Teamcenter 10.1: Publication Number PLM00015 J

Teamcenter 10.
Web Application Deployment Guide
Publication Number
PLM00015 J
Proprietary and restricted rights notice
This software and related documentation are proprietary to Siemens Product

Lifecycle Management Software Inc.
© 2013 Siemens Product Lifecycle Management Software Inc. All Rights Reserved.
Siemens and the Siemens logo are registered trademarks of Siemens AG. Teamcenter
is a trademark or registered trademark of Siemens Product Lifecycle Management
Software Inc. or its subsidiaries in the United States and in other countries. All
other trademarks, registered trademarks, or service marks belong to their respective
holders.
2 Web Application Deployment Guide PLM00015 J

Contents
Proprietary and restricted rights notice . . . . . . . . . . . . . . . . . . . . . . . . . 2
Getting started deploying Web applications . . . . . . . . . . . . . . . . . . . . . . 1-1

Deployment considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Teamcenter Web application deployment interface . . . . . . . . . . . . . . . . . . . . . 1-2
Determining your requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Basic concepts of Teamcenter Web application deployment . . . . . . . . . . . . . . . 1-3
Teamcenter Web application deployment . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Teamcenter Web application deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Basic deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Basic deployment with front-end HTTP (Web) server . . . . . . . . . . . . . . . . . . . 2-7
Clustered deployment with front-end HTTP server . . . . . . . . . . . . . . . . . . . . 2-25
Deploying clustered with front-end load-balanced HTTP servers . . . . . . . . . . . 2-31
Global Services Web application deployment . . . . . . . . . . . . . . . . . . . . . 3-1

Global Services Web application deployment . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Teamcenter client communication system and proxy server

configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Teamcenter client communication system and proxy server configuration . . . . A-1
Reverse proxy servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
Enabling File Management System (FMS) URL path extensions . . . . . . . . . . . A-4
FMS server cache (FSC) SSL client credentials (two-way SSL) . . . . . . . . . . . . A-4
File Management System (FMS), reverse proxy, and two-way SSL configuration
details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
Configuring Kerberos authentication on the Web tier . . . . . . . . . . . . . . . . . . A-15
Troubleshooting four-tier architecture deployment . . . . . . . . . . . . . . . B-1
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index-1
Figures
HSE deployment configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

H-SE deployment configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
H-SE* deployment configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
H*-SE* deployment configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
PLM00015 J Web Application Deployment Guide 3

Contents
Teamcenter client communication system architecture . . . . . . . . . . . . . A-2
4 Web Application Deployment Guide PLM00015 J

Chapter
1 Getting started deploying

Web applications
Deployment considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Teamcenter Web application deployment interface . . . . . . . . . . . . . . . . . . . . . 1-2
Determining your requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Basic concepts of Teamcenter Web application deployment . . . . . . . . . . . . . . . 1-3
PLM00015 J Web Application Deployment Guide

Chapter
1 Getting started deploying

Web applications
Deployment considerations
Deployment of your Teamcenter Web applications is an important step in setting up
your Teamcenter environment. How you deploy the Web application is determined
by how you intend to use Teamcenter and can affect the application’s performance.
1. Consider the high-level requirements of your deployment.
For more information about high-level requirements, see Determining your
requirements.
2. Review the different supported deployment configurations to determine which is

best for your enterprise.
For descriptions of the supported configurations, see Basic concepts of Teamcenter
Web application deployment.
3. Determine your application server. The application server you use may impact
your deployment configuration. Not all configurations are supported for all
application servers.
For information about the supported configurations for Teamcenter Web
applications, see Teamcenter Web application deployment.
Global Services Web applications are supported for basic deployments only.
For the information about the versions of application servers certified for your
platform, see the Siemens PLM Software Certification Database:
http://support.industrysoftware.automation.siemens.com/
certification/teamcenter.shtml
Note Siemens PLM Software certifies third-party software applications with
the latest patches available when the certification testing is performed. If
you encounter problems deploying a Teamcenter Web application, ensure
that you have installed the latest patches for your application server.
Teamcenter and Global Services Web applications support IPv6 for Web tier
communications for the following application servers:
• JBoss 7.1
• WebSphere 8.5
PLM00015 J Web Application Deployment Guide 1-1

Chapter 1 Getting started deploying Web applications
• WebLogic 12c
Note Support for IPv6 requires a dual stack application server host and a dual
stack Teamcenter server host.
For information about supporting IPv6 and dual stack networks on
you application server hose, see your Windows, UNIX, or Linux server
documentation.
Before you begin

Prerequisites You must have administrator privileges to use the application
servers administration tools. You must have performed
Web application installation as described in the appropriate
Teamcenter server installation guides (for Windows or
UNIX/Linux).
Enable a Web The Web tier application is enabled by deploying it in the
application application server and, depending on your configuration, its
associated proxy component in the Web server.
Configure a Web Teamcenter Web applications are configured during installation
application and in the application server after deployment.
Start a Once your Teamcenter Web Application is deployed, it is
Teamcenter Web running. If you need to stop, start, or restart the application at
application a later time, you must use the application server administration
tools to perform these actions.
Teamcenter Web application deployment interface

The application server administration tools provide the interface for deploying your
Web application.
Determining your requirements

How you configure your servers that run your Teamcenter Web tier application
depends on your enterprise requirements for scalability (concurrent users and
processes) and data availability (server fail over). An HTTP front-end cluster
provides better performance for static Web content. Clustering application
servers provides better performance for dynamic content and ensures availability
because the Teamcenter application has multiple instances that allow a particular
application server to fail without causing the Teamcenter data to be inaccessible.
To determine the best configuration for your installation you must be familiar with
the installation, use, and performance tuning of the servers you choose for deploying
the Web tier application.
For information about server performance, see the documentation provided with
your server and the System Administration Guide.
Does your environment require IPv6 support? This requirement determines the
application servers that you can choose for your deployment.
1-2 Web Application Deployment Guide PLM00015 J

Getting started deploying Web applications
Basic concepts of Teamcenter Web application deployment

You should understand the following terms.
Term Definition
Basic deployment Basic deployment on an enterprise (J2EE) application
(HSE) server. The HTTP Web server (H), servlet container (S), and
enterprise Java™ bean (EJB) container (E) are all provided
on the same platform as part of the same process. The
Teamcenter Web tier application (EAR file bundling the
WAR file) is deployed on a J2EE application server that has
a built-in HTTP listener, such as JBoss Application Server,
Oracle WebLogic Server, and IBM WebSphere Application
Server.
Deploying a separate HTTP Web server to listen to the
incoming request is not required.
Basic deployment A stand-alone HTTP Web server is configured as the
with front-end HTTP front-end to a J2EE application server.
Web server (H-SE)
Clustered A stand-alone HTTP Web server is configured with a cluster
deployment with of Web application server instances. The HTTP Web server
front-end HTTP Web routes requests to a cluster of J2EE application servers. The
server (H-SE*) Teamcenter Web tier application (EAR file bundling the
WAR file) is deployed in each application server instance
in the cluster.
Clustered Multiple HTTP Web server instances are configured with
deployment a load balancer and a cluster of J2EE application server
with front-end, instances. A load balancer in front of the HTTP Web servers
load-balanced balances the load for incoming requests and HTTP Web
HTTP Web servers servers route that request to the cluster of application
(H*-SE*) servers.
In this configuration, the Teamcenter Web tier application
(EAR file bundling the WAR file) is deployed in each
application server instance in the cluster. Typically, HTTP
Web servers must be configured for this type of distributed
environment.
Enterprise archive An enterprise application that requires a J2EE application
(EAR) server.
Network load HTTP Web servers are configured to allow each HTTP Web
balancing (NLB) server in the load balanced cluster (see Web server farm) to
respond to a virtual IP address. Requests to this virtual IP
are intercepted and routed to a machine running one of the
Web servers in the cluster.
Web archive (WAR) A Web application that requires an HTTP Web server and
servlet engine.

Chapter 1 Getting started deploying Web applications
Term Definition
Web server farm Multiple HTTP Web servers are configured as self contained
(redundant) servers in a cluster. The Web servers serve a
single IP address that allows any of the servers that are
available to handle a request the address. This provides
improved performance and reliability.
The following figures show each of the deployment configurations for Teamcenter
Web tier applications.
Teamcenter
Teamcenter
Teamcenter
Server
Server
Server
Server
Pool
Access Access
Cache Data Cache Data
Tree Cache
Manager
Manager
Server
Server
Pool
Pool
Cache Data
Access
Major Process Boundary

/Resource Adapter
Servlet, JSP/EJB
Instance
HSE
HTTP Listener
Server/
Client
Client
Client
HSE deployment configuration

PLM00015 J
DMZ Server
H SE Pool
Server
Access
Manager
Pool
Cache Data
HTTP Server
Tree Cache
Proxy Plugin Servlet, JSP/EJB Teamcenter
Cache Data
/Resource Adapter Server
Access
Instance
Teamcenter
Server
Server Teamcenter
Pool Server
Client
Access
Manager
Cache Data
Client
Client Firewall
H-SE deployment configuration


1-5
1-6
Chapter 1

Server Server
DMZ H* [SE]* Pool Pool
Manager
Access
Servlet, JSP/EJB
Cache Data
/Resource Adapter Teamcenter

Instance Server
Tree Cache
HTTP Server Servlet, JSP/EJB
Cache Data Teamcenter
Proxy Plugin /Resource Adapter
Access Server
Instance
Servlet, JSP/EJB
Client Instance Server
Client Server
Pool
Access
Client
Cache Data
Firewall Manager
H-SE* deployment configuration

PLM00015 J
PLM00015 J
Server Server
DMZ H* [SE]* Pool Pool
Manager
Access
Servlet, JSP/EJB
Cache Data
HTTP Server /Resource Adapter Teamcenter

Proxy Plugin Instance Server
Tree Cache
HTTP Server Servlet, JSP/EJB
Load Cache Data Teamcenter
Proxy Plugin /Resource Adapter
Access Server
Balancer Instance
HTTP Server
Servlet, JSP/EJB
Proxy Plugin
Client Instance Server
Client Server
Pool
Access
Client
Cache Data
Firewall Manager
H*-SE* deployment configuration


1-7
Chapter
2 Teamcenter Web application

deployment
Teamcenter Web application deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Basic deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Deploy on JBoss application server (HSE) . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Deploy on WebSphere application server . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Provide isolation for multiple HTTP sessions . . . . . . . . . . . . . . . . . . . 2-6
Deploy on WebLogic application server (HSE) . . . . . . . . . . . . . . . . . . . . . 2-6
Basic deployment with front-end HTTP (Web) server . . . . . . . . . . . . . . . . . . . 2-7

Deploying on JBoss application server with IIS front end (H-SE) . . . . . . . . 2-7
Deploy the Teamcenter Web application . . . . . . . . . . . . . . . . . . . . . . 2-7
Install and configure the Tomcat ISAPI Redirector . . . . . . . . . . . . . . . 2-9
Install and configure the Tomcat ISAPI Redirector on Windows Server
2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
Configure Microsoft Internet Information Services . . . . . . . . . . . . . . . 2-14
Configure Microsoft Internet Information Services on Windows Server
2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15
Deploy on WebSphere application server (H-SE) . . . . . . . . . . . . . . . . . . . 2-16
Deploy on WebSphere application server . . . . . . . . . . . . . . . . . . . . . . 2-16
Configure the HTTP Web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19
Provide isolation for multiple HTTP sessions . . . . . . . . . . . . . . . . . . . 2-19
Deploy on WebLogic application server/Apache HTTP server (H-SE) . . . . . 2-20
Configure the Apache HTTP server . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21
Deploy on WebLogic application server/WebLogic Express server (H-SE) . . 2-21
Deploy the Teamcenter proxy application . . . . . . . . . . . . . . . . . . . . . 2-22
Deploy on WebLogic server/Internet Information Server (IIS) 7 . . . . . . . . . 2-22
Configure Microsoft Internet Information Services 7 . . . . . . . . . . . . . . 2-23
Clustered deployment with front-end HTTP server . . . . . . . . . . . . . . . . . . . . 2-25

Override TreeCache settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-25
Deploying on WebLogic application server/WebLogic Express Web server
(H-SE*) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-26
Configure WebLogic Express as the front-end Web server for a
cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27
Deploying on WebLogic server/Apache Web server (H-SE*) . . . . . . . . . . . . 2-29

Configure Apache HTTP (Web) server as the listener for a cluster . . . . 2-31
Deploy WebSphere application server cluster with HTTP (Web) server . . . . 2-31
Deploying clustered with front-end load-balanced HTTP servers . . . . . . . . . . . 2-31

Configure Microsoft IIS load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32
Web Application Deployment Guide PLM00015 J

Chapter
2 Teamcenter Web application

deployment
Teamcenter Web application deployment

All of the deployment procedures assume that you have installed your application
server per the instructions provided with the application server and that you have
created the required Teamcenter Web applications (EAR and, if required, WAR files)
as described in the appropriate Teamcenter server installation guide (for Windows or
UNIX/Linux).
Teamcenter Web tier applications require a four-tier Teamcenter environment.
After you deploy your Web tier application, you must start the Teamcenter Server
Manager before you can use the thin client.
For information about starting the Teamcenter Server Manager, see the System
Administration Guide.
Caution You may get an error message, similar to the following, that appears in
the Java output and is identified in the hs_err_* file as an error in a
compiler thread.
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6da225d6, pid=6472, tid=4916
#
# Java VM: Java HotSpot(TM) Server VM (1.5.0_05-b05 mixed mode)
# Problematic frame:
# V [jvm.dll+0x1e25d6]
#
# An error report file with more information is saved as hs_err_pid6472.log
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
#
This is a known issue with certain versions of JVM.

For more information about this error and workarounds for this problem,
see Troubleshooting four-tier architecture deployment.
Note These procedures use a slash character as the directory path delimiter
except in procedures that are specific to Windows systems.
Basic deployment
These basic deployments procedures provide instructions for deploying the
Teamcenter Web tier application (EAR file bundling a WAR file) in selected
configurations on selected J2EE application servers.

Chapter 2 Teamcenter Web application deployment
Note For information about versions of operating systems, third-party software,

Teamcenter software, and system hardware certified for your platform, see
the Siemens PLM Software Certification Database:
http://support.industrysoftware.automation.siemens.com/ certification/teamcenter.shtml
Instructions for enabling secure socket layer (SSL) on an application server are
provided in the application server documentation.
For more information, see the vendor documentation for the following application
servers:
• JBoss
• WebSphere
• WebLogic
Note If you use SSL with your Teamcenter Web tier application, you must set the
WEB_protocol thin client preference in Teamcenter to https://.
For information about using Teamcenter preferences, see the Rich Client
Interface Guide.
Deploy on JBoss application server (HSE)

Caution Recent versions of JBoss configure the Java virtual machine (JVM) to
prefer the IPv4 stack. This can cause socket errors when the server
manager starts due to a mismatch in protocols between the Web tier
and server manager hosts.
For more information, see Troubleshooting four-tier architecture
deployment.
Note This procedure assumes that you downloaded and installed the JBoss 7.1.0
final version and you are using the stand-alone server location for deploying
your Teamcenter Web application.
1. Copy the Teamcenter EAR (by default, tc.ear) file to the following directory:
jboss-as-7.1.0.Final
standalone
deployments
2. Define JMX as a global module.

a. Expand the configurations directory and open the standalone.xml file.
standalone
configuration
b. Locate the subsystem element for the urn:jboss:domain subsystem, and

add the following global-modules element content:

<subsystem xmlns="urn:jboss:domain:ee:1.0">
<global-modules>
<module name="org.jboss.as.jmx" slot="main"/>
</global-modules>
</subsystem>
Locate the deployment-scanner element and add the

deployment-timeout attribute with a value of 600 as follows:
<subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1">
<deployment-scanner path="deployments"
relative-to="jboss.server.base.dir"
scan-interval="5000"
deployment-timeout="600"/>
</subsystem>
c. If you require IPv6 support, locate the interface element for the public
interface and modify its contents as follows:
<interface name="public">
<any-address/>
</interface>
3. Define a dependency to allow the JBoss connector module to use JMX MBeans.
a. Expand the main directory and open the module.xml file.
modules
org
jboss
as
connector
main
b. Locate the dependencies element, and add the following module element:
<module name="org.jboss.as.jmx"/>
4. To allow the Teamcenter Web application to listen to nonloopback addresses,

configure JBoss using the information in the JBoss documentation:
https://docs.jboss.org/author/display/AS71/Management+tasks
Tip Check Command line parameters and Interfaces and ports in the JBoss
documentation.
5. If you require IPv6 support, open the standalone_conf script file in your JBoss
installation bin directory and add the following settings:
-Djava.net.preferIPv4Stack=false
-Djava.net.preferIPv6Addresses=false

6. Open a command shell and ensure you have defined the JAVA_HOME
environment variable, and set it to the location of your Java installation. The
Teamcenter Web application requires Java 1.7.
7. Start the server by typing standalone (standalone.sh on UNIX) -b host-name

in the command shell.
Note You must start the application server instance with the bind option
to enable connections from clients running on a host different from
the application server host. The simplest way to do this is to start the
server with the -b host-name option. Substitute the host name or IP
address of the local host for host-name. However, this has some security
implications.
For information about JBoss security, see the JBoss documentation at:
http://www.jboss.org/community/docs/DOC-12188
Note If the Web tier encounters errors obtaining JCA connections under peak
activity, increase the Max_Pool_Size context parameter value for your
Teamcenter Web application.
For information about changing this context parameter value, see
Troubleshooting four-tier architecture deployment.
Deploy on WebSphere application server

This procedure deploys one instance of WebSphere Application Server hosting the
Teamcenter Web tier application (EAR file bundling WAR file):
For more information, see the complete WebSphere documentation:
http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?
PAG=C11&SSN=12HFE0003463254433&TRL=TXT&WRD=WebSphere+
Application+Server+v8&PBL=&LST=ALL&RPP=10&submit=Go
1. Install the WebSphere application server by itself on a single machine. This
enables the internal HTTP transport train suitable for handling a low level
of Web requests.
For information, see the WebSphere application server documentation:
http://www.redbooks.ibm.com/redbooks/SG247971/wwhelp/wwhimpl/java/html/
wwhelp.htm
2. Start the WebSphere integrated solutions console.

For more information about the console, see the WebSphere documentation.
3. In the navigation tree, expand Applications and click Install New Application.
4. In the Preparing for the application installation pane, type the path to, or
browse to, the location of the Teamcenter Web tier EAR file in the Full path box.
Select Prompt me only when additional information is required and click Next.
5. Accept the default Select installed options for enterprise applications and
modules and click Next.

6. In the Map modules to servers pane, if you have multiple server instances,
select the check boxes for all modules and map them to the same server instance.
Click Next again.
7. In the summary pane, click Finish. Wait for WebSphere to complete the
application deployment.
8. When WebSphere displays a message indicating the application deployed

successfully, scroll to the bottom of the page and click Manage Applications.
9. In the Enterprise Application pane, click the Teamcenter application name.
10. In the Configuration page, click the Teamcenter application name.
11. Click Manage Modules under Modules.
12. Click JETIResourceAdapter in the Module column.
13. Click Resource Adapter under Additional Properties.
14. Click J2C connection factories under Additional Properties.
15. Click com.teamcenter.jeti.resourceadapter.spi.IJetiConnectionFactory in the

Name column.
16. Type jca/enterprise-app-reg-id/Adapter in the JNDI name box and click Apply.
Note The value that was assigned to the Enterprise Application
Registration ID context parameter for the Teamcenter Web tier
application is what you enter for enterprise-app-reg-id in this step.
The default value is JETI. If you intend to deploy multiple EAR file
instances in the same WebSphere instance, this value must be different
for each deployment.
17. Click Connection pool properties under Additional Properties.
18. Type 500 in the Maximum connections box and 0 in the Minimum connections
box.
Note The Maximum connections value constrains the number of concurrently
executing tcserver requests. Each client has an executing request for
a small percentage of its duration. Therefore, this number can be
significantly smaller than the number of concurrent users or clients. If
the Web tier encounters errors obtaining JCA connections during peak
activity, increase the Maximum connections value.
19. Click Apply, scroll to the top of the page, and click Save.
Your application is now deployed and can be started.
20. In the Enterprise Applications pane, select the Teamcenter Web application
check box and click Start.

Provide isolation for multiple HTTP sessions

If you deploy multiple applications in the same application server instance, HTTP
session cookies may be overwritten by browsers connecting to different applications.
To avoid this, configure the application server to provide separate cookie paths:
1. Log on to the Integrated Solution Console, expand Applications in the navigation
tree, and click Enterprise Applications.
2. In the Enterprise Applications pane, click the Teamcenter application link.
3. Click Session Management under Web Modules Properties.
4. Click Override session Management under General Properties.
5. Click the Enable cookies link and type a slash (/) followed by the Teamcenter
Web application name. For example, if you use the default Web application
name, type /tc.
Deploy on WebLogic application server (HSE)

This procedure deploys one instance of an Oracle WebLogic Server hosting the
Teamcenter Web tier application (EAR file bundling WAR file).
Caution If you do not deploy your Teamcenter Web application in a domain by
itself, the client-side session cookie can be overwritten by the other
applications in the domain.
For information about preventing this, see Troubleshooting four-tier
architecture deployment.
1. Start the WebLogic server administration console.

For information about the console, see the WebLogic server documentation:
http://docs.oracle.com/cd/E21764_01/apirefs.1111/e13952/core/index.html
2. In the left pane, click Deployments.
3. In the right pane, click Install.
4. In the Install Application Assistant, click Browse next to the Deployment

Archive box and navigate to the location of the Teamcenter Web tier application
(tc.ear by default) and click Next.
5. Accept the default Install this deployment as an application option and click
Next.
6. Click Finish to accept all the default settings and then click Save.
7. Click Deployments and select the Teamcenter Web tier application check box.
8. Ensure the application State indicates Active and the Health indicates OK.
If not, click Start, select Servicing all requests, and click Yes in the Start
Deployments dialog box.

Note If the Web tier encounters errors obtaining JCA connections during peak
If WebLogic reports an error (BEA-000402) due to more active sockets than
socket readers, add the -Dweblogic.ThreadPoolSize=100 parameter when
starting the application server.
Basic deployment with front-end HTTP (Web) server

Each of the supported applications servers can be configured to use a front-end
HTTP server. The HTTP servers that you can use vary according to the application
server you are using.
Deploying on JBoss application server with IIS front end (H-SE)

This procedure:
• Deploys the Teamcenter Web tier application (EAR file bundling the WAR file)
on the JBoss Application Server
• Installs and configures the Tomcat ISAPI Redirector on a Windows Server or

Windows Server 2008.
• Configures the Microsoft Internet Information Services (IIS) as the front-end

listener (Web server) on a Microsoft Windows Server host or a Windows Server
2008 host.
Note As a precondition, the ISAPI Extensions feature of the IIS Application
must be activated to allow integration with the Tomcat ISAPI redirector.
Deploy the Teamcenter Web application

Caution Recent versions of JBoss configure the Java virtual machine (JVM) to
prefer the IPv4 stack. This can cause socket errors when the server
manager starts due to a mismatch in protocols between the Web tier
and server manager hosts.
For more information, see Troubleshooting four-tier architecture
deployment.
Note This procedure assumes that you downloaded and installed the JBoss 7.1.0
final version and you are using the stand-alone server location for deploying
your Teamcenter Web application.
1. Copy the Teamcenter EAR (by default, tc.ear) file to the following directory:
standalone

deployments
2. Define JMX as a global module.

a. Expand the configurations directory and open the standalone.xml file.
standalone
configuration
b. Locate the subsystem element for the urn:jboss:domain subsystem, and

add the following global-modules element content:
<global-modules>
</global-modules>
</subsystem>
Locate the deployment-scanner element and add the

deployment-timeout attribute with a value of 600 as follows:
relative-to="jboss.server.base.dir"
</subsystem>
c. If you require IPv6 support, locate the interface element for the public
interface and modify its contents as follows:
<interface name="public">
<any-address/>
</interface>
3. Microsoft IIS uses the AJP 1.3 protocol to forward requests to JBoss. If the
default port for the AJP 1.3 protocol (8009) is not available on your host
running JBoss, update the port number in the following element in the
JBoss-installation/standalone/ /configuration/standalone.xml file:
<socket-binding name="ajp" port="8009" />
Record this value for use when you configure the redirector.
4. Define a dependency to allow the JBoss connector module to use JMX MBeans.
a. Expand the main directory and open the module.xml file.
modules
org
jboss

as
connector
main
b. Locate the dependencies element, and add the following module element:
<module name="org.jboss.as.jmx"/>
5. To allow the Teamcenter Web application to listen to nonloopback addresses,

configure JBoss using the information in the JBoss documentation:
https://docs.jboss.org/author/display/AS71/Management+tasks
Tip Check Command line parameters and Interfaces and ports in the JBoss
documentation.
6. If you require IPv6 support, open the standalone_conf script file in your JBoss
installation bin directory and add the following settings:
-Djava.net.preferIPv4Stack=false
-Djava.net.preferIPv6Addresses=false
7. Open a command shell and ensure you have defined the JAVA_HOME
environment variable, and set it to the location of your Java installation. The
Teamcenter Web application requires Java 1.7.
8. Start the server by typing standalone (standalone.sh on UNIX) -b host-name

in the command shell.
Note You must start the application server instance with the bind option
to enable connections from clients running on a host different from
the application server host. The simplest way to do this is to start the
server with the -b host-name option. Substitute the host name or IP
address of the local host for host-name. However, this has some security
implications.
For information about JBoss security, see the JBoss documentation at:
http://www.jboss.org/community/docs/DOC-12188
Note If the Web tier encounters errors obtaining JCA connections under peak
Install and configure the Tomcat ISAPI Redirector

You must install the Tomcat ISAPI Redirector and configure the Windows registry
for the redirector. If you are installing on a Windows Server 2008 host, you must
install the redirector as described in Install and configure the Tomcat ISAPI
Redirector on Windows Server 2008. You must also create the workers.properties
and uriworkermap.properties files for the redirector.

For additional information about the settings in these files, see the Tomcat
documentation:
http://tomcat.apache.org/connectors-doc/
1. Create a directory (for example, iis75-jboss7) for the redirector in a location
accessible to Microsoft IIS that contains the following directories:
• bin
• conf
• log
• wwwroot
2. Download the ISAPI Redirector from a mirror site for the Apache Tomcat Web
site:
http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/
Note • Only the DLL file (isapi_redirector–1.2.35 .dll or later version)
is required.
• Record the name and location of the Tomcat ISAPI Redirector

installation directory for later use.
• Download the 32-bit or 64-bit redirector as appropriate for your host.
3. Configure Windows registry settings on the host where IIS and ISAPI Redirector
are installed.
a. In the ISAPI Redirector installation directory, create a file with a .reg
extension. The name of this file is discretionary (isapi_redirector.reg is
recommended).
b. Add the following contents to the .reg file:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\
Jakarta Isapi Redirector\1.0]
"extension_uri"="/jakarta/isapi_redirect.dll"
"log_file"="D:\\iis75–jboss7\\logs\\jk_iis.log"
"log_level"="debug"
"worker_file"="D:\\iis75–jboss7\\workers.properties"
"worker_mount_file"="D:\\iis75–jboss7\\uriworkermap.properties"
"uri_select"="unparsed"
Siemens PLM Software recommends that you use debug for the log_level
entry when you initially configure the redirector to get all messages. You can
change this after you have tested your installation and determined that it is
working properly. The following table provides a brief description of these
entries:
Name Description
extension_uri Represents the IIS virtual directory including
the ISAPI Redirector file.
log_file Defines the name and location of the ISAPI
Redirector log file.
log_level Defines the level of debug messages written to
the ISAPI Redirector log file. Valid values are
debug, info, error, and emerg.

Name Description
worker_file Defines the location of the ISAPI redirector
worker.properties file.
worker_mount_file Defines the location of the ISAPI redirector
uriworkermap.properties file.
For more information about these registry settings, see the Apache Tomcat
Connector – Reference Guide:
http://tomcat.apache.org/connectors-doc/reference/iis.html
c. Change the following lines in the .reg file to reflect your directory settings:
A. For log_file, enter the location of the logs directory you created and the
name of the log file.
The log file itself is created later by the ISAPI Redirector.
B. For worker_file, enter a location for the worker definition file. It

is recommended that you create this file in the directory where you
installed the Tomcat ISAPI Redirector. You create this file later.
C. For the worker_mount_file, enter a location for the worker-URI map

file. You create this file later.
D. For the extension_uri, enter tomcat.
d. In the ISAPI Redirector installation directory, right-click the

isapi_redirector.reg file and choose Merge.
e. After receiving a confirmation message from Windows, check the

ISAPI Redirector settings using the Microsoft Registry Editor program
(regedit.exe) to ensure the registry settings are correct. For information
about using the Microsoft Registry Editor, see the Microsoft Windows online
help.
4. Create a text file with contents similar to the following:

# Define node1 (one node required for H_SE)
worker.list=node1
worker.node1.port=8009
worker.node1.host=host-name1
worker.node1.type=ajp13
The default port is 8009. If you changed this AJP port number in JBoss
configuration when you configured the Tomcat ISAPI Redirector, use that value.
The host-name value is the host where you run JBoss.
5. Save the file as workers.properties in the directory you defined for it in the
registry file.

# Send all /tc requests to node1
/tc/*=node1

Replace tc with the name of your Teamcenter Web application (tc by default).
This configures the redirector to forward all requests with the /tc/* signature to
node1.
7. Save the file as uriworkermap.properties. Save this file in the same directory
as the workers.properties file.
Install and configure the Tomcat ISAPI Redirector on Windows Server 2008
You must install the Tomcat ISAPI Redirector and configure the Windows
registry for the redirector. You must also create the workers.properties and
uriworkermap.properties files for the redirector.
documentation:
http://tomcat.apache.org/connectors-doc/
1. Create a directory (for example, iis75-jboss7) for the redirector in a location
accessible to Microsoft IIS that contains the following directories:
• bin
• conf
• log
• wwwroot
2. Download the ISAPI Redirector from a mirror site for the Apache Tomcat Web
site:
http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/
Note • For 64-bit operating systems, download the AMD 64-bit redirector
not the Itanium 64-bit redirector.
• Only the DLL (isapi_redirector-1.2.35 .dll or later version) file

is required.
• Record the name and location of the Tomcat ISAPI Redirector

installation directory for later use.
Rename the downloaded file to isapi_redirect.dll.
3. Configure Windows registry settings on the Windows Server 2008 host.

a. In the ISAPI Redirector installation directory, create a file with a .reg
recommended).
b. Add the following contents to the .reg file:

"log_file"="D:\\iis75–jboss7\\logs\\jk_iis.log"
"log_level"="debug"
"worker_file"="D:\\iis75–jboss7\\workers.properties"
"worker_mount_file"="D:\\iis75–jboss7\\uriworkermap.properties"
"uri_select"="unparsed"
Siemens PLM Software recommends that you use debug for the log_level
entry when you initially configure the redirector to get all messages. You can

change this after you have tested your installation and determined that it is
working properly. The following table provides a brief description of these
entries:
Name Description
worker.properties file.
uriworkermap.properties file.
uri_select Determines how the forwarded URI is handled.
Unparsed indicates the original request URI is
forwarded. Siemens PLM Software recommends
this option. Rewriting the URI and forwarding
the rewritten URI does not work correctly.
For more information about these registry settings, see the Apache Tomcat
Connector – Reference Guide:
http://tomcat.apache.org/connectors-doc/reference/iis.html
c. Change the following lines in the .reg file to reflect your directory settings:
A. For log_file, enter the location of the logs directory you created and the
name of the log file.
The log file itself is created later by the ISAPI Redirector.
B. For worker_file, enter a location for the worker definition file. Siemens
PLM Software recommends that you create this file in the directory
where you installed the Tomcat ISAPI Redirector. You create this file
later.
C. For the worker_mount_file, enter a location for the worker-URI map

file. You create this file later.
D. For the extension_uri, enter tomcat.
d. In the ISAPI Redirector installation directory, right-click the

e. After receiving a confirmation message from Windows, check the

help.


worker.list=node1
The default port is 8009. If you changed this AJP port number in JBoss
configuration when you configured the Tomcat ISAPI Redirector, use that value.
5. Save the file as workers.properties in the directory you defined for it in the
registry file.

/tc/*=node1
Replace tc with the name of your Teamcenter Web application (tc by default).
This configures the redirector to forward all requests with the /tc/* signature to
node1.
7. Save the file as uriworkermap.properties. Save this file in the same directory
as the workers.properties file.
Configure Microsoft Internet Information Services

If you are using a Windows Server 2008 host, perform the procedure described in
Configure Microsoft Internet Information Services on Windows Server 2008 instead
of this procedure.
1. Open the IIS Manager and choose Start→Administrative Tools→Internet
Information Services (IIS) Manager.
2. In the Connections pane, expand your computer name until you see Sites.
3. Add a new Web site for your deployment:

a. Right-click Sites and choose Add Web Site.
b. In the Add Web Site dialog box, type a name for the site in the Site name
box, for example, iis75-jboss75.
c. In the Physical path box, type or browse to the location of the wwroot
directory you created in Install and configure the Tomcat ISAPI Redirector
on Windows Server 2008.
d. In the Port box, type a value for the binding port, for example, 8028, and
click OK.
4. Add a virtual directory:

a. In the Connections pane, right-click your new site name and choose Add
Virtual Directory.

b. In the Alias box, type jakarta.
c. In the Physical path box, type the path or browse to the bin directory you
created in Install and configure the Tomcat ISAPI Redirector on Windows
Server 2008 and click OK.
5. Add an ISAPI filter:

a. Right-click Default Web Site and choose Properties.
b. Click the ISAPI Filters tab and click Add.
c. In the Filter name box, type tomcat.
d. In the Executable box, type isapi_redirector.dll or click Browse to navigate

to it, and click OK.
6. Add a Web service extension:

a. Click Web Service Extensions.
b. In the details pane, click Add a new Web service extension.
c. In the Extension name box, type tomcat.
d. Click Add.
e. In the Path to file box, type the path or click Browse to navigate to the
isapi_redirector.dll file, and click OK.
f. Select the Set extension status to Allowed check box and click OK.
Configure Microsoft Internet Information Services on Windows Server 2008

2. In the Connections pane, expand your computer name until you see Sites.
3. Add a new Web site for your deployment:

a. Right-click Sites and choose Add Web Site.
b. In the Add Web Site dialog box type a name for the site in the Site name
box, for example, iis75-jboss75.
c. In the Physical path box, type or browse to the location of the wwwroot
directory you created in Install and configure the Tomcat ISAPI Redirector
on Windows Server 2008.
d. In the Port box, type a value for the binding port, for example, 8028 .
e. Clear the Start Web site immediately check box and click OK.
4. Add a virtual directory:

a. In the Connections pane, right-click your new site name and choose Add
Virtual Directory.
b. In the Alias box, type jakarta.
c. In the Physical path box, type the path or browse to the bin directory you
created in Install and configure the Tomcat ISAPI Redirector on Windows
Server 2008 and click OK.
5. Configure a handler mapping:

a. In the Connections pane, select you new site name.
b. Right-click Handler Mappings and select Open Feature.
c. In the Handler Mappings pane, double-click ISAPI-dll.
d. In the Edit Module Mapping dialog box, type an asterisk (*) character in
the Request path box
e. Click the browse button next to the Executable box and browse to the
location of the isapi_redirector.dll file.
f. Click Request Restrictions and clear the Invoke handler only if request is
mapped to check box on the Mapping tab.
g. Click the Verbs tab and ensure the All verbs option is selected.
h. Click the Access tab, ensure the Execute option is selected, and click OK.
i. In the Connections pane, select you new site name and click Start in the
Actions pane (on the right side under Manage Web Site).
To access the Web site, enter a URL in the following format:

http://<host-name>:<port-number>/console/login/LoginForm.jsp
Deploy on WebSphere application server (H-SE)

This procedure deploys the Teamcenter Web tier application (EAR file bundling the
WAR file) on IBM WebSphere Application Server and configures IBM HTTP server
as the front-end Web server.
Deploy on WebSphere application server

You must set up the following WebSphere components for this configuration:
Note This sequence is recommended by the WebSphere Launchpad program. The
process assumes that you have separate hosts for the application server (host
A) and the Web server (host B). WebSphere provides installation wizards to
aid you in this process. The wizards are accessed from the launchpad.exe
application.
For more information, see the complete WebSphere documentation:

http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?

PAG=C11&SSN=12HFE0003463254433&TRL=TXT&WRD=WebSphere+
Application+Server+v8&PBL=&LST=ALL&RPP=10&submit=Go
1. Install the WebSphere application server on host A. Use the installation wizard
for WebSphere Application Server.
2. Install the IBM HTTP server with the required plug-in on host B. Use the
installation wizard for IBM HTTP Server. If using a different Web server, skip
this wizard and install the Web server per the vendors instructions on host B.
3. If using a previously installed IBM HTTP server or a different Web server,

install the Web server plug-in on host B. Use the installation wizard for Web
Server plug-ins.
4. Copy the configureWeb-server-name script file from the plugins-install-root/bin

directory on host B to the profiles-install-root/profile-name/bin directory on host
A.
5. In a command shell, run the configureWeb-server-name script. This creates a

Web server definition file for the integrated solutions console. You can now use
the console to manage the Web server.
6. Start the WebSphere application server.
7. Start the WebSphere integrated solutions console.

For more information about the console, see the WebSphere documentation.
8. Propagate the Web server plug-in file and configure the Web server to accept all
content.
For an IBM HTTP server:
Note For most other Web servers, you must manually apply the Web server
plug-in file to the Web server environment, However, It may be possible
to propagate some other Web server plug-in files in this manner.
• In the navigation tree, expand Servers and select Web servers.
• In the Web servers pane, click Propagate Plug-in.
• Expand Servers→Web Servers→Web-server-name→Plug-in properties.

Note If you have load-balanced clustered Web servers in your
configuration, you must update the plug-in configuration on each
Web server. You can also locate the plugin-cfg.xml file for your Web
server, manually set the AcceptAllContent value to true, and push
the change to the other Web servers.
For information about the IBM HTTP Web server configuration, see
the IBM documentation:
ftp://ftp.software.ibm.com/software/webserver/appserv
/library/v60/ihs_60.pdf
• Select AcceptAllContent from the Accept content for all requests list and
click OK.

9. In the navigation tree, expand Applications and click Install New Application.
10. In the Preparing for the application installation pane, type the path to, or
browse to, the location of the Teamcenter Web tier EAR file in the Full path box.
Select Prompt me only when additional information is required and click Next.
11. Accept the default Select installed options for enterprise applications and
modules and click Next.
12. In the Map modules to servers pane, if you have multiple server instances,
select the check boxes for all modules and map them to the same server instance.
Click Next again.
13. In the summary pane, click Finish. Wait for WebSphere to complete the
application deployment.
14. When WebSphere displays a message indicating the application deployed

successfully, scroll to the bottom of the page and click Manage Applications.
15. In the Enterprise Application pane, click the Teamcenter application name.
16. In the Configuration page, click the Teamcenter application name.
17. Click Manage Modules under Modules.
18. Click JETIResourceAdapter in the Module column.
19. Click Resource Adapter under Additional Properties.
20. Click J2C connection factories under Additional Properties.
21. Click com.teamcenter.jeti.resourceadapter.spi.IJetiConnectionFactory in the

Name column.
22. Type jca/enterprise-app-reg-id/Adapter in the JNDI name box and click Apply.
Note The value that was assigned to the Enterprise Application
Registration ID context parameter for the Teamcenter Web tier
application is what you enter for enterprise-app-reg-id in this step.
The default value is JETI. If you intend to deploy multiple EAR file
instances in the same WebSphere instance, this value must be different
for each deployment.
23. Click Connection pool properties under Additional Properties.
24. Type 500 in the Maximum connections box and 0 in the Minimum connections
box.
Note The Maximum connections value constrains the number of concurrently
executing tcserver requests. Each client has an executing request for
a small percentage of its duration. Therefore, this number can be
significantly smaller than the number of concurrent users or clients. If
the Web tier encounters errors obtaining JCA connections during peak
activity, increase the Maximum connections value.

25. Click Apply, scroll to the top of the page, and click Save.
Configure the HTTP Web server

1. Open the Teamcenter site_specific.properties file and modify the following
properties:
portalCommunicationTransport=http
HTTP_SERVER_1.URI=http://host-name:port-number/tc-name/webclient
Replace host-name and port-number with the WebSphere application server host
name and HTTP listening port number. Replace tc-name with your Teamcenter
Web application name; by default, this value is tc.
2. In the Integrated Solutions Console navigation tree, expand

Environment→Virtual Host and click default_host.
3. Click Host Aliases under Additional Properties and click New.
4. Type the Web server listening port number in the Port box and click OK.
5. In the navigation tree, expand Environment→Update global web server plug-in

configuration and click OK.
6. Propagate the plug-in configuration file to the Web server. The Web server
plug-in configuration service propagates the plugin-cfg.xml file automatically
for IBM HTTP server. For all other Web servers, propagate the plug-in
configuration file manually. For information about propagating the plug-in
configuration file, see the WebSphere application server documentation.
Note If the plug-in configuration service does not propagate the configuration
file properly for an IBM HTTP server, you must manually copy the file to
the Web server plug-in directory.
a. Copy the plugin-cfg.xml file from the profile-root/config/cells/

cell-name/nodes/web-server-name-node/servers/web-server-name directory
on the host where your WebSphere application server is installed.
b. Paste the file into the plugins-root/config/web-server-name directory on the

host where the Web server is installed.
c. Restart the Web server.
Provide isolation for multiple HTTP sessions

If you deploy multiple applications in the same application server instance, HTTP
session cookies may be overwritten by browsers connecting to different applications.
To avoid this, configure the application server to provide separate cookie paths:
1. Log on to the Integrated Solution Console, expand Applications in the navigation
tree, and click Enterprise Applications.
2. In the Enterprise Applications pane, click the Teamcenter application link.
3. Click Session Management under Web Modules Properties.

4. Click Override session Management under General Properties.
5. Click the Enable cookies link and type a slash (/) followed by the Teamcenter
Web application name. For example, if you use the default Web application
name, type /tc.
Deploy on WebLogic application server/Apache HTTP server (H-SE)

This procedure deploys one instance of the Teamcenter Web tier application (EAR
file) hosted on Oracle WebLogic (application) Server and configures an Apache HTTP
server that is used as the Web tier server.


Next.

Configure the Apache HTTP server

You must install the Apache HTTP server and configure it so that it can communicate
with the your Teamcenter application on the WebLogic application server.
1. Install the Apache HTTP server on a separate host from the WebLogic server
host.
For information for installing Apache HTTP server on a specific type of host, see
the Apache Web server documentation:
http://httpd.apache.org/docs/2.4/platform/
2. Install and configure the Apache HTTP server plug-in as described in the Oracle
WebLogic documentation:
http://docs.oracle.com/cd/E21764_01/web.1111/e14395/apache.htm#CDEGCBAC
Deploy on WebLogic application server/WebLogic Express server

(H-SE)
This procedure deploys one instance of the Teamcenter Web tier application (EAR
file) hosted on Oracle WebLogic (application) Server and one instance of the
Teamcenter proxy application (WAR file) hosted on a WebLogic Express (WLX) server.
In this configuration, WLX is used as the Web tier providing a JSP/servlet container
in a four-tier architecture supporting the Teamcenter enterprise application.




Next.
Deploy the Teamcenter proxy application

1. Generate the Teamcenter WebLogic proxy WAR file.
For information, see the Teamcenter server installation manual (for Windows
or UNIX/Linux).
2. Install WebLogic Express and create a domain for deploying the WebLogic proxy
WAR file.
3. Deploy the WebLogic proxy WAR file in WebLogic Express.

For information, see Deploying New Applications and Modules in the WebLogic
Express documentation.
Note Ensure your clients connect to the WebLogic Express host and port,
rather than the Web application server.
Deploy on WebLogic server/Internet Information Server (IIS) 7

You can use IIS 7 as your HTTP server on Windows 2008 servers in an H-SE
configuration. You must configure the WebLogic server proxy (WLS proxy) DLLs
in this configuration. You can choose to use either 32-bit DLLs or 64-bit DLLs.
This procedures uses the 32-bit DLLs.
For information about installing IIS7 on Windows 2008 servers, see the following
URL:
http://learn.iis.net/page.aspx/29/installing-iis7-on-windows-server-2008/




Next.
Configure Microsoft Internet Information Services 7

1. Copy the iisproxy.dll and iisforward.dll files available
in the WLSHOME\Server\plugin\win\32 or
WLSHOME\Server\plugin\win\x64 directory to the directory that you
want as your home folder for your IIS Web site. Change the directory security
properties to allow execute permission to its contents.

Note Ensure that you copy the DLL file from the 32 directory for 32-bit
operating systems or the x64 directory for 64-bit operating systems.
These are not interchangeable and cause errors if you copy the wrong
DLL file.

3. In the Connections pane, expand your computer name entry until you see Sites.
4. Create a new Web site with the home folder set to the directory that contains
the DLLs you copied in step 1:
a. Right-click Sites and choose Add a Web Site.
b. In the Add Web Site dialog box, type a name for your Web site in the Site
name box, for example, IISWLS, and click the browse button ( ) next to
the Physical path box.
c. In the Browse for Folder dialog box, browse to the directory that contains
the iisproxy.dll and iisforward.dll files and click OK.
d. In the Port box, type a unique port number, for example 8088, and click OK.
5. Add ISAPI Filters:

a. In the Connections pane, select your new Web site and double-click ISAPI
Filters in the Web site Home pane.
Note You may have to scroll down in the Home pane to access ISAPI
Filters.
b. Click Add in the Actions pane (on the right).
c. In the Add ISAPI Filter dialog box, type a name for the filter in the Filter
name box, for example, iisforward, and click the button next to the
Executable box.
d. In the Open dialog box, browse to the iisforward.dll file location, double-click
the file name, and click OK.

a. In the Connections pane, select your new Web site and double-click Handler
Mappings in the Web site Home pane.
b. In the right pane, click Add Script Map.
c. In the Add a Script Map dialog box, type *.wlforward in the Request path
box and click the button next to the Executable box.
d. Browse to the Web site’s home folder and select the iisproxy.dll file.
e. Type a name for the script map in the Name box, for example, iisproxy,
and click OK.

f. Click Yes in the Add a Script Map dialog box to allow the ISAPI extension.
7. Create an iisproxy.ini file in the directory that contains the DLLs. This file
must contain the following information:
WebLogicHost=dns-name-or-ip-address
WebLogicPort=listening-port-for-WLS
WlForwardPath=/tc-Web-application—name
Debug=ALL
DebugConfigInfo=ON
The WebLogicPort value is 7001 by default. The WlForwardPath value

points to the Web application that the proxy forwards to (tc is the default for the
Teamcenter Web application). If you want to forward to all Web applications,
set this value to /.
The debug values are optional and are set for debugging purposes. The default
log file for debug messages is C:\TEMP\wlproxy.log.
8. Restart IIS.
To access the Web site, enter a URL in the following format:

http://host-name:port-number/console/login/LoginForm.jsp
Clustered deployment with front-end HTTP server

Setting up an application server cluster can be a very complex process and can vary
depending on your particular hardware, performance requirements, or availability
requirements. The following instructions provide information specific to the
Teamcenter Web tier application. The application server documentation available
from the vendor provides the best source for the cluster set up process and is
referenced at several points in the following procedures.
Note If you intend to run two instances of an applications server on the
same host using a single EAR file (not typical), you must override the
TreeCacheTCP.xml file (if you are using TCP mode). To do this, change
the end_port value to allow bind port rollover. This is not required if you
are using multicast mode. For information about changing this setting, see
Override TreeCache settings.
Note Siemens PLM Software does not support clustered deployment of Teamcenter
Web applications on JBoss.
Override TreeCache settings

1. Use the jar command to extract the TreeCacheTCP.xml file from the
JETIServerAccessor.jar file inside the EAR file.
2. Locate the TCP element in the TreeCacheTCP.xml file and increase the
end_port parameter value by the number of application server instances you
are running on the host. For example:
<TCP start_port="26700"
end_port="26701"
sock_conn_timeout="2000"/>

This change allows the Teamcenter Web Application, when running on multiple
application server instances on the same host, to initialize the TreeCache by
binding to a vacant port within the designated range.
3. Copy the TreeCacheTCP.xml file into the startup class path of your application
servers as follows:
Note This is required to override this configuration file in the EAR file. You
must restart all servers instances involved after copying this file to the
indicated directories.
• For WebLogic, copy the file to the domain root directory. The domain root
is the directory where there can be multiple standalone application servers
or cluster members.
• For WebSphere, copy the file to the profile root directory. The profile root is
the directory where there can be multiple standalone application servers
or cluster members.
• For JBoss, copy the file to the bin directory of each server instance.
• For Oracle Application Server, copy the file to the home directory of each
application server instance, typically the install-root/j2ee/home directory.
Deploying on WebLogic application server/WebLogic Express Web

server (H-SE*)
This procedure:
• Deploys Teamcenter Web tier applications (EAR file bundling the WAR file)
on a Oracle WebLogic Server cluster.
• Configures WebLogic Express (WLX) server as the front-end Web tier server
for the cluster. In this configuration, WLX is used as the Web tier providing a
JSP/servlet container in a four-tier architecture supporting the Teamcenter
enterprise application.
• Deploys one instance of the Teamcenter proxy application (WAR file) hosted on
the WebLogic Express (WLX) server.
Note For the list of currently supported Web application servers and HTTP Web
servers for each operating system, see the Siemens PLM Software Global
Technical Access Center (GTAC).




Next.
Configure WebLogic Express as the front-end Web server for a cluster

WebLogic Express Server (WLX) is designed for deploying simple Web applications
and can be used as a Web tier in a four-tier Teamcenter environment.
1. Create the Teamcenter – Web Tier Proxy solution:
a. Launch the Web Application Manager (insweb).
b. Click Add to begin creating the Web application.
c. In the Add Web Application dialog box:

A. Type a name for the application in the Name box, for example, WebLogic
Cluster Proxy.
B. Accept the default value for Staging Location or enter a different

directory.
C. (Optional) Type a description of the application in Description box.

D. Click Advanced Web Application Options. Type a name for the

deployable file in the Deployable File Name box (alphanumeric
characters only) and clear the Automatically Build Deployable File
check box.
E. Make sure the Disk Locations for Install Images box includes the path to
the Web_tier directory on the Teamcenter software distribution image.
F. Click Solutions. In the Select Solutions dialog box, clear all preselected
solutions and select only the Teamcenter – Web Tier Proxy solution.
Note Do not change the default solution type (Thin Client) in the
Solution Type box.
d. Click OK.
Note The default context parameter values are acceptable.
e. Click OK to begin building the solution. The Web Application Manager

displays the status of the installation in the Progress dialog box. When the
installation is complete, click OK to close the Progress dialog box.
Note Do not exit the Web Application Manager.
2. Open the web.xml file in the staging-directory/webapp_root/WEB-INF directory

for the solution and comment the following lines:
<servlet>
<servlet-name>ProxyServlet</servlet-name>
<servlet-class>weblogic.servlet.proxy.HttpProxyServlet</servlet-class>
<init-param>
<param-name>redirectURL</param-name>
<param-value>localhost:7001</param-value>
</init-param>
<init-param>
<param-name>WebLogicHost</param-name>
<param-value>localhost</param-value>
</init-param>
<init-param>
<param-name>WebLogicPort</param-name>
<param-value>7001</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>ProxyServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
3. Modify web.xml to uncomment the following lines:


Replace <WeblogicClusterHost1>:<port1>|<WeblogicClusterHost1>
:<port2> with the host name and port number for each WebLogic server
participating in the cluster.
4. If the context root of the proxy WAR file does not match the context root of the
Teamcenter Web application:
a. Open the weblogic.xml file in this same directory.
b. Modify the following entry to match the context root Teamcenter Web
application (EAR file) deployed in the application server where the proxy
forwards requests:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE weblogic-web-app
PUBLIC "-//Oracle Systems, Inc.//DTD Web Application 8.1//EN"
"http://www.Oracle.com/servers/wls810/dtd/weblogic810-web-jar.dtd">

<weblogic-web-app>
<context-root>/tc</context-root>
</weblogic-web-app>
5. In the Web Application Manager, select the solution name and click Modify.
6. Click Generate Deployable File and click OK.

Note When the Web Application Manager finishes generating the deployable
file, you can exit the application.
7. Install WebLogic Express and create a domain for deploying the Teamcenter
proxy WAR file.
For information creating domains and deploying WAR files in WebLogic, see
the WebLogic server documentation:
http://www.oracle.com/technetwork/middleware/weblogic/
documentation/weblogic-server-096635.htmll
8. Deploy the Teamcenter – Web Tier Proxy file in WebLogic Express.

Note Ensure your clients connecting to the proxy Web application use the host and
port of the front-end server (WebLogic Express). Clients must not connect to
any of the Web application servers in the cluster.
Deploying on WebLogic server/Apache Web server (H-SE*)

This procedure:

• Deploys the Teamcenter Web tier application (EAR file bundling the WAR file)
on a Oracle WebLogic Server cluster.
• Configures Sun Java System Web Server running as the front-end HTTP listener
for the cluster.


Next.

Configure Apache HTTP (Web) server as the listener for a cluster

1. Install the Apache HTTP server on a separate host from the WebLogic server
host.
For information for installing Apache HTTP server on a specific type of host, see
the Apache Web server documentation:
http://httpd.apache.org/docs/2.4/platform/
2. Install and configure the Apache HTTP server plug-in as described in the Oracle
http://docs.oracle.com/cd/E21764_01/web.1111/e14395/apache.htm#CDEGCBAC
3. Configure the WebLogic Server cluster and deploy your Teamcenter Web
application to the cluster as described in the Using Clusters documentation in
the Oracle WebLogic System Administration documentation:
http://docs.oracle.com/cd/E21764_01/web.1111/e13709/toc.htm
Deploy WebSphere application server cluster with HTTP (Web) server

This configuration is basically the same as described in Deploy on WebSphere
application server (H-SE) with the additional requirement that you have the optional
WebSphere application server Deployment Manager.
1. Ensure the WebSphere application server, including the optional IBM HTTP
server or Sun Web server and its corresponding plug-in, and the optional
WebSphere application server deployment manager, are installed.
For more information, see the following topics in the WebSphere Application
Server documentation.
• Installing your application serving environment
• Balance workloads by clustering application servers
• Establishing high availability (HA) for failover
2. Perform the steps described in Deploy on WebSphere application server (H-SE).
3. Ensure the Teamcenter EAR file and all its modules are deployed to all cluster
instances.
4. Ensure the plug-in configuration file is propagated to all cluster members and
the HTTP server side.
Deploying clustered with front-end load-balanced HTTP servers

This configuration requires that you setup an H-SE deployment, as described in
Basic deployment with front-end HTTP (Web) server and then configure an external
load balancer for the HTTP (Web) servers to create a Web server farm. There are
various external load balancers available and each has to be configure according
to the vendors instructions. Therefore, Siemens PLM Software cannot provide

instructions for all possible configurations. You can use the Microsoft IIS load
balancing instructions as a guide.
Configure Microsoft IIS load balancing

This procedure provides instructions for configuring the network load balancing
mechanism provided with Microsoft IIS 6.0. Ensure that each host is self-sufficient
with resources duplicated on each one. The Teamcenter database, whether a single or
distributed database, must be on host separate from the Web and application servers.
Network load balancing (NLB) aids in the process of creating a farm. A farm is a
redundant cluster of several Web servers serving a single IP address. Each machine
can be configured to route the requests to the J2EE application server where your
Web tier is deployed. Each server in the cluster is fully self-contained, which means
it is able to function without requiring any other server in the cluster. If any machine
in the cluster is unavailable, NLB rebalances the incoming requests to the running
servers in the cluster. The servers in the cluster must be able to communicate with
each other to exchange information about their current processor and network load
and to determine when a server is unavailable. NLB can provide reasonably close to
1:1 performance improvement for each server added to the cluster.
NLB requires a minimum of two servers running Windows Server 2003. Each
server must have at least one network card (NIC) and a fixed IP address. For best
performance, Siemens PLM Software recommends you have two adapters in each
server; one mapped to the real IP address (dedicated IP) and one mapped to the
virtual IP address (cluster IP). NLB uses advanced networking features of network
adapters. Therefore, low end adapters, especially those for nonserver hosts, may not
support the required NDIS protocols.
1. Select an available IP address on the same class C network segment as the fixed
IP addresses for the virtual IP address.
2. On any server, start the Network Load Balancing Manager in one of these ways:
• Choose Start→Administrative Tools→Network Load Balancing Manager.
• At a command prompt, type NLBmgr.
3. In the Network Load Balancing Manager dialog box, right-click the Network
Load Balancing Clusters root node and choose New cluster.
4. Define the cluster parameters:

a. Type the virtual IP address you selected for the cluster in the IP address box.
b. Type a subnet mask in the Subnet mask box. You must use the same subnet
mask for all servers in the cluster.
Note The Full Internet name value is only for reference and is used
primarily for displaying the name of the server. However, if you have
a domain configured for the server you may use that domain name.
c. If your server has more than one network adapter, click Unicast for the
Cluster operation mode. If you are using a single adapter, Siemens PLM
Software recommends that you select Multicast to allow both the NLB traffic
and the native IP traffic to move through the same network adapter.

Note Multicast is slower than Unicast as both kinds of traffic must be

handled by the network adapter but it is the only way to remotely
configure all machines centrally for servers with one network
adapter.
d. Clear the Allow Remote Control check box and click Next.
Note If you need this functionality, enable it after you have the cluster
running.
5. Click Next in the Cluster IP addresses dialog box.
6. Define the standard port rules:

a. Click Add.
b. Select the All check box and type 80 in both the From and To boxes.
c. Click Both for Protocols.
d. Click Multiple hosts for Filtering mode and None for Affinity.
e. Click OK.
7. Define the secure port rules:

a. Click Add.
b. Select the All check box and type 443 in both the From and To boxes.
c. Click Both for Protocols.
d. Click Multiple hosts for Filtering mode and Single for Affinity.
e. Click OK.
8. Connect the master host as a node in the cluster:

a. Type the IP address of the host you want as the master in the Host box.
Note Node 1 is the master, which means that it receives requests and acts
as the routing manager. Although when the load is high on this
node, other machines may take over for the master.
b. Click Connect.
c. Click Next.
d. In the Host Parameters dialog box, select 1 from the Priority list.
Note Priority sets a unique ID for each node in the cluster. The lower the
number the higher the priority.
e. Click Finish.
The Network Load Balancing Manager configures your network adapter. The
network connection flashes on and off a few times during this configuration

process on the sever you are configuring as a host. When the configuration is
complete, the Status column displays Converged for the node.
9. In the Network Load Balancing Manager, right-click the cluster domain and
choose Connect.
10. Repeat step 8 until all nodes have been added to the cluster.

Chapter
3 Global Services Web application

deployment
Global Services Web application deployment . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Creating the Global Services tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Configuring application servers for Global Services . . . . . . . . . . . . . . . . . 3-3
Deploy the Global Services application . . . . . . . . . . . . . . . . . . . . . . . 3-4
Deploy on Websphere 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Deploy on WebLogic 12.1.1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Deploy on JBoss 7.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Configuring Data Exchange orchestration . . . . . . . . . . . . . . . . . . . . . . . . 3-13
Configure the application server for ODE . . . . . . . . . . . . . . . . . . . . . 3-13
Configure ODE to use an Oracle database . . . . . . . . . . . . . . . . . . . . . 3-15
Configuring Global Services for HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Configure the application server for SSL . . . . . . . . . . . . . . . . . . . . . . 3-16
Configuring File Management System for SSL . . . . . . . . . . . . . . . . . . 3-17
Generate a key store and private key . . . . . . . . . . . . . . . . . . . . . . 3-17
Obtain a signed certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18
Update the FSC and FMS configuration . . . . . . . . . . . . . . . . . . . 3-19
Configure Global Services application as a trusted client . . . . . . . . . . . 3-19
Install the Global Services signer certificate to Teamcenter rich
client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
Install the Global Services signer certificate to Teamcenter thin
client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
Configure the Teamcenter Enterprise Global Services end point
variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
Modify Teamcenter preferences for SSL . . . . . . . . . . . . . . . . . . . . . . . 3-21

Chapter
3 Global Services Web application

deployment
Global Services Web application deployment

Deploying Global Services requires that you have available information about the
database that Global Services uses as its datastore. If you are using a Teamcenter
database as your datastore, you must know the type of database prior to staring
the application deployment procedure. This information is determined during the
Teamcenter server installation process. If you are not using a Teamcenter database
as your datastore, you must create the Global Services required tables manually.
For information about manually creating your Global Services tables, see Creating
the Global Services tables.
Creating the Global Services tables

Global Services stores product configuration, connection configuration, SSO security,
and business object files in a data store. This data store must be accessible to
Global Services through a JDBC connection using JNDI. This connection is set up
in your application server and the steps required are specific to the application
server. In most cases, the setup requires creating a data source and a connection
pool. For specific information about creating a connection pool and data store, see
your application server and database documentation.
You can use Teamcenter Environment Manager (TEM) to create the Global Services
tables in Teamcenter during the server installation process. If you are not using
a Teamcenter database as your data store, you can create or upgrade the Global
Services required tables in your database using the scripts supplied in the database
specific directory of the Teamcenter 10.1 Global Services – Application Directory
solution staging location. These directories are located under:
webapp_root
database
Caution The Global Services tables are referenced by third-party software that
requires case-insensitive collation types. Therefore, if your database
server’s default collation is case insensitive, you must alter your Global
Services database to case-insensitive (CI) collation after you create it.
For information about configuring a database for CI collation, see the
comments in the database sql files.

Chapter 3 Global Services Web application deployment
Caution A datastore created by a Global Services instance deployed on a given

server must not be accessed by Global Services instances deployed
on a server that runs a different operating system. This is especially
important if there are text files in the datastore containing characters
other than US ASCII characters.
Record the database name and type; you must have this information during the
deployment procedure.
Teamcenter provides the following Global Services database scripts:
Note The script files contain comments that provide additional information about
their purpose and use.
Create scripts
File name Purpose

oracle_create_tcgs.sql Creates the Global Services tables in the
sqlserver_create_tcgs.sql indicated database that has not previously
db2_create_tcgs.sql contained Global Services table data.
hsqldb_create_tcgs.sql
oracle_drop_tcgs.sql Drops the Global Services tables from the
sqlserver_drop_tcgs.sql indicated database that has previously
hsqldb_drop_tcgs.sql contained Global Services table data so the
create script can be used to create an empty
data store. This allows the Global Services
application to install the initial content the
next time the application is accessed.
Upgrade scripts
File name Purpose

oracle_upgrade_tcgs_v20070.sql Upgrade from Teamcenter 2007 to the
sqlserver_upgrade_tcgs_v20070.sql current release
oracle_upgrade_tcgs_v20071.sql Upgrade from Teamcenter 2007.1 to the
oracle_upgrade_tcgs_v200711.sql Upgrade from Teamcenter 2007.1.1 to
the current release
the current release
the current release
the current release
the current release
the current release

File name Purpose

the current release
the current release
oracle_upgrade_tcgs_v80000.sql Upgrade from Teamcenter 8 to the
db2_upgrade_tcgs_v80003.sql Upgrade from Teamcenter 8.3 to the

oracle_upgrade_tcgs_v80003.sql
db2_upgrade_tcgs_v8000301.sql Upgrade from Teamcenter 8.3.0.1 to the
Configuring application servers for Global Services

Several tasks must be performed to configure the application server for
Global Services. Some of these tasks may require using the application server
administration tool. See your application server documentation for more specific
information about how to perform these tasks.
Global Services supports the IPv6 protocol. However, if want to install Global
Services in an environment that the supports IPv6 protocol, the application server
must be installed on a dual-stack server.
For information about supporting IPv6 and dual stack networks on you application
server host, see your Windows, UNIX, or Linux server documentation.
Perform the setup as described in the following topic for your application server:
• Deploy on Websphere 8
• Deploy on WebLogic 12.1.1.0
• Deploy on JBoss 7.1
After you deploy the Web tier application, as a minimum you must perform the
initial configuration, as described in the Global Services Configuration Guide, to
enable Global Services.
http://appserver-host:port-number/GS-app-context-root/controller/index
Replace appserver-host and port-number with the host name and port number the
application server uses. Replace GS-app-context-root with the context root the
application server uses for the Global Services Web tier application; this is usually
the EAR file name without the extension.

The data store is populated with the initial content the first time that you access
the Global Services Web tier application.
Deploy the Global Services application

The following provides information for deploying the Global Services EAR file. If you
are familiar with deploying applications on your application server, this information
may be sufficient to allow you to perform the installation. For more detailed
instructions, see the appropriate application server topic.
Note Global Services no longer supplies solutions (Gateway for Oracle
Manufacturing and Gateway for SAP) or Oracle Manufacturing or SAP
connectors. These are replaced by third-party integration products. These
products are available from GTAC in the Integrations section of Full Product
Releases file downloads. The documentation for installing, administering,
or configuring these integrations is included in the same location. You must
have a valid WebKey user name and password to access the integration
products.
1. Start the application server administration tool if your application server has
one.
Note If you are configuring Oracle application server 10g v10.1.2, type
–Xmx256 and dedicated connection=true in Java Options in your
OC4J instance’s Server Properties page.
2. Create a connection pool and a data source that uses it. Choose an appropriate
driver for your database. The following table provides suggested driver values.
Note It is recommended that you set the maximum connection pool size to
1000 to ensure enough connections are available for processing.
JDBC database Driver class Driver type Default port

DB2 COM.ibm.db2.jdbc.app.DB2Driver IBM Type 2 DB2 Driver 5000
MySQL org.gjt.mm.mysql.Driver MySQL Type 4 Driver 3306
Oracle oracle.jdbc.pool.OracleDriver Oracle Thin Driver 1521
SQL server com.microsoft.sqlserver.jdbc. Other 1433
SQLServerXADataSource
Provide user name and password values to connect to the database for a
database user with read and write access.
The ApplicationInstance context parameter determines the JNDI name for
the data store. This parameter value is defined when you build the Global
Services Web tier application and is used at the beginning of the JNDI name.
The JNDI name is GlobalServicesInstance1/jdbc/GlobalServicesDB if you
accept the default value for the context parameter.
Provide the URL the JDBC connection uses to connect to the database, for
example:
Oracle database:
jdbc:orcle:thin:@host-name:port-number:Oracle-SID

3. Create the following queues if you have included the Teamcenter 10.1 Global
Services - JMS Messaging solution in your Web application:
jms.actionDestination=javax/jms/action
jms.responseDestination=javax/jms/response
4. Deploy the enterprise application you generated as described in the

documentation for your application server.
Caution If you are deploying on a WebSphere application server, do not select
the Precompile JSP option. This causes the deployment to fail.
Deploy on Websphere 8
Note Do not enable application server security on the application server where
you deploy the Global Services Web application
1. Before you deploy the Global Services application (EAR) file, complete the
following:
a. Download the binary archive file from the Apache Tomcat site at the
following link:
http://tomcat.apache.org/download-70.cgi
b. Use an archive management tool, such as 7-Zip file manager, to extract the
servlet-api.jar file in the lib directory of the Tomcat archive file into a
directory accessible to the application server. Note the path to the file for
later use.
c. Open the Global Services Web application EAR file in 7-Zip file manager and
delete the EAR/lib/asix2-jaxws-1.4.jar file.
2. Start the WebSphere integrated solutions console and expand Servers→Server

Types in the navigation tree pane and click WebSphere application servers.
3. In the Application servers section, click the server name (server1 by default).
4. In the Application servers pane, expand Java and Process Management under
Server Infrastructure and click Process definition.
5. Click Java Virtual Machine under Additional Properties.
6. Type the following parameters in the Generic JVM arguments box:

-Dorg.apache.ode.rootDir = full-path-to-Ode-working-directory
-Dcom.ibm.websphere.webservices.DisableIBMJAXWSEngine=true
7. Type the full path and filename for each of the following files, delimited by
semicolons, into the Classpath box.
Note The path to the servlet-api.jar file was noted in a previous step. This
must be the last entry in the Classpath property. The other files are
located in the WEB_ROOT/staging-directory/earapp_root/lib directory.
commons-io-1.4.jar

commons-fileupload-1.2.jar
woden-api-1.0M8.jar
commons-codec-1.3.jar
commons-httpclient-3.1.jar
commons-logging-1.1.1.jar
log4j-1.2.15.jar
servlet-api.jar
8. Click OK, Save , and restart the application server.
9. Deploy the ODE Web applications as described in Configure the application

server for ODE.
10. Configure the deployed ODE Web application:

a. Click the deployed ODE Web application and click Manage Modules under
the Modules section in the Enterprise Applications pane.
b. Click Apache-Axis2 in the Module column.
c. Choose Classes loaded with local class loader first (parent last) from
the Class loader order list.
11. Configure the axis2 properties in Global Services.

a. Set the axis2.max.connections property value in the
globalservices.properties file to a positive numeric value
approximately three times the expected number of concurrent connections to
ODE from Global Services.
Tip You can start with a low two-digit number if you do not expect
a large number of transfer requests. If you experience time-out
exceptions, increase the value.
You can set properties by manually editing in the
globalservices.properties file in the Global Services datastore or
using the Global Services Web Manager interface.
For information about managing the Global Services datastore, see the
Global Services Configuration Guide.
b. (Optional) Set the ode-axis2.db.pool.max property in the

globalservices.properties file. This property is associated with the
axis2.max.connections property and is set to 20 by default. If you expect
a large number of concurrent connections to ODE or experience time-out
exceptions, increase the value.
c. Restart the application server.
Deploy on WebLogic 12.1.1.0

For online help for the WebLogic server administration console, see the WebLogic
server documentation.

2. In the left pane of the console, click Deployments.
4. Navigate to the location of the Global Services EAR and click Next.
5. Continue to click Next until you reach the pane that asks if you want to
immediately update the application configuration.
6. Select No and click Finish.

In the Deployments page, WebLogic displays the Global Services enterprise
application.
7. In the Domain Structure tree, expand Services and Domain, then select Data
Sources.
8. In the Summary of Data Sources pane, click New.
9. Enter the following for the data source properties and click Next:
Name Type a name that identifies the data source.

This name is used in the configuration file
(config.xml) to identify this data source in the
administration console.
JNDI Name Type the JNDI name defined by the
ApplicationInstance context parameter when
you built the Web tier application. The JNDI
name is GlobalServicesInstance1/jdbc/
GlobalServicesDB if you accept the default
value for the context parameter.
Database Type Select the Teamcenter database type if you are
using it for your data store. If you created your
gs_runtime_resources table manually, select
that database type.
Database Driver Select the driver that corresponds to the type
of database you are using for your data store.
See the table in Deploy the Global Services
application for a list of suggested drivers.
10. Ensure Supports Global Transactions is selected, select One-Phase Commit,

and click Next.
11. Enter the following for the connection pool properties and click Next:
Database Name Type the SID of the Teamcenter database defined

during the Teamcenter server installation process.
If you created your gs_runtime_resources table
manually, type the name of the database where
you created the table.
Host Name Type the DNS name or IP address of the server
that hosts the database.

Port Type the port number on which the database

server listens for connection requests.
Database User Name Type the database user account name that you
want to use for each connection in the data source.
Properties If you are using a MySQL database, type the
autoReconnect property with the value set to
true, for example:
autoReconnect=true
Password and Confirm Type the password for the database user account.
Password
Note It is recommended that you set the maximum connection pool size to
1000 to ensure enough connections are available for processing.
12. Review the connection parameters and click Test Configuration. If there are
any configuration errors, go back and correct them. If the test is successful,
click Next.
13. Select the servers or clusters on which you want to deploy the data source and
click Finish.
14. If you installed the Teamcenter 10.1 Global Services - JMS Messaging solution,
you must create the required queues.
Note You can use any JMS provider that you desire. You can also create a
separate JMS server or JMS module to contain your queues.
For more information, see the WebLogic Server Administration Console
Help.
a. In the administration console, expand Services and Messaging and click

JMS Modules.
b. In the JMS Modules page, click the desired module name and click New in
the Summary of Resources table.
c. Choose Queue for the type of resource and click Next.
d. In the Create a New JMS System Module page, type javax/jms/action in

the JNDI Name box and click Finish.
Note You can provide a queue name if you do not want to use the default
provided.
e. Repeat this process (step 14) using javax/jms/response for the JNDI Name
value.
Note Not all changes take effect immediately. For information, see the WebLogic
documentation.

Deploy on JBoss 7.1

1. Add an administrative user in the management realm:
a. Open a command shell and ensure that the JAVA_HOME and
JBOSS_HOME environment variables are set.
b. Change to the bin directory of JBOSS_HOME and type the following

command:
add-user
The JBoss add-user utility displays prompts for the type of user, realm, user
name, and password. The utility displays default values for user type and
realm in parentheses. Press Enter to accept the default values for user type
and realm (Management User and ManagementRealm).
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a):
Note the user name and password values you enter.
2. Open the standalone.xml file in the following location:
JBOSS_HOME
standalone
configuration
Locate the following entry:

<subsystem xmlns="urn:jboss:domain:ee:1.0"/>
Replace this entry with:

<global-modules>
</global-modules>
</subsystem>
Locate the following entry:

<subsystem xmlns="urn:jboss:domain:naming:1.1"/>
Replace this entry with:

<subsystem xmlns="urn:jboss:domain:naming:1.1">
<bindings>
<lookup name="TcGSBOSBox"
lookup="java:global/tcgs/coreEJBs/BOSBoxBean!com.teamcenter._
globalservices.bos.BOSBoxHome"/>
<lookup name="ejb/JETI/Gateway"
lookup="java:global/tc/JETIGateway-ejb/Gateway!com.teamcenter.
jeti.ejb.GatewayHome"/>
<lookup name="TcGSTeamcenterSOABox"
lookup="java:global/tcgs/teamcenterSOAConnectorEJBs/
TeamcenterSoaBoxBean!com.teamcenter.globalservices.connection.ConnectionBoxHome"/>
<lookup name="TcGSJDBCBox"
lookup="java:global/tcgs/coreEJBs/JDBCBoxBean!com.teamcenter.
globalservices.connection.ConnectionBoxHome"/>
<lookup name="TcGSDORepositoryBox"
lookup="java:global/tcgs/coreEJBs/DataObjectRepositoryBoxBean!com.
teamcenter.globalservices.connection.ConnectionBoxHome"/>
<lookup name="TcGSNotifierReactor"
lookup="java:global/tcgs/coreEJBs/NotifierReactorBean!com.
teamcenter._globalservices.reactor.notifier.NotifierReactorHome"/>
<lookup name="TcGSEntBox"
lookup="java:global/tcgs/tcentEJBs/TcEntBoxBean!com.teamcenter.
globalservices.connection.ConnectionBoxHome"/>
</bindings>

</subsystem>
For development and testing purposes, you can make the JBoss management
console accessible to remote hosts by editing the inet-address element:
<interface name="management">
<inet-address value="${jboss.bind.address.management:0.0.0.0}"/>
</interface>
Warning Allowing remote access to the JBoss management console is a

security risk. Use this configuration only during development and
testing.
3. If you are deploying the Teamcenter 10.1 Global Services Framework - Ode
BPEL Enterprise Application solution for any reason:
a. Using an archive file management tool, such as 7-Zip File Manager, expand
the ODE archive (tcgs-ode.EAR in the following example) file and remove
the Persistence.xml file from the META–INF locations:
tcgs-ode.EAR
tcgs-ode.WAR
WEB-INF
lib
ode-dao-jpa-1.3.5.jar
META-INF
ode-bpel-store-1.3.5.jar
META-INF
b. Open the standalone startup batch file or shell script in the following
location:
JBOSS_HOME
bin
standalone
Add the following entry prior to the JBoss bootstrap environment section:
set JAVA_OPTS=”-Dorg.apache.ode.rootDir=full path to
ode-working-dir” %JAVA_OPTS%
echo =============================================================
echo.
echo JBoss Bootstrap Environment
4. Define the JDBC data source:

a. Create a directory structure that contains a main directory as its
most subordinate child directory under the modules directory of the
JBOSS_HOME location, for example:
JBOSS_HOME
modules

foo
myjdbcdriver
main
You can use any valid directory name for the foo and myjdbcdriver
directories.
b. Copy the database drive file or files to the main directory.
c. Create a module.xml file in the main directory that contains the following:
<module xmlns="urn:jboss:module:1.0" name="directory-structure">
<resources>
<resource-root path="driver-file-name"/>
</resources>
<dependencies>
<module name="javax.api"/>
</dependencies>
</module>
For the name attribute (directory-structure) value, type the directory

structure you created without the main directory. Use periods for the path
separator, for example:
<module xmlns="urn:jboss:module:1.0" name="foo.myjdbcdriver">
For the path attribute (driver-file-name) value, type the database driver file
name. For example, for an Oracle database:
<resource-root path="ojdbc6.jar"/>
d. Open the standalone.xml file that you edited in step 2, locate the drivers
element, and add a driver element as child to the element:
<subsystem xmlns="urn:jboss:domain:datasources:1.0">
<datasources>
<drivers>
.
.
.
<driver name="driver-name" module="directory-structure">
<datasource-class>driver-class-name</datasource-class>
</driver>
</drivers>
Type any unique value for the name (driver-name) attribute value and for
the module (directory-structure) attribute value, type the same value you
used for the name attribute in module.xml file. Type the driver class name
in the data-source-class element, for example:
oracle.jdbc.driver.OracleDriver
e. Locate the datasource element, and add a datasource element as child

to the element:
<subsystem xmlns="urn:jboss:domain:datasources:1.0">
<datasources>
.
.
.
<datasource jndi-name="java:/data-source-JNDI-name"
pool-name="GMS_DS" enabled="true"
use-java-context="false">
<connection-url>driver-URL</connection-url>
<driver>driver-name</driver>

<security>
<user-name>datasource-username</user-name>
<password>datasource-password</password>
</security>
</datasource>
</datasources>
Type the data source JNDI name for the jndi-name (data-source-JNDI-name)
attribute value. This value must have a java:/ prefix.
Type the URL of the JDBC connection for the database for the
connection-url (driver-URL) element value. For example, for an Oracle
database connection:
jdbc:orcle:thin:@host-name:port-number:Oracle-SID
Type the driver class name in the data-source-class element, for example:
oracle.jdbc.driver.OracleDriver
Type the user name used to connect to the database in the user-name
element and the password associated with that user in the password
element.
5. Deploy the EAR file:
a. Open the JBoss console in a browser on the host where JBoss is running:
http://localhost:9990/console
b. Log on, click Runtime in the top right corner, and click Manage Deployments
in the left pane.
Note You may have to click Deployments in the left pane to expose
Manage Deployments.
c. Click Add Content in the Deployments pane and click Browse in the Upload
dialog box.
d. Navigate to the location of the Global Services Web application EAR file
(tcgs.ear by default) and click Open.
e. After JBoss finishes deploying the application, click the application’s Enable
button in the Deployments pane.
You must start the JBoss application server instance with the bind option to enable
connections from clients running on a host different from the application server
host. The simplest way to do this is to start the server with the -b myhost option.
Substitute the host name or IP address of the local host for myhost, for example:
standalone -b 0.0.0.0
However, this has some security implications.

For information about JBoss security, see the JBoss documentation:
http://community.jboss.org/wiki/SecureJBoss

Configuring Data Exchange orchestration

Global Services uses the standard Apache Orchestration Director Engine (ODE) for
business processing execution language (BPEL) functionality. The ODE is set up by
default to use the built in Derby database for its event tracking. You must perform
the following tasks to set up ODE for Data Exchange and to use the Teamcenter
Oracle database for BPEL event tracking.
Configure the application server for ODE

When the Teamcenter 10.1 Global Services Framework - Ode BPEL enterprise
application solution is required, you must perform the following steps:
Note Create the Teamcenter 10.1 Global Services Framework - Ode BPEL
enterprise application solution before performing these steps and perform
these steps prior to deploying your Web application. When you create
the Web application, you must enter values for the TCGS_WS_URL
and TCGS_ODE_URL context parameters. These values must
match the values you supply for the globalservices.webservices.url
and globalservices.ode.url properties respectively, in the
globalservices.properties file.
It is recommended that you set the maximum connection pool size to 1000 to
ensure enough connections are available for processing.
1. Create an ODE working directory that is accessible to the application server. For
example, on a UNIX system, create the /mnt/disk1/ode-working-dir directory.
2. Copy the contents of the ode-working-dir directory located in the

WEB_ROOT\staging-directory\earapp_root directory.
3. Deploy the Web application as described in the topic for your application server.
4. Modify the application server Java start options for your application server:
• For WebSphere application servers:
a. Log on to the WebSphere Integrated Solutions Console and expand
Servers in the left pane.
b. Select Application servers and select the server where you deployed the
Global Services Web application.
c. Click the Configuration tab, and in the Server Infrastructure section,

expand Java and Process Management and select Process Definition.
d. In the Additional Properties section, select Java Virtual Machine.
e. Locate the Generic JVM arguments box and add the following argument
at the end of its contents:
-Dorg.apache.ode.rootDir=complete-path-to-ode-working-dir
-Dcom.ibm.websphere.webservices.DisableIBMJAXWSEngine=true
complete-path-to-ode-working-dir represents the path to the directory

you created in step 1.

Note You may also define this property in your application server’s
user-defined properties.
f. Download the globalservices.properties file from the Global Services

data store, update the properties as follows, and upload the file to the
data store:
Note The globalservices.context.root property defined in previous
releases of Global Services is no longer supported.
Property Value
globalservices.webservices. Specifies the URL of the Global

url Services Web services WAR file
within the Global Services Ode BPEL
enterprise application, for example:
globalservices.webservices.url =
http://localhost:8080/tcgs-ws
This is used by services that must

send HTTP SOAP requests to other
web services.
globalservices.ode.url Specifies the URL to the Global
Services Ode BPEL enterprise
application, for example:
globalservices.ode.url =
http://localhost:8080/tcgs-ode
This is used by services that must

send HTTP SOAP requests to BPEL
processes.
For information about managing the Global Services data store, see the
Global Services Configuration Guide.
• For WebLogic application servers:

a. Use an archive management tool, such as 7-Zip File Manager, to copy the
xercesImpl-2.9.0.jar file from the Global Services Web application EAR
file (tcgs.ear by default) to the ODE.WAR/WEB-IND/Lib location in
the ODE Web application EAR file (ode.ear by default).
b. Add the following JVM argument to the application server startup

command.
-Dorg.apache.ode.rootDir=complete-path-to-ode-working-dir
complete-path-to-ode-working-dir represents the path to the directory

you created in step 1.
c. Redeploy the ODE Web application.

Configure ODE to use an Oracle database

The Apache Orchestration Director Engine (ODE) uses the built-in Apache Derby
database by default for its event tracking. When you install the Global Services
Framework feature on your Teamcenter server, you also get Oracle tables required
for ODE event tracking. The following steps are required to change ODE to use
the Oracle tables:
Caution If you use the Apache Derby database, you may encounter concurrency
problems.
1. Check the default settings in the ode-axis2.properties file. For most setups, no
changes are required. The comments in the file provide information about the
settings. Change settings as required.
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
## ODE-AXIS2 Configuraiton Properties
## http://ode.apache.org/index.html
### ode-axis2.db.mode
## Database Mode ("INTERNAL", "EXTERNAL", "EMBEDDED")
## What kind of database should ODE use?
## * "EXTERNAL" - ODE will use an app-server provided database and pool.
## The "ode-axis2.db.ext.dataSource" property will need to
## be set.
## Ode also supports:
## * "EMBEDDED" - ODE will create its own embbeded database (Derby)
## and connection pool (Minerva).
## * "INTERNAL" - ODE will create its own connection pool for a user-
## specified JDBC URL and driver.
##
### ode-axis2.db.ext.dataSource
## External Database [JNDI Name]
## JNDI Name of the DataSource for the ODE database. This is only
## used if the "ode-axis2.db.mode" property is set to "EXTERNAL"
##
### ode-axis2.dao.factory
## DAO Connection Factory class.
## This property is used to enable Hibernate as the JPA implementation.
## Hibernate Configuraiton Properties
## See http://www.hibernate.org/docs.html
###hibernate.dialect
## The classname of a Hibernate org.hibernate.dialect.Dialect
## which allows Hibernate to generate SQL optimized for a particular
## relational database. If you leave this setting blank, Hibernate
## will actually attempt to choose the correct org.hibernate.dialect.Dialect
## implementation based on the JDBC metadata returned by the JDBC driver.
## Example settings:
## RDBMS Dialect
## DB2 org.hibernate.dialect.DB2Dialect
## Oracle (any version) org.hibernate.dialect.OracleDialect
## Oracle 9i org.hibernate.dialect.Oracle9iDialect
## Oracle 10g org.hibernate.dialect.Oracle10gDialect
## Microsoft SQL Server org.hibernate.dialect.SQLServerDialect
##
###hibernate.hbm2ddl.auto
## Automatically validates or exports schema DDL to the database when the
## SessionFactory is created. With create-drop, the database schema will
## be dropped when the SessionFactory is closed explicitly.
##
###hibernate.current_session_context_class
## Supply a custom strategy for the scoping of the "current" Session.
## See Section 2.5 of Hibernate manual, “Contextual sessions” for more
## information about the built-in strategies.
## e.g. jta | thread | managed | custom.Class
##

###hibernate.transaction.manager_lookup_class
## e.g. classname.of.TransactionManagerLookup
## The classname of a TransactionManagerLookup. Examples:
## org.hibernate.transaction.JBossTransactionManagerLookup JBoss
## org.hibernate.transaction.WeblogicTransactionManagerLookup Weblogic
## org.hibernate.transaction.WebSphereTransactionManagerLookup WebSphere
## org.hibernate.transaction.WebSphereExtendedJTATransactionLookup WebSphere 6
## Default settings
ode-axis2.db.mode=EXTERNAL
ode-axis2.db.ext.dataSource=GlobalServicesInstance1/jdbc/GlobalServicesDB
ode-axis2.dao.factory=org.apache.ode.daohib.bpel.BpelDAOConnectionFactoryImpl
#hibernate.hbm2ddl.auto=update
hibernate.current_session_context_class=jta
#hibernate.transaction.manager_lookup_class=
#hibernate.dialect=
2. For WebSphere application servers, copy the wsdl4j-1.6.2.jar file from

the WEB_ROOT/staging-directory/earapp_root/lib directory to the
WAS_HOME/AppServer/java/jre/lib/ext directory
WAS_HOME is the WebSphere installation directory.
Configuring Global Services for HTTPS

You can configure one-way secure socket layer (SSL) communication for your
Teamcenter Global Services transfers. The configuration required includes:
• Configuring the application server
• Configuring File Management System (FMS) to use SSL
• Installing the Global Services signer certificate to the Teamcenter rich client
• Installing the Global Services signer certificate to the Teamcenter thin client
• Modifying the Teamcenter Enterprise configuration variables for SSL
• Modifying the Teamcenter preferences for SSL
Configure the application server for SSL

You must configure the application server where you have the Global Services Web
application deployed for SSL. Any other application server that contains Teamcenter
Web products that are communicating with Global Services must also be configured
for SSL. In general, you perform the following configuration in the application server:
• Create a key store
The key store is normally Java key store (JKS) type. You must have the path
to, and file name of, the key store file.
• Import/identify the certificate authority file to the application server

The application server must have access to certificate authority (CA) file you
will use for your SSL communications.
• Configure SSL listening port

You must set the SSL port number for your application server default value.

Note For WebSphere application servers, you must enable the States Federal
Information Standard (FIPS) algorithms. The Use the United States Federal
Information Standard (FIPS) algorithms option is located under Security |
SSL certificate and key Management section in the WebSphere integrated
solutions console.
Instructions for enabling secure socket layer (SSL) on an application server are
provided in the application server documentation.
See Deploy the Global Services application for additional information about
application server SSL configuration.
Configuring File Management System for SSL

You must configure File Management System (FMS) to use a purchased vendor
certificate authority that is supported by standard distributions of the Java runtime
environment. The following variables are used in these procedures:
key store-file Represents the key store file name. This file is conforms to
the Java-based storage standard with public and private keys
that are stored in an encrypted key store. Individual keys
and certificates within this cryptographic storage can have
individual password protection.
key store-password Represents the password required to manage the key store.
FSC-myhost Represents an alias name for the certificate. The certificate is
bound to the host so use a name that indicates the FSC host.
This is a similar naming convention to the FSC configuration
file name (FSC_host-name_user-name).
FSC-myhost Represents the certificate alias password. This password is
-password required to retrieve the certificate.
FSC-myhost .csr Represents the certificate signing request (CSR) file name.
This file requires a .csr extension. This file contains the
certificate signing request information that you send to the
signing authority.
FSC-myhost .cer Represents the certificate file name. This is the file returned
by the signing authority and should have a .cer file extension.
Generate a key store and private key

1. From a command prompt, go to the FSC_HOME directory.
2. Type the following command and prompt replies to create a key store:
keytool -genkey -key store key store-file -keyalg RSA -alias FSC-myhost
Enter key store password: key store-password
What is your first and last name?
[Unknown]: myhost.mydomain.com
What is the name of your organizational unit?
[Unknown]: mycompany
What is the name of your organization?
[Unknown]: mycompany
What is the name of your City or Locality?
[Unknown]: mycity
What is the name of your State or Province?
[Unknown]: mystate

What is the two-letter country code for this unit?

[Unknown]: my
Is CN=myhost.mydomain.com, OU=mycompany, O=mycompany, L=mycity, ST=mystate,
C=my correct?
[no]: yes
Enter key password for <FSC-myhost>

(RETURN if same as key store password): FSC-myhost-password
3. Verify the key entry by typing the following command and prompt replies:
keytool -list -key store key store-file
key store type: jks
key store provider: SUN
The command output should be similar to:

Your key store contains 1 entry
fsc-myhost, Nov 8, 2007, keyEntry,
Certificate fingerprint (MD5): 59:B6:2D:38:24:16:45:1B:47:2A:E9:06:55:80:B3:C6
4. Back up the key store file to a secure location. The private key is stored in this
file and is unrecoverable if the file or passwords are lost.
Obtain a signed certificate
You must create a certificate signing request (CSR) and submit it to a certificate
authority (CA) to receive the signed certificate. The process of submitting the CSR
and receiving the signed certificate from the CA varies by signing authority.
1. Generate a CSR from the private key by typing the following command and
prompt replies in your FSC_HOME directory:
keytool -certreq -key store key store-file -alias FSC-myhost -file
FSC-myhost.csr
Enter key password for <FSC-myhost> FSC-myhost-password
2. Open the fsc-myhost.csr file and verify the contents are similar to the following:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBtjCCAR8CAQAwdjELMAkGA1UEBhMCbXkxEDAOBgNVBAgTB215c3RhdGUxDzANBgNVBAcTBm15
Y2l0eTESMBAGA1UEChMJbXljb21wYW55MRIwEAYDVQQLEwlteWNvbXBhbnkxHDAaBgNVBAmTE215
aG9zdC5teWRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ0h3iF8KBEN2UKw
hw1dw+RlxGwcsptLA3EI+6rAKa32dg/4FY89zBcUG02413X0BxQWcsRznYWFDJHLK4En7I2xeJNs
ORwJfBeF9yW6d4lzaWA6LATFr5T3DHafF6mSRNPl+739mpGuQr44AXBQWqZoOMhecc+n/ErekMlZ
dgWTAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQCQJTqujL7GIXz0is0fUoAxtCydMiX1BeVHU+l/
IqcTh4BX8V3vJmm+kHwwKn3yeih+WJzYmDdNh/uaKxO7txyFdPPDd1bdIosFc4XIZwys0jFKwGqf
MUjB9wgaKgHSRQTtCOPBEO/ClLjm8ocFNQBWysYVevAZQAmEMp90BxBt/Q==
-----END NEW CERTIFICATE REQUEST-----
3. Submit the CSR file to the certificate signing authority and receive the signed
certificate using the process defined by the signing authority.
4. Import the signed certificate into the FSC server by typing the following
command and prompt replies in your FSC_HOME directory:
keytool -import -trustcacerts -key store key
store—file -file FSC-myhost.cer -alias FSC-myhost
Enter key password for <FSC-myhost> FSC-myhost-password

Update the FSC and FMS configuration

1. Configure the FSC key store by specifying the following properties in the
fsc.$FSCID.properties file in your FSC_HOME directory:
com.teamcenter.fms.servercache.key store.file=key store-file
com.teamcenter.fms.servercache.key store.password=key store-password
com.teamcenter.fms.servercache.key
store.ssl.certificate.password=FSC-myhost-password
2. Configure the FMS master file for SSL through the following as required:
• Update the existing HTTP connection
• Add an additional connection
• Assign clients to particular connections
3. Modify any of the following bootstrap configuration values to use the new scheme
(or port) as required:
• Any <fscmaster address=" “/> values in fsc.xml files
• Any <parenfscr address=" “/> values in fcc.xml files
• The Fms_BootStrap_Urls preference
For an example one-way SSL FSC and FMS configuration, see Configuring Global
Services for HTTPS.
Configure Global Services application as a trusted client

This process depends on the application server you are using for your Global Services
Web application. Similar process to the ones provided for WebSphere and WebLogic
is required for the other supported application servers.
For WebSphere:
1. Log on to the Integrated Solutions Console and navigate to the Key stores and
certificates section (Security→SSL certificate and key management→Key
stores and certificates).
2. Select the key stores that you create for the Global Services Web application
certificate and for the File Management System (FMS) certificate and click
Exchange Signers.
3. Select the FMS key store and add it as a signer for the Global Services Web
application.
For WebLogic:
1. Open a command shell and navigate to the Java Runtime Environment (JRE) for
your WebLogic domain where you Global Services Web application is deployed.
2. Import the FMS certificate to the Java cacerts key store using the Java keytool
-import utility.

Install the Global Services signer certificate to Teamcenter rich client

1. Open a command shell and navigate to:
TC_ROOT
portal
jre
lib
security
2. Import the certificate using the Java keytool -import utility, for example:
keytool -import –alias myprivateroot –keystore ..\lib\security\cacerts
–file c:\root.cer
3. Use the keytool utility to verify the security certificate was added to the portal
key store, for example:
keytool –list –keystore ..\lib\security\cacerts
The rich client is configured as a trusted client. Try a transfer between sites
using the rich client to verify the configuration.
Install the Global Services signer certificate to Teamcenter thin client

You must import the certificate for the Global Services Web application into the
internet browsers that you use to access your Teamcenter thin client. This process
varies by browser and operating system. The following procedures are for the
currently supported Firefox and Internet Explorer versions on Windows but can be
used as a guide for other browsers and operating systems.
For Firefox:
1. Choose Tools→Options and click Advanced.
2. Click View Certificates and click the Your Certificates tab.
3. Click Import and navigate to the certificate file and click Open. Type the
certificate’s pass phase when prompted and click OK.
For Internet Explorer:

1. Choose Tools→Internet Options and click the Content tab.
2. Click Certificates and click the Personal tab.
3. Click Import and follow the wizard instructions to install the certificate. Select
the High Security option to prevent Internet Explorer from saving your pass
phrase.
Configure the Teamcenter Enterprise Global Services end point variable

1. In the Teamcenter Enterprise Administration Editor choose GMS Configuration.
2. In the GMS Configuration pane, type the https URL for the Global Services
application as the value for Teamcenter Global Services URL and click Finish.
Alternatively, you can edit the GS_END_POINT value in the config.cfg file.

Note Secure Socket Layer (SSL) communication with Global Services is not
supported in Teamcenter Enterprise 2005SR1 release.
Modify Teamcenter preferences for SSL

Note It is recommended that you configure Global Services for HTTP
communications and verify it is functional before switching to SSL.
1. In the Organization application, select the node of the remote site definition
from the Organization List tree.
2. Modify the value in the TcGS URL box to the HTTPS URL for the Global
Services Web application and click Modify.
3. Select the node of the local site definition from the Organization List tree.
4. Modify the value in the TcGS URL box to the HTTPS URL for the Global
Services Web application and click Modify.
5. Choose Edit→Options and click Search in the Options dialog box.
6. Search for TC_gms and modify the values for the following preferences as
indicated:
Preference Value
TC_gms_server HTTPS URL of your Global Services Web
application.
TC_gms_server_ca_file File name of the trusted CA certificates in
PEM format.
Note You can omit setting the value for the
TC_gms_server_ca_path preference
if you include the full path the file in
this preference.
TC_gms_server_ca_path Path to the trusted CA certificates file.
TC_gms_sso_enabled FALSE
Note SSO does not support HTTPS
communications.
7. Locate the Web_protocol preference and change its value to https://.

Appendix
A Teamcenter client communication

system and proxy server
configuration
Teamcenter client communication system and proxy server configuration . . . . A-1
Reverse proxy servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
Enabling File Management System (FMS) URL path extensions . . . . . . . . . . . A-4
FMS server cache (FSC) SSL client credentials (two-way SSL) . . . . . . . . . . . . A-4
File Management System (FMS), reverse proxy, and two-way SSL configuration
details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
Basic File Management System (FMS) configuration . . . . . . . . . . . . . . . . A-5
Configuration element details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
FCS configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7
Configuration file content – bootstrap references . . . . . . . . . . . . . . . . A-8
One-way SSL configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8
Configuration element details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9
FSC configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9
Configuration file changes – bootstrap references . . . . . . . . . . . . . . . A-10
New configuration files – property and keystore files . . . . . . . . . . . . A-10
Configuring two-way SSL between FMS server caches (FSCs) . . . . . . . . . A-11
Configuration element details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-12
FSC configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-12
Configuration file changes – bootstrap references . . . . . . . . . . . . . . . A-13
Configuration file changes–property and keystore files . . . . . . . . . . . A-13
Configuring Kerberos authentication on the Web tier . . . . . . . . . . . . . . . . . . A-15

Configure IIS reverse proxy for Security Services login service . . . . . . . . A-15
Configure JBoss 5.10 ISAPI with IIS 7 for Security Services login
service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-17

Appendix
A Teamcenter client communication

system and proxy server
configuration
Teamcenter client communication system and proxy server

configuration
Note Teamcenter currently supports IBM WebSEAL and CA SiteMinder
commercial single sign-on (SSO) products for reverse proxy servers. Security
Services is required when using these reverse proxy servers.
For more information, see Security Services Installation/Customization.
Teamcenter provides the Teamcenter client communication system (TCCS)

application that contains the TcProxyClient component to support forward
and reverse proxy servers. This component detects form-based and 401-based
challenges from reserve proxy servers. It uses the criteria defined in the
reverseproxy_config.xml file to identify form-based challenges from a reverse
proxy and uses the Apache HTTP client library to detect 401-based challenges. If
the reverseproxy_config.xml file is not available, the component uses default
criteria defined for the type of reverse proxy server (only WebSEAL is supported
if the configuration file does not exist).
For information about TCCS configuration files, see the System Administration
Guide.
The following figure shows the TCCS architecture.
PLM00015 J Web Application Deployment Guide A-1

Appendix A Teamcenter client communication system and proxy server configuration
Teamcenter client communication system architecture

The TcServerProxy (TSP) manages HTTP communications for Teamcenter
server (tcserver) requests. It accepts client requests over secured pipes using a
proprietary protocol and submits the requests over HTTP to the Web tier endpoint.
You can use the tspstat utility to administer and obtain runtime statistics from the
TcServerProxy component.
The FMS client cache (FCC) runs within the TCCS container. The TCCS application
is started when you start the FCC (startfcc command). The FCC accepts client
requests over secure pipe connections and submits them to the appropriate FMS
server cache (FSC) process. The FCC uses the TcProxyClient component and
forward proxy configuration to support forward and reverse proxy servers. Hooks
to the java.net package are used to integrate the forward proxy library and the
Jakarta Commons HTTP state into the java.net processing.
The Teamcenter model event manager (TcMEM) component manages event
synchronization across SOA clients sharing the same Teamcenter server instance.
For form-based challenges, the TcProxyClient component examines the response
for content type. For a 200 response, if the content type is not text/html the
component does no further processing.
When the TcProxyClient component detects a challenge from a reverse
proxy server, it passes the URL for the reverse proxy server to Teamcenter
Security Services which returns a cookie corresponding to a valid session for
A-2 Web Application Deployment Guide PLM00015 J

Teamcenter client communication system and proxy server configuration
the reverse proxy. The cookie patterns for the proxy servers are defined in the
tcsso_rp_cookienamepattern context parameter during the TCCS installation
process as part of the Security Services configuration.
The TcProxyClient component also supports one-way and two-way SSL using
smart card client certificate or soft client-certificate authentication. Client-certificate
authentication is more secure than any of the other supported forms of
authentication. A client certificate can be either of the following:
• A smart card containing a certificate that complies with the PKCS#11 standard.
Smart-card authentication is an example of two-factor authentication (2FA).
Two-factor authentication requires the presentation of something the user knows
and something the user has.
Note Smart-card authentication is supported only for a 32-bit Java Runtime
Environment (JRE). It is not supported for a 64-bit JRE.
• A file containing a certificate that complies with PKCS#12 standard. Commonly

used file extensions are .p12, .pfx, and .jks. Teamcenter supports soft
certificates for both 32- and 64-bit JREs.
Teamcenter client communication system (TCCS) supports client-certificate

authentication for the rich client, Client for Office, Lifecycle Visualization,
stand-alone Electronic Design Automation (EDA), Solid Edge, and NX applications.
You can configure the server to display a notice and consent logon banner when a user
connects to a Teamcenter client using smart card or soft certificate authentication.
Teamcenter displays the notice defined by the banner.txt file in the login service
WAR file. This file is located in the root folder of the Login Service WAR file. If the
banner.txt file is empty or contains only whitespace characters, Teamcenter does
not display the notice. The consent to log on dialog box provides a cancel button. If
the user clicks Cancel, the connection to Teamcenter is prohibited.
For more information, see the Security Services Installation/Customization guide
and the Teamcenter server installation guides (for Windows and UNIX/Linux).
The pattern is defined as a case-insensitive string that can contain wildcard
characters (*) for matching one or more characters at their position in the string.
The literal * character can be include by preceding it with the backslash (\) escape
character. You can include a wildcard at the beginning or end of the string or both.
The following examples are valid patterns:
*string
string*
*string*
stri\*ng
You can also include a wildcard character within a string, for example:
*coo*kie
co*ok*ie
For more information about cookies and TCCS, see Security Services
Installation/Customization.
For information about managing and configuring TCCS, see the System

Reverse proxy servers

Teamcenter client communication system (TCCS) supports form-based challenge
from reverse proxy servers:
• IBM WebSEAL
• CA SiteMinder
Enabling File Management System (FMS) URL path extensions

FMS URL path extensions are always enabled. The configuration elements that
require additional path information can include:
• parentfsc address in the fcc.xml file.
This value can be only entered from the fcc_only installer. No other FCC
installer supports this; therefore, the fcc.xml file must be modified manually.
• fscmaster address in the fsc.xml file.
• multisite fsc addresses in the fmsmaster.xml file.
• Fms_BootStrap_Urls preference values.

Note The /tc/fms/fmsenterpriseid path extension is not configurable. Reverse
proxies must be configured to map to this path extension.
FMS server cache (FSC) SSL client credentials (two-way SSL)

FMS SSL configuration is not fully supported by the installers. Additional steps are
required to generate certificates and configure the FSC property and keystore files.
Two-way SSL configuration can be enabled only after first successfully configuring
for SSL.
Caution The password specified for the
com.teamcenter.fms.servercache.keystore.password
property and the
com.teamcenter.fms.servercache.keystore.ssl.certificate.password
property must be identical. These properties are contained in the
fsc.properties files.
Note The com.teamcenter.fms.allowuntrustedcertificates property cannot be

used with two-way SSL. This property can only be used for trusting one-way
SSL self-signed certificates.
Additional configuration steps for enabling two-way SSL

The following additional steps are required to configure two-way SSL:
1. Modify the fmsmaster FSC address and/or the connection element to add
the following value:
<fsc id=”FSC_fscmidzone_infodba”

address=”https://fscmidzone.yourcompany.com:4544
options=”needclientauth”>
or
<connection id=”another2waySSLconn”
protocol=”https” port=”4545”
options=”needclientauth”/>
2. Uncomment or add the following properties in the fsc.properties file to point to

the existing keystore that was created to support the initial SSL configuration:
javax.net.ssl.keyStore=${FMS_HOME}/keystore
javax.net.ssl.keyStorePassword=keystorepassword
javax.net.ssl.trustStore=${FMS_HOME}/keystore
javax.net.ssl.trustStorePassword=keystorepassword
3. Add trusted certificates to the keystore that can validate the clients that are
allowed to connect.
Note The trusted certification from the CA, for example the thawte premium
server CA certificate, is required in addition to the client certificate.
File Management System (FMS), reverse proxy, and two-way SSL

configuration details
This section describes how to configure an FMS system with the following
characteristics:
• All client traffic is directed to a reverse proxy server.
• All client traffic uses one-way SSL.
• Several logical and/or physical zones exist behind the reverse proxy. These are
separated by firewalls.
• Reverse proxy sends traffic to an FMS Server Cache (FSC) located within the
same zone (using one-way SSL).
• Another FSC in another zone hosts the real volumes.
• FSC-to-FSC communication across the zones requires two-way SSL.
Basic File Management System (FMS) configuration

This example describes the basic FMS server caches (FSCs), groups, and client maps.
The target configuration consists of two FSCs behind a reverse proxy server. All
clients are in front of the reverse proxy.
There are three zones in this example:
• Client zone
All clients are on one side of the reverse proxy server. All communication is
routed through the reverse proxy to the backend servers. The only resource the
clients communicate with is the reverse proxy server.

• Middle zone
The location of the reverse proxy, Web tier, first FSC, and LDAP.
• Resource zone
The second FSC, volumes, and Oracle.
The following fmsmaster_FSC_fscmidzone_infodba.xml file is the master

configuration file used in this example.
<!DOCTYPE fmsworld SYSTEM "fmsmasterconfig.dtd">
<fmsworld>
<fmsenterprise id="471539747">
<fscgroup id="midzone">

<fsc id="FSC_fscmidzone_infodba"
address="http://fscmidzone.yourcompany.com:4544" />

<fsc id="FSC_reverseproxy_infodba"
address="http://reverseproxy.yourcompany.com:80" />

<clientmap subnet="127.0.0.1" mask="0.0.0.0">
<assignedfsc fscid="FSC_proxy_infodba" />
</clientmap>
</fscgroup>
<fscgroup id="reszone">

<fsc id="FSC_fscreszone_infodba"
address="http://fscreszone.yourcompany.com:4544">
<volume id="139747566d871c1b2023"
root="/mnt/disk1/tcapps/tceng2005sr1mp5/TC_VOL/volume1" />
<transientvolume id="ce8399515feada2dee4c3e79b955d8ba"
root="/tmp/transientVolume_tceng2005sr1mp5_infodba" />
</fsc>
</fscgroup>
</fmsenterprise>
</fmsworld>
Configuration element details
Element Definition
fscgroup Describes either a group of FSCs on a LAN or a network of
FSCs that have defined entry and exit FSCs. This configuration
is simple because there is only one real FSC in each group;
therefore, declared entries and exits are not required.
There are two defined fscgroups:
midzone Represents the middle zone.
reszone Represents the resource zone.

Element Definition
FSC The FSC for each zone is defined within the groups and one FSC
is defined to represent the reverse proxy server, as follows:
FSC_fscmidzone_infodba The FSC in the middle tier acts
as a cache and performs the role
of an FSC configuration master.
This means it serves the master
configuration file.
FSC_fscreszone_infodba The FSC in the resource tier
mounts the volume and it is
a configuration slave to the
FSC_fscmidzone_infodba FSC.
FSC_proxy_infodba This FSC represents the reverse
proxy server. It is required so
that the clientmap elements
can point to the FSC (address)
for assignment. Clients should
be assigned to the reverse proxy
address, not to any of the real
FSC servers.
clientmap Clients are to be mapped to a single FSC (WebSEAL or
SiteMinder); therefore, only a single comprehensive clientmap
that assigns all clients to the reverse proxy is required.
There are no volumes in the assigned group; therefore, you do not
have to turn off direct routing to prevent the FCC from attempting
to reach FSCs hosting volumes directly within the group.
FCS configuration files

The following configuration files are associated with the real FSCs:
• FSC_fscmidzone_infodba
The FSC that is the FMS configuration master.
o $FSC_HOME/fmsmaster_FSC_fscmidzone_infodba.xml
Master FMS configuration file. For more information, see Configuration
element details, earlier in this appendix.
o $FSC_HOME/FSC_fscmidzone_infodba.xml
FSC configuration file that specifies the fscid and master/slave state.
• FSC_fscreszone_infodba
o $FSC_HOME/fmsmaster_FSC_fscreszone_infodba.xml
Local copy of the master FMS configuration file.
o $FSC_HOME/FSC_fscreszone_infodba.xml

Configuration file content – bootstrap references

Bootstrap references must be changed to point to the reverse proxy (FSC) rather
than to any of the real backend FSCs.
You must also add the default URL context to all of the bootstrap references in
the site context form:
protocol://host[:port]/tc/fms/fmsenterpriseid
$FMS_HOME/fcc.xml
<parentfsc
address="http://reverseproxy.yourcompany.com:80/tc/fms/471539747"/>
...
...
$FSC_HOME/FSC_fscmidzone_infodba.xml
...
<fscmaster serves="true"/>
...
$FSC_HOME/FSC_fscreszone_infodba.xml
This is the slave fsc.xml file that points to the master FSC. This is on the same
side of the reverse proxy; therefore, a direct reference is used here.
...
<fscmaster serves="false"
address="http://fscmidzone.yourcompany.com:4544/tc/fms/471539747"/>
...
Fms_BootStrap_Urls preference
This value is used to bootstrap other FMS client integrations. The value must
be appropriate for clients outside of the WebSEAL or SiteMinder reverse proxy;
therefore, it points to the reverse proxy.
For example, for a WebSEAL reverse proxy:
http://webseal.yourcompany.com:80/tc/fms/471539747
For example, for a SiteMinder reverse proxy:

http://siteminder.yourcompany.com:80/tc/fms/471539747
One-way SSL configuration

This section describes how to configure one-way SSL between the clients, the reverse
proxy, and the FSC servers.
Note This example uses purchased certificates.

<fmsworld>

address="https://fscmidzone.yourcompany.com:4544" />

<fsc id="FSC_webseal_infodba"
address="https://reverseproxy.yourcompany.com:443" />


<assignedfsc fscid="FSC_proxy_infodba" />
</clientmap>
</fscgroup>

address="https://fscreszone.yourcompany.com:4544">
<volume id="139747566d871c1b2023"
root="/mnt/disk1/tcapps/tceng2005sr1mp5/TC_VOL/volume1" />
root="/tmp/transientVolume_tceng2005sr1mp5_infodba" />
</fsc>
</fscgroup>
</fmsenterprise>
</fmsworld>
Element Definition
FSC The addresses defined for the FSCs specify https. This causes
the listener to be configured for SSL. The port on the FSC
representing the reverse proxy is changed to use 443 rather than
80.
FSC configuration files

Specifies the FMS configuration master.
The master FMS configuration file.
o $FSC_HOME/fsc.FSC_fscmidzone_infodba.properties
Additional properties for this FSC used to configure the keystore.
o $FSC_HOME/keystore.FSC_fscmidzone_infodba.jks
Keystore for this FSC.
Specifies the FMS configuration slave.
o $FSC_HOME/fsc.FSC_fscreszone_infodba.properties

o $FSC_HOME/keystore.FSC_fscreszone_infodba.jks
The keystore for this FSC.
Configuration file changes – bootstrap references

Bootstrap references must be changed to use the new port on the reverse proxy
(FSC) and to configure the keystores.
$FMS_HOME/fcc.xml
...
<parentfsc address="https://reverseproxy.yourcompany.com:443/tc/fms/471539747"/>
...
Fms_BootStrap_Urls preference
This value is used to bootstrap other FMS client integrations. The value must
be appropriate for clients outside of the WebSEAL or SiteMinder reverse proxy;
therefore, it points to the reverse proxy.
For example, for WebSEAL:
http://webseal.yourcompany.com:443/tc/fms/471539747
For example, for SiteMinder:

http://siteminder.yourcompany.com:443/tc/fms/471539747
New configuration files – property and keystore files

Note Only use $FMS_HOME, not $FSC_HOME, in FMS configuration files.
Always use UNIX-style path separators (/).
$FSC_HOME/fsc.FSC_fscmidzone_infodba.properties
The property file used to configure the keystore.
# fsc.FSC_fscmidzone_infodba.properties
com.teamcenter.fms.servercache.keystore.file=$<FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks
com.teamcenter.fms.servercache.keystore.password=keystore.FSC_fscmidzone_infodba.password
com.teamcenter.fms.servercache.keystore.ssl.certificate.password=keystore.FSC_fscmidzone_infodba.password
# these are not needed for 1-way SSL
# javax.net.ssl.keyStore=$<FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks
# javax.net.ssl.keyStorePassword=keystore.FSC_fscmidzone_infodba.password
# javax.net.ssl.trustStore=$<FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks
# javax.net.ssl.trustStorePassword=keystore.FSC_fscmidzone_infodba.password
$FSC_HOME/keystore.FSC_fscmidzone_infodba
The keystore for this FSC. The keystore must contain the private key and
certificate for the local machine.
fscmidzone> keytool -list -v -keystore keystore.FSC_fscmidzone_infodba.jks
-storepass keystore.FSC_fscmidzone_infodba.password
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entries
Alias name: fscmidzone.yourcompany.com
Creation date: Jan 23, 2008
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=fscmidzone.yourcompany.com, OU=QA, O=YOUR Corp, L=Plano, ST=Texas, C=US
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services
Division,
O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 485099dcc36d1ea9d773ba153022a951
Valid from: Thu Jan 10 16:44:38 CST 2008 until: Thu Mar 27 13:20:25 CDT 2008 Certificate fingerprints:
MD5: 86:7E:16:59:99:E6:6F:B6:27:9B:92:19:E7:65:EB:A2
SHA1: 6A:D1:64:7A:0A:E1:CB:62:D3:EF:91:BF:E9:A0:CE:AF:A3:3D:E4:1E
Certificate[2]:

Owner: [email protected], CN=Thawte Premium Server CA, OU=Certification Services

Division,
O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Division,
O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 1
Valid from: Wed Jul 31 19:00:00 CDT 1996 until: Thu Dec 31 17:59:59 CST 2020 Certificate fingerprints:
MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
SHA1: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
*******************************************
*******************************************
$FSC_HOME/fsc.FSC_fscreszone_infodba.properties
# fsc.FSC_fscreszone_infodba.properties
com.teamcenter.fms.servercache.keystore.file=$<FMS_HOME}/keystore.FSC_fscreszone_infodba.jks
com.teamcenter.fms.servercache.keystore.password=keystore.FSC_fscreszone_infodba.password
com.teamcenter.fms.servercache.keystore.ssl.certificate.password=keystore.FSC_fscreszone_infodba.password
# javax.net.ssl.keyStore=$<FMS_HOME}/keystore.FSC_fscreszone_infodba.jks
# javax.net.ssl.keyStorePassword=keystore.FSC_fscreszone_infodba.password
# javax.net.ssl.trustStore=$<FMS_HOME}/keystore.FSC_fscreszone_infodba.jks
# javax.net.ssl.trustStorePassword=keystore.FSC_fscreszone_infodba.password
$FSC_HOME/keystore.FSC_fscreszone_infodba
certificate for the local machine.
fscreszone> keytool -list -v -keystore keystore.FSC_fscreszone_infodba.jks
-storepass keystore.FSC_fscreszone_infodba.password
Keystore type: jks
Alias name: fscreszone.yourcompany.com
Certificate[1]:
Owner: CN=fscreszone.yourcompany.com, OU=QA, O=YOUR Corp, L=Plano, ST=Texas, C=US
Division,
MD5: 86:7E:16:59:99:E6:6F:B6:27:9B:92:19:E7:65:EB:A2
Certificate[2]:
Division,
Division,
MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
*******************************************
*******************************************
Configuring two-way SSL between FMS server caches (FSCs)

Building on the one-way SSL configuration example, this section describes how
two-way SSL is configured exclusively for FSC to FSC traffic.
<fmsworld>


address="https://fscmidzone.yourcompany.com:4545"
options="needclientauth">

<connection id="1waysslcon" protocol="https" port="4544"/>
</fsc>

<fsc id="FSC_webseal_infodba"
address="https://reverse_proxy.yourcompany.com:443"/>

<assignedfsc fscid="FSC_fscmidzone_infodba"
connectionid="1waysslcon"/>
</clientmap>

<assignedfsc fscid="FSC_proxy_infodba"/>
</clientmap>
</fscgroup>

address="https://fscreszone.yourcompany.com:4545"
options="needclientauth">
<volume id="139747566d871c1b2023"
root="/mnt/disk1/tcapps/tceng2005sr1mp5/TC_VOL/volume1"/>
root="/tmp/transientVolume_tceng2005sr1mp5_infodba"/>
</fsc>
</fscgroup>
</fmsenterprise>
</fmsworld>
Element Definition
FSC The FSC elements specify options=”needclientauth”.
This causes the default connection to require a two-way SSL
handshake.
The default connection is defined in the address attribute of the
fsc element. In this example, the port number is changed to 4545.
connection A new connection element is added (using the original SSL
port number 4544) to the FSC_fscmidzone_infodba FSC to
continue to support the one-way SSL connection that reverse
proxy is configured to use.
clientmap There is an additional clientmap element to map clients that
are already inside the midzone to the one-way SSL connection of
the midzone FSC. (The Teamcenter Engineering Data Integration
Services Adapter is one such client.)
FSC configuration files

Specifies the FMS configuration master.
Master FMS configuration file.

o $FSC_HOME/fsc.FSC_fscmidzone_infodba.properties
o $FSC_HOME/keystore.FSC_fscmidzone_infodba.jks
Specifies the FMS configuration slave.
o $FSC_HOME/fsc.FSC_fscreszone_infodba.properties
o $FSC_HOME/keystore.FSC_fscreszone_infodba.jks
Configuration file changes – bootstrap references

None of the bootstrap references change; they continue to point to the reverse
proxy HTTPS address.
Configuration file changes–property and keystore files

Note Only use $FMS_HOME, not $FSC_HOME in FMS configuration files.
Always use UNIX-style path separators (/).
$FSC_HOME/fsc.FSC_fscmidzone_infodba.properties
Property file used to configure the keystore.
# fsc.FSC_fscmidzone_infodba.properties
com.teamcenter.fms.servercache.keystore.file=${FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks
com.teamcenter.fms.servercache.keystore.password=keystore.FSC_fscmidzone_infodba.password
com.teamcenter.fms.servercache.keystore.ssl.certificate.password=keystore.FSC_fscmidzone_infodba.password
javax.net.ssl.keyStore=${FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks
javax.net.ssl.keyStorePassword=keystore.FSC_fscmidzone_infodba.password
javax.net.ssl.trustStore=${FMS_HOME}/keystore.FSC_fscmidzone_infodba.jks
javax.net.ssl.trustStorePassword=keystore.FSC_fscmidzone_infodba.password
$FSC_HOME/keystore.FSC_fscmidzone_infodba
The keystore for this FSC. The keystore just contain the private key and
certificate for the local machine and it must also contain the trusted (CA)
certificate for any clients you want to accept.
Note You can optionally import individual certificates for each client rather
than importing the signer certificate.

fscmidzone> keytool -list -v -keystore keystore.FSC_fscmidzone_infodba.jks

-storepass keystore.FSC_fscmidzone_infodba.password
Keystore type: jks
Alias name: fscmidzone.yourcompany.com
Certificate[1]:
Owner: CN=fscmidzone.yourcompany.com, OU=QA, O=YOUR Corp, L=Plano, ST=Texas, C=US
Division,
MD5: 86:7E:16:59:99:E6:6F:B6:27:9B:92:19:E7:65:EB:A2
Certificate[2]:
Division,
Division,
MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
*******************************************
*******************************************
Alias name: thawte premium server ca
Creation date: Feb 20, 2008
Entry type: trustedCertEntry
Division,
Division,
MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
*******************************************
*******************************************
$FSC_HOME/fsc.FSC_fscreszone_infodba.properties
# fsc.FSC_fscreszone_infodba.properties
com.teamcenter.fms.servercache.keystore.file=${FMS_HOME}/keystore.FSC_fscreszone_infodba.jks
com.teamcenter.fms.servercache.keystore.password=keystore.FSC_fscreszone_infodba.password
com.teamcenter.fms.servercache.keystore.ssl.certificate.password=keystore.FSC_fscreszone_infodba.password
javax.net.ssl.keyStore=${FMS_HOME}/keystore.FSC_fscreszone_infodba.jks
javax.net.ssl.keyStorePassword=keystore.FSC_fscreszone_infodba.password
javax.net.ssl.trustStore=${FMS_HOME}/keystore.FSC_fscreszone_infodba.jks
javax.net.ssl.trustStorePassword=keystore.FSC_fscreszone_infodba.password
$FSC_HOME/keystore.FSC_fscreszone_infodba
certificate for the local machine, and it must also contain the trusted (CA)
certificate for any clients you want to accept.
Note You can optionally import individual certificates for each client rather
than importing the signer certificate.

fscreszone> keytool -list -v -keystore keystore.FSC_fscreszone_infodba.jks

-storepass keystore.FSC_fscreszone_infodba.password
Keystore type: jks
Alias name: fscreszone.yourcompany.com
Certificate[1]:
Owner: CN=fscreszone.yourcompany.com, OU=QA, O=YOUR Corp, L=Plano, ST=Texas, C=US
Division,
MD5: 86:7E:16:59:99:E6:6F:B6:27:9B:92:19:E7:65:EB:A2
Certificate[2]:
Division,
Division,
MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
*******************************************
*******************************************
Alias name: thawte premium server ca
Creation date: Feb 20, 2008
Entry type: trustedCertEntry
Division,
Division,
MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
*******************************************
*******************************************
Configuring Kerberos authentication on the Web tier

You must configure Microsoft Internet Information Services (IIS) and the application
server that you are using to enable Kerberos authentications.
Configure IIS reverse proxy for Security Services login service

You must have Microsoft Internet Information Services (IIS) installed (IIS 7 for
Windows Server 2008 or IIS 7.5 for Windows Server 2008 R2).
1. Copy the iisproxy.dll and iisforward.dll files available
in the WebLogic_Home\Server\plugin\win\32 or
WLSHOME\Server\plugin\win\x64 directory to the directory that you
want as your home folder for your IIS Web site. This can be any directory
accessible to IIS.
Note Ensure that you copy the DLL file from the 32 directory for 32-bit
operating systems or the x64 directory for 64-bit operating systems.
These are not interchangeable and cause errors if you copy the wrong
DLL file.
2. To open the IIS Manager, choose Start→Administrative Tools→Internet


3. In the navigation tree, expand your host name entry until you see Sites.
4. Create a new Web site with the home folder set to the directory that contains
the DLLs you copied in step 1:
b. In the Add Web Site dialog box, type a name for your new Web site in the
Site Name box, for example IIS7_WebLogic103, and click the browse button
( ) next to the Physical path box.
c. In the Browse for Folder dialog box, browse to the directory that contains
the iisproxy.dll and iisforward.dll files and click OK.
d. In the Port box, type a unique port number (for example, 8088) and click OK.
5. Configure the Web site application pool:

a. In the navigation tree, click Application Pools.
b. Under Application Pools, right-click your Web site name and choose
Advanced Settings.
c. In the Advanced Settings dialog box, select True for Enable 32-Bit
Applications.
6. Configure the Web site authentication:

a. In the navigation tree, select your Web site name and double-click
Authentication under the IIS section.
b. In the Authentication pane, select Disabled for Anonymous Authentication.
c. Select Enabled for Windows Authentication. This is the 401 negotiate

setting.
d. Under Actions in the right pane, click Providers and ensure Negotiate and
NTLM are in the Enabled Providers box. If they are not, select them from
the Available Providers list and click Add.
Note This configures IIS to attempt to authenticate using Kerberos and
fall back to NTLM if Kerberos authentication is unsuccessful. Do
not select Negotiate:Kerberos as this prevents fall back NTLM
authentication.
e. Under Actions in the right pane, click Advanced Settings and ensure
Enable Kernel-mode authentication is selected.
7. Configure the Web site ISAPI filters:

a. In the navigation tree, click your Web site name and double-click ISAPI
Filters in the IIS section.
b. In the right pane, click Add under Actions.

c. In the Add ISAPI Filter dialog box, type IISForward in the Filter name box,
browse to the iisforward.dll file in the Executable box, and click OK.

a. In the navigation tree, click your Web site name and double-click Handler
Mappings in the IIS section.
b. In the right pane, click Add Script Map under Actions.
c. In the Add a Script Map dialog box, type *.wlforward in the Request path
box, browse to the iisproxy.dll file in the Executable box type IISProxy in
the Name box, and click OK.
9. Create an iisproxy.ini file in the directory that contains the DLLs. This file
must contain the following information.
WebLogicHost=<dns-name-or-ip-address>
WebLogicPort=<listening-port-for-WLS>
WlForwardPath=/examplesWebApp
Debug=ALL
DebugConfigInfo=ON
The WebLogicHost value is the host for the Security Services Login Service
application. The WebLogicPort value is the port for the Security Services
Login Service application. The WlForwardPath value is the name of the
Security Services Login Service Web application. The debug values are optional
and are set for debugging purposes. The default log file for debug messages
is C:\TEMP\wlproxy.log.
For more information about the contents of the iisproxy.ini file, see the
http://docs.oracle.com/cd/E14571_01/web.1111/e14395/isapi.htm
10. In the right pane, click Restart under Manage Web Site.
Configure JBoss 5.10 ISAPI with IIS 7 for Security Services login
service
You must install the Tomcat ISAPI Redirector version 1.2.31 or later and
configure the Windows registry for the redirector. You must also create the
workers.properties and uriworkermap.properties files for the redirector.
documentation.
1. Create a directory where you want to install the Tomcat ISAPI Redirector on the
Windows Server 2008, for example:
D:\jboss_iis
2. Create the a directory structure on the Windows Server 2008 host for the new
Web site:
jboss_iis
This is the top level Web site directory. Its name can be anything but it is
recommended that you use an easily identified name such as jboss_iis.

\bin
This is the ISAPI redirector install directory. It contains the redirector
dll file and its registry file.
\conf
Contains the ISAPI redirector configuration files.
\log
Contains the ISAPI redirector log files.
\wwwroot
This is the physical location of the Web site.
3. Download the ISAPI Redirector from the Apache Tomcat Web site and save it in
the ISAPI redirector install (bin) directory.
Note • Download the latest version of the 32-bit redirector
(isapi_redirector-version.dll) file, not the 64-bit redirector.
• Only the isapi_redirector .dll file is required.
Rename the downloaded file to isapi_redirect.dll.
4. Configure Windows registry settings on the Windows Server 2008 host.

a. In the ISAPI redirector install bin directory, create a file with a .reg
recommended).
b. Create an isapi_redirect.reg windows registry file with the following

contents:
"log_file"="d:\\jboss_iis\\log\\jk_iis.log"
"log_level"="debug"
"worker_file"="d:\\jboss_iis\\conf\\workers.properties"
"worker_mount_file"="d:\\jboss_iis\\conf\\uriworkermap.properties"
”uri_select”=”unparsed”
It is recommended that you use debug for the log_level entry when you
initially configure the redirector to get all messages. You can change this
after you have tested your installation and determined that it is working
properly. The following table provides a brief description of these entries:
Name Description

Name Description
worker.properties file. You create this file
later.
uriworkermap.properties file. You create
this file later.
uri_select Determines how the forwarded URI is handled.
Unparsed indicates the original request URI is
forwarded. Siemens PLM Software recommends
this option. Rewriting the URI and forwarding
the rewritten URI does not work correctly.
c. In the ISAPI Redirector installation directory, right-click the

d. After receiving a confirmation message from Windows, check the

help.

worker.list=node1
The default port is 8009. If you could not use the default value and you changed
the AJP port number in JBoss configuration when you configured the Tomcat
ISAPI Redirector, use that value. The port is set (and can be modified) in the
JBoss_home\server\default\deply\jbossweb.sar\server.xml file.
6. Add or modify the following Connector element

attributes to the AJP 1.3 connector configuration
(JBoss_home\server\default\deply\jbossweb.sar\server.xml) file:

<Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
tomcatAuthentication="false" emptySessionPath="true"
enableLookups="false" redirectPort="8443" />
IIS forwards requests to JBoss using the AJP 1.3 protocol on this port, this must
be set to allow access to the remote user name (getRemoteUser method).
7. Save the file as workers.properties in the conf directory. This must match the
path you defined for it in the registry file.

/tc/*=node1

Replace tc with the name of your Teamcenter Security Services Login Service
Web application. This configures the redirector to forward all requests with
the /tc/* signature to node1.
9. Save the file as uriworkermap.properties. Save this file in the conf directory.
10. To open the IIS Manager, choose Start→Administrative Tools→Internet

11. In the navigation tree, expand your host name entry until you see Sites.
12. Create a new Web site with the home folder set to the directory you created
in step 1:
b. In the Add Web Site dialog box, type a name for you new Web site in the
Site Name box, for example jboss-iis.
c. Click the browse button next to the Physical path box.
d. In the Browse for Folder dialog box, browse to the wwwroot directory you
created in step 1 and click OK.
e. In the Port box, type a unique port number (for example, 8128) and click OK.
13. Configure the Web site authentication:

a. In the navigation tree, select your Web site name and double-click
Authentication under the IIS section.
b. In the Authentication pane, select Disabled for Anonymous Authentication.
c. Select Enabled for Windows Authentication. This is the 401 negotiate

setting.
d. Under Actions in the right pane, click Providers and ensure Negotiate and
NTLM are in the Enabled Providers box. If they are not, select them from
the Available Providers list and click Add.
Note This configures IIS to attempt to authenticate using Kerberos and
fall back to NTLM if Kerberos authentication is unsuccessful.
e. Under Actions in the right pane, click Advanced Settings and ensure
Enable Kernel-mode authentication is selected.
14. Configure the Web site ISAPI filters:

a. In the navigation tree, click your Web site name and double-click ISAPI
Filters in the IIS section.
b. In the right pane, click Add under Actions.
c. In the Add ISAPI Filter dialog box, type jkfilter in the Filter name box, browse
to the isapi_redirect.dll file in the Executable box, and click OK.

15. Create a virtual directory for your Web site:

a. In the navigation tree, right-click your Web site name and choose Add
Virtual Directory.
b. In the Add Virtual Directory dialog box, type jakarta in the Alias box.
Note The alias value can be anything but it must match the first value in
the extension_uri entry in the isapi_redirect_reg file.
c. Browse to the d:\jboss_iis\bin directory in the Physical path box and click
OK.

a. In the navigation tree, click your Web site name and double-click Handler
Mappings in the IIS section.
b. In the right pane, double-click ISAPI-dll under Actions.
c. In the Edit Module Mapping dialog box, type * in the Request path box
(remove any existing entry) and browse to the isapi_redirector.dll file in
the Executable box.
d. Click Request Restrictions and click the Verbs tab in the Request
Restriction dialog box and ensure the All verbs option is selected.
e. Click the Access tab, ensure the Execute option is selected, and click OK.
17. If your redirector is a 32-bit dll, enable 32-bit applications:

a. In the navigation pane, select Application Pools.
b. Select your Web site name and click Advanced Settings under Edit
Application Pool in the right pane.
c. In the Advanced Settings dialog box, select True for Enable 32-Bit
Applications.
18. In the right pane, click Restart under Manage Web Site.

Appendix
B Troubleshooting four-tier
architecture deployment

Appendix
B Troubleshooting four-tier
architecture deployment
Identify the problem you encountered in your four-tier rich client architecture and
perform the solution described.
Problem Solution
Web tier application fails during When a host has multiple IP addresses, the JGroups software
initialization with an error and JDK software arbitrarily choose one of them to use as
containing the following: the address to bind to for a server connection port. In some
situations, as when using a Windows Network Load Balancer,
Error during login. not all local IP addresses are accessible to other hosts on the
com.teamcenter.presentation. network. If the chosen IP address is not accessible, other
webclient.actions com. cluster peers are not able to open sockets to that port.
teamcenter.jeti.util.
JetiResourceConfiguration To avoid this error, specify a particular bind address using the
Exception: TreeCache bind.address Java system property, for example:
initialization failed
Dbind.address=123.456.78.91
Java arguments can be specified in different ways

on different application servers. For example, for a
WebLogic managed server, use the WebLogic console
server/Configuration/Server Start/Arguments field.
For more information, consult the application server’s
documentation.
Error indicating no server pool Either the server manager is not started or TreeCache
communication is not occurring. Ensure that you correctly
coordinated the server manager and Web tier TreeCache
configuration settings.
For information about coordinating these settings, see
the appropriate server installation guide (for Windows or
UNIX/Linux).
If you are using TCP communication, look for the GMS
address during both application server startup and server
manager startup. The GMS address indicates the service port
obtained. It should be within the range of ports pinged by
TreeCache peers.
PLM00015 J Web Application Deployment Guide B-1

Appendix B Troubleshooting four-tier architecture deployment
Problem Solution
Delays in opening a connection The Web tier may be attempting a connection to the
from the Web tier to a Teamcenter Teamcenter server on an IP address that is unavailable.
server
If the SERVER_HOST parameter is not specified in the
server manager configuration, the Teamcenter server writes
all IP addresses found in the host’s network configuration
to its CORBA interoperable object reference (IOR). If the
host has multiple addresses and the primary address is
not reachable, the Teamcenter Web tier logs the following
warning:
The connection to the pool with ID pool—ID is not
available. Primary Address Host is IP-address and
the Primary Address Port is port; In addition to
the Primary Address, additional address(es) were
found. Please ensure that the Primary Address used
is the right one. This address can be changed by
configuring the SERVER_HOST parameter.
Inspect the Web tier log file for status messages reported
during server manager startup. If the server manager log
contains a message similar to this, set the SERVER_HOST
parameter in the serverPool.properties file to the correct
IP address for the host.
Warnings of discarded messages These warnings indicate that you have two clusters on the
same port (multicast) or set of ports (TCP).
Your environment is working because you used different
names for each cluster, but this is not an optimal environment
for performance. Siemens PLM Software recommends
configuring a different port or set of ports for each
environment.
Error messages about the server These messages indicate that the pool ID is in use by another
manager pool ID server manager in the TreeCache cluster. Either place the
server managers in different clusters or configure a distinct
pool ID.
Occasionally, TreeCache instances fail to accept connections
and report handleJoin errors. Typically this error disappears
if you restart one or more cluster members.
handleJoin errors occur at To get additional information, increase the logging level for
startup the tree cache and jgroups classes for both the application
server and server manager:
1. Copy the log4j.xml file in the server manager run-time
directory (TC_ROOT\pool_manager) to the application
server instance startup directory.
By default, the server manager run-time directory
includes a log4j.xml file, but it logs only the warning level
information. The default configuration sends log output
to the console and the following files:
TC_ROOT\pool_manager\logs\ServerManager\
process\serverManager.log
APPSERVER_ROOTlogs\WebTier\processWebTier.log
B-2 Web Application Deployment Guide PLM00015 J

Troubleshooting four-tier architecture deployment
Problem Solution
2. Edit log4j.xml so that more information is logged at run

time. For example, to increase the log4j output for the
JBossCache and jgroup classes to the INFO level, edit
the file:
<logger name="org.jboss.cache" additivity="false">
<level value="INFO"/>
<appender-ref ref="WebTierAppender"/>
<appender-ref ref="ProcessConsoleAppender"/>
</logger>
<logger name="org.jgroups" additivity="false">
<level value="INFO"/>
<appender-ref ref="WebTierAppender"/>
<appender-ref ref="ProcessConsoleAppender"/>
</logger>
The JMX HTTP adaptor allows you to view the status of the
server pool and dynamically change the pool configuration
values (the values are not persistent). Access this functionality
from the following URL:
http://host-name:jmx-port
Replace host-name with the name of the host running the
server manager. Replace jmx-port with the number of the
port running the JMX HTTP adaptor. This port number is
defined on the JMX HTTP Adaptor Port parameter when
you install the server manager.
Configuration is correct, but Determine from logs whether users are frequently losing a
run-time errors occur server due to the server timing out and are then having a new
server assigned.
Server startup can consume a great amount of CPU. Consider
increasing timeout values and/or the pool size.
Either the server manager Check the internet protocol configuration on the server
fails to start when employing manager host and the Web tier host and ensure that they
multicast TreeCache mode or match. Some application servers configure the Java virtual
the following error message is machine (JVM) to prefer the IPv4 stack. This is the case
received: with recent versions of JBoss. Therefore, you must alter the
Exception in thread "main" preferIPv4Stack Java property on the server manage host
java.net.SocketException: to match the Web tier configuration.
Can’t assign requested address.
By default, Java prefers to use Internet Protocol Version 6
(IPv6) addresses. Incomplete IPv6 configuration can cause
Java socket exceptions that prevent the server manager from
starting.
For example, an IBM AIX server might be configured to have
an IPv6 loopback address ::1 but no IPv6 ethernet address.
Detect this problem on AIX with the command:
netstat –ni

Problem Solution
If this is the case, either complete the IPv6 upgrade

configuration as documented in the IBM System Management
Guide or uncomment the following line in the mgrstart script:
#JVM_ARGS="${JVM_ARGS} -Djava.net.preferIPv4Stack=true"
This line adds the –Djava.net.preferIPv4Stack=true Java

option, instructing the JVM to use IPv4 addresses for the
server manager.
Note If the Web application server is running on the same
host as the server manager, add this Java option to
the Web application startup script also.
On a machine with multiple IP addresses, it may be necessary

to configure the address used by the TreeCache. This
address can be added to the TreeCacheTCP.xml file (for
TCP mode) or the TreeCacheMcast.xml file (for Mcast
mode). In the server manager, this file can be found in the
TC_ROOT/pool_manager directory. In the J2EE application
it can be found in the file JETIServerAccessor.jar in
the staging area of the Web Application Manager. For
Mcast mode, locate the UDP configuration line and add
bind_addr=desired-address. For TCP mode, locate the TCP
configuration line and add bind_addr=desired-address.
Out-of-memory messages from Review and adjust as necessary the settings for the following
Web application server running kernel parameters:
on HP-UX platform
max_thread_proc
maxfiles
maxusers
Particularly, the default max_thread_proc value of 64 is
not sufficient for running the Web application server. The
optimum values depend on the traffic level and machine
capabilities.
TreeCache connection failure Terminating a server manager instance by sending it a signal
after restarting or redeploying does not clean up the TreeCache data stored in other four-tier
components regarding the terminated pool. When this server
manager is restarted, it cleans up this information. However,
termination of a server manager in this way sometimes leaves
the TreeCache communication mechanisms in a corrupted
state and the server manager is not able to rejoin the
TreeCache cluster. The problem can be resolved by stopping
all four-tier components (the application servers and server
managers) in the TreeCache cluster and then restarting them
all. This problem can usually be avoided by shutting the
server manager down cleanly through the server manager
Administrative Interface. For information about using the
server manager administrative interface, see the System

Problem Solution
A similar problem can occur after the Teamcenter Web tier

application is redeployed on the application server without
stopping and restarting the application server. In this case, an
extra TreeCache instance from the earlier deployment might
still be running in the application server and this can interfere
with proper functioning of the TreeCache. This can usually be
resolved by stopping and restarting the application server.
Due to a Java run-time issue on Linux, these problems are
more likely if the four-tier component is run with the nohup
command on Linux and the process is terminated by sending
it a signal.
TreeCache initialization fails The following error messages in the log files indicate that the
when starting the server TreeCache port is already in use:
manager or Web tier application FATAL - None - 2007/07/27-16:11:13,244 UTC - host- TreeCache
initialization failed:
com.teamcenter.jeti.serverassigner.ServerAssigner
org.jgroups.ChannelException: failed to start protocol stack
Caused by: java.lang.Exception: exception caused by TCP.start():
java.net.BindException: No available port to bind to
This error indicates that the TreeCache local service port you
have configured is already in use either by another TreeCache
instance or by some other process. To resolve this problem,
choose a different port and restart/redeploy the reconfigured
server manager or Web tier application.
CFI_error displays when running When you run AIE Export in batch mode, Teamcenter displays
AIE export in batch mode a CFI error. This error occurs because jt.exe (Microsoft Task
Scheduler) file is missing from the %WINDOWS% directory.
To resolve this problem, perform the following steps:
1. Download the jt.zip utility from the following Web site:
ftp://ftp.microsoft.com/reskit/win2000
2. Expand the jt.exe file from the jt.zip file and copy it to
your TC_ROOT\bin directory.
Server manager is not If your server manager is joining a existing TreeCache
used/recognized by the Web cluster, the TreeCache Peers parameter for the server
tier application when the manager must contain the host name and port number of
manager is restarted without a Web application server running the Web tier application
restarting the Web tier or the host/port pair of a server manager that has the Web
application server configured as a peer.
In a simple environment with one manager and one Web tier
instance, you should configure the server manager to have the
Web tier instance as a peer and the Web tier application must
contain the server manager host and local service port in the
TreeCache Peers context parameter. This allows you to start
the server manager or the application server independently.
For information about installing the server manager, see the
Installation on Windows Servers Guide. For information about

Problem Solution
starting and managing the server manager, see the System
For information about Web application context parameters,
see the Installation on Windows Servers Guide.
A server manager crash occurs An error message, similar to the following, appears in the
with an error in the Java output Java output and is identified in the hs_err_* file as an error
that indicates the JVM detected in a compiler thread.
an unexpected error #
#
# SIGSEGV (11) at pc=ab2727b4, pid=183, tid=9
#
# Java VM: Java HotSpot(TM) Server VM (1.5.0.03 jinteg:02.13.06-15:
# 51 PA2.0 (aCC_AP) mixed mode)
# V [libjvm.sl+0xa727b4]
#
# An error report file with more information is saved as
# hs_err_pid183.log
#
# Please report this error to HP customer support.
#
./run.sh[175]: 183 Abort(coredump)
Excerpt from the hs_err_* file:

#
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6da225d6, pid=1272,
# tid=3168
#
# Java VM: Java HotSpot(TM) Server VM (1.5.0_05-b05 mixed mode)
# V [jvm.dll+0x1e25d6]
#
--------------- T H R E A D ---------------
Current thread (0x26a0adb0): JavaThread "CompilerThread1" daemon [
_thread_in_native, id=3168]
.
.
.
Current CompileTask:
opto:1020 s! org.jacorb.orb.Delegate.request(Lorg/omg/CORBA/Object;
Ljava/lang/String;Z)Lorg/omg/CORBA/portable/OutputStream; (266 bytes)
This is due to a known Java defect affecting the JVM. It may

occur when there are enough calls to the server to cause the
JRE to dynamically compile the relevant CORBA method.
Sun recommends the following workarounds:
• Add the JVM parameter –XX:-EliminateLocks. (Some
versions of Java do not support this parameter.)
• Use the .hotspot_compiler file to disable the compilation

of the jacorb Delegate.request() method. See the
documentation for your Java version to determine the
proper location and contents of this file.
• Move to a later JVM.

Problem Solution
During a server manager On some platforms or machines, the jgroups code used
startup or J2EE Web application by TreeCache in the Teamcenter server manager or the
deployment the following error Teamcenter J2EE application may fail to initialize when
message is received when using using mcast mode. This may be caused by using IPv6. This
multicast mode: is to known to occur when using a Linux host but may also
java.net.BindException: occur in other configurations.
Can’t assign requested address
The following is a typical exception message with this error:
ERROR - 2007/07/29-00:55:20,866 UTC - cili6008 - Error initializing
JBoss Cache com.teamcenter.jeti.serversubpoolmanager.
ServerPoolManager
org.jgroups.ChannelException: failed to start protocol stack
at org.jgroups.JChannel.connect(JChannel.java:393)
at org.jboss.cache.TreeCache.startService(TreeCache.java:
1249)
at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(Service
MBeanSupport.java:274)
at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.
java:181)
at com.teamcenter.jeti.SharedStore.init(SharedStore.java:144)
at com.teamcenter.jeti.serversubpoolmanager.ServerPoolManager.init
Cache(ServerPool Manager.java:2092)
at com.teamcenter.jeti.serversubpoolmanager.ServerPoolManager.fini
shInit(ServerPoolManager.java:449)
at com.teamcenter.jeti.serversubpoolmanager.ServerManager.main(Ser
verManager.java:1480)
Caused by: java.lang.Exception: exception caused by UDP.start():
java.net.BindException: Cannot assign requested address
at org.jgroups.stack.Protocol.handleSpecialDownEvent(Protocol.java
:600)
at org.jgroups.stack.DownHandler.run(Protocol.java:117)
If this occurs during server manager startup, uncomment the

last line in the following block of the mgrstart script file, and
restart the server manager.
# Uncomment this line to tell Java to prefer IPv4 addresses.
# This can fix socket errors on systems that do not have a fully
# functional IPv6 configuration. A similar change may be needed
# in the startup script for a J2EE application server.
#JVM_ARGS="${JVM_ARGS} -Djava.net.preferIPv4Stack=true"
If this error occurs during J2EE application deployment,

consult your application server vendor’s documentation for the
proper JVM arguments settings. Another possible solution
is to use TCP mode instead of mcast mode for both the
Teamcenter server manager and J2EE application.
A CORBA COMM_FAILURE This error usually indicates one of the following:
error is reported in the Web tier
1. The Teamcenter server has terminated while processing
a request.
2. The Teamcenter server encountered a serious error (for

example, failed memory allocation) while attempting to
process a request.
The message generally does not indicate a problem in the

Web tier itself. Teamcenter server syslog files may contain
information useful in diagnosing the root cause of Teamcenter
server failures.

Problem Solution
After publishing an item to A Teamcenter Web application deployed on a Sun Java System
an ODS, the Sun Java System Application Server can become unresponsive. This can occur
Application Server becomes especially when:
unresponsive.
• You publish and item to the default ODS site that is also
the site publishing the item.
• You attempt to view the published item’s details in the

home folder.
To correct this problem, ensure that you have set the Thread
Count and Initial Thread Count to at least the minimum
values required (25 and 15 respectively) and restart the
application server.
Note Depending on Teamcenter Web tier activity, you may
have to set these values higher than the minimum to
get the best performance.
Client-side Java session cookies Multiple applications deployed in the same WebLogic domain
are overwritten by Web tier can cause client session cookies to overwrite each other. To
applications deployed in the avoid this, deploy your Teamcenter Web application in a
same domain on a WebLogic domain by itself or ensure each application has a separate
application server. cookie path.
To set your Web application session cookie path:
1. Navigate to the
WEB-ROOT/staging-directory/webapp_root/WEB-INF
directory for the application.
Note WEB_ROOT is the location where you installed
the Web Application Manager (insweb), and
staging-directory is the directory where the
specific Web application was generated.
For information about building J2EE Web
applications with the Web Application Manager,
see the Teamcenter server installation guide (for
Windows or UNIX/Linux).
2. Open the weblogic.xml file and add the following

elements:
<session-param>
<param-name>CookiePath</param-name>
<param-value>/deployable-name</param-value>
</session-param>
Replace deployable-name with the deployable file name

set in the Web Application Manager, for example, tc.
3. Launch the Web Application Manager (insweb).
4. Select the Web application name and click Modify.

Problem Solution
5. In the Modify Web Application dialog box, click Generate

Deployable File.
6. In the Generate Deployable File dialog box, click OK.

The Web Application Manager displays the status of
the installation in the Progress dialog box. When the
installation is complete, click OK to close the Progress
dialog box.
7. Click OK to close the Modify Web Application dialog box.

During peak activity, the Web The Teamcenter Web application is using all available
tier encounters errors obtaining connections in the connection pool. To avoid this, increase
JCA connections. the number of available connections by increasing the
Max_Pool_Size context parameter value in the Web
application EAR file.
To set your Web application maximum connection pool size:
1. Launch the Web Application Manager (insweb).
For information about building J2EE Web applications
with the Web Application Manager, see the Teamcenter
server installation guide (for Windows or UNIX/Linux).
2. Select the Web application name and click Modify.
3. In the Modify Web Application dialog box, click Modify

Context Parameters.
4. In the Modify Context Parameters dialog box, locate

Max_Pool_Size, double-click the Value column, and type
a larger number.
5. Click OK and click Generate Deployable File.
6. In the Generate Deployable File dialog box, click OK.

The Web Application Manager displays the status of
the installation in the Progress dialog box. When the
installation is complete, click OK to close the Progress
dialog box.
7. Click OK to close the Modify Web Application dialog box.
8. Redeploy the EAR file in your application server.

Problem Solution
Chinese characters are If you use a nonnative language operating system version of
displayed as square blocks Windows, you must install and enable the Multilingual User
in the Teamcenter rich client. Interface (MUI) pack to ensure the language font is displayed
properly.
1. Download and install the MUI pack for Windows from
Microsoft.
2. Open the Regional and Language Options dialog box in

the Windows Control Panel.
3. In the Languages tab, set the required language for the

menus and dialogs.
4. In the Advanced tab and the Regional Options tab, set

the required language.
JBoss 5.1.0 GA displays an The following error message displays during JBoss startup:
error message during startup AttachmentStore MC bean (org.jboss.system.server.profileservice.
when installed on Sun Solaris repository.abstractAttachmentStore)configuration does not specify
the parameter type for constructor
operating system.
This is a known JBoss bug (JBAS-6981). You must edit the
profile.xml file for your application server instance.
Using the default server as an example, edit the
{jboss-5.1.0.GS}/server/default/conf/boodstrap/profile.xml
file as follows:
1. Locate the following parameter element in the file:

<bean name="AttachmentStore"
class="org.jboss.system.server.profileservice.
repository.AbstractAttachmentStore">
<constructor>
<parameter>
<inject bean="BootstrapProfileFactory"
property="attachmentStoreRoot" />
</parameter>
</constructor>
<property name="mainDeployer">
<inject bean="MainDeployer" />
</property>
<property name="serializer">
<inject bean="AttachmentsSerializer" />
</property>
<property name="persistenceFactory">
<inject bean="PersistenceFactory" />
</property>
.
.
.
2. Update the parameter element to include a class attribute:

<parameter class="java.io.File">
3. Save the file and restart the application server.

Problem Solution
During successive calls to get During large Global Services transactions, such as a
activity status in the Global replication manager transaction during site consolidation
Services user interface, out of orchestration, you may encounter a Java out of memory
memory errors are displayed. error from the application server. This usually is caused by
repeated checks on activity status (AuditActivity business
object) from the Global Services user interface.
The Java virtual machine (JVM) size grows with each call
to get the status. To avoid this, reduce the application
server’s Java memory property to between 1200m and 1500m
(-Xmx1200m or -Xmx1500m, respectively).
Teamcenter Web application The Teamcenter Web application takes longer than the
fails to deploy on JBoss with the default 60 seconds the JBoss deployment scanner allows for
following error messsage: deployments. Add the deployment-timeout attribute to the
deployment-scanner element and set the value to at least
Did not receive a response
to the deployment operation 600 seconds before attempting to deploy the Web application.
within the allowed timeout
period [60 seconds]. Check
the server configuration
relative-to="jboss.server.base.dir" s
file and the server logs to
find more about the status
of the deployment.
</subsystem>
For more information, see Deploy on JBoss application server

(HSE).

Appendix
C Glossary

Appendix
C Glossary
basic deployment (HSE)

Basic deployment on an enterprise (J2EE) application server. The HTTP Web server
(H), servlet container (S), and Enterprise JavaBean (EJB) container (E) are all
provided on the same platform as part of the same process. The Teamcenter Web
tier application (EAR file bundling the WAR file) is deployed on a J2EE application
server that has a built-in HTTP listener, such as JBoss Application Server, Oracle
WebLogic Server, and IBM WebSphere Application Server.
Deploying a separate HTTP Web server to listen to the incoming request is not
required.
basic deployment with front-end HTTP Web server (H-SE)

Stand-alone HTTP Web server is configured as the front-end to a J2EE application
server.
BLOB
Binary large object; attribute type of undefined structure. BLOBs are stored as
binary images within an object.
business object
Logical grouping of data attributes and properties that are manipulated at the
enterprise level.
A Global Services business object allows users to query for and update information
in multiple data sources.
business object definition file

File that contains the XML-based definition of a Global Services business object.
clustered deployment (H*-SE)

Multiple HTTP servers configured in a cluster. All requests are sent to the cluster,
which routes the request to a J2EE application server that is available to process the
request. The Teamcenter Web tier application (EAR file bundling the WAR file) is
deployed in each application server instance in the cluster.
clustered deployment with front-end, load-balanced HTTP Web servers (H*-SE*)

Multiple HTTP Web server instances are configured with a load balancer and a
cluster of J2EE application server instances. A load balancer in front of the HTTP
Web servers balances the load for incoming requests and HTTP Web servers route
that request to the cluster of application servers.
PLM00015 J Web Application Deployment Guide C-1

Appendix C Glossary
In this configuration, the Teamcenter Web tier application (EAR file bundling the
WAR file) is deployed in each application server instance in the cluster. Typically,
HTTP Web servers must be configured for this type of distributed environment.
clustered deployment with front-end HTTP Web server (H-SE*)

Stand-alone HTTP Web server is configured with a cluster of Web application server
instances. The HTTP Web server routes requests to a cluster of J2EE application
servers. The Teamcenter Web tier application (EAR file bundling the WAR file) is
deployed in each application server instance in the cluster.
data source
System that manages enterprise data and can be accessed by Teamcenter.
Examples are product knowledge management (PKM) systems, product lifecycle
management systems, relational databases, enterprise resource planning (ERP)
systems, component and supplier management (CSM) systems, mechanical design
automation (MDA) systems, purchasing systems, systems engineering GroupWare,
and maintenance, repair, and overhaul (MRO) systems.
datastore
Java Database Connectivity (JDBC) database instance used to store the Global
Services configuration and business object definition (BOD) information. The
majority of the objects in the datastore are stored as serialized objects for improved
performance. The configuration and BOD files are serialized during the process of
uploading them to the datastore. Global Services users with administrator privileges
can access the Configuration Object form in Global Services that allows them to add,
remove, and update objects in the datastore. See also business object definition file.
enterprise archive (EAR)

Enterprise application that requires a J2EE application server.
enterprise tier
Teamcenter architectural tier that comprises a configurable pool of Teamcenter
C++ server processes and a server manager. Larger sites can distribute the pool of
server processes across multiple hosts. Smaller sites can run the pool of servers on
the same host as the Web tier.
H*-SE
See clustered deployment (H*-SE).
H*-SE*
See clustered deployment with front-end, load-balanced HTTP Web servers (H*-SE*).
HSE
See basic deployment (HSE).
H-SE
See basic deployment with front-end HTTP Web server (H-SE).
C-2 Web Application Deployment Guide PLM00015 J

Glossary
H-SE*
See clustered deployment with front-end HTTP Web server (H-SE*).
JDBC connector
Enterprise JavaBean that connects Global Services to data sources using the Java
Database Connectivity (JDBC) API.
The JDBC connector is provided as part of Global Services.
network load balancer (NLB)

HTTP Web servers are configured to allow each HTTP Web server in the load
balanced cluster to respond to a virtual IP address. Requests to this virtual IP are
intercepted and routed to a machine running one of the Web servers in the cluster.
Oracle home
Directory in which Oracle software is installed on the Oracle server node.
Oracle system identifier (SID)

Alphanumeric word used to identify a collection of processes and associated memory
structures as belonging to a particular Oracle database instance. The ORACLE_SID
environment variable defines the Teamcenter-Oracle system identifier.
preference
Configuration variable stored in a Teamcenter database and read when a Teamcenter
session is initiated. Preferences allow administrators and users to configure many
aspects of a session, such as user logon names and the columns displayed by default
in a properties table.
site preference
Teamcenter preference that applies to the entire site.
SQL
See Structured Query Language.
Structured Query Language

ANSI standard command and embedded language for manipulating data in a
relational database.
Web Application Manager

Graphical installation utility that generates supporting Web files (WAR and EAR
format) for a named Web application. Web Application Manager also installs the rich
client distribution server and creates distribution server instances.
PLM00015 J Web Application Deployment Guide C-3

Appendix C Glossary
Web archive (WAR)

Web application that requires an HTTP Web server and servlet engine.
Web tier
Teamcenter architectural tier that comprises a Java application running in a Java
2 Enterprise Edition (J2EE) application server. The Web tier is responsible for
communication between the client tier and enterprise tier.
C-4 Web Application Deployment Guide PLM00015 J

Index
A ApplicationInstance . . . . . . . . . . . 3-4, 3-7

Activity status table . . . . . . . . . . . . . . . 3-1 Context root . . . . . . . . . . . . . . . . . 2-4, 2-18
allowuntrustedcertificates property . . . A-4 CookiePath parameter . . . . . . . . . . . . . B-9
Apache HTTP server . . . . . . . . . . . . . . 2-20 Cookies overwritten . . . . . . . . . . . 2-6, 2-19
Apache Web server . . . . . . . . . . . 2-29, 2-31 CORBA error in Web tier . . . . . . . . . . . B-7
Application server administration . . . . . 1-2 Create a handler mapping . . . . . A-17, A-21
Application server hangs after publishing an Create a new IIS Web site . . . . . . . . . 2-24,
item . . . . . . . . . . . . . . . . . . . . . . . . . B-8 A-16, A-20
Application server stops responding . . . B-8 Create an IIS handler script map . . . . . 2-24
ApplicationInstance context Create proxy initialization file . . . . . . . 2-25
parameter . . . . . . . . . . . . . . . . . . . 3-4, 3-7
autoReconnect connection pool D
property . . . . . . . . . . . . . . . . . . . . . . . 3-8 Data availability . . . . . . . . . . . . . . . . . . 1-2
axis2.max.connections property . . . . . . . 3-6 Data source . . . . . . . . . . . . . . . . . . 3-4, 3-7
data store
B Creating . . . . . . . . . . . . . . . . . . . . . . 3-1
Basic deployment . . . . . . . . . . . . . . . . . 1-3 Table . . . . . . . . . . . . . . . . . . . . . . . . 3-1
WebSphere Application Server . . . . . . 2-4 data store table . . . . . . . . . . . . . . . . . . . 3-1
BEA-000402 error . . . . . . . . . . . . . . . . 2-7, Database tables
2-21–2-23, 2-27, 2-30 Activity status . . . . . . . . . . . . . . . . . . 3-1
JBoss . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 data store . . . . . . . . . . . . . . . . . . . . . 3-1
Message log . . . . . . . . . . . . . . . . . . . . 3-1
Reactor result . . . . . . . . . . . . . . . . . . 3-1
C Default Web site . . . . . . . . 2-24, A-16, A-20
Cannot assign requested address . . . . . B-7 Deployment status . . . . . . . . . . . . . . . . 3-7
Chinese characters in Windows . . . . . . B-10 Deployment with front-end HTTP server
clientmap element . . . . . . . . . . . . A-7, A-12 WebSphere Application Server . . . . . 2-16
Cluster host:port . . . . . . . . . . . . . . . . . 2-29 Deployment, basic . . . . . . . . . . . . . . . . 2-6,
Clustered with front-end HTTP . . . . . . . 1-3 2-20–2-21, 2-23, 2-26, 2-30
Clustered with front-end load balanced . . 1-3 Front-end HTTP Web server
COMM_FAILURE error . . . . . . . . . . . . B-7 WebSphere application server/IBM
Commit . . . . . . . . . . . . . . . . . . . . . . . . 3-7 HTTP server . . . . . . . . . . . . . 2-16
Configuration data . . . . . . . . . . . . . . . . 3-1 Deployment, clustered
Configure a handler mapping . . . . . . . . 2-16 Front-end HTTP Web server
Configuring a JNDI data store WebLogic server/Apache Web
connection . . . . . . . . . . . . . . . . . . . . . 3-4 server . . . . . . . . . . . . . . . . . 2-29
Configuring FMS . . . . . . . . . . . . . . . . A-5 WebLogic server/WebLogic
Configuring Web application . . . . . . . . . 1-2 Express . . . . . . . . . . . . . . . . 2-26
connection element . . . . . . . . . . . . . . . A-12 Load-balanced HTTP Web server
Connection factory, JETIAdapter . . 2-5, 2-18 WebSphere application server/IBM
Connection pool database name . . . . . . . 3-7 HTTP (Web) server . . . . . . . . 2-31
Connection pool driver . . . . . . . . . . . . . . 3-4 WebSphere application server/Sun Web
Connection pool properties . . . . . . . 2-5, 2-18 server . . . . . . . . . . . . . . . . . 2-31
Context parameter Deployment, distributed . . . . . . . 2-20–2-21
PLM00015 J Web Application Deployment Guide Index-1

Index
Deployment, H-SE FSC element . . . . . . . . . . . . . A-7, A-9, A-12

Front-end HTTP Web server fscgroup element . . . . . . . . . . . . . . . . . A-6
JBoss application server/Microsoft
IIS . . . . . . . . . . . . . . . . . . . . . 2-7 G
Distributed deployment
Apache HTTP/WebLogic . . . . . . . . . . 2-20 Gateway for Oracle EBS integration
WebLogic Express/WebLogic . . . . . . . 2-21 (T40) . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Dynamic content . . . . . . . . . . . . . . . . . . 1-2 Global Services Java memory error . . . . B-11
Global Services properties . . . . . . . . . . . 3-6
E Global Services third party
integrations . . . . . . . . . . . . . . . . . . . . 3-4
Elements globalservices.properties file . . . . . . . . . . 3-6
clientmap . . . . . . . . . . . . . . . . A-7, A-12 GlobalServicesDB . . . . . . . . . . . . . . 3-4, 3-7
connection . . . . . . . . . . . . . . . . . . . . A-12
FSC . . . . . . . . . . . . . . . . . A-7, A-9, A-12
fscgroup . . . . . . . . . . . . . . . . . . . . . A-6 H
Enable port rollover . . . . . . . . . . . . . . 2-25 H*-SE* . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Enabling a deployed Web application . . . 1-2 H-SE . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Enabling two-way SSL . . . . . . . . . . . . A-4 H-SE* . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Error during JBoss startup . . . . . . . . . B-10 HP-UX, kernel parameters . . . . . . . . . . B-4
Errors hs_err_* . . . . . . . . . . . . . . . . . . . . 2-1, B-6
COMM_FAILURE . . . . . . . . . . . . . . B-7 HSE . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . B-7 HTTP Web servers . . . . . . . . . . . . . . . . 2-2
Java . . . . . . . . . . . . . . . . . . . . . 2-1, B-6
java.net.BindException . . . . . . . . . . . B-7 I
mcast . . . . . . . . . . . . . . . . . . . . . . . B-7
Pool ID not available . . . . . . . . . . . . B-2 IBM HTTP server . . . . . . . . . . . . 2-16, 2-31
Restarting server manager . . . . . . . . B-6 IBM HTTP server plug-in . . . . . . . . . . 2-19
Server manager . . . . . . . . . . . . . . . . B-6 IIS
SERVER_HOST parameter . . . . . . . B-2 ISAPI filter . . . . . . . . . . . . . . . . . . . 2-15
TreeCache . . . . . . . . . . . . . . . . . . . . B-5 Web service extension . . . . . . . . . . . . 2-15
extension_uri registry entry . . . . . . . . 2-10, IIS default Web site . . . . . . 2-24, A-16, A-20
2-13, A-18 IIS virtual directory . . . . . . . . . . 2-14–2-15
IIS Web site . . . . . . . . . . . . . . . . 2-14–2-15
F Installations
JBoss server . . . . . . . . . . . . . . . . . . . 3-9
Fail over . . . . . . . . . . . . . . . . . . . . . . . . 1-2 WebLogic server . . . . . . . . . . . . . . . . . 3-6
Failed to start new thread error . . . . . . B-11 IPv6 mcast mode . . . . . . . . . . . . . . . . . B-7
Files ISAPI filter . . . . . . . . . . . . . . . . . . . . . 2-15
Global Services properties . . . . . . . . . 3-6 ISAPI Redirector . . . . . . . . . . . . . . . . . . 2-7
globalservices.properties . . . . . . . . . . . 3-6 isapi_redirector.reg file . . . . 2-10, 2-12, A-18
hs_err_* . . . . . . . . . . . . . . . . . . 2-1, B-6
isapi_redirector.reg . . . . . 2-10, 2-12, A-18
JETIServerAccessor.jar . . . . . . . . . . 2-25 J
Proxy WAR . . . . . . . . . . . . . . . 2-22, 2-27 Java error . . . . . . . . . . . . . . . . . . 2-1, B-6
TreeCacheTCP.xml . . . . . . . . . . . . . . 2-25 Java out of memory error . . . . . . . . . . . B-11
uiworkermap.properties . . 2-9, 2-12, A-17 java.lang.OutOfMemoryError . . . . . . . . B-11
web.xml . . . . . . . . . . . . . . . . . . . . . 2-28 java.net.BindException . . . . . . . . . . . . B-7
Windows registry . . . . . . . 2-10, 2-12, A-18 JBoss
workers.properties . . . . . . 2-9, 2-12, A-17 Security . . . . . . . . . . . . . . . . . . . . . 3-12
FMS SSL configuration . . . . . . . . . . . . A-4 JBoss 5.1.0 GA . . . . . . . . . . . . . . . . . . B-10
FMS URL path extensions . . . . . . . . . . A-4 JBoss application server . . . . . . . . . . . . 2-7
Four-tier architecture JCA connection parameter . . . . . . . . . . B-9
Troubleshooting deployment . . . . . . . B-1 JETIServerAccessor.jar file . . . . . . . . . 2-25
Front-end HTTP . . . . . . . . . . . . . . . . . . 1-3 JNDI data store . . . . . . . . . . . . . . . . . . 3-4
Index-2 Web Application Deployment Guide PLM00015 J

Index
K axis2.max.connections . . . . . . . . . . . . 3-6
Kernel parameters . . . . . . . . . . . . . . . B-4 Proxy WAR file . . . . . . . . . . . . . . . . . . 2-22
Publishing to default ODS hangs application
server . . . . . . . . . . . . . . . . . . . . . . . . B-8
L
log_file registry entry . . . . . 2-10, 2-13, A-18 R
log_level registry entry . . . . 2-10, 2-13, A-18
Reactor result table . . . . . . . . . . . . . . . . 3-1
Redirector directory . . . . . . . 2-10, 2-12, A-17
M Redirector logs . . . . . . . . . . . . . . . . . . A-17
Manager, NLB . . . . . . . . . . . . . . . . . . 2-32
Max_Pool_Size parameter . . . . . . . . . . B-9 S
Maximum connections . . . . . . . . . . 2-5, 2-18
SAP (T4S) integration . . . . . . . . . . . . . . 3-4
mcast error . . . . . . . . . . . . . . . . . . . . . B-7
SAP integration . . . . . . . . . . . . . . . . . . 3-4
Message log table . . . . . . . . . . . . . . . . . 3-1
Security in JBoss . . . . . . . . . . . . . . . . 3-12
Microsoft IIS . . . . . . . . . . . . 2-7, 2-14–2-15
Server manager
Microsoft IIS 7 . . . . . . . . . . . . . . 2-23, A-15
J2EE based, troubleshooting . . . . . . . B-2
Minimum connections . . . . . . . . . . 2-5, 2-18
Server manager error . . . . . . . . . . . . . B-6
Server manager restart error . . . . . . . . B-6
N SERVER_HOST parameter . . . . . . . . . B-2
Network load balancing, see NLB serverPool.properties file . . . . . . . . . . . B-2
New IIS Web site . . . . . . . . . . . . 2-14–2-15 Session cookies . . . . . . . . . . . . . . . . . . B-9
NLB . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Session cookies overwritten on the
Cluster parameters . . . . . . . . . . . . . 2-32 client . . . . . . . . . . . . . . . . . . . . . . . . B-9
Master host node . . . . . . . . . . . . . . . 2-33 Specifying a specific bind address when a host
Network load balancing manager . . . 2-32 has multiple IP addresses . . . . . . . . . B-1
NLBmgr command . . . . . . . . . . . . . . 2-32 SSL
Requirements . . . . . . . . . . . . . . . . . 2-32 Application server . . . . . . . . . . . . . . 3-16
Secure port rules . . . . . . . . . . . . . . . 2-33 SSL configuration
Standard port rules . . . . . . . . . . . . . 2-33 One-way . . . . . . . . . . . . . . . . . . . . . A-8
WebSphere application server/IBM HTTP Two-way . . . . . . . . . . . . . . . . . . . . . A-4
(Web) server . . . . . . . . . . . . . . . . 2-31 Starting ****OBSOLETE**** . . . . . . . 2-22
Not enough storage is available to process this Starting a Teamcenter Web
command error . . . . . . . . . . . . . . . . . B-11 application . . . . . . . . . . . . . . . . . . . . . 1-2
Starting JBoss . . . . . . . . . . . . . . . . . . 3-12
Startup error with JBoss installed on
O
Solaris . . . . . . . . . . . . . . . . . . . . . . . B-10
One-phase commit . . . . . . . . . . ... . . . 3-7 Static content . . . . . . . . . . . . . . . . . . . . 1-2
One-way SSL configuration . . . . ... . . A-8 Sun Java System Application Server
Oracle Manufacturing integration .. . . . 3-4 hangs . . . . . . . . . . . . . . . . . . . . . . . . B-8
Override end_port value . . . . . . ... . . 2-25 Sun Java System Application Server is
unresponsive . . . . . . . . . . . . . . . . . . . B-8
P Supported application servers . . . . . . . . 2-2
Supports global transactions . . . . . . . . . 3-7
Parameters
ApplicationInstance . . . . . . . . . . . 3-4, 3-7
CookiePath . . . . . . . . . . . . . . . . . . . B-9 T
Kernel . . . . . . . . . . . . . . . . . . . . . . B-4 TCP element . . . . . . . . . . . . . . . . . . . . 2-25
Max_Pool_Size . . . . . . . . . . . . . . . . . B-9 TESIS integrations . . . . . . . . . . . . . . . . 3-4
Prerequisites for Web application Tomcat Redirector directory . . . . . . . . 2-10,
deployment . . . . . . . . . . . . . . . . . . . . . 1-2 2-12, A-17
Preventing cookies from being TreeCache initialization fails . . . . . . . . B-5
overwritten . . . . . . . . . . . . . . . . . 2-6, 2-19 TreeCache initialization failure . . . . . . B-1
Property TreeCache local service port . . . . . . . . . B-5
PLM00015 J Web Application Deployment Guide Index-3

Index
TreeCache peers . . . . . . . . . . . . . . . . . B-6 Deployment, front-end HTTP server

TreeCacheTCP.xml file . . . . . . . . . . . . 2-25 WebSphere Application Server . . 2-16
Troubleshooting WebLogic Express . . . . . . . . . . . . . . 2-21
Four-tier deployment . . . . . . . . . . . . B-1 Web tier initialization failure when using
Server manager . . . . . . . . . . . . . . . . B-2 Windows Network Load Balancer . . . . B-1
Two-way SSL configuration . . . . . . . . . A-4 Web Tier Proxy WAR file . . . . . . . . . . . 2-27
web.xml file . . . . . . . . . . . . . . . . . . . . 2-28
U WebLogic
Overwritten session cookie . . . . . . . . B-9
uiworkermap.properties file . . . . . . . . . 2-9, WebLogic deployments . . . . . . . . . . . . 2-6,
2-12, A-17 2-20–2-21, 2-23, 2-27, 2-30, 3-7
Unexpected error detected by HotSpot . . B-6 WebLogic Express . . . . . . . . . . . . . . . . 2-26
uri_select registry entry . . . . . . . . 2-13, A-19 WebLogic Express (Web server) . . . . . . 2-27
WebLogic server . . . . . . . . . . . . . 2-26, 2-29
V WebLogic Server . . . . . . . . . . . . . . . . . 2-6,
2-20–2-21, 2-23, 2-26, 2-30
Virtual directory . . . . . . . . . . . . . 2-14–2-15 Apache Web tier . . . . . . . . . . . . . . . . 2-20
WebLogic Express Web tier . . . . . . . . 2-21
W WebSphere
J2C connection factory . . . . . . . . 2-5, 2-18
Web server farm . . . . . . . . . . . . . . . . . . 1-4 Maximum connections . . . . . . . . 2-5, 2-18
Web service extension . . . . . . . . . . . . . 2-15 Minimum connections . . . . . . . . 2-5, 2-18
Web tier Setting cookie path . . . . . . . . . . 2-6, 2-20
Apache HTTP Web Modules Properties . . . . . . . 2-6, 2-19
WebLogic Server . . . . . . . . . . . . 2-20 WebSphere application server . . . 2-16, 2-31
connection problems . . . . . . . . . . . . . B-2 WebSphere Application Server . . . . 2-4, 2-16
Deployment, basic Windows
JBoss application server/Microsoft Chinese characters . . . . . . . . . . . . . . B-10
IIS . . . . . . . . . . . . . . . . . . . . . 2-7 Windows registry . . . . . . . . 2-10, 2-12, A-18
WebLogic Server . . . . . . . . . . . . 2-6, extension_uri . . . . . . . . . . 2-10, 2-13, A-18
2-20–2-21, 2-23, 2-26, 2-30 log_file . . . . . . . . . . . . . . 2-10, 2-13, A-18
WebSphere Application Server . . . 2-4 log_level . . . . . . . . . . . . . 2-10, 2-13, A-18
WebSphere application server/IBM uri_select . . . . . . . . . . . . . . . . 2-13, A-19
HTTP server . . . . . . . . . . . . . 2-16 worker_file . . . . . . . . . . . 2-11, 2-13, A-19
Deployment, clustered worker_mount_file . . . . . . 2-11, 2-13, A-19
WebLogic server/Apache Web worker_file registry entry . . 2-11, 2-13, A-19
server . . . . . . . . . . . . . . . . . 2-29 worker_mount_file registry entry . . . . . A-19
WebLogic server/WebLogic worker_mount_file registry entry . . . . . 2-13
Express . . . . . . . . . . . . . . . . 2-26 worker_mount_file registry entry . . . . . 2-11
WebSphere application server/IBM workers.properties file . . . . . 2-9, 2-12, A-17
HTTP (Web) server . . . . . . . . 2-31
Index-4 Web Application Deployment Guide PLM00015 J

Teamcenter 10.1: Publication Number PLM00015 J

Uploaded by

Copyright:

Available Formats

Teamcenter 10.1: Publication Number PLM00015 J

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Teamcenter 10.1: Publication Number PLM00015 J

Uploaded by

Copyright:

Available Formats

Teamcenter 10.

Web Application Deployment Guide

This software and related documentation are proprietary to Siemens Product

2 Web Application Deployment Guide PLM00015 J

Proprietary and restricted rights notice . . . . . . . . . . . . . . . . . . . . . . . . . 2

Getting started deploying Web applications . . . . . . . . . . . . . . . . . . . . . . 1-1

Teamcenter Web application deployment . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Global Services Web application deployment . . . . . . . . . . . . . . . . . . . . . 3-1

Teamcenter client communication system and proxy server

Troubleshooting four-tier architecture deployment . . . . . . . . . . . . . . . B-1

HSE deployment configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

PLM00015 J Web Application Deployment Guide 3

Teamcenter client communication system architecture . . . . . . . . . . . . . A-2

4 Web Application Deployment Guide PLM00015 J

1 Getting started deploying

Deployment considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Teamcenter Web application deployment interface . . . . . . . . . . . . . . . . . . . . . 1-2

Determining your requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Basic concepts of Teamcenter Web application deployment . . . . . . . . . . . . . . . 1-3

PLM00015 J Web Application Deployment Guide

1 Getting started deploying

2. Review the different supported deployment configurations to determine which is

PLM00015 J Web Application Deployment Guide 1-1

Before you begin

Teamcenter Web application deployment interface

Determining your requirements

1-2 Web Application Deployment Guide PLM00015 J

Basic concepts of Teamcenter Web application deployment

PLM00015 J Web Application Deployment Guide 1-3

Major Process Boundary

HSE deployment configuration

1-4 Web Application Deployment Guide PLM00015 J

H-SE deployment configuration

Web Application Deployment Guide

Web Application Deployment Guide

/Resource Adapter Teamcenter

H-SE* deployment configuration

HTTP Server /Resource Adapter Teamcenter

H*-SE* deployment configuration

Web Application Deployment Guide

2 Teamcenter Web application

Teamcenter Web application deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Basic deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Basic deployment with front-end HTTP (Web) server . . . . . . . . . . . . . . . . . . . 2-7

Clustered deployment with front-end HTTP server . . . . . . . . . . . . . . . . . . . . 2-25

PLM00015 J Web Application Deployment Guide

Deploying clustered with front-end load-balanced HTTP servers . . . . . . . . . . . 2-31

Web Application Deployment Guide PLM00015 J

2 Teamcenter Web application

Teamcenter Web application deployment

This is a known issue with certain versions of JVM.

PLM00015 J Web Application Deployment Guide 2-1

Note For information about versions of operating systems, third-party software,

Deploy on JBoss application server (HSE)

2. Define JMX as a global module.

b. Locate the subsystem element for the urn:jboss:domain subsystem, and

2-2 Web Application Deployment Guide PLM00015 J

Locate the deployment-scanner element and add the

H-SE deployment configuration