STEP 7. Configuring IBM AD Mainframe Projects Service

Edit online
Follow the configuration steps that are needed to have up and running IBM® AD Mainframe Projects Service:
  1. Configure the parameters that are present in the conf.yaml file
  2. Make IBM AD Mainframe Projects Service available in IBM AD Configuration Server
  3. Restart IBM AD Mainframe Projects Service
Note: When configuring IBM AD Mainframe Projects Service, you need to add in IBM AD Configuration Server the group names that are defined in Secure Storage to decide which projects are accessible to specific users.

1. Configure the parameters that are present in the conf.yaml file

Important: The configuration of the following parameters is not mandatory. It is recommended to follow below steps only in case that you had previously configured these parameters and you performed an upgrade to the latest version of IBM AD product.
On the machine where IBM AD Mainframe Projects Service is installed, go to <IBM ADDI Installation Folder>/IBM Application Discovery Mainframe Projects Service/conf/ and make sure that the conf.yaml is present. If the conf.yaml file is not present in the /conf folder, go to <IBM ADDI Installation Folder>/IBM Application Discovery Mainframe Projects Service/sample-conf/ and copy the conf.yaml file in the /conf folder. Open the conf.yaml file by using a text editor and enter the desired values for the parameters that are detailed below.
Note: The parameters are represented in YAML as mappings that consist of a parameter key and the value that is associated to that key. The format of the mapping is the parameter key represented by a string, which is terminated by a trailing colon that is followed by a space. The value for that parameter key is represented by a string that follows the key's colon and space. Example:
my_parameter: my_value
  1. Add the port of IBM AD Configuration Server.
    ## Coordination and Configuration Server port
## default 2181
ccs.server.port: 2181
  2. Set the https parameter as follows:
    1. If the https parameter is set to false, a non-secured communication is used.
      #if communication should be secured with TLS
https: false
    2. If the https parameter is set to true, a secured communication is used.
      Note: This step implies the use of certificates. If you want to set the communication to be secured, make sure that a certificate authority issues a signed certificate (.crt) and a private key for the certificate (.key).
      #if communication should be secured with TLS
https: true
    Note: If the https parameter is set to true, an additional step needs to be performed. Locate startServer.bat file under <IBM ADDI Installation Folder>/IBM Application Discovery Mainframe Projects Service/ and replace the following line:
    set tlsoptions=
    with:
    SET keystorepath=<"path_to_keystore">
SET keystorepass=<"password_of_keystore">
set tlsoptions=-Djavax.net.ssl.keyStore="%keystorepath%" -Djavax.net.ssl.keyStorePassword="%keystorepass%"
    Where:
    • Path to keystore is the path to the keystore that holds the certificate for IBM AD Mainframe Projects Service.
    • Keystore password is the keystore password.
  3. Leave blank the line where the authSrv parameter is present if Authentication Server (DEX) is not needed.
    #authentication server URL
authSrv:
    Otherwise, set the authSrv parameter as follows:
    1. If the value of the https parameter is set to true, add the URL of Authentication Server (DEX) where authSrv parameter is present. Authentication Sever (DEX) that belongs to the IBM AD package is used. For more information, see STEP 4. (Optional) Configuring Authentication Server (DEX). Example:
      #authentication server URL
authSrv: https://WIN-ASK7V692EKB.ferdinand2.com:7600/dex
    2. If the value of the https parameter is set to false and the Authorization and Authentication feature is enabled, add the URL of Authentication Server (DEX). Example:
      #authentication server URL
authSrv: http://WIN-ASK7V692EKB.ferdinand2.com:7600/dex
  4. The default value of the disableAuth parameter is true. Leave the default value if Authentication Server (DEX) is not needed.
    #disable authentication/authorization. allow all files to be sent
disableAuth: true
    Otherwise, set the disableAuth parameter to false. The false value keeps enabled the authentication.
    #disable authentication/authorization. allow all files to be sent
disableAuth: false

2. Make IBM AD Mainframe Projects Service available in IBM AD Configuration Server

Through IBM AD Mainframe Projects Service a user is authorized to access the AD projects.

After IBM AD Mainframe Projects Service is up and running, go to IBM AD Configuration Server and make IBM AD Mainframe Projects Service available for the other IBM AD components as follows:
  1. Access Start Menu > IBM Application Discovery and Delivery Intelligence > Launch IBM Application Discovery Configuration Service Admin, and go to Configure > Environments > "Your environment" > Services > Mainframe Projects Service. The IBM AD Mainframe Projects Service settings page is displayed.
  2. Set the Poll interval parameter to determine how frequently the projects are tested (seconds).
  3. Click Save.

3. Restart IBM AD Mainframe Projects Service

  • On Windows
    1. Once the configuration is done, go to the Dashboard tab, in IBM® AD Configuration Server, click the menu button of Mainframe Projects Service, and select Restart Service.
      Note: Wait until the service is restarted, this can take a few minutes to complete.
    2. If the service does not start, check the mfprojs.log file under <IBM ADDI Installation Folder>/IBM Application Discovery Mainframe Projects Service/log folder.