Previous Next Contents Index


Chapter 1 Introduction to PAE Administration

Netscape Application Server: Process Automation Edition (PAE) is a business process management system that runs on Netscape Application Server with a graphical design interface for defining forms and their routing, two administrative interfaces for configuring, and maintaining the PAE components, and an end-user interface for creating work requests, handling work items, and performing searches.

This guide focuses on using the information technology management interface provided by Process Administrator to manage clusters and applications. See the the Business Manager's Guide for information on the Process Business Manager interface.

This introductory chapter includes the following sections:


Overview
PAE consists of these components:

PAE also uses these other components, which it associates into a cluster:

When an application developer using Process Builder deploys an application so that end users can access it, they must identify the cluster on which to deploy it. All successfully deployed applications are available to any valid end user on any Netscape Application Server across the cluster. All applications in a cluster share the same common database and directories. They access the same Directory Server for their process definitions and they use the same set of cross-application tables in the database, as well as the same corporate users and groups directory.

End users use Process Express to access the applications built in Process Builder. As they create new work requests and other examples of business processes, called process instances, and as they complete their assigned tasks, called activities in the Process Builder and work items in Process Business Manager, they are generating user data that is stored in the cluster's database.

Figure 1.1    PAE Components

As the information technology administrator, you have these primary types of tasks:

Your first task is to install the PAE components and make sure they are configured correctly for your environment. See the Installation Guide for details.

The next step is to create a cluster so that Process Builder can deploy applications that can be used across the enterprise.

You can continue to manage and update the cluster as needed. For example, you may need to switch to a different corporate user directory or you may want to add other Netscape Application Servers to the cluster.

Directories in PAE
PAE uses directories for two purposes:

The Configuration Directory
The configuration directory must be Netscape Directory Server 4.0. This directory stores PAE configuration information, including the application definitions for all deployed applications. The directory can also be used as a central repository for applications that are still being designed but are not yet deployed. The installation procedure extends this directory's schema to include the attributes and object classes required for PAE.

Once you define a cluster to use a particular configuration directory, you cannot switch to use another Directory Server in the cluster for your configuration information.

The Corporate User Directory
The corporate user directory must be Netscape Directory Server 4.0. This directory contains the set of corporate users who can be the assignee for a work item.

When you install PAE using all the defaults, you install a single Directory Server that you use for both types of information: users and configuration. This works well for using the sample applications and for initial testing of new applications where you can create a sample set of corporate users that you can test reliably.

Changing Your User Directory
If you want to do testing that simulates your production environment or if you want to move the application into production, you need to be able to access the actual users in your corporation. To do this, you need to change several default values to point to your company's corporate Directory Server, including the following:

Note. All Netscape Application Servers in a cluster must use the same information for all these settings.

To change the directory that PAE uses for authenticating users and groups, perform the following steps:

  1. Go to the Server Administration page for your Netscape Enterprise Server. You access this page by going to the server:port defined for your 3.x SuiteSpot Administration Server. This URL is in the form yourServer:3.x Admin port.

  2. Click the Global Settings button.

  3. If not already chosen, click the LDAP Directory Server radio button to obtain directory service from an LDAP Directory Server.

  4. Enter the correct information for your new corporate user directory:

  5. Click Save Changes.

  6. Restart the 3.x SuiteSpot Administration Server and all its servers.
This updates the dbswitch.conf file in the Enterprise Server. You can also manually edit this file instead of using the user interface to include the LDAP URL for the new directory. If you manually edit the file, put your new corporate directory as the second entry, which is the corporate directory URL.

To change the access control (ACL) for PAE styles, perform the following steps:

  1. Go to the Server Administration page for your Enterprise Server.

  2. Click the button for your Enterprise Server instance to go to its Server Manager pages.

  3. Click the Configuration Styles button.

  4. Click the Edit Style link.

  5. Select Basic Auth from the drop-down list and click the "Edit this style" button.

  6. Click the Restrict Access link. This displays the Access Control List Management page.

  7. In the middle of the page, under "B. Pick an existing ACL," select Basic Auth and click the Edit Access Control button. This displays the Access Control user interface.

  8. Click "anyone" in the first line. A second pane appears in the lower part of the page.

  9. Click the "Authenticated people only" radio button in the lower pane.

  10. Click the "All in the authentication database" radio button.

  11. Make sure that the authentication method selected is Default.

  12. Under Authentication Database at the bottom of the pane, select the new corporate directory from the drop-down list and click its radio button.

  13. Click Update in this frame to update the ACL rules.

  14. Click Submit in the top frame to set the change.

  15. Click OK to save your changes.

  16. Click Save and Apply to apply your changes to the server.

  17. .Repeat Steps 5-14 for the two other PAE styles: Admin IT Auth and Admin Data Auth.
There are two ways to make your applications use the new Directory Server:

If you are making an existing cluster point at the new directory, perform the following steps:

  1. In Process Administrator, use the Change Cluster Information page to update the cluster with the new corporate user directory URL. See "Changing Cluster Information" in Chapter 3, "Clusters" for instructions.

  2. Making sure you have access to the right directory from Process Builder. There are two ways of doing this:
If you want to create a new cluster, follow the following steps:

  1. In Process Administrator, create a new cluster using the new directory. For more information, see "Creating a Cluster" in Chapter 3, "Clusters."

  2. In Process Builder, redeploy your existing applications to the new cluster.
There are two ways to make your sample application users work with the new corporate user directory:

If the users and groups you use in your existing Process Builder applications also exist as valid users and groups in the new Directory Server, your applications will work as is.

If the original users and groups are not valid any more, you must change them so that they can be found in the new Directory Server and then redeploy the applications. Typically, you will need to replace the defaulted "admin" user with a valid user from the new corporate directory in the Users and Groups folder for each application. See "Sample Applications" in Chapter 10 of the Developer's Guide for details of other configurations you may need to set for specific applications.

If you want to change the user assignments, follow these steps:

  1. Select a user or group in the application tree.

  2. Open its properties inspector.

  3. Pick a new user ID for the assignment.
If you want to add users or groups to the new directory, follow these steps:

  1. Launch Netscape Console.

  2. On the authentication dialog box, enter this information:

    1. administrative user name

    2. administrative password

    3. administration URL for the new directory server's Administration Server, including the port number

  3. Click on User and Groups tab.

  4. Pick New User or New Group from the drop-down list in lower right corner and click Create.

  5. Enter new user or group info and click OK when done.
Netscape Application Servers
Process Engine is an Enterprise Java Bean application that runs on Netscape Application Server. PAE uses the application server to run the HTML-based Process Administrator, Process Business Manager, and Process Express.

Each cluster must have at least one application server, but there can be more than one if there are several networked systems using the same cluster. All applications are replicated to all Netscape Application Server machines in a cluster.

As the administrator, you can perform these Netscape Application Server-related tasks:

PAE Applications
All PAE applications run as applications on each Netscape Application Server machine in a cluster. Deployed applications are deployed to all application servers in a cluster, so if one server is unavailable, the application continues to run on the other machines in a cluster.

When a specific Netscape Application Server machine shuts down, all of the applications on that server also shut down. When the server comes back up, it automatically restarts all of its applications.

Security in PAE
PAE supports additional security features such as using SSL-enabled Enterprise Servers to provide secure content and access. PAE also allows designers to build applications that use certificates and digital signatures as part of their processing.

If you want to enable SSL on your Enterprise Server, read Chapter 8, "Using Encryption and SSL," in the online Enterprise Server Administrator's Guide. You can access the Enterprise Server help system by clicking any button on a Netscape server user interface form.

If you want to include digital signatures in a form, read the information about how to design with them in Chapter 6, "Defining Data Fields," in the Process Builder's Guide. Digital signatures are stored in a special database table, wf_blobs, so the administrator can query the database as needed to verify a signature. Also see Storing Digital Signatures for more information.

For further information about security in general and about how to use the security features available in Netscape products, see the Security Documentation page in the DevEdge developer site, at http://developer.netscape.com/docs/manuals/security.htm


Process Administrator
To perform Information Technology administrative tasks, you must have the application server that you are using for PAE running on your local computer. Access to the Process Administrator's interface is through its home page at

http://yourServer/Administrator.apm

Process Administrator uses a tabbed HTML-based interface that provides access to management functions in these areas:

Cluster Management Forms
The Cluster Management tab displays different sets of forms depending on the situation: one set is for use in creating or joining a cluster and the other set is for managing existing clusters.

Create or Join a Cluster. The first time you access the Cluster Management tab after installing PAE or the first time you access it from Netscape Application Server machine that is not already part of a cluster, the Create or Join a Cluster page is displayed.

Create Cluster. Used to create a new cluster.

Join Cluster. Used to join this application server to an existing cluster.

Cluster Management. Used to manage the cluster that this application server belongs to.

Change Cluster Information. Used to change information about an existing cluster.

Delete Cluster. Used to delete a cluster.

Unjoin Cluster. Remove this server from the cluster.

Application Forms
Process Information Technology Administrator provides several management forms for applications. You can change the state of an application, check its logs, and archive and delete its data.


Directory Server Terms and Attributes
Because much of PAE is dependent on Directory Servers, this section is included to help clarify some of the most relevant concepts and terminology.

Whether you are accessing the corporate user directory for your set of users or defining a cluster in the configuration directory, you need to understand how to identify the directory and the specific cluster entry within the server.

There are some standard LDAP terms and attributes that you may need to understand before you can create Directory Server entries. This section briefly describes them for your convenience. For detailed information, see the Directory Server manuals, which you can access by clicking on any help button in a Directory Server product.

LDAP Terms
In general, Netscape Directory Servers use standard LDAP terminology, but different administrative forms may use slightly different sets of equivalent terms. Common terminology you may encounter as you install and use the Directory Server includes the following:

Distinguished Name (DN). A series of comma-delimited attributes that uniquely identify the directory entry location within the directory tree. This could be a person, a group, an organization, or any other object for which you want to maintain information in a directory. In the case of PAE, information about a cluster is maintained in a directory.

Base DN. The entry at which to start directory searches, sometimes referred to as the search base. This base is often the root entry, that is, the search starts at the top of the directory tree.

Bind DN. The DN used to access the directory. Directory Server authentication is referred to as binding to the directory. Which DN you use as the Bind DN determines the level of directory access permitted. This is often the root DN, who has complete access to the directory, and so the Bind DN is sometimes referred to as the unrestricted user. The default Bind DN for Netscape Directory Servers is cn=Directory Manager.

Directory Suffix. A distinguished name (DN) suffix for your local directory. All incoming LDAP queries must contain this suffix, which is equivalent to the root entry of your Directory Server structure. This provides the highest level of identification for a specific directory. For example, o=airius.com. Everything contained within a directory is underneath this entry. If you know the directory suffix or root entry for a directory, you know which directory it is.

Root Entry. The first entry in a directory tree, that is the top of the tree. This is often, but not always the Base DN. The root entry corresponds to the directory suffix. If you know the root entry or directory suffix for a directory, you know which directory it is.

LDAP Attributes
When you identify a directory's location in a Directory Server's tree, such as when you define a cluster within the configuration directory, you typically need to use only a small set of LDAP attributes. These include the following:

The common name entry of cn=Directory Manager is the default administrative user identifier for Directory Servers. It is set when you perform a default installation of the Directory Server.

Note
You cannot use commas within an attribute value, only as delimiters between attributes.

Figure 1.2    A sample corporate user directory structure

Directory Structure
The Directory Server uses a tree structure to define different sets of data. In a simple case, such as identifying a cluster, you could have a structure like this:

If you had another cluster in the tree, you could have these values:

Together these two values uniquely identify the location of the cluster's directory entry in the Directory Server and are referred to as the cluster's distinguished name, or DN. When you want to uniquely identify the cluster, you need to include the entire DN, with attributes separated by commas and listed in order from most specific to highest level. For example, for a cluster, you could use this DN:

cn=My Cluster, o=airius.com

Figure 1.3    A sample directory containing a cluster

LDAP URLs
You use these attributes to identify the corporate user directory and your cluster entry to the Process Builder in the preferences.ini file after creating a cluster. This file requires you to use a specific LDAP URL format when you enter this information.

The Corporate Directory URL
If you do not require user authentication, as is typical for the corporate user directory, use this format:

ldap://yourDirServer:port/Base DN

For example:

ldap://netscape.mcom.com:389/o=mcom.com

The Cluster URL
If you require user authentication, as you do for the cluster entry, use this format:

ldap://Bind DN:Bind Password@yourDirServer:port/cluster DN

For example:

ldap://cn=Directory Manager:netscape@netscape.airius.com:389/cn=HR Cluster, o=mcom.com

 

Copyright © 1999 Netscape Communications Corp. All rights reserved.