Install the Service Manager Web Tier

The Service Manager web tier uses both a web server and a web application server to access Service Manager forms through a web browser. The web server handles incoming HTTP requests while the web application server runs the Java and JSP necessary for connecting to Service Manager.

Install the web tier by deploying the webtier-x.xx.war or webtier-ear-x.xx.ear to your web application server. Some web application servers also require you to install the Sun J2SE Java Development Kit (JDK).

1. Enable the following browser settings:
   • Cookies
   • Java
   • JavaScript
   • Pop-ups. You can add the Service Manager server URL to the pop-up exception list.
2. The Service Manager Web tier uses SSL encryption between the web browser and web application server by default. You must provide a valid web application server certificate to use the following SSL features:
   • Encrypt all communication with the web application server
   • Protect against complex SSL-related attacks

   • Authenticate that the web application server is a valid host

     Note If you only want to demonstrate the web tier functionality, you can disable the secureLogin parameter from the web tier configuration file (<web tier .war file>\WEB-INF\web.xml)

   For more information, refer to the online Help for Required SSL encryption.
3. To display the workflow graphical view, install the Sun Java Runtime Environment (JRE) on the local host.
4. Determine the web architecture that you need to support your web tier. A Service Manager web tier requires at least one web application server to run. Depending on the features and scale of your web tier, it may also require a dedicated production web server and additional web application servers. If you use any of the implementation options list below, you need to install and configure a dedicated production web server. If you are not running any of the configurations listed below, then you can run your web tier from a single web application server:

   • A trusted sign-on implementation: You want web client users to log in to Service Manager without entering a user name and password.

     A trusted sign-on implementation requires a web server to accept the pre-authenticated HTTP header information from your authentication software (such as SiteMinder or Integrated Windows Authentication). You must install and configure the authentication software separately. See your web server documentation for information about the HTML headers that your web server expects from your authentication software. For additional information, go to the Software Support Online site at https://softwaresupport.softwaregrp.com/ and search for the following white paper on setting up single sign-on in Service Manager: SSL Setup and Single Sign-on in Service Manager using Windows or Third Party Authentication.

   • A load balanced implementation: You want to distribute web client connections among multiple web application servers.

     A load-balanced implementation uses a web server to route connection requests to two or more web application servers. You must configure the web server to identify the web application servers (also known as workers) that are available to accept web client requests. For some web server and web application server combinations, you may need to install additional connection software. For example, to route requests to Tomcat web application servers using the Apache web server, you must install the proper connector. See your web server and web application server documentation for information about routing HTTP requests to available worker web application servers.

   • A scaled implementation to support a large number of concurrent users: You want to support 300 or more concurrent web client connections.

     A scaled implementation uses the load balanced implementation described above to support a large number of concurrent web client users. As a general rule, we recommend starting one worker web application server for every 300 concurrent web client connections you want your web tier to support.

The Service Manager web tier contains a J2EE-compliant web application that must run on a web application server. Before you proceed, you must have a supported web application server installed. For the supported versions of different web application servers, see Service Manager Support Matrix on the Micro Focus Support matrices web site.

Once your web application server is ready for use, deploy the web tier on your web application server. Each web application server has its own method of deploying web applications. See your web application server documentation for specific instructions on deploying a web application. This section provides example implementation instructions.

Enable HTTPOnly and Secure session cookies in your web application server

It is recommended to enable HTTPOnly and Secure cookies in your web application server to help prevent malicious JavaScript injection and make the browser (or other http clients) only send cookies over SSL connections. For more information, see KM02233778.

Deploy the web tier

The following table provides a summary of the deployment method required for each supported web application server.

Web tier log files: The default log file is sm.log, located in <web app install dir>\bin. You can change the default log file and location in log4jproperties, which is located in <web app install dir>\webtier-x.xx\WEB-INF.

Example deployment on Tomcat

This example describes the steps to deploy the webtier-x.xx.war file on 8.5.x.

1. Log in to the server as a user with local administrator privileges.
2. Stop the Tomcat Web application server.

3. From the web tier package, copy or save the webtier-x.xx.war file onto your Tomcat webapps directory. For example, C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps.

4. Start the Tomcat server. Tomcat automatically opens the webtier-x.xx.war file and creates a webtier-x.xx virtual directory.

   If Tomcat does not create a webtier-x.xx directory when started, check the log files and contact support with the information found in the log files.

5. Edit the web.xml file located in the virtual directory to add your server connection information. The settings you define in this file determine the client preferences for all web clients. View the Service Manager online help for a complete list and more detailed explanation of each parameter.
   1. Open the web.xml file in a text editor.

   2. Set the secureLogin, sslPort, serverHost, and serverPort parameters.

      Parameter	Default value	Description
      secureLogin	true	Controls the encryption of network communication between the web application server and the web browser. Set it to false if you do not use Secure Sockets Layer (SSL) connections to the web server. Note: To use secure login, you must enable SSL on your web application server. For details, refer to your web application server documentation.
      sslPort	8443	This parameter is needed only when secureLogin is set to true. Set it to the SSL port of the web application server.
      serverHost	localhost	Specifies the name of the Service Manager host server.
      serverPort	13080	Specifies the communications port number to which the Service Manager server listens.

   3. Set other common parameters as desired. The table below lists the commonly set parameters and their default values.

      Parameter	Default value	Description
      cacerts	WEB-INF/cacerts	Lists the path to the CA certificates required for SSL support.
      compress_soap	true	Specifies if you want to use data compression between web clients and the web tier.
      helpServerHost		Specifies the name of the Help Server. See Web parameter: helpServerHost.
      helpServerPort		Specifies the communications port number to which the Help Server listens. See Web parameter: helpServerPort.
      helpServerContext	help	Specify the context path of the help server home page URL. See Web parameter: helpServerContext.
      showHelp	false	Enabling this parameter causes Web clients to display the Online Help and Shortcut List options after users click the Help (question mark) button. The Online Help option allows users to access the Help Server you define in the web.xml file. If this parameter is set to false, clicking the Help button will directly bring up the web client keyboard shortcut list.
      refreshMessages	true	Determines whether the browser checks for new messages from the application server.
      refreshMessagesInterval	15000	Determines how often (in milliseconds) the browser checks for new messages from the application server.
      ssl	false	Enables the web client to encrypt communications using the server’s demonstration certificate.
      viewactivenotes	false	Determines whether you see a pop-up message when the server sends a message.

6. Save and close web.xml.
7. Endorsed JAR files are no longer required. If you installed them in previous installations, remove them.

8. Restart the Tomcat server.

9. Set the web application server heap size. The web application server heap size determines how many connections each web application server can handle. Most application servers require a heap size of at least 256 MB for optimal performance. If you experience poor performance from your web client connections, increase the web application server heap size. See your web application server documentation for instructions.

Example deployment on WebSphere Application Server

This example describes deploying the webtier-ear-x.xx.ear file on WebSphere Application Server versions 8.5.

1. Log in to the server as a user with local administrator privileges.
2. From the web tier package, copy or save the webtier-ear-x.xx.ear file onto your local system.
3. Start the WebSphere application server.

4. Set the web application server heap size. The web application server heap size determines how many connections each web application server can handle. Most application servers require a heap size of at least 256 MB for optimal performance. If you experience poor performance from your web client connections, increase the web application server heap size. See your web application server documentation for instructions.

5. Log on to the WebSphere administrative console with system administrator privileges.

6. Install the webtier-ear-x.xx.ear file.

   1. Go to Applications > New Application > New Enterprise Application.

   2. Select Local file system, and browse to the webtier-ear-x.xx.ear file.

   3. Click Next. WebSphere starts uploading the web tier application. This may take a while.

7. Click Next to accept the default settings in the next screens until you reach "Step 4: Summary", and then click Finish. The installation of the web tier ear file begins.
8. When the installation is complete, click Save to save your local configuration changes to the master configuration.

9. The webtier-ear-x.xx.ear file contains webtier-x.xx.war. Inside of that is the web tier configuration file (web.xml). Edit it to add your server connection information. The settings you define in this file determine the client preferences for all web clients. View the Service Manager online help for a complete list and more detailed explanation of each parameter.

   1. Open the web.xml file in a text editor. The web.xml file is deployed in the following folder: <WebSphere installation path>\AppServer\profiles\<Profile Name>\config\cells\<Node name>Cell\applications\Service Manager x.xx Web.ear\deployments\Service Manager x.xx Web\webtier-x.xx.war\WEB-INF.

      For example: C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\AppSrv02\config\cells\IWFVM01268Node02Cell\applications\ Service Manager x.xx Web.ear\deployments\Service Manager x.xx Web\webtier-x.xx.war\WEB-INF.

   2. Set the secureLogin, sslPort, serverHost, and serverPort parameters.

      Parameter	Default value	Description
      secureLogin	true	Controls the encryption of network communication between the web application server and the web browser. Set it to false if you do not use Secure Sockets Layer (SSL) connections to the web server. Note To use secure login, you must enable SSL on your web application server. For details, refer to your web application server documentation.
      sslPort	8443	This parameter is needed only when secureLogin is set to true. Set it to the SSL port of the web application server.
      serverHost	localhost	Specifies the name of the Service Manager host server.
      serverPort	13080	Specifies the communications port number to which the Service Manager server listens.

   3. Set other common parameters as desired. The table below lists the commonly set parameters and their default values.

   Parameter	Default value	Description
   cacerts	WEB-INF	Lists the path to the CA certificates required for SSL support.
   compress_soap	true	Specifies if you want to use data compression between web clients and the web tier.
   helpServerHost	localhost	Specifies the name of the Help Server.
   helpServerPort	80	Specifies the communications port number to which the Help Server listens.
   helpServerContext	help	Defines the context path when deploying the Service Manager help on a web server (for example, Apache). The context path refers to the virtual directory name where the Service Manager help is installed. It excludes the web server’s document directory path. For example, if the help is deployed in C:/Apache/2.4/htdocs/sm_help, the document directory path is C:/Apache/2.4/htdocs/ and the virtual directory name is sm_help. Therefore, the context path is sm_help.
   showHelp	false	Enabling this parameter causes Web clients to display the help server option after users click the Help (question mark) icon, which allows users to access the Help Server you define in the web.xml file.
   refreshMessages	true	Determines whether the browser checks for new messages from the application server.
   refreshMessagesInterval	15000	Determines how often (in milliseconds) the browser checks for new messages from the application server.
   ssl	false	Enables the web client to encrypt communications using the server’s demonstration certificate.
   viewactivenotes	false	Determines whether you see a pop-up message when the server sends a message.

   4. Save, close and re-archive the files.
10. Configure the application properties.
    1. Go to Applications > Application Types > WebSphere enterprise applications.

    2. Click Service Manager x.xx Web to open the Configuration tab, and under Detail Properties click Class loading and update detection, and make sure the default settings are selected.

       Setting	Value (default)
       Class load order	Classes loaded with parent class loader first
       WAR class loader policy	Class loader for each WAR file in application

    3. Click Apply.
11. Configure the Service Manager module.
    1. Go to Applications > Application Types > WebSphere enterprise applications >Service Manager x.xx Web > Manage Modules.

    2. Click the Service Manager module, and select the following setting.

       Setting	Value
       Class load order	Classes loaded with local class loader first (parent last) Note Keep the other settings on the page as default.

    3. Click Apply.

12. Configure the default http transport port of the WebSphere application server.

    Note You will use this port when launching the Service Manager web client.

    1. Go to Servers > Server Types > WebSphere application servers > server 1.

    2. In the Communications > Ports section, make note of the WC_defaulthost port number (for example, 9082).

    3. You can change this port number to one that is not in use (for example, 9085). This port number is automatically synchronized to the port number in Application Servers > Server 1 > Web container transport chains > HttpQueueInboundDefault.
    4. Click Environment > Virtual hosts > default_host > Host Aliases, and make sure that the port number is in the Host Aliases list. If it is not, do the following to add the WC_defaulthost port number to the list.
       1. Click New.
       2. Type the following port information:
          • Host Name: *
          • Port: xxxx (for example, 9085)
       3. Click Apply and then click OK. The port number is added to the Host Aliases list of default_host.
    5. Click Save to save the changes to the master configuration.
    6. Restart the WebSphere Application Server.

       Now the server will start binding to the new port.

       Note If you did not change the port number, you do not need to restart the server.

13. Add a Web container custom property setting. This step is required for particular error pages that match the error exception types defined in the web tier configuration file (web.xml) to display in the user's web browser.

    1. In the administrative console, click Servers > Server Types > WebSphere application servers.

    2. Click the server to which the custom property is to be applied.

    3. Under Configuration > Container settings, click Web Container Settings > Web container.

    4. Under Configuration > Additional Properties, click Custom Properties.

    5. On the Custom Properties page, click New.

    6. On the settings page, enter the following values in the Name and Value fields: 

       Name:com.ibm.ws.webcontainer.enableErrorExceptionTypeFirst

       Value: true

    7. Click Apply or OK.

    8. In the "Messages" box that appears, click Save.

    9. Restart the server for the custom property to take effect.

14. Go to Applications > Applications Type > WebSphere enterprise applications, select Service Manager x.xx Web, and click Start.

    When the application is successfully started, its state changes to green.

15. Launch the Service Manager web client using a URL like the following:
    http://<WAS application server name>:<Port>/webtier-x.xx/index.do
    where: <Port> is the WC_defaulthost port number.
    
    For example: http://abc.def.hp.net:9085/webtier-x.xx/index.do
    

You can configure a web server to redirect web-client specific URLs to the Service Manager Web tier. The following instructions illustrate redirecting requests from a Windows Internet Information Services (IIS) web server to the default Web tier URL.

Edit the workers2.properties file in IIS to include the following five parameters:

• [uri:/webtier-x.xx/servlet/*]
  info=Prefix mapping
• [uri:/webtier-x.xx/*.jsp]
  info=Extension mapping
• [uri:/webtier-x.xx/*.do]
  info=Extension mapping
• [uri:/webtier-x.xx/attachments/*]
  info=Extension mapping
• [uri:/webtier-x.xx/cwc/nav.menu]
  info=Extension mapping

To connect to Service Manager by using a browser:

1. Use the following URLs to access Service Manager from the web tier.
   For <server>, type the name of the web server running the web tier.
   For <port>, type the communications port number used to connect to the web tier.

• Standard web client: http://<server>:<port>/webtier-x.xx/index.do
• Employee self-service web client: http://<server>:<port>/webtier-x.xx/ess.do
• Accessible web client: http://<server>:<port>/webtier-x.xx/accessible.do. The accessible web client does not display a record list detail page.

• Accessible employee self-service web client: http://<server>:<port>/webtier-x.xx/accessible_ess.do

  Note You do not need to specify the communications port in the web tier URL if you use the default web server port (port 80). See your web server documentation for instructions on setting the communications port.

2. Enter the following information:

   • User name and Password: The user name and password that you use to log in to the server

     Note The login account that you enter must already exist in Service Manager. Service Manager provides an out-of-box login account with System Administrator privileges: System.Admin (with a blank password). We recommend that you disable this account or change its password after creating accounts for all of your users. For information about how to create user accounts, see the Service Manager help.

   • Language: The language to use for this session (can differ from the language set on the computer)

3. Click Log In.