Using a new object store

You can configure IBM® Business Process Manager to work with an existing external ECM system by using a new object store.

Before you begin

There are two ways of configuring IBM BPM to work with an existing external ECM system.
  • You can configure your IBM BPM deployment environment to use an empty object store in an external IBM FileNet® Content Manager installation. This configuration is useful if you set up a new IBM BPM deployment environment. You cannot configure your IBM BPM deployment environment to use an empty object store in an external IBM Content Manager installation immediately. You must follow the instructions in this set of steps.
  • You can configure your IBM BPM deployment environment to reassign the IBM BPM content store to the domain of an existing FileNet Content Manager installation. This configuration is useful if you already have an IBM BPM deployment environment setup. For instructions, see Reassigning the IBM BPM content store.
These prerequisites are necessary to configure IBM BPM with an existing external ECM server.
  • On FileNet Content Manager, you must have a domain already set up. There might be multiple object stores already set up. When you configure IBM BPM with FileNet Content Manager, there is a one-to-one correlation between the IBM BPM server and the FileNet Content Manager object store.
  • As an application server, only WebSphere Application Server is supported. In addition, the WebSphere Application Server used by IBM BPM and the WebSphere Application Server used by FileNet Content Manager must have the same version.
  • The same Lightweight Directory Access Protocol (LDAP) user repository must be used by both IBM BPM and FileNet Content Manager.
  • IBM BPM can work with FileNet Content Manager by using Federated Repositories (also referred to as Virtual Member Manager (VMM)) or Lightweight Directory Access Protocol (LDAP). The LDAP must be connected directly; or by using Federated Repositories (VMM) on the FileNet Content Platform Engine on WebSphere Application Server and its domain.

About this task

Note: You cannot reverse this configuration and return to using the IBM BPM content store. After you configure, you must always use the external ECM server.

Back up your system configuration and databases before you begin this configuration. This backup means you can roll back your configuration if needed. See Backing up and restoring administrative configuration files.

Procedure

  1. Begin your configuration by checking there is no content such as folders and documents in the IBM BPM content store. Use the IBM Administrative Console for Content Platform Engine to check there is no content.
    1. In the domain navigation tree, open Object Stores > docs.
    2. In the object store navigation tree, open Search.
    3. Click New Object Store Search.
    4. For each of the following classes, run a search: Document and Case Folder. You can search for Case Folder instances only if the Basic Case Management license is installed.
    5. If the result set is empty, there is no existing content.
    See Using the IBM Administration Console for Content Platform Engine to administer the embedded content store
    Note: Any content that you do not remove from the IBM content store is deleted when you complete this configuration.
  2. Check the version level of the FileNet Content Manager. It must be a supported version to work with IBM Business Process Manager. See Planning for an external Enterprise Content Management server.
  3. Configure single sign-on (SSO) security for the external FileNet Content Manager, including the configuration of the user registry and trusted realm. To configure single sign-on security with a common user repository, see Configuring single sign-on for an external FileNet Content Manager.
  4. Designate a user from the shared repository to be the administrator for the object store. IBM BPM uses this user to do administrative operations like the creation of document class definitions. Then, map this user to the IBM BPM EmbeddedECMTechnicalUser role.
    1. Check that the user defined in the Authentication Alias assigned to the EmbeddedECMTechnicalUser role is a user from the shared repository.
      1. Select Servers > Deployment Environments > DE name > Authentication aliases. Note the alias name that is used for the EmbeddedECMTechnicalUser role.
      2. Select Security > Global Security. Expand the Java Authentication and Authorization Service section and select J2C authentication data. Verify that the user assigned to the EmbeddedECMTechnicalUser alias is a user from the shared user repository.
    2. If the user assigned to the EmbeddedECMTechnicalUser does not qualify, that is, the user is not from the shared repository, do the following steps.
      1. Create an authentication alias with credentials from the shared user repository for the Content Platform Engine administrator.
        1. In the WebSphere administrative console for the IBM BPM server, select Security > Global Security. The Global Security page opens.
        2. Expand the Java Authentication and Authorization Service section and select J2C authentication data. The JAAS - J2C Authentication Data page opens.
        3. Click New and add an authentication alias with LDAP credentials for the object store administrator.
      2. Change the EmbeddedECMTechnicalUser role to use the new authentication alias that you created. This authentication alias is for FileNet Content Manager. To change the EmbeddedECMTechnicalUser role to use the new authentication alias, in the WebSphere administrative console, select Servers > Deployment Environments. Select your deployment environment and continue to Authentication Aliases. You see the EmbeddedECMTechnicalUser and can modify that alias.
  5. Configure FileNet Content Manager for the IBM BPM content store.
    1. Log in to the IBM Administration Console for Content Platform on the FileNet Content Platform Engine as a domain administrator.
    2. Create an object store by using the IBM Administration Console for Content Platform on the FileNet Content Platform Engine. See Creating an object store. Use the following settings:
      • Use the user from step 4 when granting administrative access to this object store. You may also use a group that contains this user.
      • Grant all users that work with IBM BPM basic access. You might want to use the #AUTHENTICATED-USERS security identifier as grantee to allow all users to work with the object store. The individual instance objects are automatically protected based on the teams you create in IBM BPM.
      • When you choose the add-ons, check that the Base Content Engine Extensions are installed. This add-on is part of the default configuration.
      • After the object store is created, the only access rights that you will need to add to the administrative user is PRIVILEGED_WRITE. In IBM Administration Console for Content Platform on FileNet Content Manager, the check box that you must select is Modify certain properties (in English).

      After the object store is created, you can add a user with administrative permissions on the object store. See Update object store with new users and groups. The permissions that you must grant to the user are listed in Permissions required for the new object store.

  6. Running a command and then starting IBM BPM finishes the configuration. However, you must also verify that the configuration is working.
    1. Run the setBPMExternalECM admin command to configure IBM BPM to use an external ECM server.
      1. Shut down the IBM BPM deployment environment; for example, by using the BPMConfig command. BPMConfig -stop. See BPMConfig command-line utility. In the case of a Network Deployment (ND) environment, the deployment manager, and node agents can be left running. The FileNet Content Platform Engine must be running.
      2. Run wsadmin. In the case of an IBM BPM Express server or if you stopped the deployment manager of your Network Deployment (ND) environment, run wsadmin in local mode; that is, by using the parameter -conntype none.
      3. Run the setBPMExternalECM admin command. See setBPMExternalECM command.Use NEW_EXTERNAL_OBJECT_STORE as the value for the -ecmEnvironment parameter.
      4. Save the configuration by invoking AdminConfig.save().
      5. In the case of a Network Deployment (ND) environment, synchronize the configuration of the nodes.
      6. Restart the IBM BPM deployment environment by using the BPMConfig command. BPMConfig -start. See BPMConfig command-line utility. If you stopped the deployment manager and node agents, you need to manually restart them.
    2. Check for errors in the IBM BPM logs. If you discover errors, resolve them and restart the IBM BPM server.
    3. Check the CMIS component in the Component Health Center to verify that your external ECM server is up and running. The switch to the external ECM server removes the IBM BPM content store configuration. Therefore, you cannot check the EmbeddedECM component anymore. Instead, check the CMIS component. The CMIS component also reports errors for the connection to the external ECM. See Component Health Center.
Parent topic: Configuring IBM BPM with an existing external ECM server
Related information:
correctDocumentStoreInstanceAuthorization command