Sharing toolkits across Process Centers in IBM Business Process Manager V8

One of the new features in IBM® Business Process Manager V8 is the ability to share toolkits between registered Process Centers. In this article you'll learn how to register a Process Center using the HTTPS protocol. This content is part of the IBM Business Process Management Journal.

Share:

Ashok Iyengar (ashoki@us.ibm.com), Executive IT Specialist, IBM

Ashok Iyengar photoAshok Iyengar is a member of IBM for Software Services for WebSphere (ISSW). He has worked extensively with the IBM Business Process Management platform doing proof of concepts, pilots, and architecture design. Currently his focus is on the cloud, specializing in Platform as a Service (PaaS). He helps customers deploy patterns on IBM PureApplication Systems and IBM SmartCloud.



26 September 2012

Getting started

In this article, we'll be working with two Process Centers:

  • AshokPC will act as the local or central Process Center
  • 66PC will be the remote or satellite Process Center.

You can use the HTTP or HTTPS protocol to communicate between the two Process Centers. Note that when using the HTTP protocol, the user name and password must be identical on both Process Centers. In our case the two Process Centers do not have identical user names and passwords, therefore we need to use the HTTPS protocol.

The following table describes the environment used for the configuration in this article.

SoftwareVersionInstallation LocationVariable
Shared resources directory C:\IBM\Shared <SRD_HOME>
IBM Installation Manager 1.5 C:\Program Files (x86)\IBM\Installation Manager <IM_HOME>
WebSphere Application Server 8.0.0.3 C:\IBM\WebSphere\AppServer8 <WAS_HOME>
IBM Business Process Manager Advanced 8.0.0.0 C:\IBM\WebSphere\AppServer8 <BPM_HOME>

Configuring cross-cell security

Before specifying the HTTPS protocol, you need to set up a security trust between the participating Process Centers. There are two major steps to doing this:

  1. Signer certificates need to be extracted and stored.
  2. LTPA keys need to be shared.

This is done using the administrative console. Make sure the Process Server is running on both machines.

Configure SSL by exchanging the server SSL certificates

To configure the local Process Center certificate, do the following:

  1. Open the administrative console and log in as the administrator.
  2. Select Security => SSL certificate and key management =>Key stores and certificates => NodeDefaultTrustStore => Signer certificates.
  3. Click Retrieve from port.
    Figure 1. Retrieve signer certificate from default store
    Retrieve signer certificate from default store
  4. Enter the fully-qualified host name and SSL port (the admin host secure port) of the remote Process Center server, specify an alias name, and click Retrieve signer information, as shown in Figure 2.
    Figure 2. Certificate alias and local Process Center connection details
    Certificate alias and local Process Center connection details
  5. Click OK to save the root signer certificate in the local trust store.
  6. You should see a new certificate, named 66cert, listed under Signer certificates, as shown in Figure 3.
    Figure 3. Details retrieved about the new certificate
    Details retrieved about the new certificate
  7. Click Save to save the master configuration.

To configure the local Process Center certificate, do the following:

  1. Repeat steps 1 thru 4 above for the remote Process Center. Remember that the host name and port will be different: they will be those of the local Process Center server, as shown in Figure 4.

    Tip: It's recommended that you always use fully-qualified host names rather than IP addresses.

    Figure 4. Certificate alias and remote Process Center connection details
    Certificate alias and remote Process Center connection details
  2. You should see a new certificate named ashokcert, listed under Signer certificatesas shown in Figure 5.
    Figure 5. New certificate details
    New certificate details

Share LTPA keys

In this step, you start with the remote Process Center.

To share the remote Process Center LTPA key, do the following:

Note: The assumption is you are still logged into the administrative console as administrator.

  1. Select Security => Global Security, and in the Authentication section, click LTPA.
  2. In the Cross-cell single sign-on section of the next screen, shown in Figure 6, enter a password and a fully-qualified key file name.
  3. Click Export keys, then OK.
    Figure 6. Specify SSO details on remote Process Center
    Specify SSO details on remote Process Center
  4. You should see the message: "The keys were successfully exported to the file C:\66KeyFile. Transfer the exported key file in binary mode to the file system of the local Process Center.

To share the local Process Center LTPA key, do the following:

  1. Repeat steps 1 and 2 above on the local Process Center. Remember the password must be the same as that used on the remote Process Center.
  2. Click Import keys, then OK, as shown in Figure 7.
    Figure 7. Specify SSO details on local Process Center
    Specify SSO details on local Process Center
  3. You should see the message: "The keys were successfully imported from the file C:\66KeyFile."

The two Process Centers now share the same LTPA keys.


Registering a Process Center

If development teams want to share toolkits between Process Centers, administrators can register one Process Center with another.

Enable a local Process Center for registration

To enable a local Process Center for registration, do the following:

  1. Open the Process Center (either using Process Designer or a web browser).
  2. Click the Admin tab and click Registration.
  3. Select Enable Registration and Sharing.
  4. Enter a unique name (in this example AshokPC) for the Process Center, as shown in Figure 8.
    Figure 8. Enter a name for the local Process Center
    Enter a name for the local Process Center
  5. The registered Process Center AshokPC is displayed, as shown in Figure 9.
    Figure 9. Local Process Center is registered
    Local Process Center is registered

Enable a remote Process Center for registration

To enable a remote Process Center for registration, do the following:

  1. Repeat steps 1-3 above on the remote Process Center.
  2. Name the Process Center 66PC.
  3. The registered Process Center 66PC is displayed.

You can register the Process Center via the administrative console on either the local Process Center or the remote Process Center. We will initiate the sharing on the Remote Process Center. To register the Process Center, do the following:

  1. Complete steps 1-3 from the previous section on the remote Process Center.
  2. Click Create Registration.
  3. In the Create Registration dialog, select Remote Process Center and enter the Remote Process Center URL. In our case, we have to use the HTTPS protocol and corresponding defaulthost secure port, as shown in Figure 10. Then click Register.
    Figure 10. Register remote Process Center
    Register remote Process Center

    Once the other Process Center is successfully registered, it is listed in the Registration window.

  4. Select Admin => Registration on the local Process Center, and you should see the remote Process Center listed, as shown in Figure 11.
    Figure 11. Process Center in Registration screen
    Process Center in Registration screen

Sharing, using, and searching

If you click the Process Apps tab, you should now be able to see the toolkits from the other Process Center.

Searching across Process Centers

In Process Designer, you can click the down arrow in the search field at the top right, as shown in Figure 12, to set the scope of searches to include the shared Process Center.

The image on the left shows the search screen of the local Process Center (AshokPC). Notice that 66PC is listed under Location. The image on the right shows the search screen of the remote Process Center (66PC). Notice that AshokPC is listed there.

Figure 12. Search screen showing shared Process Centers
Search screen showing shared Process Centers

Release before sharing

Before you can share a toolkit with another Process Center, you have to set its status to Released by doing the following:

  1. In the local Process Center, go to the Toolkits tab.
  1. Click on the toolkit you want to share.
  2. On the Snapshots screen, shown in Figure 13, click the New dropdown and select Status.
    Figure 13. Select snapshot status
    Select snapshot status
  3. In the Set Snapshot Status dialog, shown in Figure 14, select Released, and click OK.
    Figure 14. Set snapshot status
    Set snapshot status

The toolkit status changes to Released and the toolkit can now be shared.

Share before searching

Before you can search for a toolkit in another Process Center, you need to first share the toolkit by doing the following:

  1. On the Toolkits tab of the local Process Center, under Manage, click Share Toolkit with other Process Centers, as shown in Figure 15.
    Figure 15. Share toolkit
    Share toolkit
  2. On the Toolkits tab, the particular toolkit that was just shared will have a new shared icon next to it, as shown in Figure 16.
    Figure 16. Toolkit showing shared icon
    Toolkit showing shared icon

You can now search for the toolkit from the other Process Center.

Search and subscribe

You can use the search field (with the magnifying glass icon) to search for and subscribe to a shared toolkit as follows:

  1. From the remote Process Designer, enter toolkit in the search field.
  2. Keep the scope as Process Designer and select the local Process Center(AshokPC).
  3. Click Search.

    One shared toolkit should be returned, as shown in Figure 17.

  4. Click Subscribe to subscribe to the shared toolkit and reuse it in the remote Process Designer.
    Figure 17. Subscribe to the shared toolkit
    Subscribe to the shared toolkit
  5. Once the subscription is successful, you will see the Open in Designer option.
  6. Finally, select Toolkits => Snapshots screen, then click Check for Updates to see whether a new version of the toolkit was released on the other Process Center, as shown in Figure 18.
    Figure 18. Released toolkit
    Released toolkit

    (See a larger version of Figure 18.)


Conclusion

The key to registering one Process Center with another is to use a user ID that exists in both Process Centers. The security realms of the participating cells should be the same, meaning that they have the same set of users and groups. The passwords do not have to match.

Once a Process Center is registered, you can view and use toolkits from the other Process Center. But you first have to make sure the toolkits are released, shared, and subscribed.

Resources

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Business process management on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Business process management, WebSphere
ArticleID=837439
ArticleTitle=Sharing toolkits across Process Centers in IBM Business Process Manager V8
publish-date=09262012