IBM Support

Cross-cell configuration between IBM Business Monitor and IBM Business Process Manager

White Papers


Abstract

This document describes a cross-cell configuration between IBM Business Monitor and IBM Business Process Manager (BPM) to allow for the monitoring of events from Business Process Definitions (BPDs) deployed in a remote cell to IBM Business Monitor.

Content

The instructions below assume an environment with IBM Business Monitor V8.0.1, IBM Business Process Manager V8.0.1, and DB2 for Linux, UNIX, and Windows V9.7.0.4 installed. It also assumes that an IBM Business Process Manager Advanced Process Server Deployment Manager profile is created with at least one custom node federated into it, and a IBM Business Monitor standalone profile is created and verified.

The information in this document is based on the same set of instructions from this Information Center article, under the Multiple-cell environment with the BPM event emitter service in the IBM Business Process Manager Advanced cell section. This document illustrates the exact same set of instructions with accompanying screenshots.


a. Configure IBM Business Process Manager Advanced. After the configuration, a CEI event service is deployed.
When the BPM Advanced Deployment Environment is created, the CEI event service is deployed automatically. Unless an error is observed during the creation of the Deployment Environment, we can assume that this step is complete.

b. Configure server-to-server SSL, as described in Configuring server-to-server SSL in multiple-cell environments.
The following pieces of information are needed for this step:
a) The hostname and the SOAP port number for the BPM Process Server Deployment Manager
b) The hostname and the SOAP port number of the standalone IBM Business Monitor server.

Once you have both of these pieces of information, go to the link below on the Process Server side.
security → SSL Certificate and key management → key stores and certificates → NodeDefaultTrustStore → Signer certificates → Retrieve from port.

Enter the details for the standalone IBM Business Monitor server:



After each change in a clustered environment, it is a good practice to synchronize the nodes in order to keep them consistent.



This is step 6 from the Information Center article on Configuring server-to-server SSL in multiple-cell environments:
• From the navigation panel, click Security > SSL Certificate and key management > Manage endpoint security configurations.
• For both Inbound and Outbound, ensure that the cell SSL settings are configured to use the default cell SSL settings and the default certificate alias under Specific SSL configuration for this endpoint.
• For each node under the cell, ensure that the Override inherited values check box is unchecked.
• Click OK and save your changes to the master configuration.




Check whether default is selected as the value for CellDefaultSSLSettings:





The Override Inherited Values needs to be unchecked for both the Inbound and the Outbound SSL configurations:






This is step 7 from the Information Center article on Configuring server-to-server SSL in multiple-cell environments:
• From the navigation panel, click Security > Global Security. Under RMI/IIOP security, click CSIv2 outbound communications.
• Click Trusted authentication realms - outbound.
• Select Trust realms as indicated below. Click Add External Realm and add the realm of the remote cell. Click Apply. To obtain the realm of the remote cell, from the administrative console, click Security > Global Security. The realm name is listed under User Account repository.



This is step 8 from the Information Center article on Configuring server-to-server SSL in multiple-cell environments:
• Verify that the Use identity assertion setting is enabled



Note: All the SSL related steps above were done on the BPM Process Server . The exact same steps need to be repeated on the standalone IBM Business Monitor server.

c. Share LTPA keys
On the BPM Process Server, go to Security → Global security → Authentication mechanisms and expiration → LTPA.
Export the LTPA Keys. Specify a password which will be used when we import the LTPA Keys:



Import the keys into IBM Business Monitor using the same link for LTPA:



Note: The exact same procedure needs to be done on the IBM Business Monitor server.

d. Enable Identity Assertion
We can skip this section, as we have already completed this as part of the SSL configuration.

e. Configure table-based event delivery

The purpose of this step is to create the data source: Monitor_<cell_name>__Routing_Database, where <cell_name>is the name of the cell where IBM Business Monitor is installed.
This step needs to be run on the Deployment Manager of the BPM Process Server.

We can use the Jython example below to create the data source. Save the script below in a .py file, and pass it as a parameter to the wsadmin command.

./wsadmin.sh -lang jython -f /localhome/IBM/BPM801/util/WBM/configureQueueBypass_mod.py

##################################################################
# Run the admin task using the parameters defined above
##################################################################
AdminTask.wbmConfigureQueueBypassDatasource(['-monitorCell', 'MON8Cell', '-databaseType', 'db2'
, '-jdbcProvider', 'DB2 Using IBM JCC Driver (XA)', '-driverType', '4', '-databaseName', 'FCMON
8', '-databaseServerName', 'gamma.svl.ibm.com', '-databaseServerPort', '60004', '-user wps -pas
sword xxxxxxx'])

##################################################################
# Save the changes
##################################################################
AdminConfig.save()


Once the script successfully completes, synchronize the nodes and check for the creation of the data source in the WebSphere Application Server Administrative Console.

f. Configure the remote MONITOR bus in the BPM cell
You need to run configRemoteMonitorBus.sh on the IBM Business Monitor server to create a MONITOR Bus on the BPM process Server, and to create the Service Integration Bus Link between the two cells.
You will need to create a properties file, which will have all the parameters necessary to create such configurations.

Notes:
a) You will need a common user that exists on both the IBM Business Monitor server and the BPM Process Server. This user is expected to satisfy the Bus Link user authorization role.
b) The MONITOR Bus to be created will need a repository for its Messaging Engine. In this case a DB2 datastore is used. For the same purpose, you will need to create a JDBC Datasource, and use an authentication alias that has the permission to create tables in that DB2 database.



// Below is the property file that was used for the creation of this document. Since the script is run on the IBM Business Monitor server, LOCAL_WAS_HOST is the IBM Business Monitor Deployment Manager hostname, and REMOTE_WAS_HOST is the IBM BPM Deployment Manager hostname. Replace them with the values for your environment.

SECURE_CONFIGURATION=true

LOCAL_WAS_HOST=xxxxxxx.usca.ibm.com
LOCAL_WAS_PORT=8884
LOCAL_WAS_MESSAGING_ENGINE=MON8Node.server1-MONITOR.MON8Cell.Bus
LOCAL_WAS_USERID=bpm801admin
LOCAL_WAS_PASSWORD=xxxxxxx

REMOTE_WAS_HOST=xxxxxxxx.usca.ibm.com
REMOTE_WAS_PORT=8885
REMOTE_WAS_USERID=bpm801admin
REMOTE_WAS_PASSWORD=xxxxxxxx

#REMOTE_WAS_ME_NODE=PSCust1Node
#REMOTE_WAS_ME_SERVER=PSDE.Messaging.PSCust1Node.0
REMOTE_WAS_ME_CLUSTER=PSDE.Messaging
REMOTE_WAS_ME_STORE=datastore


REMOTE_WAS_BUS_USERID=bpm801admin
REMOTE_WAS_BUS_PASSWORD=xxxxxxxxx

LINK_USERID=bpm801admin
LINK_USERID_REMOTE_PASSWORD=xxxxxxxx
LINK_USERID_LOCAL_PASSWORD=xxxxxxxxxx

#REMOTE_WAS_ME_STORE_DEFAULT_DATASOURCE=true
REMOTE_WAS_ME_STORE_JNDI=jdbc/psmonLINK
REMOTE_WAS_ME_STORE_ALIAS=PROCSVRME_PSDE.Messaging_Auth_Alias
#REMOTE_WAS_ME_STORE_LOG=
#REMOTE_WAS_ME_STORE_PERMANENT=
#REMOTE_WAS_ME_STORE_TEMP=

// See the successful run below


bash-4.2# ./configRemoteMonitorBus.sh -props /localhome/IBM/BPM801/scripts.wbm/crossCell/configRemoteMonitorBus_mod.props
IBM WebSphere Application Server, Release 8.0
Java EE Application Client Tool
Copyright IBM Corp., 1997-2009
WSCL0012I: Processing command line arguments.
WSCL0013I: Initializing the Java EE Application Client Environment.
[2/11/14 16:53:41:708 PST] 00000000 W UOW=null source=com.ibm.ws.ssl.config.SSLConfig org=IBM prod=WebSphere component=Application Server thread=[P=421388:O=0:CT]
CWPKI0041W: One or more key stores are using the default password.
WSCL0035I: Initialization of the Java EE Application Client Environment has completed.
WSCL0014I: Invoking the Application Client class com.ibm.wbimonitor.sib.configassist.Launcher


This utility will create a foreign bus link between the Monitor bus and a remote cell
Reading properties from file /localhome/IBM/BPM801/scripts.wbm/crossCell/configRemoteMonitorBus_mod.props

*** SSL SIGNER EXCHANGE PROMPT ***
SSL signer from target host 9.52.154.89 is not found in trust store /localhome/IBM/BPM801/profiles/BMONSA/etc/trust.p12.

Here is the signer information (verify the digest value matches what is displayed at the server):

Subject DN: CN=xxxxxxxxx.usca.ibm.com, OU=MON8Cell, OU=MON8Node, O=IBM, C=US
Issuer DN: CN=xxxxxxxx.usca.ibm.com, OU=Root Certificate, OU=MON8Cell, OU=MON8Node, O=IBM, C=US
Serial number: 317720531049333
Expires: Fri Jan 23 11:12:42 PST 2015
SHA-1 Digest: AB:E0:AD:F9:3D:A6:03:69:7C:87:CD:80:0A:0B:0D:DD:19:9A:27:C8
MD5 Digest: AC:5F:99:AE:45:2A:67:67:59:95:6C:2A:F5:70:7D:C4

Subject DN: CN=xxxxxxxxxx.usca.ibm.com, OU=Root Certificate, OU=MON8Cell, OU=MON8Node, O=IBM, C=US
Issuer DN: CN=xxxxxxxxxx.usca.ibm.com, OU=Root Certificate, OU=MON8Cell, OU=MON8Node, O=IBM, C=US
Serial number: 317717225961101
Expires: Fri Jan 19 11:12:38 PST 2029
SHA-1 Digest: AB:E0:AD:F9:3D:A6:03:69:7C:87:CD:80:0A:0B:0D:DD:19:9A:27:C8
MD5 Digest: AC:5F:99:AE:45:2A:67:67:59:95:6C:2A:F5:70:7D:C4

Add signer to the trust store now? (y/n) y
A retry of the request may need to occur if the socket times out while waiting for a prompt response. If the retry is required, note that the prompt will not be redisplayed if (y) is entered, which indicates the signer has already been added to the trust store.

*** SSL SIGNER EXCHANGE PROMPT ***
SSL signer from target host 9.52.154.89 is not found in trust store /localhome/IBM/BPM801/profiles/BMONSA/etc/trust.p12.

Here is the signer information (verify the digest value matches what is displayed at the server):

Subject DN: CN=xxxxxxxx.usca.ibm.com, OU=PSCell, OU=PSDmgrNode, O=IBM, C=US
Issuer DN: CN=xxxxxxxxx.usca.ibm.com, OU=Root Certificate, OU=PSCell, OU=PSDmgrNode, O=IBM, C=US
Serial number: 1740116563933263
Expires: Sun Feb 08 22:19:22 PST 2015
SHA-1 Digest: FA:18:28:70:87:27:2E:5F:93:8C:41:4E:F9:3B:FB:A2:0D:50:EB:18
MD5 Digest: B1:E9:6E:6C:C0:68:16:E3:72:A3:59:C5:90:FF:A4:EB

Subject DN: CN=xxxxxxxxx.usca.ibm.com, OU=Root Certificate, OU=PSCell, OU=PSDmgrNode, O=IBM, C=US
Issuer DN: CN=xxxxxxxx.usca.ibm.com, OU=Root Certificate, OU=PSCell, OU=PSDmgrNode, O=IBM, C=US
Serial number: 1740113369868880
Expires: Sun Feb 04 22:19:18 PST 2029
SHA-1 Digest: FA:18:28:70:87:27:2E:5F:93:8C:41:4E:F9:3B:FB:A2:0D:50:EB:18
MD5 Digest: B1:E9:6E:6C:C0:68:16:E3:72:A3:59:C5:90:FF:A4:EB

Add signer to the trust store now? (y/n) y
A retry of the request may need to occur if the socket times out while waiting for a prompt response. If the retry is required, note that the prompt will not be redisplayed if (y) is entered, which indicates the signer has already been added to the trust store.
Creating remote Bus MONITOR.PSCell.Bus
Adding cluster PSDE.Messaging to the bus
Creating the foreign buses
Creating the foreign bus links
Saving the configuration changes
Saved

You must restart both application servers for this change to take effect.

Save the changes on both of the servers, and restart the environments. Check for the successful start up of the BusLink:



g. Create a J2C authentication alias named EventEmitterAlias on Process Server
You can use any valid user ID and password combination.

h. Copy the following files from Business Monitor to the IBM Business Process Manager Advanced installation
WAS_HOME/instalableApps.wbm/EmitterServices.ear
WAS_HOME/plugins/com.ibm.wbimonitor.admin.command.jar
WAS_HOME/plugins/com.ibm.wbimonitor.restconfig.jar

i. After restarting the deployment manager, start a wsadmin console and run the command to install and configure the emitter application.

//emitter application install and configuration

bash-4.2# ./wsadmin.sh -lang jython
WASX7209I: Connected to process "dmgr" on node PSDmgrNode using SOAP connector; The type of process is: DeploymentManager
WASX7031I: For help, enter: "print Help.help()"
wsadmin>AdminTask.wbmConfigureEventEmitterFactory(['-cluster', 'PSDE.AppTarget'])
''
wsadmin>AdminTask.wbmDeployBPMEmitterService(['-cluster', 'PSDE.AppTarget'])
''
wsadmin>AdminConfig.save()
''
wsadmin>quit

Save the configuration changes and restart both IBM BPM and IBM Business Monitor.
This completes the cross-cell configuration for IBM BPM and IBM Business Monitor.


In summary, the event flow between an IBM Business Process Manager Process Server and an IBM Business Monitor V8.0.1 in a cross cell scenario requires additional configuration steps, as outlined in this document above. Once this configuration is complete, you should see the result of an end-to-end traffic, leading to Business Space showing the instance data.

[{"Product":{"code":"SS7NQD","label":"IBM Business Monitor"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Event Processing","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0.1.2;8.0.1.1;8.0.1;8.0;7.5.1.2;7.5.1.1;7.5.1","Edition":"","Line of Business":{"code":"LOB15","label":"Integration"}},{"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Installation \/ Configuration","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"","label":"Linux zSeries"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0.1.2;8.0.1.1;8.0.1;8.0;7.5.1.2;7.5.1.1;7.5.1;7.5.0.1;7.5","Edition":"Not Applicable","Line of Business":{"code":"LOB15","label":"Integration"}},{"Product":{"code":"SSFTBX","label":"IBM Business Process Manager Express"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Installation \/ Configuration","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"8.0.1.2;8.0.1.1;8.0.1;8.0;7.5.1.2;7.5.1.1;7.5.1;7.5.0.1;7.5","Edition":"Not Applicable","Line of Business":{"code":"LOB15","label":"Integration"}},{"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Installation \/ Configuration","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"","label":"Linux zSeries"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0.1.2;8.0.1.1;8.0.1;8.0;7.5.1.2;7.5.1.1;7.5.1;7.5.0.1;7.5","Edition":"Not Applicable","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
17 June 2018

UID

swg27041520