4 Configuring WebSphere for Oracle Real-Time Decisions

Oracle RTD is supported on both UNIX and Windows platforms for IBM WebSphere application server. The following sections explain how to install the Real-Time Decision Server on WebSphere.

Note:

Although the Real-Time Decision Server runs on either UNIX or Windows, the Oracle RTD client tools must be run from a Windows platform.

This section contains the following topics:

• Section 4.1, "Creating and Administrative User and Enabling Security"

• Section 4.2, "Configuring Server Properties"

• Section 4.3, "Creating Oracle RTD Roles and Users"

• Section 4.4, "Creating a JDBC Provider for the Oracle RTD Database"

• Section 4.5, "Installing the Oracle Real-Time Decisions Application on WebSphere"

• Section 4.6, "Starting Oracle Real-Time Decisions"

• Section 4.7, "Setting Classloader Priority"

• Section 4.8, "Viewing and Changing User-Role Associations"

• Section 4.9, "Creating Custom Roles and Assigning Permissions to Custom Roles (Optional)"

• Section 4.10, "Uninstalling the Oracle Real-Time Decisions Application from WebSphere"

• Section 4.11, "Configuring SSL for Real-Time Decision Server (Recommended)"

• Section 4.12, "Setting Up JConsole for WebSphere"

• Section 4.13, "Changing the Oracle Real-Time Decisions Port Number in WebSphere"

4.1 Creating and Administrative User and Enabling Security

If you have already enabled security in WebSphere, you can skip this section. You should still check that Java 2 security is not turned on.

Use the WebSphere administrative console, called the Integrated Solutions Console, to enable security in WebSphere. For more information about how to use the Integrated Solutions Console, refer to the WebSphere documentation.

If security is disabled, follow these steps to enable security in WebSphere:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter any user name. You will not need to enter any password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

   If you do not know the port number for the Integrated Solutions Console, you can find it in the virtualhosts.xml file, located in WEBSPHERE_HOME/AppServer/profiles/profile_name/config/cells/host_name.

2. In the tree on the left, expand Security, and choose Secure administration, applications, and infrastructure.

3. In the User account repository area, under the Available realm definitions heading, select Federated repositories, then click Set as current.

4. Click Apply, then Save.

5. Click Configure.

6. In the Federated repositories window, in the General Properties area, perform the following:

   1. Enter a Realm Name, such as RTDRealm.

   2. Enter a Primary administrative user name, such as admin.

   3. Under the Server user identity heading, select Automatically generated server identity.

7. In the Administrative user password window, in the General Properties area, enter the administrative user password in both the Password and Confirm password fields.

8. Click OK, then Save.

9. Log out, stop, then restart WebSphere.

10. Log in to the Integrated Solutions Console.

    If you do not know the port number for the Integrated Solutions Console, you can find it in the virtualhosts.xml file, located in WEBSPHERE_HOME/AppServer/profiles/profile_name/config/cells/host_name.

11. In the tree on the left, expand Security and choose Secure administration, applications, and infrastructure.

12. Under the Administrative security heading, select Enable administrative security.

13. Under the Application security heading, select Enable application security.

14. Under the Java 2 security heading, uncheck Use Java 2 security to restrict application access to local resources.

15. Click Apply, then Save.

16. Log out, stop, then restart WebSphere.

4.2 Configuring Server Properties

Use the WebSphere administrative console, called the Integrated Solutions Console, to configure server properties. For more information about how to use the Integrated Solutions Console, refer to the WebSphere documentation.

Follow these steps to configure server properties for WebSphere:

1. Start WebSphere. On Windows, you can use Start > Programs to start the server. On UNIX, go to WEBSPHERE_HOME/AppServer/profiles/profile_name/bin and run the following command:

   startServer.sh app_server_name -username admin_user -password admin_password
   

   For example:

   startServer.sh AppServer1 -username admin -password mypswd
   

2. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

   If you do not know the port number for the Integrated Solutions Console, you can find it in the virtualhosts.xml file, located in WEBSPHERE_HOME/AppServer/profiles/profile_name/config/cells/host_name.

3. In the tree on the left, expand Servers, and choose Application servers.

4. Click the name of the application server where you want to run Oracle RTD (for example, server1). Under the Server Infrastructure heading, expand Java and Process Management and choose Process Definition.

5. Under the Additional Properties heading, click Java Virtual Machine.

6. Under the General Properties heading, in the Generic JVM arguments field, add the following string:

   -Djava.net.preferIPv4Stack=true
   

   If there is already a value in this field, add a space after the existing value, then add the new string.

7. Click OK.

   When you click OK, you may see an error stating that you need to provide values for Initial Heap Size and Maximum Heap Size. If you see this error, set these values as needed for your system (for example, you can set Initial Heap Size to 512 and Maximum Heap Size to 2048).

8. On the Java Virtual Machine page, click Custom Properties under the Additional Properties heading.

9. Click New.

10. For Name, enter org.eclipse.emf.ecore.EPackage.Registry.INSTANCE.

11. For Value, enter com.sigmadynamics.emf.util.SDEMFRegistry.

12. Click OK, then click Save.

13. Follow these steps to add a custom property to adjust the JConsole MBean display:

    1. In the tree on the left, expand Servers and choose Application servers.

    2. Click the name of the application server where you want to run Oracle RTD (for example, server1). Under the Server Infrastructure heading, expand Administration and choose Administration Services.

    3. Under the Additional Properties heading, click Custom Properties, then click New.

    4. For Name, enter com.ibm.websphere.mbeans.disableRouting.

    5. For Value, enter <on>OracleRTD:*</on>.

    6. Click OK, then click Save.

    If you want to use the default HTTP transport port for your WebSphere profile as the default Oracle RTD application port, skip Steps 14 and 15 and proceed to Step 16. If you want to add a new HTTP transport port for Oracle RTD, continue at Step 14.

14. To add a new HTTP transport chain for Oracle RTD, follow these steps:

    1. In the tree on the left, expand Servers and choose Application servers.

    2. Click the name of the application server where you want to run Oracle RTD (for example, server1). Under the Container Settings heading, expand Web container settings and choose Web container transport chains.

    3. Click New.

    4. For Transport chain name, enter OracleRTD_chain.

    5. For Transport chain template, select WebContainer(templates/chains|webcontainer-chains.xml#Chain_1). Then, click Next.

    6. For Port name, enter OracleRTD_port or some similar value.

    7. For Host, keep the default value, *.

    8. For Port, enter the port number you want to use for Oracle RTD. By default, the Oracle RTD application runs on port 8080.

    9. Click Next, then click Finish, then click Save.

15. If you added a new HTTP transport port in Step 14, follow these steps to create a new host alias. Otherwise, proceed to Step 16.

    1. In the tree on the left, expand Environment and choose Virtual Hosts.

    2. Click default_host. Under the Additional Properties heading, click Host Aliases.

    3. Click New. Keep the default value, *, for Host, then enter the Oracle RTD port number for Port.

    4. Click OK, then click Save.

16. Restart WebSphere.

4.3 Creating Oracle RTD Roles and Users

In WebSphere, Oracle RTD roles are defined in terms of user groups. A user is in a role if the user is in any of the groups referenced by the role. So the process is to create the groups, then map the roles to groups. Users may be assigned to or removed from the groups at any time to add them or remove them from the referencing roles.

This section consists of the following topics:

• Section 4.3.1, "Creating Users for Oracle RTD"

• Section 4.3.2, "Creating Groups"

• Section 4.3.3, "Standard Oracle RTD Roles"

4.3.1 Creating Users for Oracle RTD

To create users, perform the following steps:

1. Log into the Integrated Solutions Console, using the administrative user and password.

2. In the tree on the left, expand Users and Groups, and choose Manage Users.

3. Click the Create... button.

4. Enter user and password information for the user, such as rtdadmin for the User ID.

   You will use the User ID later on, when you add the user to one or more groups.

5. Click Create, then Close.

6. Repeat steps 3 to 5 to create other users.

4.3.2 Creating Groups

To create groups, perform the following steps:

1. Log into the Integrated Solutions Console, using the administrative user and password.

2. In the tree on the left, under Users and Groups, choose Manage Groups.

3. Click the Create... button.

4. In the Group name field, enter RTDAdminGroup.

5. Click Create, then Close.

6. In the Manage Groups page, click the group name RTDAdminGroup.

7. Click the Add Users... button.

8. Click Search to display a list of users.

9. In the search result list, select the user name to add to the RTDAdminGroup.

10. Click Add, then Close.

11. Repeat steps 2 through 10 to create each of the following groups for Oracle RTD:

    • RTDDCEditorGroup

    • RTDDCUserGroup

    • RTDStudioDeployerGroup

    • RTDStudioDownloaderGroup

    • RTDBatchAdminGroup

    • RTDChoiceEditorGroup

    • RTDUserGroup

12. In the Manage Groups page, click the group name RTDUserGroup.

13. In the Group Properties area, click the Members tab.

14. Click the Add Groups... button.

15. Add all the groups created for Oracle RTD except RTDUserGroup.

16. Click Close.

4.3.3 Standard Oracle RTD Roles

The groups specified in Section 4.3.2, "Creating Groups" are automatically mapped to the standard Oracle RTD roles, as shown in Table 4-1.

Table 4-1 Standard Oracle RTD Roles and Group Associations

Role	Group
RTDUsers	RTDUserGroup
RTDAdministrators	RTDAdminGroup
RTDDecisionCenterEditors	RTDDCEditorGroup
RTDDecisionCenterUsers	RTDDCUserGroup
RTDStudioDeployers	RTDStudioDeployerGroup
RTDStudioDownloaders	RTDStudioDownloaderGroup
RTDBatchAdministrators	RTDBatchAdminGroup
RTDChoiceEditors	RTDChoiceEditorGroup

Section 7.2, "Standard Oracle RTD Roles" of Oracle Real-Time Decisions Installation and Administration Guide and its component subsections describe how default permissions are already assigned to the standard Oracle RTD roles. These become active immediately after Oracle RTD is installed and started on WebSphere.

Note:

For information about custom roles, see Section 4.9, "Creating Custom Roles and Assigning Permissions to Custom Roles (Optional)."

4.4 Creating a JDBC Provider for the Oracle RTD Database

Use the Integrated Solutions Console to create a JDBC provider for the Oracle RTD Database. Before you begin, ensure that WebSphere is started.

To create a JDBC provider for the Oracle RTD Database:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

2. In the tree on the left, expand Resources, then expand JDBC and choose JDBC Providers.

3. Ensure that the scope is set correctly (to Node=host_nameNode_number), then click New.

4. For Database type, select User-defined.

5. For Implementation class name, enter one of the following values:

   • For SQL Server: com.microsoft.sqlserver.jdbc.SQLServerConnectionPoolDataSource

   • For Oracle Database: oracle.jdbc.pool.OracleConnectionPoolDataSource

   • For DB2: com.ibm.db2.jcc.DB2ConnectionPoolDataSource

6. For Name, enter RTDDataProvider, then click Next.

7. For Class path, enter one of the following values:

   • For SQL Server: RTD_HOME/lib/jdbc/sqljdbc.jar

   • For Oracle Database: RTD_HOME/lib/jdbc/ojdbc14.jar

   • For DB2: RTD_HOME/lib/jdbc/db2jcc.jar;RTD_HOME/lib/jdbc/db2jcc_license_cu.jar

8. Click Next, then click Finish, then click Save.

9. On the JDBC Providers page, click RTDDataProvider. Then, under the Additional Properties heading, click Data sources.

10. Click New, then, under the Component-managed authentication alias and XA authentication alias heading, click create a new J2C authentication alias.

11. Click New, then provide the following values:

    1. For Alias, enter RTDDS_auth.

    2. For User ID, enter the name of the database run-time user.

    3. For Password, enter the corresponding password for the database user. The password cannot be blank.

    After you have entered these values, click OK, then click Save.

12. Return to the Data sources page using the locator link, then click New. Provide the following values:

    1. For Data source name, enter RTD_DS, or a similar value.

    2. For JNDI name, enter SDDS. The JNDI name must be SDDS for Oracle RTD to access the database.

    3. For Component-managed authentication alias and XA authentication, select RTDDS_auth.

    After you have entered these values, click Next.

13. On the Enter database specific properties for the data source page, click Next.

14. On the Summary page, click Finish, then click Save.

15. Click the name of the data source you created (for example, RTD_DS).

16. If you are using SQL Server for your Oracle RTD Database, follow these steps to set properties for the data source:

    1. Under the Additional Properties heading, click Custom properties.

    2. Click the Select All icon, then click Delete to delete any existing custom properties.

    3. Click New, enter databaseName for Name, then enter the name of your database for Value. Then, click OK.

    4. Click New, enter portNumber for Name, then enter the port number of your database (typically 1433) for Value. Then, click OK.

    5. Click New, enter serverName for Name, then enter the name of your database server for Value.

       Note:

       If you installed your Oracle RTD Database on a SQL Server named instance, specify the name of your database server using the format host_name\instance_name.

    6. Click OK.

    7. Click Save.

17. If you are using Oracle Database for your Oracle RTD Database, follow these steps to set properties for the data source:

    1. Scroll to the bottom of the page and locate the Oracle data source properties section.

    2. For URL, enter jdbc:oracle:thin:@db_host:db_port:sid.

       For example: jdbc:oracle:thin:@dbhost.company.com:1521:orcl

    3. Click OK, then click Save.

18. If you are using DB2 for your Oracle RTD Database, follow these steps to set properties for the data source:

    1. Scroll to the bottom of the page and locate the DB2 Universal data source properties section.

    2. For Database name, enter the name of your database.

    3. For Driver type, enter 4.

    4. For Server name, enter the name of your database server.

    5. For Port number, enter the port number of your database.

    6. Click OK, then click Save.

19. Restart WebSphere, then launch the Integrated Solutions Console again.

20. Expand Resources, then expand JDBC and choose Data Sources.

21. Select RTD_DS and click Test Connection. If the connection fails, ensure that your data source settings are correct, then test the data source again.

4.5 Installing the Oracle Real-Time Decisions Application on WebSphere

Use the Integrated Solutions Console to install Oracle RTD on WebSphere. Before you begin, ensure that WebSphere is started.

To install Oracle RTD on WebSphere:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

2. In the tree on the left, expand Applications, then choose Enterprise Applications.

3. Remove any sample applications, such as ivtApp or query. To do this, follow these steps:

   1. Select the sample application.

   2. Click Stop.

   3. Click Uninstall.

   4. Click Save.

4. Click Install.

5. In the Path to the new application section, enter or browse to the path RTD_HOME/package/RTD.ear. Make sure to replace RTD_HOME with the actual Oracle RTD installation path.

6. Click Next, then click Next again, then click Next again.

7. Click Finish, then click Save.

8. Click the Enterprise Application Name OracleRTD.

9. In the References area, select Resource references.

10. Under the Specify authentication method heading, select Use default method (many-to-one mapping).

11. Select the J2C authentication RTDDS_auth that you created in step 11 of Section 4.4, "Creating a JDBC Provider for the Oracle RTD Database."

12. Click the Select All icon, then click Apply.

13. For each module, set the Target Resource JNDI Name to SDDS.

14. Click OK, then Save.

4.6 Starting Oracle Real-Time Decisions

After you install Oracle RTD on WebSphere, Oracle RTD is not started by default. You can use the Integrated Solutions Console to start Oracle RTD. Before you begin, ensure that WebSphere is started.

To start Oracle RTD:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

2. In the tree on the left, expand Applications and click Enterprise Applications.

3. Select OracleRTD and click Start. Oracle RTD may take a few minutes to start up.

4. Check to see if Oracle RTD is running by going to Decision Center at the URL http://server_name:port/ui.

After you start Oracle RTD for the first time, the application will be started and stopped automatically when you start and stop WebSphere. To start and stop Oracle RTD independently from WebSphere, use the Integrated Solutions Console.

4.7 Setting Classloader Priority

To give priority to the application classloader over the application server classloader, after you have deployed Oracle RTD, you must explicitly set the Classloader priority in the Websphere administrative console, as follows:

1. Log into the WebSphere administrative console, using the administrative user and password.

2. Expand Applications, then choose Enterprise Applications.

3. Click OracleRTD.

4. Click Class loading and update detection.

5. Select Classes loaded with application class loader first.

6. Click OK.

7. Restart WebSphere.

4.8 Viewing and Changing User-Role Associations

The standard Oracle RTD Roles and Roles-groups mapping have been predefined for WebSphere.

To show the Oracle RTD Roles and Roles-groups mapping, perform the following steps:

1. In the Integrated Solutions Console, expand Applications, then choose Enterprise Applications.

2. Click OracleRTD.

3. Under the Detail Properties section, click Security role to user/group mapping.

If you want to view or edit the user-role associations, check the role to be modified, then click either Look up users or Look up groups and change the mapping.

4.9 Creating Custom Roles and Assigning Permissions to Custom Roles (Optional)

This section consists of the following topics:

• Section 4.9.1, "Creating Custom Roles"

• Section 4.9.2, "Assigning Permissions to Custom Roles"

4.9.1 Creating Custom Roles

To create custom roles for Oracle RTD, perform the following high-level steps:

1. Create groups in WebSphere.

   To create groups in WebSphere, follow the instructions in Section 4.3.2, "Creating Groups" using group names of your own choice.

2. Specify the roles in the deployment descriptor file application.xml, extracted from the Oracle file RTD.ear. See Section 4.9.1.1, "Specifying Roles in application.xml" for details.

3. Map the roles to the WebSphere groups in the Integrated Solutions Console. See Section 4.9.1.2, "Mapping Roles to Groups" for details.

Then, perform either of the following:

1. Uninstall, then redeploy Oracle RTD, as follows:

   1. Download the two deployment descriptor files, application.xml and ibm-application-bnd.xmi, back into RTD.ear (the file ibm-application-bnd.xmi contains the role-to-group mappings).

   2. Redeploy Oracle RTD using the updated RTD.ear. Use Uninstall, then Install.

2. Redeploy Oracle RTD, using Update.

The rest of this section consists of the following topics:

• Section 4.9.1.1, "Specifying Roles in application.xml"

• Section 4.9.1.2, "Mapping Roles to Groups"

4.9.1.1 Specifying Roles in application.xml

To serve as an example, this section describes the addition of a new role, ILS2Users.

After extracting RTD.ear from RTD_HOME\package, edit the file META-INF\application.xml as follows:

1. Add an entry similar to the following:

   <security-role id="SecurityRole_1241469153092">
           <role-name>ILS2Users</role-name>
       </security-role>
   

   where security-role id is any unique value.

2. Repeat step 1 for as many roles as you want to create.

4.9.1.2 Mapping Roles to Groups

1. In the Integrated Solutions Console, expand Applications, then choose Enterprise Applications.

2. Click OracleRTD.

3. Under the Detail Properties section, click Security role to user/group mapping.

4. Check the role to be modified, then click Look up groups and change the mapping.

5. Repeat step 4 for as many roles as you need to map to groups.

After you have finished mapping the roles to groups in the Integrated Solutions Console, your changes are saved in the deployment descriptor file ibm-application-bnd.xmi.

Note:

To view and change the user-role associations, see Section 4.8, "Viewing and Changing User-Role Associations."

4.9.2 Assigning Permissions to Custom Roles

As described in Section 7.4, "Assigning Permissions" of Oracle Real-Time Decisions Installation and Administration Guide, assign Cluster permissions, Inline Service permissions, and Decision Center Perspective permissions to any custom roles.

4.10 Uninstalling the Oracle Real-Time Decisions Application from WebSphere

You can use the Integrated Solutions Console to uninstall Oracle RTD from WebSphere. Before you begin, ensure that WebSphere is started.

To uninstall Oracle RTD from WebSphere:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

2. In the tree on the left, expand Applications, then choose Enterprise Applications.

3. Select OracleRTD and click Stop.

4. Click Uninstall, then click Save.

These steps uninstall Oracle RTD from WebSphere, but they do not remove the Oracle RTD files from the operating system. You must delete the Oracle RTD files manually.

4.11 Configuring SSL for Real-Time Decision Server (Recommended)

Follow the steps in this section to set up SSL for all client connections to Real-Time Decision Server. Before you begin, ensure that you followed the instructions in Section 2.6, "Using SSL with Oracle Real-Time Decisions" to change the default Oracle RTD keystore and truststore passwords. Also, ensure that WebSphere is started.

Note:

If you want to use your own keystore and truststore, you do not need to complete the instructions in Section 2.6.

To configure SSL for Real-Time Decision Server:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

2. In the tree on the left, expand Security and choose SSL certificate and key management.

3. Under the Related Items heading, click Key stores and certificates.

4. Create the Oracle RTD keystore, as follows:

   1. Click New.

   2. For Name, enter OracleRTD_KeyStore.

   3. For Path, enter RTD_HOME/etc/ssl/sdserver.keystore. Alternatively, if you do not want to use the default Oracle RTD keystore, enter the path to your own keystore.

   4. For Password and Confirm password, enter the password for your keystore. If you are using the default Oracle RTD keystore, enter the password you created in Section 2.6.

   5. For Type, select JKS.

   6. Click OK.

5. Create the Oracle RTD truststore, as follows:

   1. On the Key stores and certificates page, click New.

   2. For Name, enter OracleRTD_TrustStore.

   3. For Path, enter RTD_HOME/etc/ssl/sdtrust.store. Alternatively, if you do not want to use the default Oracle RTD truststore, enter the path to your own truststore.

   4. For Password and Confirm password, enter the password for your truststore. If you are using the default Oracle RTD truststore, enter the password you created in Section 2.6.

   5. For Type, select JKS.

   6. Click OK.

6. Return to the SSL certificate and key management page and create an SSL configuration for Oracle RTD, as follows:

   1. Under the Related Items heading, click SSL configurations.

   2. Click New.

   3. For Name, enter OracleRTD_SSL.

   4. For Trust store name, select OracleRTD_TrustStore.

   5. For Keystore name, select OracleRTD_KeyStore.

   6. Click Get certificate aliases.

   7. Click OK.

7. Set the Transport Chain HTTPS port, as follows:

   1. In the tree on the left, expand Servers and choose Application servers.

   2. Click the name of the application server where you have installed Oracle RTD (for example, server1).

   3. Under the Container Settings heading, expand Web Container Settings and choose Web container transport chains.

   4. Click WCInboundDefaultSecure.

   5. Under the Transport Channels heading, click the name of the TCP inbound channel (for example, TCP inbound channel (TCP 4)).

   6. Under the Related Items heading, click Ports.

   7. Click WC_defaulthost_secure.

   8. Change the Port to 8443.

   9. Click OK, then click Save.

8. Set the Virtual Host HTTPS Port, as follows:

   1. In the tree on the left, expand Environment and choose Virtual Hosts.

   2. Click default_host.

   3. Under the Additional Properties heading, click Host Aliases.

   4. For port 9443, click *.

   5. Change the Port to 8443.

   6. Click OK.

9. Set the HTTPS port to use the Oracle RTD SSL configuration you created in Step 6, as follows:

   1. In the tree on the left, expand Security and choose SSL certificate and key management.

   2. Under the Configuration settings heading, click Manage endpoint security configurations.

   3. Under the Local Topology heading, expand Inbound > cell_name > nodes > node_name > servers > server_name, then click WC_defaulthost_secure.

   4. Under the heading Specific SSL configuration for this endpoint, select Override inherited values, then select OracleRTD_SSL for SSL configuration.

   5. Click Update certificate alias list.

   6. For Certificate alias in key store, select your keystore password.

   7. Click Apply.

10. Click Save.

11. Restart WebSphere.

    Note:

    For a truly secure environment, you should also disable the regular HTTP port to ensure that all client connections are routed through the SSL port. To do this, perform the following step:

    1. Disable the HTTP port for your Web server using application server tools. Refer to the WebSphere documentation for more information.

12. If you are using your own keystore and truststore, perform the following additional steps to enable SSL for Decision Center and Load Generator. You do not need to perform these steps if you are using the default Oracle RTD keystore and truststore.

    1. Open RTD_HOME\eclipse\eclipse.ini for editing.

    2. Locate the following line:

       -Djava.net.ssl.trustStore="..\etc\ssl\sdtrust.store"
       

    3. Replace ..\etc\ssl\sdtruststore with the full path to your truststore file.

    4. Save and close the file.

    5. Open RTD_HOME\scripts\sdexec.cmd for editing.

    6. Locate the line beginning with %SD_START%, near the bottom of the file. Near the end of the line, locate the following string:

       -Djavax.net.ssl.trustStore="%SD_ROOT%\etc\ssl\sdtrust.store"
       

    7. Replace %SD_ROOT%\etc\ssl\sdtruststore with the full path to your truststore file.

    8. Save and close the file.

4.11.1 Testing the SSL Configuration

To verify that the SSL port is functioning properly, go to Decision Center at the URL https://server_name:ssl_port/ui. If the SSL port is functioning property, your browser will display the "Welcome to Decision Center" login screen.

You may get a message from your Web browser, similar to “Do you want to accept this certificate?” This message is generated because the browser does not know about the self-signed certificate that was shipped with the default Oracle RTD keystore. This self-signed certificate is suitable for development and test environments, but it is not recommended for production environments.

For production environments, Oracle recommends the self-signed certificate be replaced with a certificate from a trusted certificate authority (CA), like Verisign/Thawte, by submitting to the CA a certificate request generated by Sun's keytool utility. For instructions on generating a certificate request, and for importing the certificate from the CA into the keystore, go to the following URL:

http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html

4.12 Setting Up JConsole for WebSphere

This section provides information about setting up the JConsole management tool.

This section contains the following topics:

• Section 4.12.1, "Determining the WebSphere Bootstrap Port Number"

• Section 4.12.2, "Setting Up a Batch File for JConsole"

• Section 4.12.3, "Creating a JConsole User"

4.12.1 Determining the WebSphere Bootstrap Port Number

The WebSphere bootstrap port number is used as the JMX remote port, used for accessing JConsole. You need to know the port value to set up JConsole access.

Follow these steps to find the value of the bootstrap port number, and to change it if necessary:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

2. In the tree on the left, expand Servers and choose Application servers.

3. Click the name of the application server where Oracle RTD is running (for example, server1). Under the Communications heading, click Ports.

4. You can find the value of the bootstrap port by looking at the BOOTSTRAP_ADDRESS entry in the Ports table. You can note this value and use it for the JConsole port in subsequent sections, or you can change the bootstrap port number. To change the bootstrap port, follow these steps:

   1. Click BOOTSTRAP_ADDRESS.

   2. For Port, enter the port number you want to use for JConsole (for example, 12345).

   3. Click OK, then click Save.

   4. Restart WebSphere.

4.12.2 Setting Up a Batch File for JConsole

Follow the instructions appropriate for your operating system:

• Section 4.12.2.1, "Setting Up a JConsole Batch File for Windows"

• Section 4.12.2.2, "Setting Up a JConsole Batch File for Linux or AIX-Based Systems"

• Section 4.12.2.3, "Setting Up a JConsole Batch File for Solaris"

4.12.2.1 Setting Up a JConsole Batch File for Windows

On Windows operating systems, create a batch file named startJConsole.bat and include the following:

set WAS_HOME=WEBSPHERE_HOME\AppServer
set USER_HOME=WEBSPHERE_HOME\AppServer\profiles\profile_name
set WAS_HOST=localhost
set WAS_BOOTSTRAP_PORT=jmx_remote_port

"%WAS_HOME%\java\bin\jconsole" -J-Djava.class.path="%WAS_
HOME%\runtimes\com.ibm.ws.admin.client_6.1.0.jar;%WAS_
HOME%\java\lib\tools.jar" -J-Dcom.ibm.CORBA.ConfigURL="file:%USER_
HOME%\properties\sas.client.props" -J-Dcom.ibm.SSL.ConfigURL="file:%USER_
HOME%\properties\ssl.client.props" service:jmx:iiop://%WAS_HOST%:%WAS_
BOOTSTRAP_PORT%/jndi/JMXConnector

For jmx_remote_port, enter the JConsole port number. For WebSphere, the JMX remote port is always the same as the WebSphere bootstrap port. Make sure to replace WEBSPHERE_HOME with the actual WebSphere installation path, and replace profile_name with the name of your WebSphere profile. For example:

set WAS_HOME=C:\Program Files\IBM\WebSphere\AppServer
set USER_HOME=C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01
set WAS_HOST=localhost
set WAS_BOOTSTRAP_PORT=12345

"%WAS_HOME%\java\bin\jconsole" -J-Djava.class.path="%WAS_
HOME%\runtimes\com.ibm.ws.admin.client_6.1.0.jar;%WAS_
HOME%\java\lib\tools.jar" -J-Dcom.ibm.CORBA.ConfigURL="file:%USER_
HOME%\properties\sas.client.props" -J-Dcom.ibm.SSL.ConfigURL="file:%USER_
HOME%\properties\ssl.client.props" service:jmx:iiop://%WAS_HOST%:%WAS_
BOOTSTRAP_PORT%/jndi/JMXConnector

Tip:

Ensure that the JConsole command at the end of this file ("%WAS_HOME%\java\bin\jconsole...") is all on one line.

4.12.2.2 Setting Up a JConsole Batch File for Linux or AIX-Based Systems

On Linux or AIX-based systems, create a shell script named startJConsole.sh and include the following:

#!/bin/sh
WAS_HOME=WEBSPHERE_HOME/AppServer
USER_HOME=WEBSPHERE_HOME/AppServer/profiles/profile_name
WAS_HOST=localhost
WAS_BOOTSTRAP_PORT=jmx_remote_port

$WAS_HOME/java/bin/jconsole -J-Djava.class.path=$WAS_HOME/runtimes/com.ibm.
ws.admin.client_6.1.0.jar:$WAS_HOME/java/lib/tools.jar -J-Dcom.ibm.CORBA.
ConfigURL=file:$USER_HOME/properties/sas.client.props -J-Dcom.ibm.SSL.
ConfigURL=file:$USER_HOME/properties/ssl.client.props service:jmx:iiop://$WAS_
HOST:$WAS_BOOTSTRAP_PORT/jndi/JMXConnector

For jmx_remote_port, enter the JConsole port number (for example, 12345). For WebSphere, the JMX remote port is always the same as the WebSphere bootstrap port. Make sure to replace WEBSPHERE_HOME with the actual WebSphere installation path, and replace profile_name with the name of your WebSphere profile.

Tip:

Ensure that the JConsole command at the end of this file ($WAS_HOME/java/bin/jconsole...) is all on one line. Also, ensure the startJConsole.sh file has the appropriate execute permissions.

Note:

Oracle recommends that you create or edit the file startJConsole.sh directly on the Linux or AIX-Based system.

If you first create or edit the file on a Windows system, and subsequently transfer it to a Linux or AIX-based system using ftp, then make sure that you use binary transfer node, not ascii.

4.12.2.3 Setting Up a JConsole Batch File for Solaris

On Solaris operating systems, create a shell script named startJConsole.sh and include the following:

#!/bin/sh
WAS_HOME=WEBSPHERE_HOME/AppServer
USER_HOME=WEBSPHERE_HOME/AppServer/profiles/profile_name
WAS_HOST=localhost
WAS_BOOTSTRAP_PORT=jmx_remote_port

$WAS_HOME/java/bin/jconsole -J-Djava.class.path=$WAS_HOME/runtimes/com.ibm.ws.
admin.client_6.1.0.jar:$WAS_HOME/java/lib/tools.jar:$WAS_HOME/java/lib/jconsole.
jar -J-Dcom.ibm.CORBA.ConfigURL=file:$USER_HOME/properties/sas.client.
props -J-Dcom.ibm.SSL.ConfigURL=file:$USER_HOME/properties/ssl.client.props service:jmx:iiop://$WAS_HOST:$WAS_BOOTSTRAP_PORT/jndi/JMXConnector

For jmx_remote_port, enter the JConsole port number (for example, 12345). For WebSphere, the JMX remote port is always the same as the WebSphere bootstrap port. Make sure to replace WEBSPHERE_HOME with the actual WebSphere installation path, and replace profile_name with the name of your WebSphere profile.

Tip:

Ensure that the JConsole command at the end of this file ($WAS_HOME/java/bin/jconsole...) is all on one line. Also, ensure the startJConsole.sh file has the appropriate execute permissions.

Note:

Oracle recommends that you create or edit the file startJConsole.sh directly on the Solaris system.

If you first create or edit the file on a Windows system, and subsequently transfer it to a Solaris system using ftp, then make sure that you use binary transfer node, not ascii.

4.12.3 Creating a JConsole User

Follow these steps to create a JConsole user:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

2. In the tree on the left, expand Users and Groups and choose Manage Users.

3. Click Create, then provide information for the JConsole user you want to create. For example, you could enter jmx_admin for User ID, JMX for First name, Admin for Last name, then provide a password.

4. Click Create.

5. In the tree on the left, expand Users and Groups and choose Administrative User Roles.

6. Click Add.

7. For User, enter the User ID you provided in Step 3.

8. For Role(s), select Administrator.

9. Click OK, then click Save.

You can now run JConsole and log in, using the User ID and password you just created. See Section 15.1, "Accessing JConsole" for more information.

4.13 Changing the Oracle Real-Time Decisions Port Number in WebSphere

To change the Oracle RTD application port number in WebSphere, perform the following steps:

1. Access the Integrated Solutions Console at the URL http://websphere_host:port/ibm/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the Integrated Solutions Console through Start > Programs.

2. In the tree on the left, expand Servers and choose Application server.

3. Click the name of the application server where Oracle RTD is running (for example, server1). Under the Container Settings heading, expand Web container settings and choose Web container transport chains.

4. Click the name of the transport chain that corresponds to the port number you want to change. For example, if you set up a new transport chain for Oracle RTD, click OracleRTD_chain. If the Oracle RTD application is using the default transport chain for this application server profile, click WCInboundDefault.

5. Click the TCP inbound channel link (for example, TCP inbound channel (TCP 6)).

6. Under the Related Items heading, click Ports.

7. Click the name of the port number you want to change (for example, OracleRTD_port or WC_defaulthost).

8. For Port, enter the new port number you want to use for Oracle RTD.

9. Click OK, then click Save.

10. In the tree on the left, expand Environment and choose Virtual Hosts.

11. Click default_host. Under the Additional Properties heading, click Host Aliases.

12. Click the * link that corresponds to the previous value of the Oracle RTD port.

13. For Port, enter the new port number you want to use for Oracle RTD.

14. Click OK, then click Save.

15. Restart WebSphere.