02 ibm navigator 4 q14 arch and sys topology pit

© 2014 IBM Corporation

Product Implementation Training (PIT)

IBM Watson Curator and IBM Navigator Version 1.0.12

Architecture and System Topology

Alexander Moosbrugger

Software Engineer

December 12, 2014

Course materials may not be reproduced in whole or in part without prior written permission of IBM

© 2014 IBM Corporation2

Introduction

Course Overview

This course will provide an overview of IBM Watson Curator and IBM

Navigator architecture and system topology

Target Audience

Anyone interested in learning about IBM Watson Curator and IBM

Navigator

Suggested Prerequisites

General knowledge of IBM ECM (FileNet P8, IBM Content Navigator)

SaaS “Go Live” Date: December 2014


Course Objectives

After this course you will be able to:

Describe IBM Watson Curator and IBM Navigator architecture

Explain the system topology of IBM Watson Curator and IBM Navigator


Course Roadmap

Architecture

• System Topology

• Course Summary

• Contacts


ECM Cloud – Service offerings (December 2014)

ECM CloudIBM Navigator

Collaboration for business

IBM Watson CuratorOptimize information for

Watson expertise

© 2014 IBM Corporation

IBM Watson Curator

Delivering relevant, qualified and governed content collections for

Watson

Increases user confidence by improving

information relevance and quality with Watson

Actively manages and guides subject matter

and data experts through the entire

process

IBM Navigator

Share and collaborate

on business content

Work with team

members on documents

Trusted and secure

Keep your files safe

Easy to use on

any device

Work with files when

mobile

Extending content to

other applications

Bring content to all your

applications

Collaboration for business

Unite your enterprise


ECM Cloud

ECM Cloud

Enterprise Content

ManagementTrusted Content

Collaboration and Sharing

(IBM Navigator only)

Application customization

via open standards -

CMIS

Enterprise grade

auditing, reliability &

securityIBM Managed Systems and

Support

SoftLayer Cloud

Content Curation

(IBM Watson Curator

only)

Mobile devices

iOS & Android

(IBM Navigator

only)


High Level Architecture – IBM Watson Curator

No ACCE adminNo Navigator adminNo Server side custom code

No Navigator plug-inNo P8 Java APINo P8 WS API

IBM SoftLayer Data Centers

Service InfrastructureStorage, Servers and Networking components

ECM Cloud FoundationAdministration, Reporting, Authentication, LDAP synchronization, Auditing, Security

Roles, Notification

Content Navigator

CMISNavigator Console

IBM Content Foundation(Content Platform Engine and Content Search Services)

Security Directory Server

LDAP Integration(Optional)

Custom Application(Optional)

OperationsMonitoring,

Security,Support,

Patches andupdates

StoredIQ(CMIS, Optional)

Watson (CMIS)

Case Manager

Curation Solution


High Level Architecture – IBM Navigator

No ACCE adminNo Navigator adminNo Server side custom code

No Navigator plug-inNo P8 Java APINo P8 WS API

IBM SoftLayer Data Centers

Service InfrastructureStorage, Servers and Networking components

ECM Cloud FoundationAdministration, Reporting, Authentication, LDAP synchronization, Auditing, Security

Roles, Notification

Content Navigator

w/SyncCMIS

Navigator Console



LDAP Integration(Optional)

Custom Application(Optional)

OperationsMonitoring,

Security,Support,

Patches andupdates


IBM Watson Curator - Details

Service offering with preconfigured fixed feature set

• 1 end user desktop for Curation

• 1 tenant administrator desktops (reports)

• Fixed Watson Curator data model

No full featured IBM Case Manager (ICM) feature set

No tenant administrator/user access to IBM Content Navigator (ICN) admin desktop

No custom ICN plugins

Content Management Interoperability Services (CMIS)

• Allow custom applications via standardized API

• StoredIQ and Watson use CMIS API to interact with Watson Curator solution


Navigator Console


CMIS

Content Navigator

Case Manager

Curation Solution


IBM Navigator - Details

Service offering with preconfigured fixed feature set

• 1 end user desktop

• 1 tenant administrator desktop (reports)

• Sync enabled

• Approval workflow enabled

• Teamspace enabled

1 sample teamspace

No tenant administrator/user access to IBM Content Navigator (ICN) admin desktop

No custom ICN plugins

Content Management Interoperability Services (CMIS)

• Allow custom applications via standardized API


Content Navigator

w/SyncCMIS

Navigator Console



Tenant Administration & LDAP Integration

New service specific Navigator Console for tenant administration

• Manage Users, Groups, and service specific Roles

• Define content encryption key for Content Engine Storage Area

• Manage Document classes and properties (IBM Navigator only)

• Schedule and view reports

Two ways to add users and groups

• Create locally in cloud

• Synchronize users/groups with customer LDAP

Requires Passthrough authentication

• User uses his known customer enterprise password

• No passwords stored in cloud

• Work concurrently


IBM WatsonCurator

IBM Navigator

Navigator Console

Security Directory Serveror


Content Platform Engine & Content Search Services

ECM Cloud Content Platform Engine (CPE) setup

• Encryption at Rest using storage area encryption

• Enabled 5.2.1 dual-write feature for high availability on storage failure

• Fixed set of object stores

Customer accessible object store

Administrative object store (No tenant user access)

• No CE admin clients available (ACCE, FEM)

• No CE APIS (Java, C)

• No Server side custom code

Content Search Services (CSS) setup

• Base Document classes CBR enabled

Document content is full-text searchable


Navigator Console


IBM Watson Curator

IBM Navigatoror


Differences IBM Watson Curator and IBM Navigator

IBM Navigator IBM Watson Curator

Service Specific Roles Teamspace Creator

Teamspace Template Creator

Content Curator

Data Expert

Domain Expert

Team Lead

Initial User setup sysadmin (tenant administrator) + technical users

curationprovider (StoredIQ) &

curationconsumer (Watson)

Object Stores Customer Data &

Configuration/Reporting

+ Staging

Security Concept Customizable All curation users and roles

have access to all curation

data

Data Model Customizable Fixed

ICN End User Desktops Collaboration Desktop Curation Desktop


Course Roadmap

• Architecture

System Topology

• Course Summary

• Contacts


Worldwide Availability


Key Considerations• Single tenant model.

Each customer has a

separate instance of P8.

• Single DevOps team

managing all instances

• On-Prem systems may

interact with the Cloud.

SoftLayer

ECM Cloud

Customer 1 Customer 2 Customer 3

SoftLayer US “POD”

SoftLayer

ECM Cloud Service Infrastructure

ECM Cloud Service Infrastructure

Customer 4 Customer 5 Customer 6

On-premOn-prem On-prem

SoftLayer EU “POD”

ECM Cloud ECM Cloud

ECM Cloud ECM Cloud ECM Cloud

On-premOn-prem On-prem

SaaS Deployment Model


Security and Standards Support

Security Features

• Unique security certificates for each customer ensures data-security

• Customer data protected using FIPS compliant AES-CTR with 128 bit encryption

Encryption keys are unique to each customer

• Protection using firewalls on the public facing networks against intrusions

Certifications

• ITCS104 compliance – IBM internal security standard for compliance

Service Level Objectives

• Recovery Point Objective (RPO): 24 hours (worst case scenario)

• Recovery Time Objective (RTO): 48 hours


Network Security


Two Access Methods – Public Internet & VPN

F5

Restricted Yellow

Customer 1 VLAN

Customer 2 VLAN

Customer 3 VLAN

VIP

VIP

VIP

Vyatta

FW

Control Point

Basic Yellow

Restr. Yellow

Red

Basic Yellow

Restricted Yellow

• IBM Navigator

• Customer access via 1 or 2 but NOT both.

• IBM Watson Curator

• Customer access via 2 only.

• Traffic isolation is obtained using Vyatta & F5 ACL/Rules

• Storage is on a separated VLAN (traffic goes through the Vyatta)

https:// ecm.ibmnavigator.com

or custom url

Enterprise VPN 10.x.x.x

1

2

us03.navigator.ibmcloud.com

us02.navigator.ibmcloud.com

Management

Restricted Yellow

Storage

Restricted Yellow

VIP

VIP

VIP

F5

Contr

Point

Internet


Service Infrastructure

Vyatta VPN

Termination

F5 LB

(HyperV)

Customer 2

VM 1 VM 2 VM 3 VM 4

Active Dir

Hosts for

DNS

(Windows)

SMTP

Servers

VLAN-M

VLAN.c1

CustomersVLAN.c2

VLAN.c3

Jump Server

Automation

ITCS104

Jump Server /

Deployment /

Monitoring /

Billing /

Qradar

Customer 3

QuantaStor

Vyatta

Firewall

VLAN-S

= Shared Components


Software Components Details

QuantaStor

VM 1

HTTP Server

WAS ND

VM 2

HTTP Server

WAS ND

Navigator Console

Content Navigator / CMIS

(+ Case Manager for Watson Curator)

Content Platform Engine

Cognos

File System Client File System Client

VM 3 VM 4

CSS Search & Index


HA/DR

Sync

TSA

Replication

Sync

TSA

SDS

Master

SDS

Master

DB2

Primary

DB2

Standby

WebSphereDeployment Manager

CSS Search & Index


Application Layer HA enablement

Two Http servers configured for HA

Use WebSphere Application Server Network

Deployment to provide HA environment

• Applications (Navigator Console, ICN, ICM,

CMIS, CPE) configured for high availability

• Cognos (administrative reports) not HA enabled

in Q4 release

VM 1

HTTP Server

WAS ND

VM 2

HTTP Server

WAS ND

Navigator Console

Content Navigator / CMIS

(+ Case Manager for Watson Curator)

Content Platform Engine

Cognos



Database, LDAP, CSS HA enablement

DB2 database setup in HA/DR mode

• One active DB2 instance

• One standby instance

• Instant switch to standby DB2 in case of active

DB2 failure


• Active-Active HA configuration

Content Search Services

• Setup for HA

VM 3 VM 4

CSS Search & Index


HA/DR

Sync

TSA

Replication

Sync

TSA

SDS

Master

SDS

Master

DB2

Primary

DB2

Standby

WebSphereDeployment Manager

CSS Search & Index


Storage Layer HA enablement

High Availability: CPE 5.2.1 Dual Write

• Asynchronous replication

• Two replicas (1 required)

Customer 1

QuantaStor Device 1 with NFS

P8 Primary Replica1

OS 1 OS 2 OS 3


P8 Primary Replica2

OS 1 OS 2 OS 3

Customer 2 Customer 3

QuantaStor


Storage Layer HA enablement (Device Failure)

P8 system can cope with single storage failure

• QuantaStor device #2 fails

All writes to P8 Replica2 fail

P8 Replica1 online

No service disruption

P8 queuing content writes for Replica2

Service operating with storage single point of failure

Customer 1


P8 Primary Replica1

OS 1 OS 2 OS 3


P8 Primary Replica2

OS 1 OS 2 OS 3



Storage Layer HA enablement (Recovery)

Two recovery methods based on device recovery characteristic

Repair device recovery

• Repair device

• P8 writes queued content since failure

• Recovery time measured in hours

Replace device recovery

• Bring new device online

• Rebuild P8 Replica2 manually from Replica1

• Expected recovery time measured in days

Customer 1


P8 Primary Replica1

OS 1 OS 2 OS 3


P8 Primary Replica2

OS 1 OS 2 OS 3



Backup & Disaster Recovery

Daily online-backup

• No downtime during backup

• Backup scripts are running on all customer systems

• Triggers backups for DB2, TDS, WAS. Backups are

stored on QuantaStor

• In addition also creates snapshots for content and

index

Disaster Recovery

• QuantaStor replicates content

• Recovery Point Objective (RPO): 24 hours

• Recovery Time Objective (RTO): 48 hours

Disaster Recovery steps

• Deploy new system with deployment scripts

(like for a new customer)

• Restore data from the DR data

• Restart the service

SoftLayer

Data Center 2

SoftLayer

Data Center 1

QuantaStor

replication for DR

QuantaStor 1

cron triggered script

Create SnapshotsTriggers backups

QuantaStor 2


Course Roadmap

• Product Fundamentals

Product Use/Demonstration

Installation Overview

Configuration Guidelines

Administration Best Practices

• Customization/API Overview

• Best Practices

Course Summary


Course Summary

You have completed this course and can:

Describe IBM Watson Curator and IBM Navigator architecture

Explain the system topology of IBM Watson Curator and IBM Navigator


Contacts

Delivery Manager: Stephen Mason

Development Manager: Dieter Schieber

Support: Floyd Rose and Daryl Rivera

Information Development: Iris Gloeck


Thank You!

02 ibm navigator 4 q14 arch and sys topology pit

Software

Transcript of 02 ibm navigator 4 q14 arch and sys topology pit