ALLE-10619-10649 LMeLinux InstallUpgrade Review

T
AF
Rocket Aldon Lifecycle Manager

(Enterprise Edition)
Installation and Upgrade Guide for Linux
Servers
DR
Version 6.5
September 2016
LMEX-65-IUG-IU-01
Notices
Edition
Publication date: September 2016
Book number: LMEX-65-IUG-IU-01
Product version: Version 6.5
Copyright
Rocket Software, Inc. or its affiliates 1998-2016. All Rights Reserved.
Trademarks
Rocket is a registered trademark of Rocket Software, Inc. For a list of Rocket registered trademarks go
to: www.rocketsoftware.com/about/legal. All other products or services mentioned in this document
may be covered by the trademarks, service marks, or product names of their respective owners.
Examples
This information might contain examples of data and reports. The examples include the names of
individuals, companies, brands, and products. All of these names are fictitious and any similarity to
the names and addresses used by an actual business enterprise is entirely coincidental.
License agreement
This software and the associated documentation are proprietary and confidential to Rocket Software,
Inc. or its affiliates, are furnished under license, and may be used and copied only in accordance with
the terms of such license.
Note: This product may contain encryption technology. Many countries prohibit or restrict the
use, import, or export of encryption technologies, and current use, import, and export regulations
should be followed when exporting this product.
Corporate information
Rocket Software, Inc. develops enterprise infrastructure products in four key areas: storage, networks,
and compliance; database servers and tools; business information and analytics; and application
development, integration, and modernization.
Website: www.rocketsoftware.com
Rocket Global Headquarters
77 4th Avenue, Suite 100
Waltham, MA 02451-1468
USA
To contact Rocket Software by telephone for any reason, including obtaining pre-sales information
and technical support, use one of the following telephone numbers.
Country
Toll-free telephone number
United States
1-855-577-4323
Australia
1-800-823-405
Belgium
0800-266-65
Canada
1-855-577-4323
China
800-720-1170
France
08-05-08-05-62
Germany
0800-180-0882
Italy
800-878-295
Japan
0800-170-5464
Netherlands
0-800-022-2961
New Zealand
0800-003210
South Africa
0-800-980-818
United Kingdom
0800-520-0439
Contacting Technical Support

The Rocket Customer Portal is the primary method of obtaining support. If you have current support
and maintenance agreements with Rocket Software, you can access the Rocket Customer Portal and
report a problem, download an update, or read answers to FAQs. To log in to the Rocket Customer
Portal or to request a Rocket Customer Portal account, go to www.rocketsoftware.com/support.
In addition to using the Rocket Customer Portal to obtain support, you can use one of the telephone
numbers that are listed above or send an email to support@rocketsoftware.com.
Contents
Notices................................................................................................................................................................................... 2
Corporate information......................................................................................................................................................... 3
Whats new in release 6.5?...................................................................................................................................................6
Chapter 1: Overview............................................................................................................................................................. 7
System requirements............................................................................................................................................... 8
Downloading the installation programs............................................................................................................... 11
Documentation....................................................................................................................................................... 12
Chapter 2: Server installation............................................................................................................................................ 14
Server installation prerequisites........................................................................................................................... 14
Configuring a connection to the LM(i) computer................................................................................................. 15
Installing LM(e)........................................................................................................................................................17
Logging into Security Server..................................................................................................................................18
Applying the license key and feature codes......................................................................................................... 19
Creating the LM(e) administrator.......................................................................................................................... 21
Changing the default passwords...........................................................................................................................22
Changing the DB2 passwords.................................................................................................................... 22
Changing Security Server passwords........................................................................................................22
Changing the Apache Tomcat administrator password.......................................................................... 23
Starting and stopping servers............................................................................................................................... 23
Post-installation administration............................................................................................................................24
Checking server status............................................................................................................................... 25
Setting Load Inventory directory permissions......................................................................................... 25
Running a database integrity report.........................................................................................................25
Checking for active LM(e) users.................................................................................................................26
Restarting an installation...........................................................................................................................27
Chapter 3: Client installation.............................................................................................................................................28
Installing the LM(e) client on Microsoft Windows................................................................................................ 28
Installing the LM(e) client on Microsoft Windows.................................................................................... 29
Creating an LM(e) server definition...........................................................................................................29
Editing the firewall exceptions list............................................................................................................ 30
Configuring the LM(e) command line interface on Microsoft Windows.................................................. 31
Enabling the LM(e) Extension for Windows Explorer............................................................................... 32
Defining the working environment to LM(e).................................................................................33
Installing the LM(e) client on Linux, UNIX, or Mac............................................................................................... 34
Installing the LM(e) client on Linux, UNIX, or Mac....................................................................................34
Adding the command line executable program to the PATH environment variable..............................36
Configuring multiple LM(e) users on a shared client computer.......................................................................... 37
Chapter 4: Deployment installation.................................................................................................................................. 38
Installing remote Deployment servers.................................................................................................................. 38
Configuring Deployment servers........................................................................................................................... 40
Providing Deployment client information............................................................................................................ 41
Installing Deployment clients................................................................................................................................ 41
Defining Deployment target computers................................................................................................... 42
Installing Deployment clients on Windows.............................................................................................. 42
Installing the LM(e) Deployment client on Microsoft Windows................................................... 43
Configuring the Deployment client on Microsoft Windows......................................................... 43
Starting and stopping the Deployment client on Microsoft Windows.........................................46
Running the Deployment client program as a Windows service................................................. 47
Increasing memory for the deployment service...........................................................................48
Contents
Fixing Deployment client Java errors on Windows...................................................................... 49

Installing Deployment clients on IBM i..................................................................................................... 49
Installing the Deployment client on IBM i.................................................................................... 50
Configuring the Deployment client on IBM i.................................................................................51
Starting and stopping the Deployment client on IBM i................................................................55
Installing Deployment clients on Linux, UNIX, and Mac.......................................................................... 56
Installing Deployment clients on single Linux, UNIX, or Mac computers.................................... 57
Installing Deployment clients on multiple Linux or UNIX computers......................................... 59
Preparing a parameter file for multiple Deployment client installations................................... 60
Creating a package for multiple Deployment client installations............................................... 61
Sending the Deployment client package to multiple client computers......................................61
Extracting and installing the Deployment client package........................................................... 62
Starting and stopping Deployment clients on Linux, UNIX, or Mac computers.......................... 63
Starting and stopping Deployment clients on Linux or UNIX computers................................... 63
Starting and stopping Deployment clients on Mac computers................................................... 64
Configuring Deployment client-server connections on Mac computers..................................... 65
Registering external Deployment clients.............................................................................................................. 66
Chapter 5: SSL encryption................................................................................................................................................. 70
Configuring Security Server encryption................................................................................................................ 70
Configuring LM(e) server encryption..................................................................................................................... 73
Configuring SSL on the LM(e) server.........................................................................................................73
Configuring SSL on a client for Microsoft Windows................................................................................. 75
Configuring SSL on a command-line client on Linux, UNIX, or Mac OS X............................................... 75
Configuring Web Portal encryption.......................................................................................................................76
Configuring secure connections between browsers and LM Web Portal................................................77
Configuring secure connections between LM Web Portal and the LM(e) server.....................................78
Configuring deployment encryption..................................................................................................................... 79
Requesting an SSL keystore file................................................................................................................ 79
Enabling secure connections on the Deployment server........................................................................ 80
Configuring secure connections for the Deployment client on Windows............................................... 82
Configuring secure connections for the Deployment client on IBM i...................................................... 82
Configuring secure connections for Deployment clients on Linux, UNIX, or Mac OS X...........................84
Configuring secure connections for multiple Deployment client installations...................................... 86
Chapter 6: Upgrade............................................................................................................................................................ 89
Upgrading a remote DB2 server............................................................................................................................ 89
Upgrading a remote LM(e) server..........................................................................................................................91
Upgrading remote Deployment servers................................................................................................................92
Upgrading LM(e) clients......................................................................................................................................... 93
Upgrading the LM(e) Client for Microsoft Windows................................................................................. 93
Upgrading the LM(e) client on Linux or UNIX........................................................................................... 94
Upgrading Deployment clients.............................................................................................................................. 95
Chapter 7: Uninstall............................................................................................................................................................96
Uninstalling the server components..................................................................................................................... 96
Uninstalling the LM(e) clients from Linux, UNIX, or Mac OS X computers.......................................................... 96
Uninstalling the LM(e) clients from Microsoft Windows computers................................................................... 97
Appendix A: Installation defaults.......................................................................................................................................99
Whats new in release 6.5?

This release includes the following changes and enhancements:
Deployment clients are automatically updated when you upgrade
LM(e) version 6.4A deployment clients are automatically upgraded when you upgrade the
Deployment Manager Server.
jasone: What about the upgrade path for pre-64A deployment clients, for example 6.3B->6.5?
Discussion with Vani, who said that this is an open question and we'll have to answer it for 6.5.
Chapter 1: Overview
Install server components on a Linux server. The server components include IBM DB2, Security Server,
and LM(e) server (which includes platform-appropriate Deployment Manager Server (DM) server and
client).
If your company also uses LM(i) to manage IBM i-based application software, you can then configure
the LM(e) server to communicate with the LM(i) server.
Install the development client on Microsoft Windows, Linux, UNIX, or Mac computers. The LM(e) client
for Microsoft Windows includes a graphical interface to the LM(e) server. On all operating systems, the
development client includes a command line interface to the LM(e) server.
You can ensure secure connections by configuring SSL between browsers and the Security Server;
between the LM(e) server and the Security Server; between the LM(e) server and the clients; and
between the DM server and Deployment clients.
Use of deployment features is optional. After the DM server is configured and started on the LM(e)
server, and the appropriate Deployment client is installed and started on the intended recipient
computers in your network, you can configure any LM(e) application to deploy changes. Deploy
changes on a case-by-case (ad hoc) basis, or when parts are promoted. Install the Deployment client
on Microsoft Windows, Linux, Unix, or other computers in your network where you want software
changes to be received and installed.
Optionally install Lifecycle Manager Web Portal to promote and deploy software changes, Rocket
Aldon Report Manager to generate software process reports, and Rocket Aldon Community Manager
to track projects and issues.
Chapter 1: Overview
System requirements
You must meet the hardware and software requirements for all LM(e)-related components.
IBM DB2, Security Server, Deployment server, and LM(e) server on Linux
An LM(e) installation can include IBM DB2 Express version 10.5.0.3, Security Server version 2.3B, LM(e)
DM Plus 2.0 Deployment server, and LM(e) version 6.5. These requirements also apply to installations
of a remote Deployment server on its own computer.
Hardware
An internet connection to install Red Hat Network or CentOS packages if necessary.
A dual, Intel-compatible, multi-core, 64bit CPU with a speed of 2.2 GHz or faster.
6 GB memory, or more if you expect to manage large graphics or stream files.
Logical Volume Manager
For the initial installation, one of the following options:

A single file system configuration with 260 GB of space (plus a small /boot file system).
A multiple file system configuration with the following disk space requirements (in
gigabytes, unless otherwise specified):
Directory
For initial installation
/home
200G
/opt
/var
/tmp
The actual size requirement of the /home directory

might be different, depending on the number of users
that are defined on the system, the number and size
of the files that those users create, and the size of the
database in /home/aldondbi.
20G
20G
20G
Note: For ongoing operations, exact space requirements depend on your data.
Software
One of the following Linux distributions. Do not customize the installation configurations or
remove packages from them:
Red Hat Enterprise Linux version 6.6 and above, and version 7.2 and above. Use either the
Basic Configuration or the Desktop configuration. The computer must subscribe to the
Red Hat Network. The installation program checks for required packages, and if it does
not find them it installs them from the Red Hat Network using the Internet.
CentOS version 6.6 and above, and version 7.2 and above. Use either the Basic
Configuration or the Desktop configuration.
OpenSSL version 0.9.8. If the required version of OpenSSL is not found on the computer
at installation time, the installation program downloads and installs the required version.
For Red Hat computers to receive the required version, they must subscribe to the Red Hat
Network.
If you will use LM(e) to manage LM(i) objects, you must install IBM i Access Client Solutions
version 1.1.0.3 or higher on the LM(e) server. IBM i Access Client Solutions includes the ODBC
System requirements
driver required to communicate with the IBM i computer that hosts LM(i). Instructions for
installing IBM i Access Client Solutions are provided in this documentation.
If you will configure SSL between the Deployment server and Deployment clients, you must
install the java-1.7.0-openjdk package from Red Hat or CentOS. The java-1.7.0-openjdk
package provides the keytool program required to create SSL certificates that are compatible
with Deployment clients.
LM(e) client for Microsoft Windows

Hardware
40 MB of available disk space
A TCP/IP network connection to the same LAN as the server that hosts the LM(e) server.
Software
A computer that runs Windows 7, Windows 8, or Windows 10 and one of the following browsers:
Microsoft Internet Explorer, Version 8.0 or later
Mozilla Firefox, Version 3.6 or later
LM(e) client for Linux or UNIX

Hardware
A computer running a supported version of Linux or UNIX (see software requirements)
A connection to the same local area network as the system that hosts the LM(e) server
An internet connection, for downloading the installation file
Approximate available disk space:
Linux: 40 MB
AIX: 250 MB
Solaris: 140 MB
Software
For Linux:
RedHat Enterprise Linux or CentOS Linux, version 5.x, 6.x, or 7.x, 32-bit or 64-bit
OpenSSL version 0.9.8. If the required version of OpenSSL is not found on the computer at
installation time, the installation program downloads and installs the required version. To
receive the required version, Red Hat computers must subscribe to the Red Hat Network.
OpenSSL is installed without pre-conditions on CentOS computers.
For UNIX:
IBM AIX 6.1 or Oracle Solaris 10 (SunOS 5.10).
You must install OpenSSL version 0.9.8 on AIX, and version 0.9.7 on Solaris.
LM(e) client for Mac

Hardware
A TCP/IP connection to the LM(e) server
Approximately 40 MB of available disk space
Software
Mac OS X 10.10 Yosemite or higher operating system
Chapter 1: Overview
Remote Deployment servers

You install remote Deployment servers on their own computers inside or outside of the LM(e) server
network. Remote Deployment servers have the same hardware and software system requirements as
the LM(e) server.
Deployment clients
Install the appropriate deployment client on any computer in your network that is a deployment
target that will receive software updates from the LM(e) server.
Hardware
A TCP/IP connection to the same network as the computer that hosts the LM(e) server.
Approximately 50 MB of available disk space, plus space for deployments.
Software
One of the following operating systems:
Windows Server 2000, Windows Server 2008, Windows 7, Windows 8, or Windows 10
Red Hat Enterprise Linux, Version 5.x or 6.x, or CentOS Version 5.x or 6.x. Red Hat Linux must
be configured to receive Red Hat updates.
IBM AIX, Versions 5.3, 6.1, or 7.1, with Java Version 7 (1.7) installed.
Oracle Solaris 10 (SunOS 5.10), with Java Version 7 (1.7) installed and the SUNWscpu package
installed.
Mac OS X 10.10 Yosemite or higher operating system
IBM i, Version 6.1, 7.1, or 7.2. with an appropriate IBM Developer Kit for Java licensed program
installed for the operating system version. Java 7 is recommended for optimal support of
deployment and automatic client update. Supported versions are:
For IBM i 6.1: Licensed program 5761JV1, option *BASE, plus option 11, with PTF Group
SF99562 Level 16 or higher applied. (Java 6, 32-bit)
For IBM i 7.1, one of the following must be installed:

Licensed program 5761JV1, option *BASE, plus option 11, with PTF Group SF99572
Level 6 or higher applied (Java 6, 32-bit)
Licensed program 5761JV1, option *BASE, plus option 14 (Java 7, 32bit)
For IBM i 7.2, one of the following must be installed:
Licensed program 5770JV1, option *BASE, plus option 11 (Java 6, 32-bit)
Licensed program 5770JV1, option *BASE, plus option 14 (Java 7, 32-bit)
Red Hat and CentOS requirements

The following RedHat Linux Standards Base (LSB) and Java packages are required to install the
Deployment client:
redhat-lsb (Red Hat or CentOS Version 5.x)
redhat-lsb-core (Red Hat or CentOS Version 6.x)
java-1.7.0-openjdk RPM package from your Linux distribution (recommended), or Java 1.7 or
higher JDK or JRE (Red Hat or CentOS Version 5.x or 6.x)
If the computer on which you install the Deployment client has Internet access, the installation
program installs the required programs automatically. If the computer does not have Internet
access, you must install the LSB package appropriate to your operating system, and install
the recommended Java package (java-1.7.0-openjdk RPM) or a compatible JDK or JRE (1.7 or
higher). If you install a Java version other than the java-1.7.0-openjdk RPM, you must include
10
Downloading the installation programs
the --dcjava flag in the installation command with the path to the JDK or JRE binary. For
example:
./install --lmd --dcjava /opt/jre1.7.0_71/bin/java
Solaris and AIX requirements

On Solaris and AIX computers, if a compatible Java binary (1.7 or higher) is in root's PATH
variable, no further Java installation is necessary. If the binary path is not in root's PATH variable
(possibly because root must use an earlier version of Java for other tasks), then you must
provide the binary path using the --dcjava option to the command that starts the installation
program.
On Solaris, the SUNWscpu package must be installed. For information on installing the package,
contact your Solaris system administrator.
Mac OS X requirements
Java Development Kit (JDK) version 1.7 or higher. For information on installing the JDK, see your
system administrator.
Lifecycle Manager Team Repository Plug-ins

Refer to the Rocket Aldon Lifecycle Manager Team Repository Plug-ins Installation Guide for system
requirements and installation instructions.
Lifecycle Manager Web Portal

Refer to the Rocket Aldon Lifecycle Manager Web Portal Installation and Maintenance Guide for system
requirements and installation instructions.
Report Manager
Refer to the Rocket Aldon Report Manager Installation Guide for system requirements and installation
instructions.
Community Manager
Refer to the Rocket Aldon Community Manager Installation and Upgrade Guide for system requirements
and installation instructions.
Downloading the installation programs

Before you install or upgrade, download the appropriate installation programs from the Rocket
Customer Portal.
You must have the credentials for a registered Rocket Customer Portal user. If you need credentials,
register at http://www.rocketsoftware.com/support.
1.
2.
3.
4.
Open a web browser and go to http://www.rocketsoftware.com/support. Log in to the Rocket

Customer Portal and click My Software Downloads.
On the Downloads page, click Aldon Lifecycle Manager Enterprise.
Locate the following line item that applies to your environment and click the ID:
LM(e) v6.4A for Red Hat Enterprise Linux & DB2 Express, version 6.6 64bit
Download items from the following list that apply to your customer agreement:
11
Chapter 1: Overview
Item Description
File type
LM(e) version 6.4A and Security Server version

2.3B for Red Hat Enterprise Linux or CentOS
version 5.11 or 6.6 64-bit with DB2 Express
zip
LM(e) version 6.4A Windows Client and

Windows Deployment Client
zip
Linux Command Line Client, Deployment

Client and Web Portal*
tgz
AIX Command Line Client, Deployment Client*
tgz
Solaris Command Line Client, Deployment

Client*
tgz
Mac OS X Command Line client, Deployment

Client*
tgz
Documentation
pdf
Download only if you are installing or upgrading clients on computers with these operating
systems.
5.
Store the downloaded files in a network location that is accessible to the computers on which you
plan to install or upgrade.
Documentation
These documents provide information about Lifecycle Manager and other Rocket Aldon products.
All Rocket Aldon product documentation is available in the Rocket Documentation Library on the
public documentation web site (http://docs.rocketsoftware.com); the Installation and Upgrade Guide
is also available on the Rocket Customer Portal website (http://www.rocketsoftware.com/support).
These documents explain how to use LM(e):
Rocket Aldon Lifecycle Manager (Enterprise Edition) LMCS Configuration Editor Quick Start Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Setup and Special Topics User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Deployment Administration User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Introduction and Overview User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) How Do I...? User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Extension for Microsoft Windows Explorer
Rocket Aldon Lifecycle Manager (Enterprise Edition) Subversion Integration Administrator's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Security Server User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Installation and Upgrade Guide for Linux Servers
Rocket Aldon Lifecycle Manager (Enterprise Edition) online help system
These documents explain how to install LM Web Portal:
Rocket Aldon Lifecycle Manager Web Portal Installation and Maintenance Guide
These documents explain how to use LM(i):
12
Documentation
Rocket Aldon Lifecycle Manager (IBM i Edition) User's Guide
Rocket Aldon Lifecycle Manager (IBM i Edition) Daily Operations Reference
These documents explain how to install and use Report Manager:
Rocket Aldon Report Manager Installation Guide
Rocket Aldon Report Manager Users Guide
Rocket Aldon Report Manager online help system
These documents explain how to install and use the Lifecycle Manager Team Repository Eclipse Plugins:
Rocket Aldon Lifecycle Manager Team Repository Plug-ins Installation Guide
Rocket Aldon Lifecycle Manager Team Repository Plug-ins User's Guide
Rocket Aldon Lifecycle Manager Team Repository Plug-ins online help system
These documents explain how to install, administer, and use Community Manager:
Rocket Aldon Community Manager Installation and Upgrade Guide
Rocket Aldon Community Manager Administration Guide
Rocket Aldon Community Manager online help system
13
Chapter 2: Server installation

When you install LM(e), you also install IBM DB2 Express and Security Server. IBM DB2 Express stores
LM(e) data. You use Security Server for managing users and permissions and the product validation
and feature codes.
Server installation prerequisites

Meet all of the following requirements before installing the server:
Confirm that the Linux server is using the correct values for your location for the date, time, and
coordinated universal time offset. LM(e) uses these values to compute time and date values for
display on client computers.
Confirm that you have the Validations sheet that shows your company name, license key
information, and feature codes. If you do not have this information, contact your system
administrator or your Rocket Aldon sales representative.
Verify that IBM DB2 is not already installed on the computer where you plan to install LM(e). If IBM
DB2 is on this computer, remove it before you install LM(e).
LM(e) is not supported on systems running Security-Enhanced Linux (SELinux). Before beginning
the installation process, run the following command to determine whether SELinux is turned on:
sestatus
Then take one of the following steps:

1.
2.
If the command returns a value of disabled on the results line labeled SELinux status,
then SELinux is not running.
If the command returns a value of enabled on the results line labeled SELinux status,
then you must disable SELinux before proceeding. To disable SELinux, open the /etc/
sysconfig/selinux file in an editor and change the value of the SELINUX setting to
disabled. Then save the file and reboot the computer.
Shut off the iptables firewall if it is running:

1.
To show the settings for both tables, enter the following command:
chkconfig --list | grep table
The result is similar to this:

ip6tables
iptables
2.
0:off
0:off
1:off
1:off
2:on
2:on
3:on
3:on
4:on
4:on
5:on
5:on
6:off
6:off
To set the table values to off, enter the following commands:

[user@computer]# chkconfig iptables off
Then:
[user@computer]# chkconfig ip6tables off
3.
4.
14
To check that the values are off, enter the command from Step 1. All values should be set to
off.
Reboot the computer.
Confirm that you can log onto the Linux system as the root user.
Configuring a connection to the LM(i) computer
IBM DB2, LM(e), and the Security Server use port numbers 7890, 8000, 8080, and 50006. These
port numbers must be available when you install the products. If you must change these port
numbers after installation, you can find information on the Rocket Customer Portal website
(http://www.rocketsoftware.com/support), or contact technical support.
You must have access to the installation files.
Before you install, the system umask must be 0022.

In next release (6.4A?) the install program will change the umask to 0022. MARYS 20160721: Per
Juan and Terry this date: The installer does not do this.
Configuring a connection to the LM(i) computer

Configure a connection between LM(e) and LM(i) to manage LM(i) objects using LM(e). To configure the
connection you install IBM i Access Client Solutions on the LM(e) Linux computer to obtain the i Access
ODBC driver required for the LM(e) Linux server to communicate with the LM(i) IBM i server. You must
then edit the odbc.ini file and add LM(i) server information.
Prerequisites
These steps assume the following:
The Linux computer is Red Hat or CentOS 6.6 or higher (not 7.x or higher). IBM i Access Client
Solutions does not support Red Hat or CentOS 5.11.
You can log into the LM(e) Linux computer as root.
The Linux computer has Internet access.
You can download files from the IBM Entitled Software Support (ESS) web site. IBM customers
entitled to V7R1, V7R2 IBM i OS can download the i Access Client Solutions product. You must
download and install i Access Client Solutions version 1.1.0.3 or higher.
You know the user name and password of a user with a profile on the LM(i) computer.
Procedure
1.
2.
On the LM(e) computer, log in as root.

Enter the following command to verify that an ODBC driver is installed:
rpm -qa | grep unixODBC
If the ODBC driver is not installed enter the following command to install it:
yum install unixODBC
3.
Follow instructions at the following URL to download IBM i Access Client Solutions for Linux:
4.
5.
Copy the IBM i Access Client Solutions file to the /tmp directory on the Linux computer.
Enter the following command to navigate to the /tmp directory:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010355
cd /tmp
6.
Enter the following command to unzip the file:
7.
Enter the following command to navigate to the /tmp/iaccess/x86_64 directory:
8.
9.
unzip IBM_i_Access_Client_Solutions_-_Linux_AP_LCD8_2012_03.zip
-d iaccess
cd /tmp/iaccess/x86_64
Enter the following command to unpack the rpm file:

rpm -Uvh ibm-iaccess-1.1.0.4-1.0.x86_64.rpm
Open the /etc/odbc.ini file in an editor and add all of the following content to specify LM(i)
parameters. This includes all of the parameters and the values shown. On the first line, the name
15
of the IBM i computer must be enclosed in brackets. However, brackets are not used with any of
the parameter values. Including extra line spaces between each line item is optional:
[ibmi_servername]
Description
Driver
System
UserID
Password
Naming
DefaultLibraries
Database
ConnectionType
CommitMode
ExtendedDynamic
DefaultPkgLibrary
DefaultPackage
AllowDataCompression
LibraryView
AllowUnsupportedChar
ForceTranslation
Trace
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
[ibmi_servername]
IBM i Access ODBC Driver 64-bit
[ibmi_fqhn]
0
QGPL
0
2
0
QGPL
A/DEFAULT(IBM),2,0,1,0,512
1
0
0
0
0
Where [ibmi_servername] is the name of the IBM i computer that hosts LM(i), and [ibmi_fqhn] is
the fully qualified host name of the IBM i computer that hosts LM(i). For example:
[SERVERNAME]
Description = SERVERNAME
Driver = IBM i Access ODBC Driver 64-bit
System = SERVERNAME.domain.com
UserID =
Password =
Naming = 0
DefaultLibraries = QGPL
Database =
ConnectionType = 0
CommitMode = 2
ExtendedDynamic = 0
DefaultPkgLibrary = QGPL
DefaultPackage = A/DEFAULT(IBM),2,0,1,0,512
AllowDataCompression = 1
LibraryView = 0
AllowUnsupportedChar = 0
ForceTranslation = 0
Trace = 0
10. Enter the following command to test the LM(e) Linux to IBM i connection:
isql [ibmi_servername] [username] [username_pw]
Where [ibmi_servername] is the name of the IBM i computer that hosts LM(i). [username] is the
name of a user with a profile on the LM(i) computer. [username_pw] is that users password. You
should see a connection like this:
[user@ibmiserver ~]$ isql ibmiserver [username] [username_pw]
+---------------------------------------+
| Connected!
|
|
|
| sql-statement
|
| help [tablename]
|
| quit
|
|
|
+---------------------------------------+
SQL>
16
Installing LM(e)
Installing LM(e)
Run the LM(e) installation program to install LM(e), DB2 Express, and Security Server.
Prerequisites
If you will use LM(e) to manage LM(i) objects, you must have already installed IBM i Access Client
Solutions on the Linux computer before starting the LM(e) installation program. For information, see
the topic Configuring a connection to the LM(i) computer.
Make sure you have met all system requirements and server installation prerequisites.
About this task

LM(e) only supports the DB2 Express application that is installed with the LM(e) installation program.
You cannot install LM(e) on a computer with a DB2 Express application that was installed by a different
program.
You can install DB2 and LM(e) at the same time, or install DB2, then exit the installation program and
restart it later to install LM(e). Security Server is installed when you install LM(e).
For reference, installation log information is located in the following file:
/tmp/aldonadm/log/installer.log
After you install LM(e), you must enter product validation and feature codes in Security Server before
you can use LM(e).
Procedure
1.
2.
3.
Log in to the server computer as root.

Copy the installation file from the network share location where the installation files are stored to
the /tmp directory on the server computer.
To navigate to the /tmp directory, enter the following command:
4.
To unzip the installation program file, enter the following command:
5.
Where filename is the name of the installation program file.

To extract the installation program file, enter the following command:
6.
Where filename is the name of the installation program file.

To navigate to the /tmp/aldonadm directory, enter the following command:
cd /tmp
unzip [filename].zip
tar -xzvf [filename].tgz
7.
cd /tmp/aldonadm
To start the installation program, enter the following command:

./install
8.
9.
If any required packages are not present, a message is displayed and you are given the
opportunity to install them. Type y to install them.
On the Utility Menu, type 1 and press Enter to start the installation program.
When the message Is DB2 already installed? (Y/N) is displayed, take one of the following steps.
To install DB2, type N and press Enter. Then continue with step 10.
17
If you already used this installation program to install DB2 on this computer and are now
installing other components, type Y and press Enter. Enter the default password, which is
provided in the Installation Notes, and then continue with step 11.
If you installed DB2 on this computer with a program other than this installation program,
type N and press Enter. When the DB2 Configuration Menu is displayed, use option P to return
to the Utility Menu, and then use option E to exit the installation program.
10. To install DB2, type I and press Enter. Do not change the default values.
DB2 is installed.
11. On the Product Menu, take one of the following steps:
To install Security Server and LM(e), type 1,2 and press Enter.
To install Security Server, LM(e), and create an LM(e)-LM(i) connection, type 1,2,3 and press
Enter.
12. On the Security Server Configuration Menu, type 3 and press Enter. Then enter your company
name exactly as it appears in the Validations sheet, and press Enter.
13. Type N (Next) and press Enter.
14. On the LM(e) Configuration Menu, type N and press Enter to install LM(e).
15. On the LM(e) to LM(i) Configuration Menu, provide the following information:
Type 1 and press Enter. Then enter the host name, IP address, or fully qualified name of the
remote LM(i) server computer.
Type 2 and press Enter. Then enter the relational database directory name.
If the LM(i) program library is different from the library shown, type 3 and press Enter. Then
enter the name of the library.
16. On the Install Confirmation Menu, review the configuration information, and then perform one of
the following steps:
Type I and press Enter to install the configured products.

Type P and press Enter to go back to previous menus and either change configuration
settings, or exit the program and save the configuration information for a later installation.
To exit and save configuration information for a later installation, type P repeatedly to step
backwards through the menus until you get to the first screen, and then type E to exit the
program.
Type A and press Enter to exit the installation program without saving the configuration
information.
If you typed I, the program installs the LM(e) server, Security Server, Deployment Manager
Server, and Deployment Manager Server server. Then it automatically starts DB2 and Security
Server.
Next step
When you have installed all of the components, you must log into Security Server with your browser
and apply the license key and feature codes.
Logging into Security Server

After running the installation program, you must log into Security Server to perform basic postinstallation tasks, such as applying the license key and feature codes. After LM(e) is in production, use
Security Server to manage users, roles, and some configuration settings for the LM(e) server.
18
Applying the license key and feature codes
Prerequisites
You must successfully run the LM(e) installation program.
About this task

When you log into Security Server, an online session starts. The online session ends when you click
Logout. If you do not log out of the session, the session automatically ends when one of the following
situations occur:
The browser and Security Server have no interactions for 30 minutes.
The online session is still active after 12 hours.
If either situation occurs, the next time that you perform a task that requires an interaction between
the browser and the Security Server, you must log in again.
If you close the session without first clicking Logout, the online session continues until the 12-hour
limit is reached. During that time, you appear as an active user.
For best results when you work with the Security Server, keep these tips in mind:
Do not log into the Security Server if another administrator is already logged in.
Do not open multiple sessions of the Security Server in the browser.
Procedure
1.
2.
Open a browser, and enter the URL for the Security Server.
The URL has the following syntax: http://server_name:port/aldonsecurityservice, where
server_name is the host name or IP address of the computer on which the Security Server is
installed; port is the number of the non-SSL HTTP Connector, as defined in the AldonLM.conf
file (the default is 8080); and aldonsecurityservice is the name of the Security Server web
application.
Enter the administrator user name and password, and then click Login Security Server.
If this is the first time that anyone is logging into the Security Server, enter the user name
administrator and the password that was included in your installation package notes. You
are immediately prompted to change the password for the administrator ID.
Next step
If you just finished installing LM(e) and are configuring it for the first time, apply the license key and
feature codes.
Applying the license key and feature codes

After you install LM(e), log in to Security Server to apply the license key and feature codes.
Prerequisites
Have the Validations sheet available; it contains the license key and feature codes.
Have the Security Server administrator user name and password available.
About this task

The first instance of the LM(e) server that you install is, by default, the managing instance. You enter
all feature codes on the managing instance for LM(e). If you create an additional instance of an LM(e)
19
server, you do not enter the feature codes for Named users and Concurrent users, because the values
provided for the managing instance are applied to any LM(e) instance defined to this Security Server.
The following table describes the feature codes and where you enter them:
Feature code name
Apply to
Description
Number of deployment
locations
All instances
The maximum number of

deployment locations that can
be defined for the instance.
Product level code
All instances
Enables the instance.
LM(e) concurrent users
Managing instance only

concurrent users for all
instances. Concurrent users may
only log in to a product if the
maximum number of concurrent
users has not been reached.
LM(e) named users

named users for all instances.
Named users are always allowed
to log in to a product, regardless
of how many other users are
already logged in.
Web Portal named users
Enables use of the Lifecycle

Manager Web Portal, if installed
in your network, with any
instance of LM(e) that is
managed by this Security
Server. Named users are always
allowed to log in to a product,
regardless of how many other
users are already logged in.
Web Portal LM(e) deployment
Enables Web-Portal-based
deployment for all instances
of LM(e) that are managed by
this Security Server, if they are
associated with an installed
instance of the Web Portal.
Procedure
1.
2.
3.
4.
5.
20
Log into the Security Server as an administrator, and then click Manage Products and Instances.
Click the name of the LM(e) instance, and then click License.
In the License Key field, enter the license key that came with the Validations sheet, and then click
Verify.
If the license key is not valid, the message Invalid license key is displayed. If the license key is
valid, the Product Licensing page is displayed. This page lists the version number and instance
name of the LM(e) release; and the license key type and expiration date.
Enter a feature code in the Feature Codes field, and then click Verify New Feature Code. Repeat
this step for each feature code.
If a feature code is successfully validated, it is displayed in the table of feature codes, along with
the current value and expiration date of the code.
When you finish entering all feature codes, click Commit to activate the codes.
Creating the LM(e) administrator
Next step
Install and configure one LM(e) development client for the LM(e) administrator to use for configuring
LM(e). See Installing the LM(e) client on Microsoft Windows, on page 29.
If you entered Web Portal feature codes, then you must separately install the Lifecycle Manager Web
Portal software. Refer to your Rocket Aldon Lifecycle Manager Web Portal Installation and Maintenance
Guide for complete instructions.
Creating the LM(e) administrator

Define a user record in the Security Server for the LM(e) administrator who will define the elements
required to manage your development, promotion, and deployment activity in LM(e).
Prerequisites
The user who you will specify as the LM(e) administrator must be a registered user on the Linux
computer that hosts LM(e), with a login user name and password.
About this task

The reason to define a user other than the default administrator user in Security Server is that each
user that logs into LM(e) must have a user record defined on the Linux server. Even if 'administrator'
had a Linux log on, you would not be able to know who the user really is from the activity log since it
would only show the user as administrator. From an auditing perspective, it is not recommended to
use administrator as an LM(e) log on.
After creating the LM(e) administrator user record in Security Server, you assign the administrator the
role Product Roles.
1.
2.
3.
Create the user record:

a. Log into the Security Server with an administrator user name and click the Manage Users
tab.
b. Click Add.
c. On the Manage a Registered User page, enter a unique user name and an optional
description for the user.
d. Select the Enable access to Rocket Aldon products check box, and then click Next.
e. In the Lifecycle Manager area, locate the Lifecycle Manager (Enterprise) entry and click
LM(e) Named, LM(e) Concurrent, or None to specify the users license type. Select WP
Named if this user is to be allocated a named user license to use the Web Portal.
f. Verify that the instance of LM(e) to which you want to give the user access has Enabled
checked, and then click Next.
g. In the Login ID field, type the users ID login name as defined on the Linux server. The value is
case sensitive.
Assign the user the Product Roles role:
a. Click the Role Membership tab.
b. In the Registered Users section, click the new user.
c. In the Managed Objects section, click the server name.
d. In the last pane, select Product Roles.
e. Click Commit Role.
Assign the Product Roles role LM(e) administrative authorities:
a. Click the Role Authorities tab.
b. In the Roles section, click Product Roles.
21
c.
d.
e.
In the Managed Objects section, click the server name.

In the last pane, click Grant All to authorize this role to the global level actions.
Click Commit Authorities.
Next step
To access LM(e), the LM(e) administrator installs the LM(e) client for Windows.
Changing the default passwords

After installing LM(e) and applying the license key and feature codes, the recommendation is that you
change the default DB2, Security Server, and Apache Tomcat passwords.
Changing the DB2 passwords

The DB2 instance owner, aldondbi, and the DB2 administration server user, dasusr, are created by
default when you install DB2. To improve the security of the system, change their default passwords.
This is not required.
By default, the aldondbi password is encrypted when you install LM(e). You can run the
chpwconf.pl script to change the password. When you run the script, you can include the -e option
to encrypt the new password. If you do not include the -e option, the password will be stored as
readable cleartext, which is less secure. Before you change the password with the encryption option,
you must make note of the new password. When you upgrade LM(e), you will be required to provide
the new password.
1.
To change the password for aldondbi, complete these steps:

a. On the LM(e) host computer, log in as root.
b. Enter the following command to start the script that you use to change the password:
/opt/aldon/util/current/chpwconf.pl -e
2.
c. Type the new password, and then confirm the new password.
To change the password for dasusr, on the LM(e) host computer, log in as the dasusr and enter
the default password that is provided in the Installation Notes document. Then use the passwd
command to change the password.
Changing Security Server passwords

When you install the Security Server, two users are created: aldonadm and administrator. For security
reasons, you should change the default passwords for these users.
The Security Server application uses the aldonadm user to perform tasks on the Linux computer
that hosts it. To change the default password for aldonadm, log into the Linux computer that hosts
Security Server as aldonadm using the default password. Then use the operating system's passwd
command to change the password.
You must log into Security Server as administrator to make changes. The first time that you log into
the Security Server, you are prompted to change the default password for administrator.
To view the default passwords for aldonadm and administrator, see the Installation Notes document
provided with LM(e).
22
Changing the Apache Tomcat administrator password
Changing the Apache Tomcat administrator password

Security Server administrators can change the password for the Apache Tomcat administrator user at
any time.
Prerequisites
To change the Apache Tomcat administrator user password, you require the default Tomcat
Authentication Log In credentials. These credentials are provided in the Installation Notes for Security
Server & LM(e) document, which is available from the Aldon Lifecycle Manager Enterprise page of the
Rocket Customer Portal.
About this task

It is optional, but recommended, that you change any default passwords after installation. Keep new
passwords in a safe and retrievable place.
Procedure
1.
2.
3.
4.
5.
6.
Open a web browser and log in to Security Server. See Logging into Security Server, on page 18
if needed.
On the Where would you like to start? page, click Configuration.
In the Tomcat Admin User Name list, accept the default user name, if it applies, or select a
different name.
Type the current password in the Old Tomcat Password field.
Type the new Tomcat password in the New Tomcat Password field and in the Verify Tomcat
Password field.
Click Save Changes.
You do not need to stop and restart Security Server after making this change.
Starting and stopping servers

Use commands to start and stop IBM DB2, the LM(e) server, the Security Server, and the Deployment
server applications.
Before you use a stop command, confirm that all users are logged off.
The start, stop, and restart commands automatically start, stop, and restart the applications in
the correct order. If you choose to start and stop applications manually, you must start and stop them
in the following order:
Start order:
1.
2.
3.
4.
IBM DB2
Security Server
LM(e) server
Deployment server
Stop order:
1.
2.
3.
4.
LM(e) server
Security Server
Deployment server
IBM DB2
23
Note: If you are not licensed to deploy to target locations, use the stopdm command to stop just
the Deployment server and save system resources.
1.
2.
On the computer where the applications were installed, log in as the root user.
Use the following syntax to run a command:
/etc/init.d/aldonsys option
where option is one of the commands in the following table:

Command
Description
status
Displays the status of DB2, the LM(e) server,

the Security Server, the Deployment Manager,
and the Deployment server applications. For
example, it would show all applications as
running.
If the LM(e) server is started but the database
verification process has not completed
yet, then the LM(e) server status shows as
"initializing" until that process completes.
The amount of time that database verification
requires depends on the size of the ALDONLM
database.
start
Starts the LM(e) server, Security Server, DB2,

Deployment server, Deployment Manager, and
Administration server applications.
stop
Stops the LM(e) server, Security Server, DB2,

Deployment server, Deployment Manager, and
Administration server applications.
restart
Stops and then restarts the LM(e) server,

Security Server, DB2, Deployment server,
Deployment Manager, and Administration
server applications.
startdb2
Starts DB2.
stopdb2
Stops DB2.
startss
Starts the Security Server.
stopss
Stops the Security Server.
startlm
Starts the LM(e) server.
stoplm
Stops the LM(e) server.
startdm
Starts the Deployment server.
stopdm
Stops the Deployment server.
Post-installation administration
After you have installed LM(e) and completed basic configuration, you can perform these tasks to
monitor and configure the server before users start working.
24
Checking server status
Checking server status

After you install LM(e), if you cannot log into a product instance or into the Security Server, check to
see whether the servers are running.
Prerequisites
This task assumes that you have root user credentials for the computer that hosts the LM(e) server.
Procedure
To verify that all of the required servers are running, perform the following task:
Log in as the root user on the computer that hosts the LM(e) server, and then enter the following
command:
/etc/init.d/aldonsys status
The status of IBM DB2, Security Server, LM(e) server, Deployment Manager Server, and Deployment
Manager Server server is displayed.
Setting Load Inventory directory permissions

To load files into LM(e) using the Load Inventory function, you must set appropriate read and execute
permission on the folder containing the files.
The Load Inventory function is a quicker way to add a large number of parts to an LM(e) release than
adding and then checking in each part. The function adds parts to the Inventory environment, and
is generally used to add parts that are no longer in development, but in a completed state. For more
information on the function, see the Rocket Aldon Lifecycle Manager (Enterprise Edition) How Do I...?
User's Guide
The Load Inventory function loads parts from a directory on the Linux operating system into the
Inventory environment of the release. Before users can run the function, you must grant users in the
owners group, and other users not in the owners group, read and execute permission to the directory
that contains the parts to load. For example, if the parts to load are in the home/user1/parts
directory, Group and Other must have read and execute permission to the /parts directory.
To set the file permissions, enter the following command:
chmod 755 path/directory_name
Where path is the path to the directory containing the parts, and directory_name is the name of the
directory containing the parts.
Running a database integrity report

Verify the integrity of database tables that are fully-versioned and generate a report that describes any
errors that are found.
Each time the product is started using aldonsys start command, an integrity report can
run on the LM(e) database (aldonlm). The report shows the results of a check for consistency and
required triggers. This topic describes running an integrity report either manually, or setting it to run
automatically when the Dispatcher job starts (the Dispatcher job starts when the LM(e) server starts).
25
For each fully-versioned table, the database integrity report lists the total number of rows and details
about the rows that have errors. The report also lists tables that are not checked because they are not
fully-versioned.
To run the report automatically when the Dispatcher job starts, set the DoDBCheck parameter in the
AldonLM.conf file, which is in the /opt/aldon/aldonlm/current/etc directory. Specify one
of the following values for the parameter:
0 Do not run a report.
1 Run a full database check and a trigger check.
2 Run a full database check; do not run a trigger check.
The default value is 2.

If the DoDBCheck parameter is set to 1 or 2, the report runs when the Dispatcher job starts. Errors are
reported in the Dispatchernnnnn.out file, where nnnnn is the program ID of the active Dispatcher
job. That file is located in the /var/log/aldon/aldonlm directory. To find validity-checking
errors in the report, search on ***.
To run the report manually, complete the following steps. (When you run a report manually, it runs a
trigger check):
1.
2.
Sign onto the LM(e) server as the root user or as a user that has root user privileges.
Change to the following directory:
3.
On the command line, type one of the following commands:
4.
cd /opt/aldonlm/current/bin
Command
Result
./vfyvdb
If no errors are found, the following message is

displayed: NO PROBLEMS FOUND.
./vfyvdb -v
The full report is displayed, even if no errors

are found.
./vfyvdb -v >vfyvdbrpt
The full report is saved in an output file that is

named vfyvdbrpt in the current directory.
To find validity-checking errors in the report, search on ***. If you find errors, contact technical
support.
Checking for active LM(e) users

Check whether users have active sessions with the LM(e) server, and then end those sessions before
shutting the server down for administrative reasons. You can ask users to log out, or end their sessions
from Security Server.
Prerequisites
You must have administrator access to Security Server.
About this task

Active users are users who currently have an open connection to the LM(e) server, whether they are
performing tasks on the server or not. There are two types of sessions: interactive and deferred.
Interactive are sessions in which the user can take actions on LM(e). Deferred are sessions for
processes that are waiting in a queue to act on the server, such as batch files that are waiting to be
run.
26
Restarting an installation
Perform the following steps to see users with active sessions, and end those sessions.
Procedure
1.
2.
3.
4.
5.
Log into Security Server as an administrator.

Click the Manage Products and Instances tab.
Click the name of the LM(e) server, and then click Users.
The Active Users column displays the number of users with active sessions with the LM(e) server.
To end active user sessions, take either of the following steps:
To end sessions per user, click Show Active. In the users row, click Interactive and Deferred
in the End Active Sessions column to end interactive or deferred sessions for a particular user.
To end all active sessions, in the Terminate Sessions section, set the number of hours for
interactive sessions to zero (0), and then click End Active Sessions. If there are deferred
sessions, set the number of deferred session hours to zero (0), and then click End Deferred
Sessions.
Restarting an installation
If you exit the installation program after you configure some or all of the products, you can restart the
installation program and continue where you stopped.
Prerequisites
You exited the installation program before completing installation using the P and then E options,
which saves the configuration settings. You did not exit the installation program using the A option
which does not save the configuration settings. If you did not save the configuration settings, you
must start the installation program from the beginning.
You installed at least IBM DB2.
You did not change anything in the /tmp/aldonadm installation directory after exiting the
installation program.
Procedure
1.
On the computer on which you ran the installation program previously, enter the following
command to change to the directory where the installation files are located:
2.
Type ./install to start the installation program.
3.
4.
5.
6.
cd /tmp/aldonadm
Type 1, press Enter.

Type the DB2 database password, and press Enter. This password is provided in the Installation
Notes document.
On the Product Menu, review the status of each product, and then perform any of the following
steps:
To review the configuration for a product, type the option number for the product, and then
press Enter. If necessary, modify the configuration, and then type P to return to the Product
Menu.
To configure a product, type the option number for the product, and then press Enter. Type
the required configuration information, and then type P to return to the Product Menu.
When all products are configured, type I and then press Enter to install the products.
27
Chapter 3: Client installation

The installation program for the LM(e) Client for Microsoft Windows also installs the Deployment
client, the LM(e) command line client for Microsoft Windows, the LM(e) Extension for Microsoft
Windows Explorer, and the LM(e) Subversion Integration.
Installing the LM(e) client on Microsoft Windows

The LM(e) client for Microsoft Windows includes the graphical client, the command line client,
the Deployment client, the SVN Integration, the Extension for Windows Explorer, and the AldCS
middleware that handles server connections.
The graphical client gives developers access to LM(e) functions through a set of windows and dialogs,
and it is used by administrators to configure default settings and releases in which files will be
managed.
The command line client allows developers who prefer a command line environment to associate
a working directory with an LM(e) release and perform LM(e) actions against files in the working
directory using the Windows command line.
The Deployment client is not typically used on computers where development takes place, and can be
ignored. If you want to receive deployed changes on this client computer, additional configuration is
required after installation. Refer to Configuring the Deployment client on Microsoft Windows, on page
43.
The Extension for Windows Explorer allows developers to issue LM(e) commands against files in a
designated working directory using a mouse and standard context menus. Additional configuration is
required after installation. Refer to the Rocket Aldon Lifecycle Manager (Enterprise Edition) Extension for
Microsoft Windows Explorer for configuration and usage instructions.
The SVN Integration allows SVN developers to keep their SVN projects in sync with an LM(e) repository
so they can take advantage of LM(e) build and deployment features. Additional configuration is
required to use this feature. Refer to the Rocket Aldon Lifecycle Manager (Enterprise Edition) Subversion
Integration Administrator's Guide for configuration and usage instructions.
The AldCS middleware manages connections between LM(e) clients and the server and must be
configured before a client can make a server connection. Configuration instructions are included with
the client installation instructions.
1.
2.
3.
4.
5.
28

Install the LM(e) client for Microsoft Windows on Windows computers in your network where
programmers develop software.
Creating an LM(e) server definition
After you install the LM(e) client, you edit the client configuration file to identify the LM(e) server
to which this client connects.
Editing the firewall exceptions list
You must add the LM(e) client program file to the Microsoft Windows firewall exceptions list so
that you can make a connection to the LM(e) server.
Configuring the LM(e) command line interface on Microsoft Windows
To make the command line interface easier to use interactively, set a Windows path environment
variable. Then you do not need to include the full path when you issue a command.
Enabling the LM(e) Extension for Windows Explorer
The extension makes a subset of the most commonly used LM(e) commands available from
Windows Explorer context menus.

Install the LM(e) client for Microsoft Windows on Windows computers in your network where
programmers develop software.
Prerequisites
Have access to a user profile that has local administrator rights on the computer where you are
installing the software. Ask your Windows system administrator if you are not sure whether you
have administrator rights.
You must have access to the client installation file.
Obtain the following information from the LM(e) administrator, or from the person who installed
the LM(e) server:
The IP address, short host name, or fully qualified host name of the computer that hosts LM(e)
server.
The port number for the Affiniti Dispatcher service on the LM(e) server. The port number is
contained in the /etc/services file and the parameter is Affiniti_Dispatcher. The default
port number is 7890.
About this task

If network performance is suitable, you can run the installation program from the shared network
location. Otherwise, copy the installation program and the supporting files and folders to a local folder
before installing.
Procedure
1.
2.
3.
4.
5.
Log in to the client computer.

Navigate to the network share location where the installation files are stored.
Copy the installation files to a local folder on the client computer.
Open the folder on the client computer and double-click the setup.exe file to run it.
Follow the prompts to install the client programs.
Next topic: Creating an LM(e) server definition

Parent topic: Installing the LM(e) client on Microsoft Windows
Creating an LM(e) server definition

After you install the LM(e) client, you edit the client configuration file to identify the LM(e) server to
which this client connects.
Prerequisites
To define an LM(e) server connection, you must know:
29
The long host name, short host name, or IP address that identifies the LM(e) server computer on
the network. An example of a long host name is server.companydomain.com. An example of a short
host name is server. An example of an IP address is 192.168.1.1.
The port number of the Affiniti_Dispatcher service on the Linux computer that hosts the LM(e)
server. The port number is contained in the /etc/services file, the Affiniti_Dispatcher
parameter.
About this task

To log in to an LM(e) server from the LM(e) client computer, you must create a connection definition
for the server.
Procedure
1.
2.
3.
4.
5.
6.
7.
8.
9.
To open the Lifecycle Manager Client Services (LMCS) Configuration Editor, click Start
program_location Aldon LM x.x LMCS Configuration Editor, where program_location is
Programs on Windows 8 and Windows 2003, or All Programs on Windows 7 and Windows Server
2008; and where x.x is the LM(e) version number.
To define an LM(e) server connection, locate the LM(e) server instances section.
Locate the line in the section that is marked with an asterisk (*).
Click in the first field and type any arbitrary instance name that you want to assign to the server
that you are defining. An example might be LMeServer. You must specify this instance name,
exactly as you define it here, when you are signing in from the LM(e) client.
Tab to the next field, and type the host name or IP address that identifies the server computer on
the network.
Tab to the last field, and type the Dispatcher port number.
Press Enter to store the entry.
Click Save, and then click Close.
For Windows systems with IPV6 enabled, the aldcs client listens on the IPV6 localhost IP
address, ::1. When the local hosts file on Windows is modified to lookup the IPV4 address for
localhost, the user may receive the error, AFF3434: Unable to connect to port/service '55555' on
server 'localhost'. Perform the following steps to ensure that aldcs launches correctly:
a. In Windows Explorer, navigate to the C:\Windows\System32\drivers\etc folder.
b. Open the hosts file in an editor.
c. In the following section make sure both entries are commented out with a # symbol:
# localhost name resolution is handled within DNS itself.
#
127.0.0.1
localhost
#
::1
localhost
Next topic: Editing the firewall exceptions list

Previous topic: Installing the LM(e) client on Microsoft Windows
Editing the firewall exceptions list

You must add the LM(e) client program file to the Microsoft Windows firewall exceptions list so that
you can make a connection to the LM(e) server.
If the Microsoft Windows firewall is running on the computer where the LM(e) client is installed, you
must add the aldcs.exe file to the firewall exceptions list.
Perform one of the following steps to edit the firewall exceptions list:
30
If the Microsoft Windows firewall is on, then the first time that you attempt to sign in to the LM(e)
client, the Security Alert dialog box prompts you to choose between continuing to block the client
program or unblocking it. Click Unblock to add the client program to the firewall exceptions list.
From the computer where the LM(e) client is installed, click Start Control Panel Windows
Firewall. On the Exceptions tab, click Add Program and navigate to and select the aldcs.exe
file. Click Open, and then click OK twice.
The AldCS.exe file is located in the C:\Program Files (x86)\Aldon\Aldon LM x.x

directory, where x.x is the LM(e) client version number.
Next topic: Configuring the LM(e) command line interface on Microsoft Windows
Previous topic: Creating an LM(e) server definition

To make the command line interface easier to use interactively, set a Windows path environment
variable. Then you do not need to include the full path when you issue a command.
For complete information about the command line interface, refer to the Rocket Aldon Lifecycle
Manager (Enterprise Edition) Setup and Special Topics User's Guide.
The command line interface is installed with the LM(e) client.
Although you can enter commands directly at the command line, the more typical use for these
commands is to automate builds and deployment. The command interface is also useful when other
applications need to use LM(e) as a source code control provider and use the command processor as
the interface, rather than using the Microsoft Source Code Control Interface (SCCI) specification.
1.
To set the path environment variable for the current session only, complete the following steps:
a. From the Windows computer on which the LM(e) client is installed, click Start All
Programs Accessories Command Prompt.
b. Enter the following command to set the path environment variable to the default installation
folder for the LM(e) client:
set path=%path%;C:\program_location\Aldon\Aldon LM x.x
where program_location is the folder where installed programs are stored on this Microsoft
Windows computer, and x.x is the LM(e) version. The default program location is Program
Files (x86). Enclose the path location in double quote marks when the path includes a
space, for example:
2.
set path=%path%;"C:\Program Files (x86)\Aldon\Aldon LM 6.4"
To set the path environment variable permanently, complete the following steps:
a.
b.
Open the Windows Control Panel and then click System. On the Advanced tab, click
Environment Variables.
Perform one of the following steps:
If no path variable is defined in the User variables area, click New and then in the
Variable name field, type path. In the Variable value field, type the path to the folder
where the LM(e) client is installed.
If a path variable is defined in the User variables area, select the path variable, and then
click Edit. In the Variable value field, press the End key to position the cursor at the end
of the existing value. Then type a semicolon, followed by the path to the folder where the
LM(e) client is installed.
The default installation location for the LM(e) client is C:\program_location\Aldon

\Aldon LM x.x, where program_location is the folder where installed programs are
stored on this Microsoft Windows computer and x.x is the LM(e) version number.
31
c.
Click OK to save the path setting.
Next topic: Enabling the LM(e) Extension for Windows Explorer

Previous topic: Editing the firewall exceptions list
Enabling the LM(e) Extension for Windows Explorer

The extension makes a subset of the most commonly used LM(e) commands available from Windows
Explorer context menus.
Prerequisites
The LM(e) client must be installed on the Windows computer. The LM(e) Extension for Windows
Explorer is installed along with the LM(e) client.
About this task

The extension makes the following commands available:
Refresh
Get Latest Version
Get Latest Version Always
Check Out
Check In
Cancel Check Out
Add File
In addition, the extension includes Setup commands that you use to configure your working
environment.
Procedure
1.
2.
3.
4.
On the Microsoft Windows computer that has the LM(e) client installed on it, use Microsoft
Windows Explorer to navigate to the location where the LM(e) client is installed.
The default location for the LM(e) client is C:\Program Files (x86)\Aldon\Aldon LM
x.x directory, where x.x is the LM(e) client version number.
Locate and open the file named LMShellExt.ini in a text editor.
Edit the settings in the file so that they match the following entries:
UseShellDecorators=1
UseLMMenu=1
Save and close the file, and then restart the computer.
Next step
After you enable the extension, you can define a working environment and begin managing files with
LM(e) directly from the file explorer window. For complete usage instructions, refer to the Rocket Aldon
Lifecycle Manager (Enterprise Edition) Extension for Microsoft Windows Explorer.
Previous topic: Configuring the LM(e) command line interface on Microsoft Windows
32
Defining the working environment to LM(e)
Defining the working environment to LM(e)

Before you can use the LM(e) commands in Windows Explorer, you must associate the local working
directory with your release in the LM(e) repository.
Prerequisites
The LM(e) client must be installed on the Windows computer. The LM(e) Extension for Windows
Explorer must be enabled.
About this task

For complete usage information, refer to the Rocket Aldon Lifecycle Manager (Enterprise Edition)
Extension for Microsoft Windows Explorer.
Procedure
1.
2.
3.
On the Windows computer where the LM(e) client is installed, open a Windows Explorer window
and navigate to the directory location where you plan to work.
Right-click in the file area, and choose LM(e) x.x Setup Initialize.
On the Initialize dialog box, complete the following fields, and then click OK twice:
Field
Description
Instance
Type the name that you assigned to the LM(e)

server instance when you installed the LM(e)
client. Look up the instance name by opening
the LMCS Configuration Editor and locating
the server definition entry under LM(e) server
instances.
Group
Type the name of the LM(e) group that

includes your application.
Application
Type the application name.
Release
Type the release name.
Version Number
Type the version that is associated with the

release that you specified.
Path Designator
Type the name or number that LM(e)

combines with the other values to uniquely
identify the repository location that you want
to work with.
The initialization process creates an LM(e) control directory named .aldlme in the working
directory location. LM(e) stores the information about the repository location that is associated
with this working directory in the control directory.
4.
5.
6.
Right click in the file area of the Explorer window, and choose LM(e) x.x Setup User Signon.
Type your LM(e) user name and password, and then click OK.
Right click in the file area, and choose LM(e) x.x Setup Set Developer Environment.
The command returns output that is similar to the following lines:
Path: C:\Development\MyGrp\MyApp\MyRel(1.0)
set for path designator: 1
33
in development environment SYS-010000000003
LM(e) requires a development environment to do its work. This command associates a clientbased development environment with the working directory path.
Once initialized, the working environment remains set until the user re-positions to a new
directory and re-initializes to another release to work on another project.
JE: What happens then? Does the first initialization break? Can you only have one per client
machine?
Installing the LM(e) client on Linux, UNIX, or Mac

Developers can manage their code by installing the LM(e) command line client on Linux, UNIX, or Mac
OS X.
1.
2.

Install the LM(e)command line client for Linux, Unix, or Mac OS X, and the Rocket Aldon Client
Services middleware (AldCS).
Adding the command line executable program to the PATH environment variable
To use the command line most easily, add the path for the command line executable program to
the PATH environment variable. Then you can issue commands without qualifying them with the
full path name.

Install the LM(e)command line client for Linux, Unix, or Mac OS X, and the Rocket Aldon Client Services
middleware (AldCS).
Prerequisites
You must have root access to the client computer.
The computer must have an Internet connection for downloading required system packages.
If the computer is a Red Hat system, it must be licensed and configured to use the Red Hat
Network.
You must have the host name and port number of the LM(e) server.
You must have access to the client installation file.
About this task

These steps describe installing the command line client and the Client Services middleware, which
is known as AldCS. AldCS is used on LM(e) client computers to establish and manage connections
between LM(e) client programs running on client computers in your network, and LM(e) server
programs running on the server computer.
This installer can also install the LM(e) Deployment client and the Lifecycle Manager Web Portal
(Linux only) products. For information on installing those products, see the topic Installing and
configuring the Deployment client on Linux, UNIX, and Mac OS X, and see the Web Portal installation
documentation.
Procedure
1.
34
Log into the client computer as root.
2.
3.
Copy the installation files from the network share location where the installation files are stored
to the /tmp directory on the client computer.
To change the current directory to /tmp, enter the following command:
cd /tmp
4.
To extract the downloaded file, enter the following command:
5.
where filename represents the name of the installation tarball.

To change directory to /tmp/aldcs, enter the following command:
gunzip -c filename.tgz | tar -xvf -
cd /tmp/aldcs
6.
To start the installation, enter the following command:
7.
The installer identifies itself and its purpose, prompts you for information about your LM(e) server
computer, and asks whether you want to provide information about your LM(e) server now. Read
all information and prompts. Do one of the following:
./install --lmc
Type y to supply host information for your LM(e) server, and press Enter; then skip to Step 8.
Type n and press Enter to skip this step. You can supply this information later, or correct the
information you supply now, by opening the following file:
/opt/aldon/aldonlmc/current/etc/aldcs.conf
Then edit the following value:
#LM(e) server instances (previously named "[server-instances]")
[LMe-instances]
LMeServer=[lme_hostname]/[port_number]
Where lme_hostname is the full host name of the LM(e) instance, for example
myserver.company.com, and port_number is the port number through which the client will
communicate with the instance. The default port number is 7890. Add one definition for each
LM(e) instance that the client will communicate with.
Skip to Step 10.
8.
Type the host name of the LM(e) server instance you plan to use, and press Enter.
The installer asks you to confirm your entry and gives you an opportunity to correct it if
necessary.
9. Accept the default port, or enter the port number for your LM(e) server instance.
The installer asks you to confirm your port number entry, and gives you an opportunity to correct
it if necessary.
10. After you confirm the port number, the installer proceeds. When the LM(e) command line client
phase of the installation completes, a confirmation message is displayed.
11. Note the information in the confirmation message about the instance name (LMeServer by
default), and the sentence about adding the software installation directory to your path.
It is not mandatory to add this location to your path; however, using the command line is easier if
you do, because it keeps you from having to fully qualify the ald command every time you run it.
If you decide to add this location to your path, you can either use the instructions provided in the
topic Adding the command line executable program to the PATH environment variable, or you
can follow the instructions for setting the user path provided on your shells man pages.
12. To make sure that the command line client is installed, enter the following command:
ald -v
35
Note: If you have not added the client installation directory to your path, run the following
command instead:
/opt/aldon/aldonlmc/current/bin/ald -v
The command should return the version of the AldCS application.

Parent topic: Installing the LM(e) client on Linux, UNIX, or Mac
Adding the command line executable program to the PATH

environment variable
To use the command line most easily, add the path for the command line executable program to the
PATH environment variable. Then you can issue commands without qualifying them with the full path
name.
Prerequisites
You must have root user credentials, or credentials for a user that has sudo access to root.
These steps assume you are using the Bash shell. If you are running a shell other than Bash, ask you
administrator how to add the command line executable to the PATH environment variable for your
shell.
About this task

You can permanently define the path to the command line executable for individual existing users or
for users that get added in the future. You can also temporarily define the path for the duration of a
command line session.
Procedure
1.
2.
Log in using credentials that meet the stated prerequisite.

Take any or all of the following steps:
To permanently define the path for existing users, edit the .bashrc shell configuration file in
each users home directory and add the following statement, and then save and close the file:
PATH=$PATH:/opt/aldon/aldonlmc/current/bin
export PATH
Then enter the following command to source the .bashrc file:

source .bashrc
To permanently define the path for new users, edit the /etc/skel/.bashrc shell
configuration file and add the following statement, and then save and close the file:
PATH=$PATH:/opt/aldon/aldonlmc/current/bin
export PATH
Then enter the following command to source the .bashrc file:

source .bashrc
36
Configuring multiple LM(e) users on a shared client computer
Next step
If multiple users will share the client, configure separate port numbers and log files for them.
Parent topic: Installing the LM(e) client on Linux, UNIX, or Mac
Configuring multiple LM(e) users on a shared client

computer
Users who share a copy of the LM(e) client software on a single computer require their own port
number and log file.
Prerequisites
The client installation must be completed before following these steps.
About this task

These steps apply only when multiple users share an installed copy of an LM(e) development client on
a single computer with any supported operating system.
1.
2.
Log in to the client computer using credentials that have administrator permissions.
Open the startaldcs.conf file for editing.
On Microsoft Windows clients, this file resides in the following directory:
C:\program_files_dir\Common Files\Aldon
Where program_files_dir is Program Files (x86) on 64bit versions of Microsoft Windows

and Program Files on 32bit versions of Microsoft Windows.
On Linux, UNIX, and Mac clients, this file resides in the following directory:
/opt/aldon/aldonlmc/current/share
3.
Add a set of entries for each LM(e) user that shares this computer to the bottom of the file. Each
users entry set must use the following format:
[x.x_username]
port=nnnnn
4.
where x.x is the AldCS version number, username is the sharing users log-in name, and nnnnn
is the port number you want to assign for communications between the designated user on this
client and the LM(e) server. The AldCS version number appears in brackets at the beginning of the
file. The port number that you specify must not be in use, whether by another LM(e) user or by
another application.
Save and close the startaldcs.conf file.
37
Chapter 4: Deployment installation

You can copy a set of parts from an LM(e) release environment to one or more networked computers
by deploying the set. Typically, you deploy a set of parts for a specific purpose, such as checking a
development build, quality assurance testing, or posting a production build.
Deployment requires interaction between the LM(e) server, IBM DB2 server, Deployment server, and
Deployment clients. Deployment servers interact with LM(e) and DB2 servers, and Deployment clients
interact with Deployment servers.
For more information on deploying parts, see the Rocket Aldon Lifecycle Manager (Enterprise
Edition) Deployment Administration User's Guide in the Rocket Documentation Library at http://
docs.rocketsoftware.com.
Planning deployment environments
You can install and configure deployment environments with the LM(e) server, DB2 server, and
Deployment server on one computer. Or you can install and configure an environment with the
LM(e) and DB2 servers on one computer, and one or more remote Deployment servers on their own
computers.
You typically install one or more Deployment clients on their own computers. Deployment clients
on computers in the same network as their Deployment server are internal; Deployment clients on
computers in different networks than their Deployment server are external.
Encrypting deployments
By default, interactions between Deployment servers and Deployment clients are unencrypted, but
you can configure servers and clients to use SSL encryption. After you configure encryption on a
server, you must configure encryption on all of its clients. You cannot have a mixture of encrypted and
unencrypted clients working with an encrypted server. See Configuring deployment encryption.
1.
2.
3.
4.
5.
Installing remote Deployment servers

To install a Deployment server on its own computer, run the Deployment server installation
program on the computer.
Configuring Deployment servers
You can specify several Deployment server parameters to use values other than the default
values. If the Deployment server was installed with LM(e), specifying the parameters is optional. If
the Deployment server is remote (installed on its own computer) you must specify one parameter.
Providing Deployment client information
After configuring the Deployment server for encrypted deployment, you must provide information
to the person or persons who will configure the Deployment clients in the network.
Installing Deployment clients
Install the LM(e) Deployment client on a computer in your network where you want to receive
software changes. A Deployment client computer can be running Microsoft Windows, Linux, UNIX,
or Mac operating systems.
Registering external Deployment clients
Deployment clients are external when they are installed on computers in a different network than
the Deployment server with which they interact. You must register external Deployment clients
with the DB2 server.

To install a Deployment server on its own computer, run the Deployment server installation program
on the computer.
38
Prerequisites
Make sure you have met the system requirements for remote Deployment servers. See System
requirements, on page 8.
Make sure the server on which you are installing the Deployment server does not have a DB2 server
installed. The Deployment server installation program will not run on a computer with an installed
DB2 server.
You must have already installed the DB2 server and LM(e) server that the Deployment server will
work with.
You must stop the LM(e) and DB2 servers.
The Deployment server installation program installs a DB2 runtime client so that the Deployment
server can communicate with the DB2 server. The DB2 server must be the same version as the DB2
client that is packaged with the Deployment server installation program.
Know the host names of the DB2 server computer, the LM(e) server computer, and the computer on
which you are installing the remote Deployment server.
About this task

These steps install a Deployment server for the first time. If you are upgrading a remote Deployment
server, see Upgrading remote deployment servers.
Procedure
2.
Copy the REMOTE_SERVER.tgz file from the /opt/aldon/SaveArea directory on the LM(e)
server computer to the /tmp directory on the Deployment server computer.
To extract the file, enter the following command :
3.
Extracting the file creates a /tmp/aldonadm directory.

4.
To install the Deployment server, enter the following command:
5.
Take the following steps:

a. When prompted, enter the DB2 server computer host name.
b. When prompted, enter the Security Server computer host name.
c. When prompted, enter the LM(e) server computer host name.
1.
tar -xzvf REMOTE_SERVER.tgz -C /
6.
7.
8.
cd /tmp/aldonadm
./dm-install
The Deployment server is installed.

Open the /opt/aldon/aldonlm/current/etc/distserver.properties file and
specify the DB2 server computer name in the database.server parameter.
Log into the DB2 server computer, open the /etc/init.d/aldonsys script file and specify
the fully qualified host name of the remote Deployment server in the DM_REMOTE_HOST
parameter.
If you install multiple remote Deployment servers, specify all of the fullly qualified host names
for the DM_REMOTE_HOST parameter, enclosed in parentheses and separated by spaces. For
example:
DM_REMOTE_HOST=(dmserv1.enterprise.com dmserv2.enterprise.com)
To start the remote Deployment server, on the DB2 server computer enter the following
command:
/etc/init.d/aldonsys startdm
39
Install Deployment clients. See Installing Deployment clients.

Parent topic: Deployment installation
Configuring Deployment servers

You can specify several Deployment server parameters to use values other than the default values.
If the Deployment server was installed with LM(e), specifying the parameters is optional. If the
Deployment server is remote (installed on its own computer) you must specify one parameter.
Prerequisites
Confirm the following prerequisites:
You must have root access to the Linux server that hosts the Deployment server.
You must have read and write file permissions to the Deployment server properties file,
distserver.properties, located in the /opt/aldon/aldonlm/current/etc folder.
You must obtain the Deployment server port from your network administrator.
About this task

You can check whether the Deployment server is running, and start, stop, or restart the Deployment
server, using the /etc/init.d/aldonsys command. For information on using the command, see
the topics Checking server status and Starting and stopping servers.
Procedure
1.
2.
Log in as root to the Linux computer that hosts the Deployment server.
Open the distserver.properties file in a text editor.
Note: To activate properties in this file, you must remove the number sign (#) if it precedes
the property.
3.
4.
5.
40
Edit the following values, as necessary:

Parameter
Description
Server.Port
Enter the port number that you obtained from

your network administrator. This parameters
specifies the port that Deployment clients use
to contact the Deployment server. The default
value is 7891.
PackagesFile.Location
Enter the path to the folder where deployment

packages are stored on the server until the
deploy step runs. The default value is /tmp.
PackageManager.WaitInterval
Optional. Accept the default value of 20000 (20

seconds), or enter a value in the range 1000
360000 (1 hour). This property specifies how
frequently the Deployment server checks to
see if there is work to do.
Do not change any other properties unless you are directed to do so by Technical Support.
Save the file.
Results
The changes take effect when the Deployment server is started. If the Deployment server was active
when the parameters where changed, the server would need to be restarted.
Next step
Optionally, you can configure the server for SSL. For information, see the topic Configuring
deployment encryption.

After configuring the Deployment server for encrypted deployment, you must provide information to
the person or persons who will configure the Deployment clients in the network.
Procedure
1.
Document the following information in a secure, retrievable location:

The host name or IP address and the port number of the Deployment server.
The port number that Deployment clients should use to communicate with the Deployment
server.
If the Deployment server is configured for SSL, list the following information as you specified it
in the topic Enabling secure connections on the Deployment server:
The name and path of the keystore file. This is the path and file name that you specified in
the SSL.keyStore parameter.
The keystore password. This is the password that you specified in the
SSL.keyStore.Password parameter.
The name and path of the trust certificate file. This is the path and file name that you
specified in the SSL.trustStore parameter.
2.
The trust store password. This is the password that you specified in the
SSL.trustStore.Password parameter.
Upon request, provide the information to anyone who configures Deployment clients in your
network.
Installing Deployment clients

Install the LM(e) Deployment client on a computer in your network where you want to receive software
changes. A Deployment client computer can be running Microsoft Windows, Linux, UNIX, or Mac
operating systems.
1.
2.
Defining Deployment target computers

Before you can deploy files, you must define deployment client computers in LM(e). To define a
Deployment client computer, you create a computer record for it in the External Setup window,
and enable the computer for deployment.
Installing Deployment clients on Windows
Install and configure the Deployment client on Microsoft Windows computers where you want to
receive and install software changes that are deployed from an LM(e) server.
41
3.
4.
Installing Deployment clients on IBM i

Install and configure the Deployment client on remote IBM i computers where you want to
automatically receive and install software changes from the LM(e) server.
Installing Deployment clients on Linux, UNIX, and Mac
You can install and configure Deployment clients on Linux, UNIX, and Mac OS X computers
individually using an installation program. If you need to install and configure Deployment clients
on many computers, you can use a parameter file to simplify the installation and configuration
process on Linux and UNIX (this is not supported on Mac computers). If you configured the
Deployment server for SSL, you must also configure all Deployment clients for SSL.
Defining Deployment target computers

Before you can deploy files, you must define deployment client computers in LM(e). To define a
Deployment client computer, you create a computer record for it in the External Setup window, and
enable the computer for deployment.
Have the credentials for an LM(e) user that is registered in Security Server.
Have a list of the names of the Deployment client computers that you plan to define.
Know what operating system runs on each Deployment client computer.
1.
2.
3.
4.
5.
6.
7.
8.
In the LM(e) client for Microsoft Windows, log into the LM(e) server.
On the Setup menu of the Parts window, click External Setup.
In the left pane of the External Setup window, click Computers.
On the toolbar, click New Computer.
On the New Computer Definition display, type the computer name and a brief description.
Click Select and choose an operating system name and version, and then click OK.
Select Deployment Allowed, and then click OK.
Repeat steps 4-7 for each Deployment client that you plan to configure.
Parent topic: Installing Deployment clients
Installing Deployment clients on Windows

Install and configure the Deployment client on Microsoft Windows computers where you want to
receive and install software changes that are deployed from an LM(e) server.
The instructions for installing the Deployment client are the same as for installing the LM(e) client. All
of the same programs are installed, but the development client is typically not used on a deployment
target computer.
1.
2.
3.
42
Installing the LM(e) Deployment client on Microsoft Windows

To install the LM(e) Deployment client on a Microsoft Windows computer, you run the same
installation program that is used to install the LM(e) client for Microsoft Windows.
Configuring the Deployment client on Microsoft Windows
After installing the Deployment client , you run the Deployment client setup program to identify
the package storage location and set connection parameters.
Starting and stopping the Deployment client on Microsoft Windows
4.
5.
6.
To receive deployment packages, the Deployment client must be running. The program can run in
a program window, or as a Windows service.
Running the Deployment client program as a Windows service
To avoid manually restarting the Deployment client each time this computer is shut down
or rebooted, set up the Deployment client program to run as a Windows service that starts
automatically.
Increasing memory for the deployment service
If the Deployment client program runs as a Windows service, increase the available memory to
allow the program to successfully process large files.
Fixing Deployment client Java errors on Windows
If you update the version of Java on the Windows computer, you must point the Aldon
Deployment Plus client shortcut to the new javaw.exe file.

To install the LM(e) Deployment client on a Microsoft Windows computer, you run the same
installation program that is used to install the LM(e) client for Microsoft Windows.
Prerequisites
Have the credentials for a user that has Administrator privileges on the computer where you are
installing the Deployment client.
Obtain deployment configuration information from the person who configured the Deployment
server.
Know the network location where the LM(e) client installation files are stored.
In addition to the Deployment client, the installation program installs the LM(e) graphical client for
Microsoft Windows. The graphical client usually remains unused on deployment targets.
Procedure
1.
2.
3.
4.
5.
Log in to the client computer.

Navigate to the network share location where the installation files are stored.
Copy the installation files to a local folder on the client computer.
Open the folder on the client computer and double-click the setup.exe file to run it.
Follow the prompts to install the client programs.
Next step
If you configured the Deployment client as external, you must register it. For information, see the topic
Registering external Deployment clients, on page 66.
Next topic: Configuring the Deployment client on Microsoft Windows
Parent topic: Installing Deployment clients on Windows

After installing the Deployment client , you run the Deployment client setup program to identify the
package storage location and set connection parameters.
43
Prerequisites
Know whether the Deployment server is configured to use SSL for secure deployment.
Obtain deployment configuration information from the person who configured the Deployment
server. You need:
The host name or IP address and port number for the Deployment server.
If the Deployment server is configured to use SSL for secure deployment, then you also need
the path, file name, and password value for the SSL keystore file on the Deployment server
computer.
Know the host name or IP address of this Deployment client computer.
Know whether local port 2001 is in use by another application on this computer. The Deployment
client expects to use this port to connect with the Deployment server. If you do not know how to
determine whether the port is free, consult the system administrator. If the port is in use, ask the
system administrator to help you identify an available port for this purpose, and make a note of the
alternate port number.
About this task

The package storage location determines where incoming deployment packages from the LM(e) server
are stored pending installation. The default location is C:\program_location\Aldon\Aldon
LM x.x\Deployment\Deployment Packages, where program_location is the folder where
programs are installed on this Microsoft Windows computer, and x.x is the LM(e) version number.
Connection settings allow the client to communicate successfully with the Deployment server.
Procedure
1.
2.
3.
Click Start program_location Aldon LM x.x Aldon DM Setup, where program_location is

the name of the folder where programs are installed on this version of Windows and x.x is the
LM(e) version number.
On the Select Properties File display, accept the default path to the properties file,
which is C:\program_location\Aldon\Aldon LM x.x\Deployment
\LMDeployClient.properties, where program_location is the name of the folder where
programs are installed on this version of Windows, and x.x is the LM(e) version number. Then,
click OK.
Under LM Server on the Deployment Client Setup display, ensure that the Use Fixed Addr.
button is selected, and then enter the IP address or short host name and the port number for the
Deployment server computer.
Note: The values that you enter must match the values that are configured on the
Deployment server.
4.
44
Under Deployment Client area, complete the following fields:

Field
Description
Client ID
Type the name of this computer, as it is known

on the network, or type the IP address. If this
computer uses a static IP address, you can
leave the field blank.
Client Port Number
Accept the default port number 2001, or type

another port number for the Deployment
client to use for communicating with the
Deployment server.
Field
Description
Client Alias
Type the name of the computer, as it is

defined to LM(e). The default value is the
name of the computer. Note that this value is
not necessarily the network name.
Retry Interval
Accept the default value of 5000 milliseconds,

or type the number of milliseconds that the
client waits between attempts to contact the
Deployment server. This field applies only
when standard port communication is being
used.
Client Description
Accept the default value Deployment Client, or

type a description of the computer.
Location of Deployment Packages
Accept the default location of C:

\program_location\Aldon\Aldon
LM x.x\Deployment\Deployment
Packages, or type the path to an alternate
location in which to store deployment
packages. This folder holds compressed files
while the deployment is underway.
45
Field
Description
End-of-line format
Indicate how line-end characters should be

set in files that are deployed to this computer.
The choice you make depends on how certain
it is that the line end character that is used
in the files in the repository is correct for the
operating system on this computer. Choices
are:
No buttons marked
No change. This is the default. Choose
this option when you are sure that the
files in the repository use a line end
character that is appropriate for this
deployment client computer.
LF (Unix)
Line feed. Appropriate for Deployment
clients that are UNIX computers.
Deployed files are modified during
installation to use an LF character to
mark the line end.
CR (Mac)
Carriage return. Appropriate for
Deployment clients that are Mac
computers. Deployed files are modified
during installation to use a CR character
to mark the line end.
CRLF (Windows)
Carriage return and line feed. Appropriate
for Deployment clients that are Windows
during installation to use CRLF characters
5.
Click OK to save your choices.
Next topic: Starting and stopping the Deployment client on Microsoft Windows
Previous topic: Installing the LM(e) Deployment client on Microsoft Windows
Starting and stopping the Deployment client on Microsoft Windows

To receive deployment packages, the Deployment client must be running. The program can run in a
program window, or as a Windows service.
Prerequisites
Have the credentials for a user profile that has Administrator privileges on this computer.
About this task

If the Deployment client is running in a program window, when the program starts, the Deployment
client window opens. This window displays messages that are issued by the Deployment client. The
46
window remains open until you end the program, or until the computer is shut down. When the
computer restarts, you must manually start the Deployment client program.
It is helpful to start the client program it to verify a successful connection before you configure it to run
as a service.
If the Deployment client is running as a Windows service, no program window opens and no messages
are displayed. The program runs until the computer is shut down. When the computer is restarted, the
program starts automatically if you configured it to do so. When configured this way, the program can
run unattended and is always ready to receive deployments.
Because you do not have control over when deployment events occur, keep the Deployment client
running until you are sure that all deployment actions have finished. There is no way to easily
determine whether all deployments in your system have finished, but you can monitor deployments
using the Deployment Sets window in the LM(e) client for Microsoft Windows. On the LM bar, select the
Deployment category, and then click Deployment Sets.
If Deployments occur when the Deployment client is stopped, they will proceed when the program is
started, as long as they have not been canceled on the server.
Procedure
1.
2.
If you run the Deployment client in a program window, follow these steps to start or stop the
program:
To start the program, click Start program_location Aldon LM x.x Aldon Deployment
Plus.
To stop the program, click Close in the title bar of the Deployment client program window.
If you run the Deployment client as a Windows service, click Start Control Panel
Administrative Tools Services. Locate the service called Aldon LM(e) Plus Deployment
Wrapper and check its status. Then do one of the following choices:
To stop the service, right click it and choose Stop.
To start the service, right click it and choose Start.
Do not use the Windows Task Manager to stop the Deployment client. If you do, incomplete
deployment events might remain in an indeterminate state.
Next topic: Running the Deployment client program as a Windows service
Previous topic: Configuring the Deployment client on Microsoft Windows

To avoid manually restarting the Deployment client each time this computer is shut down or
rebooted, set up the Deployment client program to run as a Windows service that starts automatically.
Prerequisites
This task assumes the following:
You have installed and configured the Deployment client program.
You have started the Deployment client program to test for a successful connection.
Procedure
1.
Using Microsoft Windows Explorer, navigate to the folder where the Deployment client
program is installed. By default, the folder is C:\program_location\Aldon\Aldon LM
47
2.
3.
4.
5.
6.
x.x\Deployment, where program_location is the folder where installed programs are stored
for this version of Microsoft Windows, and x.x is the LM(e) version number.
Within that folder, open the \wrapper_win32_2.2.7\bin folder.
Right-click the file named InstallAffDMPlusWrapper-NT.bat, and then click Run as
Administrator.
If you later decide to remove deployment as a Windows service, perform the steps above, but run
the UninstallAffDMPlusWrapper-NT.bat file.
To configure the deployment service to start automatically when Windows starts, perform the
following steps:
a. Click Start Control Panel Administrative Tools.
b. Double-click Services, and then locate and double-click Aldon LM(e) Plus Deployment
Wrapper.
c. Ensure that the Startup type field is set to Automatic, and then click Start and OK.
As long as the Startup type field is set to Automatic, the deployment service starts automatically
whenever Windows starts. If you later decide to stop the service from starting automatically,
perform the above steps and set the Startup type field to Manual or Disabled.
To verify that the service is running, do any or all of the following:
a. Open the Windows Task Manager, and on the Processes tab, look for the file Wrapper.exe
to confirm that the service is running.
b. Open the C:\Program Files (x86)\Aldon\Aldon LM x.x\Deployment
\wrapper_win32_x.x.x\logs\wrapper.log file for editing, where x.x is the LM(e)
product version and x.x.x is the version number of the deployment wrapper program. Inspect
the most recent connection entries in the log. The log entries for a successful connection
look like this:
INFO
INFO
INFO
INFO
|
|
|
|
jvm
jvm
jvm
jvm
1
1
1
1
|
|
|
|
2016/06/30
2016/06/30
2016/06/30
2016/06/30
15:17:25
15:17:25
15:17:25
15:17:25
| Initializing...
| Wrapper (Version 2.2.7)
|
| start()
Inspect the latest entries in the C:\Program Files (x86)\Aldon\Aldon LM x.x

\Deployment\wrapper_win32_x.x.x\logs\wrapper.log file for the following
messages:
INFO
| jvm 1
| 2016/06/29 11:54:31 | WARNING - Unable to load
native library 'wrapper' for class WrapperManager.
INFO
| jvm 1
| 2016/06/29 11:54:31 |
System signals will not be
handled correctly.
If these messages appear in the log, then wrapper program is trying to use the path for the 64bit version of Java on the computer instead of the 32-bit version that was installed with the
Deployment client. To correct the path, edit the C:\Program Files (x86)\Aldon\Aldon
LM x.x\Deployment\wrapper_win32_x.x.x\conf\DMPlusWrapper.conf file
and change the value for the wrapper.java.command property to C:\Program Files
(x86)\Java\jre1.x.x_xx\bin\javaw.exe, where x.x is the LM(e) product version
number, x.x.x is the Deployment wrapper program version number, and x.x_xx is the 32-bit Java
version and update numbers.
Next topic: Increasing memory for the deployment service
Previous topic: Starting and stopping the Deployment client on Microsoft Windows
Increasing memory for the deployment service

If the Deployment client program runs as a Windows service, increase the available memory to allow
the program to successfully process large files.
48
1.
2.
3.
4.
5.
Using Microsoft Windows Explorer, navigate to the LM(e) installation folder. The default folder
is C:\program_location\Aldon\Aldon LM x.x, where program_location is the folder
where programs are installed on this version of Microsoft Windows, and x.x is the LM(e) version
number.
Navigate to the deployment configuration properties file \Deployment
\wrapper_win32_2.2.7\conf\DMPlusWrapper.conf, and then use a text editor to
open it.
Locate the following lines in the file:
# Maximum Java Heap Size (in MB)
wrapper.java.maxmemory=64
Change the value to 256.

Save and close the file.
Next topic: Fixing Deployment client Java errors on Windows

Previous topic: Running the Deployment client program as a Windows service

If you update the version of Java on the Windows computer, you must point the Aldon Deployment
Plus client shortcut to the new javaw.exe file.
About this task

When you install the Deployment client on Windows, the installation program installs Java version
7. After the installation, Java prompts you to install a new version. If you install a new version, it can
cause errors when you open the Deployment client, for example:
Error: Registry key 'Software\JavaSoft\Java Runtime Environment
\CurrentVersion' has value '1.8', but '1.7' is required.
Error: could not find java.dll
Error: Could not find Java SE Runtime Environment.
The Deployment client shortcut icon on the desktop is pointing to the wrong javaw.exe file. Take
the following steps to resolve the issue.
1.
2.
3.
On the Windows desktop, right-click the Aldon Deployment Plus shortcut and click Properties.
Click the Shortcut tab.
In the Target field, delete the path to the javaw.exe file, and add the path to the new version of
the javaw.exe file. For example, if you installed version 1.8, add the following path:
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
Previous topic: Increasing memory for the deployment service

Installing Deployment clients on IBM i

Install and configure the Deployment client on remote IBM i computers where you want to
automatically receive and install software changes from the LM(e) server.
REVIEWERS: If we do not expect people to configure IBM i Deployment clients as external, does that
mean we do not support it and therefore we do not document it?
49
When you install and configure the Deployment client on a computer, it remains inactive until you
start it. Once the Deployment client is started, it periodically looks to see if there is work to do. If there
is, the client processes waiting deployment packages and then waits for more work. The client runs
until the Deployment subsystem where it runs is stopped or until the computer is powered down.
Perform one or more of these tasks.
1.
2.
3.
Installing the Deployment client on IBM i

To install the LM(e) Deployment client on IBM i computers, you download the DISTCLNT save file
from the Rocket Customer Portal, copy it from your local computer to each IBM i deployment
target, restore the contents, and install the programs.
Configuring the Deployment client on IBM i
To configure the Deployment client on IBM i computers, you edit the Deployment client job
description, configure property settings, and if applicable, set SSL connection settings.
Starting and stopping the Deployment client on IBM i
To begin receiving and installing deployed changes on an IBM i deployment target, start the
Deployment subsystem.
Installing the Deployment client on IBM i

To install the LM(e) Deployment client on IBM i computers, you download the DISTCLNT save file from
the Rocket Customer Portal, copy it from your local computer to each IBM i deployment target, restore
the contents, and install the programs.
Prerequisites
These instructions assume the following:
You have the credentials for the QSECOFR user profile, or for another user profile with equivalent
authorities, on the Deployment client computer.
You downloaded the DISTCLNT.zip file required for this upgrade from the Rocket Customer
Portal to a computer on the same network as the application computers, and that you have access
to that file.
About this task

Before you install the Deployment client on an IBM i computer, you create a user profile. The user
profile becomes the owner of deployed files that are received and installed on this computer during
deployment processing. In addition, the installation process creates the/Aldon/Affiniti/
Affiniti distribution directory in the Integrated File System (IFS). This directory contains
property files and the folder that is used as the default holding area for incoming deployment
packages.
Procedure
1.
Log in to the IBM i Deployment client computer and perform the following steps.
a. Enter the following command to create a user profile named ALDONAFF for LM(e) use on the
Deployment client:
CRTUSRPRF USRPRF(ALDONAFF) PASSWORD(x) USRCLS(*PGMR)
SPCAUT(*SAVSYS *JOBCTL)
where x is a password that conforms with the established password rules.

b.
Enter the following command to create the library in which to restore the client programs:
CRTLIB AFFTLIBR
50
2.
On the IBM i Deployment client computer, enter the following command to create a save file
named DISTCLNT in QGPL or another library of choice:
CRTSAVF FILE(library/DISTCLNT)
Where library is the name of the library in which you want to create the save file.
Take the following steps on the computer where the Rocket Customer Portal downloaded files
are stored:
a. Log in with standard user credentials.
b. Temporarily disable anti-virus and firewall protection.
c. Locate and extract the DISTCLNT.zip file.
d. Follow instructions in the FTPtoIBMi file that is included in the zip file to use File Transfer
Protocol (FTP) to copy the DISTCLNT.savf file to the DISTCLNT save file that you created
in Step 2.
e. Enable anti-virus and firewall protection.
On the IBM i Deployment client computer, enter the following command to restore the save file
contents into the AFFTLIBR library that you created.
3.
4.
RSTLIB SAVLIB(AFFTLIBR) DEV(*SAVF) SAVF(QGPL/DISTCLNT) MBROPT(*ALL)
5.
On the IBM i Deployment client computer, enter the following command to add the restored
library to the library list:
6.
Run the following command to install the Deployment client programs.
ADDLIBLE LIB(AFFTLIBR)
AFFTINSDST RSTLIB(AFFTLIBR)
7.
Run the following command to delete the save file.

DLTF FILE(QGPL/DISTCLNT)
Parent topic: Installing Deployment clients on IBM i

To configure the Deployment client on IBM i computers, you edit the Deployment client job
description, configure property settings, and if applicable, set SSL connection settings.
Prerequisites
You have access to credentials for the QSECOFR user profile, or to a user profile with equivalent
authorities.
You have the name of a user profile that can serve as the owner of all files that are installed on
this computer during a deployment. The recommended user profile is the ALDONAFF profile that
you created during the installation task. You can specify any user profile, as long as it meets these
criteria:
The profile is enabled and has an unexpired password.
The profile has the *SAVSYS and *JOBCTL special authorities.
The CCSID value for the profile is not 65535.
Obtain deployment configuration information for the Deployment server from the person who
configured it. You need:
The host name or IP address and the port number.
The network location of the Deployment client that you are installing. An internal Deployment
client is in the same network as the Deployment server. An external Deployment client is in a
different network. The default network location is internal.
51
SSL information for secure deployment, if the Deployment server is configured for it. You need:
The path and file name for the SSL keystore file on the Deployment server.
The password that secures the SSL keystore file.
About this task

Perform this task on every IBM i computer where you want to receive deployments.
Procedure
1.
2.
Log in to the IBM i computer where you installed the Deployment client.
To configure a user profile that assumes ownership of deployed files that get installed on this
computer, set a user profile name in the AFFDSCLNT job description. Follow these steps:
a. Enter the following command and press F4 (Prompt):
CHGJOBD AFFTLIBR/AFFDSCLNT
b.
Press F10 (Additional parameters), and then locate the User field.
By default, the user profile value is *RQD, which means Required.
Change the value *RQD in the User field to the user profile name that you chose when you
reviewed the prerequisites, and press Enter.
To review and set the Deployment client properties, enter the following command, and press F4
(Prompt):
c.
3.
4.
5.
AFFTLIBR/AFFDCLSTP
On Setup Deployment Client (AFFDCLSTP) display, accept the default values in the Property file
to change and Level of Deployment fields and press Enter once to display additional fields.
You can change the default property file path and file name if desired. If you do, the file that
you specify must exist, and you must also change the Request data or command field of the
AFFDSCLNT job description to refer to the path and file name of the alternate property file.
Type the host name or IP address of the computer that hosts the Deployment Server in the
Server Name field and press Enter once to retrieve and display the default values from the
LMDeployClient.properties file. Then complete the following fields:
Field
Description
Server Port
Type the port number for the Deployment

server.
The Deployment server listens at this port for
incoming traffic from Deployment clients. The
port number can be any available port number
between 1024 and 65535. It is defined in the /
opt/aldon/aldonlm/current/etc/
distserver.properties file on the
Deployment server.
52
Field
Description
Client System Name
Accept the default value of *SYSTEM, or type

another value that is appropriate for this
computer. *SYSTEM retrieves the name of this
computer from system values and uses that
value at connection time. Other choices are:
name or IP address
The host name or IP address of the client
computer.
*DYNAMIC
Retrieves the current IP address for this
computer and sends that value to the
Deployment server at connection time.
*SAME
This value is used by the Deployment
client during processing and is not
applicable for configuring.
Port for Distribution Client
Type the port number that the client computer

uses to receive messages from the Deployment
server. The default value is 2001. The port
number can be any available port on this
computer, between 1024 and 65535.
Hold Folder
Defines the location in the IFS where

deployment packages that contain the files
to be installed on this client computer are
held before installation. Accept the default
value of *DEFAULT, or enter an alternate
directory path. The default path for IBM
i computers is /Aldon/Affiniti/
affiniti distribution/Packages.
Description
Type a description of the client computer.
53
Field
Description
Line End Control
Indicate how line-end characters should be set

in files that are deployed to and installed on
this computer. The choice you make depends
on how certain it is that the line end character
that is used in the files in the repository is
correct for the operating system on this
computer. Choices are:
*NOCHANGE
Do not adjust the line end character
during installation. This is the default.
Choose this option when you are sure
that the files in the repository use a line
end character that is appropriate for this
deployment client computer.
*LF
Line feed. Appropriate for Deployment
clients that are UNIX or IBM i computers.
Deployed files are modified during
installation to use an LF character to
mark the line end.
*CR
Carriage return. Appropriate for
Deployment clients that are Mac
during installation to use a CR character
to mark the line end..
*CRLF
Carriage return and line feed. Appropriate
for Deployment clients that are Windows
during installation to use CRLF characters
*SAME
This value is used by the program and
does not apply to the configuration task.
6.
7.
54
How often in sec to check term
Defines in seconds how frequently the

Deployment client checks to see if the host
computer is being shut down. Accept the
default value of 10 seconds, or type a different
frequency.
Multiple backouts allowed
Defines whether the Deployment client retains

more than one backup zip file at a time. The
default value is *NO, which means that only the
last installed or restored set can be backed out.
When set to *YES, the client retains a backup
zip file for all deployments processed, which
means that any installed set can be backed
out, and any backed out set can be restored.
Press Enter to run the command and save the configuration settings you typed.
Optional: Review this table of Deployment client properties that are not displayed on the Setup
Distribution Client command display and that do not appear in the /Aldon/Affiniti/
affiniti distribution/LMDeployClient.properties file. These properties apply

to the multi-threaded deployment capability and are rarely changed, but they can be overridden
if tuning is needed. To override a default value for one or more of these properties, open the
property file for editing and add the property and a corresponding value (if applicable) to the end
of the file. Consult with Technical Support for additional advice.
8.
Property
Description
Pull
Disabled by default. When the property is

enabled, the Deployment client contacts the
Deployment server. When the property is
commented out or absent, the Deployment
Server initiates contact with the Deployment
client.
Client.Pull.IdleTime=
10 minutes by default. This property applies

only when the Pull property is enabled. Defines
the number of minutes that the client waits
with no transfers before it shuts down.
If you make any manual overrides in the property file, save the file and exit.
If this Deployment client computer is in a different network than the Deployment server,
configure it as an external Deployment client. Do the following:
a. Open the /Aldon/Affiniti/affiniti distribution/
LMDeployClient.properties file for editing.
b. Add the following line to the end of the DMPlus details section of the file:
isExternal=true
c.
Save and exit the file.
Next step
Next, register external Deployment clients and configure deployment encryption, if applicable.
Otherwise, start the Deployment client and confirm that it remains running.

To begin receiving and installing deployed changes on an IBM i deployment target, start the
Deployment subsystem.
Prerequisites
Have the credentials for the QSECOFR user profile or for another profile with equivalent authority.
Know the name of the Deployment subsystem. On an IBM i computer, the subsystem name is
AFFINITIDS.
Know the name of the LM(e) library that contains the Deployment subsystem description. On an
IBM i computer, the subsystem description is in library AFFTLIBR.
REVIEWERS: This topic should have instructions for adding the deployment client to the system
startup program. What is the correct procedure for doing this?
To start or stop the Deployment client on an IBM i computer, you start or end the Deployment
subsystem.
55
If you change configuration settings in the /Aldon/Affiniti/affiniti distribution/

LMDeployClient.properties file while the Deployment client is running, you must stop and
restart the client to effect the changes.
The following Deployment client jobs run in the Deployment subsystem:
AFFDSCLNT, which is the Deployment client job
QJVACMDSRV and QZRCSRVS, which are tasks that support Java
1.
To start the Deployment client, type the following command and press Enter:
STRSBS library_name/subsystem_name
where library_name is the name of the library that contains the subsystem description, and
subsystem_name is the name of the Deployment subsystem, for example:
2.
3.
STRSBS AFFTLIBR/AFFINITIDS
To stop the Deployment client, type the following command and press Enter:
ENDSBS subsystem_name
To check the status of the deployment subsystem, type the following command and press Enter:
WRKACTJOB SBS(subsystem_name)
If the subsystem name does not appear in the list, it is not running and you must start it. If the
subsystem name appears in the list but no jobs appear under the name, you must stop the
subsystem, and then start it.
Installing Deployment clients on Linux, UNIX, and Mac

You can install and configure Deployment clients on Linux, UNIX, and Mac OS X computers individually
using an installation program. If you need to install and configure Deployment clients on many
computers, you can use a parameter file to simplify the installation and configuration process on
Linux and UNIX (this is not supported on Mac computers). If you configured the Deployment server for
SSL, you must also configure all Deployment clients for SSL.
The way that you start, stop, and display the status of the Deployment client is different on Mac OS
X computers than on Linux and UNIX computers. Also, on Mac OS X computers you can configure
the deployment client to repeatedly attempt to restart and connect with the LM(e) server until a
connection is successful. This is disabled by default, and is optional.
1.
2.
3.
4.
56
Installing Deployment clients on single Linux, UNIX, or Mac computers

To install the Deployment client on a single Linux, UNIX, or Mac OS X computer, download and
run the installation program.
Installing Deployment clients on multiple Linux or UNIX computers
To simplify installing the Deployment client on multiple Linux or UNIX computers, prepare a
parameter file and package it with the client installation program. Distribute the prepared
package to each computer and run the installation program. If you configured the Deployment
server for SSL encryption, then you must also configure the Deployment client installation
package for SSL. This installation method is not supported on Mac OS X computers.
Starting and stopping Deployment clients on Linux, UNIX, or Mac computers
The commands for starting and stopping the Deployment client on Linux and Unix are different
than the commands used on Mac computers.
Configuring Deployment client-server connections on Mac computers
You can configure the deployment client to repeatedly attempt to restart and connect with the
LM(e) server until a connection is successful. This is disabled by default, and is optional.

To install the Deployment client on a single Linux, UNIX, or Mac OS X computer, download and run the
installation program.
Prerequisites
Have the following:
REVIEWERS: Java-related prereqs revised, please confirm them.

Know whether the required version of Java is installed, as explained in the Deployment clients
section of the System requirements, on page 8 topic. On Linux computers, the installation program
installs the required version of Java if it is not present.
Determine whether the path to the binary file for the required Java version is not in the root user's
PATH variable. If the root PATH variable contains the path for an earlier version of Java, have
the path for the Java version that the Deployment client must use available for specifying during
installation.
REVIWERS: Is the default path for the JDK 1.7.0 binary the same on all Linux, UNIX, and Mac OS
systems, such that I can state it here? Or should we have them consult the system administrator if
they do not know the default path on the system where they are installting?
Root access to the Deployment client computer.
Access to the downloaded client installation file.
The Deployment client computer name.
The Deployment client computer port number, if it is not the default port number of 2001.
The temporary path to which the Deployment server will copy deployed packages before the
packages are installed. The default path is /opt/aldon/aldonlmd/current/deploypkgs.
The fully-qualified host name of the Deployment server, for example,
yourserver.yourcompany.com.
The Deployment server port number, if it is not the default port number of 7891.
The end of line formatting choice. For Deployment clients on Linux and UNIX computers it should
be the default, LF. For Mac OS X computers the end of line formatting should be set to CR.
Procedure
1.
2.
3.
Define the Deployment client computer in LM(e).

Log into the Deployment client computer as the root user, or as a user that has sudo access to
root.
On IBM AIX and Solaris computers, check the TERM environment variable, and set it if necessary.
On the command line, type:
env | grep TERM
If the information returned indicates that the TERM environment variable is set to xterm, do
nothing. If the value returned is not xterm, run the following command to set the variable:
export TERM=xterm
57
4.
5.
6.
Copy the installation file from the network share location where downloaded installation files are
stored to the /tmp directory on the Deployment client computer.
cd /tmp
To extract the downloaded .tgz installation file, enter the following command:
gunzip -c filename.tgz | tar -xvf -
Where filename is the name of the installation file.

7.
8.
The command creates a /tmp/aldcs directory containing several files.
To navigate to the /tmp/aldcs directory, enter the following command:

cd aldcs
To start the installation program, enter one of the following commands:

If the computer has Internet access and the required version of Java is in the root user's PATH
variable:
./install --lmd
If the computer does not have Internet access and the required version of Java is not in the root
user's PATH variable:
./install --lmd --dcjava /[java_path]/java
where java_path is the path to the Java executable file.

9. Respond to each prompt to specify the Deployment client installation properties. After the client
is installed, it starts automatically.
10. To confirm a successful start, review the contents of the deploylog file in /var/log/aldon/
aldonlmd directory.
The messages for a successful startup look like this:
Connecting to server aldev1 on port 5174
Connected
Jul 08 16:04:08 Started LM(e) Deployment Plus Client at PID 5154 by root
Deployment Plus Client started by root
LM(e) Deployment Plus Client is running.
Process ID = 5154
If an Error registering: Unknown user system_name message is displayed in

the log where system_name is the host name of the Deployment client computer, then the
Deployment client computer is not defined in the list of computers on the External Setup
window in the LM(e) client. Define the computer in LM(e), then follow the instructions in Starting
and stopping Deployment clients on Linux, UNIX, or Mac computers, on page 63 to start the
Deployment client again and review the logged result.
11. Optional: To review or change Deployment client settings open the /opt/aldon/aldonlmd/
current/etc/LMDeployClient.properties file.
12. Repeat steps 28 on each Deployment client computer. Be sure to use the appropriate
installation file for the client operating system.
13. Optional: Review this table of rarely-changed Deployment client properties that apply to the
multi-threaded and back out deployment feature. To specify one or more of these properties,
open the /opt/aldon/aldonlmd/current/etc/LMDeployClient.properties file in
an editor and remove the number sign (#) preceding them, and then supply a value. Consult with
Technical Support for additional advice.
58
Property
Description
Pull
Disabled by default. When the property is

enabled, the Deployment client contacts the
Deployment server. When the property is
commented out or absent, the Deployment
Server initiates contact with the Deployment
client.
Client.Pull.IdleTime=
10 minutes by default. This property applies

only when the Pull property is enabled. Defines
the number of minutes that the client waits
with no transfers before it shuts down.
Next step
Take one or more of the following next steps:
If you configured this Deployment client as external, you must register it. For information, see the
topic Registering external Deployment clients, on page 66.
If you configured the Deployment server for SSL, configure the client for SSL as well. For
information, see the topic Configuring secure connections to Deployment clients on Linux, UNIX,
and Mac OS X.
If you will not configure the client for SSL, see the topic about starting and stopping the client that
is appropriate to your operating system, either Starting and stopping the Deployment client on
Linux or UNIX computers or Starting and stopping the client on Max OS X computers.
If you will install the client on multiple Linux or UNIX computers and want to simplify the process
using a parameter file, see the topic Installing the Deployment client on multiple Linux or UNIX
computers. (This is not currently supported on Mac OS X computers.)
Parent topic: Installing Deployment clients on Linux, UNIX, and Mac

To simplify installing the Deployment client on multiple Linux or UNIX computers, prepare a
parameter file and package it with the client installation program. Distribute the prepared package
to each computer and run the installation program. If you configured the Deployment server for SSL
encryption, then you must also configure the Deployment client installation package for SSL. This
installation method is not supported on Mac OS X computers.
These steps assume you have installed and tested the Deployment client on a single computer.
1.
2.
3.
4.
Preparing a parameter file for multiple Deployment client installations

Specify all of the Deployment client computers and their configuration settings in a parameter
file. A template version of the file resides in the /tmp/aldcs directory.
Creating a package for multiple Deployment client installations
Create a package containing the parameter file and Deployment client installation file. If you are
configuring the Deployment clients for SSL, include the SSL keystore file.
Sending the Deployment client package to multiple client computers
After you create the Deployment client installation package, send it to Deployment client
computers.
Extracting and installing the Deployment client package
Extract the Deployment client package and then run the Deployment client installation program.
If you are configuring for SSL, you must also copy the SSL keystore file to the correct location.
59
Preparing a parameter file for multiple Deployment client installations

Specify all of the Deployment client computers and their configuration settings in a parameter file. A
template version of the file resides in the /tmp/aldcs directory.
Prerequisites
To complete this task, you need the following information:
REVIEWERS: Java-related prereqs revised, please confirm them.

Know whether the required version of Java is installed, as explained in the Deployment clients
section of the System requirements, on page 8 topic. On Linux computers, the installation program
installs the required version of Java if it is not present.
Determine whether the path to the binary file for the required Java version is not in the root user's
PATH variable. If the root PATH variable contains the path for an earlier version of Java, have
the path for the Java version that the Deployment client must use available for specifying during
installation.
REVIWERS: Is the default path for the JDK 1.7.0 binary the same on all Linux, UNIX, and Mac OS
systems, such that I can state it here? Or should we have them consult the system administrator if
they do not know the default path on the system where they are installting?
The short host name of each Deployment client computer.
The port number that the Deployment client computers will use to receive communications from
the Deployment server. The default port number is 2001.
The path location of the directory on Deployment client computers where incoming deployment
packages will be stored for processing. The default path is /opt/aldon/aldonlmd/current/
deploypkgs.
The host name of the computer that hosts the Deployment server.
The port number that the Deployment server will use for communicating with Deployment clients.
The default port number is 7891.
The line end character. The choice you make depends on how certain it is that the line end
character that is used in the files in the repository is correct for the operating system on this
computer. The default value is LF.
About this task

A sample configuration file named DCPARMS.TXT is provided during the Deployment client
installation. You can use this to create your configuration file, but the file can have any name.
Procedure
1.
2.
3.
Log into the Deployment client computer as root.

cd /tmp/aldcs
To list the contents of the /tmp/aldcs directory, enter the following command:
ls -l
60
4.
5.
6.
To use the sample DCPARMS.TXT file, open the file in an editor, for example enter the following
command to open it in the nano editor:
nano DCPARMS.TXT
Using the sample lines as a guide, supply one line of configuration information for each computer
where you plan to install and configure the Deployment client software. Replace or comment
out the original sample lines by adding a number sign (#) in front of them. For the ClientHost
parameter, use the client computers short host name.
Next step
If you configured the Deployment server for SSL, you must configure the Deployment client
installation package for SSL.
Next topic: Creating a package for multiple Deployment client installations
Parent topic: Installing Deployment clients on multiple Linux or UNIX computers

Create a package containing the parameter file and Deployment client installation file. If you are
configuring the Deployment clients for SSL, include the SSL keystore file.
1.
2.
To change to the /tmp directory, enter the following command:

cd /tmp
To compress the contents of the /tmp/aldcs directory into a tarball for delivery to the other
deployment target computers, enter the following commands:
tar -cvf DEPLOY.tar aldcs/*
Then:
gzip
DEPLOY.tar
The output is a DEPLOY.tar.gz file that contains everything you need to install and configure
the Deployment client on multiple Linux computers in your network.
Remain signed on as root for the next activity.
Next topic: Sending the Deployment client package to multiple client computers
Previous topic: Preparing a parameter file for multiple Deployment client installations
Sending the Deployment client package to multiple client computers

After you create the Deployment client installation package, send it to Deployment client computers.
You must have root access to the Deployment client computer.
You can copy the prepared installation tarball to other Linux computers one at a time, or you can
create and use a shell script to perform an efficient mass copy operation.
Note: Perform the remaining activities once on a single client computer and then test for success,
before setting up your remaining clients.
Follow these steps to copy to one computer at a time:
1.
61
2.
Copy the re-packaged installation file to the /tmp directory on the intended client computer
using the scp command. For example, positioned to the /tmp directory:
scp DEPLOY.tar.gz tgtclient1:/tmp/
3.
4.
where tgtclient1 is the host name of the intended Linux computer.

When prompted, supply the password for the root user on the target computer.
Optional: After you have successfully tested your pre-configured installation on one computer,
you can ask your system administrator to write a shell script that uses the command in Step 2 to
copy the configured installation tarball to the rest of your computers efficiently.
Note: The public secure shell (SSH) key for the sending computer must be exchanged with all
other computers to which you want to send your installation tar ball, in order to bypass the
prompt for the root users password on each target computer when copying.
Next topic: Extracting and installing the Deployment client package

Previous topic: Creating a package for multiple Deployment client installations
Extracting and installing the Deployment client package

Extract the Deployment client package and then run the Deployment client installation program. If
you are configuring for SSL, you must also copy the SSL keystore file to the correct location.
Prerequisites
You must have root access to the Deployment client computer.
Procedure
1.
2.

To change to the directory where the installation package file was copied, enter the following
command:
cd /directory
3.
where directory is the location of the file. The suggested location is the /tmp directory.
To unpack the installation files, enter the following commands:
gzip -d DEPLOY.tar.gz
Then:
tar -xvf DEPLOY.tar
4.
The system returns a list of the files that were unpacked.

To confirm the contents of the /tmp directory, enter the following command:
ls -l
The system returns:

drwxr-xr-x 2 root root 4096 Aug 2 13:21 aldcs
-rw-r--r-- 1 root root 6702047 Aug 2 13:41 DEPLOY.tgz
5.
6.
To navigate to the /aldcs directory, enter the following command:

cd aldcs
To start the installation, enter the following command and supply the name of the parameter file:
./install --lmd -f parameter_file
where parameter_file is the name of your parameter file. For example, if you used the sample
parameter file, enter the following command:
./install --lmd -f DCPARMS.TXT
62
Note: Remember that file names are case sensitive.
7.
The installer scans the parameter file, looking for a match between the first data field (which
is the Deployment Client host name or parameter dchost) and the value returned by issuing a
hostname -s command. (The command returns a short host name, not a fully qualified domain
name.) If no match is found, the installer issues an error message and exits. If a match is found,
the contents of the rest of the line are used to fill in the necessary data fields, and the installation
is performed. It takes only seconds, and a series of messages appear on the terminal screen,
including a confirmation that the installation is complete.
If you configured the package for SSL, create a new directory and copy the SSL keystore file to it:
a. Navigate to the /opt/aldon directory:
cd /opt/aldon
b.
Create a /certs directory:

mkdir certs
c.
Copy the SSL keystore file to the/certs directory:

cp /tmp/aldcs/keystore_file /opt/aldon/certs
8.
To test the installation, start the deployment client.
9.
Wait a few minutes and check the status of the client. If it is still running, the installation is a
success.
Next step
If any of the Deployment clients installed with the parameter file are configured as external, you must
register them on the DB2 server.
Previous topic: Sending the Deployment client package to multiple client computers

The commands for starting and stopping the Deployment client on Linux and Unix are different than
the commands used on Mac computers.
1.
2.
Starting and stopping Deployment clients on Linux or UNIX computers

Start, stop, restart, and check the status of the Deployment client.
Starting and stopping Deployment clients on Mac computers
If the deployment client does not automatically start when the operating system loads, you can
manually load and start it.
Starting and stopping Deployment clients on Linux or UNIX computers

Start, stop, restart, and check the status of the Deployment client.
When started, the Deployment client runs in the background and output is directed to the log file
named deploylog, which is stored in the following location: /var/log/aldon/aldonlmd.
The Deployment client runs under the user name of the user who starts it. This user must have write
permission to the holding location where the deployed files are delivered. The path is specified during
63
installation. A default path is offered, but it can be changed by the person who installs the software.
The default path is:
/opt/aldon/aldonlmd/current/deploypkgs
1.
2.
3.
To start the Deployment client, enter the following command:

/etc/init.d/aldondcp start
The message Started Aldon LM(e) Deployment Client at PID xxxxx is displayed, where xxxxx is
the process identifier number.
To stop the Deployment client, enter one of the following commands:
/etc/init.d/aldondcp stop
The message Stopped Aldon LM(e) Deployment Client at PID xxxxx is displayed, where xxxxx is
the process identifier number.
To restart the Deployment client (that is to stop the client and then start it again) enter the
following command:
/etc/init.d/aldondcp restart
4.
The messages Stopped Aldon LM(e) Deployment Client at PID xxxxx and Started Aldon LM(e)
Deployment Client at PID xxxxx are displayed, where xxxxx is the process identifier number.
To display the status of the client, enter the following command:
/etc/init.d/aldondcp status
The message Aldon LM(e) Deployment Client is running. Process ID = xxxxx is displayed, where
xxxxx is the process identifier number.
Parent topic: Starting and stopping Deployment clients on Linux, UNIX, or Mac computers
Starting and stopping Deployment clients on Mac computers

If the deployment client does not automatically start when the operating system loads, you can
manually load and start it.
By default, the deployment client is configured to start and connect to the LM(e) server when the
operating system loads. If the connection to the LM(e) server fails, for example if there is no network
connection, the client does not start. You must then connect to the network and load and start the
client manually.
Loading the deployment client adds it to the list of services which can be stopped and started. You
must load the client before you can start it. If necessary, you can also manually stop and unload the
client.
Procedure
1.
2.
3.
To load the deployment client, enter the following command:

launchctl load /Library/LaunchDaemons/com.rocket.LMeDMPlus.plist
To start the deployment client, enter the following command:

launchctl start com.rocket.LMeDMPlus
To check the status of the deployment client, enter the following command:
launchctl list | grep com.rocket.LMeDMPlus
The command should return something like this:

1563 143 com.rocket.LMeDMPlus
64
If nothing is returned, the com.rocket.LMeDMPlus.plist is not loaded.
If the name of the com.rocket.LMeDMPlus.plist file is returned, and the line starts
with a - (hyphen), then the com.rocket.LMeDMPlus.plist file is loaded but the client is
not running.
4.
5.
If the com.rocket.LMeDMPlus.plist file name is returned and the line starts with a
number, then the client is running (the number is the PID of the client process).
To stop the deployment client, enter the following command:
launchctl stop com.rocket.LMeDMPlus
To unload the com.rocket.LMeDMPlus.plist file, enter the following command:
launchctl unload /Library/LaunchDaemons/com.rocket.LMeDMPlus.plist
Parent topic: Starting and stopping Deployment clients on Linux, UNIX, or Mac computers

You can configure the deployment client to repeatedly attempt to restart and connect with the LM(e)
server until a connection is successful. This is disabled by default, and is optional.
You must have loaded the com.rocket.LMeDMPlus.plist file as instructed in the topic Starting
and stopping the Deployment client on Mac OS X computers.
About this task

By default, the deployment client starts when the operating system loads. When the client is started,
it attempts to connect to the LM(e) server. If it fails, it does not attempt to connect again until it is
started again manually.
You can enable the KeepAlive property of the deployment client so that if an attempted connection
fails, the client automatically restarts itself and attempts to connect again, and repeats the process
until it is successful. The KeepAlive property is disabled by default to avoid creating an excess number
of the deploylog files that are generated each time the client starts. For example, if the client computer
is disconnected from the network for a long period of time and the client continually restarts itself, a
very large number of deploylog files will be created.
Take the following steps to enable and configure KeepAlive:
Procedure
1.
To unload the deployment client, enter the following command:

launchctl unload /Library/LaunchDaemons/com.rocket.LMeDMPlus.plist
2.
Open the following file in an editor:
3.
To enable the following properties, uncomment them by removing the  characters:
/Library/LaunchDaemons/com.rocket.LMeDMPlus.plist
65
Property
Description
KeepAlive
Enable to automatically start the deployment

client and attempt to connect to the LM(e)
server every time the operating system loads.
If the connection fails, repeat the process
continuously until successful. A deploylog file
is created in the following directory each time
the client is started:
/var/log/aldon/aldonlmd
The current log is the deploylog file and old

log files are appended with a timestamp, for
example deploylog.15102772835. You
can safely delete old log files.
SuccessfulExit
Enable so that if you stop the deployment

client using the following command, KeepAlive
does not attempt to start the client again:
launchctl stop com.rocket.LMeDMPlus
ThrottleInterval
Enable to specify the amount of time between

KeepAlive attempts. Increasing the time can
prevent an excessive buildup of deploylog files.
After uncommenting ThrottleInterval, you can
set the interval in the <integer> property.
Note: After restarting the computer, the client
does not start until after the interval. For example, if you enable ThrottleInterval and set it
to 30 seconds, the deployment client does not
start until 30 seconds after the operating system loads or 30 seconds after the last attempt
to connect to the LM(e) server.
4.
5.
To load the deployment client, enter the following command:

launchctl load /Library/LaunchDaemons/com.rocket.LMeDMPlus.plist
To start the deployment client, enter the following command:

launchctl start com.rocket.LMeDMPlus

Deployment clients are external when they are installed on computers in a different network than the
Deployment server with which they interact. You must register external Deployment clients with the
DB2 server.
Prerequisites
These steps assume that one or both of the following are true:
66
You have configured one or more new Deployment clients as external during installation, and they
need to be registered.
You have one or more existing Deployment clients that you want to configure and register as
external.
About this task

When you install Deployment clients, you can configure them as external. If you have an existing
Deployment client that you want to configure as external, you must re-configure it manually.
External Deployment clients must also be registered as external in the DB2 database. To register
external Deployment clients, you run a command to set the appropriate parameters.
These steps describe configuring an existing Deployment client as external, and registering the
command for setting DB2 parameters. For information about configuring a Deployment client as
external during installation, see the Deployment client installation topic for the operating system
where you are installing it.
Procedure
1.
2.
3.
4.
Log into the Deployment client computer.

If you did not specify the client as external when you installed it, perform one of the following
steps to configure the client as external:
On Microsoft Windows, open the LMDeployClient.properties file and set the isExternal
parameter to true. The default location of the file is C:\program_location\Aldon
\Aldon LM x.x\Deployment where program_location is the name of the folder where
programs are installed on this version of Windows, and x.x is the LM(e) version number.
On Linux, UNIX, or Mac, open the LMDeployClient.properties file and

set the isExternal parameter to true. The default location of the file is C:
\program_location\Aldon\Aldon LM x.x\Deployment where program_location
is the name of the folder where programs are installed on this version of Linux, and x.x is the
On IBM i, open the LMDeployClient.properties file and set the isExternal parameter to
true. The default location of the file is /Aldon/Affiniti/affiniti distribution/
LMDeployClient.properties.
On the Deployment client computer, open a command prompt (Windows) or a command line
shell (Linux, UNIX, Mac). On IBM i, place your cursor on the command line.
To set DB2 parameters, enter the following command for each external Deployment client that
you want to register:
ald deploy destinfo [-x "yes/no"][-y computer_name][-p port]
[-s dmserver_name:port][-t "1/0"][-e "description with spaces"][-u]
computer_name
Table 1: Command options
Option
Description
-x "yes/no"
Required. Specify whether the client is external

or not. Enter "yes" to specify the client as
external. Possible values are "yes" or "no".
Use double quotations around the value on
Windows and single quotations around the
value on Linux, UNIX, and Mac systems.
67
Option
Description
-y system_name
Required. Specify the computer name as it is

defined to LM(e). The LM(e) computer name is
defined in the External Setup window of the
LM(e) client. Do not use quotations.
-p port
Required. Specify the port number that the

Deployment client listens to. The default port
number is 2001. Do not use quotations.
-s dmserver_name:port
Required. For external clients, specify the

name of the Deployment server computer that
this client interacts with. Type a colon between
the server name and port number, for example
dms1.enterprise.com:5154. Do not use
quotations.
If this task is for registering EXTERNAL CLIENTS, of what value is the following sentence? Is
there another purpose for using this command
that needs to be documented, that we have
not covered?
If the client is internal, this value is populated automatically using the values of the Server1.name and Server1.port parameters from
the LMDeployClient.properties file.
-t 1/0
Optional. Specify that the Deployment server

should send deployment packages to the
Deployment client. Although technically
optional, you must specify a value of "1" for
deployments to occur. If the option is not
specified, or if it is set to "0", deployment
packages are not sent to the client. Use double
quotations on Windows and single quotations
on Linux, UNIX, and Mac systems.
-e description
Optional. Type a description of the

Deployment client. Use quotations if the
description includes spaces.
-u
Optional. Prints to the screen the saved DB2

registration parameters for the specified
Deployment client. This option is useful for
confirming that you have entered the correct
information when registering an external
Deployment client, or for looking up the
registration information that is stored for a
particular Deployment client.
computer_name
Required. Specify the computer name for the

Deployment client computer as it is defined in
LM(e).
The following example defines the client computer as external (-x "yes"), that deployments
should be sent to the client (-t "1"), that the name of the client computer is dmclient1, that port
number of the client is 2001, that the name and port number of the Deployment server computer
for this external client is dms1.enterprise.com:5154, that the name of the LM(e) computer
definition is dmclient1, and that the parameters should print after they are set:
ald deploy destinfo -u -x "yes" -t "1" -y dmclient1 p 2001
s dms1.enterprise.com:5154 dmclient1
68
After the command runs, the following information prints because the -u option is included:
DM
DM
DM
DM
DM
DM
Client
Client
Client
Server
Client
Client
Host Name or IP: dmclient1

Port Number: 2001
Description: Description of client computer.
Name and Port: dms1.enterprise.com:5154
is External: 1
Status: 1
The following example demonstrates how to look up the stored DB2registration information for a
Deployment client:
ald deploy destinfo -u dmclient2
69
Chapter 5: SSL encryption

Using OpenSSL, you can configure LM(e) to use the Secure Sockets Layer (SSL) protocol when creating
connections to Security Server or the LM(e) server.
You must have access to a security administrator who understands how your enterprise uses SSL, and
can create necessary certificates.
You must ensure that all client and server computers meet the OpenSSL version and other system
requirements.
The LM(e) server and web browsers create connections to Security Server. LM(e) development clients
create connections to the LM(e) server. You can configure LM(e) to use secure connections in either
case, or in both cases.
Each case uses a separate set of SSL certificates. If you decide to configure both cases, review the
configuration tasks and ask the network security administrator for all of the necessary SSL certificates
at the same time.
If you configure the LM(e) server to use a secure connection, then you must configure all of the LM(e)
development clients to use a secure connection.
The SSL configuration instructions in this documentation are examples of how SSL configuration
could be done. Since these instructions may not adhere to your corporate security policies, the
instructions should be adjusted and changed to fit your security policies and standards. We strongly
recommend that your companys security team review the implementation of SSL with the Rocket
products to ensure compatibility with your company security policies.
1.
2.
3.
4.
Configuring Security Server encryption

Ask your network security administrator to create an SSL server certificate file and a trust
certificate file, and ensure that they are on the Linux computer that hosts Security Server and
the LM(e) server. Then specify SSL parameters. The same trust certificate secures connections
between Security Server and browsers, and between Security Server and the LM(e) server.
Configuring LM(e) server encryption
Ask your network security administrator to create required SSL files and ensure that they are on
the Linux computer that hosts the LM(e) server. Then specify SSL parameters on the server, and
configure SSL on all LM(e) development clients.
Configuring Web Portal encryption
If the LM(e) server is configured for secure connections, then LM Web Portal must also be
configured to use them.
Configuring deployment encryption
To encrypt deployed parts, you must request an SSL keystore file from your security
administrator, configure the Deployment server for encryption, and configure the Deployment
clients for encryption.

Ask your network security administrator to create an SSL server certificate file and a trust certificate
file, and ensure that they are on the Linux computer that hosts Security Server and the LM(e) server.
Then specify SSL parameters. The same trust certificate secures connections between Security Server
and browsers, and between Security Server and the LM(e) server.
70
Prerequisites
You must have root access to the Linux computer that hosts the Security Server and LM(e) server.
You must be able to log in to Security Server.
Certificates can be self-signed, corporate signed, or signed by a third party. The method used in
your organization determines how long it takes to get a signed certificate. Your network security
administrator can advise you how long the process might take.
Procedure
1.
2.
On the Linux computer that hosts Security Server and LM(e) server, log in as root.
Navigate to the /opt/aldon/aldonss directory, and enter the following command to create a
/certs directory:
mkdir certs
This is the suggested location for storing SSL files for Security Server connections.
Note: The /certs directory is the recommended directory for SSL files, but you can use
any directory that is not below a /current directory. For example, use /opt/aldon/
aldonss, but not /opt/aldon/aldonss/current. Adding files to the /current
directory or its subdirectories renders them inaccessible to subsequent releases.
3.
Contact the network security administrator and ask that person to create or request an SSL
trust certificate for establishing secure sessions between Security Server and the LM(e) server or
browsers.
To use the trust certificate in an LM(e) environment on Linux, the trust certificate file must be
in PKCS#12 format. To convert the certificate to PKCS#12 format, the security administrator
must use the keytool -importkeystore command, and then use the openssl pkcs12
command. For information, they can reference OpenSSL documentation.
The network security administrator must return the following items that are generated when
creating the trust certificate:
Trust certificate file, for example trust.crt
The password that secures the trust certificate file
Server certificate file, for example server.jks
The password that secures the server certificate file

Note:
The trust certificate file can have any name or extension.
4.
5.
Ensure that all required files are in the directory you created in Step 2. You must also have the
passwords for both files.
Specify SSL parameters:
a. On the Linux computer that hosts LM(e) and Security Server navigate to the /opt/aldon/
aldonlm/current/bin directory.
b. Enter the ./afftsslset command with the following options. The command sets SSL
parameters in the /opt/aldon/aldonlm/current/etc/AldonLM.conf file on the
server:
71
Option
Description
-ssa
Use to activate SSL on the Security Server channel. If this option is present SSL is
enabled. If this option is missing SSL is disabled. To change an SSL configuration value and keep SSL enabled, ssa must be included. Sets the SS-SSL= parameter to 1 in
the AldonLM.conf file.
-sst trust_certificate_file
-ssp trust_certificate_password
Use to specify the path and file name of the

trust certificate file, for example /opt/aldon/aldonss/certs/PubCert.pem.
Sets the value of the SS-SSLTrustStore= parameter in the AldonLM.conf file.
Use to specify the trust certificate file password. Sets the value of the SS-SSLPassword=
parameter in the AldonLM.conf file. The
value is encrypted.
Note: You use the afftsslset command to specify SSL parameters both for
connections between Security Server and the LM(e) server and browsers, and
connections between the LM(e) server and development clients. The options shown here
are the only ones required for Security Server. Enter the afftsslset -h command to
see all options.
For example:
./afftsslset ssa -sst trustcert_file -ssp trustcert_pwd
6.
Where trustcert_file is the path and file name of the trust certificate file, and
trustcert_file_pwd is the password for that file.
Configure the Security Server application to enable SSL and define the location of the server
certificate file:
a. Log in to Security Server.
b. On the home page, click Configuration.
c. On the Configuration page, do all of the following:
Check the box labeled Enable SSL for RPC and HTTPS.
d.
In the Certificate Store Name and Path field, type the path and file name of the server
certificate file that contains the public and private keys. This is the file with the .jks
extension, for example servercert.jks.
In the Certificate Store Password field, type the server certificate file password.
In the HTTPS Port field, accept the default port number that browser clients should use
when SSL processing is enabled, or provide an alternate port number if the default port is
in use by another web application. Consult with the network administrator to obtain an
alternate port number if necessary. The default port is 8080.
To store your settings, click Save Changes.
Log out of Security Server.
Stop and restart Security Server.
Test the configuration by directing a web browser to the secure URL, which is constructed
like this:
https://servername.companydomain:port#/aldonsecurityservice
72
For example:
https://server1.company1.com:8080/aldonsecurityservice
Parent topic: SSL encryption

Ask your network security administrator to create required SSL files and ensure that they are on the
Linux computer that hosts the LM(e) server. Then specify SSL parameters on the server, and configure
SSL on all LM(e) development clients.
1.
2.
3.
Configuring SSL on the LM(e) server

Ask you network security administrator to create an SSL trust certificate file, and ensure that
all required SSL files are on the Linux computer that hosts the LM(e) server. Then specify SSL
parameters.
Configuring SSL on a client for Microsoft Windows
Configure an LM(e) client that runs on Microsoft Windows to communicate with a secured LM(e)
server.
Configuring SSL on a command-line client on Linux, UNIX, or Mac OS X
Configure an LM(e) development client that runs on a supported Linux, UNIX, or Mac OS X
operating system to communicate with a secured LM(e) server.
Configuring SSL on the LM(e) server

Ask you network security administrator to create an SSL trust certificate file, and ensure that all
required SSL files are on the Linux computer that hosts the LM(e) server. Then specify SSL parameters.
You must have root access to the Linux computer that hosts the LM(e) server.
Certificates can be either self-signed or signed by a third party. The method used in your organization
determines how long it takes to get a signed certificate. Your network security administrator can
advise you how long the process might take.
1.
2.
On the Linux computer that hosts Security Server and LM(e) server, log in as root.
Navigate to /opt/aldon/aldonlm directory and enter the following command to create a /
certs directory:
mkdir certs
This is the suggested location for storing SSL files for LM(e) server connections.
Note: The /certs is the recommended directory for SSL files, but you can use any directory
that is not below a /current directory. For example, use /opt/aldon/aldonlm, but
not /opt/aldon/aldonlm/current. Adding files to the /current directory or its
subdirectories renders them inaccessible to subsequent releases.
3.
Contact the network security administrator and ask that person to create or request an SSL trust
certificate for establishing secure sessions between the LM(e) server and development clients.
Tell them that the Common Name value in the server certificate signing request must be this
case-sensitive value: LMe
The network security administrator must return the following items that are generated when
creating the trust certificate:
73
Trust certificate file, for example trust.crt

Server certificate file, for example server.crt
Server key file, for example server.key
The password that secures the server key file
Note: The files can have any name or extension.
4.
5.
Ensure that all required files are in the directory you created in Step 2. You must also have the
passwords for both files.
Specify SSL parameters:
a. On the Linux computer that hosts LM(e), navigate to the /opt/aldon/aldonlm/
current/bin directory.
b. Enter the ./afftsslset command with the following options. The command sets SSL
parameters in the /opt/aldon/aldonlm/current/etc/AldonLM.conf file on the
server:
Option
Description
-c
Use to define the path and file name of the

AldonLM.conf file if it is in a location
other than the default location of opt/
aldon/aldonlm/current/etc/.
-a
-t trust_certificate_file
-k server_certificate_file
-y server_key_file
-p server_key_password
Use to activate SSL between the LM(e) client

and server. If this option is present, SSL is activated. If this option is missing, SSL is deactivated. To change an SSL configuration value and keep SSL going, the a option must
be included. Sets the SSL= parameter to 1 in
Use to specify the trust certificate file. Sets
the value of the SSLTrustStore= parameter in
Use to specify the path and file name of
the server certificate file. Sets the value
of the SSLKeyDB= parameter in the AldonLM.conf file.
Use to specify the path and file name of the

server key file. Sets the value of the SSLKeyFile= parameter in the AldonLM.conf file.
Use to specify the server key file password.

Sets the value of the SSLPassword= parameter in the AldonLM.conf file.
Note: You use the afftsslset command to specify SSL parameters both for
connections between Security Server and the LM(e) server and browsers, and
connections between the LM(e) server and development clients. The options shown
here are the only ones required for the LM(e) server and development clients. Enter the
afftsslset h command to see all options.
For example:
[root@myserver certs]# cd /opt/aldon/aldonlm/current/bin
74
[root@myserver bin]# ./afftsslset -a -t trust.crt -k server.crt

-y server.key -p password
Next step
Configure SSL on all of the development clients in your network.
Parent topic: Configuring LM(e) server encryption

Configure an LM(e) client that runs on Microsoft Windows to communicate with a secured LM(e) server.
Know the location on the LM(e) server where the certificate files are stored. The suggested location
is /opt/aldon/aldonlm/certs.
Know the location on the client computer where you plan to store the trust certificate file. The
suggested location is c:/program_files_dir/Aldon, where program_files_dir is Program
Files (x86) on 64bit versions of Microsoft Windows and Program Files on 32bit versions of
Microsoft Windows.
Perform these steps only when the LM(e) server is configured to use an SSL connection.
1.
2.
3.
4.
5.
6.
Copy the trust certificate file from the storage location on the LM(e) server to the chosen location
on the client computer.
Click Start program_location Aldon LM x.x LMCS Configuration Editor, where
program_location is the location on this computer where installed client files reside, and x.x is the
On the LMCS Configuration Editor display, ensure that the check box that is labeled Enable SSL is
selected.
In the Truststore field, type the path and file name for the trust certificate file on this LM(e) client
computer, or click Browse to locate and select the file.
Confirm that the path and file name match the location where you stored the trust certificate file.
Then, click Save and then Close.
Repeat steps 1 through 5 on each LM(e) client that runs on Microsoft Windows.
Configuring SSL on a command-line client on Linux, UNIX, or Mac OS X

Configure an LM(e) development client that runs on a supported Linux, UNIX, or Mac OS X operating
system to communicate with a secured LM(e) server.
Prerequisites
Have access to root on the host computer.
Know the location on the Linux LM(e) server where the trust certificate file for client computers is
stored. The suggested location is /opt/aldon/aldonlm/certs.
75
About this task

Perform these steps on LM(e) client computers only when the LM(e) server is configured to use an SSL
connection.
Procedure
1.
2.
Log in to the LM(e) client computer as root.

Copy the trust certificate file from the storage location on the LM(e) server to a location of your
choice on the LM(e) client computer. The suggested location is /opt/aldon/aldonlmc/
certs.
Note: Do not store the certificate files in the /current directory or in any of its subdirectories. These locations make the files inaccessible to subsequent releases.
3.
4.
5.
6.
7.
8.
Open the /opt/aldon/aldonlmc/current/etc/aldcs.conf file for editing.

#Uncomment SSL=set line to activate SSL
# set SSLTrustStore to the trust certificate in PEM
# LME-SSL controls
#SSL=set
#SSLTrustStore=
Remove the comment characters from the SSL=set and SSLTrustStore= lines.
After SSLTrustStore=, type the path and file name for the trust certificate file on this computer.
Verify that the information that you typed matches the location where you stored the file.
Restart the AldCS program:
a. To stop AldCS, run this command:
ald shutdown
b.
9.
To start AldCS, run this command:

ald signon
Repeat steps 18 on each LM(e) client in the network that runs on Linux, UNIX, or Mac.
Next step
If LM(e) releases are not yet defined, it is too soon to test for a successful connection. However, if
releases exist and the command line client has been used, you can test the connection by positioning
the directory to a local folder and issue LM(e) commands to try to initialize and sign on.
Configuring Web Portal encryption

If the LM(e) server is configured for secure connections, then LM Web Portal must also be configured to
use them.
About this task

To configure Web Portal for secure connections, two sets of configurations are required:
76
Configuring secure connections between browsers and LM Web Portal
Configuring secure connections between browsers and LM Web Portal

In this task, you install the mod_ssl package, configure Apache HTTP server for secure browser
connections to Web Portal, and restart the HTTP service.
Prerequisites
You have access to the root user credentials, or to credentials for a user that has sudo access to
root.
LM Web Portal is installed on the same computer as LM(e) server and Security Server.
About this task

This task is required if the LM(e) server is configured for secure connections. When secure connections
are required, users must use the HTTPS protocol to access LM Web Portal with a browser.
In these steps, you configure the SSL connection between web browsers and LM Web Portal by
installing the Apache mod_ssl SSL module.
Procedure
1.
2.
Log in to the Linux computer that hosts LM Web Portal.

Install the mod_ssl package:
yum install mod_ssl
REVIEWERS: Per Dave Lewak, installing mod_ssl was not enough for self-signed certs. He thinks
we still have to do steps 410 from the UOB document, but that step 9 is only needed if the cert
is corporate-signed which it could well be depending on decisions that were made when LMe
was configured for SSL. I know we decided during scrum to assume self-signed certs, but if the
customer is adding WP into an already existing SSL config, those decisions have already been
made and either seems possible given that these are internal machines. I have left step 9 in with
instructions to skip it if the certs are self-signed. This can be resolved during this last bit. JE: After
discussion with Juan and Dave, just installing mod_ssl is enough. This essentially uses a selfsigned certificate. When you hit WP you get prompted that the site is not trusted, but when you
get past that you can view using https.
3.
Take the following steps to test the Web Portal connection with browsers:
a. Open a browser and navigate to the following URL to open Web Portal:
https://[wp_servername]/aldonlmw
Where [wp_servername] is the name of the computer that hosts Web Portal. Note that if
the server certificate was created using the domain name, then the URL must include the
domain name. For example:
https://[wp_servername.domain.com]/aldonlmw
4.
b. If prompted that the site is untrusted, click I understand the risks.

c. Log into Web Portal. A successful log in completes the test.
Open the /opt/aldon/aldonlm/6.4/etc/AldonLM.conf file in an editor and change the
security protocol of the URL specified for the LMURL= property to the https protocol. For example:
LMURL=https://[wp_server]/aldonlmw
Where [wp_server] is the name of the Web Portal computer. In Web Portal, you can specify
in deployment profiles that notification emails be sent out after a deployment to provide
information about the deployment. Those emails include the Web Portal URL, so that if there is a
problem the user can open Web Portal and see what went wrong. The LMURL property provides
the base URL for constructing those links. Here we are changing the address to use the https
77
security protocol, meaning an SSL-enabled address. Note that if the server certificate was created
using the domain name, then the URL would include the domain name. For example:
LMURL=https://[wp_servername.domain.com]/aldonlmw
Configuring secure connections between LM Web Portal and the LM(e)

server
To configure LM Web Portal on a supported Linux distribution to communicate with a secured LM(e)
server, you enable SSL in the aldcs.conf file and you define the path location for the LM Web Portal
copy of the trust certificate file.
Prerequisites
The LM(e) server and LM Web Portal are installed on the same computer.
You have access to root credentials on the computer that hosts Web Portal and LM(e) server.
You know the location where the trust certificate file for client computers is stored for the LM(e)
server. The suggested location is /opt/aldon/aldonlm/certs.
About this task

Perform these steps on the computer that hosts LM Web Portal and the LM(e) server, when the LM(e)
server is configured for secure connections.
Procedure
1.
2.
Log in to the LM Web Portal computer as root.

REVIEWERS: The assumption is that these two products WP and LMe server are installed on
the same computer. Is it necessary to copy the trust certificate when this is true, or can WP use
the copy in the LMe location, and this step can be removed?
Copy the trust certificate file from the LM(e) server storage location to a location of your choice on
the LM(e) client computer. The suggested location is /opt/aldon/aldonlmc/certs.
Note: Do not store the certificate files in the /current directory or in any of its subdirectories. These locations make the files inaccessible to subsequent releases.
3.
4.
5.
6.
7.
78
Open the /opt/aldon/aldonlmc/current/etc/aldcs.conf file for editing.

#Uncomment SSL=set line to activate SSL

# set SSLTrustStore to the trust certificate in PEM
# LME-SSL controls
#SSL=set
#SSLTrustStore=
Remove the comment characters from the SSL=set and SSLTrustStore= lines.
After SSLTrustStore=, type the path location and file name for the trust certificate file on this
computer. Verify that the information that you typed matches the location where the trust
certificate file resides.
8.
To restart the AldCS program, run these commands one at a time:

ald shutdown
ald signon
Next step
To test the connection, open a browser and type the LM Web Portal URL in the address field, specifying
the HTTPS security protocol. For example:
https://server1/aldonlmw
If the certificate was created using the domain name, then you must use the domain name in the URL,
like this:
https://server.domain.com/aldonlmw
If the log-in page appears and you can log in successfully and see LM(e) data in the portal, then the
secure connection is working.

To encrypt deployed parts, you must request an SSL keystore file from your security administrator,
configure the Deployment server for encryption, and configure the Deployment clients for encryption.
1.
2.
3.
4.
5.
6.
Requesting an SSL keystore file

An SSL server certificate keystore file is used to establish the encrypted connection when
transferring files during a deployment.
Enabling secure connections on the Deployment server
To configure a Deployment server for encrypted deployment, you must manually set SSL
parameters in the Deployment server computers distserver.properties file.
Configuring secure connections for the Deployment client on Windows
To configure secure connections for encrypted deployment on a Microsoft Windows Deployment
client, you must...
Configuring secure connections for the Deployment client on IBM i
To configure secure connections for encrypted deployment on an IBM i Deployment client, you
must manually set SSL parameters in the LMDeployClient.properties file.
Configuring secure connections for Deployment clients on Linux, UNIX, or Mac OS X
If you configured the Deployment server for secure deployment connections, then you
must likewise configure the Deployment client computers. To configure secure deployment
connections on Linux, UNIX, or Mac OS X deployment clients, you manually set SSL parameters in
the LMDeployClient.properties file.
Configuring secure connections for multiple Deployment client installations
If you configured the Deployment server for secure deployment connections, then you must
configure the Deployment client installation package so that SSL is configured on all Deployment
clients.
Requesting an SSL keystore file

An SSL server certificate keystore file is used to establish the encrypted connection when transferring
files during a deployment.
79
Prerequisites
Have access to a network security administrator who is familiar with your companys SSL policy
and who manages the keystore files that are needed for SSL connections on a Linux, UNIX, or Mac
computer.
About this task

In this task, you create a /certs directory below the /opt/aldon directory and create or copy the
keystore file to /certs. However, the keystore file can be located anywhere. The suggested location
is a directory at the /opt/aldon level or above, so that during future upgrades, the keystore file is
not deleted.
Procedure
1.
To create a /certs directory below /opt/aldon, enter the following commands:

cd /opt/aldon
Then:
2.
mkdir certs
Ask your network security administrator to generate an SSL keystore file for each Deployment
sever that you plan to use for secure deployment in LM(e). Provide the following information to
the administrator for each Deployment server that you expect to configure:
The location on each Deployment server in which to store the generated keystore file: /opt/
aldon/certs.
The following sample command string and parameter information that they can use to
generate the keystore:
keytool -genkey -keystore '/opt/aldon/certs/filename.jks'
-storepass password -keypass password
-keyalg RSA -keysize 2048
where filename is the name of the keystore file (it can be anything), and password is the same
password for the keystore and the truststore.
The recommended key algorithm is RSA. The recommended keysize is 2048 instead of using
the default value of 1024. The password values must have at least six characters, and the same
value can be used for both passwords. The identity prompts can have the default value of
Unknown.
3.
When the requested keystore file or files have been generated, confirm that they are stored in
the requested location, and make a note of the keystore file name, path, and password values for
each file. In addition to using this information for configuring each Deployment server, you must
provide this information to the people in your organization who will configure the Deployment
client computers with which each server will communicate.
Next step
Enable secure connections on the Deployment server.
Parent topic: Configuring deployment encryption

To configure a Deployment server for encrypted deployment, you must manually set SSL parameters
in the Deployment server computers distserver.properties file.
80
Prerequisites
You must have root access to the Deployment server computer.
You must have the following values to supply as SSL parameters:

The path and filename of the keystore file you requested in the previous task.
The password for the keystore file.
The amount of time, in seconds, that the server should wait for a successful connection before
closing the connection. The default is 60 seconds.
About this task

In an existing Deployment server setup, you must add both the parameter names and values to the
end of the distserver.properties file. In a new Deployment server installation, the parameters
already exist in the file, and you must supply only the values.
In a multiple Deployment server setup, each Deployment server must have its own keystore file, and
each Deployment client that it communicates with must have a copy of the same keystore file.
Procedure
1.
2.
3.
4.
5.
Enter the following command to navigate to the directory containing the

distserver.properties file:
cd /opt/aldon/aldonlm/current/etc/
Open the distserver.properties file in an editor.

Page down to the bottom of the file and locate the following parameters:
#SSL.Server
#SSL.Client
SSL.keyStore=
SSL.keyStorePassword=
SSL.trustStore=
SSL.trustStorePassword=
ConnectTimeout=60
To enable encrypted deployment, remove the number sign (#) comment character from the
beginning of the SSL.Server and SSL.Client lines.
After SSL.keyStore=, type the path and file name to the keystore file you generated, after the
equals sign. For example:
/opt/aldon/certs/keystore_file.jks
where keystore_file is the name of the keystore file.

6. After SSL.keyStorePassword=, type the password you set for the keystore file.
7. After SSL.trustStore=, type the same path and file name you provided for the SSL.keyStore
parameter.
8. After SSL.trustStorePassword=, type the password you used for SSL.keyStorePassword.
9. After ConnectTimeout=, either accept the default value of 60 seconds, or type a different value
to represent the number of seconds the server should wait for a successful connection before
ending the attempt.
10. Save your changes and close the file.
11. Stop and restart the Deployment server:
a. To stop the Deployment server, enter the following command:
/etc/init.d/aldonsys stopdm
b.
To start the Deployment server, enter the following command:

81
12. If during the course of completing this activity you changed the location where your keystore file
is stored, remember to notify the person or people who will configure your Deployment client
computers.
Configuring secure connections for the Deployment client on Windows

To configure secure connections for encrypted deployment on a Microsoft Windows Deployment
client, you must...
1.
Copy the SSL keystore file from the Deployment server to a location on this Deployment client
computer. The suggested location for storing the file is C:\program_location\Aldon,
where program_location is the folder where installed programs are stored on this version of
Microsoft Windows. Ensure that the file permissions remain intact after copying. All users require
read, write, and execute permissions.
Note: Do not store the SSL keystore file in or below the \Aldon LM x.x folder because this will
make the file inaccessible to subsequent versions of LM(e).
Click Start program_location Aldon LM x.x Aldon DM Setup, where program_location is
the name of the folder where programs are installed on this version of Windows and x.x is the
Under SSL Properties, select Enable SSL, and then supply the path and file name of the keystore
file that was copied to the client location. Enter the password for the SSL keystore file. The
password must be at least 6 characters.
In the Connect Timeout field, type the amount of time in seconds that the Deployment server
should wait for a successful authentication before closing the connection. The default value is 60
seconds. A blank value is interpreted as 60 seconds. You can adjust this value to suit the typical
response time on your network.
Click OK to save your choices.
2.
3.
4.
5.

To configure secure connections for encrypted deployment on an IBM i Deployment client, you must
manually set SSL parameters in the LMDeployClient.properties file.
Prerequisites
82
Confirm that the Deployment server is configured for SSL, and obtain SSL information for
configuring Deployment clients from the person who configured the Deployment server. You need:
The path and filename of the keystore file on the Deployment server.
The password that secures the keystore file.
The password that secures the key information in the keystore file, if it is different from the
keystore file password.
An amount of time, in seconds, that the client should wait for a successful connection before
ending the connection attempt. The default is 60 seconds. If the value for this property is blank,
a default of 60 seconds is assumed.
Know where to find the LMDeployClient.properties file on the client computer. The default
path for a client on an IBM i computer is /Aldon/Affiniti/affiniti distribution.
Have root access to the Deployment server computer, and access to the QSECOFR profile or a
profile with *SECADM and *ALLOBJ authority on the Deployment client computer.
About this task

Enable SSL on the Deployment client only if the Deployment server is using it. If the Deployment server
is using SSL, then all Deployment clients must use it.
You can use these steps to configure a new Deployment client installation or an existing one to use
SSL. In a new Deployment client installation, the parameters exist in the properties file, and you
need only supply the values and remove comment characters. In the existing property file for the
Deployment client setup from a previous release, you must add both the parameters and their values
to the end of the file.
1.
2.
3.
4.
5.
6.
7.
Log in to the IBM i computer where the Deployment client is installed.

Create a folder to contain the SSL keystore file for secure deployment. The suggested name
for the new folder is /certs. The suggested location for the folder is /Aldon/Affiniti/
affiniti distribution/certs. For example, you can use the following command to
create the folder:
mkdir '/Aldon/Affiniti/affiniti distribution/certs'
Using your preferred utility, copy the keystore file from the Deployment server computer to the
keystore folder on the Deployment client computer.
Verify that all users have read, write, and execute permissions for the keystore file.
On the command line of the Deployment client computer, run the WRKLNK command to
navigate to the location on this computer where the LMDeployClient.properties file
resides, for example:
wrklnk '/Aldon/Affiniti/affiniti distribution/*'
To open the file for editing, type option 2=Edit beside the LMDeployClient.properties file
entry.
Page down to the bottom of the file, and then do one of the following choices:
For a new installation, locate the following parameters in the file:

#SSL.Server
#SSL.Client
SSL.keyStore=
SSL.trustStore=
ConnectTimeout=60
8.
9.
For an existing deployment setup, add the above parameters, exactly as shown, to the end of
the file.
To enable encrypted deployment, remove the comment character from the beginning of the
SSL.Server and SSL.Client lines.
After SSL.keyStore=, type the path and file name of the keystore file where it resides on this
computer, for example:
/Aldon/Affiniti/affiniti distribution/certs/keystore
10. After SSL.keyStorePassword=, type the password that secures the keystore file.
11. After SSL.trustStore=, copy and paste the file name from the SSL.keyStore parameter.
12. After SSL.trustStorePassword=, copy and paste the password from the
SSL.keyStorePassword= property.
83
13. After ConnectTimeout=, either accept the default value of blank, which is interpreted as 60
seconds, or type a different value to represent the number of seconds the server should wait for a
successful connection before ending the attempt.
14. Press F3 twice to save your changes and close the file.
15. If the Deployment client is running when you change the LMDeployClient.properties file,
end and restart the Deployment client to put the property changes into effect. See Starting and
stopping the Deployment client on IBM i, on page 55.
Configuring secure connections for Deployment clients on Linux,

UNIX, or Mac OS X
If you configured the Deployment server for secure deployment connections, then you must
likewise configure the Deployment client computers. To configure secure deployment connections
on Linux, UNIX, or Mac OS X deployment clients, you manually set SSL parameters in the
LMDeployClient.properties file.
Prerequisites
To complete this task:
Confirm that the Deployment server is configured for secure deployment, and obtain the following
information from the person who configured it:
The path and filename of the keystore file on the Deployment server. The suggested location
is/opt/aldon/certs.
The amount of time, in seconds, that the client should wait for a successful connection before
ending the connection attempt. The default is 60 seconds. If this value is blank, a default of 60
seconds is assumed. The value you choose for this setting depends on the operating conditions
on your network and on each computers individual operating speed. If you find that a client
cannot successfully connect to the Deployment server and you have determined that all other
configuration values are correct, it may be that the computer needs more time to accomplish
the secure connection.
Have root user access to the Deployment client computer.
Procedure
1.
Log in as root on the computer where you installed the Deployment client.
2.
Enter the following commands to create a /certs directory below /opt/aldon:
3.
4.
5.
6.
cd /opt/aldon
mkdir certs
Copy the SSL keystore file on the Deployment server from its server location to the /opt/
aldon/certs directory on this client computer.
Ensure that all users have read, write, and execute permission for the keystore file.
Open the LMDeployClient.properties file in an editor. For example, to open it in the nano
editor:
nano /opt/aldon/aldonlmd/current/etc/LMDeployClient.properties
Page down to the bottom of the file and locate the following parameters:
#SSL.Server
#SSL.Client
84
Configuring secure connections for Deployment clients on Linux, UNIX, or Mac OS X
7.
8.
SSL.keyStore=
SSL.trustStore=
ConnectTimeout=60
To enable encrypted deployment, remove the number sign (#) comment character from the
beginning of the SSL.Server and SSL.Client lines.
Supply values for the remaining parameters, as follows:
Option
Description
SSL.keyStore
Type the path and file name for the keystore

file that you copied from the Deployment
server. This file is used to establish the secure
connection between the Deployment server
and the Deployment clients. If the file is in the
recommended location, then an example of
the path and file name might be:
/opt/aldon/certs/keystore_file
where keystore_file is the keystore file name.

SSL.keyStorePassword
Type the password for the keystore file as

provided by the person who configured the
Deployment server.
SSL.trustStore
If the keystore file was generated as

recommended, then the path and filename for
the truststore file is the same as the path you
supplied for the keystore file. Type the same
path, or use copy and paste.
SSL.trustStorePassword

recommended, then the truststore password
is the same as the keystore password. Type
the password, or use copy and paste.
ConnectTimeout
Leave the field blank to accept the default

value of 60 seconds, or type a different value
to represent the number of seconds the server
should wait for a successful connection before
ending the attempt.
9. Save your changes and close the file.

10. If the Deployment client was running when you changed the LMDeployClient.properties
file, restart the client to put the changes into effect. For information on restarting the client on
Linux and UNIX, see the topic Starting and stopping the Deployment client on Linux or UNIX
computers. For information on restarting the client on Mac, see the topic Starting and stopping
the Deployment client on Mac OS X computers.
85
Configuring secure connections for multiple Deployment client

installations
If you configured the Deployment server for secure deployment connections, then you must configure
the Deployment client installation package so that SSL is configured on all Deployment clients.
Prerequisites
That the Deployment server is configured for SSL, and obtain the following information from the
person who configured it:
The path and filename of the keystore file on the Deployment server. The suggested location on
the server is/opt/aldon/certs.
The amount of time, in seconds, that the client should wait for a successful connection before
ending the connection attempt. The default is 60 seconds. If this value is blank, a default of 60
seconds is assumed. The value you choose for this setting depends on the operating conditions
on your network and on each computers individual operating speed. If you find that a client
cannot successfully connect to the Deployment server and you have determined that all other
configuration values are correct, it may be that the computer needs more time to accomplish
the secure connection.
That you have root user access to the computer on which you are creating the installation package
for multiple computers.
About this task

To configure SSL on Deployment clients for encrypted deployment, you extract the Deployment
client installation file in a working directory, and manually set SSL parameters in the
LMDeployClient.properties file. Then copy the SSL keystore file from the Deployment server
to the current computer. Then update the properties and keystore files in the installation file, and
compress it.
Procedure
1.
2.

Create a working directory:
cd /tmp/aldcs
Then:
mkdir working
3.
Copy the installation file to the working directory:
4.
Where version is the application version.

Navigate to the working directory and extract the installation file:
cp /tmp/aldcs/LMD_version_PKG.tar.bz2 /tmp/aldcs/working
cd /tmp/aldcs/working
Then:
bzip2 -d LMD_version_PKG.tar.bz2
Then:
tar -xvf LMD_version_PKG.tar
The system lists the items that were extracted:

etc/
86
Configuring secure connections for multiple Deployment client installations
etc/init.d/
etc/init.d/aldondcp
etc/init.d/aldondc
etc/LMDeployClient.properties
lib/
lib/LMeDMPlus.jar
lib/AffDist.jar
lib/DMContainer.jar
Note: If deployment will only use the DMPlus deployment processing, then the
AffDist.jar file can be excluded from the package.
5.
Specify SSL properties:

a. Open the LMDeployClient.properties file in an editor, for example enter the
following command to open the file in the nano editor:
nano etc/LMDeployClient.properties
b.
Locate the lines marked as SSL details section at the end of the file:
#SSL.Server
#SSL.Client
SSL.keyStore=
SSL.trustStore=
ConnectTimeout=
c.
d.
e.
Read the sections explanatory comments.

Remove the number sign (#) from the beginning of the SSL.Server and SSL.Client lines to
activate SSL deployment.
Supply values for the following properties:
Option
Description
SSL.keyStore
Type the following path and file name for the

keystore file on the client computer. This file
is used to establish the secure connection
between the Deployment server and the
Deployment clients:
/opt/aldon/certs/keystore_file
where keystore_file is the keystore file name.
SSL.keyStorePassword
Type the password for the keystore file as

provided by the person who configured the
Deployment server.
SSL.trustStore

recommended, then the path and filename
for the truststore file is the same as the path
you supplied for the keystore file. Type the
same path, or use copy and paste.
SSL.trustStorePassword

recommended, then the truststore password
is the same as the keystore password. Type
the password, or use copy and paste.
87
6.
7.
8.
Option
Description
ConnectTimeout
Leave the field blank to accept the default

value of 60 seconds, or type a different
value to represent the number of seconds
the server should wait for a successful
connection before ending the attempt.
f. Save and close the file.

Add the updated LMDeployClient.properties file to the installation tar file:
tar -uvf LMD_version_PKG.tar etc/LMDeployClient.properties
Compress the installation tar file:
bzip2 LMD_version_PKG.tar
Copy the compressed installation file back to the /tmp/aldcs directory:

cp -f LMD_version_PKG.tar.bz2 /tmp/aldcs
9. Delete the working directory and its contents.

10. Copy the SSL keystore file from the Deployment server computer to the /tmp/aldcs directory
on the current computer.
Next step
Create a Deployment client installation package.
88
Chapter 6: Upgrade
Upgrade the LM(e) server, and then upgrade all LM(e) clients that communicate with that server.
1.
2.
3.
4.
5.
Upgrading a remote DB2 server

To upgrade a remote DB2 server you run the installation program on the computer, specifying the
upgrade option.
Upgrading a remote LM(e) server
To upgrade a remote LM(e) server, you run the remote LM(e) server upgrade program on the
computer.
Upgrading remote Deployment servers
To upgrade a remote Deployment server, run the Deployment server installation program on the
computer.
Upgrading LM(e) clients
Upgrade LM(e) clients on Microsoft Windows by installing the new version over the existing
version. To upgrade LM(e) clients on Linux or UNIX client computers, you must uninstall the
programs and then install the latest version of the programs.
Upgrading Deployment clients
After you upgrade the LM(e) server, deployment clients are upgraded automatically when you
restart them.
Upgrading a remote DB2 server

To upgrade a remote DB2 server you run the installation program on the computer, specifying the
upgrade option.
Prerequisites
Your current version of LM(e) must be version 6.3A, 6.3B, or 6.4A. If you have a version that is
earlier than 6.3A, for example version 6.2C, you must upgrade to version 6.3A, 6.3B, or 6.4A, and
then upgrade to version 6.5. For information on upgrading to version 6.3A, 6.3B, or 6.4A, see the
appropriate upgrade documentation.
Make sure the computer meets the system requirements. The upgrade program fails if the
computer does not meet the hardware requirements.
You must know the password for user aldondbi, which owns the DB2 instance. When you installed
LM(e), the installation program used an encrypted default password. You can view the unencrypted
version of that default password in your LM(e) Installation Notes. If you have changed the
password using the encryption option (see Changing the DB2 passwords), you must know the new
password.
After the upgrade, you must apply a new license key and feature codes. Be sure to have the
Validation document containing the new license key and feature codes. If you did not receive a
Validation document, contact your Rocket sales representative or Rocket Technical Support.
You must have access to the installation files.
Before you upgrade, the system umask must be 0022.
There are three LM(e) databases in DB2: ALDONLM, ALDONSS, and ALDONCFG. Each database
has a SYSCATSPACE, USERSPACE, and a SYSTOOLSPACE tablespace. SYSCATSPACE is the system
catalog tablespace, and the other two are temporary tablespaces. It is important that these
tablespaces are allocated enough disk space before you upgrade to LM(e) 6.4A and DB2 10.5.03.
For example, the SYSCATSPACE tablespace should have an equal amount of used and free space.
89
Chapter 6: Upgrade
For information on checking the currently used disk space and increasing it if necessary, see the
IBM DB2 upgrade topic Increasing table space and log file sizes before upgrade.
About this task

The upgrade process backs up the existing databases, installs the new version, creates empty
databases in the new version, and restores the data to the new databases.
The upgrade program writes messages to the /tmp/aldonadm/log/installer.log file when
existing database records are merged into the new databases.
Procedure
1.
2.
Log into the Linux computer as root.

To preserve the directory where you extracted the old installation program, enter the following
command to rename the /tmp/aldonadm directory /tmp/aldonadmrelease.old:
mv /tmp/aldonadm /tmp/aldonadmrelease.old
4.
Where release is the old release name, for example aldonadm63B.old.

Copy the installation files from the network share location where the installation files are stored
to the /tmp directory on the server computer.
5.
To unzip the LM(e) installation program file, enter the following command:
6.
Where filename is the name of the LM(e) installation program .zip file.
To extract the installation program file, enter the following command:
7.
Where filename is the name of the installation program .tgz file.

3.
cd /tmp
unzip filename.zip
tar -xzvf filename.tgz
8.
9.
cd /tmp/aldonadm
To start the installation program, enter the following command:

./install
On the Utility menu, type 3, and press Enter.
The program determines if the default backup location (/tmp) has enough disk space to back
up the existing databases. If not, a message is displayed and the upgrade stops. To specify a
location that has adequate disk space, open the /tmp/aldonadm/upgrade/upgrade.cfg
file. For the DEFAULT_BACKUP_LOCATION property, specify the location, and save the file. After
the computer meets the hardware requirements, you must start these steps again.
10. When you are asked if DB2 is already installed, type Y and press Enter.
11. In the DB2 Configuration Menu, take the following steps to specify the password of the user
aldondbi (the DB2 instance owner) and upgrade DB2:
a. Type 3 and press Enter.
b. Type aldondbi's password and press Enter.
c. Type the password again to confirm it.
d. Press any key to continue.
e. Press N.
DB2 is upgraded.
12. On the Upgrade Configuration Menu, review the configuration information, and then perform one
of the following steps:
90
To use the default backup location, type N, and press Enter.

To change the default backup location, type 1, specify a different backup location, type N, and
then press Enter.
When the upgrade phase finishes, the LM(e) server, the Security Server, the Deployment server,
and IBM DB2 are automatically restarted.
13. Log into the Security Server, and then click the Manage Products and Instances tab.
14. Select the instance of LM(e), and then click License.
The license status will be Expired.
15. In the License Key field, enter the license key that came with the Validation document, and then
click Verify.
If the license key is not valid, the message Invalid license key is displayed. If the license key is
valid, the Product Licensing page is displayed. This page lists the version number and instance
name of the LM(e) release and the license key type and expiration date.
16. Enter a feature code in the Feature Codes field, and then click Verify New Feature Code. Repeat
this step for each feature code.
If a feature code is successfully validated, it is displayed in the table of feature codes, along with
the current value and expiration date of the code.
17. When you finish entering all feature codes, click Commit to activate the codes.
Next step
REVIEWERS: Should we withhold the restart instruction until all of the servers have been upgraded?
And then should it be done from the DB2 server, to restart all of them at once?
Upgrade the remote LM(e) server.
Parent topic: Upgrade

To upgrade a remote LM(e) server, you run the remote LM(e) server upgrade program on the
computer.
Prerequisites
The DB2 server upgrade must be completed before you upgrade the remote LM(e) server.
You must stop the DB2 and Deployment servers.
You must have root access to the LM(e) server computer.
About this task

When you installed the remote LM(e) server, the installation program installed a DB2 runtime client so
that the LM(e) server could communicate with the DB2 server.
When you upgrade the LM(e) server, the upgrade program checks the version of the installed DB2
runtime client. If the installed DB2 client is an earlier version than the DB2 client packaged with the
installation program, the installation program uninstalls the DB2 client and installs the newer version.
REVIEWERS: Is it necessary to add instructions for backing up an old /aldonlm directory?
91
Chapter 6: Upgrade
Procedure
1.
Log into the LM(e) server computer as root.
2.
To stop the LM(e) server, enter the following command:
3.
4.
Copy the REMOTE_SERVER.tgz file from the /opt/aldon/SaveArea directory on the DB2
server computer to the /tmp directory on the remote LM(e) server computer.
5.
6.
To upgrade the LM(e) server, enter the following command:
7.
/etc/init.d/aldonsys stoplm

cd /tmp/aldonadm
./lm-upgrade
REVIEWERS: Should we hold off starting all of the servers back up until the Deployment server(s)
are upgraded?
To start the LM(e) server after the upgrade completes, enter the following command:
/etc/init.d/aldonsys startlm
Next step
If Deployment is installed, upgrade the remote Deployment server or servers.
Upgrading remote Deployment servers

To upgrade a remote Deployment server, run the Deployment server installation program on the
computer.
Prerequisites
You must stop the LM(e) and DB2 servers. See Starting and stopping servers, on page 23.
You must have root access to the Deployment server computer.
About this task

When you installed the remote Deployment server, the installation program installed a DB2 runtime
client so that the Deployment server could communicate with the DB2 server.
When you upgrade the Deployment server, the upgrade program checks the version of the installed
DB2 runtime client. If the installed DB2 client is an earlier version than the DB2 client packaged with
the installation program, the installation program uninstalls the DB2 client and installs the newer
version.
Procedure
1.
2.
3.
92
Log into the Deployment server computer as root.

To stop the Deployment server, enter the following command:
/etc/init.d/aldonsys stopdm
Copy the REMOTE_SERVER.tgz file from the /opt/aldon/SaveArea directory on the LM(e)
server computer to the /tmp directory on the remote Deployment server computer.
4.
5.


cd /tmp/aldonadm
6.
To upgrade the Deployment server, enter the following command:
7.
8.
Follow the prompts to provide the necessary information.
./dm-upgrade
REVIEWERS: Because the servers should be stopped for each upgrade process, should we wait
until all servers are upgraded, and then issue the start aldonsys start command from the DB2
server instead of starting each server immediately after upgrading it?
To start the Deployment server, enter the following command:

Upgrade LM(e) clients on Microsoft Windows by installing the new version over the existing version. To
upgrade LM(e) clients on Linux or UNIX client computers, you must uninstall the programs and then
install the latest version of the programs.
Upgrading the LM(e) Client for Microsoft Windows

To upgrade the LM(e) Client for Microsoft Windows, you run the setup.exe program.
Prerequisites
Have access to the installation zip file that was downloaded from the Rocket Customer Portal and
stored in a network location.
Have access to the credentials for a user with Administrator rights on the computer that you are
upgrading.
Procedure
1.
Copy the downloaded installation zip file to an empty folder on the Windows computer where the
LM(e) Client for Microsoft Windows is installed.
2.
3.
4.
Extract the contents of the zip file into the folder.

Double click the setup.exe file to start the wizard.
Follow the steps on the screen to complete the upgrade process.
Next step
When you upgrade the LM(e) Client for Microsoft Windows from version 6.3 or earlier, the new version
is installed in a different path, with a new aldcds.conf file. The aldcs.conf file contains client
configuration information, including information required to connect with LM(e) instances. After
upgrade, you must copy configuration information from the old aldcs.conf file into the new
aldcs.conf. These are the locations of the aldcs.conf files:
93
Chapter 6: Upgrade
Old location: C:\Program Files (x86)\Aldon\Aldon LM [X.X]

New location: C:\Program Files (x86)\Aldon\Aldon LM [Y.Y]
Where [X.X] is the version number of the old client and [Y.Y] is the version number of the new client.
Upgrading the LM(e) client on Linux or UNIX

To upgrade the command line client on Linux or UNIX client computers, run the installation program
and choose the upgrade option.
Prerequisites
Your current command line client must be version 1.8 or higher. To upgrade versions lower than 1.8
you must uninstall the current version and install the new version. To find your current version run
the command ald -v. The command returns several lines showing the versions of your different
Rocket Aldon products. The aldcs ver line displays the version, for example aldcs ver:
1.9 means you have version 1.9 of the command line client. For information on uninstalling the
command line client, see the topic Uninstalling the LM(e) clients from Linux or UNIX computers. For
information on installing the command line client, see the topic Installing the LM(e) command line
client on Linux or UNIX.
You must have root access to the client computer.
You must install Java 1.7 or later, and the command line client installation program requires the
path to the java binary file. If you install a compatible Java version and add the binary file path to
root's PATH variable, the installation program finds it automatically. When you upgrade on Linux
computers, the installation program installs Java 1.7 automatically if it is not installed, and adds
the binary file path to root's PATH variable. When you upgrade on Solaris or AIX, if a compatible
Java version is installed but the binary path is not in root's PATH variable (possibly because root
must use an earlier version of Java for other tasks), then you must provide the binary path using
the --dcjava option in the command that starts the installation program.
About this task

When you run the command line client installation program it recognizes that there is an existing
version and prompts you to either upgrade that version or install the new version next to the existing
version.
If you choose to upgrade, the old configuration is imported to the new version and you are not
prompted with configuration questions. The directory containing the old version is renamed but not
deleted. Optionally you can delete it after you confirm that the new version works.
If you choose to install the new version next to the old version, you can answer configuration
questions during the installation, or you can install without configuring and afterward copy the old
configuration file to the new installation to keep your old configuration.
Procedure
1.
2.
3.
4.
94
Log in to the client computer as root.

To delete the /tmp/aldcs directory and remove the files that you used to install the previous
version of the aldcs program, enter the following command:
rm -rf /tmp/aldcs
Copy the new installation files to the /tmp directory on the client computer.
Navigate to the /tmp directory.
5.
To extract the installation file, enter the following command:

gunzip -c [filename].tgz | tar -xvf -
where filename is the name of the installation file, for example aldcs-111-Linux64.tgz for
Linux.
6.
7.

cd /tmp/aldcs
To run the installation program, enter the following command:

./install --lmc
Note: If the path to the Java 1.7 or later binary is not in root#s PATH variable, you must
specify the path and executable file here using the #dcjava option, for example:
./install --lmc --dcjava /[java_path]/java
Where java_path is the path to the directory containing the Java executable file, for example:
--dcjava /usr/java7/jre/bin/java
8.
9.
Choose one of the following options:

Option
Description
Upgrade the existing command line client.
Install the new command client next to the

existing command line client. For example, if
you have version X.1 and choose to upgrade
to X.2 with the b option, after upgrade you
will have version X.1 and X.2, and version X.2
will be the current version. You might want to
do this to test the new client while keeping a
production client, or to continue working with
older versions of LM(e) or LM(i) with the old
client.
Exit the installation.
If you installed the new command line client next to the existing command line client without
answering configuration questions and want to reuse your old configuration settings, you can
replace the new aldcs.conf file with a copy of the old aldcs.conf file:
Location of the old aldcs.conf file:
/opt/aldon/aldonlmc/[x.x]/etc
Where x.x is the old version number.
Location of the new aldcs.conf file:
/opt/aldon/aldonlmc/current/etc

After you upgrade the LM(e) server, deployment clients are upgraded automatically when you restart
them.
95
Chapter 7: Uninstall
Uninstall LM(e), Security Server, IBM DB2, the command line client and Rocket Aldon Client Services
(AldCS), by using uninstall programs.
Uninstalling the server components

You can use the uninstallation program to uninstall everything that was installed with LM(e).
The uninstallation program removes the following applications and directories that were installed
with LM(e):
LM(e) server
Security Server
IBM DB2 and the ALDONSS and ALDONLM databases
IBM Java 7
The LM(e) log directory and its contents
The script then reboots the computer. Content in the /tmp directory is not removed.
Procedure
1.
2.
3.
4.
Log in as root.
Enter the following command to navigate to the location of the uninstallation program:
cd /opt/aldon/util/current
Enter the following command to uninstall all components and reboot the computer:
./uninstall-local -a
Optional: To verify that the components were uninstalled, run the following commands. The
system for each response should be null:
cat
cat
cat
cat
/etc/group | grep aldondbi

/etc/passwd | grep aldonadm
/etc/passwd | grep aldondbi
/etc/passwd | grep dasusr
If the aldondbi group or a user was not removed, a response similar to the following is displayed:
aldondbi:x:2558
If a password was not removed, a response similar to the following is displayed:

aldondbi:x:2558:2557::/home/aldondbi:/bin/bash
If a group, user, or password was not removed, run the uninstallation program again.
Uninstalling the LM(e) clients from Linux, UNIX, or Mac

OS X computers
Remove the command line client and the Deployment client from Linux, UNIX, or Mac OS X computers
by running the uninstallation program.
96
Uninstalling the LM(e) clients from Microsoft Windows computers
About this task

You can uninstall the command line client, or the Deployment client, or both.
Procedure
1.
2.
Log in with root credentials, or with credentials that have sudo access.
Change the current directory to the location of the uninstallation program:
3.
where x.x is the version of the Deployment client software that you want to remove.
Run the uninstallation program in one of the following ways:
To uninstall only the Deployment client, enter the following command:
cd /opt/aldon/aldonlmc/x.x
./uninstall --lmd
To uninstall only the command line client, enter the following command:
./uninstall --lmc
To uninstall the command line client and the Deployment client, enter the following
command:
./uninstall --lmc --lmd
4.
Follow the prompts to remove the desired programs.
After you answer all prompts, a series of messages report progress and confirms that the software is
removed.
Uninstalling the LM(e) clients from Microsoft Windows

computers
To remove LM(e) clients from a Microsoft Windows computer, you run the LM(e) uninstallation
program and delete the product installation folder.
Prerequisites
Determine whether the Deployment client is in use on the computer where you are uninstalling,
and determine whether it runs as an application or a service.
About this task

The uninstallation program removes all LM(e) client programs from the computer.
To remove the development client and a deployment client that runs as an application, you close
the application window to stop the client, and then run the uninstallation program.
To remove the development client and a deployment client that runs as a service, you stop the
service, remove the deployment service wrapper, and then run the uninstallation program.
To remove the development client and the deployment client from a computer where the
deployment client is not used, you stop the LM(e) client and end all server connections, and then
run the uninstallation program.
If the Deployment client runs as a service and you run the uninstallation program without first
removing the service wrapper, the service remains and the wrapper uninstallation program is
97
Chapter 7: Uninstall
removed. If this happens, you must re-install the LM(e) client and remove the service wrapper, and
then re-run the uninstallation program.
Procedure
1.
2.
3.
If the Deployment client is not in use on this computer, begin with step 4.
If the Deployment client is running on this computer as an application, close the application
window to end the program. Then continue with step 4.
If the Deployment client is running on this computer as a service, follow these steps to stop the
service and remove the service wrapper:
a. Open Control Panel Administrative Tools Services
b. In the services list, locate the service you use and stop it if it is running. Then, close the
Services window. Stop one of the following services:
Aldon LM(e) Deployment Wrapper
c.
d.
Open Windows Explorer and navigate to the C:\program_loc\Aldon\Aldon LM

x.x\Deployment\wrapper_win32_2.2.7\bin directory, where program_loc is the
installed program folder on this computer and x.x is the LM(e) version number.
Depending on the service you use, right click one of the following batch files and choose Run
as administrator:
UninstallAffDistWrapper-NT.bat
4.
5.
6.
7.
8.
98
Aldon LM(e) Plus Deployment Wrapper
UninstallAffDMPlusWrapper-NT.bat
Continue with step 4.

If the Development client program is running, close the application window to stop it.
If the Aldon LM Connections icon is present in the system tray, end all remaining LM(e) server
connections by right clicking the icon and selecting Exit.
Open Control Panel Programs and Features.
In the list of installed programs, select Aldon LM x.x. Then select Uninstall.
After the uninstallation program completes, navigate to the location where Rocket Aldon
program files are installed on the computer, and delete the /Aldon LM x.x subfolder along
with all of its contents.
If no other Rocket Aldon products are installed on this computer, then you can remove the /
Aldon folder and all of its contents.
Appendix A: Installation defaults

These items are created on the host system during installation.
Installation defaults for IBM DB2 on Linux

The following default objects are created when DB2 is installed on Linux during the LM(e) server
installation:
User name
Description
aldondbi
DB2 database owner
dasusr
DB2 administration server user
DB2 configuration parameters:
INSTANCE_MEMORY = AUTOMATIC
AGENT_STACK_SZ = 1024
MAXQUERYDEGREE = 1
LOGFILESIZ = 20000
LOGPRIMARY = 25
LOGSECOND = 50
STMTHEAP = AUTOMATIC
AUTO_MAINT = ON
AUTO_TBL_MATIN = ON
AUTO_RUNSTATS = ON
db-db_backup_req THRESHOLDSCHECKED = YES
db.tb_reorg_req THRESHOLDSCHECKED = YES
db.tb.runstats_req THRESHOLDSCHECKED = YES
HEALTH NOTIFICATION CONTACT LIST ADD CONTACT 'ROOT'
You might want to have your DB2 administrator review these defaults to verify that they are
appropriate for your configuration.
Installation defaults for the Security Server on Linux

The following table contains the default objects that are created as a result of installing the Security
Server:
Object
Default value
Activity log
The file dailylog.txt in the directory /opt/

aldon/tomcat/current/logs
Activity log properties file
Apache Tomcat product directory
The file
SecurityServerLog4J.properties in the
directory /opt/aldon/aldonss/current/
conf/conf
/opt/aldon/tomcat
99
Object
Default value
Client configuration properties file
The file ClientConfig.properties in the

directory /opt/aldon/aldonss/current/
conf/conf
Ports
Security Server product directory

Security Server product owner user name
XML-RPC port 8000

Used for communication between LM(e)
server and Security Server.
HTML port 8080
Used for administrator connections
between a web browser and Security Server.
Shutdown port 8005
The TCP/IP port number used to inform
Tomcat that the host computer is shutting
down.
Database port 50006
The port that the Linux server uses to
communicate with the LM(e) database.
/opt/aldon/aldonss/current
aldonadm
Installation defaults for LM(e) server on Linux

The following default objects are created as a result of installing the LM(e) server programs on Linux:
Object
Default value
LM(e) product directory
/opt/aldon/aldonlm
LM(e) server configuration file

LM(e) server installation log
File AldonLM.conf in directory

File installer.log in directory /tmp/
aldonadm/log
Installation defaults for the Deployment server on Linux

The Deployment server is automatically installed when you install the LM(e) server. The Deployment
client is not installed automatically. The following default objects are created during the installation:
Object
Default value
The Deployment server properties file
File distserver.properties in directory /

Default location where files are held before they

are deployed
Standard port communication
/tmp
Server contact port - 7891
Installation defaults for LM(e) development client on Microsoft Windows computers

The following default objects are created when you install the LM(e) client on Microsoft Windows client
computers:
100
Installation defaults
Object
Default value (x.x is the version number)
LM(e) client installation directory
On 32-bit Windows installations:

C:\Program Files\Aldon\Aldon LM
x.x
LM(e) client services configuration file
C:\Program Files (x86)\Aldon\Aldon

LM x.x
x.x\aldcs.conf
LM(e) client program file

LM x.x\aldcs.conf
x.x\affiniti.exe
LM x.x\affiniti.exe
Installation defaults for the LM(e) command line (development) client on Linux, UNIX,
or Mac OS X
The following default objects are created when you install the LM(e) command line client on Linux,
UNIX, or Mac OS X client computers:
Object
Default value
LM(e) client log directory
/var/log/aldon/aldonlmc
LM(e) client installation directory

LM(e) client services configuration file
/opt/aldon/aldonlmc/current/bin
File aldcs.conf in directory /opt/aldon/

aldonlmc/current/etc
Installation defaults for the Deployment client on Microsoft Windows computers

Object
Deployment client properties file

C:\Program Files\Aldon
\Aldon LM x.x\Deployment
\LMDeployClient.properties
C:\Program Files (x86)\Aldon
\Aldon LM x.x\Deployment
\LMDeployClient.properties
101
Object
Default location where files are stored during the On 32-bit Windows installations:
Deploy step
x.x\Deployment\Deployment Packages
Packages
Default location where backup zip files are stored On 32-bit Windows installations:
for support backout and restore
x.x\Deployment\Deployment Packages
\backup
Port that the Deployment client uses to

communicate with the Deployment server

Packages\backup
Port 2001
Default location and file name for Deployment

client connection log files when the program runs
C:\Program Files\Aldon
stand-alone
\Aldon LM x.x\Deployment\logs
\LMDeployClient.log
C:\Program Files (x86)\Aldon
\Aldon LM x.x\Deployment\logs
\LMDeployClient.log
Default location and file name for Deployment

client connection log files when the program runs
as service
x.x\Deployment\Client.log.txt
LM x.x\Deployment\Client.log.txt
Installation defaults for the Deployment client on Linux, UNIX, or Mac OS X computers
The following default objects are created when you install the Deployment client on a Linux, IBM AIX,
Sun Solaris, or or Mac OS X computer:
Object
Default value
Deployment client properties file
File LMDeployClient.properties in
directory /opt/aldon/aldonlmd/
current/etc/
Port that the Deployment client uses to

communicate with the Deployment server
102
Port 2001
Installation defaults
Object
Default value
Locations where Deployment client commands

are stored for starting, stopping, restarting, and
displaying status
/opt/aldon/aldonlmd/current/etc
/init.d
/etc/init.d
For example, on Linux or UNIX computers, when

the directory is positioned to the command
storage location, the command for displaying the
operating status of the DMPlusDeployment client
is:
./aldondcp status
For information on seeing status on Mac OS

X computers, see Starting and stopping the
Deployment client on Mac OS X computers.
Folder where files are stored before installation
Folder where backup zip files are stored for
backout or restore
Default location and file name for client
connection log files
/opt/aldon/aldonlmd/current
/deploypkgs
/opt/aldon/aldonlmd/current
/deploypkgs/backup
/var/log/aldon/aldonlmd/deploylog
103

ALLE-10619-10649 LMeLinux InstallUpgrade Review

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

ALLE-10619-10649 LMeLinux InstallUpgrade Review

Cargado por

Copyright:

Formatos disponibles

T

Rocket Aldon Lifecycle Manager

Toll-free telephone number

Contacting Technical Support

Fixing Deployment client Java errors on Windows...................................................................... 49

Whats new in release 6.5?

An internet connection to install Red Hat Network or CentOS packages if necessary.

6 GB memory, or more if you expect to manage large graphics or stream files.

Logical Volume Manager

For the initial installation, one of the following options:

For initial installation

The actual size requirement of the /home directory

LM(e) client for Microsoft Windows

Microsoft Internet Explorer, Version 8.0 or later

Mozilla Firefox, Version 3.6 or later

LM(e) client for Linux or UNIX

A computer running a supported version of Linux or UNIX (see software requirements)

An internet connection, for downloading the installation file

Approximate available disk space:

IBM AIX 6.1 or Oracle Solaris 10 (SunOS 5.10).

LM(e) client for Mac

A TCP/IP connection to the LM(e) server

Approximately 40 MB of available disk space

Mac OS X 10.10 Yosemite or higher operating system

Remote Deployment servers

Windows Server 2000, Windows Server 2008, Windows 7, Windows 8, or Windows 10

Mac OS X 10.10 Yosemite or higher operating system

For IBM i 7.1, one of the following must be installed:

Licensed program 5761JV1, option *BASE, plus option 14 (Java 7, 32bit)

For IBM i 7.2, one of the following must be installed:

Licensed program 5770JV1, option *BASE, plus option 11 (Java 6, 32-bit)

Licensed program 5770JV1, option *BASE, plus option 14 (Java 7, 32-bit)

Red Hat and CentOS requirements

redhat-lsb (Red Hat or CentOS Version 5.x)

redhat-lsb-core (Red Hat or CentOS Version 6.x)

Downloading the installation programs

Solaris and AIX requirements

Lifecycle Manager Team Repository Plug-ins

Lifecycle Manager Web Portal

Downloading the installation programs

Open a web browser and go to http://www.rocketsoftware.com/support. Log in to the Rocket

LM(e) version 6.4A and Security Server version

LM(e) version 6.4A Windows Client and

Linux Command Line Client, Deployment

AIX Command Line Client, Deployment Client*

Solaris Command Line Client, Deployment

Mac OS X Command Line client, Deployment

Rocket Aldon Lifecycle Manager (Enterprise Edition) online help system

These documents explain how to install LM Web Portal:

These documents explain how to use LM(i):

Rocket Aldon Lifecycle Manager (IBM i Edition) User's Guide

Rocket Aldon Lifecycle Manager (IBM i Edition) Daily Operations Reference

These documents explain how to install and use Report Manager:

Rocket Aldon Report Manager Installation Guide

Rocket Aldon Report Manager Users Guide

Rocket Aldon Report Manager online help system

Rocket Aldon Lifecycle Manager Team Repository Plug-ins Installation Guide

Rocket Aldon Lifecycle Manager Team Repository Plug-ins User's Guide

Rocket Aldon Community Manager Installation and Upgrade Guide

Rocket Aldon Community Manager Administration Guide

Rocket Aldon Community Manager online help system

Chapter 2: Server installation

Server installation prerequisites

Then take one of the following steps: