02 ibm navigator 4 q14 arch and sys topology pit
-
Upload
eswar-eluri -
Category
Software
-
view
104 -
download
1
Transcript of 02 ibm navigator 4 q14 arch and sys topology pit
© 2014 IBM Corporation
Product Implementation Training (PIT)
IBM Watson Curator and IBM Navigator Version 1.0.12
Architecture and System Topology
Alexander Moosbrugger
Software Engineer
December 12, 2014
Course materials may not be reproduced in whole or in part without prior written permission of IBM
© 2014 IBM Corporation2
Introduction
Course Overview
This course will provide an overview of IBM Watson Curator and IBM
Navigator architecture and system topology
Target Audience
Anyone interested in learning about IBM Watson Curator and IBM
Navigator
Suggested Prerequisites
General knowledge of IBM ECM (FileNet P8, IBM Content Navigator)
SaaS “Go Live” Date: December 2014
© 2014 IBM Corporation3
Course Objectives
After this course you will be able to:
Describe IBM Watson Curator and IBM Navigator architecture
Explain the system topology of IBM Watson Curator and IBM Navigator
© 2014 IBM Corporation5
ECM Cloud – Service offerings (December 2014)
ECM CloudIBM Navigator
Collaboration for business
IBM Watson CuratorOptimize information for
Watson expertise
© 2014 IBM Corporation
IBM Watson Curator
Delivering relevant, qualified and governed content collections for
Watson
Increases user confidence by improving
information relevance and quality with Watson
Actively manages and guides subject matter
and data experts through the entire
process
IBM Navigator
Share and collaborate
on business content
Work with team
members on documents
Trusted and secure
Keep your files safe
Easy to use on
any device
Work with files when
mobile
Extending content to
other applications
Bring content to all your
applications
Collaboration for business
Unite your enterprise
© 2014 IBM Corporation8
ECM Cloud
ECM Cloud
Enterprise Content
ManagementTrusted Content
Collaboration and Sharing
(IBM Navigator only)
Application customization
via open standards -
CMIS
Enterprise grade
auditing, reliability &
securityIBM Managed Systems and
Support
SoftLayer Cloud
Content Curation
(IBM Watson Curator
only)
Mobile devices
iOS & Android
(IBM Navigator
only)
© 2014 IBM Corporation9
High Level Architecture – IBM Watson Curator
No ACCE adminNo Navigator adminNo Server side custom code
No Navigator plug-inNo P8 Java APINo P8 WS API
IBM SoftLayer Data Centers
Service InfrastructureStorage, Servers and Networking components
ECM Cloud FoundationAdministration, Reporting, Authentication, LDAP synchronization, Auditing, Security
Roles, Notification
Content Navigator
CMISNavigator Console
IBM Content Foundation(Content Platform Engine and Content Search Services)
Security Directory Server
LDAP Integration(Optional)
Custom Application(Optional)
OperationsMonitoring,
Security,Support,
Patches andupdates
StoredIQ(CMIS, Optional)
Watson (CMIS)
Case Manager
Curation Solution
© 2014 IBM Corporation10
High Level Architecture – IBM Navigator
No ACCE adminNo Navigator adminNo Server side custom code
No Navigator plug-inNo P8 Java APINo P8 WS API
IBM SoftLayer Data Centers
Service InfrastructureStorage, Servers and Networking components
ECM Cloud FoundationAdministration, Reporting, Authentication, LDAP synchronization, Auditing, Security
Roles, Notification
Content Navigator
w/SyncCMIS
Navigator Console
IBM Content Foundation(Content Platform Engine and Content Search Services)
Security Directory Server
LDAP Integration(Optional)
Custom Application(Optional)
OperationsMonitoring,
Security,Support,
Patches andupdates
© 2014 IBM Corporation11
IBM Watson Curator - Details
Service offering with preconfigured fixed feature set
• 1 end user desktop for Curation
• 1 tenant administrator desktops (reports)
• Fixed Watson Curator data model
No full featured IBM Case Manager (ICM) feature set
No tenant administrator/user access to IBM Content Navigator (ICN) admin desktop
No custom ICN plugins
Content Management Interoperability Services (CMIS)
• Allow custom applications via standardized API
• StoredIQ and Watson use CMIS API to interact with Watson Curator solution
IBM Content Foundation(Content Platform Engine and Content Search Services)
Navigator Console
Security Directory Server
CMIS
Content Navigator
Case Manager
Curation Solution
© 2014 IBM Corporation12
IBM Navigator - Details
Service offering with preconfigured fixed feature set
• 1 end user desktop
• 1 tenant administrator desktop (reports)
• Sync enabled
• Approval workflow enabled
• Teamspace enabled
1 sample teamspace
No tenant administrator/user access to IBM Content Navigator (ICN) admin desktop
No custom ICN plugins
Content Management Interoperability Services (CMIS)
• Allow custom applications via standardized API
IBM Content Foundation(Content Platform Engine and Content Search Services)
Content Navigator
w/SyncCMIS
Navigator Console
Security Directory Server
© 2014 IBM Corporation13
Tenant Administration & LDAP Integration
New service specific Navigator Console for tenant administration
• Manage Users, Groups, and service specific Roles
• Define content encryption key for Content Engine Storage Area
• Manage Document classes and properties (IBM Navigator only)
• Schedule and view reports
Two ways to add users and groups
• Create locally in cloud
• Synchronize users/groups with customer LDAP
Requires Passthrough authentication
• User uses his known customer enterprise password
• No passwords stored in cloud
• Work concurrently
IBM Content Foundation(Content Platform Engine and Content Search Services)
IBM WatsonCurator
IBM Navigator
Navigator Console
Security Directory Serveror
© 2014 IBM Corporation14
Content Platform Engine & Content Search Services
ECM Cloud Content Platform Engine (CPE) setup
• Encryption at Rest using storage area encryption
• Enabled 5.2.1 dual-write feature for high availability on storage failure
• Fixed set of object stores
Customer accessible object store
Administrative object store (No tenant user access)
• No CE admin clients available (ACCE, FEM)
• No CE APIS (Java, C)
• No Server side custom code
Content Search Services (CSS) setup
• Base Document classes CBR enabled
Document content is full-text searchable
IBM Content Foundation(Content Platform Engine and Content Search Services)
Navigator Console
Security Directory Server
IBM Watson Curator
IBM Navigatoror
© 2014 IBM Corporation15
Differences IBM Watson Curator and IBM Navigator
IBM Navigator IBM Watson Curator
Service Specific Roles Teamspace Creator
Teamspace Template Creator
Content Curator
Data Expert
Domain Expert
Team Lead
Initial User setup sysadmin (tenant administrator) + technical users
curationprovider (StoredIQ) &
curationconsumer (Watson)
Object Stores Customer Data &
Configuration/Reporting
+ Staging
Security Concept Customizable All curation users and roles
have access to all curation
data
Data Model Customizable Fixed
ICN End User Desktops Collaboration Desktop Curation Desktop
© 2014 IBM Corporation18
Key Considerations• Single tenant model.
Each customer has a
separate instance of P8.
• Single DevOps team
managing all instances
• On-Prem systems may
interact with the Cloud.
SoftLayer
ECM Cloud
Customer 1 Customer 2 Customer 3
SoftLayer US “POD”
SoftLayer
ECM Cloud Service Infrastructure
ECM Cloud Service Infrastructure
Customer 4 Customer 5 Customer 6
On-premOn-prem On-prem
SoftLayer EU “POD”
ECM Cloud ECM Cloud
ECM Cloud ECM Cloud ECM Cloud
On-premOn-prem On-prem
SaaS Deployment Model
© 2014 IBM Corporation19
Security and Standards Support
Security Features
• Unique security certificates for each customer ensures data-security
• Customer data protected using FIPS compliant AES-CTR with 128 bit encryption
Encryption keys are unique to each customer
• Protection using firewalls on the public facing networks against intrusions
Certifications
• ITCS104 compliance – IBM internal security standard for compliance
Service Level Objectives
• Recovery Point Objective (RPO): 24 hours (worst case scenario)
• Recovery Time Objective (RTO): 48 hours
© 2014 IBM Corporation21
Two Access Methods – Public Internet & VPN
F5
Restricted Yellow
Customer 1 VLAN
Customer 2 VLAN
Customer 3 VLAN
VIP
VIP
VIP
Vyatta
FW
Control Point
Basic Yellow
Restr. Yellow
Red
Basic Yellow
Restricted Yellow
• IBM Navigator
• Customer access via 1 or 2 but NOT both.
• IBM Watson Curator
• Customer access via 2 only.
• Traffic isolation is obtained using Vyatta & F5 ACL/Rules
• Storage is on a separated VLAN (traffic goes through the Vyatta)
https:// ecm.ibmnavigator.com
or custom url
Enterprise VPN 10.x.x.x
1
2
us03.navigator.ibmcloud.com
us02.navigator.ibmcloud.com
Management
Restricted Yellow
Storage
Restricted Yellow
VIP
VIP
VIP
F5
Contr
Point
Internet
© 2014 IBM Corporation22
Service Infrastructure
Vyatta VPN
Termination
F5 LB
(HyperV)
Customer 2
VM 1 VM 2 VM 3 VM 4
Active Dir
Hosts for
DNS
(Windows)
SMTP
Servers
VLAN-M
VLAN.c1
CustomersVLAN.c2
VLAN.c3
Jump Server
Automation
ITCS104
Jump Server /
Deployment /
Monitoring /
Billing /
Qradar
Customer 3
QuantaStor
Vyatta
Firewall
VLAN-S
= Shared Components
© 2014 IBM Corporation23
Software Components Details
QuantaStor
VM 1
HTTP Server
WAS ND
VM 2
HTTP Server
WAS ND
Navigator Console
Content Navigator / CMIS
(+ Case Manager for Watson Curator)
Content Platform Engine
Cognos
File System Client File System Client
VM 3 VM 4
CSS Search & Index
File System Client File System Client
HA/DR
Sync
TSA
Replication
Sync
TSA
SDS
Master
SDS
Master
DB2
Primary
DB2
Standby
WebSphereDeployment Manager
CSS Search & Index
© 2014 IBM Corporation24
Application Layer HA enablement
Two Http servers configured for HA
Use WebSphere Application Server Network
Deployment to provide HA environment
• Applications (Navigator Console, ICN, ICM,
CMIS, CPE) configured for high availability
• Cognos (administrative reports) not HA enabled
in Q4 release
VM 1
HTTP Server
WAS ND
VM 2
HTTP Server
WAS ND
Navigator Console
Content Navigator / CMIS
(+ Case Manager for Watson Curator)
Content Platform Engine
Cognos
File System Client File System Client
© 2014 IBM Corporation25
Database, LDAP, CSS HA enablement
DB2 database setup in HA/DR mode
• One active DB2 instance
• One standby instance
• Instant switch to standby DB2 in case of active
DB2 failure
Security Directory Server
• Active-Active HA configuration
Content Search Services
• Setup for HA
VM 3 VM 4
CSS Search & Index
File System Client File System Client
HA/DR
Sync
TSA
Replication
Sync
TSA
SDS
Master
SDS
Master
DB2
Primary
DB2
Standby
WebSphereDeployment Manager
CSS Search & Index
© 2014 IBM Corporation26
Storage Layer HA enablement
High Availability: CPE 5.2.1 Dual Write
• Asynchronous replication
• Two replicas (1 required)
Customer 1
QuantaStor Device 1 with NFS
P8 Primary Replica1
OS 1 OS 2 OS 3
QuantaStor Device 2 with NFS
P8 Primary Replica2
OS 1 OS 2 OS 3
Customer 2 Customer 3
QuantaStor
© 2014 IBM Corporation27
Storage Layer HA enablement (Device Failure)
P8 system can cope with single storage failure
• QuantaStor device #2 fails
All writes to P8 Replica2 fail
P8 Replica1 online
No service disruption
P8 queuing content writes for Replica2
Service operating with storage single point of failure
Customer 1
QuantaStor Device 1 with NFS
P8 Primary Replica1
OS 1 OS 2 OS 3
QuantaStor Device 2 with NFS
P8 Primary Replica2
OS 1 OS 2 OS 3
Customer 2 Customer 3
© 2014 IBM Corporation28
Storage Layer HA enablement (Recovery)
Two recovery methods based on device recovery characteristic
Repair device recovery
• Repair device
• P8 writes queued content since failure
• Recovery time measured in hours
Replace device recovery
• Bring new device online
• Rebuild P8 Replica2 manually from Replica1
• Expected recovery time measured in days
Customer 1
QuantaStor Device 1 with NFS
P8 Primary Replica1
OS 1 OS 2 OS 3
QuantaStor Device 2 with NFS
P8 Primary Replica2
OS 1 OS 2 OS 3
Customer 2 Customer 3
© 2014 IBM Corporation29
Backup & Disaster Recovery
Daily online-backup
• No downtime during backup
• Backup scripts are running on all customer systems
• Triggers backups for DB2, TDS, WAS. Backups are
stored on QuantaStor
• In addition also creates snapshots for content and
index
Disaster Recovery
• QuantaStor replicates content
• Recovery Point Objective (RPO): 24 hours
• Recovery Time Objective (RTO): 48 hours
Disaster Recovery steps
• Deploy new system with deployment scripts
(like for a new customer)
• Restore data from the DR data
• Restart the service
SoftLayer
Data Center 2
SoftLayer
Data Center 1
QuantaStor
replication for DR
QuantaStor 1
cron triggered script
Create SnapshotsTriggers backups
QuantaStor 2
© 2014 IBM Corporation30
Course Roadmap
• Product Fundamentals
Product Use/Demonstration
Installation Overview
Configuration Guidelines
Administration Best Practices
• Customization/API Overview
• Best Practices
Course Summary
© 2014 IBM Corporation31
Course Summary
You have completed this course and can:
Describe IBM Watson Curator and IBM Navigator architecture
Explain the system topology of IBM Watson Curator and IBM Navigator
© 2014 IBM Corporation32
Contacts
Delivery Manager: Stephen Mason
Development Manager: Dieter Schieber
Support: Floyd Rose and Daryl Rivera
Information Development: Iris Gloeck