Admin console). In Integration Designer, switch to the Process Center perspective and then select to Open in workspace as shown in Figure 7.

Figure 7. Associate toolkit with Integration Designer workspace

(See a larger version of Figure 7.) After Integration Designer completes the build process, you should have the Order Faade Toolkit along with the other previously imported modules. You can now publish to the Process Center, as shown in Figure 8.

Figure 8. Publish to Process Center

Back to top Back-end technical services implementation There are many possible technical approaches to expose existing functionality as services available in BPM Advanced. A range of add-on adapters are available for exposed packaged application logic (such as SAP or Oracle E-Business Suite, as well as technical adapters for connecting to existing operational systems exposed via, for instance, JDBC or JMS messaging. You could also consume existing SOAP-based web services either internal or external to the organization. For this scenario, we'll show how to expose existing functionality defined in Java Enterprise Edition (JEE) Enterprise Java Beans (EJBs) using an intermediary composite service defined as a Business Process Execution Language (BPEL) micro-flow (the BPEL micro-flow will effectively provide the implementation for the AIS and hide the lower-level details of the individual EJBs).

29 | P a g e

EJB implementation The AIS service contains a mixture of business data related to both a customer and to orders the customer has placed. In order to provide the necessary data to construct InvoiceDetails there will need to be operations invoked on two EJBs one related to Customer and the other related to Order. Figure 9 shows the UML diagram of the CustomerService session EJB with a number of operations exposed on the remote / local interface. You'll need to switch to the JEE perspective in Integration Designer to view the class diagram in the CustomerEJB project.

Figure 9. Customer Service EJB

Similarly, the OrderService EJB provides operations for interacting with an Order, as shown in Figure 10.

Figure 10. Order Service EJB

In normal circumstances, the session EJBs would use a persistence framework such as Java Persistence Architecture 2.0 (JPA). In that case, the session EJBs would call various JPA entity beans that would interact with a persistent store like a DB2 database. However, for the purposes of simplicity in this demonstration scenario, I've just modeled the data as plain old Java objects (POJOs). The Order POJO seen in Figure 11 shows a more detailed structure, including a contained array of ProductItem business objects than is needed at the business level as described previously. It's common to find that the technical service implementations provide more detail than services at the business level really need, so mediation is required between the business and technical views.

30 | P a g e

Figure 11. EJB referenced POJO

(See a larger version of Figure 11.) Back to top Faade pattern design In order to make a clean separation between the business-level services that are required to be surfaced in the BPM layer and the more technical services in the SOA layer, we'll use a faade pattern to hide the more technical detailed services from being exposed to the business process in the form of an AIS. You've already seen the toolkit design in Process Designer where the AIS interface was specified by the business author. The toolkit is opened in Integration Designer in order to make it visible to the integration specialist working in the tool. The service is exposed in a toolkit so that it can be reused by multiple process applications that have a need to access the Customer Invoicing service. Note that in this example scenario a very simplified BPD is also included in the toolkit for the purpose of illustrating how to use the AIS service, but in reality the consumer of the AIS would be a BPD inside a process application that includes the toolkit as a dependency. The important aspect of implementing the faade pattern is that the toolkit itself only effectively contains the AIS interface, which in turn delegates to the real implementation that resides in an SCA module that is not managed as part of Process Center. This SCA module therefore provides the bridge between the business service defined in the AIS and the lower-level technical services that have been exposed. Configuration of the link between the toolkit and SCA module We've created an SCA module that will integrate with the EJBs and orchestrate the logic of the individual EJBs using a short-running BPEL process (micro-flow). Because that SCA module will ultimately be used to provide the AIS implementation it needs to have the AIS interface made available to it. In order to achieve that, we added the toolkit library as a dependency of the SCA module as shown in Figure 12.

31 | P a g e

Figure 12. SCA module dependency on toolkit library

Assembly of components In the implementation SCA module once the toolkit library has been added the AIS interface is then visible and can be referenced. The AIS interface is added as an SCA Export (it will later be consumed from within the Toolkit) as shown in Figure 13. The two EJBs have been made available in the assembly diagram by importing them. For illustration here we have decided to orchestrate the calls to the EJBs with a BPEL process (OrchestrateInvoiceData). In order to compose the data structure needed for the AIS response some additional logic is requi red in addition to the EJBs. In this example we have implemented the additional logic as a simple local Java component within the SCA module (ShippingService) however it could well have been an SCA import from some further module that may have had a Mediation flow calling out to one or more other endpoint services. The important point is that the BPEL process is surfacing our AIS service by providing a new composite service made up of many existing lower level technical atomic services.

Figure 13. SCA assembly diagram

(See a larger version of Figure 13.) BPEL implementation The BPEL implementation itself is a relatively straightforward micro-flow that involves a sequence of calls to the various provided services, as shown in Figure 14.

32 | P a g e

Figure 14. BPEL sequencing of calls to EJB operations

(See a larger version of Figure 14.) Figure 15 shows the detail of one of the calls to the EJB services. In this case, we're using the getOrder operation of the OrderService EJBM (earlier you saw that the EJB exposed several operations; however this is the only one we need for our purposes). Notice also how the operations parameters on the EJB are mapped to variables within the BPEL process (for instance the Order POJO return type is mapped to a corresponding variable).

Figure 15. BPEL example of Invoke partner service

In the next step in the BPEL process, shown in Figure 16, an Assign is used to map some parameters that are going to be needed in a subsequent Invoke of another partner service.

33 | P a g e

Figure 16. BPEL Assign

In the next step, a Java snippet, shown in Figure 17, is used to perform some simple mapping and data manipulation in order to complete the population of some specific data fields that are needed in the response object (the InvoiceDetails business object that was defined in Process Designer by the business author).

Figure 17. BPEL Java snippet

The last step in the process involves using another Assign to map the various data fields from various sources into the target InvoiceDetails structure, which will then be returned to the invoking service in the Reply. Figure 18 shows the Assign.

34 | P a g e

Figure 18. BPEL assign to construct AIS response

Note that we've used combinations of Java snippets and Assigns in the BPEL in this example for expedience. For a more reusable approach you would normally use data maps or even a call out to a mediation flow where the data mapping is visually constructed. Toolkit implementation Let's turn again to the toolkit that is now visible in the Integration Designer workspace. The Assembly Diagram in Figure 19 shows that the AIS Export is connected directly to an SCA Import, which corresponds to the Export previously shown in the SCA module.

Figure 19. Toolkit implementation delegates to SCA module

The toolkit implementation is extremely lightweight effectively delegating to the real implementation in the separate SCA module. This reduces the overhead of Process Center having to manage a lot of technical detail in the implementation module that is not appropriate to be surfaced to the BPM layer.

35 | P a g e

Consume AIS in the business process In order to demonstrate that all the pieces work together, in Process Designer a simple illustrative BPD has been provided in the toolkit, as shown in Figure 20. The BPD provides a human service to allow a user to enter the data to search against, then it calls the AIS as the implementation of a system lane service, and finally a further human service is used to display the resulting invoice that is returned from the AIS.

Figure 20. Example BPD invoking AIS in system lane

Back to top Solution installation and testing In order to test the solution we've implemented, you now need to install the various components on the runtime environment. In this example, all components including the EJBs are installed on BPM Advanced; in a production environment the EJBs are more likely to be installed separately onto a WebSphere Application Server node and called using their remote interface from the SCA module running on BPM Advanced. Installation of technical services components Because the EJBs and SCA module are to be managed outside of the Process Center, they to be explicitly installed into the runtime server (as opposed to the toolkit, in which the current or version is active and ready to be tested on the Process Center server). First you can install the EARs containing the EJBs using the WebSphere administrative console (you could also use the wsadmin command scripting environment if you prefer). The EAR files would have been exported out of the Integration Designer workspace in order to allow them to be installed onto the server (versions of the EAR files for both V8 and V7.5.1 of BPM Advanced are provided for download in the zip file included with this article). Figure 21 shows the Enterprise Applications section of the administration console, where existing enterprise applications are listed and you can install additional ones.

36 | P a g e

Figure 21. Administration console showing enterprise applications

Figure 22 shows the summary of the installation wizard before installing the first EAR file (in this example, the CustomerEJB EAR file).

Figure 22. Example of an enterprise application installation wizard

(See a larger version of Figure 22.) After installing the enterprise application containing an EJB, the console output should look similar to Figure 23. Next you can start the enterprise application so that the EJB contained in it is available to receive requests. For the example scenario, you need to repeat the process to install the other enterprise application (OrderEJB EAR).

37 | P a g e

Figure 23. Console showing enterprise application successfully installed

(See a larger version of Figure 23.) The SCA module is also exported from Installation Designer and you should install it into BPM Advanced using the WebSphere administration console. Figure 24 shows the output from the console when the installation has succeeded (the supplied EAR is OrderSCAClient_8_0.EAR or OrderSCAClient_7_5_1.EAR depending on your product version).

Figure 24. Console showing SCA module successfully installed

(See a larger version of Figure 24.) Start this SCA module as you did with the enterprise applications so that it is available to serve requests. You can either start the EAR in the enterprise applications or you can access the SCA module and start it as shown in Figure 25.

38 | P a g e

Figure 25. Start SCA module

(See a larger version of Figure 25.) Executing a process invoking the AIS Now that all the back-end components are installed and started, you can run an end-to-end test to prove the AIS connects to the EJBs via the SCA module and BPEL micro-flow. Figure 26 shows the Process Inspector view of Process Designer, showing the completion of the first human service with some sample values.

Figure 26. Process Inspector view showing search criteria provided

(See a larger version of Figure 26.) After completing the initial human service, the process then invokes the AIS and provides the result data to the next human service. The Coach displays the results of the invoice data that was fetched from the BPEL (and in turn the EJBs), as shown in Figure 27.

39 | P a g e

Figure 27. Process Inspector showing data returned from AIS call

You've now successfully executed the end-to-end scenario for a BPD process through an AIS to a BPEL micro-flow orchestrating calls to some EJBs. Conclusion This article described a logical architectural layering and separation of concerns between business processes in the BPM layer and provided SOA services. It introduced how to implement such architecture in BPM Advanced, focusing on managing the correct level of detail in the correct tool using Process Designer and Integration Designer. The article presented a detailed working scenario supported by an executable solution that demonstrated the role of AIS in providing the link between business processes and aggregations of lower-level technical services. Performance tuning considerations when IBM Business Process Manager (BPM) is running in a virtual machine Technote (troubleshooting) Problem (Abstract) Running IBM Business Process Manager in a virtual machine is supported. However, there are some additional considerations when running servers in a virtual machine (VM) environment. Resolving the problem When you are running a Java Platform, Enterprise Edition (Java EE) application in a virtual machine (VM) there are additional considerations. These considerations are performance-related changes. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. Other things to consider:

Dedicated CPU for VMs If you have several VMs on a node, you can experience CPU starvation. Dedicated memory You can set up VMs to have shared RAM. Performance can be affected if the server node is swapping memory usage. Looking at the operating system resource pages (free CPU, free memory) can show that there is available resources. However, these resources are being shared or constrained at a deeper level in the larger VM server setup.

40 | P a g e

Tools and Best practices

Esxtop For more information on esxtop metrics, see Interpreting esxtop 4.1 Statistics How to use batch mode for perfmon Troubleshooting CPU Ready issues VMware IO Analyzer VMware vSphere Best Practices

White papers on how to tune VMWare to perform well with Java EE applications:

Performance Troubleshooting for VMware vSphere 4 Enterprise Java Applications on VMware - Best Practices Guide

General Virtual Machine Performance Guidelines

Virtual Machine Performance Problems

Suggested Reading for Virtual Databases Microsoft SQL Server and Virtualization

IBM DB2

SQL Server Performance - VMware Tips for configuring Microsoft SQL Server in a virtual machine Microsoft SQL Server and VMware Virtual Infrastructure Best Practices for SQL Server Top 10 Keys to Deploying SQL Server on VMware

Setup DB2 Enterprise 9 on a Linux virtual machine using VMware ESX Server Scaling IBM DB2 9 in a VMware Infrastructure 3 environment IBM Red Book - DB2 Virtualization

Oracle Database

Oracle Databases on VMware vSphere 4 Optimize Oracle on VMware Oracle VMware Tips

41 | P a g e

How to add Brand Logo to the Process Portal in IBM BPM ??? Below steps might help you add your Brand logo to the IBM BPM Process Portal : 1.) Add Logo image at below location : D:\IBM\BPM\v7.5\profiles\ProcCtr01\installedApps\VALUED-62KCDF07Node01Cell\IBM_BPM_Portal_VALUED62KCDF07Node01_server1.ear\portal.war\skins\Leapfrog\images Let Name of your file be "logo_XXXXXXX.png". 2.) Go to below file: D:\IBM\BPM\v7.5\profiles\ProcCtr01\installedApps\VALUED-62KCDF07Node01Cell\IBM_BPM_Portal_VALUED62KCDF07Node01_server1.ear\portal.war\skins\Leapfrog\layout.css Find below snippet of code #header { margin: 0px; padding: 0px; height: 51px; background: url("images/logo-header.png") repeat-x 0px 0px; position: relative; } Replace: #header { margin: 0px; padding: 0px; height: 51px; background: url("images/logo_XXXXXXX.jpg") no-repeat 0px 0px; position: relative; } This step will put the brand logo at header in portal once logged in.
3.) Go to below file: D:\IBM\BPM\v7.5\profiles\ProcCtr01\installedApps\VALUED-62KCDF07Node01Cell\IBM_BPM_Portal_VALUED62KCDF07Node01_server1.ear\portal.war\skins\Leapfrog\login.css Find below snippet: #login-header { margin: 0px; padding: 0px; height: 71px; background: url("images/logo-header.png") repeat-x 0px 0px; position: relative; }

42 | P a g e

Replace: #login-header { margin: 0px; padding: 0px; height: 71px; background: url("images/logo_XXXXXXX.png") no-repeat 0px 10px; position: relative; } This step will put the brand logo in Login Page. Now open the portal you can find brand logo in portal.

Example: F:\IBM\WebSphere\AppServer\profiles\ProcCtr01\installedApps\CTSINGTPSLABNode01Cell\IBM_BPM_Portal_CTSINGTPSLABNode01_ server1.ear\portal.war\skins\Leapfrog\images F:\IBM\WebSphere\AppServer\profiles\ProcCtr01\installedApps\CTSINGTPSLABNode01Cell\IBM_BPM_Portal_CTSINGTPSLABNode01_ server1.ear\portal.war\skins\Leapfrog\layout.css For ProcessAdmin Console: OR

F:\IBM\WebSphere\AppServer\profiles\ProcCtr01\installedApps\CTSINGTPSLABNode01Cell\IBM_BPM_ProcessAdmin_CTSINGTPSLABN ode01_server1.ear\ProcessAdmin.war\Images\CTS2.GIF F:\IBM\WebSphere\AppServer\profiles\ProcCtr01\installedApps\CTSINGTPSLABNode01Cell\IBM_BPM_ProcessAdmin_CTSINGTPSLABN ode01_server1.ear\ProcessAdmin.war\login.css Style changes in Login.css codes: body { background: url("images/CTS2.gif") no-repeat 20 30; repeat-x scroll top left; height: 20px; width: 100%; } #login-header { background: white url('images/bg_slice_heading_content_v2.gif') repeat-x scroll top left; height: 80px; width: 100%; /*background : black /*url("images/DSM.png") no-repeat 20 30; */ height : 50px; margin-bottom: 30px;*/ } #login-header .logo { /* background: url(images/logo_header.gif) no-repeat 100% 10px; */ /* height : 70px; */ } #login-content { background: url("images/map.png") no-repeat 10 10; height : 10px; font-family: Arial, Helvetica, sans-serif;; font-size: 15px; text-align: center; }

43 | P a g e

#login-table { margin-top: 40px; margin-bottom: 20px; font-family: Arial, Helvetica, sans-serif;; font-size: 11px; } #login-table input { font-family: Arial, Helvetica, sans-serif;; font-size: 11px; } #login-copyright { margin-top: 20px; font-family: Arial, Helvetica, sans-serif;; font-size: 11px; } #login-error { padding-top: 10px; font-family: Arial, Helvetica, sans-serif;; font-size: 13px; color: red; font-weight: bold; } #content-header { background: white url('images/bg_slice_heading_content_v2.gif') left; height: 25px; width: 100%; } repeat-x scroll top

#content-header-left { background: url("images/bg_content_heading_left_v2.gif") no-repeat scroll top left; height: 25px; width: 7px; text-align:right; } #content-header-right { background: url("images/bg_content_heading_right_v2.gif") no-repeat scroll top right ; height: 25px; width: 7px; } #content-title { padding-left: 6px; font-weight: bold; font-size: 12px; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; color: #202C38; } #content-border { border-bottom:1px solid #ADBDD2; border-left:1px solid #ADBDD2; border-right:1px solid #ADBDD2; height: 100%; }

44 | P a g e