Deploying PEM on Docker

Edit online

Describes how to deploy IBM Sterling Partner Engagement Manager (PEM) 6.3 on Docker using the PEM 2.0 architecture.

Overview

  1. PEM 2.0 introduces a modern architecture that includes the Identity Service and a new user interface.
  2. In the PEM 2.0 architecture, some legacy PEM components are no longer required.

Before you begin

Before installing PEM 6.3, ensure that:

  • System requirements are met.
  • A supported container runtime (Docker or Podman) is installed.
  • A supported database is available and accessible.
  • PEM 6.3 installation media is downloaded from IBM Passport Advantage.

Download and extract the installation media

  1. Sign in to IBM Passport Advantage and download IBM Sterling Partner Engagement Manager version 6.3.
  2. Extract the installation package to a working directory on the host system.

    The extracted content includes:

    • PEM container images
    • A sample MountFiles.zip archive used to create mount directories

Prepare the PEM mount directory

  1. Extract MountFiles.zip and choose a directory on the host system to use as the PEM mount directory.
  2. Copy the extracted mount file structure into this directory.
  3. In the PEM mount directory, configure the following as required:
    • Database driver files
    • SSL keystore and truststore files
    • setup.cfg
    • passphrase.txt (if required)
Important:

When creating server certificates for PEM or related services, ensure that the certificate includes Subject Alternative Names (SANs).

This is required to avoid TLS validation issues.

Configure PEM for the PEM 2.0 architecture

  1. Open setup.cfg from the PEM mount directory and configure the required properties, including:
    • Database connection details
    • Server SSL configuration
    • PEM service ports
    For more information, see Configuring the Setup.cfg File.
  2. Specify the planned host and port values for the Identity Service, which will be deployed later in the installation flow.
Important: Restart the PEM container whenever setup.cfg is modified.

Initialize the database schema

  1. Run the database initialization or migrator container provided with the PEM 6.3 installation media.
  2. Verify that database connectivity is successful and that the required schema objects are created.
Note: PEM 6.3 does not require a separate test-mode schema for activity testing. Activity testing data is stored in the primary schema and managed by the application.

Deploy required PEM 1.0 services

Although users interact with PEM through the PEM 2.0 user interface, PEM 2.0 relies on specific PEM 1.0 backend services for core functionality. You must deploy these required services before deploying PEM 2.0.

  1. Determine which PEM 1.0 services are required for your deployment. Consult the PEM 2.0 architecture documentation or your deployment plan to identify the necessary services.
  2. Deploy the required PEM 1.0 containers using the standard fresh-deployment process. For more information, see Fresh deployment of IBM PEM.
  3. Verify that all deployed PEM 1.0 services are running and accessible by checking service status and connectivity.
Important:

For PEM 2.0 deployments:

  • Deploy only the PEM 1.0 services required by PEM 2.0.
  • Do not deploy PEM Partner Repository (PR) or PEM Partner Provisioner (PP). These components are not used in the PEM 2.0 architecture.

Deploy the Identity Service

  1. Prepare the Identity Service mount directory by copying database driver and required security artifacts.
    Important: Add only one database driver file corresponding to the database type. Multiple driver files are not supported.
  2. Create a PKCS12 (.p12) keystore for server SSL, if required.
  3. Configure the Identity Service configuration file with:
    • Database details
    • PEM 2.0 URL
    • Server SSL settings
    For more information, see Configuring the Identity Server.
  4. Start the Identity Service container and verify successful startup.

Deploy PEM 2.0 services

  1. Deploy and start the PEM 2.0 services using the configured mount directory.
  2. Deploy the API Gateway, if applicable for your environment.
  3. Verify that PEM 2.0 can successfully communicate with:
    • The Identity Service
    • The deployed PEM 1.0 services

What to do next

After installation:

  • Verify access to the PEM 2.0 user interface.
  • Configure authentication and Single Sign-On, if required.
  • Complete post-installation setup such as users, roles, and basic system settings.