+

Search Tips   |   Advanced Search

Blocking external users' access to CCM

Special considerations for external users access the Connections Content Manager deployment.


Filenet APIs that must be blocked

The CCM administrator must ensure that all FileNet APIs are blocked from access by external users. This includes the HTTP, EJB, and connector entry points to the FileNetEngine and fncs applications. If Connections Content Manager is used in the deployment and external user access is enabled:

  1. The URL to FileNet Collaboration Services (by default /dm/*) must be blocked from external users on both the HTTP server (port 80, port 443) and application server (port 9080, port 9443).

  2. The URL to FileNet Content Engine web APIs must be blocked from external users on both the HTTP server (port 80, port 443) and application server (port 9080, port 9443). Default Context Roots: FileNet, clientDownload, P8CE, wsi, acce, pewsi, peengine, and ibmcepo.

  3. The port(s) to FileNet Content Engine EJB/IIOP APIs must be blocked from external users.

  4. The FileNet P8 Connector must be blocked from external users.

  5. To find the context roots, locate the fncs application in the WAS administrative console.

    1. Click the Context Root For WebModules link and make note of Context Root.

    2. Perform the same step for the FileNetEngine application (there will be multiple contexts in the FileNetEngine). The default ports for the FileNet Content Engine EJB/IIOP (2809) are listed in the FileNet P8 Knowledge Center.

    3. Find the BOOTSTRAP_ADDRESS on the Ports page of the server in the administrative console.

    4. We can block external users by setting rules in a security proxy such as Tivoli Access Manager.

    5. If needed, lock external users by giving them access only to a separate HTTP server that lacks a mapping for the Library or FileNet Collaboration Services and other FileNet entry points.

    6. Test the block by browsing to the FileNet Collaboration Services URL (for instance, http://myco.com/dm/) from the network used by the external users. This network can be a VPN for the visitors or just the public internet.

    7. Repeat for all blocked services and context roots.


Parent topic:
Configure IBM Connections Content Manager for Libraries