Managing the Webtop® (Documentum) application in IAG SP2

  • Article

Applies To: Intelligent Application Gateway (IAG)

Application-Specific Settings

This topic describes the settings required in order to enable full functionality of the Webtop portal when it is accessed from a remote computer via a Whale Communications Intelligent Application Gateway (IAG) 2007 server, including:

  • Steps you need to take if the URL of the Webtop application does not start with "webtop", in Changing the Application Name.

  • Enhanced security settings you can apply, which will prevent users from performing certain operations unless their computer meets the defined security policy requirements, in Enhanced Security Settings.

Changing the Application Name

This section describes the steps you need to take if the URL of the Webtop application, as defined during the installation of the application, does not start with "webtop". In this case, you need to change the name of the application in the Application Customization template that is used with the trunk that enables access to the Webtop portal.

Note

The steps described here are only required if the application name does not start with "webtop". If, for example the application name is "webtop1", no change is required.

To change the application name in the Application Customization template

  1. On the IAG Server, access the following folder:

    …\Whale-Com\e-Gap\Von\Conf\Websites\<Trunk_Name>\Conf

  2. Under the Conf folder, create the following subfolder: CustomUpdate. If such a folder already exists, use the existing folder.

  3. From the Conf folder, copy the following file to the CustomUpdate subfolder, depending on the trunk-type:

    HTTP_WhlFiltAppWrap_ForPortal.xml or

    HTTPS_WhlFiltAppWrap_ForPortal.xml

    If such a file already exists, use the existing file.

  4. In the file you copied or accessed in step 3, locate the string:

    <!-- General connectivity section-->

    Under the <DATA_CHANGE> element, in <URL>, replace the string webtop.* with the URL of the Webtop application, as defined during the installation of the application.

    For example: if the URL of the application is "OurWebtop", the <URL> element should read:

    <URL case_sensitive="false">/OurWebtop/.*</URL>

    Note

    The application name is case insensitive.

    The <UR> element takes regular expressions.

  5. Access the IAG Configuration console. Click the Activate icon to activate the configuration. Select the option "Apply changes made to external configuration settings", and click Activate.

    When the configuration is activated, the message "IAG configuration activated successfully" appears.

    The Webtop (Documentum) application can now be accessed.

Enhanced security settings

This section describes how you can prevent users from performing the following operations unless their computer meets the defined security policy requirements:

  • Using a pre-defined list of authentication repositories when logging in to the Webtop portal.

  • Checkout.

  • Checkin.

  • Import.

  • Export.

Users that are blocked are notified accordingly.

In order to enable this option, once you finish adding the application to the trunk, you need to define the security policy requirements using a dedicated endpoint policy: "Webtop Documentum 5 3 SP1 Enhanced Security". By default, the value of the policy is "True", and it does not prevent users from performing the operations listed above from any endpoint computer. If required, change the policy to comply with your corporate policy, as described in this section.

To prevent login, checkin, checkout, import, and export operations from non-compliant endpoints

  1. In the Configuration console, access the Application Properties dialog box and click Manage Policies.

  2. In the ManagePolicies and Expressions dialog box, under the Policies group, select the Webtop Documentum 5 3 SP1 Enhanced Security policy, and then click EditPolicy.

  3. To define the prerequisites that endpoint computers must meet in order to enable login, checkin, checkout, import, and export operations, remove the default values from the relevant platform-specific policies, and assign the appropriate values. For details, see Managing IAG client endpoint policies.

  4. If you wish to define a list of repositories that users will not be able to use when running non-compliant computers, take the following additional steps:

    1. On the IAG server, access the following folder:

      …\Whale-Com\e-Gap\Von\Conf\Websites\<Trunk_Name>\Conf

    2. Under the Conf folder, create the following subfolder: CustomUpdate. If such a folder already exists, use the existing folder.

    3. From the Conf folder, copy the following file to the CustomUpdate subfolder, depending on the trunk-type:

      HTTP_WhlFiltAppWrap_ForPortal.xml or

      HTTPS_WhlFiltAppWrap_ForPortal.xml

      If such a file already exists, use the existing file.

    4. In the file you copied or accessed in step c, locate the string:

      list_of_unautorized_repositories = "repository_name1;repository_name2"

      Replace the dummy repository names with the names of the repositories to which you wish to prevent access from non-compliant computers. Note that repository names are separated by a semi-colon.

  5. Access the Configuration console. Click the Activate icon to activate the configuration. Select the option "Apply changes made to external configuration settings", and click Activate.

    When the configuration is activated, the message "IAG configuration activated successfully" appears.

    Checkin, checkout, import, and export operations will only be enabled on endpoint computers that comply with the security policy you defined here. If you defined a list of repositories, users running non-compliant computers will not be able to use those repositories when logging in to the Webtop portal, as well.

Cleaning application-specific temporary files

When the option "Attachment Wiper Cleans Application-Specific Temporary Files" is activated, the Attachment Wiper deletes the client’s cache. This option is activated in the Session tab of the Advanced Trunk Configuration window.

Note

The Attachment Wiper deletes application-specific files only if the application is part of the IAG site.

By default, the Attachment Wiper deletes attachments, including all files and sub-directories, from the following locations:

c:\documentum\viewed\*.*\

c:\documentum\contentxfer\*.*\

In addition, you can configure the IAG to delete attachments from the following location:

c:\documentum\checkout\*.*\

Warning

The "checkout" folder is where Webtop saves temporary copies of documents that users check out, in order to edit them. If the Attachment Wiper deletes the folder before the user checks in a document, all changes are lost.

For a description of when the Attachment Wiper deletes attachments, refer to the Intelligent Application Gateway User Guide, to the section titled "Attachment Wiper".

To configure the Attachment Wiper to delete the "checkout" folder

  1. On the IAG server, open the following file:

    …\Whale-Com\e-Gap\von\conf\samples\Webtop_sample.txt

    Copy the content of the file.

  2. Open the following file:

    …\Whale-Com\e-Gap\von\conf\wizarddefaults\AWPaths\Webtop.txt

    Paste the content of the file you copied in step 1 into this file, and save it.

  3. In the IAG Configuration console, click the Activate icon to activate the configuration, select the option "Apply changes made to external configuration settings", and click Activate.

    When the Attachment Wiper deletes attachments, it will delete all data under the "checkout" folder.

    Note

    Any changes you make to the Webtop.txt file in step 2 will be over-written when the IAG software is next upgraded or a patch is applied. It is therefore recommended that you back up the changes you made in an external file.