Tips and Tricks on IBM FileNet P8 Content Manager

Getting Started with IBM FileNet P8 Content Manager

Install, customize, and administer the powerful FileNet Enterprise Content Management platform

Quickly get up to speed on all significant features and the major components of IBM FileNet P8 Content Manager

Provides technical details that are valuable both for beginners and experienced Content Management professionals alike, without repeating product reference documentation

Gives a big picture description of Enterprise Content Management and related IT areas to set the context for Content Manager

Written by an IBM employee, Bill Carpenter, who has extensive experience in Content Manager product development, this book gives practical tips and notes with a step-by-step approach to design real Enterprise Content Management solutions to solve your business needs

Installation care

If you are using a virtual server image with snapshot capability, it’s a good idea to use snapshots. In fact, we recommend that after each of the major installation steps. If something goes wrong in a later step, you can recover back to the snapshot point to save yourself the trouble of starting over.

WAS Bootstrap Hostname

In a development environment, the domain name might not resolve in your DNS. In that case, enter the IP address for that server instead.

Populating Tivoli Directory Server (TDS)

We could use the TDS Realms interface to construct our users and groups. If you use TDS in your enterprise, that’s a good way to go. It offers several user interface niceties for directory administration, and it also offers partial referential integrity for the entries.

Directory concepts and notation

Directory concepts and notation can seem pretty odd. Most people don’t encounter them every day. There is a lot of material available on the web to explain both the concepts and the notation. Here is one example that is clearly written and oriented toward directory novices: http://www.skills-1st.co.uk/papers/ldapschema-design-feb-2005/index.html.

Close up all of the nodes before you exit FEM

FEM remembers the state of the tree view from session to session. When you start FEM the next time, it will try to open the nodes you had open when you exited. That will often mean something of a delay as it reads extensive data for each open Object Store node. You might find it a useful habit to close up all of the nodes before you exit FEM.

Using topology levels

A set of configuration data, if used, is used as the complete configuration. That is, the configuration objects at different topology levels are not blended to create an "effective configuration".

Trace logging

Although similar technologies are used to provide trace logging in the CE server and the client APIs, the configuration mechanisms are completely separate. The panels in FEM control only tracing within the CE server and do not apply to any client tracing.

If you find that performance still drags or that the trace log file continues to grow even after you have disabled trace logging in the Domain configuration, it could be that trace logging is still configured at a more specific level. That's very easy to overlook, especially in more complex deployments or where CM administration duties are shared.

Collaborative checkout

Even with a collaborative checkout, the subsequent checkin is still subject to access checks, so you can still have fine-grained control over that. In fact, because you can use fine-grained security to limit who can do a checkin, you might as well make the Object Store default be Collaborative unless you have some specific use case that demands Exclusive.

Cancel the creation of the class

Although the final step in the Create a Class Wizard will still let you cancel the creation of the class, any property templates and choice lists you created along the way will already have been created in the Object Store. If you wish to completely undo your work, you will have to delete them manually.

FEM query interface

A historical quirk of the FEM query interface is that the SELECT list must begin with the This property. That is not a general requirement of CE SQL.

Running the CSE installer

If you are running the CSE installer and eventually the CSE itself on the same machine as the CE, you might be tempted to use localhost as the CSE server host. From the CE point of view, that would be technically correct. However, exploiting little tricks like that is a bad habit to get into. It certainly won't work in any environment where you install the CSE separately from the CE or have multiple CSE servers installed. We suggest you use a proper host name.

Be sure to get the server name correct since the installer and the Verity software will sprinkle it liberally throughout several configuration files. If it is not correct by default, which is one of the hazards of using dynamic IP addresses, correct it now.

CBR Locale field

uni stands for Unicode and is generally the best choice for mixed languages support. If you think you don't need mixed-languages support, there's a pretty good chance you are mistaken, even if all of your users have the same locale settings in their environments. In any case, if you are tempted to use a different CBR locale, you should first read the K2 locale customization guide, since it's a reasonably complicated topic.

Process Service does not start

If the Process Service does not start, check to make sure that the Windows service named Process Engine Services Manager is started. If not, start it manually and make sure it is marked it for automatic startup.

Configure two WAS profiles

When trying to duplicate configuration aspects of one WAS profile into another WAS profile, we could theoretically have the WAS consoles open simultaneously in separate browser windows, which would facilitate side-by-side comparisons. In practice, this is likely to confuse the browser cookies holding the session information and drive you slightly crazy. If you have two different browsers installed, for example Firefox and Internet Explorer, you can open one WAS console in each.

Disk space used by XT

Disk space used by XT may exceed your expectations. We recommend having at least 2 gigabytes of disk space available when doing an XT installation. A lot of that can be recovered after XT is deployed into the application server.

Object deletion

Deleted objects are really, permanently deleted by the CE server. There is no undo or recycle bin or similar mechanism unless an application implements one.

Notional locking & Cooperative locking

Don't confuse the notional locking that comes via checkout with the unrelated feature of cooperative locking. Cooperative locking is an explicit mechanism for applications to mark a Document, Folder, or Custom Object as being locked. As the name implies, this only matters for applications which check for and honor cooperative locks. The CE will not prevent any update operation—other than locking operations themselves—just because there is a cooperative lock on the object.

Synchronous or asynchronous subscription

As a terminology convenience, events or event handlers are sometimes referred to as being synchronous or asynchronous. This is not technically correct because the designation is always made on the subscription object. An event can have either kind of subscription, and an event handler can be invoked both ways.

Synchronous subscription event handlers

The CE does not always throw an exception if the event handler for a synchronous subscription updates the triggering object. This has allowed many developers to ignore the rule that such updates are not allowed, assuming it is merely a best practice. Nonetheless, it has always been the rule that synchronous subscription event handlers are not allowed to do that. Even if it works in a particular instance, it may fail at random times that escape detection in testing. Don't fall into this trap!

AddOn in the P8 Domain

If you don't happen to be a perfect person, you might have to iterate a few times during the creation and testing of your AddOn until you get things exactly the way you want them. For the sake of mere mechanical efficiency, we usually do this kind of work using a virtual machine image that includes a snapshot capability. We make a snapshot just before creating the AddOn in the P8 Domain. Then we do the testing. If we need to iterate, it's pretty fast to roll back to the snapshot point.

"anonymous access" complaints from the CE

When an application server sees a Subject that it doesn't trust, since there is no trust relationship with the sending application server, it will often simply discard the Subject or strip vital information out of it. Hence the complaints from the CE that you are trying to do "anonymous access" often mean that there is something wrong with your trust relationship setup.

Unknown ACE

An "unknown" Access Control Entry (ACE) in an Access Control List (ACL) comes about because ACEs sometimes get orphaned. The user or group mentioned in the ACE gets deleted from the directory, but the ACE still exists in the CE repository. These ACEs will never match any calling user and so will never figure into any access control calculation.

Application developers have to be aware of this kind of ACE when programmatically displaying or modifying the ACL. The unknown ACEs should be silently filtered out and not displayed to end users. (FEM displays unknown ACEs, but it is an administrator tool.) If updates are made to the ACL, the unknown ACEs definitely must be filtered out. Otherwise, the CE will throw an exception because it cannot resolve the user or group in the directory.

Virtualization

Several years ago, CM product documentation said that virtual machine technology was supported, but that you might have to reproduce any problems directly on physical hardware if you needed support. That's no longer the case, and virtualization is supported as a first-class citizen.

For your own purposes, you will probably want to evaluate whether there are any significant performance costs to the virtualization technology you have chosen. The safest way to evaluate that is under similar configuration and load as that of your intended production environment.

File Storage Area

Folders used internally within a File Storage Area for content have no relationship to the folders used for filing objects within an Object Store. On reflection, this should be obvious, since you can store content for unfiled documents. Whereas the folders in an Object Store are an organizing technique for objects, the folders in a File Storage Area are used to avoid overwhelming the native filesystem with too many files in a single directory (which can impact performance).

Sticky sessions

All API interactions with the CE are stateless. In other words, except for load balancing, it doesn't matter which CE server is used for any particular API request. Requests are treated independently, and the CE does not maintain any session state on behalf of the application. On the other hand, some CM web applications do need to be configured for sticky sessions. A sticky session means that incoming requests (usually from a web browser) must return to the same copy of the application for subsequent requests.

Disaster Recovery (DR)

There is technology available for near real time replication for DR. It can be tempting to think of your DR site as your data backup, or at least eliminating the need for traditional backups. It seems too good to be true since all of your updates are almost instantaneously copied to another datacenter. The trap is that the replication can't tell desirable updates from mistakes. If you have to recover some of your data because of an operational mistake (for example, if you drop the tables in an Object Store database), the DR copy will reflect the same mistake. You should still do traditional backups even if you have a replicated DR site.