IBM BS029ML Self Help Guide - Page 6

iv

IBM WebSphere Portal V6 Self Help Guide

2.6.5

LTPA token generation with WebSEAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

2.6.6

Other Tivoli Access Manager considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

2.6.7

LDAP Directory Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

2.7

Database considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

2.7.1

WebSphere Portal Server database disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . 46

2.7.2

Database domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

2.7.3

Distinct databases or distinct schemas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

2.7.4

Database high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

2.8

Portal planning recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

2.8.1

Recommendations for a successful implementation. . . . . . . . . . . . . . . . . . . . . . . 51

Chapter 3.

WebSphere Portal installation

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

3.1

Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

3.1.1

How do I prepare my system for installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

3.1.2

What is about to happen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

3.1.3

Where do I begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

3.1.4

Is it working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

3.2

Database transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

3.2.1

Planning and considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

3.2.2

How do I prepare for the database transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

3.2.3


3.2.4

Is it working. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

3.3

Enable security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

3.3.1

Planning and considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

3.3.2

How do I prepare for WebSphere Portal Server LDAP security . . . . . . . . . . . . . . 74

3.3.3


3.3.4

Is it working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

3.4

Problem determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

3.4.1

Installation problem determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

3.4.2

Database transfer problem determination. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

3.4.3

LDAP security problem determination. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Chapter 4.

WebSphere Portal security

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

4.1

Planning and considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

4.1.1

The basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

4.1.2

WebSphere Member Manager (WMM). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

4.1.3

User registry and member repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

4.1.4

Single sign-on (SSO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

4.1.5

WebSphere Portal login process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

4.1.6

Portal Access Control (PAC). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

4.1.7

Secure communications over SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

4.1.8

Integration with Tivoli Access Manager and WebSEAL . . . . . . . . . . . . . . . . . . . . 96

4.2

Security configurations and customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

4.2.1

The default security configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

4.2.2

Reconfigure security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

4.2.3

Change user IDs and passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

4.2.4

Adding application specific attributes to users and groups . . . . . . . . . . . . . . . . . . 99

4.2.5

Integration with Tivoli Access Manager (TAM) . . . . . . . . . . . . . . . . . . . . . . . . . . 100

4.3

Problem determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

4.3.1

General problem determination recommendations. . . . . . . . . . . . . . . . . . . . . . . 102

4.3.2

Typical portal traces for different security scenarios. . . . . . . . . . . . . . . . . . . . . . 105

4.3.3

Tools for troubleshooting security problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

4.3.4

Anatomy of configuration files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Section	Page
Go to the current abstract on ibm.com/redbooks	1
Contents	5
Notices	9
Trademarks	10
Preface	11
The team that wrote this Redpaper	11
Become a published author	12
Comments welcome	13
Chapter 1. Introduction	15
1.1 Purpose of this Redpaper	16
1.2 IBM WebSphere Portal Server overview	17
1.3 What is new in WebSphere Portal Version 6	18
1.4 Administration improvements	19
1.5 Structure of the Redpaper	20
Chapter 2. Architecture and planning	23
2.1 Building the right Portal architecture	24
2.1.1 Addressing functionality	24
2.1.2 Addressing integration	24
2.1.3 Technology choices for connectivity	25
2.1.4 The System Context Diagram	27
2.1.5 Addressing non-functional requirements	28
2.1.6 Frequently asked questions about sizing	29
2.2 The building blocks of an architecture	30
2.2.1 Logical Deployment Units	31
2.2.2 Node characterization at the specification level	34
2.3 Operational architectures	35
2.3.1 Adopting a tiered architecture	35
2.3.2 Addressing scaleability and high availability	35
2.4 Portal deployment considerations	41
2.4.1 In-situ maintenance procedures	41
2.4.2 Two sets of production environments	42
2.4.3 The dual cluster with two lines of production architecture	43
2.4.4 Moving a configuration between environments	44
2.5 Architecting for performance	44
2.5.1 Scalability	45
2.5.2 Guidance regarding vertical and horizontal scaling	45
2.5.3 WebSphere queuing mechanism	46
2.5.4 Choosing a platform	47
2.5.5 Separation of WCM from Portal Servers	48
2.5.6 Separation of Web servers and WebSphere Portal Servers	48
2.5.7 JVM recommendations	49
2.5.8 Portlet application JVM considerations	50
2.5.9 High availability and HTTPSession failover	50
2.6 Security	51
2.6.1 WebSphere Portal Server security	51
2.6.2 Using External Security Managers	51
2.6.3 Single Sign-On (SSO)	52
2.6.4 Trust Association with WebSEAL	54
2.6.5 LTPA token generation with WebSEAL	55
2.6.6 Other Tivoli Access Manager considerations	55
2.6.7 LDAP Directory Servers	57
2.7 Database considerations	60
2.7.1 WebSphere Portal Server database disclaimer	60
2.7.2 Database domains	60
2.7.3 Distinct databases or distinct schemas	62
2.7.4 Database high availability	63
2.8 Portal planning recommendations	65
2.8.1 Recommendations for a successful implementation	65
Chapter 3. WebSphere Portal installation	69
3.1 Installation	70
3.1.1 How do I prepare my system for installation	70
3.1.2 What is about to happen	71
3.1.3 Where do I begin	76
3.1.4 Is it working	77
3.2 Database transfer	79
3.2.1 Planning and considerations	80
3.2.2 How do I prepare for the database transfer	81
3.2.3 What is about to happen	83
3.2.4 Is it working	85
3.3 Enable security	86
3.3.1 Planning and considerations	86
3.3.2 How do I prepare for WebSphere Portal Server LDAP security	88
3.3.3 What is about to happen	91
3.3.4 Is it working	93
3.4 Problem determination	94
3.4.1 Installation problem determination	94
3.4.2 Database transfer problem determination	95
3.4.3 LDAP security problem determination	96
Chapter 4. WebSphere Portal security	99
4.1 Planning and considerations	100
4.1.1 The basics	100
4.1.2 WebSphere Member Manager (WMM)	101
4.1.3 User registry and member repository	103
4.1.4 Single sign-on (SSO)	104
4.1.5 WebSphere Portal login process	105
4.1.6 Portal Access Control (PAC)	107
4.1.7 Secure communications over SSL	110
4.1.8 Integration with Tivoli Access Manager and WebSEAL	110
4.2 Security configurations and customizations	111
4.2.1 The default security configuration	111
4.2.2 Reconfigure security	112
4.2.3 Change user IDs and passwords	112
4.2.4 Adding application specific attributes to users and groups	113
4.2.5 Integration with Tivoli Access Manager (TAM)	114
4.3 Problem determination	116
4.3.1 General problem determination recommendations	116
4.3.2 Typical portal traces for different security scenarios	119
4.3.3 Tools for troubleshooting security problems	123
4.3.4 Anatomy of configuration files	124
4.3.5 Reading portal runtime logs	133
4.3.6 Typical security configuration problems	136
Chapter 5. WebSphere Portal runtime and services	151
5.1 Overview	152
5.1.1 Portal runtime architecture	152
5.1.2 Portal foundation and framework	153
5.1.3 Portal Services	154
5.2 Optimization	156
5.2.1 Knowing where to start	156
5.2.2 Tuning advice for the IBM Java Virtual Machine	157
5.2.3 Tuning advice for the SUN Microsystems Java Virtual Machine (JVM)	159
5.2.4 WebSphere resource pools	161
5.2.5 Web container	162
5.2.6 Data source tuning	163
5.2.7 WebSphere security tuning	164
5.2.8 WebSphere session management tuning	166
5.2.9 WebSphere Member Manager tuning	167
5.2.10 Portal configuration services tuning	169
5.3 Problem determination	174
5.3.1 Identify the failing component	174
5.3.2 JVM problems	174
5.3.3 Some common problems and workarounds	177
5.4 Portal administration tools	178
5.5 Runtime monitoring	182
5.5.1 What to monitor	182
5.5.2 Useful resources	182
Appendix A. Using IBM tools to find solutions and promote customer self-help	183
IBM Support Assistant (ISA)	184
How does ISA help	184
How do I obtain, install, and access ISA	185
Best practices	188
Use case examples - Search	191
Use case examples - Product Information	196
Use case examples - Tools	197
Use case examples - Service	198
IBM support site	203
How does the support site help	203
How can I access the support site	203
Best practices	203
IBM online communities	211
How do online communities help	211
How can I access the online communities	211
Best practices	212
IBM RSS feeds	212
How do RSS feeds help	212
How can I access the IBM RSS feeds	212
Best practices	213
IBM Support Toolbar	213
How does the IBM Support Toolbar help	213
How can I obtain the IBM Support Toolbar	213
IBM Education Assistant	216
How does the IBM Education Assistant help	216
How can I access the IBM Education Assistant	217
Best practices	217
IBM Guided Activity Assistant (IGAA)	218
How does the IBM Guided Activity Assistant help	219
How can I access the IBM Guided Activity Assistant (IGAA)	219
Best practices	220
Appendix B. Maintenance: Fix strategy, backup strategy, and migration strategy	221
Backup strategy	222
Overview of the backup process	222
Our approach to backup	223
Some additional best practices	224
Fix strategy	225
Overview of the maintenance strategy	227
Our approach to maintenance	228
Overview of the fix strategy	229
Our approach to fixes	229
Some additional best practices	232
Migration strategy	233
What is about to happen: a simple overview of the migration process	233
Where do you start: planning and considerations	234
Is it working: verify the migration	235
When a problem occurs: troubleshooting techniques to help identify the problem	235
Export	236
Import	236
Post migration	237
How to find a solution: using IBM Self-Help tools and support	237
What is next: typical next steps	238
Related publications	239
IBM Redbooks publications	239
Other publications	239
How to get IBM Redbooks publications	239
Help from IBM	239

IBM BS029ML Self Help Guide - Page 6

WebSphere Portal installation, WebSphere Portal security

Page 6 highlights