PTCNavigateManage TracesInstallationand …support.ptc.com/.../170758/en/MngTraceInstallConfig.pdf6 PTC Navigate Manage Traces Installation and Configuration Guide 1 Overview Product

PTC Navigate ManageTraces Installation andConfiguration GuidePTC Navigate Manage Traces 1.0

with Integrity Lifecycle Manager and Windchill

Copyright © 2016 PTC Inc. and/or Its Subsidiary Companies. All Rights Reserved.

User and training guides and related documentation from PTC Inc. and its subsidiary companies (collectively"PTC") are subject to the copyright laws of the United States and other countries and are provided under alicense agreement that restricts copying, disclosure, and use of such documentation. PTC hereby grants to thelicensed software user the right to make copies in printed form of this documentation if provided on softwaremedia, but only for internal/personal use and in accordance with the license agreement under which theapplicable software is licensed. Any copy made shall include the PTC copyright notice and any otherproprietary notice provided by PTC. Training materials may not be copied without the express written consentof PTC. This documentation may not be disclosed, transferred, modified, or reduced to any form, includingelectronic media, or transmitted or made publicly available by any means without the prior written consent ofPTC and no authorization is granted to make copies for such purposes. Information described herein isfurnished for general information only, is subject to change without notice, and should not be construed as awarranty or commitment by PTC. PTC assumes no responsibility or liability for any errors or inaccuraciesthat may appear in this document.

The software described in this document is provided under written license agreement, contains valuable tradesecrets and proprietary information, and is protected by the copyright laws of the United States and othercountries. It may not be copied or distributed in any form or medium, disclosed to third parties, or used in anymanner not provided for in the software licenses agreement except with written prior approval from PTC.

UNAUTHORIZED USE OF SOFTWARE OR ITS DOCUMENTATION CAN RESULT IN CIVILDAMAGES AND CRIMINAL PROSECUTION.

PTC regards software piracy as the crime it is, and we view offenders accordingly. We do not tolerate thepiracy of PTC software products, and we pursue (both civilly and criminally) those who do so using all legalmeans available, including public and private surveillance resources. As part of these efforts, PTC uses datamonitoring and scouring technologies to obtain and transmit data on users of illegal copies of our software.This data collection is not performed on users of legally licensed software from PTC and its authorizeddistributors. If you are using an illegal copy of our software and do not consent to the collection andtransmission of such data (including to the United States), cease using the illegal version, and contact PTC toobtain a legally licensed copy.

Important Copyright, Trademark, Patent, and Licensing Information: See the About Box, or copyrightnotice, of your PTC software.

UNITED STATES GOVERNMENT RIGHTS

PTC software products and software documentation are “commercial items” as that term is defined at 48 C.F.R. 2.101. Pursuant to Federal Acquisition Regulation (FAR) 12.212 (a)-(b) (Computer Software) (MAY 2014)for civilian agencies or the Defense Federal Acquisition Regulation Supplement (DFARS) at 227.7202-1(a)(Policy) and 227.7202-3 (a) (Rights in commercial computer software or commercial computer softwaredocumentation) (FEB 2014) for the Department of Defense, PTC software products and softwaredocumentation are provided to the U.S. Government under the PTC commercial license agreement. Use,duplication or disclosure by the U.S. Government is subject solely to the terms and conditions set forth in theapplicable PTC software license agreement.

PTC Inc., 140 Kendrick Street, Needham, MA 02494 USA

Contents

About This Guide ........................................................................................................5

Overview ....................................................................................................................7Product Overview .................................................................................................8Architecture Overview...........................................................................................9Product Requirements ..........................................................................................9Entity Overview ..................................................................................................10

Installing and Configuring PTC Navigate Manage Traces .............................................13Downloading PTC Navigate Manage Traces.........................................................14ThingWorx Composer: Install the Extensions ........................................................15ThingWorx Composer: Set Up the AdapterBaseURI and Create App Keys..............16Windchill: Configure the Connection and Set Access Control Policy Rules ..............17Manage Traces Admin Mashup: Configure Manage Traces ...................................19Integrity Lifecycle Manager: Define Properties ......................................................22Windchill: Create and Encrypt the ThingWorx Application Key Property ..................22ThingWorx Composer: Configure Connections......................................................23

Securing Your Deployment.........................................................................................25Protect the ThingWorx Application Keys ...............................................................26Enable SSL on Your Web Servers........................................................................26Configure Trust on Windchill ................................................................................27Configure Impersonation on ThingWorx................................................................27Configure Trust on Integrity .................................................................................28

3

About This Guide

This guide explains how to install PTC Navigate Manage Traces and configureyour environment to get it up and running. It is intended for the followingaudiences:• The system administrator who installs this product. This person must have

working knowledge of the following:○ Integrity Lifecycle Manager installation○ Windchill installation○ ThingWorx Composer

• Business administrators who need to configure Integrity Lifecycle Managerand Windchill appropriately

For conceptual information about PTC Navigate Manage Traces and details abouthow to view traces in Integrity Lifecycle Manager and Windchill, see the PTCNavigate Manage Traces Getting Started Guide.

Technical SupportContact PTC Technical Support through the PTC website, or by phone, email, orfax if you encounter problems using this product or the product documentation.The PTC eSupport portal provides the resources and tools to support yourimplementation:https://support.ptc.com/appserver/cs/portal/For complete support details, see the PTC Customer Support Guide:http://support.ptc.com/appserver/support/csguide/csguide.jsp

5

https://support.ptc.com/appserver/cs/portal/

http://support.ptc.com/appserver/support/csguide/csguide.jsp

You must have a Service Contract Number (SCN) before you can receivetechnical support. If you do not know your SCN, see “Preparing to contact TS” onthe Processes tab of the PTC Customer Support Guide. This topic describes howto locate your SCN.

6 PTC Navigate Manage Traces Installation and Configuration Guide

1Overview

Product Overview........................................................................................................8Architecture Overview..................................................................................................9Product Requirements .................................................................................................9Entity Overview .........................................................................................................10

This section describes PTC Navigate Manage Traces and provides importantoverview and requirements information.

7

Product OverviewPTC Navigate Manage Traces enables users to establish trace relationshipsbetween requirements and product items, such as parts, that fulfill thoserequirements. Data is shared between the ALM and PLM systems as a link;information is not duplicated on either system.

By using PTC Navigate Manage Traces, you can realize the following benefits:• Respond quickly to market and customer needs• Ensure that requirements are aligned throughout the entire product definition• Reduce rework costs that are related to meeting requirements• Improve verification through a clear understanding of needsOnce trace links have been established, they can be viewed from both IntegrityLifecycle Manager and Windchill. The trace link details include a preview of therequirement or product item that is available on the other system. For example,when viewing a trace link from Integrity Lifecycle Manager, you can access apreview of the Windchill part that the requirement is linked to.When information is updated in one system, the updates are visible immediatelyon the other system. When a requirement is updated, any trace relationships forthat requirement are flagged as suspect so that the updates can be reviewed. Therequirements author can determine what product items are affected when theyupdate the requirement. The product engineer can view the updated requirement todetermine how the product item is affected by the change. After the requirementupdate has been reviewed, the suspect flag can be cleared.


Architecture OverviewPTC Navigate Manage Traces builds on functionality provided by the followingproducts:

These pieces work together to provide the ability to create trace relationships thatcan be viewed across Integrity Lifecycle Manager and Windchill withoutduplicating information.

Product Requirements

NotePTC Navigate Manage Traces cannot be installed on the same Tomcat serveras PTC Navigate. It must be installed on a separate Tomcat instance with onlythe prerequisites and supporting extensions for the PTC Navigate ManageTraces release.

To install and use PTC Navigate Manage Traces, the following products arerequired:• ThingWorx 7.1.0• ThingWorx Utilities 7.1

Overview 9

• PTC Integrity Lifecycle Manager 10.9 or later

NoteIf you are using PTC Integrity Lifecycle Manager 10.9, you must install hotfix S150000000-008. For details, see the following article: https://support.ptc.com/appserver/cs/view/solution.jsp?n= CS240387.

○ Integrity Lifecycle Manager must be configured to accept APIconnections, as PTC Navigate Manage Traces connects to IntegrityLifecycle Manager using the Java API. If you change this setting, youmust restart the server.

• PTC Windchill 11.0 M010 or later○ If you use SSL with a self-signed certificate, you must complete the

configuration steps described in the following procedure: Enable SSL onYour Web Servers on page 26

○ Windchill single sign-on is not supported.

Client Support• Browser support

○ Google Chrome 41 or later○ Internet Explorer 11 or later

Entity OverviewThis section offers a high-level overview of the entities that are included in PTCNavigate Manage Traces. Each extension includes its own set of ThingWorxentities.

• ptc-windchill-extension—Enables the connection betweenWindchill and ThingWorx, and provides the ability to create and updateproduct information in Windchill

• TWX-Integrity_LM_Connector_ExtensionPackage—Enables theconnection between Integrity Lifecycle Manager and ThingWorx

• plm-ontology-assembly—Creates the categorization of Windchillobjects within theThingWorx platform

• integrity-trace-ontology-extension—Supplies the ALM


https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS240387


ontology components, including requirement and document resource providersand the mashups for selecting documents and viewing requirements

• TraceabilityApp-extension—Supplies the Manage Traces userinterfaces

Overview 11

2Installing and Configuring PTC

Navigate Manage TracesDownloading PTC Navigate Manage Traces................................................................14ThingWorx Composer: Install the Extensions...............................................................15ThingWorx Composer: Set Up the AdapterBaseURI and Create App Keys ....................16Windchill: Configure the Connection and Set Access Control Policy Rules.....................17Manage Traces Admin Mashup: Configure Manage Traces ..........................................19Integrity Lifecycle Manager: Define Properties .............................................................22Windchill: Create and Encrypt the ThingWorx Application Key Property .........................22ThingWorx Composer: Configure Connections ............................................................23

This section contains the information that you need to download, install, andconfigure PTC Navigate Manage Traces. This includes configuration steps inThingWorx Composer, Windchill, and Integrity Lifecycle Manager. If you haveseparate administrators for each component, you will need to work together to getPTC Navigate Manage Traces up and running.

13

Downloading PTC Navigate ManageTracesPTC Navigate Manage Traces is available from the PTC Software Downloadspage:https://support.ptc.com/appserver/cs/software_update/swupdate.jspFrom the Order or Download Software Updates page, click Order or DownloadSoftware Updates. Once you have signed in, you can find PTC Navigate ManageTraces under PTC Smart Connected Applications ▶▶ Release Apps.

Viewing the PTC Navigate Manage Traces MediaWhen you install each PTC Navigate Manage Traces ZIP file in the ThingWorxComposer, all bundled extensions in that ZIP file are installed. If you first want toview the media in this file, you can unzip the top-level ZIP file, then open eachZIP file that it contains.


https://support.ptc.com/appserver/cs/software_update/swupdate.jsp

ThingWorx Composer: Install theExtensionsTo install the extensions bundled in PTC Navigate Manage Traces, complete thefollowing steps:1. Open the PTC Navigate Manage Traces ZIP file and extract all of the ZIP files

that it contains to a location on your computer. (You will install each ZIP fileseparately.)

2. In ThingWorx Composer, from the Import/Export menu, select EXTENSIONS ▶▶Import.

3. In the Import Extensions window, click Browse and navigate to the first ZIPfile from the PTC Navigate Manage Traces ZIP file.

You must install the ZIP files in the following order:

a. ptc-windchill-extension

b. TWX-Integrity_LM_Connector_ExtensionPackage

c. plm-ontology-assembly

d. integrity-trace-ontology-extension

e. TraceabilityApp-extension

4. Click Import.5. If prompted, refresh the ThingWorx Composer.

Installing and Configuring PTC Navigate Manage Traces 15

6. Repeat steps 1–4 until you have imported each extension bundle7. Refresh the web browser page.To view the extensions after the import is complete, select Import/Export ▶▶Manage. All extensions bundled with PTC Navigate Manage Traces are includedin the list of installed packages.

ThingWorx Composer: Set Up theAdapterBaseURI and Create App KeysSet Up the AdapterBaseURIThis set of steps configures the first portion of the uniform resource identifiers(URIs) that are stored by Windchill. These URIs are used only for identificationpurposes; no HTTP requests are made to them.1. From the ThingWorx Composer Explorer, under Modeling, click Things.2. Click PTC.OSLC.AdminUtils.3. Click Configuration.4. Under General Configuration, enter the following value for AdapterBaseURI:

http://adapter:9000

5. Click Save.

Create Application KeysThe ThingWorx application keys will be used to provide connections fromWindchill and Integrity Lifecycle Manager.

NoteIt is very important to protect these application keys. For information abouthow to secure them, see Protect the ThingWorx Application Keys on page 26.

1. In ThingWorx Composer, create two ThingWorx administrator users. Theseusers will be used to create the connections from ThingWorx to Windchill andIntegrity Lifecycle Manager.

These ThingWorx user accounts should be dedicated system connectionaccounts that are not be used for any other purpose.

2. From the ThingWorx Composer Explorer, under Security, click ApplicationKeys.

3. Create an application key for the connection to Windchill:

a. Click New.


b. Enter the following information:

• Name—Give this application key a descriptive name that will help youremember its purpose

• User Name Reference—The ThingWorx administrator username thatyou set up for the Windchill connection in step 1

c. Click Save.d. Make a note of the keyId value for Windchill. It will be used in a later step.

4. Create an application key for the connection to Integrity Lifecycle Manager:

a. Click New.b. Enter the following information:

• Name—Give this application key a descriptive name that will help youremember its purpose

• User Name Reference—The ThingWorx administrator username thatyou set up for theIntegrity Lifecycle Manager connection in step 1

c. Click Save.d. Make a note of the keyId value for Integrity Lifecycle Manager. It will be

used in a later step.

Windchill: Configure the Connection andSet Access Control Policy Rules

NoteIn order to allow a user to see trace and requirement information, you mustduplicate their user account in Windchill, ThingWorx, and Integrity LifecycleManager.

Configure Windchill to Connect to ThingWorxUse the xconfmanager utility to add the following properties. Note that in thesecond command, you must enter the URL of your ThingWorx installation.xconfmanager -s "com.ptc.windchill.enterprise.traceability.trace"=true -t

codebase\wt.properties -p

xconfmanager -s "com.ptc.windchill.enterprise.twxBaseUrl"=[your ThingWorx URL] -t

codebase\wt.properties -p


Create Access Control Policy Rules: Provide the Ability to View,Create, and Modify Traces with a Type of AllocateYou must create one or more access control policy rules to determine who canview, create, and modify traces that have a type of allocate. You can create thepolicy rules that fit your organization. For example, you may want to haveseparate rules for each context.

NoteFor information about how to create access control policy rules in Windchill,see Specialized Administration ▶▶ Ensuring Data Security ▶▶ Access Control inthe Windchill Help Center.

Each policy rule must have the following settings:• Type—Allocate• Context—One or more contexts where these users can create trace links with a

type of allocate• Participant—Users or groups who should be able to create trace links with a

type of allocate• Permissions—Grant the appropriate permissions for the actions that users

need to perform:○ View allocate traces—Read○ Create allocate traces—Create and Read○ Update allocate traces (add or clear suspect flags)—Modify and Read○ Delete allocate traces—Delete

Create Access Control Policy Rules: Provide Access to RequirementResourcesYou must create an access control policy rule to provide access to remoterequirements for all users who will need to view them. This rule limits access tothe Windchill placeholder object for the remote requirements.There are also access control rules that are configured in Integrity LifecycleManager that manage access to these requirements. This setting in Windchillprovides an additional layer of security to restrict access to requirements fromWindchill.The policy rule must have the following settings:• Type—Requirement Resource• Context—Site


• Participant—Users who should be able to view remote requirements• Permissions—Grant Full Control permissions

Manage Traces Admin Mashup: ConfigureManage Traces1. Access the PTC Navigate Manage Traces administration mashup at the

following URL:http://[ThingWorx host name]:[ThingWorx port]/Thingworx/Mashups/PTC.OSLC.AdminServerManagement

NoteDepending on your environment, you may need to replace http withhttps.

The credentials that you use to log in to ThingWorx must also exist in IntegrityLifecycle Manager.

2. Click Create.3. Select Integrity Lifecycle Manager as the server type, then click OK.4. Enter the properties of your Integrity Lifecycle Manager server:

• Server Name—Choose a meaningful name. If you will have multipleconfigurations, this information will help you identify each one.

This name is used as part of the resource URIs that are stored byWindchill, so it cannot be changed later.

NoteIf this server is ever recreated in ThingWorx, such as during anupgrade, ensure that you use the exact same name.

• Host Name

• Port


• Username—Enter the username of an Integrity Lifecycle Manager userthat has impersonation permissions and can impersonate all end users.

NoteIf this username does not have the correct impersonation permissions,or if the credentials that you used to log into ThingWorx are not alsopresent in Integrity Lifecycle Manager, you will not be able to continueto the next step.

• Password

• Cleanup Interval—When users view images in rich-text fields, the imagesare automatically downloaded to ThingWorx as media entities. This settingcontrols how often these media entities are deleted. When you change thissetting, the next cleanup occurs 1 hour later, and then continues at theintervals that you set.

Click Next when you are done.5. Click Create to create field mappings that will connect Integrity Lifecycle

Manager fields to Manage Traces fields:

a. Give this domain configuration a name that reflects the node type, such as“Requirements.” This information helps you identify each domainconfiguration more easily.

This name is used as part of the resource URIs that are stored byWindchill, so it cannot be changed later.

NoteIf this server is ever recreated in ThingWorx, such as during anupgrade, ensure that you use the exact same name.

Click Next when you are done.b. Select the Integrity Lifecycle Manager document type. Then, select your

field mappings between the fields for the document type and the ManageTraces fields.


TipField mappings that have been automatically detected and mapped foryou are not editable.

c. The node type for this document type appears at the top of the page. Selectyour field mappings between the fields for the node type and the ManageTraces fields.

d. Click Finish when you are done.

A ThingWorx resource provider is created for each type of resource withits own mappings by type.

e. If you need to create mappings for more document types, click Createagain. Repeat this set of steps until you have created mappings for all ofthe document types that you need.

6. Click the Super Users tab.7. Enter the user name of the dedicated ThingWorx system connection user for

Windchill that you created in step 1 of ThingWorx Composer: Set Up theAdapterBaseURI and Create App Keys on page 16. If you have more than oneWindchill system, and therefore more than one dedicated ThingWorx systemconnection account for Windchill, add all of the usernames to the Super Userslist.

By adding a user to this list, you grant permission for that user to specify theeffective user that will be impersonated when communicating with theIntegrity Lifecycle Manager server. This way, operations are performed as thecorrect end user, rather than all operations being attributed to the systemconnection account.

8. Click the Incoming Trace Configurations tab.9. Create an incoming trace provider for each incoming external reference (IER)

field that you plan to create in Integrity Lifecycle Manager. Click OK whenyou are done.

10. Make a note of the Incoming Trace Provider Name value for each incomingtrace provider that you create. When you create IER fields in IntegrityLifecycle Manager, you will enter this value in the Incoming Trace Providerfield.

For more information about creating IER fields, see “Incoming ExternalReference Fields (IER)” in the Integrity Lifecycle Manager Help Center.

11. Click Close.


http://support.ptc.com/cs/help/integrity_hc/integrity109_hc/localemap_en/locale_en/serv_fields_creating_fields.mif-2-1.html?queryId=1557f6f0cbb#

Integrity Lifecycle Manager: DefinePropertiesIn the Integrity Lifecycle Manager Administration Client, under Configuration ▶▶Properties, edit the following properties:• mksis.thingworx.appkey—Set the value of this property to the Integrity

Lifecycle Manager application key that you noted in the topic ThingWorxComposer: Set Up the AdapterBaseURI and Create App Keys on page 16.

• mksis.thingworx.websocket.url—Set the value of this property to the URL ofthe ThingWorx WebSocket. The WebSocket protocol must specify a secureconnection ("wss://<server>:<port>/ThingWorx/WS").

AWebSocket secure (WSS) connection is required.

NoteIt is very important to protect this application key. At this point, you can takesteps to secure the application key. For more information, see Protect theThingWorx Application Keys on page 26.

Windchill: Create and Encrypt theThingWorx Application Key PropertyUse the following command to add and encrypt the traceability.appKey property.The ThingWorx application key value is the Windchill value that you noted in thetopic ThingWorx Composer: Set Up the AdapterBaseURI and Create App Keyson page 16.echo "traceability.appKey" >> $WT_HOME/bin/adminTools/sip/validProperties.list

ant -f $WT_HOME/bin/adminTools/sip/EncryptPasswords.xml encryptPw -DpropertyName=

traceability.appKey -Dpassword=[your ThingWorx application key]


ThingWorx Composer: ConfigureConnectionsTo install the extensions bundled in PTC Navigate Manage Traces, complete thefollowing steps in ThingWorx Composer:1. Create a new thing. On the General Information page, enter the following

information:• Name• Thing Template—WindchillConnector

2. Click Configuration, and enter the following information on the Configurationfor WindchillConnectorThing page:• baseURL—URL of your Windchill instance• restPath—/servlet/rest

NoteAs a best practice, configure impersonation on ThingWorx. To do so, setthe ValidImpersonators property to the Integrity Lifecycle Manager userswho are defined in your ThingWorx application key for Integrity LifecycleManager.

For more information, see Configure Impersonation on ThingWorx onpage 27.

3. Click Save.4. Set the relationship provider configuration and resource provider connector for

DefaultWindchillTraceResourceProvider:a. From the ThingWorx Composer Explorer, under Things, click

DefaultWindchillTraceResourceProvider.b. Click Configuration to access the Configuration for PTC.Resource.PLM.

WindchillTraceResourceProviderPackage page.c. Under Relationship Provider Configuration, in the

DownStreamResourceProvider field, selectDefaultWindchillPartResourceProvider.

d. Under Resource Provider Configuration, in the Connector field, select thename of the Windchill connector that you just created.

e. Click Save.


5. Set the resource provider connector forDefaultWindchillPartResourceProvider:a. From the ThingWorx Composer Explorer, under Things, click

DefaultWindchillPartResourceProvider .b. Click Configuration to access the Configuration for PTC.Resource.PLM.

WindchillPartResourceProviderPackage page.c. Under Resource Provider Configuration, in the Connector field, select the

name of the Windchill connector that you just created.d. Click Save.

6. Configure the TraceabilityMashUpService:a. From the ThingWorx Composer Explorer, under Things, click

TraceabilityMashUpService.b. Click Configuration to access the Configuration for PTC.Resource.PLM.

TraceabilityMashUpServicePackage page. Enter the following information:• StructureDataShape—PTC.Resource.PLM.PartDataShape• TraceabilityResourceProvider—

DefaultWindchillTraceResourceProvider• ResourceProviderTag—PTC.PLM.PartResourceProviderTag• StructureService—WindchillTraceabilityPartStructureService

c. Click Save.


3Securing Your Deployment

Protect the ThingWorx Application Keys......................................................................26Enable SSL on Your Web Servers ..............................................................................26Configure Trust on Windchill.......................................................................................27Configure Impersonation on ThingWorx ......................................................................27Configure Trust on Integrity ........................................................................................28

PTC Navigate Manage Traces connects three independently managed systems:Integrity Lifecycle Manager, Windchill, and ThingWorx. Ensuring the security ofthe connections between these systems can be a challenging task. There are manyconfiguration options available for this purpose. The following topics provide asuggested approach for how you might begin to provide this security.

25

Protect the ThingWorx Application KeysIt is very important to protect the ThingWorx application keys. Following are bestpractices for doing so.

Encrypt the traceability.appKey PropertyThe traceability.appKey property was encrypted when you created it in thisprocedure: Windchill: Create and Encrypt the ThingWorx Application KeyProperty on page 22.

Configure an IP Whitelist for the Windchill Application Key inThingWorx ComposerYou can also protect the application key by configuring the IP whitelist for theWindchill application key. The Windchill server should be the only IP address thatis allowed to access in ThingWorx using the Windchill application key. You cando so by modifying the properties of the application key in ThingWorx Composer.For more information, see the “Application Keys” topic in the ThingWorx HelpCenter.

Enable SSL on Your Web ServersFor an added layer of security, enable SSL on your web servers. For informationabout how to do this, see the “Configuring HTTPS for PTC HTTP Server andWindchill” topic in the Windchill Help Center.

Self-signed CertificatesIf you use ThingWorx SSL with a self-signed certificate, you must import theThingWorx certificate into the Windchill truststore. You can do this by importingthe ThingWorx certificate into the JRE that your Windchill environment isconfigured to use. For example:${JAVA_HOME}/bin/keytool -import -alias twx.tomcat.for.traces.app -file /appl/portal/certs/

your-twx-certificate.pem -storetype JKS -keystore jssecacerts -deststorepass [yourpassword]

If you use SSL on Windchill with a self-signed certificate, you must manuallyimport your self-signed certificate into the <IntegrityClientInstall>\jre\lib\security\jssecacerts keystore on every Integrity LifecycleManager client machine in your environment.


Configure Trust on WindchillConfigure a Secure Trust Relationship between Windchill andThingWorxYou can configure a secure trust relationship between Windchill and ThingWorxby enabling two-way SSL from ThingWorx into Windchill. For information abouthow to do this, see the “Example Configuration using SSL for SecureCommunications” topics in the PTC Windchill Extension Guide.

Update the wt.auth.trustedHosts Property in WindchillIf you have enabled two-way SSL from ThingWorx into Windchill, ensure that thewt.auth.trustedHosts property in the wt.properties file is no longer set. Iftwo-way SSL is configured correctly, you do not need to include the ThingWorxhost in this property.For more information, see the “Modify the wt.properties File” topic in theWindchill Help Center.

Configure Impersonation on ThingWorxBecause a ThingWorx application key is used in the configuration of PTCNavigate Manage Traces, at least one ThingWorx user is authorized toimpersonate other users in Integrity Lifecycle Manager and Windchill. There maybe other ThingWorx users with impersonation privileges if you use otherThingWorx application keys or connect to a ThingWorx mashup using basicauthentication credentials, and the other systems are configured to trustThingWorx.As a best practice, review the Integrity Lifecycle Manager users who are definedin your ThingWorx application key for Integrity Lifecycle Manager, and then setthose users as valid impersonators in the Windchill connector:1. From the ThingWorx Composer Explorer, under Modeling, click Things.2. Open theWindchill connector thing and click Configuration. Under

Impersonated users, set the ValidImpersonatedUser property to the IntegrityLifecycle Manager users who are defined in your ThingWorx application keyfor Integrity Lifecycle Manager.

3. Save your changes when you are done.Note that these configurations can be managed independently. Some ThingWorxusers might be able to perform impersonation in Windchill but not IntegrityLifecycle Manager.

Securing Your Deployment 27

Configure Trust on IntegritySet up impersonation on Integrity. For details, see the following article: https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS128652Verify that the IntegrityClientSite.rc file located at $integrity_server/config/client is configured properly.




Documents

PTCNavigateManage TracesInstallationand …support.ptc.com/.../170758/en/MngTraceInstallConfig.pdf6 PTC Navigate Manage Traces Installation and Configuration Guide 1 Overview Product