System administration and maintenance
In this chapter, we describe some of the tools and methods that are used to monitor and maintain your IBM FileNet Content Manager system to ensure optimal performance.
We discuss the following topics:
10.1 IBM FileNet Content Manager administrative roles
The task of managing an IBM FileNet Content Manager environment can be handled by a single person or the tasks can be divided up among several people. The size of the deployment and the business rules at a company, including separation of duty requirements, typically dictate who administers each part of the environment. To accommodate this flexibility in task ownership, the P8 documentation labels the different administrative roles, but it is up to each client to make these decisions:
More than one person can be assigned to each role.
The same person can be assigned to multiple roles.
Since the P8 security uses a directory server, a best practice is to assign Lightweight Directory Access Protocol (LDAP) groups to security roles when possible. Following this best practice avoids issues when individuals change roles, join the corporation, or leave the corporation.
The following administrative roles are key for an IBM FileNet Content Manager environment:
Application server administrators
Have access to the application server console, are responsible for deploying Java EE applications, are allowed to stop and start Java virtual machines (JVMs), and can change application server tuning parameters.
Database administrators
Create, delete, back up, and reorganize the databases that are required by the IBM FileNet Content Manager components. Can also tune databases, including adding complex indexes and reviewing query plans.
IT administrators:
 – Operating system administrators
Install operating system updates, change access rights, and mount volumes and file storage areas.
 – Network administrators
Design and implement system architecture to make environments highly available, perform network traces as part of performance tuning, open ports on firewalls, and update access control lists (ACLs) on switches.
Security administrators
Ensure that the directory server meets the requirements for an IBM FileNet Content Manager installation, provide the LDAP configuration information required for an IBM FileNet Content Manager installation, and tune performance.
Global configuration database (GCD) administrators
Members of specific LDAP groups, who are identified during the Content Platform Engine installation, and who have rights to create object stores and other P8 domain-level artifacts.
Object store administrators
Members of specific LDAP groups, who are identified during object store creation, and who have rights to administer the object store.
Because so many people can be involved in managing a P8 environment, use the following best practices:
Document the following information:
 – Users and LDAP groups assigned to each role
 – Local processes that must be followed when making changes
Keep the documentation current. Do not just create it for installation purposes and then forget about it.
Always have at least two people in your organization who can fill a role.
Use email distribution lists to ensure that everyone is kept informed when changes are being made to an environment.
10.2 Online help and existing documentation
A rich set of documentation is available for IBM FileNet Content Manager in an IBM hosted information center.
A new, IBM hosted information center is created for each IBM FileNet Content Manager release. Typically, only one part of the URL changes for each release, which is the release number:
URL links to Version 5.1 of the IBM FileNet P8 Information Center:
URL links to Version 5.2 of the IBM FileNet P8 Information Center:
During the installation of any IBM FileNet Content Manager component, you are prompted for the location of the information center. If suitable access is available from your site, use the URL of the IBM hosted information center for these reasons:
The content is updated regularly.
There is no maintenance overhead.
An installable version of the information center is also provided with the product software. If access to the Internet is limited at your site, install the shipped version of the information center on a local application server and give the URL for this local installation when configuring the IBM FileNet Content Manager components.
When using any of the applications or administrative tools supplied with IBM FileNet Content Manager, clicking Help displays the appropriate topic from the information center. You can also navigate to the same information by accessing the information center directly.
The following figures show the main menu for the IBM Content Navigator help. Figure 10-1 on page 319 shows the display after clicking Help from within the IBM Content Navigator application. Figure 10-2 on page 319 displays the same information but it was accessed by navigating to the help from the information center posted on the IBM website.
Figure 10-1 IBM Content Navigator help when accessed from within the application
Figure 10-2 IBM Content Navigator help when accessed from the Information Center
10.2.1 Tips for working with the information center
When looking for information, use Scope on the menu bar to limit the focus when searching for information or when navigating through topics.
The Scope options limit searches to specific branches of the information center, and can also restrict the information displayed based on database, product, or application server, as shown in Figure 10-3.
Figure 10-3 Scope selections
Bookmark useful information by using the following procedure because clicking a topic does not change the URL in the browser address bar:
1. Right-click the topic link in the left pane.
2. Select Open the topic in a new tab or window from the context menu.
3. Go to the new tab or window to create the bookmark.
4. Use the Print option to create a printer-friendly version of a topic and all its subtopics.
Using a combination of the scope and print options is a great way to create an installation or maintenance guide tailored to your environment.
10.2.2 Other useful documentation
Consider creating bookmarks for the following two documents because you will reference them frequently:
P8 Hardware and Software Guide
This guide provides detailed information about the supported underlying components that are required by the P8 suite of products, including the databases, operating systems, application servers, file storage systems, and so on. The guide is updated regularly and a new version is released with each IBM FileNet Content Manager release.
You can access the guide either from the home page of the Information Center by using the “IBM FileNet P8 supported hardware and software” link under “Get started”, or from the following URL:
This page provides links to the versions of the guide, which is especially helpful when planning an upgrade. It is easy to compare and contrast the infrastructure requirements for the software you currently use and the infrastructure requirements of the release to which you plan to upgrade.
FileNet P8 Fix Pack Compatibility Matrices
Microsoft Excel spreadsheets identify all the generally available fix packs and interim fixes for each of the FileNet P8 components. There is one matrix for each IBM FileNet Content Manager release. The matrices identify which components are compatible and the software build number for each fix. This information is needed in these situations:
 – Planning an upgrade to ensure that you are at a supported minimum level
 – Working with IBM Software Support on an issue
The matrices can be downloaded from the following URL:
10.3 Monitoring the environment
In this section, we discuss monitoring the IBM FileNet Content Manager environment for these areas:
Performance
Functional issues
Capacity planning
Security
Part of monitoring your environment is setting expectations. For your environment, decide what thresholds need to be set for the following items and what action needs to be taken when the thresholds are reached:
CPU usage
Memory usage
Disk usage
Response times
Number of objects in the object store
There also might be legal requirements that need to be monitored; for example, knowing who accessed content, or when content was deleted.
Three useful web pages are available for getting a quick check on the status of the Content Platform Engine:
The Ping Page (Content Engine Startup Context):
http://<Content Platform Engine server>:<port>/FileNet/Engine
Use this URL to check that your Content Platform Engine environment is running and to gather other useful information about the environment, such as the build number. Figure 10-4 on page 323 shows the information that is provided by the ping page.
 
Tip: If Content Platform Engine is deployed to a cluster, replacing <Content Platform Engine server> with the name of the management node will show whether at least one Content Platform Engine node in the cluster is running. To ensure that a specific Content Platform Engine server is running, use the name of the server in the ping page URL.
Figure 10-4 Content Platform Engine ping page
The health page:
http://<Content Platform Engine server>:<port>/P8CE/Health
This page shows the health of various P8 domain artifacts, including object stores and storage areas. A sample health page is shown in Figure 10-5.
Click an item on the page to get more information.
Figure 10-5 Content Platform Engine health page
The workflow ping page:
http://<Content Platform Engine server>:<port>/peengine/IOR/ping
Unlike the other pages, a user name and password is required to access this page. Much of the information provided on the page is similar to what is on the Content Platform Engine ping page, but it also provides information about the workflow threads. Figure 10-6 illustrates the workflow system ping page.
Figure 10-6 Workflow system ping page
Monitoring for performance, functional issues, and capacity planning can be accomplished using the following tools:
IBM System Dashboard for ECM ships with IBM FileNet Content Manager and provides a centralized performance monitoring mechanism.
This tool is especially useful when performing stress and load testing.
IBM ECM System Monitor is an optional add-on used to both monitor and manage the IBM FileNet Content Manager environment and the servers on which the software is installed. The tool can be extended with a customized knowledge base of corrective actions. You can use this tool to automate routine system administration and obtain historical analysis and reporting.
10.4 Capacity monitoring and growth prediction
When planning for an IBM FileNet Content Manager system, you need to estimate the average amount of content added per day, average size of the content, how many users have access to it, and other basic information about your planned application. Answers to these questions are run through a modeling tool, IBM Content Capacity Planner, by your IBM representative. The modeling tool provides details about the necessary servers, database space, and overall disk space for storage. The modeling tool also estimates the CPU utilization of the necessary servers. For more information, see Chapter 8, “Capacity planning with IBM Content Capacity Planner” on page 253.
As you deploy and begin using your application, monitor and record these server statistics:
Disk usage
CPU and memory utilization
Database usage
Your database administrators can provide database details. The most important information is the overall database size, but it is also good to know whether specific tables or data fields are growing rapidly.
IBM FileNet Content Manager systems tend to grow over time. Object store content is added daily, additional applications are developed, and users are added. By monitoring and recording these statistics, you can measure how your system is performing against the initial model. More importantly, you can track how quickly you are using resources and determine the impact to the system when an increase in system usage is planned.
We advise monitoring for capacity weekly, including monitoring database, network, and disk usage. You want your capacity planning model to be as close as possible to the needs of the live production system, so that the output from the Content Capacity Planning tool provides an accurate assessment of future needs. Proper capacity monitoring provides you with advanced notice that additional server resources need to be allocated to the system. The initial model is an estimate of what is needed by using the numbers that you provide. If your estimated content count or size was too small, you need to plan additional space.
10.4.1 IBM System Dashboard for ECM
IBM FileNet Content Manager ships with a centralized performance monitoring mechanism called IBM System Dashboard for ECM (also known as the System Manager). System Dashboard is composed of two parts: a listener that runs on each server collecting information and a manager that displays the information. The Dashboard is the supplied application for configuring, displaying, and saving the collected information. Use this tool when tuning the environment for optimal performance and to routinely monitor system performance.
IBM System Dashboard for Enterprise Content Management V5.1, SC19-3084-03, provides detailed instructions on configuring and using the listeners and manager components. To access the guide, use the following URL:
When IBM FileNet Content Manager components are installed, a default System Dashboard listener is automatically installed and activated. The listener component collects details about the software version as well as performance data.
If needed, you can instrument your Java or Microsoft Windows 32-bit C++ applications to use the provided listeners and expose performance data that is visible in the Dashboard. This way, you can monitor your applications as well as the IBM FileNet Content Manager components. The Java and C++ APIs are documented in the information center as part of the P8 Developer Help section.
By default, each listener buffers approximately 24 hours worth of collected data details.
There are four configuration parameters: port_number, secondary_port, output_count, and output_interval. The parameters identify the ports that the listeners use, the interval over which information needs to be aggregated, and the amount of data that can be written to a summary log file before you create a file.
The listeners are activated automatically; however, there are several operating system-specific requirements. For more information, see the following page:
10.4.2 Dashboard
The Dashboard generates detailed reports about performance. It displays the details and can also save the information in various formats.
The Dashboard is a Java utility that can be installed and run on Windows or UNIX/Linux clients. It is installed separately from the server installation. It can also be installed and run on the IBM FileNet Content Manager servers. On Windows machines, run the Dashboard utility. On UNIX, you must have an XWindows display exported and run the P8Manager shell script. The Dashboard installs a local copy of its online help that can be accessed from the Help menu option.
When the Dashboard is first run, you need to define clusters of IBM FileNet Content Manager components to monitor. (The cluster is a logical construct used by the Dashboard; it has no relation to an application or operating system cluster.) These clusters are not used for high availability but are simply a user-defined logical collection or cluster of servers to monitor. The cluster contains servers and monitoring frequency. Select the Clusters tab and click New. Enter a name for the cluster, which is typically the application system name or location, and click OK. See Figure 10-7.
Figure 10-7 Dashboard: New cluster
Follow these steps to add a server and timing details:
1. Click Edit.
2. Enter the name of the host that is running the listener. Unless the port was reconfigured, the default port is 32775.
3. Enter the interval. The Interval sets the frequency that the Dashboard polls the server listeners to get details in seconds.
For a 15-minute interval, enter 900 seconds. The number of data points sets the maximum number of interval details that the Dashboard keeps in the display.
4. Click OK.
Figure 10-8 shows an added server and interval information.
Figure 10-8 Cluster add server
The Dashboard tool queries the System Dashboard listeners on the servers and populates details in the Dashboard tool’s various windows. It finds all listeners running on each server; individual servers need to be defined only once. You can save the cluster details for future use or open existing details from the file menu. The cluster file is an XML-formatted file that is saved on the local computer. You can copy the cluster.xml file to other computers where the Dashboard is installed for use on other workstations.
The Dashboard Summary tab shows a graph of the cluster’s performance.
The Details tab contains counter details for all listeners. You can expand the IBM FileNet Content Manager applications on each server and view the following items:
CPU, Network, and Disk utilization
Environmental details, such as OS level, IBM FileNet Content Manager version, and Java virtual machine (JVM) settings
Remote Procedure Call (RPC) activity shows how the IBM FileNet Content Manager subsystems are performing. It details the count and average time consumed (duration) by the calls during the interval
Figure 10-9 shows RPC count details and the number of items processed per interval.
Figure 10-9 RPC count details window
The Dashboard is a Java application that holds the details in memory. If it crashes or seems unresponsive, try these actions:
Check the network speed to ensure that it can transfer the generated data fast enough. The amount of the data being transferred depends on the number of servers being monitored and the transaction rate in the IBM FileNet Content Manager environment.
Ensure that you have the latest Dashboard and check its documentation for any additional memory configuration details. The Dashboard is independent of the listener version; the latest Dashboard functions with older listeners.
Increase the Java memory for the Dashboard. The Dashboard can run on machines with less than 2 GB memory. If you use a machine with less than
2 GB of memory and monitor many listeners, increase the machine’s memory to 2 GB or take the following actions:
 – Reduce the number of listeners being monitored.
 – Increase the collection interval.
 – Reduce the number of data points specified.
 – Add memory.
The Dashboard has a report mechanism that allows you to save reports in comma-separated value (CSV) format, which is useful for generating spreadsheet reports. There is also an export option that enables you to generate data that can be used as input to IBM Content Capacity Planner. In addition, you can save the report template for future use. For more information, see the Dashboard’s online help for reports.
 
Note: The Dashboard uses the name Scout to refer to the IBM Content Capacity Planner.
Figure 10-10 on page 332 shows a sample report output.
Figure 10-10 Sample CSV Dashboard report
System Dashboard performance archiver
System Dashboard provides a Java archiver.jar application that can be used to collect data automatically. The JAR file can be run on any server or workstation with Java and connectivity to the IBM FileNet Content Manager listeners.
Running the archiver.jar application can be automated through host scripts. The archiver.jar application writes to files with one file per listener in a log directory. The archived files are binary files that can be opened via the Dashboard’s File  Open Archive menu. The same view and report options apply that are available in a live system monitoring session.
Table 10-1 on page 333 lists the archiver.jar parameter options.
Table 10-1 archiver.jar parameter options
Option
Description
-t hh:mm
Total amount of time in hours and minutes that the archiver process must run
-n hh:mm
The interval at which the current archived files must be closed and new ones opened
-i integer
The interval, which is specified in seconds, at which to poll for data from the specified machines
-d file path
The path to the location at which to place the archive log files
FileName.xml
The complete path to the saved cluster file that specifies which machines to poll
This is an example of a command to run the archiver.jar application:
java -jar archiver.jar -h -d Logs -t 12:00 -n 04:00 -i 15 cluster.xml
In this example, the archiver collects performance details in 15-second intervals, creates new archive logs every four hours, and automatically stops after
12 hours. If you stop the archiver process early, part of the buffered performance data might not appear in the last archive file. If the archiver loses connectivity with a listener, by default, it attempts to reconnect five times at intervals that are
5 seconds apart before it stops attempting to connect to the failed listener. The -h option specifies that the available listener’s history must be included in the generated archive file.
 
Recommendations: Start the archiver.jar application immediately before your system activity picks up during the peak times (for example, in the morning) and run it until activity slows down (for example, in the evening).
If you restart your system while the archiver.jar application is running, you must restart the archiver.
System Dashboard client API
System Dashboard includes a Java API set for clients, who want to add Dashboard monitoring into their applications. The following technote explains how to download the API and associated documentation:
Usage Reporter
The Usage Reporter is provided with the System Dashboard and is used to monitor the number of users accessing the Content Platform Engine. The tool looks for individual user names. If access to the engine is via an application that uses a service or guest account, the tool might not reflect the number of people actually using the system.
For more details, see the following document:
10.4.3 IBM ECM System Monitor
IBM ECM System Monitor is an optional component. System Monitor provides automated, proactive system monitoring that can notify your support personnel directly or through system management consoles, such as IBM Tivoli Enterprise Console®. Use System Monitor to monitor all aspects of your IBM FileNet Content Manager servers. It provides early fault detection and prevention to aid support personnel in reducing system downtime. It monitors performance, disk utilization, event logs, and literally hundreds of IBM FileNet Content Manager application and system parameters. System Monitor contains a default set of monitors for IBM FileNet Content Manager components and allows you to create your own monitors for application-specific monitoring.
System Monitor features a web interface that authorized personnel use to monitor and manage your system. It features a knowledge base of faults and possible corrective actions. You can customize this knowledge base to offer application-specific corrective actions. When a fault is encountered, support personnel can quickly identify and correct the failing component. Figure 10-11 on page 335 shows a sample report generated with System Monitor. The right side of the report displays a graph showing CPU utilization. The left side of the report shows all the events in which the CPU thresholds were breached.
Figure 10-11 ECM System Monitor sample report
The rapid fault isolation and corrective action database make System Monitor a must-have for mission critical systems. System Monitor reduces manual efforts in the daily administration of IBM FileNet Content Manager and helps to increase system availability. System Monitor can help reduce your operational costs and help you meet your service-level agreements (SLAs) more efficiently.
For more information about IBM ECM System Monitor, go to the following links:
10.5 Tracing
Tracing is primarily used for debugging. Tracing can be enabled for many components. By default, tracing is disabled. Tracing can be enabled and disabled without recycling the application server.
 
Note: Tracing all components can create enormous trace log files with little system activity. Performance might also be affected. Enable the minimum necessary tracing to collect the required information in relation to the problem that you are investigating.
Tracing is controlled via the IBM Administration Console for Content Platform Engine (ACCE). Tracing can be enabled at the P8 domain level and at the site level. Any setting at the site level takes precedence over the setting at the object store level, including the location of the trace logs. If you use different settings at the P8 domain and site levels, ensure that you track the various settings. Figure 10-12 shows the trace control settings at the P8 domain level.
Figure 10-12 Setting tracing in ACCE
Process-related tracing is controlled by the command-line utility, vwtool. For more information about vwtool, see the following page in the information center:
10.6 Auditing
Auditing is the recording of events that occur on objects. For each recorded event, a row is added to the event table in the object store’s database. From the event object, you can get information about the audited event, including the creation date, originating user, result status, and source object of the event.
All out-of-the-box events, such as create and check-in, can be audited, and the auditing capability can be extended to custom events. The IBM Enterprise Records (IER) product, for example, takes advantage of this extensibility to provide audit events that are specific to a records management environment. However, auditing can affect both performance and the database space usage, so it is important to configure auditing judiciously.
For more information about auditing concepts, see the following topic in the information center:
In addition to storing information about the type of change made to the object and who made the change, you can also choose to store copies of the object before and after the audited event. The ObjectStateRecordingLevels property defines whether to keep copies of the object in the audit record from before and after the audited event. The ObjectStateRecordingLevels property takes the following values:
ORIGINAL_AND_MODIFIED_OBJECTS
Records a copy of both the original, pre-event object and the modified, post-event object
MODIFIED_OBJECT
Records a copy of the modified, post-event object
NONE
Does not store a copy of the object being audited
 
 
Recommendations: Set ObjectStateRecordingLevels property to NONE because persisting audited source objects in a database can result in substantial consumption of large object (LOB) storage. If you have a regulatory requirement for keeping copies of the object in the audit entry, set it to the appropriate auditing level.
Another way to limit the information stored by an audited event is to use the AuditAs meta-property on PropertyTemplates. This meta-property enables you to audit specific properties on specific events directly without having to record the object’s entire state. Limiting the properties that are audited reduces the required space for the audit information and makes it easier to generate meaningful audit reports.
The following link provides a procedure for configuring property auditing:
10.7 Managing the logs
In this section, we discuss system message logs, tracing, and log maintenance. Chapter 12, “Troubleshooting” on page 387 provides information about how to interpret the information in the logs.
10.7.1 Log location
IBM FileNet Content Manager is written in Java. Java applications do not log error messages; they log exceptions. Java normal messages and exceptions are written to message log files.
If you are running IBM FileNet Content Manager in a multi-JVM environment, a separate set of logs exists for each JVM.
Content Platform Engine has two message logs for content-related information:
p8_server_error.log
p8_server_trace.log
The process-related content is written to the following logs:
pesvr_system.log
pesvr_trace.log
Use the Ping page to find the log file location. On the Ping page, search for “Log File Directory”:
http://<Content Platform Engine server>:<port>/FileNet/Engine
These files are at the following default locations:
WebSphere Application Server
install_root/profiles/profile_name/FileNet/server_Instance_name
WebLogic Server
bea/user_projects/domains/my_domain/FileNet/AdminServer
JBoss
jboss_install/jboss-as/bin/FileNet/server_instance_name
In addition, you might need to review the application server message logs. These files are at the following default locations:
For IBM WebSphere:
 – WAS_install_path/AppServer/profiles/profile_name/logs/server_name/SystemOut.log
 – WAS_install_path/AppServer/profiles/profile_name/logs/server_name/SystemErr.log
For Oracle WebLogic
WLS_install_path/user_projects/domains/domain_name/servers/server_name/logs/server_name.log
For JBoss
JBOSS_DIST/server/server_name/log/server_name.log
10.7.2 Log file size
Typically, you only refer to the logs when you troubleshoot errors, so keep the logs to a reasonable size to make it easier to find the information of interest.
If an issue can be reproduced, either roll to a new set of logs or prune the logs before you reproduce the issue.
 
Recommendations: Rename system logs to a date format name to keep them for a brief period, and then delete them. The log maintenance timing depends on how busy your system is and how large the logs grow over time.
10.7.3 Trace logs
Tracing all components can create enormous trace log files with little system activity. Performance might be affected. Enable the minimum trace logs to collect the required information in relation to the problem that you are investigating.
10.7.4 Audit logs
Content Platform Engine provides object store audit logging capabilities. When auditing is enabled, the audit log entries are stored in the object store database.
10.8 System administration tools
In this section, we discuss the tools you can use to monitor and manage an IBM FileNet Content Manager environment.
10.8.1 Configuration Manager
Content Platform Engine runs as a Java EE application within an application server. Use the Configuration Manager that is installed with the Content Platform Engine software to configure the software. The tool has a user interface, or you can complete the tasks using a series of command-line scripts.
You can complete the following tasks by using the Configuration Manager:
Identifying the directory server to be used with the IBM FileNet Content Manager installation
Creating data sources for the GCD, object stores, and workflow systems
Identifying the bootstrap user
Building and deploying the Content Platform Engine WAR file
The information that is supplied via the Configuration Manager is saved in a profile file. You can use this profile file later to add more resources, such as Java Database Connectivity (JDBC) data sources, to the environment, as well as when you upgrade the Content Platform Engine software to a new release.
 
Tip: You can perform all the required configuration tasks, such as configuring the directory server and creating JDBC data sources, manually by using the administrative tools provided by the Java EE application server. However, completing the tasks this way is error prone and likely to result in an installation that is configured incorrectly. Instead, use the Configuration Manager.
10.8.2 IBM Administration Console for Content Platform Engine
ACCE is a web-based administrative tool for managing a P8 domain, including the GCD, object stores, workflow systems, and sites. This tool is a replacement for the Windows Microsoft Management Console snap-in tool, IBM FileNet Enterprise Manager (FEM).
Both tools are provided with IBM FileNet Content Manager. ACCE is deployed as part of the Content Platform Engine WAR file. FEM is one of the tools that can be installed when the Content Platform Engine server is installed on a Microsoft Windows platform.
If a task cannot be completed in ACCE, use FEM instead.
A single installation of FEM can be used to manage multiple P8 domains. An ACCE deployment is for a specific P8 installation because it is deployed as part of the Content Platform Engine WAR file.
See the P8 Information Center for detailed information about completing tasks using ACCE and FEM. In this Redbooks publication, the focus is primarily on using ACCE to complete Content Platform Engine administrative tasks.
System administrators need access to ACCE. It is used to configure object stores and workflow systems, define content properties, assign content security, and administer your IBM FileNet Content Manager system.
In development and test environments, it can be useful to expand the usage of ACCE to additional resources so that they can easily build required artifacts and validate behavior seen elsewhere in the IBM FileNet Content Manager environment. However, it is important to establish protocols for using these tools and for building artifacts.
Tips when using ACCE
There are four main artifacts that are managed by ACCE:
Domain
Case analyzer stores
Case analyzer stores are used with the IBM Case Foundation and IBM Case Manager products, and they are not covered in this publication.
Global configuration
Object stores
A typical tree view enables you to browse through and act on all the artifacts in the domain. Consider these tips:
Tip 1: The information is often displayed as a series of tabs.
There can be many tabs; sometimes, there are too many tabs to display all of them at the same time in the browser window, so scroll buttons are provided.
Tip 2: If you cancel a wizard, you are prompted to confirm the cancellation request. Click OK to confirm the cancellation request. Clicking Cancel takes you back to the wizard.
Tip 3: Right-click items in the tree view to see the context menu.
Tip 4: Tabs do not close unless you specifically click the “x” to close them. Although this feature can result in a crowded window, it also makes navigating between items quicker, because the information is already loaded in the browser cache.
Tip 5: A tab can have subtabs. Ensure that you know in what context you are working.
Figure 10-13 on page 343 illustrates some of the features that are mentioned in the list of tips.
Figure 10-13 ACCE layout
Domain-level settings
The following tabs are available at the domain level. Many settings can be altered. However, unless you want to enable a capability that is by default disabled, or you are trying to resolve a particular issue, we highly advise that you leave the settings unchanged, especially because many of the settings can be overwritten at the object-store level. The following settings are domain-level settings:
General
Use to set the URL to the P8 Information Center to make it easier to get information when you use ACCE.
Properties
Provides a concise listing of the domain-level artifacts, such as the number of external repositories, object stores, and content cache areas.
Security
Lists the default security settings for the P8 domain. Whenever a new object is created in the domain, these settings will be applied by default. However, they can be manually overwritten if needed.
Directory configuration
Provides the details of the currently configured LDAP environment. The initial set of values is defined when the Content Platform Engine software is configured by using the Content Manager configuration tool. After the initial installation and configuration are verified, use the Directory configuration tab to add information about additional LDAP environments or to modify the existing configuration.
Server cache subsystem
Use to define the refresh time for and maximum size of the different types of cache, including the user cache, and also to set the default and maximum number of objects that can be returned by a search.
Audit subsystem
Use to configure the pruning of the audit log.
Content subsystem
Use to maximize the throughput of content to clients and to configure thumbnail generation.
Content cache subsystem
Use to define the size and location of the content cache.
Text search subsystem
Use to enable the text search capability that is provided by Content Search Services (CSS) and to optimize the settings for the text extract, indexing, and searching capabilities.
 
Tip: Enabling the text search capability does not cause text to be indexed. It just makes the feature available. You must also navigate to the specific object stores and document classes that have the content to be indexed and enable text searching at those levels as appropriate.
Trace subsystem
Use to configure trace log options. The trace logs are usually required when more information is needed on an error that has been logged in the content error log or when determining the cause of slow performance. But, be selective about the components to trace and the amount of time that tracing is enabled because the tracing will affect system performance and generate a large amount of log information.
Sweep subsystem
Use to configure how often to run the sweep processes and what resources to allocate to the sweep processes. The actions of the sweep runs are defined at the object store level and enable you to ensure that old content is removed from the system in a timely fashion, and perform bulk operations that are related to setting retention times and thumbnail generation.
Replication subsystem
Used with FileNet Content Federation Services for Image Services to define the available resources for replicating information from Image Services to Content Platform Engine, and from Content Platform Engine to Image Services.
Use the replication subsystem options to stop the Content Platform Engine from processing any federation requests. This capability can be useful when you need to perform maintenance work on the Content Platform Engine or Image Services server.
Publishing subsystem
Use to configure the rendition processing that is available with Rendition Engine, an optional add-on to the IBM FileNet Content Manager suite.
Asynchronous processing
Use to enable and disable event processing, and to optimize the event processing by the wait time, timeout setting, number of workers, and how often failed events need to be tried again.
FileNet Content Federation Services import agent subsystem
Use to enable and disable the processing of FileNet Content Federation Services for Image Services and FileNet Content Federation Services-Content Manager OnDemand federation requests.
Workflow subsystem
Use to configure the available resources for workflow and case analyzer processing.
 
Recommendations: Ensure that dispatchers that are not being used are disabled. For example, disable the asynchronous processing if events are not being processed. Each dispatcher issues regular queries to look for work, so if there is no work to look for, you can save system resources by disabling the dispatcher.
Site-level settings
Every P8 domain has at least one site. In a geographically distributed environment in which you have configured multiple sites, it might be appropriate to overwrite P8 domain-level configuration settings with site-specific settings. Some site-level settings can also be further refined at the object store level.
To access the site-level information, in ACCE, navigate to Global Configuration → Administration → Sites.
The following tabs are available at the site level:
General
Besides providing general information about the site, such as its name, use this tab to specify whether requests can be forwarded to or from this site. This option is not available at the domain level.
Properties
Server cache subsystem
Use to configure the cache for various objects, including user tokens, marking sets, and the GCD.
Audit subsystem
Use to configure pruning of the audit logs.
Content subsystem
Along with the content cache subsystem, use this tab to optimize the upload and download of content by clients.
Content cache subsystem
Use to define the location of the content cache areas and the number of elements that can be stored in the cache.
Text search subsystem
Use to optimize the indexing of and the searching for content.
Trace subsystem
Use to configure trace logging. Trace logging is often needed when you are troubleshooting issues with the environment and with custom applications.
Sweep subsystem
Use to enable the sweep capability and to build sweep schedules. The sweep processes are defined at the object store level and can be used to perform bulk updates, move content, and manage queues.
Replication subsystem
Use with FileNet Content Federation Services for Image Services to manage the frequency with which updates to the Image Services repository are replicated to the object stores, and vice versa.
Publishing subsystem
Use with Rendition Engine to manage publishing processes.
Asynchronous processing subsystem
Use to enable and disable asynchronous event processing and to optimize the processing of the events. When events are generated, a row is entered into the queueitem table. After an event is successfully processed, the row is removed from the table. By default, if an event fails to process successfully, it will be tried again up to seven times. Two columns, retry count and next retry date, in the queueitem table track the number of retry attempts and the next time an attempt will be made to retry processing an event that previously failed.
 
Tip: Avoid large backlogs in the queueitem table. Set up regular queries against the queueitem table to track the backlog, event processing throughput, and event processing failure rate.
FileNet Content Federation Services import agent subsystem
Use with FileNet Content Federation Services for Image Services to manage the initial federation of documents from Image Services to object stores.
Workflow subsystem
Use to manage the processing throughput of workflows and Case Analyzer.
GCD level artifacts
The following artifacts are defined at the GCD level so that they can be used with any of the object stores in a P8 domain:
Affinity groups, which are groups of index servers and index areas for use with CSS.
Content cache areas, which can improve the speed at which content is delivered to clients.
Typically, content cache areas are storage areas that are more local to the clients than the object store storage areas. Content can be loaded into a cache storage area when it is first added to the object store, or when it is first accessed by a client. You also define settings, such as how large the cache can grow, the number of elements that can be in the cache, and the rules for pruning the cache.
Database connections
A Java Naming and Directory Interface (JNDI) XA and non-XA data source pair defines a JDBC connection to a database available to the IBM FileNet Content Manager software. You define the data source pairs by using the Configuration Manager.
In ACCE, you define database connections as “labels” to a data source pair. And then, as you define object stores and workflow systems, you identify which database connection (and therefore database) to use.
Object stores and workflow systems can share databases, which can simplify the maintenance of the P8 environment. Ensure that if you combine databases that it does not adversely affect any of these areas:
 – Application requirements
 – Backup and restore schedules
 – Data independence requirements
External repositories
These repositories exist outside of the current P8 domain whose content can be made available by using FileNet Content Federation Services.
For more information about FileNet Content Federation Services, see Federated Content Management: Accessing Content from Disparate Repositories with IBM Content Federation Services and IBM Content Integrator, SG24-7742.
Fixed content devices
These storage devices, such as IBM Tivoli Storage Manager, EMC Centera, and Network Appliance SnapLock, can be used to store object store content. A full list of the supported devices is provided in the IBM FileNet P8 Hardware and Software Requirements guide, which can be downloaded from the following page:
Rendition Engine connections
Used to configure Darwin Information Typing Architecture (DITA) and P8 Rendition Engine connections.
Replication groups
A replication group is used to connect an external repository with an object store.
Sites
A site is a logical grouping of P8 domain resources. This feature is used primarily with geographically dispersed clients and multiple data centers. You can use this feature to allocate local resources to clients and limit the amount of WAN traffic.
Text search servers
These servers are for use with CSS. Each server can be used to perform text indexing, text searching, or both.
Add-ons
Add-ons are modules that can be added to any object store to support specific functionality. Several add-ons are supplied with the IBM FileNet Content Manager product to support functionality provided by Content Platform Engine and FileNet Workplace XT. Other products in the P8 Suite, such as IBM Enterprise Records, as well as custom applications, can also provide (and require) additional add-ons.
 
Tip: When creating object stores, use only the add-ons that you are sure will be needed. Additional add-ons can be added later, but after they are added to an object store, they cannot be removed.
Marking sets
Marking sets are special properties that help control access to objects.
Object store management
ACCE is also used to define and manage object stores. In this section, we focus on the administration and maintenance of object stores. For object store design guidance, see Chapter 4, “Repository design” on page 81. Object store management includes these functions:
Searching
Search capabilities are provided in IBM Content Navigator, FileNet Workplace XT, and ACCE. The facilities in IBM Content Navigator and FileNet Workplace XT allow you to search for documents in the object stores. The search capability in ACCE enables you to locate other objects in addition to documents. For example, you can use the search capability to determine how many events are waiting to be processed or how many events are waiting to be tried again because a previous attempt at processing the event failed.
When objects have been found via search, you can then select one or more of the objects and update them if needed.
Making bulk updates
You can use these types of bulk updates:
 – Updating metadata or security settings on a set of documents
Sometimes, you need to make a similar update to a number of objects. For example, if 100 documents were filed into the wrong folder, instead of refiling the documents individually, you can search for the objects and then use a bulk update to refile them all at once.
 – Moving content to a different type of storage or a different storage location
This type of move can be necessary for a number of reasons, including wanting to replace a storage device or to move older, less frequently accessed content to cheaper storage.
Moving content is accomplished via the bulk sweep process. You define what the sweep will do at the object store level, and set a default schedule at the domain level.
Configuring and disabling dispatchers
Dispatchers are used to manage work that is initiated via processes, such as federation and asynchronous event processing. The dispatchers poll the appropriate queues for work and then pass the work along to the threads or workers who then perform the required task.
By default, the dispatchers are enabled. If system performance is an issue and the dispatchers are not needed, consider disabling them by using the check boxes on the following pages. Also, use these pages to optimize the number of dispatchers and worker threads for each type of process:
 – Text search
 – Replication for federation
 – Asynchronous processing
Configuring and optimizing asynchronous processing is handled at the domain level.
Using recovery bins
By default, when a user or application deletes an object, the object cannot be recovered. However, Content Platform Engine also provides a “soft delete” method. With a soft delete, the object is placed into a recovery bin. The security settings on the recovery bin determine who can restore documents from the recovery bin and who can empty it.
If recovery bins and soft deletes are used in applications, work with the designers of the applications to answer the following questions:
 – How many recovery bins are needed?
 – Who can restore content from recovery bins?
 – Who can empty recovery bins?
 – When is it appropriate for the object store administrator to empty and remove recovery bins?
Defining sweep processes
Sweep processes can be defined for bulk updates, retention management, and queue management. Build the default schedules for these processes at the domain level. But, build the sweep definitions, which the individual sweep process will accomplish, at the object store level.
Configuring connection points
Connection points provide a link to a workflow system region. Applications that employ workflow functionality use a connection point to identify the workflow system region that will be used to process the workflow.
10.8.3 Consistency checker
Consistency checker is one of the tools that can be installed when the Content Platform Engine server is installed on a Microsoft Windows platform. Use the tool to perform the following tasks:
Detect inconsistencies between the content in file storage areas and the metadata in the associated object store database.
Update the storage area statistics after an upgrade.
10.8.4 Database tools
The tools that are provided by your database vendor play an important part in managing the IBM FileNet Content Manager environment.
Backups
Ensure that regular database backups are taken. As object store content is likely stored in file storage or on fixed content devices, the database backups need to be coordinated with backups of the data on the storage devices and also cover any temporary storage areas. In addition, if content search indexes and workflow systems are part of your environment, the backup strategy must include the content that they generate, too. If data has to be restored, everything must be restored to the same point in time.
You can use both hot (or online) and offline backups with IBM FileNet Content Manager environments as long as you ensure that the backups of all the components are synchronized and can be restored to the same point in time.
You must test restoring from backups regularly, both as part of general environment maintenance and for disaster recovery.
For more information about backing up and restoring IBM FileNet Content Manager environments, see 10.13, “Backup and restore” on page 364.
Tuning
When you first deploy a new P8 solution, ensuring that the databases are tuned appropriately is a key element of applications that have good response times. Look for these items:
Adequate number of available database connections
Appropriate indexes to improve search performance
Create indexes on individual object store properties via FEM. Follow these steps to identify a property as an index item:
a. Navigate to the class that uses the property.
b. Display the properties of the class.
c. Click the Property Definitions tab.
d. Select the property from the list, and then click Edit.
e. On the General tab, use the set/remove index option.
Complex indexes must be created by using the database vendor tools.
Cache “read ahead”
Maintenance
Monitor the database for these conditions:
Available space for items, such as tables, indexes, logs, and journal files
Structures that need reorganizing or that have space that needs reclaiming
If many objects, for example, documents or events, are regularly being added and deleted, regularly reorganizing the appropriate tables or rebuilding indexes can have a positive effect on performance and throughput.
Counting database objects
Normally, all access to an object store database needs to be via the Content Platform Engine APIs, but there are circumstances when querying the database tables can be appropriate. For example, because there is no count mechanism in the Content Platform Engine APIs, you might need to track the following information:
Total number of objects in the object store as a part of a plan for rolling to a new object store
Number of rows in the queueitem table to ensure that event processing is occurring as expected
Number of rows in the DocVersion table to ensure that content is being added to the object store in the expected volumes
10.8.5 Application server administration tools
Although you perform the initial setup of the Content Platform Engine by using the Configuration Manager, you need to use the application server administration tools for performance tuning. Update these items by using the application server administration tools:
JVM memory settings
Garbage collection
Thread allocation
Connection pools for the database and LDAP
10.8.6 Workflow system tools
Various tools for designing workflows, configuring process regions, and monitoring running workflows are provided as Java applets in FileNet Workplace XT. In addition, a series of administrative command-line tools, such as vwtool, are installed as part of Content Platform Engine. For more information about these tools, see the information center and Introducing IBM FileNet Business Process Manager, SG24-7509.
10.8.7 IBM Content Navigator tools
Tools are provided with Content Navigator for performing tasks such as configuring desktops. For more information about Content Navigator, see Customizing and Extending IBM Content Navigator, SG24-8055.
10.9 Reducing storage costs
It used to be that storage costs were a small component of an IT budget, but with the increase in the use of electronic information and the plethora of documents that must be stored for legal and compliance reasons, storage costs are an issue.
Before you can reduce storage costs, you need to know the following information:
What you are storing
Why you are storing it
Where you are storing it
How long do you need to store it
What access is needed
With this information, you can design a storage plan that enables you to set up the following rules:
Set retention rules when content is added to a repository
Update retention rules when requirements change
Develop sweep rules and schedules that enable you to perform these tasks:
 – Delete content that is no longer needed
 – Move content to lower-cost storage when it is accessed less frequently
10.9.1 Retention rules
Retention rules identify the minimum length of time that an object, such as a document, annotation, folder, or custom object, must be kept. After the retention date has passed, from an IBM FileNet Content Manager perspective, the object is eligible for deletion. However, other applications, such as IBM Enterprise Records, might have placed holds that will continue to prevent the objects from being deleted.
Fixed content devices
For documents that are stored on a fixed content device, IBM FileNet Content Manager supports both static and dynamic retention models. The date at which the document is eligible for deletion is set at ingestion time. Then, at some future point, the retention can be altered.
When using this retention model, the deletion happens in two stages:
1. A delete request must be initiated from the IBM FileNet Content Manager.
This request “removes” the document from the object store, and the document is no longer visible to IBM FileNet Content Manager applications.
2. In the background, IBM FileNet Content Manager calls the fixed content device to delete the content. Since IBM FileNet Content Manager previously determined that the content is eligible for deletion, deleting the content from the fixed storage device is allowed and successful.
 
Best Practice: Allow IBM FileNet Content Manager to control the retention on fixed content devices. Do not define default retention periods directly on the fixed content device.
File and database storage
Documents and annotations stored on file and database storage areas can take advantage of the IBM FileNet Content Manager retention capabilities that support setting and updating retention rules throughout the document lifecycle. This retention capability enables documents to be ingested with an “I know I want to keep this, but I do not know how long I want to keep it” rule, as well as more specific rules. The content stored on a file or database storage area is not under device retention. This content is controlled by IBM FileNet Content Manager retention only.
As with documents that are stored on fixed content devices, documents are not automatically deleted when they reach their “expiration date”. Instead, you must run regular sweep processes to look for documents that are ready to be deleted.
Folders and custom objects
Retention rules can also be set on folders and custom objects. These objects are stored in the object store database. And, as with documents, you must run regular sweep processes to delete the objects that have met their expiration date.
10.9.2 Using the sweep framework
IBM FileNet Content Manager provides a sweep framework that is an efficient way of acting on all the rows or a subset of rows in a single table.
Use the sweep process to perform any of the following tasks:
Dispose of objects that have met their retention requirements
Update how long an object must be kept
Move content to different storage
The sweep framework also supports thumbnail generation and batch printing.
There are three forms of sweep:
Single sweep
Use this form of sweep to complete a one-time batch task, such as moving documents that have been incorrectly filed.
Policy-controlled
Use this form of sweep to automate regular maintenance tasks, such as deleting documents that have passed their required retention dates and moving documents to lower-cost storage.
Queue sweep
A special form of sweep that is used by IBM FileNet Content Manager for queue operations, such as thumbnail generation.
10.9.3 Monitoring storage and cache usage
Statistics on storage and cache usage are available within ACCE. Monitoring this information enables you to determine whether these conditions exist:
Under-utilized storage
A need to add additional storage
This information can also help when you need to bill organizations for their storage usage.
Storage statistics
The following information is available for file storage areas. Monitor this information to ensure that the file storage is configured appropriately for your environment:
Number of files currently stored
Number of bytes of information currently stored in the file storage area
Date on which the file storage was last modified
Number of files added to the storage area
Number of files removed from the storage area
Maximum number of files that can be added to the storage area
Maximum size to which the storage area can grow
 
Restriction: ACCE does not provide similar information for fixed content devices. Instead, use the tools provided by the fixed content device provider.
Figure 10-14 on page 357 illustrates the storage statistics information provided in ACCE.
Figure 10-14 File storage statistics
Cache subsystems
There are multiple cache subsystems that can be tuned. You can configure the subsystems at the P8 domain level and at the site level.
Consider these best practices for cache subsystems:
Use the default settings and only make changes if specific use cases require them.
Only make changes at the site level if there are specific characteristics of that site that require different settings.
Track the changes you make, especially if you are making them at the site level.
Figure 10-15 displays the ACCE page for modifying the site-level cache subsystems. In addition to the subsystems shown, there are also subject and metadata merged scope subsystems.
Figure 10-15 Server cache subsystems
Content cache statistics
Content caches are configured at the object store level and determine when content is added to the cache, how long the content stays in the cache, and how large the cache can grow.
Using a content cache effectively improves the speed at which clients gain access to content. By default, content is added to the cache when a client accesses a document, so that subsequent accesses will be quicker. You can also add new content to the cache automatically.
The content cache information needs to be used as a guideline of activity. The following information is provided:
Number of files in the cache
Current size of the cache
Number of files added to the cache since the cache was last cleared
Number of files removed from the cache since the cache was last cleared
10.10 Using virus scan software
If the servers that host IBM FileNet Content Manager run virus scan software, be aware that the following situations might occur:
Slow installation
Consider disabling the virus scan software when you install or upgrade IBM FileNet Content Manager components.
Slow data uploads
If uploading large files or many files, consider disabling the real-time scanning feature of the virus scan software during the upload.
File size corruption
Do not use virus scan software on the IBM FileNet Content Manager file storage areas. Virus scan software can alter the physical size of a file. When a client attempts to download a file, IBM FileNet Content Manager checks the physical size of the file against the size of the file that was uploaded. If the two file sizes are different, the download fails.
Access-denied errors
Some virus scan software locks files while they are being scanned, which can cause operations that require access to these files to fail.
 
Recommendations: Check with your database and cluster software vendors to determine whether these components can be adversely affected by any virus scanning software.
10.11 Applying fixes
IBM FileNet Content Manager environments are never, and must never be, static. IBM regularly releases fix packs and new releases, so it is important to have a plan for picking up the latest versions of the IBM FileNet Content Manager software regularly. Keeping the software current makes troubleshooting issues, as well as obtaining fixes for issues that are specific to your environment, easier. It also ensures that you are running software that is still supported by IBM as part of a regular support contract.
The maintenance plan must cover updating the following software:
Custom applications
Infrastructure updates, including application server, database server, and directory server updates
IBM FileNet Content Manager component updates
The plan needs to cover the procedures for when and how to make these updates, as well as the regression testing that is required to ensure that the changes work as expected.
The more frequently updates are applied to the environment, the easier it is to apply the updates:
Avoid having to change multiple components at the same time
Reduce the risk of a regression
Keep your team up-to-date on the upgrade procedures
10.11.1 Tracking fixes
Track the level of software that is installed in all your IBM FileNet Content Manager environments (development, test, production, and so on).
 
Tip: Ensure that there is one environment running the exact same software as production, so that if an issue occurs in production, you can test the fix prior to applying it to the production environment.
You need to track the software levels for these reasons:
Ensure that you use the correct procedures when you update software. Depending on the software level currently in place, the upgrade procedures might vary.
If issues arise, you can provide the appropriate details to IBM Support so that they can help resolve the issue as quickly as possible.
When you plan an upgrade, you can ensure that any fixes that you have applied to your current environment have been rolled into the release to which you want to move.
 
Important: Just because a release is made available after you install a fix in your environment, do not assume that your fix is included in the release.
10.11.2 Checking compatibility and build numbers
If you have a build number but you are not sure what release it matches, or if you need to check that a fix you want to install is compatible with other FileNet P8 components in your environment, see the FileNet P8 Fix Pack Compatibility Matrices.
The matrices can be downloaded from the following URL:
There is a separate matrix for each major IBM FileNet Content Manager release. Column B provides the build numbers.
10.11.3 Reporting issues and downloading fixes
To report an issue, use the IBM Support portal (you must be registered):
All IBM FileNet Content Manager fixes are made available via the IBM website called Fix Central:
 
Tip: All FileNet Workplace XT fix packs are full installations of a complete FileNet Workplace XT package and not merely incremental updates.
 
Important: Review the list of fixes included in the package to determine whether any of them might negatively affect the functionality that is used in your environment. If so, ensure that any regression testing includes these changes.
Prior to installing a software update, ensure that you review the readme file and verify that the fix is compatible with the software in your environment and that it resolves your specific issues.
Also, consider signing up to receive automatic alerts for critical updates and issues:
10.12 Updating security
As your system grows, you might find it necessary to add users and groups to create or access content. Although content security can be added for specific users, a best practice is to use security groups. Users can easily be added to the group to gain the security roles that they need, as well as easily removed from a group when their role changes and they no longer need access to the content. Securing content to a specific user requires maintenance to find content and add security for them as user roles tend to change over time.
To update an object store with new users or groups, use IBM FileNet Enterprise Manager’s Security Script Wizard to run the OSecurityUpdate.xml script. IBM FileNet Enterprise runs on Windows operating systems only and is installed by using the Tools option in the Content Platform Engine installer.
 
Recommendations: Although there are ways to apply security to individual objects, using the Security Script Wizard is the only way to ensure that security is set correctly for the entire object store. Failure to use the wizard can result in users not having the correct permissions to access or create content.
To update an object store with new users or groups, follow these steps:
1. In the IBM FileNet Enterprise Manager, right-click the object store node, select All Tasks, and run the Security Script Wizard.
2. When prompted to select an XML security script information file, browse to and select OSecurityUpdate.xml. It is installed in the installation base directory:
FileNetContentEngineScriptsComponent Library
3. When prompted to define security roles, you see two roles under Security Role: Object Store Administrators and Object Store Users.
Click Add to add security participants for the selected role. The Select Users and Groups dialog box opens. Click OK when you have added the participants for that particular role. See Figure 10-16 on page 363, which shows the Security Script Wizard.
Figure 10-16 Security Script Wizard interface
4. Click Finish when you are done. The wizard generates a prompt informing you where its log file will be located. The wizard proceeds to apply the security permissions to the objects in the object store. This process can take time, depending on the number of objects that need to be updated. The wizard reports when the process of applying security is complete.
5. If you added groups to only one Security Role, a notice appears (see Figure 10-17). Click OK to continue. This notice appears because no current Security Roles will be deleted; only the new roles will be added by the wizard.
Figure 10-17 Security wizard notice
The Security Script Wizard sets permissions on the root folder in the object store, but it does not directly modify the security assigned to individual documents and custom objects. Depending on how inheritance has been configured, the document and custom object permissions might be inherited from the root folder.
You can read more detailed information by selecting ecm_help → FileNet P8 Administration → Content Platform Engine Administration → Managing Security → Security Script Wizard.
10.13 Backup and restore
In this section, we discuss IBM FileNet Content Manager backup and restore.
Chapter 7, “Business continuity” on page 217, discusses types of events that can require a system restoration. It focuses on building a highly available environment with protection against catastrophic system or site loss to ensure that your system is always available. If you are responsible for system recovery, familiarize yourself with business continuity methods whether your budget permits a hot site or not. You might be able to use some business continuity methods to reduce backup and restore times in your data center. If your budget permits a hot site, you still need a backup and restore mechanism to recover from human errors, such as deleted or modified files. A mirrored hot site mirrors all activity; it lacks a means to differentiate an intentional or accidental change.
 
Recommendations: Store your backup media off-site away from your primary servers. Make sure that the media is moved to the off-site location as soon as possible after the backup completes.
The longer your backup media is stored near your primary servers, the greater the chance that a catastrophic event can destroy both your servers and your ability to restore your systems to operational condition.
IBM FileNet Content Manager does not provide backup software. You must use backup utilities that are supplied with your operating system or database or by third parties.
10.13.1 System components requiring backup
This list shows the system components that require backup:
Databases (all tables or table spaces and schema for your system)
File storage areas if used or configured, including fixed content storage areas
Content search files and indexes
Server operating system, Java EE environment, and all IBM FileNet Content Manager installed software
You can choose to omit the operating system and software backup. In the event of a failure that requires a restore operation, this choice requires a reinstallation of all components on a server, which increases the time required to return the server to normal operations.
Lightweight Directory Access Protocol (LDAP) security system
If you are using the user ID’s security identifier (SID) as the unique identifier for the user, ensure that the SIDs are maintained during a restore. IBM FileNet Content Manager uses a unique identifier for security, which by default is the SID. Simply re-creating deleted users or groups does not work because re-creating deleted users or groups typically creates a new unique identifier. If your system is configured to use a different type of unique identifier, for example, email address or employee ID, these attributes can be re-created when a user account is added back to the LDAP.
Any external systems with which your IBM FileNet Content Manager application operates
Typical IBM FileNet Content Manager installations operate in concert with existing applications. Examples are Customer Relations Management systems, database applications, and mainframe applications. Their data needs to be backed up at the same time that your IBM FileNet Content Manager system is backed up to ensure full data consistency.
 
Tip: If your system uses Fixed File Storage areas for compliance or Image Manager applications, you need a normal file storage area for temporary staging of content. If your application performs content reservations or uses annotations, that metadata is stored in the “temporary” file store. This file storage area must be included in your backup and recovery strategy.
10.13.2 Offline backup
An offline backup is the preferred method for IBM FileNet Content Manager. An offline backup ensures that all application data is in a consistent state. When a restore becomes necessary, all data must be recovered to the same point in time.
A backup window is the amount of time that your system can be down for backup. If your system has users running from 6:00 a.m. to 11:00 p.m., you have a seven hour backup window. A best practice is to allot time before and after users require the system to accommodate late workers or a backup that runs longer than usual. We advise allotting 1/2 to one hour before and after users expect the system to be operational. In this example, allotting one hour before and after gives you a five hour total backup window to stop the servers, perform the backup, and start the servers.
Typical installations store content in a file system, metadata in a database, work items in a process database, and pointers to the content in external systems. The amount of time that is necessary to back up the individual system components can vary by minutes or hours.
The amount of time required for the longest component’s backup must fit within your backup window. Your content storage area usually consumes the greatest amount of backup time.
There are a few steps that you can take to decrease backup time to fit your window:
Use a combination of full and incremental backups. Incremental backups simply capture information that has changed since the last backup. This can greatly reduce time spent backing up data. During a restore, you must restore from your last full backup and apply the incremental backups before starting your system, which increases the amount of time necessary to restore your system. A best practice is to perform full backups weekly when a larger backup window is available and perform incremental backups during the week when your backup window is smaller.
If you use tape as your backup media, a faster alternative is to back up your data to disk files. When the backup to disk completes, transfer the backup files to tape, which allows your IBM FileNet Content Manager system to run while the transfer to tape occurs.
The next section describes potential methods to run online backups. Those techniques can safely be used for offline backups. Simply stop your IBM FileNet Content Manager servers, run the copy, and restart your system. This approach provides the fastest possible offline backup.
If your backups cannot be completed within your backup window, you need to look at the online backup methods discussed next.
10.13.3 Online backup
You need to investigate online backup alternatives if your system must run 24x7, your backup time exceeds your backup window, or your service-level agreements (SLAs) require a higher frequency than a nightly backup. Online backups are also referred to as hot backups.
The issue with online backups is ensuring consistency in your backups. As mentioned in 10.13.2, “Offline backup” on page 365, backup times can vary between different components. If your IBM FileNet Content Manager database backup completes in 30 minutes, but your file store backup runs three hours, it is highly possible that when a restore is performed, your database might not have metadata pointers to all the files in your file store. The result is an inconsistent system. IBM FileNet Content Manager provides a Consistency Checker utility (see 10.8.3, “Consistency checker” on page 351) that you can use to find inconsistent objects.
There are options on the market that can help resolve this situation. IBM FlashCopy, NetApp, disk, volume, or storage area network (SAN) mirroring techniques are available that permit point-in-time backups or snapshots of your data. These options typically work similarly to the disk mirroring that has been used for many years. Where they differ is that they mirror several disks or volumes in groups and permit adding point-in-time details. Restoring involves copying the mirror back to the last good point in time. Several techniques offer offline tape backup of the mirror and point-in-time copies. Ideally, the utilities provide a means of capturing consistent slices across all disk drives and servers used by your application.
You can use the IBM Lab Services offering to help you create an online backup strategy.
Section 7.4.1, “Disaster recovery concepts” on page 235 discusses methods that use these techniques to copy your data to a remote facility. The same techniques can provide copies in your primary data center. Most storage vendors offer local and remote mirroring capabilities for this copying. It might be called a point-in-time, snapshot, or flash backup capability. Most storage vendors also provide tape backup solutions to move the data off-site.
Check whether your database vendor has any special requirements for using these techniques for system backups; most vendors have special requirements. Consider also using an offline database backup for additional safety.
10.13.4 System restore
There is no particular required component order when a system restore becomes necessary. Your LDAP security and databases need to be operational before you start IBM FileNet Content Manager after a restore. Typically, you restore information in this sequence:
LDAP system
Database server
IBM FileNet Content Manager server operating system
Application servers
Content Platform Engine
File stores if used or configured
Other IBM FileNet Content Manager components
Any external systems with which your IBM FileNet Content Manager application operates
Your IBM FileNet Content Manager system needs to be down during the restore process. If you used incremental backups, restore all incremental backups before you start your IBM FileNet Content Manager system. After all restores are completed, start your IBM FileNet Content Manager system normally.
 
Recommendations: Consistency checks can run for a long time depending on the amount of content in your system. Limit the amount of time that the consistency check runs. Set the check to start a few hours before the major event that requires its use.
10.13.5 Application consistency check
If your application uses external systems, your application developers must consider creating tools to allow validating the consistency between your IBM FileNet Content Manager system and the external systems. There might be an event where you need to restore your IBM FileNet Content Manager system, and external systems cannot be restored to the same point in time. In those cases, you need a means to validate that content references in the external systems are on the IBM FileNet Content Manager system.
10.14 Task schedule
Table 10-2 lists the recommendations for the frequency of performing IBM FileNet Content Manager system administration tasks.
Table 10-2 Task schedule recommendations
Task
Frequency
Comments
Monitor system
Daily
Processes, performance, and logs
Back up system
Daily
Databases, file stores, and LDAP service
Log maintenance
Weekly
See footnote 1
Check free space
Weekly
All file systems and databases
Check performance
Weekly
See footnote 2
Check for latest
fix packs
Monthly
See footnote 3
Database maintenance
Periodically
Consult your database vendor for periodic maintenance functions to keep the database optimized. Ensure that you meet their recommendations.
Backup software
Monthly
Operating systems, Java EE server, and installed software
Apply patches
Semi-annually
See footnote 3
Test restore
Annually
A full system restore must be performed at least once per year on DR hardware.
1 Log maintenance must include all operating system, application server, and IBM FileNet Content Manager product error and trace log files. Log maintenance must also include the Content Platform Engine audit log and the Content Platform Engine log database tables, if used. All log files can grow quite large over time; on busy systems, you might need to increase the maintenance frequency. Low use systems might be able to reduce the frequency.
2 “System Dashboard performance archiver” on page 332 describes how to archive performance logs. You can generate reports from the archived log files. If you use IBM FileNet System Monitor, you can configure it to keep archived performance data and generate reports, as well.
3 IBM FileNet fix packs are produced at regular intervals. Fix packs are available on Fix Central: http://www.ibm.com/support/fixcentral/
10.15 Conclusion
This list summarizes our recommendations in this chapter:
Run the archiver.jar to capture performance data during peak hours of activity.
Maintain message logs by renaming them and then deleting them after a period of time.
Manage (clean up) audit and statistics logs weekly when used.
Keep auditing as minimal as possible.
Use security groups to secure content.
Store your backup media off-site.
Allot free time before and after the backup as part of a backup window.
If you use incremental backups, perform full backups weekly.
Run the Consistency Checker utility after you restore a system.
In Chapter 11, “Upgrade and migration” on page 371, we address upgrade and migration topics. In Chapter 12, “Troubleshooting” on page 387, we discuss troubleshooting techniques.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.114.223