Administering Libraries
A Library provides the services of an Enterprise Content Management (ECM) system to Communities. To enable the use of Libraries, you must make some configuration changes to Connections and to each ECM system that you plan to use.
Two types of Library widgets are available in Communities: Libraries, and Linked Libraries. By default, Libraries are enabled and Linked Libraries are disabled. When users create a Library widget, the library is created on the ECM system that is configured to work with Connections. When users create a Linked Library widget in a Community, they specify a server then select an existing library from that server. For more information about enabling Linked Libraries, see Adding Linked Libraries.
If you want to reuse existing content from your ECM server, use the Linked Library widget. If you need a new place to store content and collaborate within your community, use the Library widget.
- Windows systems: migrateAuthUsers.bat
- Linux and UNIX systems: ./migrateAuthUsers.sh
Note that this script affects only access to libraries and teamspaces created using IBM Connections, not linked libraries created using IBM FileNet.
After this migration step is complete, you can add the Library widget to communities that are shared with external users.
Releases earlier than CR2 do not support external access to CCM libraries. For these releases, if you are using CCM in your deployment and external user access is enabled, you must block the URL to FileNet® Collaboration Services (by default /dm/*) and the FileNet Content Engine (/FileNet/*). The FileNet Content Engine does not need to be directly accessed outside of your deployment, so /FileNet can be blocked for all users, not just external users. You can block external users in the following ways:
- Setting rules in a Security proxy such as Tivoli® Access Manager.
- Giving external users access only to a separate HTTP server that lacks a mapping to the Library or FileNet Collaboration Services (/dm/*) . The two HTTP servers can be registered with the same name in different networks; external users see the same host name, but this host uses a different DNS entry and therefore a different HTTP server.
- In WebSphere®, limit the members of the Authenticated and Anonymous Java Platform, Enterprise Edition Security roles on the FNCS application, ensuring the FileNet Content Engine is not mapped to an HTTP server. Also, ensure that your WebSphere server ports are not directly accessible to users.
Using a registered external user account, test your block by browsing to your FileNet Collaboration Services URL (for example, http://example.com/dm/) from the network that is used by your external users. This network that is used for this test can be a VPN for your visitors or just the public internet. If the server returns a valid response when accessed from the network that is used by your external users, you did not correctly block visitors from accessing CCM. For more information on restricting access to FileNet Collaboration Services, see Roles.
After you configure your systems for Linked Library, users can add Linked Library widgets to their Communities. Files and folders within a Library are stored and managed on the ECM system, independently of Connections. As a result, users who have access to the Community must also have access to the ECM system before they can use the Library. Unless you configure single sign-on, users must authenticate to the Connections system and to each ECM system separately.
The following table shows the ECM systems that are available for each type of library.
Type of widget | ECM System |
---|---|
Linked Library |
IBM FileNet version 5.2.1 FP2 or later with IBM FileNet Collaboration Services version 2.0.3 FP 3, or FP 5 for RHEL 7. IBM DB2® Content Manager 8.4.3 with FixPack 1 or later. |
Library |
IBM FileNet version 5.2.1 FP2 or later with IBM FileNet Collaboration Services version 2.0.3 FP 3, or FP 5 for RHEL 7. |