Tibco Nimbus Administration Guide Software Release 9.5.2 October 2015

Transcript

TIBCO NimbusTM Administration Guide Software Release 9.5.2 October 2015 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE LICENSE FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright law s and treaties. No part of this document may be reproduced in any form w ithout the w ritten authorization of TIBCO Softw are Inc. TIBCO, Tw o-Second Advantage and TIBCO Nimbus are either registered trademarks or trademarks of TIBCO Softw are Inc. in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective ow ners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE RELEASE NOTE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright © 1997-2015 TIBCO Softw are Inc. ALL RIGHTS RESERVED. TIBCO Softw are Inc. Confidential Information TIBCO Nimbus Administration Guide Contents 3 Table of Contents Introduction About .................................................................................................................... the Administration Guide 7 About .................................................................................................................... TIBCO Nimbus 8 Installation Planning .................................................................................................................... 12 Installation Planning .............................................................................................................. 12 Upgrading .................................................................................................................... from Previous Releases 12 Migrating data from a previous version .............................................................................................................. 12 Migrating Web Server settings .............................................................................................................. 17 Installing .................................................................................................................... the Client 19 Installing .................................................................................................................... the Web Server 22 Configuring .................................................................................................................... Authentication 29 Configuring LDAP Integration .............................................................................................................. 29 Configuring SSO via Windows Authentication (IWA) .............................................................................................................. 39 Configuring SSO via Netegrity SiteMinder Authentication .............................................................................................................. 41 Integrating .................................................................................................................... TIBCO Nimbus with SharePoint 43 Creating a SharePoint Integration .............................................................................................................. 44 Upgrading a SharePoint Integration .............................................................................................................. 54 Adding Web Parts to other SharePoint sites .............................................................................................................. 54 Integrating with a SharePoint document library .............................................................................................................. 61 Installing .................................................................................................................... the Action Server 62 Installing .................................................................................................................... the Business Intelligence Server 64 Installing .................................................................................................................... the TIBCO Nimbus Performance Monitor 65 Installing .................................................................................................................... the TIBCO Nimbus Batch Server 66 Uninstalling .................................................................................................................... TIBCO Nimbus 66 Security Securing .................................................................................................................... a Process Repository 68 Configuration Web .................................................................................................................... Server Configuration 70 TIBCO Nimbus Administration Guide 4 Administration Guide Configuring the Web Server .............................................................................................................. 70 Configuring MIME mappings .............................................................................................................. 84 Configuring Web Server Logging .............................................................................................................. 84 Configuring Page Hit Logging .............................................................................................................. 84 Configuring Web Hit Logging .............................................................................................................. 85 Action .................................................................................................................... Server Configuration 89 Configuring the Action Server .............................................................................................................. 89 Configuring SMTP Email .............................................................................................................. 90 Configuring SMTP Logging .............................................................................................................. 91 Configuring LDAP Synchronization .............................................................................................................. 91 Testing LDAP Synchronization .............................................................................................................. 91 Configuring LDAP Synchronization Logging .............................................................................................................. 92 Business .................................................................................................................... Intelligence Server Configuration 94 Configuring the Business Intelligence Server .............................................................................................................. 94 Testing the Business Intelligence Server .............................................................................................................. 95 Synchronizing the Business Intelligence Server .............................................................................................................. 95 Configuring Business Intelligence Server Logging .............................................................................................................. 96 User Management Creating .................................................................................................................... Users and User Groups 98 Importing .................................................................................................................... Resources 99 Importing .................................................................................................................... User Roles 100 Administration Importing .................................................................................................................... and Exporting Data 102 Exporting Diagrams as XML .............................................................................................................. 102 Exporting Data to a Database .............................................................................................................. 103 Importing Data Tables .............................................................................................................. 104 Metric .................................................................................................................... Configuration 105 Updating Excel Macros .............................................................................................................. 105 Creating SQL Queries .............................................................................................................. 105 Scheduling and Updating SQL Queries .............................................................................................................. 107 Integrating with SAP BW and SAP NetWeaver BI .............................................................................................................. 108 Integrating with Cognos Metrics Manager .............................................................................................................. 110 Integrating .................................................................................................................... with Third-party Applications 112 TIBCO Nimbus Administration Guide Contents 5 Integrating with SAP NetWeaver .............................................................................................................. 112 Integrating with Generic Portals .............................................................................................................. 113 Integrating with OpenText Document Management .............................................................................................................. 118 Integrating with tibbr .............................................................................................................. 118 Maintenance Recovering .................................................................................................................... Deleted Maps and Diagrams 120 Purging .................................................................................................................... Deleted Content 120 Checking .................................................................................................................... Performance 120 Checking .................................................................................................................... Maps 121 Backing .................................................................................................................... Up Data 124 TIBCO Nimbus Backup Utility .............................................................................................................. 125 Third-party Backup utilities .............................................................................................................. 127 Archiving .................................................................................................................... Maps 129 Creating Archives .............................................................................................................. 132 Restoring Archives .............................................................................................................. 133 Managing .................................................................................................................... Database Tables 135 Synchronizing .................................................................................................................... the Web Server 137 Monitoring .................................................................................................................... Web Server Performance 140 Restarting, .................................................................................................................... Stopping and Starting the Web Server 140 Managing .................................................................................................................... TIBCO Nimbus Services 141 Replacing .................................................................................................................... File Link Paths 142 Viewing .................................................................................................................... Map Paths 142 Enabling .................................................................................................................... Administrator Access to all Diagrams 142 Customization Customizing .................................................................................................................... the Web Server 145 Support and Feedback TIBCO Nimbus Administration Guide Chapter 1 Introduction TIBCO Nimbus Administration Guide About the Administration Guide 1.1 7 About the Administration Guide This guide is designed to provide TIBCO Nimbus™ 9 administrators with information on performing the following tasks: Installing components of the TIBCO Nimbus suite, including migration of data from previous major versions Configuring components of the TIBCO Nimbus suite Managing TIBCO Nimbus users Administering the TIBCO Nimbus suite Maintaining the TIBCO Nimbus suite. Audience The intended audience for this guide includes: IT staff responsible for providing the technical infrastructure in which the TIBCO Nimbus suite is deployed IT staff responsible for the setup of TIBCO Nimbus The nominated TIBCO Nimbus administrators responsible for the day-to-day management of the TIBCO Nimbus suite. TIBCO Nimbus Administration Guide Chapter 1 Introduction 8 1.2 About TIBCO Nimbus TIBCO Nimbus is a software suite designed to enable organizations to capture, analyze and communicate a common set of processes that can be used to manage an organization. The suite consists of five primary components: Desktop Client The Desktop Client is a Windows-based application that provides authors with the tools in which to create and manage process maps, supporting information and documents. Web Server The Web Server allows users to access and collaborate on data, anywhere across the internet or corporate intranet. It runs as a standalone application that interacts with IIS using a small ISAPI extension that serves to redirect the requests to the application. The Web Server can also be integrated into a SharePoint solution. Action Server The Action Server runs as five separate Windows-based services in the background - Email, Lock, Office Integration and LDAP services. The primary tasks are to act as the TIBCO Nimbus Email Server by utilizing basic SMTP services to provide a gateway into a corporation's Email system, and to integrate with Directory Services. Business Intelligence Server The Business Intelligence Server provides the ability to send SMS text messages and Email notifications when defined measures are breached. Windows Server Performance Monitor Plug-in The Windows Server Performance Monitor Plug-in provides system administrators with the ability to monitor the internal behaviour of the Web Server and allows all of the normal capabilities of Performance Monitor to be used. Batch Server The TIBCO Nimbus Batch Server is a separate utility that handles various operations outside of the Author Client, such as the promotion of draft content and assigning reviewers, requesting reviews, unlocking diagrams and assigning diagram access rights in the web. This allows the processes to be streamlined and managed from a server instead of a user's PC. This method also safeguards data integrity as it prevents users from terminating the operation midstream on their PC. How is data managed? TIBCO Nimbus data is managed in three databases: Process Repository The process repository is a folder in the file system that holds the process diagrams and all process-related information (resources, metadata, access rights). It consists of a number of flat files and DBISAM database tables and index files. For more information see 'How is data stored' below. TIBCO Nimbus Administration Guide About TIBCO Nimbus 9 The Document Registry The Document Registry is a document management system that holds supporting files related to processes (forms, media files, templates, spreadsheets, application links, policy documents, etc). Business Intelligence Repository The Business Intelligence Repository tracks trend data for the key metrics in order to produce graphs and launch alerts. How is data stored? TIBCO Nimbus stores all data and process content generated by authors in the Process Repository folder in the Windows file system. All tables and other files are organized in different sub-folders within the Process Repository folder. Note that the Process Repository folder can be secured by preventing unauthorized access outside of the software. Please refer Securing a Process Repository for more information. The TIBCO Nimbus software uses the ElevateDB embedded database engine for the table, index and other database-related files. The system data, process content and other files are optimized for the TIBCO Nimbus software to help maximize performance based on the type of data that is stored and the access profile. Each process map is stored in a separate folder inside the Maps folder in the Process Repository folder. Each map is uniquely identified via a 32 hexadecimal GUID code, for example C1661023902543058AF18DD1E9476326. A map's GUID is used as the name of the folder for where the map is stored. This allows authors to easily rename the map without requiring changes to the folder structure in the Process Repository. A number of ElevateDB table files and other data files are stored in each process map folder. For example, the Diagrams files are the database files used for storing all diagrams within a process map. To prevent exceeding character limits within the Windows file system, process map folders are stripped within sub-folders based on the first two characters of a map's GUID code. For example, if the map GUID is C1661023902543058AF18DD1E9476326 then it will be stored inside a sub-folder called 'C1' inside the Maps folder. The GUID for a process map can be viewed in the 'Physical Path' field in the 'Where Am I' dialog (accessible from the Map menu in the TIBCO Nimbus Author Client application. History In v9.0.0, v9.0.1 and v9.1.0 of TIBCO Nimbus the same folder structure was used, however the DBISAM embedded database engine was used for all the database table files. In TIBCO Nimbus v9.2.0, the embedded database engine was upgraded to ElevateDB, which fully supports Unicode and therefore allows for all multibyte characters to be used throughout the generated process content. The TIBCO Nimbus 9.1 to 9.2 migration utility automatically migrates all DBISAM database table files up to the ElevateDB database table format. In v8.1.5 and earlier releases of the software the embedded DBISAM database engine component was used and the process maps were stored in separate folders, however the folder names were based on the actual names of process maps. This prevented process maps from being easily renamed because the folder name would also need to be renamed, which required all files to be closed and not in use by any other instance of the TIBCO Nimbus software, including the TIBCO Nimbus Web Server application. This was too limiting in large deployments of the TIBCO Nimbus software. The TIBCO Nimbus 8.1 to 9.0 migration utility automatically restructures all process map folders in the Process Repository from being based on the actual name of the process map to be based on the GUID of the process map. Advisory TIBCO Nimbus Administration Guide 10 Chapter 1 Introduction It is extremely important that no changes are made to the Process Repository files outside of the TIBCO Nimbus software. Any changes to the files may cause data corruption and potentially result in data loss and instabilities in the TIBCO Nimbus software. The Admin Utility, supplied with the TIBCO Nimbus software, allows database tables and other files to be examined, repaired and potentially modified in some cases. If you are planning on modifying any database tables and other files in this manner, please contact TIBCO Nimbus Support to provide assistance in all cases when using the TIBCO Nimbus Admin Utility. TIBCO Nimbus Administration Guide Chapter 2 Installation TIBCO Nimbus Administration Guide Chapter 2 Installation 12 2.1 Planning 2.1.1 Installation Planning For information on planning the installation of the TIBCO Nimbus suite, including hardware and software requirements, sizing requirements and deployment options, please refer to the Installation Planning Guide that can be downloaded from TIBCO's Documentation site (https://docs.tibco.com). 2.2 Upgrading from Previous Releases If a previous major version of TIBCO Nimbus is installed, the data within the current process repository must be migrated to the latest version before it can be used with the TIBCO Nimbus suite. 2.2.1 Migrating data from a previous version Before upgrading from a previous major version to the latest version, you must first migrate the process repository. A process repository is essentially a data folder in the file system which holds process diagrams and other process-related information. During the migration process, the existing table structures in the process repository are converted in order to make them compatible with the latest release. Following the migration process the latest version can then be installed. Archived Maps Archived maps will be converted to the new format as part of the migration process and will be accessible to users as they were in the old version. However, any compressed static archived maps (.arc) will not be upgraded to the latest version. Instead you will be prompted to select a backup folder to automatically move these files into during the migration. Since .arc files cannot be upgraded, access to compressed archived maps is only available by maintaining the old version of TIBCO Nimbus with the old process repository. Prerequisites Before migrating a process repository, the following points should be considered and the relevant actions taken: Prevent users from accessing the process repository To allow you to back up your process repository and migrate the data to the new format, all users must be logged out of the Author Client and the web server. Author Client. You can view if any users are still active in the Author Client (from the Tools menu choose Users, then Active Users). Web Server. To prevent users from accessing the web server, the web server must be stopped. See Restarting, Stopping and Starting the Web Server for information on stopping the TIBCO Nimbus web server. Stop TIBCO Nimbus services In order to ensure a consistent backup, all TIBCO Nimbus services must be stopped before running a backup. See Managing TIBCO Nimbus Services for information on stopping TIBCO Nimbus services. TIBCO Nimbus Administration Guide Upgrading from Previous Releases 13 Stop TIBCO Nimbus scheduled tasks No scheduled tasks, such as the System Synchronization utility (ssync.exe) should be running on the process repository. Back up your data Before proceeding with migrating your data, it is strongly advised to take a complete backup of your existing process repository. This allows you to roll-back if any problems occur. See Backing Up Data for more information on how to obtain a consistent copy of a process repository. Note: The Deleted Maps folder is emptied during the migration process. If you wish to retain this data in the old version format, you must ensure that this folder is backed up too. The default location is \Deleted. Delete the cache folder To ensure you have any improvements to the indexing of the web server's cache table, when upgrading to the latest version it is advisable to delete the current Cache folder. The web server must be stopped first. When the web server is restarted, the Cache table will be rebuilt. The default location is \Cache. Migrating a process repository The following steps detail how to migrate a process repository. 1. Download the latest version of TIBCO Nimbus. 2. Create a new folder in which to install the new version of TIBCO Nimbus. For example: C:\TIBCO Nimbus Before copying the process repository you must ensure there are no users currently logged in to either the Author Client or the web server. Please refer to the prerequisites above for more information. 3. Copy the existing Process Repository, Scorecard Repository, Process RepositoryATTACH, and any other data folders that you've created, into the folder created in Step 2. Copying them ensures that the existing data is still available if a roll-back is required. 4. Restrict the permission on the previous installation folder to allow only those users that require access to access it. 5. Run the appropriate migration tool. The migration tools are found in the Utilities folder on the downloaded image: Existing Version Migration Tool (to use) TIBCO Nimbus 9.4.x CtrlMigration94To95.exe TIBCO Nimbus 9.3.x CtrlMigration93To94.exe TIBCO Nimbus 9.2.x CtrlMigration92To93.exe Nimbus Control 9.1.x CtrlMigration91To92.exe Nimbus Control 9.0.x CtrlMigration90To91.exe TIBCO Nimbus Administration Guide 14 Chapter 2 Installation Nimbus Control 8.1.x CtrlMigration81To90.exe Notes: When migrating the process repository, you will be presented with the option to change the save location for archived maps and to set the default time zones for actions. It should also be noted that from v8.1, acknowledgment requests are handled differently. If you are migrating a process repository from 8.0 or earlier, an Acknowledgment Migration Impact Assessment step will require your action. The choice you make will be dependent on the extent to which you use and enforce acknowledgment requests. Click Help on the window for further information. 6. Select Upgrade TIBCO Nimbus Process Repository, then click Next. 7. Click Browse and select the process repository that you copied in Step 3, then click Next. 8. Enter the user name and password of a TIBCO Nimbus administrator, then click Next. 9. Confirm you have backed up the process repository by clicking Next. 10. Select whether to migrate any compressed and live non-compressed map archives, then click Next. Note: This step only applies when migrating a v9.2 process repository and above. 11. Click Start to begin migrating the process repository. Each of the required tools will run consecutively until the data has been migrated to the latest version. Post Migration Once you have migrated the process repository you can install the TIBCO Nimbus suite. Install the Client into the new folder structure created in Step 2. If access to the previous web server is still required, rename the IIS virtual directory name (e.g. to 'TIBCONimbus900'). Install the web server using the previous virtual directory name (by default this is NimbusControl). Install all other components and integrations, as required. Inform all desktop users about the new shortcut required to access the new Author Client. Remove scheduled tasks from Windows Task Scheduler on the server (see Windows Scheduled Tasks below for more information). Windows Scheduled Tasks From version 9.3, scheduled tasks will be managed by the Nimbus Batch Server. During migration, any scheduled tasks that exist in the process repository will be copied to the Nimbus Batch Server. After the migration has finished, you can compare the timings of the scheduled reports in TIBCO Nimbus to the timings in Windows Scheduled Tasks. If the timings match then the original tasks in Windows Task Scheduler can be removed from the server. Additional Notes: Users will be able to access the new web server using the same URL as before; however users requiring access to the previous web server will require the updated URL using the renamed virtual directory. Network client users will require a new desktop shortcut. Usually there is no requirement to re-license the suite as the license details are migrated as part of the migration process. However, prior to the release of version 9, the license code format was different and therefore migration from version 8 or earlier will require a new license code to be requested. TIBCO Nimbus Administration Guide Upgrading from Previous Releases 15 Upgrading Packaged Maps If you have any packaged maps from v9.3.0 or earlier, they must be migrated to the latest release before you can unpackage them into the migrated process repository. 1. Run the migration utility that matches the version the map was packaged in and choose Upgrade Packaged Maps. For example, if the packaged map was created in version 9.0.x, run CtrlMigration90To91.exe. 2. Next, run the subsequent migration utilities in order and up to the current migration utility. For example, if you ran CtrlMigration90To91.exe in step 1, run CtrlMigration91To92, then CtrlMigration92To93, then CtrlMigration93To94 and finally CtrlMigration94To95. Note: As you work through the migration utilities, you will be requested to choose the default time zone and specify where to get the time zone from (either from the current computer or from the old process repository). Upgrading Packaged Statement Sets Packaged statement sets from v9.3 are not required to be migrated to the latest version in order to unpackage them into the migrated process repository. However, if you have statement sets that were packaged before v9.3 then you must upgrade them by following the relevant instructions below. Upgrading v9.2 packaged statement sets 1. Run CtrlMigration92To93.exe. 2. Select Upgrade Packaged Statement Sets, then click Next. 3. Click Browse and select the SPK file to upgrade, then click Next. 4. Click Start. Upgrading v9.1 packaged statement sets 1. Run CtrlMigration91To92.exe. 2. Select Upgrade Packaged Statement Sets, then click Next. 3. Click Browse and select the SPK file to upgrade, then click Next. 4. Click Start. Upgrading v9.0 packaged statement sets 1. Run CtrlMigration90To91.exe. 2. Select Upgrade Packaged Statement Sets, then click Next. 3. Click Browse and select the SPK file to upgrade, then click Next. 4. Click Start. 5. Repeat steps 1 to 4 using CtrlMigration91To92.exe. Upgrading Packaged Storyboards If you have any packaged storyboards from v9.3.0 or earlier, they must be migrated to the latest release before you can unpackage them into the migrated process repository. 1. Run the migration utility that matches the version the storyboard was packaged in and choose Upgrade Packaged Storyboards. TIBCO Nimbus Administration Guide 16 Chapter 2 Installation For example, if the storyboard package was created in version 9.0.x, run CtrlMigration90To91.exe. 2. Next, run the subsequent migration utilities in order and up to the current migration utility. For example, if you ran CtrlMigration90To91.exe in step 1, run CtrlMigration91To92, then CtrlMigration92To93, CtrlMigration93To94 and finally CtrlMigration94To95. TIBCO Nimbus Administration Guide Upgrading from Previous Releases 17 2.2.2 Migrating Web Server settings You can migrate the settings - configuration settings, skins, localization files and the Home page text - from one Web Server to another. This is useful when installing a new version of the Web Server as you can migrate the settings from an existing Web Server installation. The TIBCO Nimbus Web Server Upgrade Utility can either be run before installing the new Web Server or after the Web Server has been installed. Note: The old settings are backed up and stored in '...\Documents and Settings\\TEMP\TIBCONimbus Upgrade'. It is advisable to delete the old Cache folder when upgrading to a new version of the Web Server. See Migrating a process repository for more information. Migrating settings before installing a new Web Server You can run the TIBCO Nimbus Web Server Upgrade Utility before installing the new Web Server. This method will allow you to install the Web Server and migrate the settings from an existing Web Server in one operation. 1. Copy the Utilities and Web Server folders from the download image to a local drive. 2. Run WebUpgradeUtil.exe. Note: WebUpgradeUtil.exe is found in the Utilities folder. 3. Click Browse and select the current Web Server folder. 4. Select any of the following Web Server configuration settings to migrate to the new Web Server: Include Web Server configuration settings will merge any changes in the configuration settings file. Include Skin will merge any changes in the Skin.html. Note: Skin.html is found in ...\TIBCO Nimbus\Web Server\App, and controls various web appearance settings, such as various font colors, storyboard colors, menu appearance, etc. Include Localizations will merge any changes in the localization files. Include Home page sidebar will replace the MyPage.html (Home page text) file with the old version. 5. Click Next. The Web Server installation setup will appear. 6. Follow the steps to install the Web Server. For more information on installing the Web Server see Installing the Web Server. Migrating settings after installing a new Web Server If the new Web Server has already been installed you can still migrate the settings from an existing Web Server using the TIBCO Nimbus Web Server Upgrade Utility. 1. Copy WebUpgradeUtil.exe to a local folder. Note: WebUpgradeUtil.exe is found in the Utilities folder on the download image. 2. Run WebUpgradeUtil.exe. 3. Click Browse and select the current Web Server folder. This is the Web Server that you are migrating settings from. TIBCO Nimbus Administration Guide 18 Chapter 2 Installation 4. Select any of the following Web Server configuration settings to migrate to the new Web Server: Include Web Server configuration settings will merge any changes in the configuration settings file. Include Skin will merge any changes in the Skin.html. Note: Skin.html is found in ...\TIBCO Nimbus\Web Server\App, and controls various web appearance settings, such as various font colors, storyboard colors, menu appearance, etc. Include Localizations will merge any changes in the localization files. Include Home page sidebar will replace the MyPage.html (Home page text) file with the old version. 5. Click Next. Note: You will receive a message stating that the current Web Server installer cannot be found. 6. Click Next. 7. Click Browse and select the new Web Server folder, then click Next. TIBCO Nimbus Administration Guide Upgrading from Previous Releases 2.3 19 Installing the Client This topic describes how to install the TIBCO Nimbus Client. For more information on the Client, including software and hardware requirements and sizing, see the Installation Planning Guide that is included in the Documents folder on the installation CD. Note: iSCSI is not supported over TCP/IP. Prerequisites 120MB of disk space If upgrading from a previous version there must be no users currently using the old version. You must also migrate the process repository before installing TIBCO Nimbus. See Upgrading a Process Repository for more information. You must be logged in to the local machine as an administrator. It is advised that you exit any other Windows applications that are currently running. Please read the Installation Planning Guide (included on the CD) before proceeding. This includes important information about disabling SMB2.x and Opportunistic Locking on Windows Server 2008/2008 R2 to avoid potential data corruption. Installing the Client 1. Do one of the following: Insert the CD and click Client Installation. 2. 3. 4. 5. 6. 7. If the CD installation does not automatically start, from the CD run Setup.exe and click Client Installation. [Welcome] If no other Windows applications are running, click Next. Otherwise, terminate the installation in order to exit the applications, then re-run the setup. [Read Me File] If you are upgrading from a previous version, read the warning and take any necessary steps. Click Next to proceed. [License Agreement] Ensure that you read the license agreement, then click Yes to accept it or No to terminate the installation. [Setup Type] Select whether you want a standard installation, or a network client installation. Standard - this will install the full program and should be selected for new installations or upgrades. Network Client - this will create a shortcut for an existing installation. This shortcut can then be distributed between users who will then have access to the TIBCO Nimbus Client over the network. See the Installation Planning Guide for more information on deploying TIBCO Nimbus. [Choose Destination Folder] The location in which the Client is installed will default to ...\TIBCO Nimbus. To change location, in the Destination Folder panel click Browse to select a location in which to install the Client. To change the location of the process repository, deselect Use default sub-folder for Process Repository and click Browse in the Existing Process Repository panel to specify a location to install the process repository in. Click Next to proceed. [Select Program Manager Group] Select the Program Manager group that the Client will be added to. Either select an existing group or accept/rename the default name to create a new group. Click Next to proceed. TIBCO Nimbus Administration Guide Chapter 2 Installation 20 8. [Start Installation] Click Next to install the Client. Folder permission rights Administrators and process authors will require Read and Modify access to the process repository and any associated data folders. End users require Read access only. If you are planning to share the process repository then you must share a higher level folder and not the actual process repository folder, otherwise users may not be able to access folders on the same level as the process repository, such as process repositoryATTACH and process repositorycred. What Next... Run the Client for the first time Administrator Account When you run the TIBCO Nimbus author client for the first time you will be prompted to create an administrator account. Note: If you plan to use LDAP then use the same account as the administrator account that will be created in the TIBCO Nimbus Admin LDAP group, otherwise this account will be deleted when synchronizing with LDAP. Secure the process repository Securing the process repository will prevent users from editing or deleting any of the file structure of the process repository through, for example, Windows Explorer. See Security\Securing a Process Repository for more information. Distribute the Client executable shortcut If you are providing access to the Client over the network then you must create a copy of the executable shortcut and then distribute it to the users that require access to the Client. To create a network executable shortcut, follow the steps above but select Network Client in Step 5 [Setup Type]. If the Client is to be installed locally, i.e. on each users' PC, then this is not required. Install the Web Server The Web Server provides end-user access to the information held within the process repository and defined external locations, including maps, documents, etc. See Installation\Installing the Web Server for information on installing the Web Server. Enable Single Sign-on Single-sign On allows users to automatically log into the Client and Web Server without having to provide their credentials once they are logged into their organization's network. See Installation\Configuring Authentication for more information. Create User Accounts and User Groups If you are not synchronizing your users and user groups via LDAP you must manually create them. See User Administration in the Administration section of the Client Help for more information. TIBCO Nimbus Administration Guide Installing the Client 21 Related topics Importing resources Importing roles User Management TIBCO Nimbus Administration Guide Chapter 2 Installation 22 2.4 Installing the Web Server This topic describes how to install the TIBCO Nimbus Web Server. For more information on the Web Server, including software and hardware requirements and sizing, see the Installation Planning Guide that is included in the Documents folder on the installation CD. Summary Set up IIS Install the Web Server Modify DCOM permissions Modify TIBCO Nimbus Host.exe COM+ object Modify folder and file access rights Allow the Web Server ISAPI extension Configure IIS Migrating Web Server Settings This section describes installing a new Web Server with default configuration settings. If you have an existing version of the Web Server installed and you want to keep the configuration settings, you can install the Web Server and migrate the settings in a single operation. See Migrating Web Server settings for information on how to do this. Prerequisites The Installation Planning Guide has been read. 120MB of disk space. The TIBCO Nimbus Author Client is installed and has been run against the process repository at least once. The process repository is in a location that is accessible to the Web Server. A TIBCO Nimbus domain service account has been created. This account is used to run all TIBCO Nimbus services and requires access to the various TIBCO Nimbus folders. The account does not require administration rights and the password should be set to 'never expire'. Further information on creating a TIBCO Nimbus domain service account is available in the Installation Planning Guide (included on the CD and with the media image). Installing the Web Server as a SharePoint solution If you integrating the Web Server into a SharePoint solution, please follow the instructions in Integrating TIBCO Nimbus with SharePoint. Setting up IIS The Web Server requires IIS and ISAPI extensions (unless you are setting up a remote connection, for example when integrating the Web Server with a remote SharePoint installation). IIS and ISAPI extensions are not installed on Windows Server 2003, Windows Server 2008 or Windows Server 2012 by default and therefore must first be installed. TIBCO Nimbus Administration Guide Installing the Web Server 23 Windows Server 2003 1. From the Add Remove Programs dialog in Control Panel, click Add or Remove Windows Components. 2. Click Application Server to select it and click Next. This will install IIS6, including ISAPI Extensions. Windows Server 2008/R2 and 2012/R2 1. On the Start menu, point to Administrative Tools, then click Server Manager. 2. In Roles Summary click Add Roles. 3. In the Add Roles Wizard, click Next, and then click to select the Web Server (IIS) check box in the Roles list. Click Add Required Features when prompted, and then click Next. 4. Click Next, and then click to select the IIS Management Console and ISAPI Extensions in the Roles services list. 5. Click Next, and then click Install. Note: The account under which the IIS process runs must have full access to all areas of the process repository. Installing the Web Server 1. Do one of the following: If using physical media, insert the CD and click Enterprise Server Installation. OR If using an electronic image, run Setup.exe and click Enterprise Server Installation. Note: If you are installing on a machine that is not a server you will receive a warning message. The Web Server can be installed on a non-server machine, however you will not receive the benefits that a server has to offer, such as being able to support multiple connections simultaneously. 2. [Welcome] If no other Windows applications are running, click Next. Otherwise, terminate the installation in order to exit the applications, then re-run the setup. 3. [Choose Destination Folder] The location in which the Web Server is installed will default to the location of the Client installation. To change location, in the Destination Folder panel click Browse to select a location in which to install the Web Server. To change the location of the process repository at this stage, deselect Use default sub-folder for Process Repository and click Browse in the Existing Process Repository panel to locate the process repository. Note: The path of the process repository can be changed at any time by editing the Web Server configuration file (see Web Server Configuration for more information). Click Next to proceed. 4. [IIS Configuration Options] The Web Server must be mapped to an IIS virtual directory to allow users to access it through their browsers. Web Server Site - choose the site to install the Web Server to. If selecting a different Web site from the default, you must ensure that the site is correctly configured. Virtual directory name - specify the virtual directory name. This is the name that users will see in the TIBCO Nimbus Administration Guide 24 Chapter 2 Installation browsers as the path of the application and the name that appears in IIS Manager. 5. [Setup Program Manager Group] Select the Program Manager group that the Web Server will be added to; either select an existing group or accept/rename the default name. Click Next to proceed. 6. [Start Installation] Click Next to install the Web Server. Configuring DCOM security DCOM permissions must be configured to allow the various components of the Web Server to communicate. The Network Service account requires Local Access permission rights and Local Launch and Local Activation permission rights for both IIS 6 and IIS7/7.5. Note: If you are implementing Single-sign On (Integrated Windows Authentication) you can use either the Network Service or IWAM account to provide default Launch, Activation and Access rights. If LDAP is being used then you must provide the six default LDAP groups with this access. Modifying the TIBCO Nimbus Host.exe COM+ identity The identity of the TIBCO Nimbus Host.exe container, which runs the Web Server, needs to be set to the TIBCO Nimbus domain service account. 1. Run Component Services. 2. Expand Computers>>My Computer>>DCOM Config. 3. Right-click TIBCO Nimbus ES Web Server Host and choose Properties. 4. Click the Identity tab. 5. Select This user, then enter the TIBCO Nimbus domain service account details. TIBCO Nimbus Administration Guide Installing the Web Server 25 Modifying access to the Web Server folders and files The access rights of all folders and files within C:\TIBCO Nimbus\Web Server\Main needs to be set to allow Read access for all TIBCO Nimbus users. If management of users via LDAP synchronization is used it is recommended that the TIBCO Nimbus LDAP groups are used to provide this access. Read/write access to the following folders must also be enabled for the TIBCO Nimbus domain service account, which the Host.exe process runs under: ...\TIBCO Nimbus\Process Repository\ ...\TIBCO Nimbus\Process Repository\Temp ...\TIBCO Nimbus\Web Server\Reload Allowing the Web Server ISAPI extension Unless ISAPI extensions are enabled by default, you must add and allow the TIBCO Nimbus ISAPI extension to the list of allowed executable extensions in IIS. Note: The CtrlWebISAPI.dll is found in {Installation}\Web Server\Main. IIS 6 In IIS Manager, under Web Service Extensions, add CtrlWebISAPI.dll and set it to Allowed. IIS7/7.5/8/8.5 In IIS Manager, click the name of the server. In Features View, double-click ISAPI and CGI Restrictions. In the Actions pane, click Add. In the ISAPI or CGI path text box, enter the path of the CtrlWebISAPI.dll, or click Browse to select it. Check Allow extension path to execute and click OK. Configuring IIS In Windows Server 2003, Windows Server 2008/R2 and Windows Server 2012/R2, IIS manages virtual directories in application pools. Each pool has its own properties that can be configured and single pools can host multiple virtual directories. When TIBCO Nimbus is installed it looks for an application pool called TIBCO Nimbus Pool. If it does not exist then it is created as part of the installation process. The TIBCO Nimbus virtual directory is created in the same way and is assigned to the TIBCO Nimbus application pool. Note: The Network Service account must have anonymous access to the TIBCO Nimbus application pool (in Windows Server 2008 R2 the application pool identity must be changed to Network Service). The installation also requires two changes to the IIS configuration. WebDAV is disabled as part of the installation process. If enabled, the Front Page Server extensions must be disabled manually. For more information, refer to the Web Server Installation Planning section in the TIBCO Nimbus Installation Planning Guide (included on the installation CD). How to configure access to the Web Server when the process repository resides on a different server When installing the Web Server, the local machine's IIS IUSR account is set to be used for anonymous access by default. This account does not have access to files on other machines, therefore when the process repository is on a different server, the TIBCO Nimbus domain service account must be used instead. In IIS Manager, ensure that Enable anonymous access is enabled for the web site that is hosting the TIBCO Nimbus virtual directory and specify the TIBCO Nimbus domain service account details. TIBCO Nimbus Administration Guide 26 Chapter 2 Installation Note: If you are implementing Single-sign On/Integrated Windows Authentication then you must disable Enable anonymous access and enable Integrated Windows authentication. See Configuring Authentication for more information on enabling Single-sign On. TIBCO Nimbus Administration Guide Installing the Web Server 27 TIBCO Nimbus iPhone App If you intend for users to access video files through the TIBCO Nimbus Player iPhone Edition app (downloadable from the Apple App Store and available for the iPad, iPhone and iPod) then you must ensure that the relevant MIME types are configured on the server (for example .mp4, .mov, .m4v, etc). MIME types need to be configured either on a per-site basis, or server-wide. What Next... Enable Single-sign On To allow users to log in to the Web Server automatically, i.e. without having to provide their credentials once they are logged in to the network, Windows Integrated Authentication must be enabled. See Configuring Authentication for more information. Configure the Web Server There are many configuration options which define how the Web Server works. These parameters are defined in the Web Server configuration file. See Configuring the Web Server for more information. Schedule the synchronization of the Web Server A number of tasks need to be updated regularly to ensure that users are accessing up-to-date information. See Synchronizing the Web Server for more information. Customize the Web Server There are a number of ways in which to customize the look and feel of the Web Server. See Customizing the Web Server for more information. Related topics Integrating TIBCO Nimbus with SharePoint TIBCO Nimbus Administration Guide 28 Chapter 2 Installation Configuring the Web Server Configuring Authentication Upgrading a Web Server TIBCO Nimbus Administration Guide Installing the Web Server 2.5 29 Configuring Authentication TIBCO Nimbus supports Integrated Windows Authentication (IWA) and Netegrity SiteMinder to provide Singlesign On (SSO). This allows users to automatically log in to TIBCO Nimbus without having to provide any credentials once they are logged on to the network via their PC. Lightweight Directory Access Protocol (LDAP) integration is also supported. Whilst not required by IWA, LDAP ensures user names and passwords match in both the directory service and in TIBCO Nimbus. 2.5.1 Configuring LDAP Integration TIBCO Nimbus can use Lightweight Directory Access Protocol (LDAP) to integrate with a central directory service database in order to manage user accounts and user groups, with passwords being authenticated against the directory service. Prerequisites The LDAP Synchronization Service is installed. This is part of the Action Server (see Installing the Action Server for more information). Six user groups are predefined in the directory services environment (see TIBCO Nimbus Default System User Groups below for more information). TIBCO Nimbus Default User Groups There are six default user groups within TIBCO Nimbus and the corresponding groups must be defined in the directory services environment. These default groups can have any name, provided that the distinguished names of the groups are configured correctly in the LDAP configuration file to match up with the directory services. These groups will define who has access to the TIBCO Nimbus environment and what their licensed role is. Main Groups All TIBCO Nimbus users must exist in one of the following three main system user groups: Administrators (provides users with administrative functions and access to all areas of TIBCO Nimbus). Authors (provides users with the ability to create, edit and manage process content in a process repository). End Users (provides users with access to the Web interface only, users cannot create or edit process content). Module Groups End users can be put into one or more module groups to grant them additional capabilities. End User with Change Module (allows users to assist in change management, including authorizations, reviews, promotions, etc). End User with Action Module (allows users to access action management functionality, including viewing actions, undertaking actions, creating and editing actions). End User with Mobile Module (allows users to download storyboards and attachments to their mobile devices). TIBCO Nimbus Administration Guide 30 Chapter 2 Installation Notes: End Users assigned to one of the End User module groups (above) must also exist in the End User group, otherwise they will not have access to TIBCO Nimbus. End Users can be assigned to more than one module group. Example If Jo Bloggs is an End User who requires change management and action capabilities, she should be assigned to the End User, End User with Change Module and End User with Action Module user groups. How does LDAP Integration in TIBCO Nimbus work? Users must be allocated to one of the three main TIBCO Nimbus default system user groups, which must also be defined in the directory services environment. At defined intervals, the LDAP Synchronization Utility synchronizes the internal list of users and user groups that are maintained by TIBCO Nimbus with the directory services groups. When synchronizing, only the maximum number of users that are licensed for will be synchronized, so if there are more users than licenses then some users will not be synchronized. A notification email will be sent to a nominated user account (as set in the LDAP configuration file) in this event. User authentication is performed by the directory services server. Users can also be optionally assigned to additional directory services user groups and have this assignment reflected inside TIBCO Nimbus. In this case, the user groups must also be defined in TIBCO Nimbus and set to be managed by LDAP through the Author Client (see Enabling and Disabling LDAP Management for Specific Users and User Groups below for more information). TIBCO Nimbus is capable of synchronizing with multiple LDAP servers, allowing users to be drawn from multiple domains (for more information see Synchronizing with Multiple LDAP Servers below). Important Notes about Security Access to the LDAP configuration file All TIBCO Nimbus Author Client users, and the TIBCO Nimbus domain service account that the Web Server host.exe process runs under, must have 'read' access to the LDAP configuration file. It is important, however, to set operating system file permissions on the LDAP configuration file in order to prevent non-administrative users from modifying or deleting the file, which could allow access to any user account without the need for a password. Secure Lightweight Directory Access Protocol (SLDAP) TIBCO Nimbus supports SLDAP. This is achieved by enabling the 'UseSecureChannel' parameter in the LDAP configuration file, and it is also automatically turned on when the port number specified in the LDAP configuration file is set to 636 (the default port used for secure LDAP). Each machine where the Author Client is installed must have the certificate to verify it as a trusted source; the application looks for the certificate in the standard certificate store, which can be managed by the MMC certificate snap-in. It is recommended that SLDAP is used when connecting to a directory server environment other than Active Directory, since domain passwords will not be encrypted if ordinary LDAP is used. Note that Active Directory uses normal Windows authentication protocols. HyperText Transfer Protocol Secure (HTTPS) When using LDAP integration, HTTPS should be used as users' domain passwords are passed over the network to the Web Server in a readable format, therefore posing a significant security threat. TIBCO Nimbus Administration Guide Configuring Authentication 31 Enabling and configuring LDAP synchronization 1. Open LDAPconfig.ini (...\TIBCO Nimbus\Process Repository\LDAP) in a text editor, such as Notepad. In the [MainSection] section set UseLDAP=1. 2. Modify any of the optional configuration parameters, as required. Note: Some of the parameters will not be present in the configuration file until LDAP synchronization has been run for the first time. MainSection UseLDAP Enable or disable LDAP synchronization. 0 = Disabled (default) 1 = Enabled UseSimpleBind Enable or disable Simple Bind. For Active Directory it must be disabled (default), for other LDAP server setups it must be enabled. 0 = Disabled (default) 1 = Enabled AdminEmail The Email address of the person who receives a notification when generated by the LDAP service. PortNumber The port number used to communicate with the LDAP server (default is 389). Server The name or IP address of the LDAP server. Note: To define multiple LDAP servers, see Synchronizing with Multiple LDAP Servers below for more information. Main User Groups - all users must belong to one of these groups AdminsDN The Distinguished Name of the TIBCO Nimbus Administrators group (default is TIBCO Nimbus Admin). AuthorsDN The Distinguished Name of the TIBCO Nimbus Process Authors group (default is TIBCO Nimbus Author). EndUsersDN The Distinguished Name of the TIBCO Nimbus End Users group. Module Groups - end users can belong to one or more module groups in order to grant users additional functionality. Note: Users must still exist in the EndUsersDN group ChangeModuleUsersDN The Distinguished Name of the TIBCO Nimbus End User Change Module group. ActionModuleUsersDN The Distinguished Name of the TIBCO Nimbus End User Action Module group. MobileModuleUsersDN The Distinguished Name of the TIBCO Nimbus End User Mobile Module group. LoggingLevel The level of information that is written to the LDAP log file. 0 = None 1 = Low (default and recommended) 2 = Medium 3 = High 4 = Full StartTime The start time that the LDAP service will run for the first time. RepeatMins The time between LDAP synchronization runs (in minutes). Default is 1440, i.e. TIBCO Nimbus Administration Guide 32 Chapter 2 Installation ReportDuplicates DupUserTypeOrder DecodeAsUTF8 CallDelayMSecs ThreadPriority UseFullDN DeriveDomainFromDN one day. Turn on/off duplicate user logging. If turned on then a log entry is recorded if a user with the same name exists in more than one of the three main LDAP groups (Administrators, Authors or End Users). 0 = Disabled 1 = Enabled (default) Specify the order of preference for the effective user account type if a user is duplicated across more than one of the main system user groups (Administrators, Authors, End Users and Connect Users). 1 = Administrator 2 = Author 3 = End User The default is: DupUserTypeOrder= 3,2,1 (this means, for example, that a user in both the Administrators and Authors user groups has the permissions of an author by default, since the Author account type precedes the Administrator account type). The order can be changed, as required. Enable or disable UTF-8 decoding (for LDAP v3 servers). See Further Information below for details. 0 = Disabled (default) 1 = Enabled Specify an optional delay (in msecs) after each call to the LDAP server during synchronization. See Further Information below for details. 0 = Disabled (default) 1 - 1000 = Delay to use (in msecs) Prioritize the synchronization thread in order to reduce CPU load during long synchronizations. 0 = Idle 1 = Lowest 2 = Below Normal 3 = Normal (default) 4 = Above Normal 5 = Highest 6 = Critical Enable or disable sending the full DN for authentication. This is required for NDS and OpenLDAP but is not required for Active Directory. 0 = Disabled (default) 1 = Enabled This parameter is written following the first synchronization. When enabled, before the authentication request, the Users DN will be TIBCO Nimbus Administration Guide Configuring Authentication SystemEmail ReportEmail Resume RunOnStart SyncMethod IncludeInitials EncryptionType UserName 33 dissected to extract the full domain. This is useful for sub domains where authentication cannot occur. If using this option it is recommend to disable the UserFullDN setting (if enabled). 0 = Disabled (default) 1 = Enabled The 'Sent As' address used by the LDAP service for outgoing Emails (it is useful to use a real address so that bounced Emails are not received by users). The Email addresses of the people who will receive completion reports generated by the LDAP service. Multiple Email addresses must be separated by semi-colons. This parameter is written following the first synchronization. Select for synchronization to wait until the next start time to run or to run at the next scheduled interval. 0 = Wait for start time 1 = Run on start This parameter is written following the first synchronization. Specify whether to run the synchronization immediately each time the service is started or to wait for the Start Time. 0 = Wait for start time (default) 1 = Run on start This parameter is written following the first synchronization. Specify to method of synchronization. See Further Information below for details. 0 = Synchronize by distinguished name (default) 1 = Synchronize by Account Name 2 = Synchronize by Email Address This parameter is written following the first synchronization. Enable Users' Initial field to be included when synchronizing. For example, First name=John, Last name=von Trap. This parameter is written following the first synchronization. Specify the level of password encryption. 0 = Password to be decrypted by any PC 1 = Password can only be decrypted by the PC that performed the original encryption 2 = Password can only be decrypted by the PC that performed the original encryption and by the same user This parameter is written following the first synchronization. The user name required to authenticate with the LDAP server. For an Active Directory server this can be a user name or domain name and user name in the form Domain\User Name, for example NIMBUS_UK\JoSmith. For non-Active Directory LDAP servers this usually needs to be the full user DN of the user TIBCO Nimbus Administration Guide 34 Password Anonymous Chapter 2 Installation account used for authentication. This parameter is written following the first synchronization. The password set by the client and is a base 64 encoded encrypted password. The level of encryption used is set by the EncryptionType setting. This parameter is written following the first synchronization. Enable or disable anonymous access to the LDAP server. The UserName and Password parameters above are used for authentication. 0 = Authenticated access (the UserName and Password parameters, as described above, as used to authenticate with the LDAP server) 1 = Unauthenticated access (default) This parameter is written following the first synchronization. IncDisabledUsers Include or exclude users marked as Disabled in Active Directory when synchronizing with LDAP. If included, disabled users will appear as unassigned in TIBCO Nimbus. If excluded then disabled users will not appear in TIBCO Nimbus. 0 = Exclude disabled users (default) 1 = Include disabled users This parameter is written following the first synchronization. UseSecureChannel Enable or disable secure LDAP authentication (note that setting the port number to 636 will also enable secure LDAP). 0 = Disabled (default) 1 = Enabled This parameter is written following the first synchronization. IgnoreServerCertificateErrors Ignore certificate errors (expired, incorrect domain, etc) during LDAP calls. Note that UseSecureChannel must also be set to '1'. (This parameter is written following the first synchronization). 0 = Don't ignore (default) 1 = Ignore AttrMapSection - these parameters are users' details that are integrated by LDAP UserName FirstName LastName EmailName MemberName MobileName WorkPhone StreetName The unique name field that users are known by in the directory service, i.e. the name that the user logs in with. The first name field for users. The last name field for users. The Email address field for users. The attribute used by a group to define the members within it (by default in most LDAP implementations this is 'member'). The mobile telephone number field for users. The work telephone number field for users. The street field for users. TIBCO Nimbus Administration Guide Configuring Authentication 35 CityName StateName ZipCode Country Description ReportsTo The city field for users. The state field for users. The zip/postal code field for users. The country field for users. The description field for users. The account name of the user's line manager. Note: This field is required to escalate users' To-do items. GUID DTx The object GUID. Data table field names associated with user accounts. For example: DT1=site-group-id DT2=unit-id DT3=division-id ...etc Further Information The following provides more information on some of the LDAP configuration parameters, as described above. DecodeasUTF-8 Certain LDAP v3 servers can use UTF-8 encoding when supplying data that has non-ASCII characters in it and return this information in UTF-8 encoded UNICODE, therefore requiring conversion to ANSI characters using the current code page. Setting this value to '1' will enable UTF-8 decoding of all applicable received data. If Activity Directory is in use, however, this value must be '0', i.e. disabled, as this converts non-ASCII text to ANSI before returning it, potentially causing misinterpretation of certain characters. SyncMethod When synchronizing with the LDAP server you can choose to synchronize either by users' distinguished name, account name or by email address. If set to '0', which is the default, then the LDAP DN field is used. If set to '1', the Account Name field is used, which prevents users from being deleted and recreated with a new user ID number in the synchronization process if their distinguished names change. If set to '2', the Email Address field is used. CallDelayMSecs When synchronizing with the LDAP server you can specify a delay after each call, in milliseconds. It works by calling the Windows Sleep API call which enables Windows to process other work. The maximum value is 1000 (1 second) but it is recommended that the value is set between 10 and 20 to reduce CPU load, then increased if necessary. If no value is specified then it is disabled by default. Enabling and Disabling LDAP Management for Specific Users and User Groups By default, if LDAP is enabled then user accounts will be automatically managed by LDAP. User groups are not managed by LDAP unless specifically flagged. To enable or disable LDAP user management: In the User Accounts dialog in the Desktop Client, right-click the user and choose Properties. Select or deselect the This account is not to be managed via LDAP. TIBCO Nimbus Administration Guide 36 Chapter 2 Installation To enable or disable LDAP user group management: To enable LDAP management for a user group, in the User Accounts dialog in the Desktop Client, right-click the user group and select This group is managed via LDAP. Enter the distinguised name (DN) for the user group (this must match the corresponding directory server group name). To disable LDAP management, deselect This group is managed via LDAP (note that if LDAP is enabled you cannot disable LDAP management for the main user group roles). Note: LDAP group members that are not found will be skipped and will not be included as part of the synchronized group. To set the Ignore LDAP Flag (Admin Utility): The Admin Utility allows you to enable or disable the Ignore LDAP flag for specific user groups. This is useful if you want some groups to use a separate TIBCO Nimbus username and password to log in to TIBCO Nimbus and some groups to be managed by LDAP. Note: LDAP group members that are not found will be skipped and not included as part of the synchronized group. Run the Admin Utility (AdminUtil.exe, found in the Utilities folder on the CD) and from the Tools menu choose Toggle Ignore LDAP. Select to set the Ignore LDAP flag to On or Off, then select the checkboxes of your user groups and click Apply. Authenticated LDAP Access Most LDAP servers are set up to allow unauthenticated access. In most cases, access to the LDAP environment will not require authenticated access. However, certain sites require that any access to query the LDAP environment will require a known user. The Action Server can be configured to require authenticated access. This is achieved through the Author Client by allowing the user name and password to be stored in the LDAP configuration file. The password is stored encrypted and can be encrypted to three different levels - standard, local to the machine or local to the machine and user. The default, and recommended choice, is standard, which allows decryption on any machine. 1. In the Client, from the Administration menu choose Application Credentials and then Action Server LDAP service. 2. Select Authenticated. 3. From the Encryption Type drop-down list choose the type of encryption required. Standard allows decryption on any PC (recommended) Current PC allows decryption only on the PC that originally performed the encryption Current PC and current user allows decryption only by the PC that originally performed the encryption and when the same user is logged in. 4. Click OK. The following parameters are written to the LDAP configuration file (LDAPConfig.ini): Server x UserName Password This needs to be set to the name required to authenticate with the LDAP server. For an Active Directory server this can be a user name or domain name and user name in the form Domain\User Name, for example NIMBUS_UK\JoSmith. For nonActive Directory LDAP servers this usually needs to be the full user DN of the user account used for authentication. This is set by the client and is a base 64 encoded encrypted password. The level of TIBCO Nimbus Administration Guide Configuring Authentication Encryption Type Anonymous 37 encryption used is set by the EncryptionType setting. This determines the level of password encryption. 0 = The password can be decrypted by any PC 1 = The password can only be decrypted by the PC that performed the original encryption 2 = The password can only be decrypted by the PC that performed the original encryption and when logged in as the same user Set this for anonymous access (anonymous access is assumed by default). 0 = Non-anonymous access 1 = Anonymous access Synchronizing with Multiple LDAP Servers TIBCO Nimbus is capable of synchronizing with multiple LDAP servers, i.e. to allow for multiple domains. To define additional LDAP servers, add a new section for each additional server to the end of the LDAPconfig.ini called [Serverx], where x is the additional server number. For each additional server you can also define another set of [AttrMapSectionx] and [AttrValuesx] if required, where x is the number of the additional server. For example, for [Server1] you would have [AttrMapSection1] and [AttrValues1]. Note: It is only necessary to define the parameters for additional LDAP servers if they are different from the parameters defined for the main LDAP server. The parameter settings for the main server will be referenced for any parameters that are not defined. [Server1] Server=LDAPServer1 PortNumber=636 [AttrMapSection1] ... [Server2] Server=LDAPServer2 PortNumber=8765 [AttrMapSection2] ... LDAP Logging See Logging LDAP Synchronization for more information. Clearing Users' Distinguished Names The Admin Utility allows you to clear all users' distinguished names (DNs) from the current process repository (i.e. the TIBCO Nimbus Action Server). This could be useful, for example, if you are restructuring the Active Server. This option should be used with extreme caution. The Admin Utility is found in the Utilities folder on the CD. Run AdminUtil.exe and from the Tools menu choose Clear All User DN's. TIBCO Nimbus Administration Guide 38 Chapter 2 Installation What Next... Test the LDAP Synchronization Following the configuration of LDAP synchronization you can test the synchronization between the Directory Service list of users and the TIBCO Nimbus list. This is achieved through the LDAP Utility - see Testing an LDAP synchronization for more information. TIBCO Nimbus Administration Guide Configuring Authentication 39 2.5.2 Configuring SSO via Windows Authentication (IWA) The TIBCO Nimbus Web Server supports Integrated Windows Authentication (IWA), allowing users to access TIBCO Nimbus without having to provide additional user credentials once they are logged in to their PCs. The server platforms supported for use with TIBCO Nimbus all provide Windows authentication (Single-sign On), assuming a suitable Microsoft domain architecture is in use. Notes: Integration with any directory service other than Microsoft's Active Directory may work but is not supported by TIBCO Nimbus. Internet Explorer 5 and 5.5 are not supported for IWA. If support for viewers that do not exist in the domain is also required, another copy of the Web Server can be installed and assigned to a different virtual directory, but pointing to the same process repository. This installation can be configured to use the anonymous mode of interaction for viewers and non-domain users. Prerequisites The user account names in TIBCO Nimbus must be identical to the user names on the domain (LDAP synchronization is recommended - see Enabling and Configuring LDAP Synchronization for more details). The Web Server has been installed and correctly configured: DCOM security is configured. The TIBCO Nimbus host.exe COM+ object identity has been defined. Access rights to the Web Server folders and files have been defined. For more information on installing and configuring the Web Server, see Installing the Web Server. If the Web Server is running on Windows Server 2008 or later, the Authentication role must be installed. In Server Manager, use the Add Roles Wizard to add the Windows Authentication role. See IIS7 Component Not Installed for more information. Enabling IWA in Windows Server 2003 1. 2. 3. 4. 5. 6. Run IIS Manager or IIS Virtual Directory Management Utility. Right-click the virtual directory used by TIBCO Nimbus and choose Properties. Click the Directory Security tab to select it. In the Authentication and access control panel click Edit. Deselect Enable anonymous access and select Integrated Windows authentication. Open config.ini (...\TIBCO Nimbus\Web Server\Config) in a text editor, such as Notepad. In the [Authentication] section set the following two parameters: UseIntegrated=1 IntegAuthType=0 7. Modify any of the other configuration parameters as required (see Configuring Authentication Parameters below for more details). 8. Save and exit config.ini. Enabling IWA in Windows Server 2008/2008 R2 1. Run IIS Manager and select the TIBCO Nimbus application. TIBCO Nimbus Administration Guide 40 Chapter 2 Installation 2. In the IIS section select Authentication. 3. Enable Windows Authentication and disable Anonymous Authentication. 4. Open config.ini (...\TIBCO Nimbus\Web Server\Config) in a text editor, such as Notepad. In the [Authentication] section set the following two parameters: UseIntegrated=1 IntegAuthType=0 5. Modify any of the other configuration parameters as required (see Configuring Authentication Parameters below for more details). 6. Save and exit config.ini. Configuring Authentication Parameters Authentication UseIntegrated RequiredDomain CaseSensitive IntegAuthType Enable/disable integrated authentication (set this to '1', i.e. enabled) (Optional) Specify the domain name that must be matched in addition to the user login name. Any domain matches if not specified. Specify case sensitivity when matching the domain name (user name matching is always case sensitive) 0=Case insensitive 1=Case sensitive (default) Specify the type of authentication used (set this to '0', i.e. Integrated Windows Authentication) ISAPI Authentication AlwaysUseIISAuthInfo Specify whether to use IIS' authentication variables even when the IIS version does not support Unicode authentication details. 0=Disable (default) 1=Enable TIBCO Nimbus Administration Guide Configuring Authentication 41 2.5.3 Configuring SSO via Netegrity SiteMinder Authentication TIBCO Nimbus supports sites that are managed by Netegrity SiteMinder to manage Single-sign On and access to URLs. The integration is based on the use of HTTP header variables that are set by the Netegrity SiteMinder agent with the authenticated username stored within it. Prerequisites The user account names in TIBCO Nimbus must be identical to the user names on the domain (LDAP synchronization is recommended - see User Management\Configuring LDAP synchronization for more details). The Web Server has been installed and correctly configured with respect to DCOM security, the identity of the TIBCO Nimbus host.exe COM+ object has been defined and access rights to the Web Server folders and files has been specified. See Installation\Installation Procedures\Installing the Web Server for more information. Configuring the Web Server to integrate with Netegrity SiteMinder 1. 2. 3. 4. 5. 6. 7. Run IIS Manager or IIS Virtual Directory Management Utility. Right-click the TIBCO Nimbus virtual directory and choose Properties. Click the Directory Security tab to select it. In the Authentication and access control panel click Edit. Select Anonymous access (if not already selected). Click OK. Open the Web Server configuration file - config.ini (...\TIBCO Nimbus\Web Server\Config) - in a text editor, such as Notepad. 8. In the [Authentication] section set UseIntegrated and IntegAuthType to '1', i.e. UseInegrated=1 IntegAuthType=1 9. In the [Authentication] section modify any of the following optional parameters: Authentication RequiredDomain Specify the domain name that must be matched in addition to the user login name. Any domain matches if not specified. CaseSensitive Specify case sensitivity when matching the domain name (user name matching is always case insensitive). 0 = Case insensitive 1 = Case sensitive (default) IntegAutoLogonOnly Enable or disable automatic logon only, i.e. users cannot log out and access the Log On page. 0 = Disabled (default) 1 = Enabled IntegFailureURL Specify a URL to display when an unknown user account attempts to log in. If unspecified a built-in page is displayed. 10. In the [SiteMinderAuthentication] section modify any of the following optional parameters: TIBCO Nimbus Administration Guide 42 Chapter 2 Installation SiteMinderAuthentication HeaderFieldName Specify the header field to obtain the authenticated user name from. Assumed to be HTTP_SMUSER if not specified. PrimaryEncoding Specify the primary encoding part of the SiteMinder HTTPHeaderEncodingSpec setting. 0 = No encoding (default) 1 = UTF-8 encoding SecondaryEncoding Specify the secondary encoding part of the SiteMinder HTTPHeaderEncodingSpec. 0 = No encoding (default) 1 = RFC-2047 encoding TIBCO Nimbus Administration Guide Configuring Authentication 2.6 43 Integrating TIBCO Nimbus with SharePoint TIBCO Nimbus can be integrated into Microsoft SharePoint, allowing users to access process information, such as processes, documents, To dos, storyboards, scorecards, etc, through a SharePoint interface. There are two deployment methods for integrating TIBCO Nimbus into SharePoint and both use the WCF method. Local Integration Local integrations involve the TIBCO Nimbus Web Server being installed on the same server as SharePoint. Remote Integration Remoting allows the TIBCO Nimbus Web Server to be installed on a different server to SharePoint. One or more SharePoint servers can connect to a single TIBCO Nimbus Web Server instance, and multiple remote TIBCO Nimbus Web Servers can connect to a single process repository. SharePoint Farms The TIBCO Nimbus Web Server can also be run within a SharePoint farm using the TIBCO Nimbus remoting solution. The remoting configuration changes to the SharePoint web.config file must be applied on every SharePoint Front-end Web Server. The TIBCO Nimbus Web Server must be configured for remoting. NimbusControl.wsp only needs to be deployed on the machine in which the SharePoint Central Administration site is installed, i.e. it is not necessary to manually deploy the file on every machine within the farm. Network Load Balancing Network Load Balancing is not currently supported. In this chapter: Creating a SharePoint Integration Upgrading a SharePoint Integration Adding TIBCO Nimbus Web Parts to other SharePoint sites Integrating TIBCO Nimbus with a SharePoint document library Note: This guide assumes the user is experienced with SharePoint and the administration of SharePoint sites. TIBCO Nimbus Administration Guide 44 Chapter 2 Installation 2.6.1 Creating a SharePoint Integration This topic describes how to configure the integration of the TIBCO Nimbus Web Server with SharePoint, either locally or as a remote integration using WCF. Prerequisites Software requirements: Windows Server 2003, 2008 or 2012 with Windows SharePoint Server or Microsoft Office SharePoint Server. The TIBCO Nimbus Author Client is installed and has been run against the process repository at least once. .NET 3.0 runtime (recommended .NET 3.0 Service Pack 1 or greater) is installed on the server that hosts the Web Server. Additional requirements: If you are using Windows Integrated Authentication, it is advisable to ensure that authentication is working correctly via the standard Web Server before configuring the SharePoint integration. Note: TIBCO Nimbus does not need any specific authentication mode set in its configuration file as SharePoint requests are authenticated separately. What if the TIBCO Nimbus Web Server has already been installed as a standard web site? You can configure the integration of the TIBCO Nimbus Web Server into SharePoint if the standard Web Server has already been installed. If you are configuring a remote installation then there are no precursor steps. For local integrations, you must install Windows SharePoint Services (if it is not already installed). Note: The default TIBCO Nimbus web site service will be stopped following the installation of WSS. TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 45 Installing the Web Server 1. Do one of the following: If using physical media, insert the CD and click Enterprise Server Installation. OR If using an electronic image, run Setup.exe and click Enterprise Server Installation. Note: If you are installing on a machine that is not a server you will receive a warning message. The Web Server can be installed on a non-server machine, however you will not receive the benefits that a server has to offer, such as being able to support multiple connections simultaneously. 2. [Welcome] If no other Windows applications are running, click Next. Otherwise, terminate the installation in order to exit the applications, then re-run the setup. 3. [Choose Destination Folder] The location in which the Web Server is installed will default to the location of the Author Client installation. To change location, in the Destination Folder panel click Browse to select a location in which to install the Web Server. To change the location of the process repository at this stage, deselect Use default sub-folder for Process Repository and click Browse in the Existing Process Repository panel to locate the process repository. Note: The path of the process repository can be changed at any time by editing the Web Server configuration file (see Web Server Configuration for more information). Click Next to proceed. 4. [IIS Configuration Options] Deselect Configure TIBCO Nimbus for use via Internet Information Server, and then click Next. 5. [Setup Program Manager Group] Select the Program Manager group that the Web Server will be added to; either select an existing group or accept/rename the default name. Click Next to proceed. 6. [Start Installation] Click Next to install the Web Server. Modifying the TIBCO Nimbus Host.exe COM+ identity The identity of the TIBCO Nimbus Host.exe container, which runs the Web Server, needs to be set to the TIBCO Nimbus domain service account. 1. Run Component Services. 2. Expand Computers>>My Computer>>DCOM Config. 3. Right-click TIBCO Nimbus ES Web Server Host and choose Properties. 4. Click the Identity tab. 5. Select This user, then enter the TIBCO Nimbus domain service account details. Modifying access to the Web Server folders and files The access rights of all folders and files within \TIBCO Nimbus\Web Server\Main need to be set to allow Read access for all TIBCO Nimbus users. If management of users via LDAP synchronization is used it is recommended that the TIBCO Nimbus LDAP groups are used to provide this access. Read/write access to the following folders must also be enabled for the TIBCO Nimbus domain service account, which the Host.exe process runs under: ...\TIBCO Nimbus\Process Repository\ ...\TIBCO Nimbus\Process Repository\Temp ...\TIBCO Nimbus\Web Server\Reload TIBCO Nimbus Administration Guide 46 Chapter 2 Installation Configuring SharePoint Note: If you are configuring the integration of the TIBCO Nimbus Web Server into a SharePoint farm then the following updates to the SharePoint configuration file must be applied to every SharePoint front-end Web Server. 1. Open SharePoint Web.config changes.txt (SharePoint folder on the CD) and web.config (...\Inetpub\wwwroot\wss\VirtualDirectories\80). 2. Copy the following Nimbus section group element from the SharePoint Web.config.changes.txt file and paste in the web.config file. This should be nested within the tags, as shown in Fig.1. You do not need to copy the tags as these already exist in the SharePoint configuration (web.config) file.

... etc 4. Copy the following system serviceModel element from the SharePoint Web.config.changes.txt file and paste in the web.config file. This should be nested within the tags. See Fig.3. ... 5. In the web.config file, set the following parameters: Parameter Definition defaultSiteURL URL of the TIBCO Nimbus SharePoint site. For example: http://server1/sites/TIBCONimbus serverConnectionMethod WCF wcfServer clientIdentityType The user account used to make calls to the remote TIBCO Nimbus Web Server. There are two options: (1) SpecifiedUser (recommended). If selected you must set the wcfClientIdentity userName credentials (see below). (2) Process. This will use the account under which the SharePoint ASP.NET runs under (not the logged in user). TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 47 wcfServer endpointName The end point name used when connecting remotely. To specify a remote connection via a TCP connection, set this to NimbusTcpEndpoint. wcfClientIdentity userName domain password If SpecifiedUser was selected as the Client Identity Type (above) you must define the identity credentials (user name, domain and password). Note: Since these credentials are in a separate section to the general settings you can encrypt them without affecting the general settings. For more information see the following links: How to encrypt configuration sections in ASP.NET using DPAPI How to encrypt configuration sections in ASP.NET using RSA For an example of the 'nimbus.credentials' section see See Fig. 4. endpoint address Set this to the applicable protocol, server and port for each endpoint. There are two endpoints specified. For remoting, the TCP binding will be required and so the NimbusTcpEndpoint item must be updated. It is important to ensure the port matches the value specified in the NimbusServerHost.exe.config file (default location is C:\TIBCO Nimbus\Web Server\Remoting Server). See Fig. 5. Note: Please do not edit the 'maxPoolConnections', 'maxConnectionWait' or 'connectionWaitCheckMSecs' default values unless explicitly instructed to by TIBCO Nimbus Support. Incorrect values can cause errors or intermittent failures. These parameters should only be changed if you are experiencing problems and only when advised by TIBCO Nimbus Support. TIBCO Nimbus Administration Guide 48 Chapter 2 Installation Installing the SharePoint solution Note: If you are configuring a remote integration with SharePoint then these steps apply only to the Central Administration Site on the SharePoint server. 1. Open a command-prompt window and navigate to one of the following directories (depending on the version of SharePoint you have installed): SharePoint 2007: ...\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN SharePoint 2010: ...\Program Files\Common Files\Microsoft Shared\web server extensions\14\BIN SharePoint 2013: ...\Program Files\Common Files\Microsoft Shared\web server extensions\15\BIN 2. Run the following command: STSADM.exe -o addsolution -filename For example: STSADM.exe -o addsolution -filename C:\TIBCO Nimbus\NimbusControl.wsp Note: The NimbusControl.wsp file can be found in the SharePoint folder on the TIBCO Nimbus Installation CD. Deploying the TIBCO Nimbus site 3. Depending on what version of SharePoint you are using, access the following SharePoint page: SharePoint 2007: Central Administration > Operations tab > Global Configuration section > Solution Management. SharePoint 2010: Central Administration > System Settings > Manage Farm Solutions. SharePoint 2013: Central Administration > System Settings > Manage Farm Solutions. Note: You must add the SharePoint Central Administration Web site to the list of local intranet sites in order to be able to deploy the TIBCO Nimbus site. 4. Click NimbusControl.wsp, and then click Deploy Solution. Choose to deploy to the same web application (http://servername). Note: If you are installing into SharePoint 2013, you must select 2010 from the Select experience version options. 5. Recycle the SharePoint Central Administration Pool. Creating a TIBCO Nimbus site in SharePoint 6. In the SharePoint Central Administration console select the Application Management tab. 7. Under SharePoint Site Management click Create site collection. TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 49 Configuring the Remoting Host Service This method describes the configuration of the remoting service. Note that this is not required for local integrations. 1. Run NimbusServerHost.exe. NimbusServerHost.exe is found in ...\TIBCO Nimbus\Web Server\Remoting Server. A shortcut is also added to the TIBCO Nimbus Program Group in the Start Menu. The application can be run as either a Windows service or manually, i.e. interactively. The interactive mode is designed for initial configuration testing. To install the application to run as a service you must have administrative rights. Note that only one instance can be run on a single server. For Windows Vista and Windows Server 2008 you must elevate your administrative rights. To do this, right-click NimbusServerHost.exe, or right-click the shortcut, and select Run as administrator. 2. Click Install service. 3. Open NimbusServerHost.exe.config (...\TIBCO Nimbus\Web Server\Remoting Server) in a text editor and define the following values: Parameter Description The user account used to connect and make requests to the TIBCO Nimbus Web Server from the SharePoint server. Note: If a user is not specified then any user is permitted to connect to the remoting service to make requests. The domain of the user account specified above. Notes: A TCP/IP request can be denied access by the server itself before the request is sent to the NimbusServerHost.exe process, therefore ensure that the user account is known and that it has the applicable rights to the server that is hosting the TIBCO Nimbus Web Server. The WebServer.CLSID value is a unique identifier that is set during the installation of the Web Server and should not be changed unless manual changes to this value are made elsewhere. 4. Provide the user account that the remoting host service is run under, as set in the service's Properties, with 'launch' and default COM access rights over the TIBCO Nimbus Web Server COM object. Note: This needs to be set wherever the NimbusServerHost.exe is installed. 5. Start the remoting service in Windows Services. Remoting Service Timing Out By default, Windows is set to time out if a service fails to start after 30 seconds. When using a domain service account to start a Nimbus service, it often requires longer than 30 seconds. If you are finding that the remoting service times out when you attempt to start it, you can modify the Windows System Registry to increase the timeout value. Note: Modifying the Windows Registry can cause serious problems if done incorrectly, therefore it is advisable to request support from your IT team TIBCO Nimbus Administration Guide 50 Chapter 2 Installation before carrying out the following procedure. 1. Click Start > Run. 2. In the Run field, enter regedit and click OK. 3. Locate the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control 4. In the right-hand pane, right-click ServicesPipeTimeout and choose Modify. Note: If this entry does not exist then you must create it. Right-click in the right-hand pane and choose New > DWORD value. 5. Set Value Data to '60000' and the Base as 'Decimal', and then click OK. Note: The value is in milliseconds. 6. Restart the computer. What Next... Grant Access to Users Users must be provided with access to use the site. From the Site Settings page (accessed from Site Actions), authenticated users should be added by default, unless specific user access is required, in which case the appropriate users should be granted permission. The minimum access requirement for the site is 'Team Site Visitor' (read only). Related Images Fig. 1. Fig. 2. TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 51 Fig. 3. TIBCO Nimbus Administration Guide 52 Chapter 2 Installation DPAPI AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAMqrxJKRmxkGBamO56i/6ngQAAAACAAAAAAADZgAAqAAAABAAAAAgJC1QthpcY3d/ dujEXQu+AAAAAASAAACgAAAAEAAAACTF8TKQl6zW39WVPtCJrxvoAAAAbbwIsiqnfNwy+iYP96M5Sa4R4TivVv7sblP/ TJ6cpIPYjZfXJfbN+jDkaSuMvjYF7hFIsLngB4Xn/94WSPiiNhHC5pskguotH23DuzmjBaZo6LoK5EYuRY/B6Cy9PwM9JpAPaKVmxRDXuRgSYVh1fX/ bKgRkj26LfXluKejf4eGxChEj2oBH/TakRxHUQRgz487jUP+Yb+TqyG/6Piy8 +UWTJFF10QJJSTgbfBfswnG5KHXPZTnkDLVN+DpIshLjXIQM0eKl95wNuw8e87k854dgohPfJEWJLgCUKxQJkPi/PRMvtTJanhQAAADXhzzASs/FL/ BwChKOWDLlTc4fmg== RSA Rsa Key PQBY4HFpkps+FY1C8+EsRZtH//8HnCdbOm5VD/ ypBjpg7djg+vnAuzmKqOhIkbN4kx1s6fykmXBXPJ4HC7WGHYqvlg3XK1G4mKylPY3CLHVzGh0AX0GQ0+AsoxZj3k3aCnp+N6sTmhpA3SQQ66NWc16HGm7R+Y/ zTlk740p2mMU= iyZGy3vUKELvm/8xgAq8nqKdYNLKjL6cyv/SfEUqO9guOho96w1XvDszFZB2V/ gO7MKyfgI5XLTDMihEUAOENwOUVS9rVguc8ALrN9ey8IdJerrSiB0Z67FRGmBDNNqW9vMVZFDj94DZbF6T8VgQQ1BqgTr/xPnsQ0GJ/VqrHKo= Fig. 4. Example Nimbus Credentials TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 53 Fig. 5. Endpoint address TIBCO Nimbus Administration Guide 54 Chapter 2 Installation 2.6.2 Upgrading a SharePoint Integration This topic describes how to upgrade an existing TIBCO Nimbus SharePoint integration. Prerequisites TIBCO Nimbus with the Web Server integrated into a SharePoint instance. See SharePoint Integration for more information. (Remoting only) The latest TIBCO Nimbus remoting host service has been installed and configured. Upgrading a TIBCO Nimbus SharePoint integration 1. Stop the current remoting service. 2. From a command prompt, navigate to: SharePoint 2007: ...\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN SharePoint 2010: ...\Program Files\Common Files\Microsoft Shared\web server extensions\14\BIN SharePoint 2013: ...\Program Files\Common Files\Microsoft Shared\web server extensions\15\BIN 3. Run the following command: STSADM.exe -o upgradesolution -name Control.wsp -filename NimbusControl.wsp -immediate allowgacdeployment For example: STSADM.exe -o upgradesolution -name NimbusControl.wsp -filename "C:\TIBCO Nimbus\NimbusControl.wsp" -immediate -allowgacdeployment Note: The NimbusControl.wsp file can be found in the SharePoint directory on the TIBCO Nimbus installation CD. Note: If the Windows SharePoint Services Administration service is not running, an error message will prompt you to run the following command: STSADM.exe –o execadmsvcjobs 4. Recycle the SharePoint Central Administration Pool. 5. Restart the remoting service. Important Note Upon completion of the upgrade you must create a new TIBCO Nimbus site collection, otherwise some of the new pages may not work. It is also recommended that you remove the old site collection. 2.6.3 Adding Web Parts to other SharePoint sites TIBCO Nimbus provides a number of Web Parts which can be imported into any SharePoint site (including sites not linked to TIBCO Nimbus) in order to provide users with access to specific TIBCO Nimbus functionality. The Web Parts available are: Favorites - ListOfFavorites.webpart TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 55 To Dos - ToDos.webpart My Searches - MyTopics.webpart My Searches Results - MyTopicsResult.webpart Diagram Search Results - SearchDiagramsResult.webpart Document Search - Documents.webpart Recently Viewed Items - ListOfRecentlyViewed.webpart Action List - ListOfActions.webpart Importing and activating the TIBCO Nimbus Web Parts If a TIBCO Nimbus SharePoint solution has not been deployed on a particular server, you must first import and activate the TIBCO Nimbus Web Parts in order to use them in other SharePoint sites. After installing the TIBCO Nimbus Web Server, the various Web Parts can be imported from the following location: SharePoint 2007: ...\Program Files\Common Files\Microsoft Shared\web server extensions\12 \TEMPLATE\FEATURES\NimbusWebParts SharePoint 2010: ...\Program Files\Common Files\Microsoft Shared\web server extensions\14 \TEMPLATE\FEATURES\NimbusWebParts You must also activate the Web Parts in the site that you want to use them in: 1. Click Site Actions and choose Site Settings. 2. Under Site Collection Administration click Site collection features. 3. Click Activate for the Nimbus Web Parts option. The Web Parts are now ready to be added to the site. TIBCO Nimbus Web Parts TIBCO Nimbus Web Parts retrieve data directly from a TIBCO Nimbus installation, either from a local installation using COM or from a remote installation using WCF. This requires that COM or WCF has been correctly configured on the local SharePoint server (see Configuring a SharePoint Integration for more information). TIBCO Nimbus Web Parts must also be linked to the main TIBCO Nimbus site in order for any hyperlinks to work. This can be achieved by either setting the default site URL in the SharePoint server's web.config file (see Specifying a default TIBCO Nimbus site URL below for more information) or by configuring each Web Part independently. To configure Web Parts independently, deselect This is a TIBCO Nimbus site under the Miscellaneous properties and enter the URL for the main TIBCO Nimbus site (for example, http://server1/ sites/TIBCONimbus). TIBCO Nimbus Administration Guide 56 Chapter 2 Installation Specifying a default TIBCO Nimbus site URL If you don't want to specify the TIBCO Nimbus site URL for each Web Part you can set a default site URL in the SharePoint configuration file. Any TIBCO Nimbus Web Parts that do not have a URL set will assume the default URL. 1. Open SharePoint Web.config changes.txt and web.config. SharePoint Web.config.changes.txt: The SharePoint folder on the Installation CD. SharePoint Configuration File (web.config): ...\Inetpub\wwwroot\wss\VirtualDirectories\80 2. Copy the following Nimbus section group element from the SharePoint Web.config.changes.txt file and paste in the web.config file.

... ... etc This should be nested within the tags (Fig.2.). 4. In the web.config file, specify the main defaultSiteURL parameter in the configuration parameters, for example: main defaultSiteUrl="http://www./sites/nimbus" TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 57 Favorites Web Part The Favorites Web Part can be configured to display or hide certain elements. In the Miscellaneous properties, select or deselect any of the checkboxes, as required. 1. Click Site Actions and then Edit Page. 2. On the Favorites Web Part click edit. 3. Expand Miscellaneous and select or deselect any of the elements. 4. Click OK. Including TIBCO Nimbus searches in the SharePoint Enterprise Search page The SharePoint Enterprise Search facility can be configured to search for processes, storyboards and documents, based on users' associated keywords or free text. Note: This applies to Microsoft Office SharePoint Server (MOSS) only as the Enterprise Search page is not available in Windows SharePoint Services (WSS). 1. Import the TIBCO Nimbus My Searches and the TIBCO Nimbus My Processes Search Web Parts into the SharePoint site (see Importing and activating the TIBCO Nimbus Web Parts above). TIBCO Nimbus Processes Search displays a list of process diagrams based on a free text search. TIBCO Nimbus My Searches displays a list of storyboards, documents and process diagrams based on a user's My Topics keyword search. 2. Navigate to the Enterprise Search page for the SharePoint site and conduct a search. Note: This step is required to access the Search Results page in the Enterprise Search, therefore it is not important what results are returned. 3. Click Site Actions and then Edit Page. 4. Click Add a Web Part in the Bottom Zone. 5. In the Suggested Web Parts to Bottom Zone, select TIBCO Nimbus My Searches and TIBCO Nimbus My Processes Search, then click Add. 6. Click Edit on the respective Web Parts that you have just added. 7. In the properties of the Web Part, expand Miscellaneous and select what content to display when users conduct a search. 8. Deselect This is a TIBCO Nimbus site, then specify the site above (for example (http://[site]/TIBCO Nimbus). 9. Click OK. TIBCO Nimbus Administration Guide 58 Chapter 2 Installation Adding a process search tab to the Enterprise Search page You can add a tab to the Enterprise Search page that provides users with the ability to run free text searches for processes only. Note: This applies to Microsoft Office SharePoint Server (MOSS) only as the Enterprise Search page is not available in Windows SharePoint Services (WSS). Creating the Process Search Pages First you will create the Search and Search Results pages. 1. Open the Search Center site in a browser, click the Site Actions menu, then click Create Page. Search page: http://[Site]/SearchCenter/Pages/default.aspx Enter a title (for example, Processes). Enter a URL name for the page in the URL Name field (for example, Processes). Select (Welcome Page) Search Page as the page layout. Click Create to create the page. 2. Repeat Step 1 to create the Processes Search Results page. In the URL Name field enter a different URL name (for example, ProcessResults). For the layout, select (Welcome Page) Search Results Page. Configuring the Process Search Pages Now you will configure the pages that you have created. 3. Navigate to the page that you created in Step 1. For example: http://[Site]/SearchCenter/Pages/Processes.aspx 4. Click the Site Actions menu, then click Edit Page 5. Click edit on the Search Box Web Part, then choose Modify Shared Web Part. 6. In the Search Box Web Part properties, expand Miscellaneous and in the Target search results page URL field enter the page URL that you created in Step 2. For example, ProcessResults.aspx. 7. Under Miscellaneous, deselect Display advanced search link. Click OK to finish. This will remove the Advanced Search facility from the Search options (since TIBCO Nimbus Web Parts are not compatible with advanced searching). 8. Navigate to the page that you created in Step 2, click the Site Actions menu, then click Edit Page. For example: http://[Site]/SearchCenter/Pages/ProcessResults.aspx TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 59 9. Repeat steps 4 - 6 to modify the Search Box Web Part. Use the same target search results page URL as you did for Step 6. 10. Remove all other Web Parts except the Search Box Web Part. 11. In the Bottom Zone click Add Web Part. Select TIBCO Nimbus Processes Search, then click Add. 12. On the TIBCO Nimbus Processes Search Web Part click edit, then Modify Shared Web Part. 13. In the TIBCO Nimbus Processes Search Web Part properties, expand Miscellaneous and deselect This is a TIBCO Nimbus site. In the field above this option, specify the URL of the TIBCO Nimbus site. For example: http://[Site]/sites/TIBCO Nimbus 14. Expand Appearance and from the Chrome Type drop-down list choose None. This will hide the title of the Web Part to users. 15. (Optional) Under Miscellaneous you can select Show details. This option will display returned results in greater detail. 16. Click OK to apply the changes to the Web Part, then click Publish to update the page. Creating the Tabs for the Process Search Pages Finally, you will create a new tab in the Search Center and Search Results pages. 17. In your browser, navigate to the Windows SharePoint Services list for the SearchCenter tab control: For example: http://[Site]/SearchCenter/SearchCenter/AllItems.aspx 18. In the List toolbar click New item. Enter a tab name. In the Page field enter the page you created in Step 1 (for example, Processes.aspx). Click OK to create the new tab. 19. Repeat Step 18 to create a new tab in the Search Results page: For example: http://[Site]/SearchCenter/SearchResults/AllItems.aspx Note: In the Page field, enter the results page created in Step 2 (for example, ProcessResults.aspx). TIBCO Nimbus Administration Guide 60 Chapter 2 Installation Topic Images Fig.1. web.config Fig.2. web.config TIBCO Nimbus Administration Guide Integrating TIBCO Nimbus with SharePoint 61 2.6.4 Integrating with a SharePoint document library TIBCO Nimbus can be integrated with a SharePoint Document Library in a specified Microsoft SharePoint environment. This allows users to register SharePoint document links in TIBCO Nimbus, and to add documents directly into SharePoint through the TIBCO Nimbus Document Registry. SharePoint document links are stored in: ...Process RepositoryATTACH\SharePoint Links\Draft ...Process RepositoryATTACH\SharePoint Links\Master Integrating with a SharePoint document library 1. 2. 3. 4. 5. Run AdminUtil.exe (found in the Utilities folder on the installation CD). Select the process repository that you are configuring. Choose an administrator account, enter the password and click Next. From the Configure menu choose Microsoft SharePoint Document Library. Select Enable SharePoint document library integration. Automatically store new documents in the default document library will automatically upload documents into the default SharePoint document library when a document is registered in the TIBCO Nimbus Document Registry. 6. Click Add to add a SharePoint document site library. 7. In the SharePoint Connection Details panel, enter the following details: Site Name is the name of the site that hosts the document libraries that you want to link to. Site URL is the URL of the SharePoint site that holds the site library. User Name is the user name for an account that has administrative access rights to the SharePoint site. Password is the password for the user name specified above. Default site will automatically upload documents to this site when a document is registered in the TIBCO Nimbus Document Registry (when the Automatically store new documents in the default document library option is enabled). 8. Click Refresh to display the list of available SharePoint document libraries. 9. Select one or more available libraries. Note: You must have a default library specified. To set a specific library as the default library, click the library to select it and click Set as Default. This will automatically upload documents into this library when a document is registered in the TIBCO Nimbus Document Registry (when the Automatically store new documents in the default document library option is enabled). 10. Click OK. Note: To change the default site, i.e. the SharePoint site that is used to automatically upload documents to, double-click the site and in the SharePoint Connection Details panel select Default site. TIBCO Nimbus Administration Guide Chapter 2 Installation 62 2.7 Installing the Action Server This topic describes how to install the TIBCO Nimbus Action Server. For more information on the Action Server, including software and hardware requirements and sizing, see the Installation Planning Guide that is included in the Documents folder on the installation CD. Please read the prerequisites and take the necessary actions before proceeding with the installation. Prerequisites 5MB of disk space The TIBCO Nimbus Client is installed and the process repository is in a location that is accessible to the Action Server. It is important that you have read the Installation Planning Guide (included on the CD). Installing the Action Server 1. Do one of the following: Insert the CD and click Action Server Installation. 2. 3. 4. 5. If the CD installation does not automatically start, from the CD run Setup.exe from the ActionServer folder. [Welcome] If no other Windows applications are running, click Next. Otherwise, terminate the installation in order to exit the applications, then re-run the setup. [Choose Destination Folder] The location in which the Action Server is installed will default to the location of the Client installation. To change location, in the Destination Folder panel click Browse to select a folder in which to install the Action Server in. To change the location of the process repository, deselect Use default sub-folder for Process Repository and click Browse in the Existing Process Repository panel to locate the process repository. Click Next to proceed. [Choose Services for Installation] Select the Action Server services that you want to install. Click Next to proceed. Depending upon which services you are installing, as selected in the previous step, you may be required to enter specific details with respect to certain services. [Email Service Configuration] Outgoing mail SMTP server - this is the name, or IP address, of the SMTP server. Non Delivery Report Recipient - this is the Email address that non-delivered Email reports are sent to. [Lock Service Configuration] Start Lock Time - this is the time that the process repository is locked to allow you to back it up. Stop Lock Time - this is the time that the process repository is unlocked. [LDAP Synchronisation Service Configuration] Administrator's Email Address - this is the Email address that is notified if any problems with the LDAP synchronization occur. Email Address to user as from address for system Emails - this is the Email address that is used to TIBCO Nimbus Administration Guide Installing the Action Server 63 send system Emails from. LDAP Server Name - this is the name, or IP address, of the LDAP server. First run time - this is the time that the first synchronization is run. Repeat Interval - this is the time between synchronizations (by default this is 1440, i.e. 24 hours). Click Next to install the selected Action Server services, then click Finish when prompted. Configuring DCOM In order for the Office Integration Service to be able to launch and access Excel, the DCOM access and launch rights must be configured to allow launch and access rights for the MS Excel COM object for the user account nominated to run the service. Windows Server 2003 onwards 1. Run the Component Services (from the Start Menu Run command prompt run dcomcnfg). 2. Expand Console Root>Computers>My Computer>DCOM Config. 3. Right-click Microsoft Excel Application and choose Properties. 4. Click the Security tab to select it. 5. In the Launch and Activation Permissions panel click Customize, then click Edit. 6. Add the user account nominated to run the service and allow Local Launch rights. 7. Repeat steps 5-6 for Access Permissions, allowing Local Access rights. What Next... Configure the Action Server There are a number of configuration settings that can be defined for the respective Action Server services. See Configuring\Action Server Configuration\Configuring the Action Server for more information. LDAP Service Setup The LDAP service must be run as a known domain account to allow it to access the LDAP server and authenticate. Related topics Configuring LDAP Integration Configuring SMTP Email TIBCO Nimbus Administration Guide Chapter 2 Installation 64 2.8 Installing the Business Intelligence Server This topic describes how to install the TIBCO Nimbus Business Intelligence (BI) Server. For more information on the Business Intelligence Server, including software and hardware requirements and sizing, see the Installation Planning Guide that is included in the Documents folder on the installation CD. Please read the prerequisites and take the necessary actions before proceeding with the installation. Prerequisites 3MB of disk space The TIBCO Nimbus Client is installed and the process repository is in a location that is accessible to the Business Intelligence Server. It is important that you have read the Installation Planning Guide (included on the CD). Installing the Business Intelligence Server 1. Do one of the following: Insert the CD and click Business Intelligence Server Installation. If the CD installation does not automatically start, from the CD run Setup.exe from the BI Server folder. 2. [Welcome] If no other Windows applications are running, click Next. Otherwise, terminate the installation in order to exit the applications, then re-run the setup. 3. [Choose Destination Folder] The location in which the BI Server is installed will default to the location of the Client installation. To change location, in the Destination Folder panel click Browse to select a folder in which to install the BI Server in. To change the location of the process repository, deselect Use default sub-folder for Process Repository and click Browse in the Existing Process Repository panel to locate the process repository. Click Next to proceed. 4. [Start Installation] Click Next to install the BI Server. 5. [Installation Complete] Click Finish to exit the installation. What Next... Configure the Business Intelligence Server There are a number of configuration settings that can be defined for the Business Intelligence Server. See Configuration\Business Intelligence Server Configuration\Configuring the Business Intelligence Server for more information. Synchronize the Business Intelligence Server The Business Intelligence Server can be scheduled to run as a Windows Scheduled Task in order to update metric data in TIBCO Nimbus. See Configuration\Business Intelligence Server Configuration\Syncronizing the Business Intelligence Server for more information. TIBCO Nimbus Administration Guide Installing the Business Intelligence Server 65 Related topics Updating Excel Macros Creating SQL Queries Scheduling and Updating SQL Queries Integrating with SAP BW and SAP NetWeaver BI Integrating with Cognos Metrics Manager 2.9 Installing the TIBCO Nimbus Performance Monitor This topic describes how to install the TIBCO Nimbus Performance Monitor. 64-bit Versions of Windows Server To use the TIBCO Nimbus Performance Monitor in a 64-bit version of Windows Server (including Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2), you must run the 32-bit version of the Windows Performance Monitor. To do this, run the following command: mmc.exe /32 perfmon.msc Prerequisites 10MB of disk space The machine is running Windows 2000 Server, Windows Server 2003 or Windows Server 2008. Note: Windows 2000 Server is not supported from 7.0.2 onwards. Installing TIBCO Nimbus Performance Monitor 1. Run Setup.exe from the Performance Monitor folder on the Installation CD. 2. [Welcome] If no other Windows applications are running, click Next. Otherwise, terminate the installation in order to exit the applications, then re-run the setup. 3. [Choose Destination Folder] The location in which the Performance Monitor is installed will default to the location of the Client installation. To change location, in the Destination Folder panel click Browse to select a folder in which to install the Performance Monitor in. Click Next to proceed. 4. Click Finish to exit the installation. Related topics Monitoring Web Server Performance Configuring Web Server Logging TIBCO Nimbus Administration Guide 66 Chapter 2 Installation 2.10 Installing the TIBCO Nimbus Batch Server This topic describes how to install the TIBCO Nimbus Batch Server. The TIBCO Nimbus Batch Server is a separate utility that handles various operations outside of the Author Client, such as the promotion of draft content and assigning reviewers, requesting reviews, unlocking diagrams and assigning diagram access rights in the web. This allows the processes to be streamlined and managed from a server instead of a user's PC. This method also safeguards data integrity as it prevents users from terminating the operation midstream on their PC. Prerequisites 100MB of disk space Installing TIBCO Nimbus Batch Server 1. Run Setup.exe from the Batch Server folder on the Installation CD. 2. [Welcome] If no other Windows applications are running, click Next. Otherwise, terminate the installation in order to exit the applications, then re-run the setup. 3. [Choose Destination Folder] The location in which the Batch Server is installed will default to the location of the Author Client installation. To change location, in the Destination Folder panel click Browse to select a location in which to install the Batch Server. To change the location of the process repository at this stage, deselect Use default sub-folder for Process Repository and click Browse in the Existing Process Repository panel to locate the process repository. Click Next to proceed. 4. Click Finish to exit the installation. 2.11 Uninstalling TIBCO Nimbus Each product must be uninstalled separately through the Add/Remove Programs in Windows Control panel. TIBCO Nimbus Administration Guide Chapter 3 Security TIBCO Nimbus Administration Guide Chapter 3 Security 68 3.1 Securing a Process Repository Since TIBCO Nimbus requires users to have read, write and modify NTFS privileges against the Process Repository folder, this poses a potential security loophole in that it allows users to modify any of the TIBCO Nimbus system files through normal file system capabilities (for example, through Windows Explorer). To prevent users from doing this, TIBCO Nimbus recommends that you secure your process repository. TIBCO Nimbus switches back to users' identities when performing external file operations, such as packaging, attaching files, registering files in the Document Registry, etc. Note: For Windows Vista, Windows Server 2008 and later versions of Windows that support User Account Control, UAC must be enabled. UAC is enabled by default but may have been disabled. See http:// technet.microsoft.com/en-us/windowsvista/aa906022.aspx for more information. Before securing a process repository it is advisable to contact TIBCO Nimbus Support. Prerequisites TIBCO Nimbus has been installed and a user account that has NTFS read/write access to the process repository must exist. This account must also be able to run the TIBCO Nimbus author client. Securing a process repository 1. Run RepoCred.exe (found in the Utilities folder on the CD). 2. Select the process repository that you want to secure and click OK. 3. In the Security Settings for Process Repository dialog select This account and specify the credentials of a single Windows user account for TIBCO Nimbus to run under when accessing the process repository. The account should not be an administrator account. Note: A new folder will be created at the same level as the process repository called Process Repositorycred (for example, C:\TIBCO Nimbus\Process Repositorycred). Within this folder is a file called cred.ini which contains the credentials required to access the process repository (including the password which is strongly encrypted). 4. Set the NTFS access rights on the Process Repositorycred folder to Read only for all users of the TIBCO Nimbus author client. 5. Set the NTFS access rights on the Process Repository folder to Access Denied for all user accounts except the nominated user account specified in step 3. It is also advisable to grant access to the system administrator(s). Note: To return to an unsecured process repository, run RepoCred.exe and select Logged on user. This option uses the identity of the Windows user who launches TIBCO Nimbus to access the process repository. You must then also ensure that all users who require access to run TIBCO Nimbus have read/ write access to the process repository. TIBCO Nimbus Administration Guide Chapter 4 Configuration TIBCO Nimbus Administration Guide Chapter 4 Configuration 70 4.1 Web Server Configuration 4.1.1 Configuring the Web Server There are a number of options that can be defined for the Web Server and this topic provides a summary of the available options. Some of these options are covered in more detail in other related topics. Configuring the Web Server 1. Open config.ini (...\TIBCO Nimbus\Web Server\Config) in a text editor, such as Notepad. The following configuration options can be defined: Installation IGUID WebServer DefaultMap DefaultPageURL Please do not change this value. Specify the full path of the default map for visitors only, for example Map1Folder\Map1. The map must be a master version and accessible to viewers. Specify a starting page for users. This option allows a relative or absolute URL to be defined that will automatically take users to a a specific page after they have logged in to the Web Server. For example, you could automatically navigate users to the Documents page, the Scorecards page or the Storyboards page upon logging in. Note: This option is not applicable if a map is specified for the DefaultMAP option (above), or if Single-sign On is enabled. Relative paths will have the Web Server's base URL and CtrlWebISAPI.dll appended to the start of the text before launching the user into the URL, so for example if you specify WebReports it will have http:////CtrlWebISAPI.dll/ appended to the beginning. Important - URLs need to be correctly encoded, i.e. all parts need correct HTTP escaping and non-ascii characters in the query parameters need UTF-8 encoding (which is then HTTP escaped with the whole query parameter). Examples http:////CtrlWebISAPI.dll/?__id=WebStoryboards http:////CtrlWebISAPI.dll/?__id=WebScorecards http:////CtrlWebISAPI.dll/?__id=WebDocs http:////CtrlWebISAPI.dll/?__id=WebReports Setting the Documents page There are a number of optional parameters that can be specified when setting the default page URL to the Documents page. Note: Query parameters must be prefixed with &. FiltDocNum={numeric value} allows you to filter by a specific document number TIBCO Nimbus Administration Guide Web Server Configuration 71 FiltTitle={text value} allows you to filter by document title FiltMultiDown1={numeric value - unique item ID} allows an item from the first category drop-down to be filtered FiltMultiDown2={numeric value - unique item ID} allows an item from the second category drop-down to be filtered .... FiltMultiDown7={numeric value - unique item ID} allows an item from the seventh category drop-down to be filtered Note: Multiple values can be specified for each drop-down item. The unique ID can be found in the Drop Down List dialog for a given drop-down list - if the ID field is not visible, from the View menu choose Column Customizing and drag the ID field on to the existing group of field headers. See Defining category drop downs under Document Registry Administration in the TIBCO Nimbus Client Help for more information. CLSID SessionTimeout PageSize={numeric value} allows you to set the number of items to display on the page FiltAuthStatus={numeric value} allows the authorization status to be filtered 0=All Authorized 1=Own UnAuthorized 2=All UnAuthorized 3=Authorized & Own 4=All Files (default if not specified) 5=All Pending & Authorized Note: A blank value may cause an error. FiltWithdrawn={true or false} includes or excludes withdrawn documents in the filtered search Note: False is the default if not specified. A blank value may cause an error. Example: http:////CtrlWebIsapi.dll/? __id=WebDocs.ActUpdateFilter&FiltDocNum=&FiltTitle=&PageSize=15&FiltMultiDDo wn3=23&FiltMultiDDown3=21&FiltMultiDDown2=19&FiltMultiDDown2=64&FiltAuthSt atus=4 The example URL above will search on documents with ID 23 or 21 in the third dropdown list and items with 19 or 64 in the second drop-down list. Unique identifier for the web server installation. Important: Do not change this value. Specify the number of minutes before a user's session times out. Default=20, min=5, max=120 Note: For values greater than 20 you must also set the application pool session timeout through IIS to match the value set here. Note: The additional timeout for users that request it on the Web login screen will be the default value multiplied by 10. For example, if the value is set to 20 then users who select additional time to complete forms will receive 200 minutes before their session TIBCO Nimbus Administration Guide 72 Chapter 4 Configuration times out. MyPageOverrideU Override the Home page URL, for example http://corporateportal/ RL personal_home.aspx ServerHTMLCheckI The interval, in seconds, between checks for changes to server-side HTML files. nterval -1 = Never re-check for changes (default) 0 = Check every time file is needed 1 - 86400 = Number of seconds before a recheck is made BatchLastLoginUp Enable or disable the batch updating of last log in times for users. dates 0 = Disable 1 = Enable (default) MaxProcessingThr Set the maximum number of processing threads to use for handling HTTP requests (note eads that this value should only be set when requested by TIBCO Nimbus Support. Default=40, max=64. HelpRootURL This is the link to the online web help. If internet access is not available to users then you can download a local copy of help and replace this URL. Copies of the help can be downloaded from https://docs.tibco.com/products/tibco-nimbus. tibbr WorkspaceHeight Specify the maximum height of the tibbr Wall gadget in users' My Workspaces. Note: Default is 600 pixels . MySearches Specify the height of the tibbr Subject Messages gadget displayed in the Keyword page. Discussion Height Note: Default is 450 pixels . HTTP ChunklfSupported Enable or disable chunked HTTP responses for supported browsers. 0 = Disable 1 = Enable (default) DataFolder Path This is the path of the process repository that the Web Server accesses. Note: The default location is \TIBCO Nimbus\Process Repository. You will only need to change this parameter if multiple Process Repositories exist. LockMode Specify the lock mode that the Web Server utilizes when the process repository is backed up. If set to 0 the standard lock service installed with the Action Server will be used. If set to 1, the Volume Shadow Copy Service will be used in conjunction with the Backup Utility. Note: The Backup Utility can only be used in Windows Server 2003 and Windows Server 2008. See Backing Up a Process Repository for more information. 0 = Lock Service (default) 1 = Volume Shadow Copy Service Cache Enabled Enable or disable the image cache (recommended to be enabled). Enabling image caching provides quicker access to diagrams in the Web Server. 0 = Disable 1 = Enable (default) Path This is the location of the image cache, as setup during the Web Server installation. MapAccessCacheE Enable or disable cached map access rights. nabled TIBCO Nimbus Administration Guide Web Server Configuration 73 0 = Disable 1 = Enable (default) MapAccessCache Set the maximum number of map access rights items to cache. The default is 100,000. MaxItems MapAccessCache Set the maximum time to store cached map access rights items (in seconds). The default MaxAgeSecs 60. DiagAccessCacheE Enable or disable cached diagram access rights. nabled 0 = Disable 1 = Enable (default) DiagAccessCache Set the maximum number of diagram access rights items to cache. The default is MaxItems 200,000. DiagAccessCache Set the maximum time to store cached diagram access rights items (in seconds). The MaxAgeSecs default 60. BrowserMaxAge.Di Enable or disable image caching for diagram thumbnails on the client side. agramThumbnail 0 = Disable n = Number of seconds to cache images (default is 86,400, i.e 24 hours, and will be used if not set or disabled). BrowserMaxAge.U Enable or disable image caching for user photo thumbnails on the client side. serPhoto 0 = Disable n = Number of seconds to cache images (default is 86,400, i.e 24 hours, and will be used if not set or disabled). BrowserMaxAge.St Enable or disable image caching for storyboard cover thumbnails on the client side. oryboardCover 0 = Disable n = Number of seconds to cache images (default is 86,400, i.e 24 hours, and will be used if not set or disabled). BrowserMaxAge.Sc Enable or disable image caching for scorecard cover thumbnails on the client side. orecardCover 0 = Disable n = Number of seconds to cache images (default is 86,400, i.e 24 hours, and will be used if not set or disabled). BrowserMaxAge.K Enable or disable image caching for keyword cover thumbnails on the client side. eywordCover 0 = Disable n = Number of seconds to cache images (default is 86,400, i.e 24 hours, and will be used if not set or disabled). Diagram DefaultScale Specify the default display size of diagrams: 0 = Reset Zoom Mode 1 = 680x480 2 = 800x600 3 = 1024x768 (default) 4 = 1152x864 5 = 1280x1024 TIBCO Nimbus Administration Guide 74 Chapter 4 Configuration 6 = 1600x1200 DefaultZoomToFit Enable or disable the option to allow users to Zoom to Fit. 0 = Disable (default) 1 = Enable ShowDraftBanner Display or hide the draft banner on draft diagrams. Note: The Show draft banner when in draft copy option must be enabled for specific maps in the Author Client. 0 = Disable (default) 1 = Enable DefaultFormat The format for the generation of diagrams and internal image attachments. Note: GIF images are restricted to 256 colors. png (default) gif Margin Enable or disable diagram margins. 0 = Disable (default) 1 = Enable LeftMargin Specify the left margin of diagrams (in px). TopMargin Specify the top margin of diagrams (in px). RightMargin Specify the right margin of diagrams (in px). BottomMargin Specify the bottom margin of diagrams (in px). MaxWidth Specify the maximum width of diagrams in Reset Zoom mode (in px). MaxHeight Specify the maximum height of diagrams in Reset Zoom mode (in px). IntImageMargin Specify the margins of internal images in diagrams. IntImageLeftMargi Specify the left margin of internal images (in px). n IntImageTopMargi Specify the top margin of internal images (in px). n IntImageRightMar Specify the right margin of internal images (in px). gin IntImageBottomM Specify the bottom margin of internal images (in px). argin IntImageMaxWidthSpecify the maximum width of internal images (px) in Reset Zoom mode. IntImageMaxHeigh Specify the maximum height of internal images (px) in Reset Zoom mode. t Features Documents Enable or disable access to documents. 0 = Disable 1 = Enable (default) Memos Enable or disable access to memos. 0 = Disable TIBCO Nimbus Administration Guide Web Server Configuration ChangeReq Logs 75 1 = Enable (default) Enable or disable access to change requests. 0 = Disable 1 = Enable (default) Enable or disable access to logs. 0 = Disable 1 = Enable (default) AbbrRef Enable or disable access to abbreviations and references. 0 = Disable (default) 1 = Enable DataTableEdit Enable or disable data table editing. 0 = Disable 1 = Enable (default) MySearches Enable or disable access to My Searches (SharePoint only). 0 = Disable 1 = Enable (default) MyRoles Enable or disable access to My Roles. Note: A user group permission (Web My Roles), specified in the Author Client, is used to display or hide My Roles for specific user groups. If the MyRoles option is disabled, the user group permission will override this option and provide access to user groups who have been defined access to My Roles. 0 = Disable 1 = Enable (default) MySearchesMoreO Enable or disable access to My Searches More Options searching, allowing users to ptions search against additional user group categories (SharePoint only). 0 = Disable 1 = Enable (default) SplitCollabAndLogs Show or hide the diagram when users view associated memos, actions, change requests, View reviews and logs (SharePoint only) 0 = Hide diagram 1 = Display diagram (default) StoryboardStepsLis Display storyboard steps in the same window or a separate window (with the diagram t IDs visible). 0 = Show in same window (default) 1 = Show in separate window QuickLinks Display or hide the Quick Links (Home, Maps, Docs, To-Dos - under the menu). 0 = Hide 1 = Display (default) ShowGraphLinks Link metric/measure graph icons with the BI Server graph. TIBCO Nimbus Administration Guide 76 Chapter 4 Configuration 0 = Link to diagrams 1 = Link to graphs (default) ForgotPasswordLin Allow users to reset their own passwords on the Login page. k Note: This feature does not work if user accounts are managed via LDAP. 0 = Disable 1 = Enable (default) ActColOnStmtLinkP Display the Activity column in the Statement Details page. age 0 = Disable 1 = Enable (default) WebAuthoring Enable authors to edit and create diagrams via the web interface. 0 = Disable (default) 1 = Enable Acknowledgements IncDropDown1 Display a document's drop-down fields in users' acknowledgement To-Do lists. ... 0 = Disable (default) IncDropDown7 1 = Enable Search PageSize Specify the maximum number of items that are displayed on each page in the Search page. Storage TempPath The location of the Web Server temporary folder (created in the installation process). FileUploadPath Specify the location to store file attachments uploaded by users in the web. Storyboard AvailableModes Specify whether to default the display of storyboards as Diagram or Text. Note: Users can switch between modes when viewing a storyboard. Diagram displays the storyboard as a diagram. Text displays the storyboard as text. Excel PollingMinutes Specify how often metric values are checked and refreshed (default is set to check metric values every 10 mins - min. is 1 min, max. is 600 mins) Host Specify the name, or IP address, of the machine running the Office Integration Service. By default this is localhost. Port The port number of the machine running the Office Integration Service. By default this is 51001. Authentication More info... UseIntegrated Enable or disable integrated authentication. 0 = Disable (default) 1 = Enable RequiredDomain Specify the domain name that must be matched in addition to the user login name. Any domain matches if not specified. TIBCO Nimbus Administration Guide Web Server Configuration CaseSensitive IntegAuthType 77 Specify case sensitivity when matching the domain name (user name matching is always case insensitive). 0 = Case insensitive 1 = Case sensitive (default) Specify the type of authentication used. 0 = Windows Integrated Authentication (default) 1 = Netegrity SiteMinder 2 = SSO2 Ticket Authentication IntegAutoLogonOn Enable or disable automatic logon only, i.e. users cannot log out and access the Log On ly page. 0 = Disable (default) 1 = Enable IntegFailureURL Specify a URL to display when an unknown user account attempts to log in. If unspecified a built-in page is displayed. IsapiAuthentication AlwaysUseIISAuthI Specify whether to use IIS' authentication variables even when the IIS version does not nfo support Unicode authentication details. 0 = Disable (default) 1 = Enable SiteMinderAuthentication More info... HeaderFieldName Specify the header field to obtain the authenticated user name from. Assumed to be HTTP_SMUSER if not specified. PrimaryEncoding Specify the primary encoding part of the SiteMinder HTTPHeaderEncodingSpec setting. 0 = No encoding 1 = UTF-8 encoding (default) SecondaryEncodin Specify the secondary encoding part of the SiteMinder HTTPHeaderEncodingSpec. g 0 = No encoding (default) 1 = RFC-2047 encoding SSO2TicketAuthentication CallMethod Specify the call method to verify the SSO2 ticket. Note: If using the Web service, the WebServiceURL parameter must also be specified below. If using SSO2TicketCom, the SSO2TicketCom COM library must be correctly installed. 0 = Use the Web service to verify ticket (default) 1 = Use SSO2TicketCom COM library to verify ticket WebServiceUrl Specify the URL for the CenterForSSO2Ticket Web service. For example, http://{server name}/CenterForSSO2Ticket.asmx. CookieName Specify the name of the cookie to use as the SSO2 ticket for authentication. If unspecified the cookie name will be MYSAPSSO2. WebLogging More info... TIBCO Nimbus Administration Guide 78 Enabled IsUnicode OutputInterval QueueSize WaitForLock PathMapping SourcePathn DestPathn Localisations Locale Definition Chapter 4 Configuration Enable or disable Web Server logging. 0 = Disable 1 = Enable (default) Enable or disable Unicode Web logging. 0 = Disable 1 = Enable (default) Specify the time (in milliseconds) that information is cached before being written to disk. Specify the maximum size of the queue. Specify the time (in milliseconds) to wait for a file lock to write to disk. Specify the mapped drive path to be substituted by the Web Server. Specify the UNC path to use instead of the mapped drive path. Specify the localization files available to the Web Server (for more information on localizing the Web Server, please contact TIBCO Nimbus Support). Localisations-Help Locale Specify any help file localizations available to the Web Server. Documents LocalisedDDownTi Specify whether to use either the document drop-down titles as specified in the client, or tles the localized titles in a specific localization file. 0 = Use author client drop-down titles (default) 1 = Use localized drop-down titles ShowFullPath Display or hide the file path of documents when users view the details of documents in the Document Registry. 0 = Hide the file path of documents 1 = Display the file path of documents (default) GarbageCollector DrillDownGracePer Specify the number of hours to allow deleted drill downs to be reinstated, i.e. to undo a iodHours deletion, before being permanently deleted. The default is 3 hours. WebServices APIEnabled Enable or disable the Web Services API. 0 = Disabled 1 = Enabled (default) PublishWSDL Enable or disable the publishing of the WSDL document. 0 = Disabled (default) 1 = Enabled DocumentList Specify how document searches are displayed. You can add, remove and reorder the columns displayed and define how searches are sorted. The following document fields exist, with specific field IDs: TIBCO Nimbus Administration Guide Web Server Configuration Field ID 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 79 Field Creator Creation Date Author Comment Document Number Language Owner Preparation Date Withdrawn User Reference Master Title Master Version Issue Date Review Date Draft Title Draft Version Draft Status Release Due Document Number Full Dropdown Code 1 Dropdown Code 2 Dropdown Code 3 Dropdown Code 4 Dropdown Code 5 Dropdown Code 6 Dropdown Code 7 Dropdown Name 1 Dropdown Name 2 Dropdown Name 3 Dropdown Name 4 Dropdown Name 5 Dropdown Name 6 Dropdown Name 7 Displaying Fields To display a particular field, use the following format: FieldxxxTag=www FieldxxxWidth=yyy FieldxxxAlign=zzz where xxx is the position of the column of the field www is the field ID (from the list above) yyy is the width in HTML style (e.g. 20% or 20) zzz is the alignment (0=Left, 1=Center, 2=Right). For example, if you want to add a column to display the draft title of documents, you would include the following lines: Field9Tag=15 TIBCO Nimbus Administration Guide 80 Chapter 4 Configuration Field9Width=10% Field9Align=0 Sorting Fields To display a particular field, use the following format: SortxxxTag=www SortxxxAscend=yyy where xxx is the sorting order of the field www is the field ID (from the list above) yyy is the sort direction, 0=descending, 1=ascending (default if not specified) For example, if you want to display the master titles of documents, sorted in an ascending direction when users conduct a search, you would include the following lines: Sort1Tag=11 Sort1Ascend=1 Formatting Drop-down Fields To specify the number of characters to display for the drop-down labels and items, use the following format: FilterxxxLabChrs=www FilterxxxItemChrs=www where xxx is the drop-down filter number www is the maximum number of characters to display The example below will display up to 15 characters for the label of drop-down filter 1 and 20 characters for the items associated with drop-down 1. Filter1LabChrs=15 Filter1ItemsChrs=20 ActionList Specify how actions are displayed following a search. You can add, remove and reorder the columns displayed and define how searches are sorted. The following action fields exist: Field ID Field 1 Action Group ID 2 Subject Text 3 Category Name 4 Status Name 5 Priority Name 6 Owner Name 7 Start Date 8 Due Date 9 Assignees 10 Created 11 Finish Date 12 Throughput Time TIBCO Nimbus Administration Guide Web Server Configuration 13 14 15 16 17 18 19 81 Has Attachments (image) Attachments (yes/no) Host Type Name Host Title DT0 DT1 DTn Displaying Fields To display a particular field, use the following format: FieldxxxTag=www FieldxxxWidth=yyy FieldxxxAlign=zzz where xxx is the position of the column of the field www is the field ID (from the list above) yyy is the width in HTML style (e.g. 20% or 20) zzz is the alignment (0=Left, 1=Center, 2=Right). For example, if you want to add a column to display the due date, you would include the following lines: Field8Tag=15 Field8Width=10% Field8Align=0 Sorting Fields To display a particular field, use the following format: SortxxxTag=www SortxxxAscend=yyy where xxx is the sorting order of the field www is the field ID (from the list above) yyy is the sort direction, 0=descending, 1=ascending (default if not specified) For example, if you want to display the action group IDs, sorted in an ascending direction when users conduct a search, you would include the following lines: Sort1Tag=1 Sort1Ascend=1 Data Table Fields You can specify whether to display or hide data table fields: HideAdditionalData=0 will display data table fields HideAdditionalData=1 will hide data table fields Further Information The following provides more information on some of the Web Server configuration parameters, as described TIBCO Nimbus Administration Guide 82 Chapter 4 Configuration above. Default Starting Page This option allows a relative or absolute URL to be defined that will automatically take users to a a specific page after they have logged in to the Web Server. For example, you could automatically navigate users to the Documents page, the Scorecards page or the Storyboards page. Note: This option is not applicable if a map is specified for the DefaultMAP option, or if Single-sign On is enabled. Relative paths will have the Web Server's base URL and CtrlWebISAPI.dll appended to the start of the text before launching the user into the URL, so for example if you specify WebReports it will have http:// //CtrlWebISAPI.dll/ appended to the beginning. Important - URLs need to be correctly encoded, i.e. all parts need correct HTTP escaping and non-ascii characters in the query parameters need UTF-8 encoding (which is then HTTP escaped with the whole query parameter). Examples http:////CtrlWebISAPI.dll/?__id=WebStoryboards http:////CtrlWebISAPI.dll/?__id=WebScorecards http:////CtrlWebISAPI.dll/?__id=WebDocs http:////CtrlWebISAPI.dll/?__id=WebReports Documents Page There are a number of optional parameters that can be specified when setting the default page URL to the Documents page. In the [Web Server] section modify the DefaultPageURL parameter. Note: Query parameters must be prefixed with &. FiltDocNum={numeric value} allows you to filter by a specific document number FiltTitle={text value} allows you to filter by document title FiltMultiDown1={numeric value - unique item ID} allows an item from the first category drop-down to be filtered FiltMultiDown2={numeric value - unique item ID} allows an item from the second category drop-down to be filtered .... FiltMultiDown7={numeric value - unique item ID} allows an item from the seventh category dropdown to be filtered Note: Multiple values can be specified for each drop-down item. The unique ID can be found in the Drop Down List dialog for a given drop-down list - if the ID field is not visible, from the View menu choose Column Customizing and drag the ID field on to the existing group of field headers. See Defining category drop downs under Document Registry Administration in the TIBCO Nimbus Client Help for more information. PageSize={numeric value} allows you to set the number of items to display on the page FiltAuthStatus={numeric value} allows the authorization status to be filtered TIBCO Nimbus Administration Guide Web Server Configuration 83 0=All Authorized 1=Own UnAuthorized 2=All UnAuthorized 3=Authorized & Own 4=All Files (default if not specified) 5=All Pending & Authorized Note: A blank value may cause an error. FiltWithdrawn={true or false} includes or excludes withdrawn documents in the filtered search Note: False is the default if not specified. A blank value may cause an error. Example http:////CtrlWebIsapi.dll/? __id=WebDocs.ActUpdateFilter&FiltDocNum=&FiltTitle=&PageSize=15&FiltMultiDDown3=23&Filt MultiDDown3=21&FiltMultiDDown2=19&FiltMultiDDown2=64&FiltAuthStatus=4 The example URL above will search on documents with ID 23 or 21 in the third drop-down list and items with 19 or 64 in the second drop-down list. Home page URL You can override the Home page URL so that when users access their Home page it will take them to a different URL. For example, http://corporateportal/personal_home.aspx. In the [Web Server] section modify the MyPageOverrideURL parameter. TIBCO Nimbus Administration Guide 84 Chapter 4 Configuration 4.1.2 Configuring MIME mappings MIME (Multipurpose Internet Mail Extensions) can be configured. You can define the MIME handling of file extensions and change the icon associated with a file extension when it is displayed in the Web Server. You can also specify to download a particular file type when users access a file, or open it using the application associated with that file extension. Configuring MIME mappings 1. Open mimemap.cfg (...TIBCO Nimbus\Web Server\Config) in a text editor, such as Notepad, and make any edits to the file extensions as required. Note: The fields are tab-delimited. The fifth (comma-delimited) column determines whether a particular file type will open when users access it (this is the default value, 0, and is used if not specified), or downloaded (if set to 1'). Icons are stored in ...\TIBCO Nimbus\Web Server\Main\images. 4.1.3 Configuring Web Server Logging Web Server logging can be enabled to debug any issues that may arise with the configuration of the Web Server. There are two log files, one for the ISAPI extension, the other for the Web Server application, and both use the Log4D component. If enabled, any errors and warnings will be logged in the respective log file. Note: ISAPI and Web Server logging is usually only necessary when requested by TIBCO Nimbus Support in order to resolve any issues that you may have with a Web Server. Enabling ISAPI logging 1. Open isapilog.cfg (...\TIBCO Nimbus\Web Server\Config) in a text editor, such as Notepad. To enable ISAPI logging you must comment out the second line, i.e.: #log4D.disable=INFO The log file will be created in the Web Server Logs directory (default location is ...\TIBCO Nimbus\Web Server\Logs). Enabling Web Server logging 1. Open websvrlog.cfg (...\TIBCO Nimbus\Web Server\Config) in a text editor, such as Notepad. To enable Web Server logging you must comment out the second line, i.e.: #log4D.disable=INFO The log file will be created in the Web Server Logs directory (default location is ...\TIBCO Nimbus\Web Server\Logs). 4.1.4 Configuring Page Hit Logging Page hit logging will record a log of all pages accessed in the Web Server for each day. A new line will be created for each entry and the log can be viewed by a text editor or in Excel, since the format is tab delimited. Web logging is enabled in the Web Server configuration file. Configuring page hit logging TIBCO Nimbus Administration Guide Web Server Configuration 85 1. Open config.ini (...TIBCO Nimbus\Web Server\Config) in a text editor, such as Notepad. In the [WebLogging] section modify the following parameters: Enabled - Set this value to Enabled=1. IsUnicode - Choose between Unicode=1 or Ansi=0. OutputInterval - Specify how often a log is made, in milliseconds (default = 1000). QueueSize - Specify the maximum number of log records to keep (default = 1000). WaitForLock - Specify the duration that the Web Server should wait for exclusive access to the log file, in milliseconds (default = 5000). 2. Save and close config.ini. Log Files Generated log files - yyyymmdd.log - are stored in ...\TIBCO Nimbus\Process Repository\System\Logs\Web. The structure of a log file includes Date, Time, User name, First name, Last name, Web Server machine name, Client IP address and page name. If the page is context-based the following information is also included: Diagram Folder structure, Map name, Map type, Diagram name and Diagram level. Map Folder structure, Map name and Map type (the map types are empty, i.e. master, "Draft" or "Scenario": ". Document Document number. 4.1.5 Configuring Web Hit Logging The Web Log Utility provides a method for logging web page hits and either storing them in a specified database or saving the data as a metric-related Excel or CVS data file. This task can be run as a Windows scheduled task. Note: Page Hit Logging must be enabled; this is enabled by default. See Page Hit Logging for more information. Saving Web statistic as an Excel or CSV file 1. 2. 3. 4. Run WebLogsUtility.exe (...TIBCO Nimbus\Client\Utilities). Click the Web Statistics to Excel or CSV tab to select it. Click Browse to locate the process repository that you want to export web statistics from. In the Date Range panel, select a date range of the results that you want to export. For example, you may want to export statistic for the last 3 weeks. Custom Date Range allows you to specify a range of dates. 5. Select the page hit statistics that you want to export in the Common Export Options tab. Total page hits for each day, week or month will display the total number of web server pages accessed. Total page hits by map for each day, week or month will display the total number of web server pages accessed for each map. Total page hits by user group for each day, week or month will display the total number of pages accessed by each user group. Include Metrics Sheet (Excel only) will create a separate metrics data sheet for the selected web statistics. TIBCO Nimbus Administration Guide 86 Chapter 4 Configuration There are also a number of options to include total page hits for diagrams, documents and storyboards, and the total number of user logins. These can be accessed by selecting the respective tabs - By Diagram, By Storyboard, By Document and Total Logins. Saving Settings You can save the settings you have defined by clicking Save settings to WSE file. This file is used when creating a Windows scheduled task and running the operation from the command line. 6. Click Export to file. TIBCO Nimbus Administration Guide Web Server Configuration 87 Exporting Web statistics to a database The Web Log Utility allows you to export statistics to an existing database, such as MS SQL Server, Microsoft Access and MySQL. If you do not have a database then this utility also allows a new ODBC database to be created with associated table structures. See To create a ODBC database below for more information. 1. Run WebLogsUtility.exe (...TIBCO Nimbus\Client\Utilities). 2. Click Browse to locate the process repository that you want to export web statistics from. 3. Click Build Connection String. There are four tabs; click Help on the respective tab for further information. Provider Select the relevant OLE DB provider. Connection Select the data source and enter a user name and password (if required). Advanced Select the data source and enter a user name and password (if required). Blank password enables the specified provider to return a blank password in the connection string. Allow saving password allows the password to be saved with the connection string. If saved, the password is returned and saved unmasked and unencrypted. All Edit any initialization values for the data type. 4. 5. 6. 7. Click OK. In the Table Name text box enter the name of the table that stores the web statistics. Click Get Fields to populate the field mapping drop-down lists. Choose the associated field mappings from the respective drop-down lists. Steps 8-11 allow you to include user group information in the export, assuming appropriate tables exist in the database. If you do not want to include user group information then proceed to Step 12. 8. Select Include User Group details. 9. In the User Group Names Table and User Group Members Table text boxes enter names for the user group and user group tables, respectively. 10. In the Group ID (on the left) and Group Name field mapping text boxes enter corresponding field mapping names for the new user group table. 11. In the Group ID (on the right) and User ID field mapping text boxes enter corresponding field mapping names for the new user member table. Saving Settings You can save the settings you have defined by clicking Save settings to WLD file. This file is used when creating a Windows scheduled task and running the operation from the command line. 12. Click OK. TIBCO Nimbus Administration Guide 88 Chapter 4 Configuration Creating ODBC databases When exporting web statistics to a database, a ODBC database is required. If you do not have a database then you can create a new ODBC database with associated table structures with the Web Log Utility. 1. Run WebLogsUtility.exe (...TIBCO Nimbus\Client\Utilities). 2. Click Browse to locate the process repository that you want to export web statistics from. 3. Click Build Connection String. Click Help on the relevant tab. See Building Connection Strings above for more information. 4. Click OK. 5. In the Table Name text box enter the name of the table to store the web statistics. 6. Choose the associated field mappings from the respective drop-down lists. Steps 7-11 allow you to create two new tables to store user group information in. If you do not want to include user group information then proceed to Step 12. 7. Select Include User Group details. 8. In the User Group Names Table and User Group Members Table text boxes enter names for the user group and user group tables, respectively. 9. In the Group ID (on the left) and Group Name field mapping text boxes enter corresponding field mapping names for the new user group table. 10. In the Group ID (on the right) and User ID field mapping text boxes enter corresponding field mapping names for the new user member table. 11. Click Create New Table(s). 12. Click OK. Running the Web Log Utility from the command line The Web Log Utility can be run from the command line, or as a Scheduled Windows Task, in order to export web statistics to either a database or to file (Excel or CSV). A settings file must be referenced, which is created using the Web Log Utility. WLD settings files define exporting to a database and WSE settings files define exporting to an Excel or CSV file. For more information on creating settings files see the relevant section above. When exporting web statistics to a database, a ODBC database is required. If you do not have a database then you can create a new ODBC database with associated table structures using the Web Log Utility. 1. Use the following command lines: Excel or CSV output .exe\ ".wse" Database output .exe\ ".wld" For example "C:\TIBCO Nimbus\Client\Utilities\WebLogsUtility.exe "C:\TIBCO Nimbus\Client\WebLog WSE.wse" Logging When the Web Log Utility is run from the command line, a log file is created in a folder in the same directory as the utility called Logs. Separate log files are created for each month. TIBCO Nimbus Administration Guide Web Server Configuration 4.2 89 Action Server Configuration 4.2.1 Configuring the Action Server There are a number of configuration parameters that control the behavior of the Action Server. Configuring the Action Server 1. Open config.ini (...\TIBCO Nimbus\Action Server) in a text editor, such as Notepad. Modify the following parameters: System LoggingLevel TempPath The level of logging that is written to the Email log files The location of the Temp folder (set during installation) 2. Save and exit Config.ini. The following topics provide more information on the remaining Action Server configuration options: Lock Service Configure the start and stop times of the process repository lock to allow for the manual backing up of data. See Third-party Backup Utilities for more information. LDAP Configure Single-sign On via LDAP synchronization. See Configuring LDAP synchronization for more information. SMTP Configure notification Email settings. See Configuring SMTP Email for more information. Office Integration Server Configure the integration between TIBCO Nimbus and Excel for metric-based data and Excel-based scorecards. See the TIBCO Nimbus Office Integration Server PDF in the Documents folder on the CD for more information. Related topics Managing TIBCO Nimbus Services TIBCO Nimbus Administration Guide 90 Chapter 4 Configuration 4.2.2 Configuring SMTP Email The Action Server's Email service can manage system Emails. HTML Emails are generated and sent to a designated SMTP server at times specified in the polling period. By default, access to the SMTP server is unauthenticated; you can allow authenticated access if required. Setting authenticated SMTP access 1. In the Client, from the Administration menu choose Application Credentials, then Action Server Email Service. 2. Browse to the location of the Action Server and click OK. 3. Select Authenticated. 4. From the Encryption Type drop-down list choose the type of encryption required. Standard allows decryption on any PC (recommended) Current PC allows decryption only on the PC that originally performed the encryption Current PC and current user allows decryption only by the PC that originally performed the encryption and when the same user is logged in. 5. Enter the User name and password of the user account that has access to the Email server. 6. Click OK. Setting Email options 1. Open config.ini (...\TIBCO Nimbus\Action Server) in a text editor, such as Notepad. Modify any of the following parameters, as required: Email PollingPeriod SystemType Path NDRRecipient SystemSender SystemSubject VerifyNames MaxRetries CombineEmails MaxSMTPTime MessagesPerHour The frequency that the Email queue is checked, in seconds The Email system that is supported (currently only SMTP is supported) The path of the process repository. This is the location that the Email queue resides The Email address that non-delivery reports are sent to The Email address that sent Emails will appear from The text that appears in the subject field of system-generated Emails The TIBCO Nimbus Email Service will attempt to verify Email addresses against the mail server before sending messages (note: this option is not supported on most servers, in which case you may need to disable this option). 0 = Disable (default), 1 = Enable The number of delivery attempts before an Email is deleted Note: Once an Email fails to be sent after x number of times it is deleted and an entry is added to the log. A delivery failure attempt requires successful connection to a SMTP service, meaning that the retry counts are incremented when there is a network outage. If the value is set to 0 it will retry indefinitely. Send all emails to recipients in a single Email. If disabled, emails are sent separately, with the notification titles used as the subject of the emails. 0 = Disable, 1 = Enable (default) The maximum time (in msecs) that the email service will remain connected to the SMTP server in a single session. 0 = Disable, 1 - x = Max connection time (in msecs) The maximum number of emails that will be sent per hour. Note that the number of emails sent per session is dependent on the polling period value (for example if the TIBCO Nimbus Administration Guide Action Server Configuration 91 PollingPeriod is set to 600, i.e. emails are sent every 10mins, and the MessagesPerHour is set to 1000, then a maximum of 167 emails will be sent in each session). 0 = Disable, 1 - x = Number of messages to send (per hour) SMTP Host Port Verify UserName Password EncryptionType Anonymous The name or IP address of the SMTP server The listening port of the SMTP server (usually 25) Enable or disable the Verify command 0 = Disable, 1 = Enable (default) The user name required to authenticate with the SMTP server using the AUTH LOGIN functionality This is set by the Client and is a base 54 encoded encrypted password Specify the level of password encryption 0 = Password can be decrypted by any PC 1 = Password can be decrypted only by the PC that performed the original encryption 2 = Password can be decrypted only by the PC and original user that performed the original encryption Anonymous access to the server can be enabled 0 = Not anonymous, 1 = Anonymous (default) 4.2.3 Configuring SMTP Logging The Email Service creates a log every time it is run. It is possible to set the logging level to provide more or less detail. Enabling SMTP logging 1. Open config.ini (...\TIBCO Nimbus\Action Server) in a text editor, such as Notepad. 2. Set the LevelLogging parameter to one of the following: 0 None Startup, Shutdown 1 Low Startup, Shutdown. An entry for every polling period (no entries if an action did not occur at a polling period) Note: Recommended setting when in production. 2 Medium Startup, Shutdown. An entry for every polling period 3 High Startup, Shutdown. An entry for every polling period. An entry for every email that is sent, including the email address, message contents and the related item. Note: Generated log files - yyyymmddx.log - are stored in ...\TIBCO Nimbus\Action Server\Logs\Email 4.2.4 Configuring LDAP Synchronization For information on configuring LDAP synchronization, refer to the Configuring LDAP integration topic in the Installation section. 4.2.5 Testing LDAP Synchronization Following the configuration of LDAP integration, it is recommended to test the synchronization between the Directory Service list of users and the TIBCO Nimbus list. The LDAP Configuration Tool provides the ability to test an LDAP synchronization, as well as allowing you to create a new LDAP configuration file. When LDAP TIBCO Nimbus Administration Guide 92 Chapter 4 Configuration synchronization is tested, the results of the synchronization will be displayed but no data will be written. Note: Increasing the logging level in the LDAP configuration file will provide more details results Testing LDAP synchronization 1. Run LDAPUtility.exe (found in the Utilities folder on the installation CD). 2. Click Load Config and select the LDAPConfig.ini. Note: The default location of LDAPConfig.ini is ...\TIBCO Nimbus\Process Repository\LDAP 3. Change any parameters in the configuration file, as required. 4. Click Test Sync. If the test fails you will receive the following message: Connect to LDAP server : failed. Check the connection settings in the LDAPConfig.ini file Testing LDAP authentication 1. Click in the User Name and Password text boxes and enter a user name and password that has current access to the directory service. 2. Click Authenticate. Defining a new LDAP configuration file 1. 2. 3. 4. Click New Config. Browse to a location to save the configuration file to, then click OK. to load the configuration parameters. Click at the end of the parameters that you want to define and define the values. Click Save Config. Scheduling Testing a LDAP synchronization can be run from the command line, or as a Windows Scheduled Task. Run the following command: For example: "C:\TIBCO Nimbus\Client\Utilities\LDAPUtility.exe" "C:\TIBCO Nimbus\Process Repository" 4.2.6 Configuring LDAP Synchronization Logging On start-up the LDAP Service creates a log file, which will report on any issues with the synchronization. Enabling LDAP Synchronization logging 1. Open LDAPConfig.ini (...\TIBCO Nimbus\Process Repository\LDAP) in a text editor, such as Notepad. 2. In the [MainSection] enter the desired logging level for the LoggingLevel parameter. 0 1 2 3 None Low Medium High Startup, Shutdown Startup, Shutdown, Synchronization times Startup, Shutdown, Synchronization times, Added users, Removed users Startup, Shutdown, Synchronization times, All users added to each group, All users removed from each group, Duplicate users, Updates to user preferences TIBCO Nimbus Administration Guide Action Server Configuration 4 Full 93 Startup, Shutdown, All users added to each group, All users removed from each group, Properties retrieved for each user, Duplicate users, Updates to user preferences Note: It is recommended to set the logging to low when in production. The log file - LDAP.log - is stored in ...\TIBCO Nimbus\Action Server\Logs\LDAP. TIBCO Nimbus Administration Guide Chapter 4 Configuration 94 4.3 Business Intelligence Server Configuration 4.3.1 Configuring the Business Intelligence Server There are a number of configuration options that can be defined for the Business Intelligence Server. Configuring the Business Intelligence Server 1. Open BiSvc.ini (...\TIBCO Nimbus\BI Server) in a text editor, such as Notepad. Modify any of the parameters, as required. DATAFOLDER Path The path of the process repository (this can be a UNC path name) OPTIONS RecordLimit The maximum number of records that will be stored for each measure RetryPeriod The number of minutes between each retry after a failure to send an SMS message RetryAttempts The number of retry attempts before aborting notification TEXT Up The text that is sent via Email and SMS when a value breaches a threshold value and is ascending. The text can include three substitution parameters: Title (title of the measure) Value (current value of the measure that breached the threshold) Notes (any additional notes) To insert these values include the '<' and '>' characters. For example, Up = Measure