In this article, we'll be working with two Process Centers:
- AshokPC will act as the local or central Process Center
- 66PC will be the remote or satellite Process Center.
You can use the HTTP or HTTPS protocol to communicate between the two Process Centers. Note that when using the HTTP protocol, the user name and password must be identical on both Process Centers. In our case the two Process Centers do not have identical user names and passwords, therefore we need to use the HTTPS protocol.
The following table describes the environment used for the configuration in this article.
|Shared resources directory||C:\IBM\Shared||<SRD_HOME>|
|IBM Installation Manager||1.5||C:\Program Files (x86)\IBM\Installation Manager||<IM_HOME>|
|WebSphere Application Server||188.8.131.52||C:\IBM\WebSphere\AppServer8||<WAS_HOME>|
|IBM Business Process Manager Advanced||184.108.40.206||C:\IBM\WebSphere\AppServer8||<BPM_HOME>|
Configuring cross-cell security
Before specifying the HTTPS protocol, you need to set up a security trust between the participating Process Centers. There are two major steps to doing this:
- Signer certificates need to be extracted and stored.
- LTPA keys need to be shared.
This is done using the administrative console. Make sure the Process Server is running on both machines.
Configure SSL by exchanging the server SSL certificates
To configure the local Process Center certificate, do the following:
- Open the administrative console and log in as the administrator.
- Select Security => SSL certificate and key management =>Key stores and certificates => NodeDefaultTrustStore => Signer certificates.
- Click Retrieve from port.
Figure 1. Retrieve signer certificate from default store
- Enter the fully-qualified host name and SSL port (the admin host secure port) of
the remote Process Center server, specify an alias name, and click
Retrieve signer information, as shown in Figure 2.
Figure 2. Certificate alias and local Process Center connection details
- Click OK to save the root signer certificate in the local trust store.
- You should see a new certificate, named 66cert, listed under
Signer certificates, as shown in Figure 3.
Figure 3. Details retrieved about the new certificate
- Click Save to save the master configuration.
To configure the local Process Center certificate, do the following:
- Repeat steps 1 thru 4 above for the remote Process Center. Remember
that the host name and port will be different: they will be those of
the local Process Center server, as shown in Figure 4.
Tip: It's recommended that you always use fully-qualified host names rather than IP addresses.
Figure 4. Certificate alias and remote Process Center connection details
- You should see a new certificate named ashokcert, listed under
Signer certificatesas shown in Figure 5.
Figure 5. New certificate details
Share LTPA keys
In this step, you start with the remote Process Center.
To share the remote Process Center LTPA key, do the following:
Note: The assumption is you are still logged into the administrative console as administrator.
- Select Security => Global Security, and in the Authentication section, click LTPA.
- In the Cross-cell single sign-on section of the next screen, shown in Figure 6, enter a password and a fully-qualified key file name.
- Click Export keys, then OK.
Figure 6. Specify SSO details on remote Process Center
- You should see the message: "The keys were successfully exported to the file C:\66KeyFile. Transfer the exported key file in binary mode to the file system of the local Process Center.
To share the local Process Center LTPA key, do the following:
- Repeat steps 1 and 2 above on the local Process Center. Remember the password must be the same as that used on the remote Process Center.
- Click Import keys, then OK, as shown in Figure 7.
Figure 7. Specify SSO details on local Process Center
- You should see the message: "The keys were successfully imported from the file C:\66KeyFile."
The two Process Centers now share the same LTPA keys.
Registering a Process Center
If development teams want to share toolkits between Process Centers, administrators can register one Process Center with another.
Enable a local Process Center for registration
To enable a local Process Center for registration, do the following:
- Open the Process Center (either using Process Designer or a web browser).
- Click the Admin tab and click Registration.
- Select Enable Registration and Sharing.
- Enter a unique name (in this example
AshokPC) for the Process Center, as shown in Figure 8.
Figure 8. Enter a name for the local Process Center
- The registered Process Center AshokPC is displayed, as shown in
Figure 9. Local Process Center is registered
Enable a remote Process Center for registration
To enable a remote Process Center for registration, do the following:
- Repeat steps 1-3 above on the remote Process Center.
- Name the Process Center
- The registered Process Center 66PC is displayed.
You can register the Process Center via the administrative console on either the local Process Center or the remote Process Center. We will initiate the sharing on the Remote Process Center. To register the Process Center, do the following:
- Complete steps 1-3 from the previous section on the remote Process Center.
- Click Create Registration.
- In the Create Registration dialog, select Remote Process
Center and enter the Remote Process Center URL. In our case,
we have to use the HTTPS protocol and corresponding defaulthost secure
port, as shown in Figure 10. Then click Register.
Figure 10. Register remote Process Center
Once the other Process Center is successfully registered, it is listed in the Registration window.
- Select Admin => Registration on the local Process Center,
and you should see the remote Process Center listed, as shown in
Figure 11. Process Center in Registration screen
Sharing, using, and searching
If you click the Process Apps tab, you should now be able to see the toolkits from the other Process Center.
Searching across Process Centers
In Process Designer, you can click the down arrow in the search field at the top right, as shown in Figure 12, to set the scope of searches to include the shared Process Center.
The image on the left shows the search screen of the local Process Center (AshokPC). Notice that 66PC is listed under Location. The image on the right shows the search screen of the remote Process Center (66PC). Notice that AshokPC is listed there.
Figure 12. Search screen showing shared Process Centers
Release before sharing
Before you can share a toolkit with another Process Center, you have to set its status to Released by doing the following:
- In the local Process Center, go to the Toolkits tab.
- Click on the toolkit you want to share.
- On the Snapshots screen, shown in Figure 13, click the New
dropdown and select Status.
Figure 13. Select snapshot status
- In the Set Snapshot Status dialog, shown in Figure 14, select
Released, and click OK.
Figure 14. Set snapshot status
The toolkit status changes to Released and the toolkit can now be shared.
Share before searching
Before you can search for a toolkit in another Process Center, you need to first share the toolkit by doing the following:
- On the Toolkits tab of the local Process Center, under
Manage, click Share Toolkit with other Process
Centers, as shown in Figure 15.
Figure 15. Share toolkit
- On the Toolkits tab, the particular toolkit that was just
shared will have a new shared icon next to it, as shown in Figure 16.
Figure 16. Toolkit showing shared icon
You can now search for the toolkit from the other Process Center.
Search and subscribe
You can use the search field (with the magnifying glass icon) to search for and subscribe to a shared toolkit as follows:
- From the remote Process Designer, enter
toolkitin the search field.
- Keep the scope as Process Designer and select the local Process Center(AshokPC).
- Click Search.
One shared toolkit should be returned, as shown in Figure 17.
- Click Subscribe to subscribe to the shared toolkit and reuse
it in the remote Process Designer.
Figure 17. Subscribe to the shared toolkit
- Once the subscription is successful, you will see the Open in Designer option.
- Finally, select Toolkits => Snapshots screen, then click
Check for Updates to see whether a new version of the
toolkit was released on the other Process Center, as shown in Figure
Figure 18. Released toolkit
The key to registering one Process Center with another is to use a user ID that exists in both Process Centers. The security realms of the participating cells should be the same, meaning that they have the same set of users and groups. The passwords do not have to match.
Once a Process Center is registered, you can view and use toolkits from the other Process Center. But you first have to make sure the toolkits are released, shared, and subscribed.
- IBM Business Process Manager V8 Information Center
- developerWorks BPM zone: Get the latest technical resources on IBM BPM solutions, including downloads, demos, articles, tutorials, events, webcasts, and more.
- IBM BPM Journal: Get the latest articles and columns on BPM solutions in this quarterly journal, also available in both Kindle and PDF versions.