Anda di halaman 1dari 44

IBM Software Laptop Install and Setup Guide

IBM API Connect 5.0.


Laptop install and Setup guide for the on-prem solution
API Connect V 5.0.7.2

August 28, 2017


Laptop Install and Setup Guide for the on-prem solution

Contents
SETUP INSTRUCTIONS .......................................................................................................................................................... 3
WHO SHOULD BE USING THIS DOCUMENT? ..................................................................................................... 3
HARDWARE REQUIREMENTS ........................................................................................................................ 3
SYSTEM REQUIREMENTS .............................................................................................................................. 3
CONNECTIVITY REQUIREMENTS..................................................................................................................... 4
SETTING UP THE API CONNECT SOLUTION ON YOUR WORKSTATION .................................................................. 6
USER ID AND PASSWORDS .......................................................................................................................... 6
1 DOWNLOADING THE FILES................................................................................................................................................ 7
2 CONFIGURING THE VMWARE / FUSION SUBNET ............................................................................................................ 8
3 IMPORTING, STARTING, AND CONFIGURING THE UBUNTU VM ................................................................................. 11
IMPORTING AND STARTING THE UBUNTU VM................................................................................................ 11
CONFIGURING UBUNTU NETWORKING ......................................................................................................... 11
INSTALLING THE IBM API CONNECT DEVELOPER TOOLKIT ............................................................................. 13
SETTING UP AN SMTP SERVER ON UBUNTU ................................................................................................ 14
2 IMPORTING, STARTING AND CONFIGURING THE DATAPOWER GATEWAY ............................................................. 16
IMPORTING AND STARTING THE GATEWAY..................................................................................................... 16
CONFIGURING THE GATEWAY...................................................................................................................... 16
ACCEPTING THE LICENSE ........................................................................................................................... 18
CONFIGURING NTP AND TIMEZONE ............................................................................................................. 18
ENABLING THE XML MANAGEMENT INTERFACE PORT ................................................................................... 19
CHANGING THE W EB MANAGEMENT SERVICE IDLE TIMEOUT .......................................................................... 19
ENABLING STATISTICS................................................................................................................................ 19
UPGRADING TO THE LATEST FIXPACK (OPTIONAL) ......................................................................................... 19
3 IMPORTING, STARTING AND CONFIGURING THE MANAGEMENT SERVER .............................................................. 21
IMPORTING AND STARTING THE MANAGEMENT APPLIANCE .............................................................................. 21
CONFIGURING NETWORKING FOR THE MANAGEMENT APPLIANCE ..................................................................... 21
CONFIGURING THE SERVER ENVIRONMENT ................................................................................................... 23
CONFIGURING THE MANAGEMENT SERVICE .................................................................................................. 25
VALIDATING THE MANAGEMENT SERVICE ..................................................................................................... 26
CONFIGURING THE GATEWAY SERVICE ........................................................................................................ 26
ADDING A DP SERVER TO THE GATEWAY SERVICE ........................................................................................ 28
7 DEFINING THE CLOUD ...................................................................................................................................................... 31
SPECIFYING THE CLOUD SETTINGS .............................................................................................................. 31
CREATING A PROVIDER ORGANIZATION ACCOUNT .......................................................................................... 32
CONGRATULATIONS! .................................................................................................................................. 34
APPENDIX 1 – VMWARE NETWORKING BACKGROUND INFORMATION ....................................................................... 35
NETWORK CONFIGURATION OPTIONS ........................................................................................................... 35
STATIC IP ADDRESSES .............................................................................................................................. 35
APPENDIX 2 - TROUBLESHOOTING ................................................................................................................................... 36
BINARY TRANSLATION IS INCOMPATIBLE WITH LONG MODE ON THIS PLATFORM. DISABLING LONG MODE............... 36
HANDY COMMAND LINE INTERFACE COMMANDS ........................................................................................... 36
DEVELOPER PORTAL ................................................................................................................................. 37
APPENDIX 3 - VMWARE FUSION SETUP ON MAC ............................................................................................................ 38
APPENDIX 4 - STARTUP PROCEDURES AND OPTIONAL STEPS TO MAKE THINGS EASIER ..................................... 42
STARTUP SEQUENCE................................................................................................................................. 42
VERIFY CONNECTIVITY TO THE TWO VIRTUAL APPLIANCES .............................................................................. 42
OPTIONAL CONVENIENCE SETTINGS ............................................................................................................ 42

© Copyright IBM Corporation, 2017


US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Setup instructions

Who should be using this document?


The first section of this document should be used by technical sellers who need to set up a PoT pre-
configured environment. The Appendix section of this document describes the installation method and
should only be used by technical sellers who need to create a PoT environment from scratch. Generally,
these are the circumstances when this is required:
• business controls dictate a need for a licensed version of the code with click-through agreements
in the software access catalog so that participants can keep the environment after the PoT
session
• participants need to understand how to set up the on-premise environment for services
engagements and to conduct PoCs and demos
• participants need to learn how to create organizations and environments

Hardware Requirements
For each participant, you need a minimum of:
● An Intel™ or compatible system consisting of the following components:
▪ 1.6 GHz or greater processor
▪ 25 GB Hard disk
▪ 16 GB core host RAM
▪ Keyboard
▪ Mouse
▪ Display (image set to 1024x768)
▪ Network adapter

System requirements
IBM API Connect virtual appliances are supported in three hosting environments: VMware, Xen, and IBM
PureApplication Systems. It is also possible to use physical appliances for the gateway servers. These
instructions use virtual appliances in VMware.
IBM API Management requires three appliances (gateway, management and advanced portal). Each of
these appliances requires 4GB of RAM, so a machine with at least 12GB of RAM is recommended to
leave capacity for other applications.
Installation can be achieved with 16GB of RAM if you reduce the RAM allocated to each image in
VMware. This has been tested with the following settings:
• Gateway server: 8GB RAM (It can be lowered to 4 GB only after it is added to the gateway
service)
• Management server: 8GB RAM
• 1 CPUs and 4 cores per CPU on each virtual machine

3
In production, you would scale to use more than one of each appliance; however, one of each appliance
is sufficient for a demo cloud. The management server has two hard disks which will need Vmware
defragmentation at shutdown. This is normal behavior.

Connectivity requirements
There are two network options with API Connect version 5. First is the recommended non Dynamic DNS
option and second is the legacy Dynamic DNS option. If non-Dynamic DNS is used, then there are no
specific DNS or network requirements to run API Management on your laptop. We will use the
recommended approach in this PoT.

● The virtual network setting is NAT for both the API Management and DataPower VM
appliances.
● NTP is configured to an external public server to ensure the timestamps match and to
avoid unpredictable issues such as failure to publish APIs to a Catalog. Here is anNTP
server for the UK (http://timetoolsltd.com/network-time-servers/ntp-server-uk/) and here is
a list for the US (http://tf.nist.gov/tf-cgi/servers.cgi). Others can be found by googling so
just use one that is local to you. Set every appliance to the same NTP server and
timezone to make it easier to compare logs. I used America/New_York in this guide.
Other values for the gateway can be found here
(http://pic.dhe.ibm.com/infocenter/wsdatap/v6r0m0/topic/com.ibm.dp.xb.doc/name_timezo
ne.html).
● DNS is configured to an external public server such as Google’s 8.8.8.8.
● The hypervisor (VMware) NAT subnet is 192.168.225.0 with Use local DHCP service to
distribute IP address to VMs unchecked (disabled).
● The host computer must be on the network with access to the Internet.

Load Balancing
This document is targeted to an IBM API Connect cloud on a laptop for demo and educational purposes
so we will assume only one Management and DataPower appliance will be used. Multiple Management
servers and multiple Gateway servers can be used to achieve high availability or resilience. If multiple
servers are used in a cloud, consider the following aspects of load balancing: API calls, the user
interfaces, and communications between servers in the API Connect cloud. For details on how to provide
load balancing and failover see:
https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/topology_config.html

Static IP addresses
Since DHCP is turned off in the Vmware subnet, the following static IP addresses must be used for the
appliances.
It is important to check that these IP Addresses are in the correct range for static IP
addresses on your VMware NAT network adapter. See Appendix 2 –
Troubleshooting for details.

4
5
Purpose IP Address Host Name
Management 192.168.225.100 mgr
Gateway eth0 192.168.225.52 dp
Ubuntu OS 192.168.225.10 ubuntu

Setting up the API Connect solution on your workstation


When setup is complete, the software components of this PoT will include the student’s Windows
workstation (host), a virtual machine that represents the API Connect Gateway nodes (IBM DataPower
Gateway), a virtual machine that represents the API Connect Cloud Management console node, and an
Ubuntu based virtual machine that has the SMTP server, browser, and other components preconfigured.
This document will guide you through the steps to setup a single student workstation image. In summary,
you will need to:
● Download the images
● Configure the VMWare NAT subnet address
● Install and setup Ubuntu, DataPower, and API Connect virtual machines
● Define the cloud
● For details on defining the on-premises cloud so that you can create, promote, and track APIs see:
https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/api_create.html

User ID and Passwords


The following are the admin user ID’s and password for the PoT images –
Image User ID Password
APIM admin Passw0rd!
Gateway admin Passw0rd!
Ubuntu admin Passw0rd!

6
1 Downloading the files
For workshops, see your instructor for a memory stick with the required downloads to save time.
The Management appliance version must match the Bluemix API Connect version as noted here:
https://developer.ibm.com/apiconnect/bluemix-maint-us-south/

Download the files from the SAC


( https://www.ibm.com/partnerworld/partnertools/eorderweb/ordersw.do ) and Fix Central
( http://www.ibm.com/support/fixcentral/ ) to a staging folder:
✓ IBM DataPower Gateway - IBM DataPower Gateway Virtual Edition for Developers V7.5 Open
Virtualization Format OVA package for VMWare English (CN9M7EN)
✓ IBM DataPower Gateway SCRYPT4 file – idg7528.xcrypt4 to update the image.
✓ Management Appliance - APIConnect_Management_5.0.7.2iFix_20170731-1439_5294e575e575_3293058.ova
(2.95 GB)
We will use the Bluemix Developer Portal instead of installing an on-prem Developer Portal appliance.

Download the Ubuntu image apic_bootcamp_generic_ubuntu.7z to the same staging folder that you use for
the OVA files. This is Ubuntu 16.04 LTS.

7
2 Configuring the VMWare / Fusion Subnet
Note that you can check or update your default gateway and DNS server in VMWare Workstation using
this procedure with VMware Workstation V10. The following steps guide you through setting the VMWare
NAT subnet IP address on a Windows laptop. For instructions on Mac, please refer to the Appendix.

Since we are not using DNS, the systems themselves must be configured to communicate between each
other via IP addresses. So, in the Management CMC, we will configure the DP appliance and the portal
via IP.

1. In VMWare Workstation, open the virtual network editor: EditVirtual Network Editor…

2. In the list of networks, select VMnet8 (type = NAT). In the illustration below the subnet is not correctly
set yet.

8
3. At the bottom of the dialog window, change the Subnet IP to: 192.168.225.0.

9
4. Click the NAT Settings … button to confirm that the Gateway IP is now set to 192.168.225.2
automatically.

5. Click the OK button twice to exit out of the Virtual Network Editor.

10
3 Importing, Starting, and Configuring the Ubuntu VM

Importing and Starting the Ubuntu VM


1. Go to VMWare Workstation. File  Open  Locate the vmx file that was unzipped and double click
it. Shut down the VM for the next step.
2. From the Vmware  Edit virtual machine setting window do the following:
a. Confirm that the Network Adapter is set to NAT on windows and Custom on Mac.
b. Set the Memory to 2GB and 2 processor cores.
c. From the options tab, click Vmware Tools and check the Sychronize guest time with host if
you do not plan to set up NTP servers. On Mac select the wrench icon / Advanced and click
the Synchronize time check box.
3. Power on the virtual machine (it will take a few minutes
4. Key in the password Passw0rd! and log In to the Student ID. It takes a few minutes for networking
to be established.

Configuring Ubuntu Networking

1. Set the Gateway, DNS, Search domain, Time / Date settings as depicted below:

Verify that the time and date is correct. If not, set it so that it pulls from an NTP server.

2. Click on the up / down arrow icon and select Enable networking.

11
3. Click Connection Information to verify that the values are correct.

4. Set up your hostname and domain name from the CLI

sudo vi /etc/hosts
change ibm-vm to ubuntu and change the IP address to 192.168.225.10
:wq!
sudo hostname ubuntu
sudo domainname think.ibm
reboot the server
ping ubuntu to verify that it is linked to the correct static IP address.
Reboot the server to make sure things are correct.

12
5. Change this setting to avoid having to login frequently:

Installing the IBM API Connect developer toolkit

You can install the toolkit either from npm or from a Management server in your IBM® API Connect
cloud. We will use the npm method. For further details on this method, how to install from the
Management server, and how to uninstall the toolkit see:
https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.toolkit.doc/tapim_cli_install.h
tml?view=kc

Install Node.js
1. Run the following command in a terminal to install the prerequisite packages:
sudo apt-get install build-essential libssl-dev curl git-core
2. Install Node Version Manager by issuing the following command:
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.2/install.sh |
bash

When you install nvm it will also install npm which is the node package manager used to install
Node.js based software modules, including the API Connect Developer Toolkit.
3. Close and restart your terminal as indicated in the terminal window, or run this command:
13
source ~/.profile
4. To install node 6.10.3, issue this command:
nvm install v6.10.3

Install API Connect Toolkit


1. Install the API Connect Tookit by running the following command:

sudo npm install –g apiconnect

2. Once complete, start up a new terminal window and enter

apic –v

Select yes to accept the license agreement and yes for extra Help. If it returns the version of the
platform, and not an error message, then the toolkit is properly installed.

Setting up an SMTP Server on Ubuntu


The email server is used to send emails, for example, when a new organization account is
requested. On your Host OS, it is recommended to use a stubbed-out SMTP Server like
FakeSMTP.

1. Download the fakeSMTP-2.0.jar file http://nilhcem.com/FakeSMTP/download.html and save it to


/home/student/Downloads/
2. Extract the jar file to /home/student/bin/
3. Now install Java by first updating apt-get and installing the jre.
sudo apt-get update
Hit:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Ign:2 http://dl.google.com/linux/chrome/deb stable InRelease
...
Get:17 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 DEP-11 Metadata [40.6 kB]
Get:18 http://security.ubuntu.com/ubuntu xenial-security/universe DEP-11 64x64 Icons [56.2 kB]
Hit:19 https://download.docker.com/linux/ubuntu xenial InRelease
Fetched 1,420 kB in 2s (654 kB/s)
Reading package lists... Done

sudo apt-get install default-jre


Reading package lists... Done
Building dependency tree
Reading state information... Done
...
The following NEW packages will be installed:
ca-certificates-java default-jre default-jre-headless fonts-dejavu-extra
java-common libgif7 openjdk-8-jre openjdk-8-jre-headless
0 upgraded, 8 newly installed, 0 to remove and 55 not upgraded.
Need to get 28.8 MB of archives.
After this operation, 107 MB of additional disk space will be used.
Do you want to continue? [Y/n]Y

Setting up default-jre-headless (2:1.8-56ubuntu2) ...


Setting up openjdk-8-jre:amd64 (8u131-b11-0ubuntu1.16.04.2) ...
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/policytool to provide
/usr/bin/policytool (policytool) in auto mode
Setting up default-jre (2:1.8-56ubuntu2) ...
Processing triggers for libc-bin (2.23-0ubuntu9) ...

14
4. From the /home/student/bin directory key in java -jar fakeSMTP-2.0.jar -p 2525 -o ~/email_repo to
bring up the server and console.
5. Optionally create a launcher. Right click on the Desktop and select create Launcher...

The first time you launch it click Mark Executable.

6. After the window pops up with port 2525 click Start Server. It is now listening.

15
2 Importing, Starting and Configuring the DataPower Gateway

Importing and starting the gateway


1. Go to VMWare Workstation. File  Open  Locate the DP OVA file and double click it.
2. Click Import and accept the license agreement.
3. From the Vmware  Edit virtual machine setting window do the following:
a. Confirm that the Network Adapter is set to NAT
b. Reduce the number of processors from 8 to 4.
c. The memory must be left at 8GB until after it gets added to the Gateway service in the
Cloud Management Console. (It can be lowered to 4 GB only after it is added.)
d. From the options tab, click Vmware Tools and click the Sychronize guest time with host box.

4. Power on the virtual machine (it will take a few minutes to boot, but you can continue with the next
steps while you wait).

Configuring the gateway


https://www.ibm.com/support/knowledgecenter/SS9H2Y_7.5.0/com.ibm.dp.doc/virtual_installingsoftwareonvirtua
lappliance.html

Before you configure the DataPower Gateway, the network for the Ubuntu operating system must be fully
functioning and the port for the web management interface must be accessible.

1. Log into the DataPower virtual appliance with username admin and password admin .
2. Enter and confirm the new password Passw0rd!
3. Press any key to continue
4. Enter “n” to disable Secure Backup mode.
5. Enter “n” to disable Common Criteria Compatibility mode.

16
6. Enter new password Password! and confirm your new admin password.
7. Enter “y” to run the installation wizard

If you inadvertently enter n at the prompt or need to go back, you can start the
installation wizard by entering the following commands:
# configure terminal
# startup

8. Enter “y” to configure network interfaces


9. Enter “y” to say you have all the information
10. Enter “y” to configure eth0
11. Enter “n” to disable DHCP
12. Enter the eth0 IP address from the Static IP addresses section in CIDR notation,
(192.168.225.52/24). This assumes you are using NAT Addresses – see the appendix for info on
how to check/amend NAT settings in VMware
13. Enter the IPv4 address for the default gateway (192.168.225.2).
14. Enter “n” to skip the eth1 configuration.
15. Enter “n” to skip the eth2 configuration.
16. Enter “n” to skip the eth3 configuration.
17. Enter “y” to configure network services
18. Enter “y” to configure DNS
19. Enter “y” to say you have all the information
20. Enter the IP address of the DNS server (8.8.8.8 or same DNS as supplied for Ubuntu)
21. Enter “y” to define a unique system identifier for this appliance
22. Enter DPGW
23. Enter “y” to configure remote management access
24. Enter “y” to say you have all the information
25. Enter “y” to enable SSH
26. Press enter to accept the default IP address (all IP’s)
27. Press enter to accept the default port (22)
28. Enter “y” to enable the WebGUI
29. Press enter to accept the default IP address (all IP’s)
30. Press enter to accept the default port (9090)
31. Enter “n” to skip configuring a user account that can reset passwords
32. Enter “n” to skip configuring the RAID array
33. Enter “n” to skip reviewing the current configuration
34. Enter “y” to save the current configuration
35. Enter “y” to overwrite the previous configuration

17
Important: Do not log out of the console until you have logged in to the WebGUI and
accepted the license (detailed in the next section). Otherwise, you have to work
through the wizard again.
Note: To check the IP addresses you configured earlier you can run the command
“show int”
Note: To check that AO is available and enabled you can run the command “show
license” and look at “AppOpt”

Accepting the license


1. Navigate to the following URL in a browser: https://192.168.225.52:9090/ (use the eth0 IP address)
2. Proceed through any security warnings by clicking Advanced and Adding Exception, and confirming
security exception.
3. Log in with username admin, password Passw0rd! and the default domain.
4. Click “I agree” to accept the license.

5. The appliance reloads. The next time you log into the console, the license wizard is not displayed.

Configuring NTP and timezone


1. Log back into the WebGUI with username “admin”, the new password you specified and the default
domain: https://192.168.225.52:9090/ (it may take a few minutes for the appliance to reload before
the WebGUI will be accessible again, refresh the URL until the login screen loads).
2. Select Network > Interface > NTP Service from the menu on the left
3. Set NTP Server to 45.79.167.181 (form pool.ntp.org IP address – be consistent with other servers)
and click Add
4. Set Administrative State to “enabled”
5. Click the Apply button
6. Check that the object status changes to [up] at the top of the page and click Save changes.
7. Select Administration > Device > Time Settings and select EST or EDT if not already set.
8. Click Apply
9. Select Status > Main > Date and Time and verify the correct time and zone is displayed.
10. Click the Save Configuration link at the top right.

18
Enabling the XML Management Interface Port
The XML Management Interface port must be enabled to allow IBM API Connect to configure the
gateway server.
1. Select Network > Management > XML Management Interface
2. Keep the Local Address to allow all (0,0,0,0) and the default port (5550)
3. Set Administrative State to “enabled”
4. Click the Apply button and verfiy that the object status changes to [up] at the top of the page.
5. Click the Save Configuration link at the top right.

Changing the Web Management Service idle timeout


This is a convenience step that prevents the WebGUI from closing every 10 minutes.
1. Select Network > Management > Web Management Service
2. Set the Idle Timeout to 6000 seconds or another large number of your choice.
3. Click the Apply button and the object status should change to [up] at the top of the page.
4. Click the Save Configuration link at the top right.

Enabling statistics
The Statistics Service must be enabled in the Gateway Server to allow the Cloud Management Console to
display resource utilization information (more details in the Knowledge Center - http://www-
01.ibm.com/support/knowledgecenter/SSWHYP_3.0.1/com.ibm.apimgmt.cmc.doc/troubleshooting_graph
s.html).
1. Select Administration > Device > Statistic Settings
2. Set Administrative State to “enabled”
3. Click the Apply button and the object status should change to [up] at the top of the page.
4. Click the Save Changes link at the top right.

Upgrading to the latest Fixpack (optional)


If you need to update your DataPower firmware, follow these steps otherwise, you can skip to the next
section.
1. Copy the .scrypt4 fixpack file onto the Ubuntu system - /home/student/bin/
2. In the DataPower WebGUI, select Administration > Main > System Control
3. In the Boot Image section, click Upload and select the x*****.scrypt4 fixpack file
4. Click Upload button
5. Click the Continue button once the file has been uploaded successfully.
6. In the Boot Image section, ensure x*****.scrypt4 is selected, check the “I accept the terms of the
license agreements” checkbox, and click the Boot Image button.
7. Click the Confirm button in the pop up window and wait for the action to complete and then click
Close on the pop up window.
8. Wait for the system to reboot, and log back into the WebGUI (you can check the reboot output in the
VMware console, the WebGUI should work shortly after the login prompt is displayed). The reboot
usually takes about 5 minutes.
9. Verify the version has been updated Status > System > Version Information
19
10. Or simply view the login prompt.

20
3 Importing, starting and configuring the management server

Importing and starting the management appliance


1. Go to VMWare Workstation. File  Open  Locate the DP OVA file and double click it.
2. Click Import.
3. From the Vmware  Edit virtual machine setting window do the following:
a. Confirm that the Network Adapter is set to NAT
b. Reduce the number of processors from 8 to 4 if your hardware is limited.
c. Leave the memory at 8GB.
d. From the options tab, click Vmware Tools and check the Sychronize guest time with host if
you do not plan to set up NTP servers.
4. Power on the virtual machine (it will take a few minutes to boot, but you can continue with the next
steps while you wait).
5. Once the Management appliance is successfully started you will get a login prompt.

As you work with Vmware or Fusion, note that you can to click inside or press Ctrl+Alt
or Ctrl+G to direct input to this VM console. On Mac, Command-tab to get out of the
VM CLI.

Configuring networking for the management appliance


https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.install.doc/overview_installing_mgmt
vm_apimgmt.html

In this sequence, we will configure the management appliance to use static addressing.
https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.install.doc/overview_configuringstat
ic.html

Once the APIM appliance is successfully started you will get a login prompt.

Login with username admin and password !n0r1t5@C


Enter the following commands (one line at a time) to configure the networking and NTP. See Appendix 1
for further networking information.

Network settings that you specify are only committed to the Management server when
you run the net restart command. If a system restart occurs before you commit your
network settings, those network settings are lost.

1. Change the admin password to Passw0rd! using the commad auth set user admin

21
2. net set hostname static mgr
3. net set domain static think.ibm
4. net set nameserver static 8.8.8.8
5. net set eth0 address 192.168.225.100 mask 255.255.255.0
6. net set gateway static 192.168.225.2 eth0
7. time set zone America/New_York (If you need to set another time zone, key time help and follow the
elaborate directions.)
8. net set search none (Search for hosts by using only the local domain)
9. net set ntp static 45.79.167.181 (If you use another NTP server, make sure to use the same value for
the Gateway server)
10. net show memory to review the setting
11. net restart this takes about 5 minutes
12. system show status to confirm when everything is up.

As the network settings are applied, the network status progresses through the following states:
Stopping
Starting
Up

13. net show active to verify the settings. Reset any address that is incorrect.

14. net show all to see a list of addresses:

22
Configuring the server environment
https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/con_cmc_overview.html

The Cloud Manager user interface enables one to define, manage, and monitor the API Connect on-
premises cloud.

1. Open a browser window from the Ubuntu VM and enter the address: https://192.168.225.100/cmc

Note that the password for the CLI is independent of the password for the web UI. The
default password remains for the web UI. In the next few steps you will change it.

2. Login with username admin and password !n0r1t5@C

3. Click Accept all Licenses, Terms and Notices at the bottom of the screen.

4. Provide your email (must be able to access it) and change the default password by entering the old
one !n0r1t5@C once and the new one Passw0rd! twice in the correct fields.

23
5. Click Update profile.
6. Go to Services tab:

24
7. Verify that the Management Services status is Active.

If not, the system was not configured correctly during the initial boot (e.g. VM
image was set to bridged and then changed to NAT after first boot).

Shutdown the VM, delete it and associated files. Return to 3 Import and Start the
VMs and repeat the procedures to rebuild it from the OVA file as before.

Configuring the Management service


https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/create_node_mgmt_1.html

Your initial Management server is automatically added to your cloud, so that you can manage the overall
operations of the various servers in the API Connect cloud. IBM API Connect automatically detects the
host name, user name, and password combination to use to log on to the first Management server.

25
The Management service consists of the first Management server that you defined during the API
Connect installation. Within the API Connect cloud, Management servers store all the cloud configuration
and control communication between the other servers.

At this point both appliances should be started and the FakeSMTP server must be started on the Ubuntu
VM.

Verify that the servers are set at the same time (within about 1 minute). This should be OK if you used
the same NTP servers.
1. From the Gateway command window, key show time
2. From the APIM command window, key time show

If the times are not in sync, you must fix it now. Otherwise, you will encounter
unpredictable errors in later step.

3. If not already done, log into the Cloud Management Console: https://192.168.225.134/cmc from a
browser in the Ubuntu VM.

Validating the Management service


The Management service is a cluster of one or more of the Management servers. To configure your
Management service, complete the following steps:
1. In the Cloud Manager, click Services.
2. In the Management Services pane, click the Service Settings icon .
3. Since we are using only one Management server in your Management service, check that the
Address field contains the host name or IP address of this server.
4. Click Save.

Configuring the Gateway service


https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/config_gateway.html

You must define your initial Gateway service before you configure the rest of your API Connect on-
premises cloud. The Gateway service is a cluster of one or more of the gateway servers.

26
You must configure all the Cloud Manager settings for the initial Gateway service.
In the Cloud Manager, each server is added as a member of a service.

If you want to change these settings after you define the cloud, you must remove all the Gateway servers
first.

1. In the Cloud Manager click Services tab.


2. In the DataPower Services pane, click the Service Settings icon .

3. In the Address field, enter the virtual IP address (192.168.225.50) that is to be used for inbound API
calls, or of an external load balancer if one is being used.

If you have configured your API Connect cloud to use Dynamic DNS, you can specify the same host
name in the Address field for two or more Gateway services, to give the appearance that the APIs that
are deployed to the separate Gateway services are on the same Gateway. For more information, see
Configuring multiple Gateway services to have the same host name.
4. In the Port field, enter the API data port for inbound API calls. Leave as 443
5. In the Port Base field, enter the reserved port base for internal traffic. Note that the Gateway
service's Port Base value should represent a set of 10 ports and should not overlap with another
cluster's set of 10 ports or with any ports in use by other non-API Management applications on the
DataPower appliance. Leave as 2443
6. In the Supported Application Types field leave as Development

27
Leave the other values the same (Port 443 and Port Base 2443) and click Save.

Adding a DP server to the Gateway service


https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/create_node_gateway.html

Within the API Connect on-premises cloud, Gateway servers act as proxies. Gateway servers receive
inbound API traffic and route the requests to the relevant endpoints within your organization's firewall.
Gateway servers also process security protocols and enforce user and appliance authentication
processes.

We will add one Gateway server to the initial Gateway service. You can also create additional Gateway
services and add servers to those services.

It is assumed that you are stil in the Services tab. Click Services tab if not already selected.
1. In the DataPower Services pane, click Add Server. New DataPower Server window pops up.
2. Enter Display Name for the server dpgw
3. Enter the IP address for the DataPower XML Management Interface (SOMA) 192.168.225.52
4. Enter the port number of the DataPower XML Management Interface (SOMA). Leave as 5550
5. Enter Username and Password: admin / Passw0rd!
6. When you are finished, click Create button.

28
It takes a few minutes to add the server to the cluster. The domain and the requisite DataPower assets
are created. When done, the gateway server appears on the list.

If you get the message: SOMA import failed Error ID: ….. this probably indicates that
the IDG server has less than the required minimum memory of 8GB. Despite what the
error says, the IDG server was added – it just can not be joined to the gateway service.
You can confirm this by clicking Create again and getting back the message: The
server instance with name IDG already exists. Error ID: ….

After the minimum IDG server memory is set properly, you can move it by clicking the
ellipse next to the Server in the Unused Servers list as shown below. Then click Change
Service and select the Gateway.

29
30
7 Defining the cloud
One Management server is automatically defined in the cloud console when you install API Connect.

Specifying the cloud settings


Before you can add a provider organization to your cloud, you must first specify your cloud settings.
https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/manage_organizations_idp.htm
l

Before continuing, ensure that the FakeSMTP mail server is started on port 2525.

Connecting to an existing email server


1. Go to the CMC Settings tab, Email section and enter the values as depicted below:

7. After clicking Test configuration, you will see the following window. Fill it out and click Send

31
8. Return to the Fake SMTP Server and click the Last message tab and you should see the test
message. This confirms that it is working and ready for the next steps.

9. Click the save icon now that we have confirmed that the mail server is properly configur

Creating a provider organization account


For developer organizations to be able to share in your cloud and call published APIs, you first create a
provider organization account and add an owner to the account. We will use a local registry as the
Identity provider. This is indirectly specified by specifying Existing User inf the Add organization form.

10. Click the Organizations tab. Click the Add button to create the Sales organization.
11. After Add organization window appears, click New User and key in student@think.ibm

32
12. Click Add.

An email invitation is sent and the Organization status is indicated as PENDING until the recipient of the
email clicks the link in the email to complete the creation of the account. You can resend the invitation if
necessary.

If the email never arrives, you can resend it using the actions ellipses … menu next to the
Pending organization line.

13. Within the FakeSMTP console, double click the email message that contains the activation link.
14. Careful copy the entire url and open the link in a new tab of the Ubuntu browser. Ensure that the end
of the link is included.

33
15. Add the First and Last name and use the same password – Passw0rd!
16. Click the Sign Up button.
You will be automatically redirected to your new organization’s API Manager at
https://192.168.225.100/apim/.
17. Log in with student@think.ibm / Passw0rd!

Congratulations!
The first on-premises cloud is now defined with the sales provider organization owned by
student@think.ibm. You are ready to proceed to the PoT. See Appendices for useful information that you
might want to refer to during the labs.

The login info for the Cloud Management Console is admin / Passw0rd!
The login for the API Manager console is student@think.ibm / Passw0rd! or whatever email / password
combination was used to set up the organization. In the labs substitute the proper email address as
needed in place of student@think.ibm. Use your Bluemix credential to login to the developer portal.

34
Appendix 1 – VMware networking background information

Network configuration options


http://pubs.vmware.com/workstation-9/index.jsp?topic=%2Fcom.vmware.ws.using.doc%2FGUID-D9B0A52D-38A2-45D7-
A9EB-987ACE77F93C.html
VMware offers three options for networking: bridged, NAT and host-only. We will use NAT so that IBM
API Management will be able to make connections to endpoints or SMTP servers on the Internet (this
isn’t possible with host only). Bridged networking requires static IP addresses to be assigned (or I’d have
to reconfigure the networking every time new IP addresses were assigned by the DHCP server), and it
would tie the configuration to a specific network.

Static IP addresses
When you install Workstation on Windows, a NAT network (VMnet8) is set up for you. IP addresses are
typically assigned to virtual machines by using the virtual DHCP server included with Workstation. IP
addresses can also be assigned statically from a pool of addresses that the virtual DHCP server does
not assign.
http://pubs.vmware.com/workstation-9/index.jsp?topic=%2Fcom.vmware.ws.using.doc%2FGUID-FB6C0A06-CD5A-4E80-
A405-B3A2B7D7236C.html
From the VMware documentation: “In the default configuration, the virtual DHCP server dynamically
allocates IP addresses in the range of net.128 through net.254, where net is the network number
assigned to the NAT network. Workstation always uses a Class C address for NAT networks. IP
addresses net.3 through net.127 can be used for static IP addresses. IP address net.1 is reserved for the
host virtual network adapter and net.2 is reserved for the NAT device.
In addition to the IP address, the virtual DHCP server on the NAT network sends out configuration
information that enables the virtual machine to operate. This information includes the default gateway
and the DNS server. In the DHCP response, the NAT device instructs the virtual machine to use the IP
address net.2 as the default gateway and DNS server. These routings cause all IP packets destined for
the external network and DNS requests to be forwarded to the NAT device.”

35
Appendix 2 - Troubleshooting

Binary translation is incompatible with long mode on this platform.


Disabling long mode
This error may occur when you open the virtual machine because Intel Virtualization Technology (VT) is
disabled by default, in the BIOS of the Lenovo ThinkPads.

To resolve this issue:

1. Shutdown the laptop


2. Start the laptop
3. Once the ThinkPad splash screen appears, press the F1 or ThinkVantage key to enter the BIOS
(the correct key to use will be displayed on the screen)
4. Within the BIOS, choose Security > Virtualization
5. Change “Intel (R) Virtualization Technology [Disabled]” to Enabled
6. Save and Exit from the BIOS

Handy Command Line Interface commands

Gateway Appliance (DataPower) Network

From the DP cli issue the commands


show int - Ensure that eht0 is set per setup instructions
show time - to make sure that the NTP is working OK and the time matches the APIm Server
show xml-mgmt - to make sure that xml-mgmt [up] displays with port 5550
show time - make note of the time
show ntp - to show the NTP server settings

Management Appliance Network

From the Cloud Management Console window issue the command:


net show all - check that the correct values are selected:
time show - ensure that the time matches the Gateway appliance time
net ping 192.168.225.52 to ensure connectivity with DP
Organizations
If student creates an Organization before getting everything correct, then the following commands
are required, since the database is likely corrupted:
system clean apiconfig resets the appliance to factory defaults- password and Orgs wiped!
system restart
system show status after about 5 minutes to confirm that all is up OK

36
Developer Portal
If you get the following yellow message after creating an API, deploying, publishing to the Development
Portal, and clicking on Product tab in Development Portal.

It means that background sync has failed. You should not expect anything to work since the site has no
idea what catalog it represents and has lost connection to the api manager.
Look at /var/log/devportal/background_sync.log for info on why it failed.

37
Appendix 3 - VMWare Fusion setup on Mac
This procedure is written for a MacBook Pro. Make sure that you have a model with 16 GB RAM. Ensure
that each of the four VMs is set to NAT networking with the correct configuration per this document.
1. From the host system select Vmware Fusion / Preferences
2. Select Network

3. Select Share with my Mac for the host system.

38
4. Verify VMNET is setup correctly by keying the following from the command line of the Mac:
cat /Library/Preferences/Vmware\ Fusion/networking

bills-mbp:Preferences billbarrus$ cat /Library/Preferences/Vmware\


Fusion/networking
VERSION=1,0
answer VNET_1_DHCP yes
answer VNET_1_DHCP_CFG_HASH E9CFC623CF46430FB45B927A05E378C49316393B
answer VNET_1_HOSTONLY_NETMASK 255.255.255.0
answer VNET_1_HOSTONLY_SUBNET 192.168.218.0
answer VNET_1_VIRTUAL_ADAPTER yes
answer VNET_8_DHCP yes
answer VNET_8_DHCP_CFG_HASH 9C0953A01DE93220B621CE655A775569C576DF1B
answer VNET_8_HOSTONLY_NETMASK 255.255.255.0
answer VNET_8_HOSTONLY_SUBNET 172.16.145.0
answer VNET_8_NAT yes
answer VNET_8_VIRTUAL_ADAPTER yes
bills-mbp:Preferences billbarrus$

By default, the subnet is set to 172.16.145.0.

39
5. Change the host NAT subnet by editing the file using this command from the terminal window of
the Mac:
sudo nano /Library/Preferences/VMware\ Fusion/networking

6. Modify the SUBNET to 192.168.225.0


7. Press Ctrl + X to exit. When prompted, press Y to save.
8. Restart Fusion to restart the networking service.
9. If you have any running VMs prior to this change you will need to do a Shutdown - Not Suspend!!
and then Start to reinitialize the network adapters.

40
Optional – Verify VMNET is setup correctly like the image below –

41
Appendix 4 - Startup procedures and optional steps to make things
easier

Startup Sequence
Start the VMs in the following Sequence:
1. Ubuntu
2. Gateway
3. Management

Once the Ubuntu image is up and running and all the other VM’s have been brought up, go to the Ubuntu
image and open Firefox

Verify connectivity to the two virtual appliances


In this step, you’ll verify that both the DataPower Gateway and the API Manager VMs have successfully
started.
Be Patient. It takes several minutes before both VM’s
have fully started.
Even though the API Manager VM may have a login
prompt, it may still be initializing the various subsystems.

Untrusted site alert


In the following steps, you may receive a browser alert
warning that the site is untrusted. Please follow the
directions to accept the risk or confirm the security alert.
First, verify that the Gateway node has started.

__1. Open a browser and enter the address: https://192.168.225.52:9090

You should see the DataPower WebGUI login

__2. Open another browser window and enter the address: https://192.168.225.100/cmc

You should see the login window for the API Manager Cloud Management Console

Optional convenience settings


There are a few more things that can be done to help improve the PoT experience for the participants.
● Create bookmarks in the various browsers for the API Manager and DataPower gateway
(see table 2 below)
● Add entries for API Manager and the API Gateway nodes in the Ubuntu /etc/hosts file.
(see table 3 below)
● Set the browser home page to either:
▪ www.ibm.com

42
▪ www.ibm.com/software/products/en/api-management

Table 2 Recommended browser bookmarks


Bookmark Label URL

API Manager https://mgr.think.ibm/apim/

API Manager CMC https://mgr.think.ibm/cmc/

IBM DataPower Gateway https://dp.think.ibm:9090

43
© Copyright IBM Corporation 2017.

The information contained in these materials is provided for


informational purposes only, and is provided AS IS without warranty
of any kind, express or implied. IBM shall not be responsible for any
damages arising out of the use of, or otherwise related to, these
materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations
from IBM or its suppliers or licensors, or altering the terms and
conditions of the applicable license agreement governing the use of
IBM software. References in these materials to IBM products,
programs, or services do not imply that they will be available in all
countries in which IBM operates. This information is based on
current IBM product plans and strategy, which are subject to change
by IBM without notice. Product release dates and/or capabilities
referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not
intended to be a commitment to future product or feature availability
in any way.

IBM, the IBM logo, and ibm.com are trademarks of International


Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of
IBM or other companies. A current list of IBM trademarks is
available on the Web at “Copyright and trademark information” at
www.ibm.com/legal/copytrade.shtml.

44