IBM Portal Server on AWS

Amazon EC2 Installation guide

1. Overview

This guide will provide step by step instructions how to start using the installed products on your AWS EC2 instance.

This AMI contains a ready-to-run WebSphere Portal Server image at the selected version The image contains the WebSphere Portal Server application deployed into a pre-configured WebSphere Application Server Network Deployment installation. 

By default this application is configured to use the internal default database. You may configure it yourself to use an external database, such as DB2, should you wish to do so. 

In order to use this image, you need to launch it with your selected type, and log in via SSH to change default passwords and manage your WebSphere Portal Server configuration.

Visit the WebSphere Portal Server page on the AWS Marketplace

2. Launching an instance

In order to launch IBM WebSphere Portal Server, a few settings need to be configured on the AWS console as follows. The instructions for launching an instance differ depending on where you launch from. Initially you will launch the instance from the AWS Marketplace.

You can also view the YouTube video which will take you through the launch and configuration steps (The video is done for WebSphere Application Server AMI but the proces of launching WebSphere Portal Server AMI is similar). 

Follow the step-by-step YouTube video to launch and configure your instance (WebSphere Application Server example).

  • Select the IBM WebSphere Product based on your requirements in the AWS Marketplace;
  • Click on the link to go to that versions page in AWS Marketplace;
  • Check the ‘Other Versions ‘ link to see other versions available (you can select the actual version later).
  • Under ‘Pricing Details‘ panel select your Region and either Hourly or Yearly fees.
  • Click on the ‘Continue‘, button to go to the ‘1-Click Launch‘ tab on the configuration page;
  • On the ‘Software Pricing‘ panel choose your instance type and pricing type;
  • On the ‘Version‘ panel, select the fix pack version you require;
  • On the ‘Region‘ panel, select the Region you require;
  • On the ‘EC2 Instance Type‘ panel, choose the instance type. The t2.large type (minimum) or larger is recommended when running IBM WebSphere Portal Server. Note that WebSphere Application Server Network Deployment is also installed on this AMI so  larger instances may be required based on the number of IBM WebSphere application servers, clusters etc required and the expected resource use of each;
  • On the ‘VPC Settings‘ panel Configure the VPC settings to your requirements or leave the defaults;
  • On the ‘Security Group‘ panel, specify the security group. The security group needs to permit to following ports [note that the internal firewall will be configured later to permit only ports used by WebSphere]:
    Port 22 to connect via SSH (enabled by default), 
    All Ports for WebSphere Portal Server communications
     
    • If you don’t already have a security group as above, go to your EC2 Control Panel and select ‘Security Groups‘ under ‘Network & Security
    • Click ‘Create Security Group‘ button
    • To open all ports, Click ‘Add Rule‘.
    • In the ‘Type‘ dropdown, Specify ‘All TCP‘ or your preferred configuration.
    • In the ‘Source‘ dropdown, Specify ‘Anywhere‘ or your preferred configuration.
  • On the ‘Key Pair‘ panel, select a key pair to use. You will need this key later to connect to the instance.
  • Scroll back to the top of the page and click ‘Accept Software Terms and Launch with 1-Click‘.
  • The Instance will be Launched.
  1. Select the IBM WebSphere Portal Server AMI based on your requirements;
  2. Right click on the AMI, or from the drop down menu, choose the ‘Launch’ option;
  3. On the ‘Choose Instance Type‘ tab, choose the instance type. The t2.large type (minimum) or larger is recommended when running IBM WebSphere Portal Server. Note that WebSphere Application Server Network Deployment Edition is also installed on this AMI so larger instances may be required based on the number of IBM WebSphere application servers, clusters etc required and the expected resource use of each; 
  4. Click ‘Next: Configure Instance Details‘.
  5. On the ‘Configure Instance‘ tab Configure the instance to your requirements or leave the defaults. Click ‘Next: Add Storage‘.
  6. On the ‘Add Storage‘ tab, add additional storage as required or leave as default. Click ‘Next: Tag Instance‘.
  7. On the ‘Tag Instance‘ tab, Tag your instance with a suitable name. Click ‘Next: Configure Security Group'.
  8. On the ‘Configure Security Group‘ tab, specify the security group. The security group needs to permit to following ports:
    Port 22 to connect via SSH (enabled by default), 
    All Ports for WebSphere Portal Server communications
     
    • To open all ports, Click ‘Add Rule‘.
    • In the ‘Type‘ dropdown, Specify ‘All TCP‘ or your preferred configuration.
    • In the ‘Source‘ dropdown, Specify ‘Anywhere‘ or your preferred configuration.
  9. Click ‘Review and Launch‘.
  10. Review settings, then click ‘Launch‘.
  11. Add your key pair, Check the ‘Acknowledge key file access’ checkbox and click ‘Launch Instance‘.

3. Initial login and setup

The ‘default’ startup configuration is to have websphere portal server profile created.

WebSphere_Portal server  will be started on the first and subsequent launches.

If you don’t want to perform any bespoke configuration, skip this section and move on to section 4, “Accessing the Web Consoles”.

Note: If you log in straight after the instance is launched WebSphere Portal Server with default configuration may not have finished starting up so you need to wait at least 15 minutes (it can take up to 40 minutes on minimum required t2.large instance) and then use credentials from section 4 to log in.

Note: In the default configuration, portal server profile is configured using ‘localhost‘. This means it will work without the need to use elastic IP addresses.

The IBM Portal Server  products are shipped with a base binary installation and a ‘default’ configuration of wp_profile and  WebSphere_Portal server already created.

Bespoke configuration gives you an opportunity to change the default password for WebSphere Portal Server web console.

On the first login via SSH to the instance, you will be placed into a console wizard, which will guide you through the process of changing the default passwords for WebSphere Portal web console . The following is an overview of the steps you will be guided through to get started with the installed products on the instance.

Once the instance has started up (you can see it by having ” 2/2 checks passed ” in EC2 console).

  1. Log onto the instance from the EC2 console or via SSH as the ‘midvision’ user, using the key you selected above.  For example:
    • From the EC2 console by clicking  the “Connect to your instance” button with username “midvision” , using the previously (instance launch-time) selected .pem keyfile.
    • Via SSH from your desktop, for example
      ssh -i ./MidVisionUSMC.pem midvision@ec2-52-87-198-23.compute-1.amazonaws.com
  2. You should see the MidVision banner and then you are placed in a setup wizard.
    Welcome to                                                                                                                                             
    
     __  __ _     ___     ___     _                    ____ _                 _
    |  \/  (_) __| \ \   / (_)___(_) ___  _ __        / ___| | ___  _   _  __| |
    | |\/| | |/ _` |\ \ / /| / __| |/ _ \| '_ \ _____| |   | |/ _ \| | | |/ _` |
    | |  | | | (_| | \ V / | \__ \ | (_) | | | |_____| |___| | (_) | |_| | (_| |
    |_|  |_|_|\__,_|  \_/  |_|___/_|\___/|_| |_|      \____|_|\___/ \__,_|\__,_|
    
                                                           A MidVision Service
    
            * WebSite: https://www.midvisioncloud.com/product-category/amazon-web-services-marketplace
            * Support: http://support.midvision.com/redmine/projects/devtestcloud
            * Forum:   https://midvisioncloud.com/community/      
    
    
    Welcome, this is MidVisionCloud IBM Portal Server image first run configuration
    
    Note that you can rerun this configuration wizard again by executing /home/midvision/firstrunsetup.sh script
    
    Configuration steps
    1. Set IBM PortalServer admin user password
    2. Set WebSphere Application Server admin user password
    3. Set RapidDeploy framework initial password
    4. Open ports on RHEL firewall
    Your Portal Server web console is available on : http://ec2-174-129-124-220.compute-1.amazonaws.com:10039/wps/myportal
    The password for 'wpsadmin' user is set to : i-098283f7593f3ccb7
    Would you like to change it now ? [yes/no]
  3. Type ‘yes’ if you want to change your default password and hit [return]. Initial script firstly stops and then starts default profile
    Configuring password for Portal Server 'wpsadmin' user
    Set password for Portal Server user 'wpsadmin'. Submit blank for default value of the instance id: i-0ed63e8d762e99f2d
    Make sure your password is at least 6 characters long
    
    Confirm password
    
    Setting PortalServer password for user wpsadmin...
    ADMU0116I: Tool information is being logged in file
             /opt/IBM/WebSphere/wp_profile/logs/WebSphere_Portal/stopServer.log
    ADMU0128I: Starting tool with the wp_profile profile
    ADMU3100I: Reading configuration for server: WebSphere_Portal
    ADMU3201I: Server stop request issued. Waiting for stop status.
    ADMU4000I: Server WebSphere_Portal stop completed.
    
    ADMU0116I: Tool information is being logged in file
            /opt/IBM/WebSphere/wp_profile/logs/WebSphere_Portal/startServer.log
    ADMU0128I: Starting tool with the wp_profile profile
    ADMU3100I: Reading configuration for server: WebSphere_Portal
    ADMU3200I: Server launched. Waiting for initialization status.
    ADMU3000I: Server WebSphere_Portal open for e-business; process id is 13715
    PortalServer password successfully set
  4. You will be asked whether you want to change WebSphere Application Server password
    WebSphere Application Server web console is available on : https://ec2-54-89-40-190.compute-1.amazonaws.com:10203/ibm/console
    The password for 'cwadmin' user is set to : i-0bc040119936bbd47
    Would you like to change it now? [yes/no]?
    
  5. Type ‘yes’ if you want to change your default password and hit [return]. Initial script firstly stops and then starts default profile
    Configuring password for WebSphere Application Server 'cwadmin' user
    Set password for WebSphere Application Server user 'cwadmin'. Submit blank for default value of the instance id: i-0bc040119936bbd47
    Make sure your password is at least 6 characters long
    
    Confirm password
    
    Setting WAS Server password for user cwadmin...
    ADMU0116I: Tool information is being logged in file
            /opt/IBM/WebSphere/AppServer/profiles/cw_profile/logs/server1/stopServer.log
    ADMU0128I: Starting tool with the cw_profile profile
    ADMU3100I: Reading configuration for server: server1
    ADMU3201I: Server stop request issued. Waiting for stop status.
    ADMU4000I: Server server1 stop completed.
    
    ADMU0116I: Tool information is being logged in file
            /opt/IBM/WebSphere/AppServer/profiles/cw_profile/logs/server1/startServer.log
    ADMU0128I: Starting tool with the cw_profile profile
    ADMU3100I: Reading configuration for server: server1
    ADMU3200I: Server launched. Waiting for initialization status.
    ADMU3000I: Server server1 open for e-business; process id is 12976
    WebSphere Application Server password successfully set
  6. Set initial password for RapidDeploy user ‘mvadmin‘. Hit [return] to accept the default of the instance id.
    Configuring password for RapidDeploy default user 'mvadmin'
    Set password for user 'mvadmin'. Submit blank for default value of the instance id: i-380002a3
  7. Open required firewall ports on Red Hat Linux firewall. Select ‘y’ and hit [return].
    Open firewall ports for RapidDeploy (port 9090), PortalServer (port 10039) and WebSphere Application Server (port 10203) [y/n]?
    y
    Opening default web UI ports for RapidDeploy, PortalServer and WebSphere Application Server
    Open firewall port 9090
    iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
    Open firewall port 10039
    iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
    Open firewall port 10203
    iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
    
  8. You should see ports list of ports being opened. Type ‘exit’ to leave this section and the wizard. The correct URLs to access the WebSphere server are displayed.
    Configuration finished, you may now start using PortalSever (port 10039), WebSphere Application Server (port 10203) and RapidDeploy (9090) service. 
    
    PortalServer: http://ec2-174-129-124-220.compute-1.amazonaws.com:10039/wps/myportal
    WebSphere Application Server: https://ec2-54-89-40-190.compute-1.amazonaws.com:10203/ibm/console
    RapidDeploy: ec2-174-129-124-220.compute-1.amazonaws.com:9090/MidVision
  9. You can log in to PortalServer console with the username and password you set previously, in our case using the default answers this will be ‘wpsadmin‘ using ‘wpsadmin‘ as password.

4. Accessing the Command Line & Web Consoles

4.1 Access the IBM WebSphere Portal Server Admin Console

You should now be able to access the WebSphere PortalServer, at the URL specified below.

http://[publicip]:10039/wps/myportal
You can log in to WebSphere console as “wpsadmin” using your ‘[instance-id]‘ as password.

You should now be able to access the WebSphere Portal admin console, at the URL specified below.

http://[publicip]:10039/wps/myportal
You can log in to Portal Server console with the credentials you chose in the wizard.
 
If you accepted the default answers in the setup wizard, the credentials will be:
and the Username/Password is ‘wpsadmin‘/’[instance-id]

4.2 Access the IBM WebSphere Application Server Admin Console

You should now be able to access the WebSphere Application Server, at the URL specified below.

https://[publicip]:10203/ibm/console
You can log in to WebSphere console as “cwadmin” using your ‘[instance-id]‘ as password.

You should now be able to access the WebSphere Application Server admin console, at the URL specified below.

https://[publicip]:10203/ibm/console
You can log in to WebSphere Application Server console with the credentials you chose in the wizard.
 
If you accepted the default answers in the setup wizard, the credentials will be:
and the Username/Password is ‘cwadmin‘/’[instance-id]

4.3 Access the RapidDeploy Web Console

RapidDeploy server and agent will start up automatically when you start your instance. You can access the web console on:

http://[publicip]:9090/MidVision

Note: make sure you have port 9090 open in your Security group when trying to access RapidDeploy web console. For the first time, you can set the password for the default username ” mvadmin “. You can prevent auto starting RapidDeploy on instance startup by removing it from the system chkconfig list.

[midvision@ ] systemctl disable rapiddeploystart.service
 

5. Maintaining the installation

The following sections cover some of the activities you might want to perform after the instance has been started.
  • midvision: This is the default user, which you can log in as. It is permitted to use all SUDO rights. To switch to the root user, type “sudo su“.
  • root:      This is the superuser in linux systems. You can log in as any other user without using passwords. E.g: “su ec2-user“, “su midvision
  • ec2-user:  This user does not have SUDO rights. If you want to switch back to root user, type “exit“, this will take you back to the previous user session.

The IBM WebSphere Portal Server Admin Console is initially configured so that you can log in to Portal Server console as “wpsadmin” using your ‘[instance-id]‘ as password.

You can further configure WebSphere security in the normal way according to your requirements. However you should pay attention to some AWS specifics covered on this page.

You can re-run the first run setup wizard at any time by issuing the following command:

sudo /home/midvision/firstrunsetup.sh

RHEL instances are shipped with a firewall by default to protect your machine. For security reasons, the instance is only accessible via SSH (port 22) at first, so further ports can be opened on the firewall as needed. You will need to open all the ports in this internal firewall, which you have open in your Security group. There is a script placed in the user home of midvision (/home/midvision), which is also the starting location when logged in. You will need to be the root user to run this script. Example usage:

[midvision@ ] sudo ./open-firewall.sh 9090
Open firewall port 9090 iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
 

There are a few scripts and other files in midvision and root users home directory, which will need to remain unchanged in order to keep the provided scripts working. Files are placed under /root/ are required to change the password of IBM WebSphere profiles.
To change WebSphere ND profile password use

sudo expect /root/changeAppServerPassword.exp newPassword

To change WebSphere Portal WebConsole wpsadmin password use

sudo expect /root/changePortalServerPassword.exp newPassword

There are a set of scripts in midvision home directory. Those scripts are executed when logging into the instance controlled by .bash_profile, but you can also execute them manually whenever they are needed. There are some hidden files used as well,

.firstrun indicates that the setup wizard has already ran once,

.dontask indicates that the user will not be prompted again for running the setuphost script (if chosen not to ask again),

To restart RapidDeploy manually from the filesystem, use the rapiddeploy linux service. The RapidDeploy version is 5.0.5. RapidDeploy home is located at /var/rd/midvision Example usage:

[midvision@ ] sudo service rapiddeploystart start 
[midvision@ ] sudo service rapiddeploystart stop

The RapidDeploy server uses an in-memory database, so your RapidDeploy framework needs to be shut down properly to save your work. This happens when the instance is stopping or when calling the stop service manually from the command line. Note that on instance restart, unsaved data will be lost.

For security reasons, you will need to change the default password (default value is ‘[instance-id]‘) for user mvadmin. This will be requested the first time only when you log in to the RapidDeploy server.

6. Troubleshooting

6.1 Session loss during setup

If you lose your SSH connection to the target instance during the first run setup script execution (e.g. as a result of a network problem), we advise you to delete and recreate the EC2 instance and run the script again.

6.2 Cannot access the IBM WebSphere admin console (ISC)

Check that  the default server is running, and you have correctly opened all the required ports on the firewall, and that your instance was created using a security group definition that allows TCP access to the instance on the required ports.

6.3 Contacting MidVision support

Please visit our support website.