Creating managed-node profiles using the Profile Management Tool

You can create and federate managed-node profiles using the Profile Management Tool.

1. If you want to federate the node to a deployment manager while creating the managed-node profile, start the deployment manager.
2. Use one of the following methods to start the Profile Management Tool.
   • Start the tool from the Quick Start console.
   • Run the command installation_root/bin/ProfileManagement/pmt.sh.
3. On the Welcome page, click Launch Profile Management Tool or select the Profile Management Tool tab.
4. On the Profiles tab, click Create.

   The Environment Selection page opens in a separate window.

5. On the Environment Selection page, locate the IBM® Business Process Manager configuration and expand the section. Select the IBM BPM managed node profile template and click Next.
6. On the Profile Name and Location page, complete the following steps:
   1. In the Profile name field, specify a unique name or accept the default value. Each profile that you create must have a name. When you have more than one profile, you can tell them apart at their highest level by this name.
   2. In the Profile directory field, enter the directory for the profile or use the Browse button to go to the profile directory. The directory you specify will contain the files that define the runtime environment, such as commands, configuration files, and log files. The default directory is installation_root/profiles/profile_name.
   3. Optional: Select Make this profile the default to make the profile you are creating the default profile. This check box is shown only if you have an existing profile on your system.

      When a profile is the default profile, commands work automatically with it. The first profile that you create on a workstation is the default profile. The default profile is the default target for commands that are issued from the bin directory in the product installation root. When only one profile exists on a workstation, every command operates on that profile. If more than one profile exists, certain commands require that you specify the profile to which the command applies.

   4. Click Next. If you click Back and change the name of the profile, you might have to manually change the name on this page when it is displayed again.
7. On the Node and Host Names page, complete the following actions for the profile you are creating:
   • In the Node name field, enter a name for the node or accept the default value. Try keeping the node name as short as possible, but ensure that node names are unique within your deployment environment.
   • In the Host name field, enter a name for the host or accept the default value.

   Click Next.

8. On the Federation page, choose to federate the node into the deployment manager now as part of the profile augmentation, or at a later time and apart from profile augmentation. If you choose to federate the node as part of the profile creation, specify the host name or IP address and SOAP port of the deployment manager, and an authentication user ID and password to be used to authenticate with the deployment manager.
   Important:

   Select Federate this node later if any one of the following situations is true:

   • Another profile is being federated. (Node federation must be serialized.)
   • The deployment manager is not running or you are not sure if it is running.
   • The deployment manager has the SOAP connector disabled
   • The deployment manager has not yet been augmented into a IBM Business Process Manager deployment manager.
   • The deployment manager is not at a release level the same or higher than the release level of the profile you are creating.
   • The deployment manager does not have a JMX administrative port enabled.
   • The deployment manager is re-configured to use the non-default remote method invocation (RMI) as the preferred Java™ Management Extensions (JMX) connector. (Select System administration > Deployment manager > Administration services in the administrative console of the deployment manager to verify the preferred connector type.)

   Note: Note the processing that is associated with federating the node as part of the managed-node profile creation:

   • The Profile Management Tool verifies that the deployment manager exists and can be contacted, and that the authentication user ID and password are valid for that deployment manager (if it is secured).
   • If you attempt to federate a custom node when the deployment manager is not running or is not available for other reasons, a warning box prevents you from continuing. If this warning box appears, click OK and then make different selections on the Federation page.

   Click Next.

9. On the Security Certificate (Part 1) page, specify whether to create new certificates or import existing certificates.
   • To create a new default personal certificate and a new root signing certificate, select Create a new default personal certificate and Create a new root signing certificate, and click Next.
   • To import existing certificates, select Import an existing default personal certificate and Import an existing root signing certificate and provide the following information:
     • In the Path field, enter the directory path to the existing certificate.
     • In the Password field, enter the password for the certificate
     • In the Keystore type field, select the keystore type for the certificate you are importing.
     • In the Keystore alias field, select the keystore alias for the certificate you are importing.
     • Click Next to display the Security Certificate (Part 2) page
     When you import a personal certificate as the default personal certificate, import the root certificate that signed the personal certificate. Otherwise, the Profile Management Tool adds the signer of the personal certificate to the trust.p12 file.
10. On the Security Certificate (Part 2) page, verify that the certificate information is correct.

    If you create the certificates, you can use the default values or modify them to create new certificates. The default personal certificate is valid for one year by default and is signed by the root signing certificate. The root signing certificate is a self-signed certificate that is valid for 15 years by default. The default keystore password for the root signing certificate is WebAS. Change the password. The password cannot contain any double-byte character set (DBCS) characters because certain keystore types, including PKCS12, do not support these characters. The keystore types that are supported depend on the providers in the java.security file.

    When you create either or both certificates, or import either or both certificates, the keystore files that are created are:

    • key.p12: Contains the default personal certificate.
    • trust.p12: Contains the signer certificate from the default root certificate.
    • root-key.p12: Contains the root signing certificate.
    • default-signers.p12: Contains signer certificates that are added to any new keystore file that you create after the server is installed and running. By default, the default root certificate signer and a DataPower® signer certificate are in this keystore file.
    • deleted.p12: Holds certificates deleted with the deleteKeyStore task so that they can be recovered if needed.
    • ltpa.jceks: Contains server default Lightweight Third-Party Authentication (LTPA) keys that the servers in your environment use to communicate with each other.

    These files all have the same password when you create or import the certificates, which is either the default password, or a password that you specify. An imported certificate is added to the key.p12 file or the root-key.p12 file. If you import any certificates and the certificates do not contain the information that you want, click Back to import another certificate.
11. On the Profile Summary page, review the information. Click Create to create the profile or Back to change the characteristics of the profile.
12. On the Profile Complete page, review the information. To proceed to the Quick Start console, make sure that Launch Quick Start console is selected and click Finish.