Connections from Workflow Server to Workflow Center
To establish and work with connections from IBM® Workflow Server to IBM Workflow Center, you should understand the typical behavior of the connections and know where to update the connection settings.
- Behavior
- Settings
- Other sources of information
Behavior
When Workflow Server connects to Workflow Center, authentication is required. The user ID and password that are used for authentication are those that are specified for the authentication alias that is mapped to the Business Automation Workflow Security role ProcessCenterUser.
When Workflow Server successfully establishes a connection to Workflow Center, it sends Workflow Center the following information (which Workflow Center stores in the LSW_Server table):
- Deployed snapshots and running instances
- The user ID and password that are used for Workflow Center to establish a return connection to Workflow Server. The user ID and password that are sent to Workflow Center are retrieved from the authentication alias that is mapped to the Business Automation Workflow Security role BPMAuthor.
- Host and port information, which are used when Workflow Center needs to connect for online deployment or to display a link to the Process Admin console for the Workflow Server.
The host and port information are retrieved from the Business Automation Workflow endpoint configuration by having the following scenarios evaluated in sequence:
- HEARTBEAT_DESIGNATED_DEPLOYMENT_ENDPOINT
- INTERNAL_CLIENT
By default, there is no configuration for the HEARTBEAT_DESIGNATED_DEPLOYMENT_ENDPOINT scenario. As a result, the default settings from the INTERNAL_CLIENT scenario are applied. The default behavior for the INTERNAL_CLIENT scenario is to evaluate the following functions:
- The default virtual host (
defaultVH
attribute) for the deployment environment (if configured). - The secure web container transport of the current application server.
In a clustered environment, the use of a web server is recommended. For additional information, see the topic Customizing Business Automation Workflow to work with a web server.
In case your Workflow Center environment cannot
connect to the web server of Workflow Server, do not
set the web server as the defaultVH
attribute. Instead, only add it to the
EXTERNAL_CLIENT scenario. Specify a virtualHost
or url
attribute
for the INTERNAL_CLIENT scenario that can be contacted by clients running in the data center, such
as your Workflow Center environment. If online
deployment requires a dedicated URL that is different from what all of the other INTERNAL_CLIENT
scenarios use, create a HEARTBEAT_DESIGNATED_DEPLOYMENT_ENDPOINT scenario. For example:
AdminTask.setBPMEndpoint( [ '-scenario', 'HEARTBEAT_DESIGNATED_DEPLOYMENT_ENDPOINT', '-url', 'https://myHost:9443' ] )
For additional information and instructions, see the topic Configuring endpoints to match your topology.
Settings
The following table lists settings that are used in connections between Workflow Server and Workflow Center:
Setting | Description | Business Automation Workflow or IBM Business Process Manager 8.5.0.1 or later | Prior to IBM Business Process Manager 8.5.0.1 |
---|---|---|---|
PC URL | Specifies the URL that Workflow Server uses to connect to a pre-8.5.0.1 Workflow Center. It uses Form-based Authentication. A pre-8.5.0.1 Workflow Center supports only the PC URL setting and it does not support the PC Internal URL setting. To ensure that the Workflow Server can connect to a Workflow Center from any release of IBM Business Process Manager, this setting should always be specified. | processCenterUrl | repository-server-url |
PC Internal URL | Specifies the URL that Workflow Server uses to connect to a Business Automation Workflow or IBM Business Process Manager 8.5.0.1 or later
Workflow Center. It uses Basic Authentication rather than Form-based Authentication. It has the same
format as the PC URL, except that it also has the literal string Internal appended
at the end of the URL. An 8.5.0.1 or later Workflow Center supports both the PC URL setting and the
PC Internal URL setting. The PC Internal URL is the preferred method of communication and it is
automatically used when it is available. To ensure that Workflow Server can connect to a Workflow Center from any
release of IBM Business Process Manager, this setting should always be specified. The setting should
be set to the same host and port as the PC URL. |
processCenterInternalUrl | Not applicable |
Interval | The interval of the heartbeat that is sent from Workflow Server to Workflow Center. It specifies the seconds between the heartbeats when connected to Workflow Center. To set the server to an offline state, specify a value that is less than or equal to 0 (zero), such as -1. To set the server to an online state, specify a value that is greater than 0 (zero), such as 60. | interval | repository-server-interval |
PC User | The authentication alias that is used to connect from Workflow Server to Workflow Center. It must include a user and password that are
capable of being used to log in to the Workflow Center. The default name is ProcessCenterUserAlias. The value can be set using
wsadmin commands or the administrative console. The specified user does not need to be valid in Workflow Server. However, the user must be valid in Workflow Center. If both Workflow Server and Workflow Center share the same user registry, such as LDAP, then the user is valid in both environments. |
ProcessCenterUser | repository-server-user-auth-alias |
Workflow Center Install Group | Specifies the name of a group whose members are authorized to perform
installations on Workflow Server. Workflow Server passes the specified group name to Workflow Center. When a Workflow Center user attempts to install on Workflow Server, Workflow Center performs a check to ensure that the user is a
member of the specified group. On Workflow Center, a user can create process applications and human services, as well as use JavaScript APIs to look up any internal group and add members. For this reason, an internal group should not be specified for the Workflow Center Install setting. Instead, the specified group should exist in the user registry, either LDAP or a file-based registry. For information on deployment authorization requirements, see the topic Restricting installation access to runtime servers. |
ProcessCenterInstall | process-center-install-group |
Information about security configuration properties and roles is found in the following topics:
- Security configuration properties
- Configuration properties for the BPMConfig command
- Business Automation Workflow security roles
- Restricting installation access to runtime servers
IBM Business Automation Workflow uses an authentication alias that is mapped to the ProcessCenterUser role to connect Workflow Center to Workflow Server. By default, the authentication alias is defaulted to the DeAdmin authentication alias. To change the authentication alias for the Workflow Center role using the administrative console, see Modifying authentication aliases. To change the authentication alias for the Workflow Center role using the command line, see .
Typically, each Workflow Server in a runtime environment is connected to a Workflow Center; a single Workflow Center can be connected to multiple servers. You can install process application snapshots from the Workflow Center to one or more of these connected servers.
For additional information on modifying settings and properties for connections between Workflow Server and Workflow Center, see the following topics:
Other sources of information
Other relevant information is found in the following topics: