ptc navigate manage traces installation and configuration ...ptc navigate manage traces enables...
TRANSCRIPT
PTC Navigate Manage Traces Installation and Configuration Guide
PTC Navigate Manage Traces 1.0.1
with Integrity Lifecycle Manager and Windchill
Copyright © 2018 PTC Inc. and/or Its Subsidiary Companies. All Rights Reserved.
User and training guides and related documentation from PTC Inc. and its subsidiary companies (collectively
"PTC") are subject to the copyright laws of the United States and other countries and are provided under a license
agreement that restricts copying, disclosure, and use of such documentation. PTC hereby grants to the licensed
software user the right to make copies in printed form of this documentation if provided on software media, but
only for internal/personal use and in accordance with the license agreement under which the applicable software
is licensed. Any copy made shall include the PTC copyright notice and any other proprietary notice provided by
PTC. Training materials may not be copied without the express written consent of PTC. This documentation may
not be disclosed, transferred, modified, or reduced to any form, including electronic media, or transmitted or
made publicly available by any means without the prior written consent of PTC and no authorization is granted to
make copies for such purposes. Information described herein is furnished for general information only, is subject
to change without notice, and should not be construed as a warranty or commitment by PTC. PTC assumes no
responsibility or liability for any errors or inaccuracies that may appear in this document.
The software described in this document is provided under written license agreement, contains valuable trade
secrets and proprietary information, and is protected by the copyright laws of the United States and other
countries. It may not be copied or distributed in any form or medium, disclosed to third parties, or used in any
manner not provided for in the software licenses agreement except with written prior approval from PTC.
UNAUTHORIZED USE OF SOFTWARE OR ITS DOCUMENTATION CAN RESULT IN CIVIL DAMAGES
AND CRIMINAL PROSECUTION.
PTC regards software piracy as the crime it is, and we view offenders accordingly. We do not tolerate the piracy
of PTC software products, and we pursue (both civilly and criminally) those who do so using all legal means
available, including public and private surveillance resources. As part of these efforts, PTC uses data monitoring
and scouring technologies to obtain and transmit data on users of illegal copies of our software. This data
collection is not performed on users of legally licensed software from PTC and its authorized distributors. If you
are using an illegal copy of our software and do not consent to the collection and transmission of such data
(including to the United States), cease using the illegal version, and contact PTC to obtain a legally licensed copy.
Important Copyright, Trademark, Patent, and Licensing Information: See the About Box, or copyright
notice, of your PTC software.
UNITED STATES GOVERNMENT RIGHTS
PTC software products and software documentation are “commercial items” as that term is defined at 48 C.F.
R. 2.101. Pursuant to Federal Acquisition Regulation (FAR) 12.212 (a)-(b) (Computer Software) (MAY 2014) for
civilian agencies or the Defense Federal Acquisition Regulation Supplement (DFARS) at 227.7202-1(a) (Policy)
and 227.7202-3 (a) (Rights in commercial computer software or commercial computer software documentation)
(FEB 2014) for the Department of Defense, PTC software products and software documentation are provided to
the U.S. Government under the PTC commercial license agreement. Use, duplication or disclosure by the U.S.
Government is subject solely to the terms and conditions set forth in the applicable PTC software license
agreement.
PTC Inc., 140 Kendrick Street, Needham, MA 02494 USA
3
Contents
About This Guide ................................................................................................................. 5
Overview .............................................................................................................................. 7
Product Overview ......................................................................................................... 8
Architecture Overview .................................................................................................. 9
Product Requirements .................................................................................................. 9
Entity Overview ........................................................................................................... 10
Installing and Configuring PTC Navigate Manage Traces ................................................. 13
Downloading PTC Navigate Manage Traces.............................................................. 14
ThingWorx Composer: Install the Extensions ............................................................. 15
ThingWorx Composer: Set Up the AdapterBaseURI and Create App Keys ............... 16
Windchill: Configure the Connection and Set Access Control Policy Rules ................ 17
Manage Traces Admin Mashup: Configure Manage Traces ...................................... 19
Integrity Lifecycle Manager: Define Properties ........................................................... 22
Windchill: Create and Encrypt the ThingWorx Application Key Property .................... 22
ThingWorx Composer: Configure Connections .......................................................... 23
Securing Your Deployment ................................................................................................ 25
Protect the ThingWorx Application Keys .................................................................... 26
Enable SSL on Your Web Servers .............................................................................. 26
Configure Trust on Windchill....................................................................................... 27
Configure Impersonation on ThingWorx. .................................................................... 27
Configure Trust on Integrity ........................................................................................ 28
5
About This Guide
This guide explains how to install PTC Navigate Manage Traces and configure your environment to get it up and running. It is intended for the following audiences:
• The system administrator who installs this product. This person must have working knowledge of the following:
○ Integrity Lifecycle Manager installation
○ Windchill installation
○ ThingWorx Composer
• Business administrators who need to configure Integrity Lifecycle Manager and Windchill appropriately
For conceptual information about PTC Navigate Manage Traces and details about how to view traces in Integrity Lifecycle Manager and Windchill, see the PTC Navigate Manage Traces Getting Started Guide.
Technical Support
Contact PTC Technical Support through the PTC website, or by phone, email, or fax if you encounter problems using this product or the product documentation.
The PTC eSupport portal provides the resources and tools to support your implementation:
https://support.ptc.com/appserver/cs/portal/
For complete support details, see the PTC Customer Support Guide:
http://support.ptc.com/appserver/support/csguide/csguide.jsp
6 PTC Navigate Manage Traces Installation and Configuration Guide
You must have a Service Contract Number (SCN) before you can receive technical support. If you do not know your SCN, see “Preparing to contact TS” on the Processes tab of the PTC Customer Support Guide. This topic describes how to locate your SCN.
7
Overview Product Overview ................................................................................................................ 8
Architecture Overview .......................................................................................................... 9
Product Requirements ......................................................................................................... 9
Entity Overview .................................................................................................................. 10
This section describes PTC Navigate Manage Traces and provides important overview and requirements information.
1
8 PTC Navigate Manage Traces Installation and Configuration Guide
Product Overview PTC Navigate Manage Traces enables users to establish trace relationships between requirements and product items, such as parts, that fulfill those requirements. Data is shared between the ALM and PLM systems as a link; information is not duplicated on either system.
By using PTC Navigate Manage Traces, you can realize the following benefits:
• Respond quickly to market and customer needs
• Ensure that requirements are aligned throughout the entire product definition
• Reduce rework costs that are related to meeting requirements
• Improve verification through a clear understanding of needs
Once trace links have been established, they can be viewed from both Integrity Lifecycle Manager and Windchill. The trace link details include a preview of the requirement or product item that is available on the other system. For example, when viewing a trace link from Integrity Lifecycle Manager, you can access a preview of the Windchill part that the requirement is linked to.
When information is updated in one system, the updates are visible immediately on the other system. When a requirement is updated, any trace relationships for that requirement are flagged as suspect so that the updates can be reviewed. The requirements author can determine what product items are affected when they update the requirement. The product engineer can view the updated requirement to determine how the product item is affected by the change. After the requirement update has been reviewed, the suspect flag can be cleared.
Overview 9
Architecture Overview PTC Navigate Manage Traces builds on functionality provided by the following products:
These pieces work together to provide the ability to create trace relationships that can be viewed across Integrity Lifecycle Manager and Windchill without duplicating information.
Product Requirements
Note
PTC Navigate Manage Traces cannot be installed on the same Tomcat server
as PTC Navigate. It must be installed on a separate Tomcat instance with only
the prerequisites and supporting extensions for the PTC Navigate Manage
Traces release.
To install and use PTC Navigate Manage Traces, the following products are required:
• ThingWorx 7.4.15
Upgrade of PTC Navigate Manage Traces from ThingWorx 7.1 to
ThingWorx 7.4.15 is not supported. Install PTC Navigate Manage Traces
anew on ThingWorx 7.4.15 and set up the configurations again because the
configurations set on ThingWorx 7.1 are not preserved.
10 PTC Navigate Manage Traces Installation and Configuration Guide
• ThingWorx Utilities 7.4.3
Prior to importing ThingWorx Utilities, make sure you have imported the
required files listed in the Prerequisites section of the Thingworx Utilities
Installation Guide. See the Thingworx Utilities Installation Guide for more
details.
• PTC Integrity Lifecycle Manager 11.0
Integrity Lifecycle Manager must be configured to accept API connections,
as PTC Navigate Manage Traces connects to Integrity Lifecycle Manager
using the Java API. If you change this setting, you must restart the server.
• PTC Windchill 11.0 M030 CPS12, 11.0 M030 CPS12 CPSXB3
○ If you use SSL with a self-signed certificate, you must complete the configuration steps described in the following procedure: Enable SSL on Your Web Servers on page 26
○ Windchill single sign-on is not supported.
• Windchill Extension (ThingWorx Extension) 1.4.1
• PLM-Ontology-Extension (TWX extension) 1.2.0
• Integrity -trace -Ontology Extension 1.0.0
• TWX-Integrity-LM-Connectors 2.0.0
Client Support
• Browser support
○ Google Chrome 57 or later
○ Internet Explorer 11 or later
Entity Overview This section offers a high-level overview of the entities that are included in PTC Navigate Manage Traces. Each extension includes its own set of ThingWorx entities.
• ptc-windchill-extension—Enables the connection between
Windchill and ThingWorx, and provides the ability to create and update
product information in Windchill
• TWX-Integrity_LM_Connector_ExtensionPackage—Enables the
connection between Integrity Lifecycle Manager and ThingWorx
• plm-ontology-assembly—Creates the categorization of Windchill
objects within the ThingWorx platform
• integrity-trace-ontology-extension—Supplies the ALM
Overview 11
ontology components, including requirement and document resource providers
and the mashups for selecting documents and viewing requirements
• TraceabilityApp-extension—Supplies the Manage Traces user
interfaces
13
Installing and Configuring PTC Navigate Manage Traces
Downloading PTC Navigate Manage Traces. .................................................................... 14
ThingWorx Composer: Install the Extensions .................................................................... 15
ThingWorx Composer: Set Up the AdapterBaseURI and Create App Keys ...................... 16
Windchill: Configure the Connection and Set Access Control Policy Rules ....................... 17
Manage Traces Admin Mashup: Configure Manage Traces ............................................. 19
Integrity Lifecycle Manager: Define Properties .................................................................. 22
Windchill: Create and Encrypt the ThingWorx Application Key Property ........................... 22
ThingWorx Composer: Configure Connections ................................................................. 23
This section contains the information that you need to download, install, and configure PTC Navigate Manage Traces. This includes configuration steps in ThingWorx Composer, Windchill, and Integrity Lifecycle Manager. If you have separate administrators for each component, you will need to work together to get PTC Navigate Manage Traces up and running.
2
14 PTC Navigate Manage Traces Installation and Configuration Guide
Downloading PTC Navigate Manage Traces PTC Navigate Manage Traces is available from the PTC Software Downloads page:
https://support.ptc.com/appserver/cs/software_update/swupdate.jsp
From the Order or Download Software Updates page, click Order or Download
Software Updates. Once you have signed in, you can find PTC Navigate Manage Traces under PTC Smart Connected Applications ▶ Release Apps.
Viewing the PTC Navigate Manage Traces Media
When you install each PTC Navigate Manage Traces ZIP file in the ThingWorx Composer, all bundled extensions in that ZIP file are installed. If you first want to view the media in this file, you can unzip the top-level ZIP file, then open each ZIP file that it contains.
Installing and Configuring PTC Navigate Manage Traces 15
ThingWorx Composer: Install the Extensions To install the extensions bundled in PTC Navigate Manage Traces, complete the following steps:
1. Open the PTC Navigate Manage Traces ZIP file and extract all of the ZIP files that it contains to a location on your computer. (You will install each ZIP file separately.)
2. In ThingWorx Composer, from the Import/Export menu, select EXTENSIONS ▶
Import.
3. In the Import Extensions window, click Browse and navigate to the first ZIP file from the PTC Navigate Manage Traces ZIP file.
You must install the ZIP files in the following order:
a. ptc-windchill-extension
b. TWX-Integrity_LM_Connector_ExtensionPackage
c. plm-ontology-assembly
d. integrity-trace-ontology-extension
e. TraceabilityApp-extension
4. Click Import.
5. If prompted, refresh the ThingWorx Composer.
16 PTC Navigate Manage Traces Installation and Configuration Guide
6. Repeat steps 1–4 until you have imported each extension bundle
7. Refresh the web browser page.
To view the extensions after the import is complete, select Import/Export ▶
Manage. All extensions bundled with PTC Navigate Manage Traces are included in the list of installed packages.
ThingWorx Composer: Set Up the AdapterBaseURI and Create App Keys
Set Up the AdapterBaseURI
This set of steps configures the first portion of the uniform resource identifiers (URIs) that are stored by Windchill. These URIs are used only for identification purposes; no HTTP requests are made to them.
1. From the ThingWorx Composer Explorer, under Modeling, click Things.
2. Click PTC.OSLC.AdminUtils.
3. Click Configuration.
4. Under General Configuration, enter the following value for AdapterBaseURI: http://adapter:9000
5. Click Save.
Create Application Keys
The ThingWorx application keys will be used to provide connections from Windchill and Integrity Lifecycle Manager.
Note
It is very important to protect these application keys. For information about
how to secure them, see Protect the ThingWorx Application Keys on page 26.
1. In ThingWorx Composer, create two ThingWorx administrator users. These
users will be used to create the connections from ThingWorx to Windchill and
Integrity Lifecycle Manager.
These ThingWorx user accounts should be dedicated system connection
accounts that are not be used for any other purpose.
2. From the ThingWorx Composer Explorer, under Security, click Application
Keys.
3. Create an application key for the connection to Windchill:
a. Click New.
Installing and Configuring PTC Navigate Manage Traces 17
b. Enter the following information:
• Name—Give this application key a descriptive name that will help you
remember its purpose
• User Name Reference—The ThingWorx administrator username that
you set up for the Windchill connection in step 1
c. Click Save.
d. Make a note of the keyId value for Windchill. It will be used in a later step.
4. Create an application key for the connection to Integrity Lifecycle Manager:
a. Click New.
b. Enter the following information:
• Name—Give this application key a descriptive name that will help you
remember its purpose
• User Name Reference—The ThingWorx administrator username that
you set up for theIntegrity Lifecycle Manager connection in step 1
c. Click Save.
d. Make a note of the keyId value for Integrity Lifecycle Manager. It will be
used in a later step.
Windchill: Configure the Connection and Set Access Control Policy Rules
Note
In order to allow a user to see trace and requirement information, you must
duplicate their user account in Windchill, ThingWorx, and Integrity Lifecycle
Manager.
Configure Windchill to Connect to ThingWorx
Use the xconfmanager utility to add the following properties. Note that in the second command, you must enter the URL of your ThingWorx installation.
xconfmanager -s "com.ptc.windchill.enterprise.traceability.trace"=true -t
codebase\wt.properties -p
xconfmanager -s "com.ptc.windchill.enterprise.twxBaseUrl"=[your ThingWorx URL] -t
codebase\wt.properties -p
18 PTC Navigate Manage Traces Installation and Configuration Guide
Create Access Control Policy Rules: Provide the Ability to View, Create, and Modify Traces with a Type of Allocate
You must create one or more access control policy rules to determine who can view, create, and modify traces that have a type of allocate. You can create the policy rules that fit your organization. For example, you may want to have separate rules for each context.
Note
For information about how to create access control policy rules in Windchill,
see Specialized Administration ▶ Ensuring Data Security ▶ Access Control
in the Windchill Help Center.
Each policy rule must have the following settings:
• Type—Allocate
• Context—One or more contexts where these users can create trace links with a type of allocate
• Participant—Users or groups who should be able to create trace links with a type of allocate
• Permissions—Grant the appropriate permissions for the actions that users need to perform:
○ View allocate traces—Read
○ Create allocate traces—Create and Read
○ Update allocate traces (add or clear suspect flags)—Modify and Read
○ Delete allocate traces—Delete
Create Access Control Policy Rules: Provide Access to Requirement Resources
You must create an access control policy rule to provide access to remote requirements for all users who will need to view them. This rule limits access to the Windchill placeholder object for the remote requirements.
There are also access control rules that are configured in Integrity Lifecycle Manager that manage access to these requirements. This setting in Windchill provides an additional layer of security to restrict access to requirements from Windchill.
The policy rule must have the following settings:
• Type—Requirement Resource
• Context—Site
Installing and Configuring PTC Navigate Manage Traces 19
• Participant—Users who should be able to view remote requirements
• Permissions—Grant Full Control permissions
Manage Traces Admin Mashup: Configure Manage Traces 1. Access the PTC Navigate Manage Traces administration mashup at the
following URL:
http://[ThingWorx host name]:[ThingWorx port]/
Thingworx/Mashups/PTC.OSLC.AdminServerManagement
Note
Depending on your environment, you may need to replace http with
https.
The credentials that you use to log in to ThingWorx must also exist in Integrity
Lifecycle Manager.
2. Click Create.
3. Select Integrity Lifecycle Manager as the server type, then click OK.
4. Enter the properties of your Integrity Lifecycle Manager server:
• Server Name—Choose a meaningful name. If you will have multiple
configurations, this information will help you identify each one.
This name is used as part of the resource URIs that are stored by
Windchill, so it cannot be changed later.
Note
If this server is ever recreated in ThingWorx, such as during an
upgrade, ensure that you use the exact same name.
• Host Name
• Port
20 PTC Navigate Manage Traces Installation and Configuration Guide
• Username—Enter the username of an Integrity Lifecycle Manager user
that has impersonation permissions and can impersonate all end users.
Note
If this username does not have the correct impersonation permissions,
or if the credentials that you used to log into ThingWorx are not also
present in Integrity Lifecycle Manager, you will not be able to continue
to the next step.
• Password
• Cleanup Interval—When users view images in rich-text fields, the images
are automatically downloaded to ThingWorx as media entities. This setting
controls how often these media entities are deleted. When you change this
setting, the next cleanup occurs 1 hour later, and then continues at the
intervals that you set.
Click Next when you are done.
5. Click Create to create field mappings that will connect Integrity Lifecycle
Manager fields to Manage Traces fields:
a. Give this domain configuration a name that reflects the node type, such as
“Requirements.” This information helps you identify each domain
configuration more easily.
This name is used as part of the resource URIs that are stored by
Windchill, so it cannot be changed later.
Note
If this server is ever recreated in ThingWorx, such as during an
upgrade, ensure that you use the exact same name.
Click Next when you are done.
b. Select the Integrity Lifecycle Manager document type. Then, select your
field mappings between the fields for the document type and the Manage
Traces fields.
Installing and Configuring PTC Navigate Manage Traces 21
Tip
Field mappings that have been automatically detected and mapped for
you are not editable.
c. The node type for this document type appears at the top of the page. Select
your field mappings between the fields for the node type and the Manage
Traces fields.
d. Click Finish when you are done.
A ThingWorx resource provider is created for each type of resource with
its own mappings by type.
e. If you need to create mappings for more document types, click Create
again. Repeat this set of steps until you have created mappings for all of
the document types that you need.
6. Click the Super Users tab.
7. Enter the user name of the dedicated ThingWorx system connection user for
Windchill that you created in step 1 of ThingWorx Composer: Set Up the
AdapterBaseURI and Create App Keys on page 16. If you have more than one
Windchill system, and therefore more than one dedicated ThingWorx system
connection account for Windchill, add all of the usernames to the Super Users
list.
By adding a user to this list, you grant permission for that user to specify the
effective user that will be impersonated when communicating with the
Integrity Lifecycle Manager server. This way, operations are performed as the
correct end user, rather than all operations being attributed to the system
connection account.
8. Click the Incoming Trace Configurations tab.
9. Create an incoming trace provider for each incoming external reference (IER)
field that you plan to create in Integrity Lifecycle Manager. Click OK when
you are done.
10. Make a note of the Incoming Trace Provider Name value for each incoming
trace provider that you create. When you create IER fields in Integrity
Lifecycle Manager, you will enter this value in the Incoming Trace Provider
field.
For more information about creating IER fields, see “Incoming External
Reference Fields (IER)” in the Integrity Lifecycle Manager Help Center.
11. Click Close.
22 PTC Navigate Manage Traces Installation and Configuration Guide
Integrity Lifecycle Manager: Define Properties In the Integrity Lifecycle Manager Administration Client, under Configuration ▶
Properties, edit the following properties:
• mksis.thingworx.appkey—Set the value of this property to the Integrity Lifecycle Manager application key that you noted in the topic ThingWorx Composer: Set Up the AdapterBaseURI and Create App Keys on page 16.
• mksis.thingworx.websocket.url—Set the value of this property to the URL of the ThingWorx WebSocket. The WebSocket protocol must specify a secure connection ("wss://<server>:<port>/ThingWorx/WS").
A WebSocket secure (WSS) connection is required.
Note
It is very important to protect this application key. At this point, you can take
steps to secure the application key. For more information, see Protect the
ThingWorx Application Keys on page 26.
Windchill: Create and Encrypt the ThingWorx Application Key Property Use the following command to add and encrypt the traceability.appKey property. The ThingWorx application key value is the Windchill value that you noted in the topic ThingWorx Composer: Set Up the AdapterBaseURI and Create App Keys on page 16.
echo "traceability.appKey" >> $WT_HOME/bin/adminTools/sip/validProperties.list
ant -f $WT_HOME/bin/adminTools/sip/EncryptPasswords.xml encryptPw -DpropertyName=
traceability.appKey -Dpassword=[your ThingWorx application key]
Installing and Configuring PTC Navigate Manage Traces 23
ThingWorx Composer: Configure Connections To install the extensions bundled in PTC Navigate Manage Traces, complete the following steps in ThingWorx Composer:
1. Create a new thing. On the General Information page, enter the following information:
• Name
• Thing Template—WindchillConnector
2. Click Configuration, and enter the following information on the Configuration
for WindchillConnectorThing page:
• baseURL—URL of your Windchill instance
• restPath—/servlet/rest
Note
As a best practice, configure impersonation on ThingWorx. To do so, set
the ValidImpersonators property to the Integrity Lifecycle Manager users
who are defined in your ThingWorx application key for Integrity Lifecycle
Manager.
For more information, see Configure Impersonation on ThingWorx on
page 27.
3. Click Save.
4. Set the relationship provider configuration and resource provider connector for DefaultWindchillTraceResourceProvider:
a. From the ThingWorx Composer Explorer, under Things, click DefaultWindchillTraceResourceProvider.
b. Click Configuration to access the Configuration for PTC.Resource.PLM.
WindchillTraceResourceProviderPackage page.
c. Under Relationship Provider Configuration, in the DownStreamResourceProvider field, select DefaultWindchillPartResourceProvider.
d. Under Resource Provider Configuration, in the Connector field, select the name of the Windchill connector that you just created.
e. Click Save.
24 PTC Navigate Manage Traces Installation and Configuration Guide
5. Set the resource provider connector for DefaultWindchillPartResourceProvider:
a. From the ThingWorx Composer Explorer, under Things, click DefaultWindchillPartResourceProvider .
b. Click Configuration to access the Configuration for PTC.Resource.PLM.
WindchillPartResourceProviderPackage page.
c. Under Resource Provider Configuration, in the Connector field, select the name of the Windchill connector that you just created.
d. Click Save.
6. Configure the TraceabilityMashUpService:
a. From the ThingWorx Composer Explorer, under Things, click TraceabilityMashUpService.
b. Click Configuration to access the Configuration for PTC.Resource.PLM.
TraceabilityMashUpServicePackage page. Enter the following information:
• StructureDataShape—PTC.Resource.PLM.PartDataShape
• TraceabilityResourceProvider— DefaultWindchillTraceResourceProvider
• ResourceProviderTag—PTC.PLM.PartResourceProviderTag
• StructureService—WindchillTraceabilityPartStructureService
c. Click Save.
25
Securing Your Deployment Protect the ThingWorx Application Keys ............................................................................ 26
Enable SSL on Your Web Servers ..................................................................................... 26
Configure Trust on Windchill .............................................................................................. 27
Configure Impersonation on ThingWorx ............................................................................ 27
Configure Trust on Integrity ............................................................................................... 28
PTC Navigate Manage Traces connects three independently managed systems: Integrity Lifecycle Manager, Windchill, and ThingWorx. Ensuring the security of the connections between these systems can be a challenging task. There are many configuration options available for this purpose. The following topics provide a suggested approach for how you might begin to provide this security.
3
26 PTC Navigate Manage Traces Installation and Configuration Guide
Protect the ThingWorx Application Keys It is very important to protect the ThingWorx application keys. Following are best practices for doing so.
Encrypt the traceability.appKey Property
The traceability.appKey property was encrypted when you created it in this procedure: Windchill: Create and Encrypt the ThingWorx Application Key Property on page 22.
Configure an IP Whitelist for the Windchill Application Key in ThingWorx Composer
You can also protect the application key by configuring the IP whitelist for the Windchill application key. The Windchill server should be the only IP address that is allowed to access in ThingWorx using the Windchill application key. You can do so by modifying the properties of the application key in ThingWorx Composer.
For more information, see the “Application Keys” topic in the ThingWorx Help Center.
Enable SSL on Your Web Servers For an added layer of security, enable SSL on your web servers. For information about how to do this, see the “Configuring HTTPS for PTC HTTP Server and Windchill” topic in the Windchill Help Center.
Self-signed Certificates
If you use ThingWorx SSL with a self-signed certificate, you must import the ThingWorx certificate into the Windchill truststore. You can do this by importing the ThingWorx certificate into the JRE that your Windchill environment is configured to use. For example:
${JAVA_HOME}/bin/keytool -import -alias twx.tomcat.for.traces.app -file /appl/portal/certs/
your-twx-certificate.pem -storetype JKS -keystore jssecacerts -deststorepass [yourpassword]
If you use SSL on Windchill with a self-signed certificate, you must manually import your self-signed certificate into the <IntegrityClientInstall>\ jre\lib\security\jssecacerts keystore on every Integrity Lifecycle Manager client machine in your environment.
Securing Your Deployment 27
Configure Trust on Windchill
Configure a Secure Trust Relationship between Windchill and ThingWorx
You can configure a secure trust relationship between Windchill and ThingWorx by enabling two-way SSL from ThingWorx into Windchill. For information about how to do this, see the “Example Configuration using SSL for Secure Communications” topics in the PTC Windchill Extension Guide.
Update the wt.auth.trustedHosts Property in Windchill
If you have enabled two-way SSL from ThingWorx into Windchill, ensure that the wt.auth.trustedHosts property in the wt.properties file is no longer set. If
two-way SSL is configured correctly, you do not need to include the ThingWorx host in this property.
For more information, see the “Modify the wt.properties File” topic in the Windchill Help Center.
Configure Impersonation on ThingWorx Because a ThingWorx application key is used in the configuration of PTC Navigate Manage Traces, at least one ThingWorx user is authorized to impersonate other users in Integrity Lifecycle Manager and Windchill. There may be other ThingWorx users with impersonation privileges if you use other ThingWorx application keys or connect to a ThingWorx mashup using basic authentication credentials, and the other systems are configured to trust ThingWorx.
As a best practice, review the Integrity Lifecycle Manager users who are defined in your ThingWorx application key for Integrity Lifecycle Manager, and then set those users as valid impersonators in the Windchill connector:
1. From the ThingWorx Composer Explorer, under Modeling, click Things.
2. Open theWindchill connector thing and click Configuration. Under Impersonated users, set the ValidImpersonatedUser property to the Integrity Lifecycle Manager users who are defined in your ThingWorx application key for Integrity Lifecycle Manager.
3. Save your changes when you are done.
Note that these configurations can be managed independently. Some ThingWorx users might be able to perform impersonation in Windchill but not Integrity Lifecycle Manager.
28 PTC Navigate Manage Traces Installation and Configuration Guide
Configure Trust on Integrity Set up impersonation on Integrity. For details, see the following article: https:// support.ptc.com/appserver/cs/view/solution.jsp?n=CS128652
Verify that the IntegrityClientSite.rc file located at $integrity_ server/config/client is configured properly.