Set up IBM Business Process Manager with Amazon Web Services
This tutorial describes how to install IBM Business Process Manager (BPM) Advanced V8.5.7. on the Amazon Web Services public cloud platform. As stated in the IBM Eligible Public Cloud policy, Amazon Web Services is supported for all eligible IBM products, including IBM BPM, under the IBM Eligible Public Cloud Bring Your Own Software License (BYOSL) policy. If you have Amazon Web Services in your cloud environment, learn some tips for installing IBM BPM.
IBM BPM is a comprehensive business process management platform on which business process applications can be developed, automated, and managed to provide process visibility, control, and continual improvement. IBM BPM is available on premises or as IBM BPM on Cloud.
The following illustration shows the key components that make up the IBM BPM platform:
Understand the following details about Process Center:
- Process Center is the common management repository where process applications are created.
- Process Center is the central command center for managing and governing process deployments throughout all runtime environments (for example, the Process Server).
- With the shared model architecture, you can build, deploy, measure, and optimize processes in a single, unified platform.
- Process developers can reuse existing artifacts, both within and across process applications, by including them in a toolkit.
- Process Center includes an embedded Process Server for playback during development.
Understand the following details about Process Designer and Integration Designer:
- Process Designer, based on Business Process Model and Notation (BPMN) 2.0, is the authoring environment for developing human-centric process applications. BPMN 2.0 is the industry standard notation from business process modelling.
- Integration Designer is the environment for process developers to create complex automated Business Process Execution Language (BPEL) processes and integration services, within a complete integration development environment.
Understand the following details about Process Server:
- Process Server is a unified IBM BPM runtime environment that supports the full range of business processes, service orchestration and integration.
- You can use multiple Process Servers to provide non-production and production environments (for example, development, test, QA, pre-production, and production).
You can find more information about the latest version of IBM BPM in the announcement letter.
This tutorial is intended to provide guidance to anyone who has some experience installing IBM BPM but is installing for the first time on Amazon Web Services. The purpose is not to provide a detailed and formal installation manual, but instead to emphasize some of the key considerations and details to watch out for when installing IBM BPM on Amazon Web Services.
For installation details, see the IBM Business Process Manager Interactive Installation and Configuration Guide in the IBM BPM documentation. For detailed software requirements, including supported operating systems and databases for IBM BPM, see the IBM Business Process Manager Advanced detailed system requirements.
The process shown in the following illustration describes a typical installation and configuration of IBM BPM V8.5.7. for a Golden (three cluster) Process Center topology. In the installation example for this tutorial, IBM BPM is installed with the silent installation option. The following diagram illustrates the topology that has been installed and configured for the minimum viable product, described in detail in the next section.
The installation is a recommended topology of Process Center (three clusters named AppCluster, MECluster and SupCluster), contained in one Amazon Web Services virtual machine. The associated DB2 database, the IBM HTTP Server, and the deployment manager are co-located in the instance. The DmgrProfile deployment manager contains the deployment manager, with the two nodes hosting the pairs of servers making up the three standard clusters. One IBM HTTP Server with the IBM WebSphere Application Server plugin routes requests across the servers. The operating system used in the examples in this tutorial is Red Hat Enterprise Linux Server release 6.6.
This installation is suitable as a small scale development environment. It is entirely self-contained on one Amazon Web Services instance (virtual machine) for ease of documentation and deployment. The configuration provides high availability at a Process Center level (WebSphere Application Server server instance level), but has single points of failure at the HTTP, DB2 and Amazon Web Services instance level. It might be used for product evaluation, a quick start for a development team, or a proof of concept. The same installation process, with some minor changes, is suitable for Process Server.
The type of environment (Process Server or Process Center), the topology (single or triple cluster), and the database type (Oracle or DB2) that you build is determined by the deployment configuration file that you choose. The configuration settings are similar for for all cases except where the database types differ in their configuration options and terminology.
Note the functions of the WebSphere Application Server deployment environment in the IBM BPM Golden topology pattern are split into three clusters: the application (named AppCluster), messaging (named MECluster), and support (named SupCluser). This topology is the recommended for IBM BPM production environments and for meeting availability and scalability requirements. For production scenarios, install the two nodes that host the three clusters on two different machines. Then, if one node goes down, the work will fail over to the other node. It might be necessary to have additional nodes, for increased redundancy. The IBM BPM Golden topology, along with other IBM BPM production topologies, is discussed in detail in the IBM Business Process Manager Version 8.0 Production Topologies IBM Redbooks publication.
In the following sections, where a decision or configuration should be determined, in whole or part, by how you use Amazon Web Services the explanatory note is prefixed by Amazon Web Services Tip.
Step 1. Create an Amazon Web Services instance
The first step is to create an instance:
- Use the Amazon Web Services management console, also called the EC2
console for the Amazon Elastic Compute Cloud (Amazon EC2), a web
service that provides resizable compute capacity in the cloud. Click
Instances > Instances and
select Launch Instance. See: Amazon EC2 Instance Types.
NOTE: The volumes and instances must be in the same availability zone. It's best to create the instance and any required volumes together (as in this example). If they are created separately, create the instance and then any volumes required, because it is easier to specify the availability zone for elastic block volume (EBS) than for images.
- On the left hand select Community AMIs, then select Red Hat under Operating System, 64-bit under Architecture, and EBS under Root Device Type, as shown in the following screen capture:
- IBM BPM 8.5.7 Advanced is supported on RHEL 6.6. Select the RHEL-6.6_HVM_GA-20150128-x86_64-1-Hourly2-GP2 - ami-0b5f073b AMI.
- On the Choose an Instance Type window, the default selection is for the general purpose t2.micro type. Change the selection to the t2.large type. The size of the instance you select should be based on your expected workload and subsequent bench marking, as shown in the following screen capture:
- Complete the other windows until you get to Step 4. Add Storage.
There, add two volumes to the image:
- The first volume is a 30 GB
/optfile system for IBM BPM and IBM DB2 and for the DB2 instance storage.
- The second is a temporary 30 GB code magnetic volume for storage of the installation code. Because you don't need the code after installation (and may want to use it on additional images) you separate its storage.
Follow your organization's standards for storage and naming standards and for separation. Your storage selections are likely to differ from the following example.
/optfile system volume, as shown in the following example:
Add the code volume. The following example has Magnetic selected, because it doesn't require high input/output operations per second (IOPS), and retaining a magnetic volume for installation purposes is likely to cost less per hour.
- The first volume is a 30 GB
- Click Review and Launch.
Because you have not addressed security, and the selections are not free, you see the following messages:
- Click Launch.
Amazon Web Services Tip: You must select a key (which you have previously created and downloaded) or create and download a key to access your image. The following example shows a key selected.
Amazon Web Services Tip: Do not lose your key. It is the only way to access your instances.
- Click Launch Instances.
The instance takes a few seconds to start.
- Check under the EC2 Dashboard by expanding Instances and selecting Instances. On the dashboard, you see the instance is ready when 2/2 checks is shown in green under status checks, as shown in the following screen capture:
- Select the instance (the blue dot in the previous screen capture), and click Connect. The following message opens, showing how to connect to the instance:
Amazon Web Services Tip: Use the external address to the
Secure Shell (SSH) command line interface and the secure file transfer
sftp) for your server. Select your instance and
click Connect. You can then cut and paste the domain name
server (DNS) name.
Amazon Web Services Tip: The external address changes each time you start the server. If you can't connect, check the DNS you're using to see if it restarted.
Step 2. Connect to the instance and prepare it for installation
Complete the following steps to connect to the instance and prepare it for installation.
- The key command for Linux users looks like the following example:
ssh -i "Richard Shooter.pem" email@example.com
Because the following example shows a situation where keys were stored in
RichardShooter.pem(omitting the space for convenience), connect with the following command:
ssh -i "RichardShooter.pem" firstname.lastname@example.org. amazon ws.com
- Accept the key, like the example in the following screen capture:
Now you can mount a temporary object code repository, like the following example:
sudo mkfs /dev/xvdc sudo mkdir /mnt/object sudo mount /dev/xvdc /mnt/object sudo mkdir /mnt/object/install sudo chown ec2-user /mnt/object/install
- Copy the installation archives. Because you are using Secure Shell and
the secure file transfer protocol is available, the following example
sftp -oIdentityFile=RichardShooter.pem email@example.com sftp> cd /mnt/object/install sftp> lcd /media/usb1gb/InstallationCode/BPM857Advanced # or the path to your archives sftp> mput *
- After it is uploaded, you can extract the media:
cd /mnt/object/install for i in *.gz do zcat $i | sudo tar xvf - done for i in *.zip do sudo unzip $i done
/optwith a new file system:
sudo mkfs /dev/xvdb sudo mkdir /mnt/opt sudo mount /dev/xvdb /mnt/opt cd /opt sudo find . -depth -print | sudo cpio -pdv /mnt/opt
- Update the
sudo vi /etc/fstab) to mount the new
/optfile system, as shown in the following screen capture:
- Mount the new file system:
sudo umount /mnt/opt sudo mount -a sudo rmdir /mnt/opt
Step 3. Install DB2
- Copy the server response file to a convenient location
cp /mnt/object/install/server/db2/linuxamd64/samples/db2server.rsp /home/ec2-user sudo vi /home/ec2-user/db2server.rsp
- Install a default configuration of DB2 with a single instance (named
db2inst1). Make the following changes:
LIC_AGREEMENT = ACCEPT INTERACTIVE = NONE CONFIG_ONLY = NO
The instance is owned by the
db2sdfe1fenced user and
db2fsdm1group are also required.
- You also create an additional user db2bpm1 group db2bpm1 for use by
BPM (the additional user permits lower privilege than the instance
sudo groupadd db2iadm1 sudo groupadd db2fsdm1 sudo groupadd db2bpm1 sudo useradd -g db2iadm1 -m db2inst1 sudo useradd -g db2fsdm1 -m db2sdfe1 sudo useradd -g db2bpm1 -m db2bpm1
- Now set the passwords for the three user accounts (the command will
prompt for the password):
sudo passwd db2inst1 sudo passwd db2sdfe1 sudo passwd db2bpm1
- Validate the response file:
cd /mnt/object/install/server sudo ./db2setup -c -r /home/ec2-user/db2server.rsp
- Correct any errors that you find.
- Update the kernel / operating system configuration as recommended for DB2.
- Install DB2 and create the db2inst1 instance:
cd /mnt/object/install/server sudo ./db2setup -r /home/ec2-user/db2server.rsp
- Check the installation.
Step 4. Install IBM BPM
- Make the following changes to the
sudo vi /etc/security/limits.conf):
* soft stack 32768 * hard stack 32768 * soft nofile 65536 * hard nofile 65536 * soft nproc16384 * hard nproc 16384 # for DB2 * soft fsize unlimited * hard fsize unlimited
- Edit /etc/security/limits.d/90-nproc.conf to set nproc to 16384 .
- Copy the example response file to an appropriate location : cp /mnt/object/install/responsefiles/BPM/bpmAdv_linux_response_root_64bit.xml /home/ec2_user
- Edit the file and make the following changes to the repository
sudo vi /home/ec2-user/bpmAdv_linux_response_root_64bit.xml <server> <!-- ==================== IBM Installation Repository Location =====================--> <repository location='/mnt/object/install/IM64/' temporary='true'/> <!-- ================= IBM Business Process Manager Advanced, WebSphere Application Server ND, DB2 Express ===================--> <repository location="/mnt/object/install/repository/repos_64bit/" /> </server> cd /mnt/object/install/IM64 sudo ./installc -acceptLicense input /home/ec2-user/bpmAdv_linux_response_root_64bit.xml -log /home/ec2-user/bpm_silent_install.log
- Install IBM BPM, as shown in the following example commands:
cd /mnt/object/install/IM64 sudo ./installc -acceptLicense input /home/ec2-user/bpmAdv_linux_response_root_64bit.xml -log /home/ec2-user/bpm_silent_install.log
Step 5. Create the IBM BPM profiles
- Copy the default BPMconfig configuration file to /home/ec2-u ser with the following command: cp /opt/ibm/BPM/v8.5/BPM/samples/config/advanced/Advanced-PC-ThreeClusters-DB2.properties /home/ec2-user
- Edit the file ( sudo vi
/home/ec2-user/Advanced-PC-ThreeClusters-DB2.properties ) and make the
bpm.de.authenticationAlias.1.user=bpmadmin bpm.de.authenticationAlias.1.password= the password you want to use bpm.de.authenticationAlias.2.user=db2bpm1 bpm.de.authenticationAlias.2.password= the password you want to use bpm.cell.authenticationAlias.1.user=wasadmin bpm.cell.authenticationAlias.1.password= the password you want to use
Amazon Web Services Tip:
- The public and internal DNS name of your instance is available in the EC2 console.
- Expand Instances, click Instances, select the instance and look at the lower right details pane.
- Use the internal DNS because it is persistent and unchanging and also effects routing and charging of traffic.
- The external DNS can change when the instance is restarted and therefore is inappropriate for internal traffic.
bpm.dmgr.hostname=ip-172-31-5-126.us-west-2.compute.internal bpm.dmgr.installPath=/opt/ibm/BPM/v8.5 bpm.de.node.1.hostname=ip-172-31-5-126.us-west-2.compute.internal bpm.de.node.1.installPath=/opt/ibm/BPM/v8.5 bpm.de.db.1.hostname=ip-172-31-5-126.us-west-2.compute.internal bpm.de.db.2.hostname=ip-172-31-5-126.us-west-2.compute.internal bpm.de.db.3.hostname=ip-172-31-5-126.us-west-2.compute.internal bpm.de.db.4.hostname=ip-172-31-5-126.us-west-2.compute.internal
- Now validate your configuration file:
cd /opt/ibm/BPM/v8.5/bin sudo ./BPMConfig.sh -validate /home/ec2-user/Advanced-PC-ThreeClusters-DB2.properties
- Correct any errors and create the profiles:
sudo ./BPMConfig.sh -create /home/ec2-user/Advanced-PC-ThreeClusters-DB2.properties
- For convenience we will create the databases under /opt, you would
wish to follow your organisation's policies and
sudo mkdir /opt/data sudo chown db2inst1 /opt/data
- Create the databases:
$ cd /opt/ibm/BPM/v8.5/profiles/DmgrProfile/dbscripts/PCCell1.De1/DB2/BPMDB $ sudo vi createDatabase.sql sudo su - db2inst1 add ' on /opt/data' to the create database SQL after 'automatic storage yes': create database BPMDB automatic storage yes on /opt/data using codeset UTF-8 territory US pagesize 32768;
- createDatabase.sql CMNDB PDWDB ).
- Create the databases: $ sudo su - db2inst1
$ cd /opt/ibm/BPM/v8.5/profiles/DmgrProfile/dbscripts/PCCell1.De1/DB2/BPMDB $ ./createDatabase.sql $ cd ../CMNDB $ ./createDatabase.sh $ cd ../PDWDB $ ./createDatabase.sh
- Create the schemas.
$ cd /opt/ibm/BPM/v8.5/profiles/DmgrProfile/dbscripts/PCCell1/DB2/CMNDB $ db2 connect to CMNDB $ db2 -tf createSchema_Advanced.sql $ db2 terminate $ cd ../../../PCCell1.De1/DB2/BPMDB $ db2 connect to BPMDB $ db2 -tvf createSchema_Advanced.sql $ db2 -tdGO -vf createProcedure_Advanced.sql $ db2 terminate $ cd ../CMNDB $ db2 connect to CMNDB $ db2 -tvf createSchema_Advanced,sql $ db2 -tvf createSchema_Messaging.sql $ db2 terminate $ cd ../PDWDB $ db2 connect to PDWDB $ db2 -tvf createSchema_Advanced.sql $ db2 terminate $ exit
- Populate the database:
$ cd /opt/ibm/BPM/v8.5/profiles/DmgrProfile/bin $ sudo ./bootstrapProcessServerData.sh -clusterName AppCluster
- Copy the IBM HTTP Server installation files as shown in the following
sudo mkdir /mnt/object/supplements sudo chown ex2-user /mnt/objects/supplements
- Use the secure file transfer protocol (
sftp) to copy the three archives.
- Unzip the archives:
cd /mnt/objects/supplements for i in *.zip do sudo unzip $i done
- Copy the two response files that you are interested in to
/home/ec2-user(the IBM HTTP Server and the WebSphere Application Server plug-in).
cd /mnt/object/supplements/responsefiles/samples cp WASv85.ihs.install.Win32.xml /home/ec2-user cp WASv85.plg.install.Win32.xml /home/ec2-user/
- Edit the IBM HTTP Server file and make the following changes:
<repository>information for the three disks and comment out the online repository manager:
85"/> --> and <!-- <repository location='insert the full directory path inside single quotes'/> --> <repository location='/mnt/object/supplements/disk1'/> <repository location='/mnt/object/supplements/disk2/ad'/> <repository location='/mnt/object/supplements/disk3/ad'/>
In <install>amend the offering to select the 64bit (from 32bit) version of IHS:
<offering id='com.ibm.websphere.IHS.v85' profile='IBM HTTP Server for WebSphere Application Server V8.5' features='core.feature,arch.64bit' installFixes='none'/> <!-- <offering id='PM12345_WAS80' profile='IBM HTTP Server for WebSphere Application Server V8.5'/> --> </install>
<profile id='IBM HTTP Server for WebSphere Application Server V8.5' installLocation='/opt/IBM/HTTPServer'>
<profile id='IBM HTTP Server for WebSphere Application Server V8.5' installLocation='/opt/IBM/HTTPServer'> <data key='eclipseLocation' value='/opt/IBM/HTTPServer'/>
eclipseCachefor Linux defaults (
<preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/var/ibm/InstallationManager'>
- Install IBM HTTP Server:
cd /opt/IBM/InstallationManager/eclipse/tools sudo ./imcl -acceptLicense -showprogress -log /home/ec2-user/ihs-install.log -input /home/ec2-user/WASv85.ihs.install.Win32.xml
- Edit the WebSphere plug-in installation file at sudo vi
/home/ec2-user/WASv85.plg.install.Win32.xml and make the following
In <server> add <repository> information for the three disks and comment out the online repository manager:
<!-- <repository location="
<!-- <repository location='insert the full directory path inside single quotes'/> --> <repository location='/mnt/object/supplements/disk1'/> <repository location='/mnt/object/supplements/disk2/ad'/> <repository location='/mnt/object/supplements/disk3/ad'/>
Amend the profile to match Linux defaults.
<profile id='Web Server Plug-ins for IBM WebSphere Application Server V8.5' installLocation='C:\Program Files\IBM\WebSphere\Plugins'> <data key='eclipseLocation' value='C:\Program Files\IBM\WebSphere\Plugins'/>
<profile id='Web Server Plug-ins for IBM WebSphere Application Server V8.5' installLocation='/opt/IBM/WebSphere/Plugins'> <data key='eclipseLocation' value='/opt/IBM/WebSphere/Plugins'/> <data key='user.import.profile' value='false'/> <data key='cic.selector.nl' value='en'/> </profile>
Change the cache location from <preference name=’com.ibm.cic.common.core.preferences.eclipseCache’ value=’C:\Program Files\IBM\IMShared’/>t o <preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/IBM/IMShared'/>
- Install the plug-ins:
cd /opt/IBM/InstallationManager/eclipse/tools sudo ./imcl -acceptLicense -showProgress -log /home/ec2-user/plugins-install.log -input /home/ec2-user/WASv855
- Log in to the deployment manager as your administrative user
wasadmin) and then expandServers . Then select Server Types > Web Servers .
- Add the web server definition to the deployment manager, as shown in the following screen capture:
- Click Add, give the web server a name, select a node, and select IBM HTTP Server, as shown in the following screen capture:
- Click Next, Next again, and then and confirm that the configuration matches the HTTP and plugin locations you selected when installing, as shown in the following screen capture:
- Click Next and then click Finish.
- Click Save. The definition is saved to the repository and the server is listed underWeb servers, as shown in the following screen capture:
- Create a
$ sudo ./gskcapicmd -keydb -create -db /opt/IBM/HTTPServer/ihsserverkey.kdb -pw <password> -stash
- Add a self certified certificate:
sudo ./gskcapicmd -cert -create -db /opt/IBM/HTTPServer/ihsserverkey.kdb
-pw password -dn "cn=ec2-52-42-174-74.us-west-2.compute.
" -label "Quick test certificate"
Amazon Web Services Tip: Remember the DNS name will change when the server is rebooted: use the Amazon Web Services facility for permanent DNS addresses.
- Edit the SSL stanza in the HTTPD server configuration file
httpd.conf). The changes to the permitted SSL versions ensures that current Firefox and Chrome browsers connect. Extend the configuration with your organization's permitted specifications.
$ cd /opt/IBM/HTTPServer/conf $ sudo vi httpd.conf ## SSLv3 128 bit Ciphers SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5 # Example SSL configuration which supports SSLv3 and TLSv1 # To enable this support:
- Create a key database with ikeyman
- Update the KeyFile directive below to point to that key database
- Uncomment the directives up through the end of the example
# LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Listen 443 <VirtualHost *:443> SSLEnable </VirtualHost> KeyFile /opt/IBM/HTTPServer/ihsserverkey.kdb #SSLDisable # End of example SSL configuration
- Configure the plug-in:
$ cd /opt/IBM/HTTPServer/conf $ sudo vi httpd.conf
- Append the following text:
LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver/plugin-cfg.xml
- Restart the HTTP server.
- On the Amazon Web Services console, allow access to your HTTP Server
on 80 for the HTTP port and 443 for the HTTPS port (find your instance
and click on the appropriate security group). Click the inbound route
and add 80 and 443, as shown in the following screen capture:
Amazon Web Services Tip: Your system is globally accessible if you use the default settings. Consider carefully how you can secure and protect the system using Amazon Web Services security groups and configuration of the instance.
- You can now stop and start your environment.
Run the following commands:
$ cd /opt/bpm/BPM/v8.5/bin $ sudo ./BPMConfig.sh -stop /home/ec2-user/Advanced-PC-ThreeClusters-DB2.properties $ sudo ./BPMConfig.sh -start /home/ec2-user/Advanced-PC-ThreeClusters-DB2.properties
Log in with the
Run the following commands:
$ sudo su - db2inst1 $ db2start $ exit $ cd /opt/ibm/BPM/v8.5/bin $ sudo ./BPMConfig.sh -start /home/ec2-user/Advanced-PC-ThreeClusters-DB2.properties $ cd /opt/IBM/HTTPServer/bin $ sudo ./apachectl start
This tutorial described a typical installation and configuration of IBM BPM Process Center for a Golden topology, using the silent installation option.
Now you understand how to plan your own installation of IBM BPM on Amazon Web Services, if it is your preferred public cloud infrastructure. Use these tips and pointers to work with your cloud implementation and plan a successful first-time installation.
The Golden topology implementation does not work in all situations. Therefore, consider the following more resilient topologies for high availability in production use:
- Two or more virtual machines for the Process Center nodes, providing high availability to the failure of one Process Center instance.
- Use of an high availability DB2 service, either consuming an existing service or adding a second DB2 virtual machine in an HA configuration (four Amazon Web Services virtual machines) .
- Separation of the deployment manager to a separate Amazon Web Services virtual machine to simplify recovery.
Also, you should make sure to consider benchmarking, tuning and sizing of the images for the workload that is expected and experienced.
The authors would like to thank Claudio Tagliabue for reviewing this tutorial.
- IBM Eligible Public Cloud Bring Your Own Software License (BYOSL) Policy
- IBM BPM V8.5.7 product documentation
- Getting started with WebSphere Liberty in Amazon Web Services
- Basic deployment of IBM MQ on Amazon Web Services
- Amazon Web Services IBM website