optionscrontab格式

SonicMQDeploymentGuideCopyright2000ProgressSoftwareCorporation.
Allrightsreserved.
ProgresssoftwareproductsarecopyrightedandallrightsarereservedbyProgressSoftwareCorporation.
Thisman-ualisalsocopyrightedandallrightsarereserved.
Thismanualmaynot,inwholeorinpart,becopied,photocopied,translated,orreducedtoanyelectronicmediumormachine-readableformwithoutpriorconsent,inwriting,fromProgressSoftwareCorporation.
Theinformationinthismanualissubjecttochangewithoutnotice,andProgressSoftwareCorporationassumesnoresponsibilityforanyerrorsthatmayappearinthisdocument.
Thereferencesinthismanualtospecificplatformssupportedaresubjecttochange.
ProgressisaregisteredtrademarkofProgressSoftwareCorporation.
SonicMQ,AppServer,ProVision,ProVisionPlus,ProgressSmartObjects,Apptivity,andallotherProgressproductnamesaretrademarksofProgressSoftwareCorporation.
ProgressSonicMQcontainstheIBMXMLParserforJavaEditionandtheIBMRuntimeEnvironmentforWin-dows,JavaTechnologyEditionVersion1.
1.
8RuntimeModules.
CopyrightIBMCorporation1998-1999.
Allrightsreserved.
U.
S.
GovernmentUsersRestrictedRights—Use,duplicationordisclosurerestrictedbyGSAADPScheduleContractwithIBMCorp.
IBMisaregisteredtrademarkofIBMCorporation.
JavaisatrademarkofSunMicrosystemsInc.
WindowsisaregisteredtrademarkofMicrosoftCorp.
Allothercompanyandproductnamesarethetrademarksorregisteredtrade-marksoftheirrespectivecompanies.
PrintedinU.
S.
A.
November2000SonicMQDeploymentGuide3ContentsPreface.
11AboutThisManual11ConventionsinThisManual13TypographicalConventionsandSyntaxNotation.
13Note,Important,andWarningFlags.
14AvailableDocumentation15WorldwideTechnicalSupport.
16PartI:PlanningYourDeployment19Chapter1:TypesofDeployments21Single-serverConfigurations21Multi-serverClusters22ClustersandScalability.
22Multi-CPUMachines22ClustersandAvailability.
23Multi-nodeConfigurations23ClusterSizeLimitations23ClusterFunctionalityLimitations24TheDynamicRoutingArchitectureSolution24Contents4SonicMQDeploymentGuideChapter2:Multi-nodeArchitecture.
27GlobalMessagingScalabilityandRoutingNodes28DynamicRoutingArchitecture29RoutingNodes30BehaviorofaRoutingQueueinaSonicMQServer31ConfiguredandAdvertisedRoutingInformation.
33RoutingNodesandClusters34Chapter3:GuaranteeingMessages37WorkingwithDeadMessageQueues.
37WhatIsanUndeliverableMessage39UsingtheSystemDeadMessageQueue39GuaranteeingDelivery39EnablingDeadMessageQueueFeatures.
40MonitoringDeadMessageQueues.
40TheSystemDeadMessageQueue41DefaultDMQProperties.
42ModifyingDefaultDMQProperties42ModifyingDMQAccessControl.
42JMS_SonicMQMessageProperties43HandlingUndeliveredMessages.
44SampleScenariosofHandlingDeadMessages45PreservingExpiredMessagesandThrowinganAdministrationNotification.
45UsingHighPriorityandThrowinganAdministrationNotification46WhattoDoWhentheDeadMessageQueueFillsUp46TypesofUndeliveredMessages47TTLIsExpired.
48RoutingNodeIsInvalid.
49RoutingDestinationIsInvalid50ConnectionCannotBeEstablishedBeforeRoutingTimeout51INDOUBT_TIMEOUTExpires.
52ConnectionAuthenticationFails53ConnectionAuthorizationFails55MessageisTooLarge56OtherCasesWhereMessagesMightBeLost57SonicMQDeploymentGuide5ContentsChapter4:FailoverandLoadBalancing59Connect-timeFailover59FailoverandRouting.
60DefiningtheListofConnectionURLs.
60ClientAccesstoFailoverConnections61LoadBalancing61LoadBalancingandRouting.
62ClientAccesstoLoad-balancedConnections.
62AfterConnecting63Chapter5:Security.
65SonicMQSecurityBasics65TheNeedforSecurity66SecurityTools66OverallSecurityPolicy66CorporateSecurityPolicy67SecurityIssuesCoveredElsewhere.
68SSLSupport68CertificateManagementTools68SecuringtheSonicMQDataStore68MaintainingSecurity.
69FirewallArchitectureBasics69SonicMQFirewallArchitecture72AdvantagesoftheScreenedSubnetArchitecture.
76SettingtheFirewallRulesforaSonicMQApplication76AddingandTestingYourSonicMQ-specificRules.
77Client-sideSecurityIssues.
78HTTPOverview78UnderstandingHTTPTunnelinginSonicMQ80HTTPTunneling81UsingaClient-sideForwardProxy.
82UsingaServer-sideReverseProxy.
83UsinganActiveXClientwithHTTPTunneling.
84Contents6SonicMQDeploymentGuideSignedApplets84Browser-specificTools.
85JavaPlug-ins.
85Certificate-basedMutualAuthentication86Password-basedEncryption(PBE)Tool.
86Encryption.
88Decryption89UsingtheEncryptedbroker.
iniFile90Chapter6:DesigningMessagingModels.
93ClientFunctions94AgentApplications.
94TransformationApplications95RoutingApplications96DynamicRoutingApplications97Topologies.
98Chain.
98HubandSpoke100CentralHub.
101Peer-to-peer.
104StoreandForward.
105PartII:ImplementingYourDeployment107Chapter7:DynamicRoutingArchitectureinaMulti-nodeApplication.
109Store&ForwardQueueRoutingfromaTradingPartner.
110Load-balancedTradingPartnerConnections113RoutingUnderFailureScenarios115ExchangingConnectionInformationforIndoubtResolution116AdvertisingRoutingConnectionInformation117ConnectionTimeout119Portal-initiatedConnections120ConnectionSecurity121Load-balancingAcrossPortalApplications.
122SonicMQDeploymentGuide7ContentsQueueRoutingfromPortaltoTradingPartners125SystemManagement127PortalManagement127TradingPartnerManagement127DeadMessageQueue.
128TradingPartnerRequest/ReplyExample128Chapter8:ImplementingMulti-nodeInstallations131Introduction131DefinitionofTerms132High-levelArchitecture136TradingPartnerConfiguration136FirewallSetup.
138SonicMQTradingPartnerConfiguration139SonicMQStaticConfiguration139SonicMQAdminConfiguration140PortalConfiguration142FirewallSetup.
144ConfigurationServerSetup145ClusteredServerSetup145SettingUpGlobalQueuesinaCluster.
146ConfigurationServerSecurityConfiguration.
147PortalConfigurationforAddingaNewTradingPartner148Chapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture151Introduction151Assumptions152BeforeYouStart154DeterminingYourMachineNames154InstallingSonicMQforYourPortalandTradingPartner.
155Settingtheadmin.
echoSystemProperty.
156SettingUpthePortal:Xchange157SettingUptheTradingPartner:Acme159TestingYourSetupwiththeGlobalTalkSampleApplication161Contents8SonicMQDeploymentGuideTroubleshootingYourSetup.
162PermissionProblemsWhenSendingMessagestoValidQueues162SampleApplicationandScripts162TheGlobalTalkApplication(PTP)162TheAdminShellScripts.
163Portal_Broker_Setup164Portal_Config_Setup164Portal_Add_TP.
165TP_Setup166AppendixA:PerformanceTuning169TuningYourJVMProperties169ChoosingaJavaVirtualMachinefortheSonicMQServer169SettingtheJavaHeapSize170UsingtheMaximumAvailableMemoryfortheServer170AnticipatingtheSizeandNumberofMessagesandQueuesontheServer170TuningJVMParameters.
171SettingBufferLimitsinMessageFlowControl.
172SettingQueueSave/RetrieveExtents173ReducingtheNumberofSyncpoints173ChoosingAutomaticMessageAcknowledgement174DiskDriveCaching.
174UsingQueuePrefetch175QueueCleanupThread175MessageSize.
176MessageType.
176Latency176LogQueueSize.
176Security177Index179SonicMQDeploymentGuide9ContentsListofFiguresFigure1.
Intra-nodeMessaging25Figure2.
RoutingNodes29Figure3.
RoutingConnectionTable33Figure4.
InvalidRoutingNode49Figure5.
InvalidRoutingDestination50Figure6.
BrokenRoutingConnection51Figure7.
FailedConnectionAuthentication54Figure8.
FailedConnectionAuthorization55Figure9.
MessageisTooLarge56Figure10.
FailoverandLoadBalancingforaRoutingNode60Figure11.
ScreenedSubnetArchitecture70Figure12.
ScreenedSubnetArchitecturewithSonicMQ72Figure13.
RecommendedArchitecture:VariationI74Figure14.
RecommendedArchitecture:VariationII75Figure15.
DirectHTTPConnection78Figure16.
InternetDeploymentwithProxyServerandFirewall79Figure17.
InternetDeploymentwithReverseProxyServer80Figure18.
Password-basedEncryptionArchitecture87Figure19.
AgentApplication94Figure20.
TransformationApplication95Figure21.
RoutingApplication96Figure22.
DynamicRouting'sStore-and-forwardmechanism97Figure23.
ChainTopology98Figure24.
EnhancedChainTopologyThroughDynamicRouting99Figure25.
ChainTransformationTopologywithDynamicRouting99Figure26.
HubandSpokeTopology100Figure27.
CentralHubTopology101Figure28.
CentralHubwithApplicationControl(Marketplace)102Figure29.
Peer-to-PeerwithaCentralHub104Figure30.
Peer-to-peerTopologyforStore-and-forwardRouting105Figure31.
RoutingCommunication111Figure32.
Routing:LoadBalancing124Figure33.
Routing:PortaltoPartner125Figure34.
High-levelViewofTradingPartner-PortalConfiguration131Figure35.
TradingPartner-PortalConfiguration136Figure36.
TradingPartnerConfigurationforAcmeInstallation138Contents10SonicMQDeploymentGuideFigure37.
TypicalPortalConfiguration143Figure38.
ConfigurationforDynamicRoutingArchitecture153ListofTablesTable1.
TheSonicMQDocumentationSet15Table2.
ProgressSoftwareInternationalOffices17Table3.
DynamicRoutingArchitectureTopics26Table4.
DeadMessageQueueProperties42Table5.
JMSSonicMQProperties43Table6.
PBEToolParameters88Table7.
NewParametersfordbtoolandstartbr90Table8.
ConnectionSecurityChecking121Table9.
NamesUsedinSampleAdminShellScripts133Table10.
JVMSettings171Table11.
JVMSettingsforSonicMQEditions171SonicMQDeploymentGuide11PrefaceThisPrefacecontainsthefollowingsections:n"AboutThisManual"describesthismanualanditsintendedaudience.
n"ConventionsinThisManual"describesthetextformatting,syntaxnotation,andflagsusedinthismanual.
n"AvailableDocumentation"describestheprintedandonlinedocumentationthataccompaniesSonicMQ.
n"WorldwideTechnicalSupport"providesinformationoncontactingtechnicalsupport.
AboutThisManualProgressSonicMQisafast,flexible,scalableE-BusinessMessagingServerdesignedtosimplifythedevelopmentandintegrationoftoday'shighlydistributedenterpriseapplicationsandInternet-basedbusinesssolutions.
SonicMQisacompleteimplementationoftheJavaMessageServicespecificationVersion1.
0.
2,anAPIforaccessingenterprisemessagingsystemsfromJavaprograms.
Thisbookisdividedintotwoparts.
ThefirstpartdealswithissuesyoushouldconsiderwhenplanningyourSonicMQdeploymentandconsistsofthefollowingchapters:nChapter1,"TypesofDeployments,"discussesthecapabilitiesandlimitationsofsingle-serverandclusterconfigurationsintermsofperformance,scalability,andreliability.
Preface12SonicMQDeploymentGuidenChapter2,"Multi-nodeArchitecture,"describeshowtheDynamicRoutingArchitectureandotherconceptsapplywhenimplementingaportalandtradingpartnermarketplace.
nChapter3,"GuaranteeingMessages,"describestheuseoftheDeadMessageQueueandthehandlingofundeliverablemessages.
nChapter4,"FailoverandLoadBalancing,"discusseshowconnect-timefailoverletsaclient(orserveractingasaclient)connecttoanyserverinauser-suppliedlist.
Thischapteralsodicussestheload-balancingfeature,whichletsaclient(orserveractingasaclient)beredirectedtoanotherserverforthepurposeofredistributingload.
nChapter5,"Security,"presentsanoverviewofhowtoplanandimplementasecureSonicMQinstallationandexplainshowtouseSignedApplets.
nChapter6,"DesigningMessagingModels,"givesaconceptualoverviewofhowtheportalandtradingpartnerB2Bapplicationcanbeusedtoenablevariousbusiness-to-businessscenarios.
ThesecondpartofthebookdescribeshowtoimplementyourSonicMQdeploymentandconsistsofthefollowingchapters:nChapter7,"DynamicRoutingArchitectureinaMulti-nodeApplication,"describeskeyelementsoftheGlobalQueueRoutingArchitectureintermsofamarketplaceapplication.
nChapter8,"ImplementingMulti-nodeInstallations,"describesthestepsyoumightfollowtosetupaSonicMQdeploymentwithportalsandtradingpartners.
nChapter9,"RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture,"givesstep-by-stepinstructionsonhowtosetupademonstrationportalandtradingpartner.
nAppendixA,"PerformanceTuning,"discusseshowyoucantunesomeparametersofyourSonicMQconfigurationtooptimizetheoverallperformanceofyourimplementation.
SonicMQDeploymentGuide13ConventionsinThisManualConventionsinThisManualInthissection,youwillfindadescriptionofthetext-formattingconventionsusedinthismanualandadescriptionofnotes,warnings,andimportantmessages.
TypographicalConventionsandSyntaxNotationThismanualusesthefollowingtypographicalconventions:nBoldtypefaceinthisfontindicateskeyboardkeynames(suchasTaborEnter)andthenamesofwindows,menucommands,buttons,andotherSonicMQuserinterfaceelements.
Forexample,"FromtheFilemenu,chooseOpen.
"Boldtypefaceisalsousedtohighlightnewtermswhentheyareintroducedinconceptualandoverviewsections.
nMonospacetypefaceisusedtoindicatetextthatmightappearonacomputerscreenotherthanthenamesofSonicMQuserinterfaceelements,includingallofthefollowing:–Codeexamples–Codethattheusermustenter–Systemoutput(suchasresponses,errormessages,andsoon)–Filenamesandpathnames–Softwarecomponentnames,suchasclassandmethodnamesEssentially,monospacetypefaceindicatesanythingthatthecomputeris"saying,"orthatmustbeenteredintothecomputerinalanguagethatthecomputer"understands.
"Boldmonospacetypefaceisusedtosupplyemphasistotextthatwouldotherwiseappearinmonospacetypeface.
MonospacetypefaceinitalicsorBoldmonospacetypefaceinitalics(dependingoncontext)indicatesvariablesorplaceholdersforvaluesyousupplyorthatmightvaryfromonecasetoanother.
Preface14SonicMQDeploymentGuideThissymbolandfontintroduceamulti-stepprocedure:1.
Thisisafirststep.
1.
1Thisisastepwithinastep.
2.
Thisisasecondstep.
Thissymbolandfontintroduceasingle-stepprocedure:oThissymbolstartsasingle-stepprocedure.
Thismanualusesthefollowingsyntaxnotationconventions:nWherecommand-lineexamplesareprovided,abackslashcharacter(\)indicateslinecontinuation.
Itshouldnotbeenteredontheactualcommandline.
nBrackets([])insyntaxstatementsindicateparametersthatareoptional.
nBraces({})indicatethatone(andonlyone)oftheencloseditemsisrequired.
Averticalbar(|)separatesrequireditems.
nEllipses(.
.
.
)indicatethatyoucanchooseoneormoreoftheprecedingitems.
Note,Important,andWarningFlagsThismanualhighlightsspecialkindsofinformationbyusingshading,placinghorizontalrulesaboveandbelowthetext,andusingaflagintheleftmargintoindicatethekindofinformation.
NoteANoteflagindicatesinformationthatcomplementsthemaintextflow.
Suchinformationisespeciallyneededtounderstandtheconceptorprocedurebeingdiscussed.
ImportantAnImportantflagindicatesinformationthatmustbeacteduponwithinthegivencontextinorderfortheprocedureortask(orother)tobesuccessfullycompleted.
SonicMQDeploymentGuide15AvailableDocumentationAvailableDocumentationTable1liststhedocumentationsuppliedwithSonicMQ.
Inadditiontothedocumentationlistedinthistable,SonicMQcomeswithsamplefiles.
AlldocumentationisincludedwiththeSonicMQmedia.
WarningAWarningflagindicatesinformationthatcancauselossofdataorotherdamageifignored.
Table1.
TheSonicMQDocumentationSetDocumentDescriptionSonicMQDocumentationPortal(SonicMQ_Help.
htm)DescribesandlinksallSonicMQonlinedocumentationcomponents.
GettingStartedwithSonicMQPresentsanintroductiontothescopeandconceptsoftheSonicMQsoftwareanditspackaging.
ListsthefeaturesandbenefitsofSonicMQintermsofitsadherencetotheSunJMSspecificationandtheextensionsthatmakeSonicMQaricher,moreusefulmessagingsoftware.
SonicMQInstallationandAdministrationGuideDescribesconfigurationofvariousSonicMQclienttypes,clusters,andthemessageserveranddatastores.
Theadministrationchaptersfullydocumentservermanagementusingboththecommand-lineinterfaceandthegraphicaluserinterfaceadministrationtools.
Coverssecurityconceptsandinstallationandadministrationofsecurityfeatures.
SonicMQProgrammingGuidePresentstheSonicMQsampleapplicationsandthenshowshowtheprogrammercanenhancethesamples,focusingonclients,connections,sessions,messages(includingXML),transactions,andhierarchicaltopics.
SonicMQDeploymentGuideThefirstpartdescribesgeneraldeploymentissues,includingsecurity.
ThesecondpartconcernsdeploymentissuesforsettingupdynamicroutingforaB2Binfrastructure.
Preface16SonicMQDeploymentGuideWorldwideTechnicalSupportProgressSoftware'ssupportstaffmaintainsawealthofinformationathttp://www.
sonicmq.
comtoassistyouwithresolvinganytechnicalproblemsthatyouencounterwheninstallingorusingSonicMQDeveloperEdition.
FromtheSonicMQhomepage,clickonDeveloperExchangetotakeadvantageofresourcesfordeveloperssuchasforums,downloads,tips,whitepapers,andcodesnippets.
FortechnicalsupportfortheSonicMQProfessionalDeveloperEditionortheSonicMQE-BusinessEdition,visitourTechSupportDirectWebpageathttp://techweb.
progress.
com.
WhencontactingTechnicalSupport,pleaseprovidethefollowinginformation:nThereleaseversionnumberandserialnumberofSonicMQthatyouareusing.
ThisinformationislistedatthetopoftheStartBrokerconsolewindowandmightappearasfollows:SonicMQE-BusinessEdition[SerialNumber25677051]ReleasennnBuildNumbernnnProtocolnnnnYourfirstandlastname.
nYourcompanyname,ifapplicable.
nPhoneandfaxnumbersforcontactingyou.
nYoure-mailaddress.
nTheplatformonwhichyouarerunningSonicMQ,aswellasanyotherenvironmentinformationyouthinkmightberelevant.
nTheJavaVirtualMachine(JVM)youareusing.
SonicMQAPIReferenceContainsinformationontheSonicMQAPIthatsupplementstheothermanuals.
SonicMQProductUpdateBulletinDescribesenhancementstoSonicMQthatarenewwiththisrelease.
SonicMQReleaseNotesProvideslate-breakinginformationandknownissues.
Table1.
TheSonicMQDocumentationSet(continued)DocumentDescriptionSonicMQDeploymentGuide17WorldwideTechnicalSupportTodeterminetheJVMyouareusing,openaconsolewindow,gotothedirectorySONICMQ_JRE(defaultinstall-dir\Java\bin),andissuethecommand.
\jre-d.
Table2providesinformationaboutProgressSoftwareCorporationanditsinternationaloffices.
Table2.
ProgressSoftwareInternationalOfficesLocale,OfficeName,andAddressContactInformationNorthandLatinAmerica:ProgressSoftwareCorporation14OakParkBedford,MA01730USAPre-sales:Telephone:8004776473ext.
4900e-mail:sonicmqpresales@progress.
comTechnicalSupportforProfessionalDeveloperEditionandE-BusinessEdition:Telephone:7812804999Fax:7812804543e-mail:support@progress.
comEurope,theMiddleEast,Africa(EMEA):ProgressSoftwareEuropeB.
V.
P.
O.
Box8644Schorpioenstraat673067GGRotterdamTHENETHERLANDSPre-sales:e-mail:sonicmqpresales-emea@progress.
comTechnicalSupportforProfessionalDeveloperEditionandE-BusinessEdition:Telephone:31102865222Fax:31102865225e-mail:emeasupport@progress.
comPreface18SonicMQDeploymentGuideAsia/Pacific:ProgressSoftwarePty.
Ltd.
1911MalvernRoadMalvernEast,VICBox3145,AUSTRALIATechnicalSupportforProfessionalDeveloperEditionandE-BusinessEdition:Telephone:61398850199e-mail:aussupport@melbourne.
progress.
comTable2.
ProgressSoftwareInternationalOffices(continued)Locale,OfficeName,andAddressContactInformation19PartIPlanningYourDeploymentPartIoftheSonicMQDeploymentGuidedealswithissuesyoumustconsiderwhenplanningyourdeploymentandcontainsthefollowingchapters:nChapter1,"TypesofDeployments,"discussesthecapabilitiesandlimitationsofsingle-serverandclusterconfigurationsintermsofperformance,scalability,andreliability.
nChapter2,"Multi-nodeArchitecture,"describeshowyoucanuseDynamicRoutingArchitecturetoimplementaB2Bdeployment,suchasaportalandtradingpartnerapplication.
nChapter3,"GuaranteeingMessages,"describestheuseoftheDeadMessageQueueandthehandlingofundeliverablemessagesinamulti-nodedeployment.
nChapter4,"FailoverandLoadBalancing,"discusseshowconnect-timefailoverletsaclient(orserveractingasaclient)connecttoanyserverinauser-suppliedlist,soaconnectioncanbemadeevenifsomeoftheserversinthelistarenotavailable.
Thischapteralsodicussestheload-balancingfeature,whichletsaclient(orserveractingasaclient)beredirectedtoanotherserverforthepurposeofredistributingload.
nChapter5,"Security,"presentsanoverviewofhowtoplanandimplementasecureSonicMQinstallationandexplainshowtouseSignedApplets.
20SonicMQDeploymentGuideSonicMQDeploymentGuide21Chapter1TypesofDeploymentsThischapterconsistsofseveralsections:n"Single-serverConfigurations"onpage21brieflysetsforththecapabilitiesandlimitationsofsingle-serverconfigurationsintermsofperformance,scalability,andreliability.
n"Multi-serverClusters"onpage22describestheperformance,scalability,andreliabilityadvantagesofclusters.
n"Multi-nodeConfigurations"onpage23revealsthelimitationsofusingamulti-serverclusterincertaintypesofapplications,andbrieflydescribeshowtheselimitationscanbeovercomebyusingamulti-nodeconfiguration.
Single-serverConfigurationsAsingle-serverconfigurationisfinefordevelopmentandinitialtesting,butforproductionuseitsuffersfromtwomainlimitations:nScalabilityislimitedbythecapacitiesofthehostmachine—Manycontemporarycommercialapplicationsmustsendandreceivedatafrommoreclientsthancanbehandledbyasinglecomputer.
nAvailabilityislimited—Ifthesuccessofyourbusinessdependsuponcriticalapplicationsbeingavailable24hoursadayand7daysaweek,yourmessagingsystemmustbeabletoworkifanysinglemachinegoesdown.
Ifamessagingclientlosesaconnectiontoaparticularmachine,itmightbeessentialthatitcanstillusethemessaginginfrastructure.
Chapter1:TypesofDeployments22SonicMQDeploymentGuideMulti-serverClustersTherequirementsofperformanceandavailabilitycanlargelybemetbyusingmulti-serverclusters,supportedbySonicMQDeveloper,ProfessionalDevelopers,andE-BusinessEditions.
AsexplainedintheSonicMQInstallationandAdministrationGuide,aclusterconsistsofagroupofinterconnectedservers.
Youcentrallyadministertheclusterusingaconfigurationserver,whichcanbepartofthecluster,butdoesnothavetobe.
ClustersandScalabilityClusteringallowsperformancetobescaledbyaddingadditionalserverstohandleheavymessageloads.
SonicMQprovidestheoptionofusingaround-robinalgorithmtoassignconnectionssothatallserversinaclustersharetheload.
Thefollowingsectiondiscussessomeissuesyoushouldconsiderwhenaddingadditionalservers.
Multi-CPUMachinesTheserversinaclusterneednotbeondifferentmachines.
Youcanuseamulti-CPUmachine,witheachofseveralserversrunningonitsownCPUanditsownJVMinstance.
However,thisaddscomplexitytotheinstallationandmightnotbefasterthanusingoneserver.
AsingleservermakeseffectiveuseofmultipleCPUs.
Instresstestsagainstasingleserveronafour-CPUmachine,allfourCPUsattainedcloseto100%utilization.
LessstressfultestsalsoshowedafairlyevenloaddistributionacrossthefourCPUs.
Whethertouseasinglemulti-CPUmachineormultiplesingle-CPUmachinesdependsonseveralfactors:nOnamulti-CPUmachine,ifyouareusingoneserverorifallserversshareasingledatabaseandthedatabasecanbeputonthesamemachine,usingamulti-CPUmachineshouldreducediskaccesstime.
Inthissituation,themulti-CPUsolutionwouldbefaster.
NoteThroughoutthisbook,theterms"broker"and"server"willbeusedinterchangeably.
SonicMQDeploymentGuide23Multi-nodeConfigurationsnAmulti-CPUmachineislikelytohaveasingleI/Ocontroller,somultipleserversonsuchamachinewouldbecompetingfordiskaccess,makingthemulti-CPUsolutionslower.
nIfallserversareonamulti-CPUmachineandthemachinefails,themessagingsystemwillbeunavailable.
However,iftheserversareonindividualmachinesandonefails,partsofthemessagingsystemremainavailable.
ClustersandAvailabilityIfaSonicMQclientlosesitsconnectiontoaserverortheserverfails,theclientcanredirectitsmessagestoanotherserverintheclusterandcanreceivemessagesfromotherservers.
Whentheserverornetworkconnectioncomesbackup,informationcanbesentfromthatservertotheoneforwhichthemessagewasoriginallyintended.
Alternatively,youcandesignyourapplicationsotwoserversinaclusteraremirrorimagesofoneanother.
Ifyoudothis,yourapplicationswillbeabletoreconnectandcontinueoperationifasingleserverfails.
Iftheconfigurationservergoesdown,youlosetheabilitytoadministersecurityandclustermembership,andcustomerslosetheabilitytoadministertheroutingconnectiontableandroutingusersthatarepartoftheDynamicRoutingArchitecture.
Inthiscase,however,existingconnectionsbetweentheserversaremaintained,andworkcancontinueuninterrupted.
Multi-nodeConfigurationsAlthoughclusterssolvemanyoftheproblemsyoumightotherwiseencounterwhenusingasingleserver,therearecertainsituationswhereclustersbythemselvesarenotsufficient.
Thesesituationsareonesimpactedbyclustersizelimitationsandclusterfunctionalitylimitations,whicharediscussedinthefollowingsections.
ClusterSizeLimitationsEveryserverinaclustermustmaintainaconnectiontoeveryotherserver.
Thismeansthatann-serverclustermusthaven*(n-1)/2interserverconnections.
Chapter1:TypesofDeployments24SonicMQDeploymentGuideThus,a16-serverclusterhas120interserverconnectionsanda32-serverclusterhas496interserverconnections.
Theoverheadinmaintaininglargenumbersofconnectionsisexcessive.
Forthisreason,youshouldhavenomorethan16serversinacluster.
Forlargescaleapplicationsrequiringmorethan16serversanothersolutionisrequired.
SonicMQtechnologyprovidesasolution.
ClusterFunctionalityLimitationsClustershavefunctionallimitationsaswell.
Someoftheveryfeaturesthatletclustersworkwellwithinasingleenterprisebecomeproblemswhenapplicationsarespreadovermorethanoneenterprise:nClustershavecentralizedsecuritymanagement,avaluableconveniencewithinanenterprise.
However,aninter-enterprisesolutionmusthavelocalmanagement.
Eachenterprisemusthavelocalmanagementtocontrolaccessusingalocallymaintainedlistofaccesscontrolrights.
nApplicationsinoneenterprisemustbeabletoworkevenwhentheremoteenterpriseisunavailable.
Thatis,theyneedastore-and-forwardcapabilitytoallowdisconnectedoperation.
nConnectionsmustbesecureattheenterpriselevel,notattheleveloftheultimateuser.
Oneenterprisegenerallywillhavenowaytoauthorizeandauthenticateindividualusersintheotherenterprise.
Itmustbepossibletoenforceenterprise-levelconnectionsecurity.
nYoumightwantsomesitestoactasanintermediary.
Themainfunctionofthesesitesistolookatthemessageenvelopesandbusinessrelationshipsbetweentwoormoreexternalenterprisesandforwardmessagestotheappropriatesite.
ThisiscomplexroutingbasedonbusinesslogicthatcannotbeperformedbyastandardJMSimplementation.
nAstrafficincreases,youmustaddresourcestohandleservicesandroutingapplications.
Thearchitecturemustbescalable.
TheDynamicRoutingArchitectureSolutionTheSonicMQsolutiontotheshortcomingsoftheclusterapproachiscalledDynamicRoutingArchitecture(DRA).
Inthisapproach,eachclusterofserversorunclusteredserverisanode.
TheDRAisamulti-nodearchitecture.
ItprovidesawaytosendmessagesfromaserverononenodetoadestinationSonicMQDeploymentGuide25Multi-nodeConfigurationsonanothernode.
Figure1showsamessagebeingsentfromaclientononenodetoaclientonanothernode.
WithintheDRA,SonicMQservesastheunderlyingtransportlayerformessages.
SonicMQgivesyouthedeploymentoptionsforphysicaltransport(forexample,SSLorTCP)aswellasQualityofServiceoptionsforguaranteedmessages.
Practicallyspeaking,thismeansthateachnodehasaserverandmessaginginfrastructure.
ThisservercommunicatestotheclusterthroughaRoutingQueuebuiltonstandardSonicMQinter-servermessaging.
Back-endscalabilityisachievedbyusingthisRoutingQueuetodirectmessagesbetweennodes.
Availabilityandscalabilityareattainedbyallowingtheroutingqueuetoloadbalancequeueforwardingacrossconnectionsfromapplicationsthatsharereplicatedfunctionality.
MostoftheremainderofthismanualexplainstheramificationsofDynamicRoutingArchitecture.
Inparticular,youwillneedtolearnaboutthetopicslistedinTable3.
Figure1.
Intra-nodeMessagingClientBServer1Node1Node2Server2ClientAChapter1:TypesofDeployments26SonicMQDeploymentGuideTable3.
DynamicRoutingArchitectureTopicsTopicSectionorChapterWhereDiscussedRoutingNodes"RoutingNodes"onpage30QueueRouting"Store&ForwardQueueRoutingfromaTradingPartner"onpage110"QueueRoutingfromPortaltoTradingPartners"onpage125Configuration"SystemManagement"onpage127"TradingPartnerConfiguration"onpage136"PortalConfiguration"onpage142LoadBalancingChapter4,"FailoverandLoadBalancing""Load-balancedTradingPartnerConnections"onpage113"Load-balancingAcrossPortalApplications"onpage122SystemManagement"SystemManagement"onpage127"PortalManagement"onpage127"TradingPartnerManagement"onpage127DeadMessageQueueChapter3,"GuaranteeingMessages""DeadMessageQueue"onpage128SonicMQDeploymentGuide27Chapter2Multi-nodeArchitectureSonicMQprovidesacomplete,robustimplementationoftheJavaMessageService(JMS).
JMSprovidesreliable,secureguaranteedmessagingbetweenapplicationsovertheInternet.
However,JMSbyitselfoperatesattoolowaleveltorepresentthecomplexitiesofbusiness-to-businessE-commerce.
Forexample,imaginethousandsofcompaniesworkingtogetherastradingpartnersthroughamarketplace,implementedasaportal.
Thisscenarioandotherbusiness-to-businessE-commercescenariosarediscussedinChapter6,"DesigningMessagingModels.
"Intheportalandtradingpartnerscenario,thetradingpartnerplaystheroleofamessagingclient,andtheportalactsasamessageserverthatperformsrouting,logging,authentication,andotherservices.
Thischaptercontainstwosections:n"GlobalMessagingScalabilityandRoutingNodes"onpage28describestheroutingnodeconceptataveryhighlevel.
n"DynamicRoutingArchitecture"onpage29describes,atarelativelyhighlevel,howroutingnodesandthevariousothercomponentsofthearchitectureworktogethertoallowtheimplementationofmulti-nodesolutions.
Chapter2:Multi-nodeArchitecture28SonicMQDeploymentGuideGlobalMessagingScalabilityandRoutingNodesYoucanimplementSonicMQmessagingeitheronasingleserver,oronasingleclusterofservers.
EachoftheseactsasanodeformessagingwhereconfigurationcanbecentrallyadministeredandwhereclientsandserverscanbefullyconnectedusingnormalJMSsemantics.
Intheglobal,business-to-businesscase,thereisaneedforconnectingtheseisolated,independentlyadministeredmessagingnodes.
SonicMQ'sDynamicRoutingArchitectureletsyouconnectthesemessagingnodesthroughtheconceptofSonicMQroutingnodes.
YoucandefineanySonicMQserver,orclusterofservers,asaroutingnode.
Networkconnectionscanbeconfiguredatanyroutingnodetoanylistofotheradjacentroutingnodes.
Adjacentroutingnodesarethosenodesthathaveaserver-to-serverconnectionwiththecurrentnode.
Thisconnectioncanbeactive,oryoucandefineitadministratively.
Thisallowsanyclientatoneroutingnodetoaddressmessagestobothlocalqueuesandtoremotequeuesonadjacentroutingnodes.
SonicMQwilldelivermessagestoadjacentroutingnodeswithitscommitmentofguaranteed,exactly-oncedelivery.
Youcanaddadditionalroutingattheapplicationleveltotakemessagesandsendthemontosubsequentroutingnodes.
Figure2illustratesthisconcept.
SonicMQDeploymentGuide29DynamicRoutingArchitectureEachoftheroutingnodesinFigure2representseitherasingleserveroracluster,plusalloftheclientsdirectlyconnectedtotheserversinthatnode.
DynamicRoutingArchitectureTheabilitytoscaletothousandsoftradingpartnersandmanyportalapplicationsandservicesisbasedontheextensionofSonicMQinter-servermessaging.
Thismessaginghasbeenenhancedtosupportglobalqueueroutingbetweenroutingnodes.
ThisglobalqueueroutingstructureispartoftheSonicMQDynamicRoutingArchitecture.
Figure2.
RoutingNodes:RoutingNode:ActiveRoutingConnectionChapter2:Multi-nodeArchitecture30SonicMQDeploymentGuideRoutingNodesWithglobalqueuerouting,itispossibletosendmessagestoglobalqueuesthatresideonotherservers.
Youdothisbycreatingaroutingnode.
Aroutingnodecanbeasingleunclusteredserveroraclusterofservers.
Routingnodenamesareonlyexposedtoadjacentroutingnodesinanetworkofroutingnodes.
Adjacentnodescanbeestablisheddynamically(asaremoteroutingnodeconnectsintoanode)orpreconfiguredintheserverorconfigurationserverdatabase(foroutgoingconnections).
ForJMSclientsconnectedtoaserverorcluster,youcanspecifyqueuesthatexistinadjacentroutingnodesbyprependingthenameoftheroutingnodetothequeue.
Aqueuenamethatisqualifiedbyaroutingnodenameisreferredtoasaremotequeue.
Thesyntaxforaremotequeueisrouting_node_name::queue_name.
JMSclientscanretrievemessagesonlyfromqueuesinserverstowhichtheyhaveestablishedconnections.
Forexample,aJMSclientatatradingpartnercansendtotheappQqueueonthePortalroutingnodebyusingtheremotequeuenamePortal::appQ.
AroutingnodenamecanbeanyJavastringofupto256Unicodecharactersthatdoesnotcontainadoublecolon(::)ordoublequote(")anddoesnotbeginwithadollarsign($).
Thefollowingclientcodetakesadvantageofremotequeuenaming://CreatetheQueueSenderontheQueuejavax.
jms.
QueueremoteQueue=session.
createQueue("Portal::appQ");javax.
jms.
QueueSenderqSender=session.
createSender(remoteQueue);//SendaMessageqSender.
send(msg);Theuseofglobalqueuesissubjecttothefollowingrules:nYoucannotcreateaQueueReceiveroraQueueBrowseronaremotequeue.
Attemptingtodosowillraiseanexception.
nTheremotequeuemustexistonthedestinationroutingnode.
Existenceoftheremotequeueischeckedonlyatthedestinationroutingnode.
Ifthequeuedoesnotexist,themessageisflaggedasundeliverableand,ifthesenderhassorequested,movedtotheSonicMQ.
deadMessagequeue.
nAccesscontrolbyaclienttoaremotequeueisbasedonthequeuename,withouttheroutingnodename.
Thatis,theACLsarecheckedattheserverconnectedtotheclient.
SonicMQDeploymentGuide31DynamicRoutingArchitecturenRemotequeuesmustbedefinedasglobalonthedestinationroutingnodetohaverouting.
Globalqueuesareadvertisedovernewroutingconnections,unlessyouturnoffthiscapability.
nTosendmessagestoaglobalqueueonalocalroutingnode,youcanomittheroutingnodenameandsimplyprefacethenamewithadoublecolon(::),asinthiscode:session.
createQueue("::appQ");YoucanomittheroutingnodenameforaglobalqueuethatexistsontheserverthattheJMSclientisconnectedto,ortoaglobalqueuethatisdefinedonanotherserverinthesamecluster.
BehaviorofaRoutingQueueinaSonicMQServerThenameoftheroutingqueueisSonicMQ.
routingQueue.
Theroutingqueueautomaticallyroutesallmessagesthatarenotlocaltothatroutingnodetoremotequeues.
Theconnectionassociatedwitharoutingnodeisinitializedadministratively.
Thatis,eachroutingnodenamehasanassociatedconnection(whichmapstoalistofserverURLs,ports,andotherconnectionparameters).
Whentwoserversconnecttoeachotherforqueuerouting,theyexchangeinformationonqueuesthatareexplicitlysetglobal.
Thisisreferredtoastheadvertisingofglobalqueues.
YoucandisableadvertisingbyselectingthenoadvertiseflagwhensettingaroutingintheAdmintoolorSonicMQExplorer.
Messagesarecheckedatarrivalataroutingnodeforuser/queuewritepermissionsbasedonthesecurityACLconfigurationatthereceivingserver.
Youspecifythenameoftheroutingnodebyaddingthefollowinglinetothebroker.
inifile:ROUTING_NODE_NAME=nameNoteRoutingisenabledforallservers.
Chapter2:Multi-nodeArchitecture32SonicMQDeploymentGuideYoucannotdeleteorrenametheroutingqueue.
However,youcanmodifyitspropertiessuchasmaximumsize,savethreshold,andretrievethresholdbyusingtheAdmintool,Explorer,ortheManagementAPI.
Aroutetableisusedtodynamicallymaintaininformationonglobalqueuesforroutingpurposes.
Itallowstheroutingqueuetodeterminewheremessagesshouldbesentduringrouting.
Whenaglobalqueueisadvertisedfromaroutingnode,thetableretainstheconnectioninformationassociatedwiththatqueue.
Onlythemostcurrentinformationisretained,alongwiththeshortestpathtothedestinationqueue.
Theinformationintheroutetableispersistedasitisreceivedsothatremotequeueroutingsareknownatserverstartup,evenifnoroutingadvertisementsarereceived.
Thefullconnectioninformationforadestinationqueueisretained,whichallowsoutgoingconnectionstobeestablished,ifpossible.
Forpreconfiguredconnections,atableofconnectionroutinginformationcalledtheroutingconnectiontableisstoredwiththeconfigurationdatabase.
Inaclusteredconfiguration,theroutingconnectiontableiscentrallyadministeredintheconfigurationserver.
Itdefinestheconnectionparametersandoptionsusedtoestablishnewconnectionstoagivenroutingnode,ifnoactiveconnectionsexist.
Figure3illustratestheconfigurationoftheroutingconnectiontable.
SonicMQDeploymentGuide33DynamicRoutingArchitectureConfiguredandAdvertisedRoutingInformationThepropagationofroutinginformationishandledbytheroutetableforwarder(RTF)andisreferredtoasadvertising.
TheRTFacceptsrouteinformationfromotherserversinthesystemandforwardsthisinformationtootherservers.
TheRTFisresponsibleforupdatingtheinformationintheRouteTableasinformationalmessagesareprocessed.
TheRTFalsoobtainscurrentrouteinformationfromneighboringserverswhentheroutingsystemisinitialized.
TheRTFneedsaccesstothelogicalconnectionsinaserver.
Figure3.
RoutingConnectionTablePre-configuredRoutingInformationRouteInformationRoutingConnectionTableRoutingQueue(oneperserver)[SonicMQ.
routingQueue]GlobalQueueMessages(outgoing)MessageForwarderAdvertisingofRouteInformationMessages(outgoing)IncomingMessagesRouteTableIncomingRoutingInformationForwardingsupportsexactlyoncedeliverytoreplicatedqueuesRouteTableForwarderRoutingConfiguration(frommanagementAPIand/ortools)Chapter2:Multi-nodeArchitecture34SonicMQDeploymentGuideThefollowingrestrictionsapplytotheadvertisingofqueueswhenserversareconnected:nOnlyqueuesexplicitlydefinedasglobalareadvertised.
nOnlyglobalqueuesdefinedonaroutingnodeareadvertisedtoanotherroutingnode.
nWhenserversmakeconnectionsfromoneroutingnodetoanother,theconnectioncanbeconfiguredtoexplicitlypreventthisadvertising.
Aglobalqueueisnotadvertisedthrougharoutingconnectionthatdisablesadvertising.
nWithinacluster,theadvertisingofglobalqueuesalwayshappens.
Thisisautomaticandoccurswhentheserverisaddedtotheclusterorwhennewglobalqueuesarecreatedordeleted.
nAdvertisingmustbeexplicitlyturnedonforroutingconnectionsdefinedadministrativelybetweennodes.
nAnynewroutinginformationreceivedbyaclusteredserverisimmediatelypropagatedtoserversinthatcluster.
Thenewinformationwillbeadvertisedtoadjacentnodesonlyifthatinformationpertainstothenodeitself.
nTheserveroriginatingroutinginformationwillincludeatimestamptoallowforduplicateupdatestobedetected.
Onlythemostrecentinformationwillbeused.
nDuplicateroutinginformationisnotforwarded.
Thispreventsadvertisingtoenteraninfiniteloopincomplexroutingconfigurations.
RoutingNodesandClustersAroutingnodecanconsistofasingleserveroraclusterofservers.
Ifthenodeisacluster,staticroutingconnectioninformationisconfiguredfortheentireclusterthroughtheconfigurationserver.
Thatis,therelationshipbetweentheroutingnodenameandoutgoingconnectionsissetfortheentirecluster,andmustbesetontheconfigurationserver.
Thisissimilartothewaythatsecurityinformationisadministeredandstored.
Routingandsecurityconfigurationsaredesignedtoworktogether,butneitherisaprerequisitefortheother.
Youcanconfigureaclusterforrouting,forsecurity,orforboth.
SonicMQDeploymentGuide35DynamicRoutingArchitectureChangesinroute-tableinformationaresharedbetweenserversintheroutingnodeusinginternalmessaging.
ThisappliestochangesmadeadministrativelythoughthemanagementtoolsorAPI,aswellastoroutingsdefineddynamicallyduetoroutetableadvertising.
Routingconnectionswithinacluster-basedroutingnodearemadeautomatically.
Eachserverinacluster-basedroutingnodecanroutetoanyotherserverinthesameroutingnode.
Thatis,withinacluster,routingconnectionsare,atmost,oneforwarding"hop.
"Usingaclusterdoesnotautomaticallycreatearoutingnode.
Tocreateaclusterthatisalsoaroutingnode,everyserverintheclustermustbeconfiguredwiththesamevaluesintheindividualbroker.
inifiles.
Forexample,tosetupthePortalroutingnode,yousetROUTING_NODE_NAME=Portalforeachserver.
Eachoftheserversintheclusterisaddedtotheclusterusingtheconfigurationserver.
Theconfigurationservercanalsohavethesamesettings,butonlyifitistobeaddedtotheclusteritself.
Aconfigurationserverdoesnothavetobepartoftheroutingnodeinorderforittoadministerroutingconnectioninformation.
Chapter2:Multi-nodeArchitecture36SonicMQDeploymentGuideSonicMQDeploymentGuide37Chapter3GuaranteeingMessagesThischapterprovidesinformationabouthowyoucanusetheSonicMQDeadMessageQueue(DMQ)featurestoguaranteethatmessageswillnotbediscardeduntilaclienthasprocessedthem.
Thechaptercontainsthefollowingsections:n"WorkingwithDeadMessageQueues"onpage37describesdeadmessagesanddeadmessagequeues,andthewaysSonicMQprovidesforyoutohandlethem.
n"TheSystemDeadMessageQueue"onpage41providesinformationaboutthepropertiesoftheSonicMQsystemdeadqueue.
n"HandlingUndeliveredMessages"onpage44describestheprocessSonicMQusestohandleundeliverablemessagesn"TypesofUndeliveredMessages"onpage47definesthevariouscaseswheremessagesaremarkedasundeliveredandprovidesreasoncodesanddescriptionsofeachtypeofundeliveredmessage,includingthescenariosinwhichtheundeliveredmessagemightoccurWorkingwithDeadMessageQueuesJMSprovidesmechanismsforguaranteeddeliveryofmessagesbetweenclientsandwithintheprovider.
However,therearecaseswheremessagesareallowedtoexpireorwheretheyareviewedbytheproviderasundeliverable.
Thesemessagesarecalleddeadmessages.
Chapter3:GuaranteeingMessages38SonicMQDeploymentGuideIfyouhavealocalapplicationofSonicMQ,theonlydeadmessagesyoushouldencounterarethosethatexpire.
Theothertypesofdeadmessagesdiscussedinthischapterariseinmulti-nodedeployments.
ThesedeploymentsarediscussedinPartII,"ImplementingYourDeployment.
"SonicMQprovidesyouwiththeabilityeithertodealwiththesemessagesortobekeptawareofsituationswheremessagesarenotbeingdeliveredduetohighlatencyorpossibleproviderfailure.
ThisabilityisachievedthroughuseoftheDeadMessageQueue.
WhenyouusetheSonicMQDeadMessagefeatures,theSonicMQserverwilldealwithundeliverablemessagesasfollows.
WhentheSonicMQserverfindsmessagesthathaveexceededtheirtimetolive(TTL)andshouldexpireorthatcannotberoutedduetosomeexternalnetworkerror,theserver:nSavesthemessageinadeadmessagequeue(DMQ)and/ornGeneratesanadministrativenotification(managementevent)Atanapplicationlevel,youcanlistenfortheadministrativenotifications,browsetheDMQ,anddealwithundeliveredmessagesasappropriateforyourapplication.
Formoreinformationaboutperformingthesetasks,seetheSonicMQProgrammingGuide.
NoteTheDMQisusedonlyformessagesdeliveredinthePoint-to-Pointdomain.
NoteMessagessentwithaNON_PERSISTENTdeliverymodearesubjecttoalowerqualityofservicethanPERSISTENTmessages.
NON_PERSISTENTmessagesintheDMQarenotretainedafteraplannedorunplannedshutdownoftheserver.
Thesemessagesmustbeprocessedinthesameserversessioninwhichtheyoccur,otherwisetheywillbediscarded.
SonicMQDeploymentGuide39WorkingwithDeadMessageQueuesWhatIsanUndeliverableMessageInthecaseofserver-to-serverqueueroutingacrossroutingnodes,therearecaseswheremessagesareconsideredundeliverable.
(PartII,"ImplementingYourDeployment,"introducesanddiscussesdynamicroutingarchitecture.
)Thesecasesincludethefollowingtypesofmessages:nUnroutablemessagesaremessagesthatarriveataroutingqueuewheretheinformationontheroutingismissingorincomplete.
nIndoubtmessagesaremessagesthathavebeenforwardedtoanotherroutingnode,butwherethehandshakingneededtoensureonce-and-only-oncedeliveryofmessageshasbeeninterruptedduetonetworkorhardwarefailureandcannotbere-establishedwithinthecofigurableINDOUBT_TIMEOUT(approximatelyonebusinessday).
Thereareotherreasonswhyamessagemightnotbedelivered,includingtimeoutsandnetworkfailures.
Seethe"TypesofUndeliveredMessages"sectionfordescriptionsofvariousscenariosunderwhichmessagesarenotdelivered.
MessagesthatdonotmakeforwardprogressduringqueueroutingforaconfiguredperiodoftimearetransferredtotheDMQ.
ThisperiodoftimeisspecifiedbytheTTLparameter.
UsingtheSystemDeadMessageQueueInSonicMQ,allundeliverablemessagesaresenttothesystemDMQ,namedSonicMQ.
deadMessage.
ThesystemdeadmessagequeueistreatedexactlylikeanormalqueueinthatitcanbebrowsedorreadusingnormalJMSobjects(QueueBrowserandQueueReceiver).
Theonlyspecialhandlingfeatureofthesequeuesisthatmessagesarenotallowedtoexpirefromthem.
GuaranteeingDeliveryJMScanguaranteedeliverybyusingqueuesandsettingthedeliverymodetoPERSISTENT,butcannotguaranteelatencyofmessages.
WhenyouusetheDMQ,anyexpiredmessageisguaranteedtobepreservedontheserver.
Toensurethatexpiredmessagesarepreserved,youmustconfigureyourapplicationtomonitortheDMQsandtohandleallmessagesthatarriveintheDMQ.
Chapter3:GuaranteeingMessages40SonicMQDeploymentGuideEnablingDeadMessageQueueFeaturesYouenabletheDMQfeaturesonlyonamessage-by-messagebasis.
Youmustspecificallyrequestenqueuingandnotificationsofadministrativeevents,ortheDMQisnotused.
EnablingtheDMQinthiswaypreventstheDMQfromaccidentallyfillingupandshuttingdowntheserver.
SeetheSonicMQProgrammingGuideforinformationonsettingmessagepropertiestorequestenqueueingontheDMQ.
MonitoringDeadMessageQueuesItisveryimportantthatyourapplicationmonitorthedeadmessagequeuesanddealwithmessagesthatarrivethere.
Whenanyofthesesystemqueuesexceedsitsmaximumqueuesize,theserverisshutdown.
TohelpdealwiththepotentialofDMQsfillingup,theSonicMQservermonitorstheDMQandsendsanadministrativeeventnotificationwhenthequeueexceedsthepredefinedpercentage.
Thispercentageissetto85%bydefault.
Aneventissenteverytimeamessageisenqueuedthatcausesthesizeofthequeuetoexceedthenotificationpercentage.
WarningApplicationsshouldnotdirectlyaddmessagestotheDMQbycreatingQueueSenders.
RecommendedaccesstotheDMQisthroughQueueBrowsersandQueueReceivers.
NoteMessagesareenqueuedintheDMQretaintheiroriginaldestinationandJMSExpirationvalue.
EnsurethatQueueBrowsersandQueueReceiversontheDMQcheckthe(javax.
jms.
Message)m.
getJMSDestination()fortheoriginalqueue.
Checkingm.
getJMSExpiration()willalwaysyieldatimeinthepastSonicMQDeploymentGuide41TheSystemDeadMessageQueueTheSystemDeadMessageQueueTheDeadMessageQueue(DMQsnotusedunlessyourequestit.
YoucanrequestadministrationnotificationsandenqueuingontheDMQbysettingpropertiesoneachmessage.
SeetheSonicMQProgrammingGuideforinformationonsettingmessageproperties.
TheDMQiscreatedandpopulatedbySonicMQ.
TheDMQhasthefollowingproperties:nExistsoneveryservernIscreatedautomaticallybySonicMQ(allrunningSonicMQservershaveanactiveDMQ)nIsalwaysnamed:SonicMQ.
deadMessagenIsalocalqueuenCannotbedeletedAswithotherqueues,messagesthathaveaJMSDeliveryModeofNON_PERSISTENTarenotavailableintheDMQafterasystemshutdown(eitherplannedorunplanned).
Asexplainedinthe"MonitoringDeadMessageQueues"section,theSonicMQserverwillshutdowniftheDMQexceedsitsconfiguredcapacity.
Priortoshuttingdowntheserver,however,theDMQwillraiseanadministrativeeventwhenitexceedsafractionofitsmaximumsize.
Thenotificationfactordefaultsto0.
85(85%).
Youcanresetthisvalue(DMQ_NOTIFY_FACTOR)inthebroker.
inifiletoanappropriatelimitforyourapplication.
YoucanmonitortheseeventsusingtheManagementAPIorthetools.
SonicMQraisestheeventforeverymessageaddedtotheDMQ.
YoucanconfiguretheSonicMQExplorerandAdmintooltolistenforthesemessages.
Forexample,intheAdmintool,enterthiscommand:showbrokereventsstartdmqstatusSeetheSonicMQInstallationandAdministrationGuideformoreinformationaboutusingtheSonicMQExplorerandAdmintool.
SeetheSonicMQProgrammingGuideforanexamplethatshowsyouhowtousetheSonicMQExplorertomonitortheserver'sDMQ.
Chapter3:GuaranteeingMessages42SonicMQDeploymentGuideDefaultDMQPropertiesBydefault,SonicMQcreatestheDeadMessageQueuewiththepropertieslistedinTable4.
ModifyingDefaultDMQPropertiesYoucanmodifyalltheparametersoftheSonicMQ.
deadMessagequeue,exceptthenameandlocalsetting,usingtheAdmintoolorExplorer.
Thesettingsforretrievethreshold,savethreshold,andmaximumqueuesizearehighlyspecifictoanapplication,thereforeyoushouldchangethesefromtheirdefaultsettingstovaluesappropriatetoyourapplication.
SeetheSonicMQInstallationandAdministrationGuideforinformationaboutusingtheAdminShellandExplorer.
ModifyingDMQAccessControlTheadministratorcanmodifyAccessControlfortheDMQusingtheManagementAPI,Admintool,orExplorer.
AccessControlissetinthesamewayforthesystemqueuesasfornonsystemqueues.
SeetheSonicMQInstallationandAdministrationGuideforinformationaboutusingtheManagementAPI,Admintool,andExplorer.
Table4.
DeadMessageQueuePropertiesPropertyValueEditableNameSonicMQ.
deadMessageNo[local|global]localNo[shared|exclusive]sharedYesretrievethreshold1,200KYessavethreshold1,400KYesMaximumqueuesize10,000KYesSonicMQDeploymentGuide43TheSystemDeadMessageQueueJMS_SonicMQMessagePropertiesThefollowingisalistofthemessagepropertiesassociatedwithmessagesdeclaredundeliverableandpossiblymovingtotheDMQ:nJMS_SonicMQ_preserveUndeliveredSetthisbooleanpropertytotrueforeverymessagethatshouldbetransferredtotheSonicMQ.
deadMessagequeuewhennotedasbeingundeliverable.
nJMS_SonicMQ_notifyUndeliveredSetthisbooleanpropertytotrueforeverymessagethatshouldraiseanadministrationnotificationwhennotedasbeingundeliverable.
nJMS_SonicMQ_undeliveredReasonCodeReadthisintpropertytodeterminewhySonicMQdeclaredthismessageasundeliverable.
Theserversetsthispropertywhenmessagesaremovedtoadeadmessagequeue.
nJMS_SonicMQ_undeliveredTimestampReadthislongpropertytodeterminewhenSonicMQdeclaredthismessageasundeliverable.
Theserversetsthispropertywhenmessagesaremovedtoadeadmessagequeue.
Thesepropertynamesareavailableasstandardconstantsinprogress.
message.
jclient.
Constants.
Table5providesthevaluesfortheseconstants.
Table5.
JMSSonicMQPropertiesJMSSonicMQConstantStringValueNOTIFY_UNDELIVERED"JMS_SonicMQ_notifyUndelivered"PRESERVE_UNDELIVERED"JMS_SonicMQ_preserveUndelivered"UNDELIVERED_REASON_CODE"JMS_SonicMQ_undeliveredReasonCode"UNDELIVERED_TIMESTAMP"JMS_SonicMQ_undeliveredTimestamp"Chapter3:GuaranteeingMessages44SonicMQDeploymentGuideHandlingUndeliveredMessagesThefollowingsequenceofeventsdescribestheprocessSonicMQusestohandleundeliverablemessages:1.
Aconditionoccurswheretheserverdeterminesthemessageisnotdeliverable.
(Seethe"TypesofUndeliveredMessages"sectionforalistofpossiblecauses.
)2.
ThemessageispassedtoaspecialprocessingobjectintheSonicMQserver.
Thatobjectexaminesthemessageheader.
3.
ThespecialprocessingobjectdetermineswhethertopreservethemessageintheDMQ:Themessageischeckedforthebooleanproperty:JMS_SonicMQ_preserveUndeliveredIfthispropertyisTRUE,thenthemessageistransferredtotheSonicMQ.
deadMessagequeuewiththefollowingproperties:JMS_SonicMQ_undeliveredReasonCode=reason_code[int]JMS_SonicMQ_undeliveredTimestamp=GMT_timestamp[long]Seethe"TypesofUndeliveredMessages"sectionforadescriptionofreason_code.
4.
ThespecialprocessingobjectdetermineswhethertosendanotificationthatthemessagehasbeensenttotheDMQorthatthemessagehasexpired:Themessageischeckedforthebooleanproperty:JMS_SonicMQ_notifyUndeliveredIfthispropertyisTRUE,anadministrationnotificationissentwiththefollowinginformation:nReasoncodenMessageID(oftheoriginalmessage)nDestination(oftheoriginalmessage)nTimestamp(ofwhenthemessageunderwentdead-messagehandling)SonicMQDeploymentGuide45HandlingUndeliveredMessagesnNameofserver(wheremessageoriginated)nPreservedboolean(TRUE,ifthemessagewassavedtotheDMQ)ProgrammatichandlingoftheundeliveredmessageeventisdoneusingtheManagementAPIcallsinprogress.
message.
tools.
BrokerManager.
YoumustcreateaclassthatimplementsthecallbackforthebrokerUndeliveredMsgNotificationmethod.
SeethejavadocfortheBrokerManagerclassandIBrokerManagerListenerinterfaceintheprogress.
message.
toolspackageformoreinformationonthesecalls.
SampleScenariosofHandlingDeadMessagesThefollowingsectionsdescribetypicalscenariosinhandlingdeadmessages:n"PreservingExpiredMessagesandThrowinganAdministrationNotification"n"UsingHighPriorityandThrowinganAdministrationNotification"PreservingExpiredMessagesandThrowinganAdministrationNotificationTypically,importantmessageswillbesentPERSISTENTandwillbeflaggedbothtobepreservedonexpirationandtothrowanadministrationnotification.
Thefollowingcodesampleshowshowthismightbedone://CreateaTextMessageforthepayload.
Makesurethemessage//isdeliveredwithin2hours(7,200,000milliseconds).
//Ifexpires,sendanotificationandsavethemessage.
javax.
jms.
TextMessagemsg=session.
createTextMessage();msg.
setText("ThisisatestofnotificationandDMQ");//Set'undelivered'behavior.
Optionally,wecouldhaveusedthe//propertynamesdefinedasstaticfinalStringsin//progress.
messages.
jclient.
Constants.
msg.
setBooleanProperty("JMS_SonicMQ_preserveUndelivered",true);msg.
setBooleanProperty("JMS_SonicMQ_notifyUndelivered",true);Chapter3:GuaranteeingMessages46SonicMQDeploymentGuide//SendthemessagewithPERSISTENT,TimeToLivevalues.
qsender.
send(msg,javax.
jms.
DeliveryMode.
PERSISTENT,javax.
jms.
Message.
DEFAULT_PRIORITY,7200000);UsingHighPriorityandThrowinganAdministrationNotificationThefollowingcodewouldbeusedtosendasmallmessageusinghighpriority,withtheexpectationthatthismessagewillbedeliveredintenminutes.
Inthiscase,weareonlyinterestedinnotificationevents://CreateaBytesMessageforthepayload.
Makesurethemessage//isdeliveredwithin10minutes(600,000milliseconds).
//Ifexpires,sendanotification.
javax.
jms.
TextMessagemsg=session.
createTextMessage();msg.
setText("Testofundeliveredevents");//Set'undelivered'behavior.
Optionally,wecouldhaveusedthe//propertynamesdefinedasstaticfinalStringsin//progress.
messages.
jclient.
Constants.
msg.
setBooleanProperty("JMS_SonicMQ_notifyUndelivered",true);//Sendthemessageforfastdelivery,ornotatall.
qsender.
send(msg,javax.
jms.
DeliveryMode.
NON_PERSISTENT,8,//Expediteatahighpriority600000);//10minutesWhattoDoWhentheDeadMessageQueueFillsUpWhentheDMQfillsup(toitsmaximumqueuesize),theserverstopsprocessingmessagesafterenqueuingthemessagethatcausedtheDMQtoexceeditsmaximumsize.
Inthisway,nomessagesarelost.
SonicMQDeploymentGuide47TypesofUndeliveredMessagesIfaservershutsdownbecausetheDMQisfull,youcanrestarttheserveraftersettingtheDMQ_OVERRIDE_MAXSIZEparameterinthebroker.
inifile.
Theserverthenstartsupwithatemporaryoverrideonthemaximumsizeofthedeadmessagequeue.
Assumingthenewvalueissufficientlylarge,thequeuecanbeprocessedorcleared.
Afterthequeueisprocessed,youshouldrestarttheserverwithitsoriginalsettings.
If,whiletheDMQ_OVERRIDE_MAXSIZEparameterisineffect,themaximumsizeofthedeadmessagequeueischangedadministrativelythroughatoolortheAdministrationAPI,thisnewvalueisstoredinthedatabaseanduseduntiltheserverisshutdown.
IftheDMQ_OVERRIDE_MAXSIZEparameterisremovedbeforerestartingtheserver,thenewstoredvalueisused.
However,iftheDMQ_OVERRIDE_MAXSIZEparameterisleftinplace,itagainoverridesthestoredvalue.
SeetheSonicMQProgrammingGuideforinformationabouthandlingdeadmessagequeuesprogrammatically.
TypesofUndeliveredMessagesThissectiondefinesthevariouscaseswheremessagesaremarkedasundelivered.
Thefollowingsectionsprovidereasoncodesanddescriptionsofeachtypeofundeliveredmessage,includingthescenariosinwhichtheundeliveredmessagemightoccur.
Thetypesofundeliveredmessagesare:nTTLisexpirednRoutingnodeisinvalidnRoutingdestinationisinvalidnConnectioncannotbeestablishedbeforeroutingtimeoutnINDOUBT_TIMEOUTexpiresnConnectionauthenticationfailsnConnectionauthorizationfailsnMessageistoolargeChapter3:GuaranteeingMessages48SonicMQDeploymentGuideOthercaseswheremessagesmightbelostarediscussedattheendofthischapter.
Someofthesetypesofundeliveredmessagesariseinscenariosinvolvingthedynamicroutingarchitecture;thisconceptisdiscussedinPartII,"ImplementingYourDeployment.
"TTLIsExpiredThereasoncodeis:UNDELIVERED_TTL_EXPIREDTheSonicMQserverdeterminesthatamessagehasexpired.
Thisdeadmessageeventisthesimplestcaseandtheonethatmostdevelopersconsiderwhenthinkingaboutdeadmessagequeues.
Whensendingmessages,youcanoptionallysettheparametertimetolive(TTL).
ThisTTLisconvertedtoanexpirationtimeandisstoredinthemessageheader(inGMT).
WhenaSonicMQservertriestodeliveramessage,itnotestheexpirationtime(basedontheGMTascalculatedfromtheserver'ssystemclock)andmightdecidenottodeliverthemessageduetoexpiration.
Checksforexpirationaredoneonlyperiodicallywithinaserver(inordertoavoidextraoverhead).
Messagesarealwaysguaranteednottobedeliverediftheyhaveexpired.
However,theactualtimetheyaremovedtothedeadmessagequeuemightbesignificantlylaterthantheexpirationdateintheheader.
YoucanchangetheQUEUE_CLEANUP_INTERVALparametertoadjustthefrequencyofthesechecks.
NoteReasoncodesaredefinedaspublicfinalstaticintintheprogress.
message.
jclient.
Constantsclass.
SonicMQDeploymentGuide49TypesofUndeliveredMessagesRoutingNodeIsInvalidThereasoncodeis:UNDELIVERED_ROUTING_INVALID_NODEAclienttriestosendamessagetoaremotequeueforwhichnoroutingnodeconnectioninformationexists.
Figure4showsanexampleofthissituation.
Aclienttriestosendamessagetotheremotequeue:Xxx::aQ(RoutingNode=Xxx;Queuename=aQ).
Thismessagegoestotheroutingqueueintheserver,Aaa,whichisshowntohaveanactiveconnectionwithroutingnodeBbb.
Thedesiredroutingnodeconnection,however,isXxx,whichisnotactive,noristheredefaultconnectioninformationforthisnodeintheroutingconnectiontable.
Asaresult,themessageisdeclaredtobeundeliverableandthedeadmessageprocessingwilloccur.
ThemessagewillstayontheserveratAaa.
Figure4.
InvalidRoutingNodeServerRoutingQueueaQanotherQRoutingNode:AaaRoutingNode:BbbClientApplicationcreateQueueSender("Xxx::aQ")ServerRoutingQueueRoutingConnectionsBbb-server:portCcc-server:portsend(msg)ActiveRoutingConnectionChapter3:GuaranteeingMessages50SonicMQDeploymentGuideRoutingDestinationIsInvalidThereasoncodeis:UNDELIVERED_ROUTING_INVALID_DESTINATIONAclienttriestosendamessagetoaremotequeueforwhichtheconnectionexists,butoncethemessagearrivesnoglobalqueueisfoundtoexist.
(Theglobalqueueshouldexistonthereceivingserveroronanotherserverintheroutingnode,ifitiscomprisedofaSonicMQcluster.
)Figure5showsanexampleofthissituation.
Aclienttriestosendamessagetotheremotequeue:Bbb::noQ(RoutingNode=Bbb;Queuename=noQ).
Thismessagegoestotheroutingqueueintheserver,whichfindsanactiveconnectionwithroutingnode,Bbb.
ThemessageismovedtotheserveratroutingnodeBbb.
Whenthisservertriestodeliverthemessage,however,itrealizesthattherearenoglobalqueuesthathavethisname(includingelsewhereinthecluster,iftheroutingnodeisclustered).
Figure5.
InvalidRoutingDestinationServerRoutingQueueaQanotherQRoutingNode:AaaRoutingNode:BbbClientApplicationcreateQueueSender("Bbb::noQ")ServerRoutingQueueRoutingConnectionsBbb-server:portCcc-server:portsend(msg)ActiveRoutingConnectionSonicMQDeploymentGuide51TypesofUndeliveredMessagesAtthispoint,themessageissenttothedeadmessageprocessinglogicontheserveratBbb.
ConnectionCannotBeEstablishedBeforeRoutingTimeoutThereasoncodeis:UNDELIVERED_ROUTING_TIMEOUTAclienttriestosendamessagetoaremotequeueforwhichtheconnectionshouldexist,butcannotbeestablished(orre-established,inthecaseofalostconnection).
Figure6showsanexampleofthissituation.
Aclienttriestosendamessagetotheremotequeue:Bbb::aQ(RoutingNode=Bbb;Queuename=aQ).
Thismessagegoestotheroutingqueueintheserver,whichfindsaconnectionwithroutingnodeBbb.
Whenanattemptismadetousethisconnection,however,itisfoundtobedown(orperhapstimedout).
RepeatedattemptstorestartthisconnectiontotheroutingnodeBbbfail.
Figure6.
BrokenRoutingConnectionServerRoutingQueueaQanotherQRoutingNode:AaaRoutingNode:BbbClientApplicationcreateQueueSender("Bbb::aQ")ServerRoutingQueuesend(msg)BrokenRoutingConnectionXChapter3:GuaranteeingMessages52SonicMQDeploymentGuideIfthefailurescontinueforaconfigurablelengthoftime(theROUTING_TIMEOUTsettinginbroker.
ini),themessageissenttothedeadmessageprocessinglogicontheserverinroutingnodeAaa.
INDOUBT_TIMEOUTExpiresThereasoncodeis:UNDELIVERED_ROUTING_INDOUBTAnetworkfailureorserverfailureoccursafterthesendingserverhassentaPERSISTENTmessage,butbeforeithasreceivedanacknowledgement,causingthemessagetobeinanindoubtstate.
Themessageremainsinthisstateuntilaconnectionisre-establishedbetweenthetwoservers(oruntiltheINDOUBT_TIMEOUTexpires).
Thesendingserverautomaticallytriestore-establishanyconnectionsnecessarytoresolvethestateoftheindoubtmessages.
Untilthisoccurs,however,alltheindoubtmessagesareheldwheretheywillnotbelost.
Thereisnopossibilityofmessageredeliveryduetoanyfailuresituation.
SonicMQhandlesthissituationasfollows:nAspartofserverconfiguration,aparameterexiststhatspecifiesanINDOUBT_TIMEOUT(inseconds).
nAllmessagesthatareintheindoubtstateforaperiodthatexceedsthistimeautomaticallyexpire.
(Typically,allPERSISTENTmessageswouldbeconfiguredtobesenttotheDMQandtoraiseanadministrationnotification.
)nAtnopointarethesemessageslostorinadvertentlyplacedinastatewheretheycanberedelivered.
Theimportantdetailsofthisscenarioinclude:nMessagesareneverredeliveredbySonicMQqueueroutingevenintheeventofnetworkfailure.
nBecauseonlyPERSISENTmessagesaresubjecttothespecialindoubthandling,onlyPERSISTENTmessagescaneverbedeclaredasundeliverablewiththisreasoncode.
nMessagesmaybestoredonasendingserverinanindoubtstate.
SonicMQDeploymentGuide53TypesofUndeliveredMessagesnSonicMQwillattempttore-establishtheserver-to-serverconnectiontoresolveindoubtmessagesevenifanotherserver-to-clusterconnectionhasbeencreatedforthedestinationroutingnode.
nIntheeventofanunsuccessfulattempttore-establishaserver-to-serverconnectionforthepurposeofresolvingindoubtmessages,SonicMQwillwaitthenumberofsecondsspecifiedbytheINDOUBT_RECONNECT_INTERVALparameterbeforeasubsequentattemptismadetore-establishtheconnection.
Thiscycleisrepeateduntileithertheconnectionissuccessfullyre-establishedortheroutingtimeoutinterval(INDOUBT_TIMEOUT)haspassed.
nIfthefailedconnectioncannotbere-established,themessageisoptionallymovedtothedeadmessagequeue,aftertheINDOUBT_TIMEOUT.
However,thereisnoreasonnottohavethisparametersettoalongperiod,astheindoubtresolutionprocessusestheSonicMQjournaltoretainstate.
Evenifbothserversfailandarerestartedintheprocess,atdifferenttimes,guaranteedexactly-oncedeliveryisassured.
nIndoubtmessagesexpireonlyontheoriginal,sendingserver.
Acopyisnotcausedtoexpireonthereceivingserveraspartofthesamenetworkorconnectionfailure.
(However,themessagemightexpirelaterforadifferentreason,forexample,TTL.
)ConnectionAuthenticationFailsThereasoncodeis:UNDELIVERED_ROUTING_CONNECTION_AUTHENTICATION_FAILUREAmessagewithroutinginformationcannotbedeliveredtoaspecifiednodeduetoauthenticationfailure(invalidcredentials).
Theroutingnodenameisvalid(thatis,itdoesexistintheroutingconnectionsdatabase).
However,theroutingconnectionfailsbecausetheserverbeingconnectedtorefusestheconnectionduetoinvalidcredentials.
Figure7showsanexampleofthissituation.
Chapter3:GuaranteeingMessages54SonicMQDeploymentGuideAclienttriestosendamessagetotheremotequeue:Bbb::aQ(RoutingNode=Bbb;Queuename=aQ).
ThismessagegoestotheroutingqueueintheserverforroutingnodeAaa.
ThisserverattemptstocreateanewconnectiontoroutingnodeBbb.
TheconnectioninformationforBbbisretrievedfromtheroutingconnectiontableatAaa,whichindicatesthattheconnectiontoBbbshouldbedonewithuser=AcmeCoandpassword=pwd.
TheserveratroutingnodeBbb,however,doesnothavethisuser/passwordcombinationinitstableofroutingusers.
Theconnectionisrefused,andthemessageissenttothedeadmessageprocessinglogicontheserverinroutingnodeAaa.
Figure7.
FailedConnectionAuthenticationServerRoutingQueueaQanotherQRoutingNode:AaaRoutingNode:BbbClientApplicationcreateQueueSender("Bbb::aQ")ServerRoutingQueuesend(msg)ConnectionAttemptFailedRoutingConnectionTableRoutingNode:BbbUser:AcmeCoPassword:pwdXRoutingUserTableNoentryforuserAcmeCo,orinvalidpasswordAcmeCoSonicMQDeploymentGuide55TypesofUndeliveredMessagesConnectionAuthorizationFailsThereasoncodeis:UNDELIVERED_ROUTING_CONNECTION_AUTHORIZATION_FAILUREAmessagewithroutinginformationcannotbedeliveredtoaspecifiednodeduetoauthorizationfailure(insufficientprivileges).
Theroutingnodenameisvalid(thatis,itdoesexistintheroutingconnectionsdatabase).
Aconnectioncouldindeedbemade,andauthenticated,atthatroutingnode.
However,theRoutingNodeNameofthesenderdoesnotmatchtheRoutingNodeNameinthereceiver'sroutingusersecuritydatabase.
Figure8showsanexampleofthissituation.
Aclienttriestosendamessagetotheremotequeue:Bbb::aQ(RoutingNode=Bbb;Queuename=aQ).
ThismessagegoestotheroutingqueueintheserverforroutingnodeAaa.
ThisserverattemptstocreateanewconnectiontoroutingnodeBbb.
Figure8.
FailedConnectionAuthorizationServerRoutingQueueaQanotherQRoutingNode:AaaRoutingNode:BbbClientApplicationcreateQueueSender("Bbb::aQ")ServerRoutingQueuesend(msg)ConnectionAttemptFailedRoutingConnectionTableRoutingNode:BbbUser:AcmeCoPassword:pwdXRoutingUserTableUser:AcmeCoRoutingNode:XxxPassword:pwdAcmeCoChapter3:GuaranteeingMessages56SonicMQDeploymentGuideTheconnectioninformationforBbbisretrievedfromtheroutingconnectiontableatAaa,whichindicatesthattheconnectiontoBbbshouldbedonewithuser=AcmeCoandpassword=pwd.
Thisconnectionattempthasthecorrectcredentials,andtheserveratroutingnodeBbbdoesrecognizeAcmeCoasavaliduserwithpropercredentials.
However,thetableofroutingusersindicatesthattheassociatedroutingnodemustbeXxx(andnotAaa).
Theconnectionisrefused,andthemessageissenttothedeadmessageprocessinglogicontheserverinroutingnodeAaa.
MessageisTooLargeThereasoncodeis:UNDELIVERED_MESSAGE_TOO_LARGEAnattemptismadetoenqueueamessagethatislargerthanthemaximumsizeofaqueue.
Normally,anattempttoenqueueamessagelargerthanthemaximumqueuesizewouldcauseanexceptiontothesender.
However,ifthesenderisanotherserver,asisthecasewithrouting,thenthesendercannotcatchtheJMSException.
Instead,themessageissenttotheDMQontheroutingserver.
Figure9.
MessageisTooLargeServerRoutingQueueaQanotherQRoutingNode:AaaRoutingNode:BbbClientApplicationcreateQueueSender("Bbb::aQ")ServerRoutingConnectionsBbb-broker:portCcc-broker:portsend(msg)RoutingQueueXReferredMessageTooLargeSonicMQDeploymentGuide57TypesofUndeliveredMessagesInFigure9aclienttriestosendamessagetotheremotequeue:Bbb::aQ(RoutingNode=Bbb;Queuename=aQ).
However,themessagecannotbeacceptedbyBbbbecausethemessagesizeisbiggerthanthemaximumsizeofthequeue.
ThiseventwouldnormallycauseaJMSExceptiontobethrowntothesender.
However,becausethesenderinthiscaseisanotherserver,itcannotcatchtheJMSException.
ThemessageissenttotheDMQofthesendingserver,Aaa.
OtherCasesWhereMessagesMightBeLostThefollowingquestionsprovideinformationaboutcaseswheremessagesmightbelost.
WhataretheJMSDestinationandJMSExpirationvaluesforexpiredmessagesWhenmessagesareenqueuedintheDMQtheyretaintheiroriginaldestinationandJMSExpirationvalue.
MakesurethatQueueBrowsersandQueueReceiversontheDMQcheckthe(javax.
jms.
Message)m.
getJMSDestination()fortheoriginalqueue.
Also,checkingm.
getJMSExpiration()willalwaysyieldatimeinthepast.
CantheDMQbeusedina"DenialofServiceAttack"toshutdowntheserverIfaroutinguserdoesnothavepermissionstowritetoaparticularqueue,messagesarrivingfromthisroutingnodewillbedroppedregardlessoftheirJMS_SonicMQ_preserveUndeliveredproperty.
Thatis,theywillnotgototheDMQ.
ArethereothercaseswheremessageswithasettingforJMS_SonicMQ_preserveUndeliveredarelostMessagessentwithaNON_PERSISTENTdeliverymodearesubjecttoalowerqualityofservicethanPERSISTENTmessages.
TheDMQisdesignedtoactlikeanyotherqueueinSonicMQ(exceptwherespecificallynotedNoteThisundeliveredmessagereasoncodedoesnotapplytothecasewhereaqueueisfillingupandtheremainingspaceistoosmallforthemessage.
Inthatevent,flowcontrolisimplementedandthemessagedoesnotgototheDMQ.
Chapter3:GuaranteeingMessages58SonicMQDeploymentGuidepreviously).
Therefore,NON_PERSISTENTmessagesinthequeuewillnotberetainedaftereitheraplannedorunplannedshutdownoftheserver.
Thesemessagesmustbeprocessedinthesameserversessionwheretheyoccurred,otherwisetheywillbediscarded.
Iftheserversstayup,butthenetworkfails,canmessagesbelostThereisonecasewherethiscanhappenwhenmessagesaresentwithaNON_PERSISTENTdeliverymode.
Whenroutingoccursbetweenservers,NON_PERSISTENTmessagesarenotsubjecttothesamelevelofacknowledgementasPERSISTENTmessages.
Inthiscase,oneroutingnodecouldsendaNON_PERSISTENTmessagetoanothernodeandthenetworkcouldfail.
Additionalmessageswillbeblockedattheoriginatingserverpendingre-establishingtheconnection,butamessagethatwasindoubtmightbelostifitwassentwithaNON_PERSISTENTdeliverymode.
SonicMQDeploymentGuide59Chapter4FailoverandLoadBalancingSonicMQimplementstwofeatureswhichyoucanusesinglyortogethertouseyourresourcesefficientlyandreliably:nConnect-timefailoverletsaclient(orroutingnode)connecttoanyserverinalistthatyousupply,soaconnectioncanbemadeevenifsomeoftheserversinthelistarenotavailable.
Thisiscoveredinthe"Connect-timeFailover"section.
nLoadbalancingletsaclient(oraserveractingasaclient)beredirectedtoanotherserverforthepurposeofredistributingload.
Thisiscoveredinthe"LoadBalancing"section.
Connect-timeFailoverConnect-timefailoverisbasedonaclient(orroutingconnection)specifyingalistofserversinaclustertowhichitmightinitiallyconnect.
Ifoneconnectionattemptfails,otherconnectionsfromthelistwillbetrieduntileitheraconnectionismadeoratimeoutconditionterminatestheattempts.
Youcanspecifyalistaccessmethod,whichdetermineswhichserverwillbetriedfirst.
Thiscanbeeithersequentialorrandom.
Withthesequentialmethod,thefirstserverinthelistwillbetriedfirst.
Sequentialstartissimplestandworkswellformostapplications.
Withrandomorder,theserverfirsttriedwillbeselectedrandomly.
Randomstartcanbeusedtoincreasethroughputforhigh-trafficscenariosbynotoverloadingtheserversatthestartofthelist.
Witheithersequentialorrandomstart,subsequentconnectionattemptswillbemadeintheorderinwhichtheserversoccurinthelist.
Chapter4:FailoverandLoadBalancing60SonicMQDeploymentGuideFailoverandRoutingForroutingconnections,oneserveractsasaclientandtheotherserverisusuallypartofacluster.
Figure10showsaroutingtablewithsequentialfailoverselectedfortwoconnections.
DefiningtheListofConnectionURLsAlloutboundroutingconnectionsfromaroutingnodecanbeconfiguredwithintheroutingnodeattheserverorattheconfigurationserverforthecluster.
Figure10.
FailoverandLoadBalancingforaRoutingNodeSonicMQDeploymentGuide61LoadBalancingWhenyoucreateaload-balancedconnectiontoaclient,theConnectionURLlistparameterletsyouconnecttothefirstavailableserverinalist,whichinmostcasesmapstoasubsetofacluster.
ThelistofserverConnectionURLsisseparatedbycommas.
Thelistcanbeupto4,000characterslong,andeachelementmustbeavalidURL.
ThefollowingexampleisavalidconnectionURLlist:myserver1:2506,myserver2:2507ClientAccesstoFailoverConnectionsItisalsopossibletousefailoverconnectionsfromamessagingclient.
ThisfeatureisavailablefromtheConnectionFactoryobjectsandisspecifictotheSonicMQAPIs.
ItisnotJMS-standard.
Thespecificsonusingloadbalancingfromaclientcanbefoundinthejavadocfortheprogress.
message.
jclientpackage.
TherelevantclassesandmethodsforbothTopicConnectionFactoryandQueueConnectionFactoryare:nsetConnectionURLs(…)andgetConnectionURLs()nsetSequential(…)andgetSequential()LoadBalancingLoadbalancingisamethodofdistributingconnectionsoverseveralserversinaclustertoavoidcreatingabottleneckthatmightresultfromoverloadingaserver.
SonicMQimplementsloadbalancingbyusingaround-robinalgorithm.
Loadbalancingoccursatconnectiontimeandcannotbedynamicallychangedwithoutclosingtheconnectionandcreatinganewone.
Bydefault,round-robinloadbalancingisenabledforallservers.
Toturnoffloadbalancingataserver,settheENABLE_LOADBALANCINGpropertytoFALSEinthebroker.
inifile.
Theclient(orroutingconnection)mustexplicitlyaskforloadbalancingaspartoftheconnectionsettings.
Youcanreconfigureaclusterwhiletheround-robinloadbalancingagentisrunning:theagentwillincludenewserversforround-robinconnectionsandstopredirectingconnectionstoserversthathaveleftthecluster.
Chapter4:FailoverandLoadBalancing62SonicMQDeploymentGuideIftheload-balancingparameterforaconnectionissettoTRUE,loadbalancingisenabledfortheconnection.
Thisindicatesthattheclient(orserveractingasaclient)iswillingtohaveitsconnectionredirectedtoadifferentserver.
Ifloadbalancingisenabledontheserverside,aclientcanstillexplicitlyenableordisableloadbalancingforaparticularconnectionrequest.
Theredirectionhappenstransparentlytotheclient.
LoadBalancingandRoutingConnectionbalancingisperformedwithinacluster.
Connectionsarebidirectionalandarereusedasmuchaspossibleforrouting.
Whenyouconnecttoaserverinaclusterthathasloadbalancingenabledandaskforaload-balancedconnection,youarereturnedaURLthatredirectsyoutoadifferentserverinthecluster.
TheredirectedURLwillbethedefaultacceptorforthatserver.
Thatis,iftheserversintheclusterhavemultipleacceptorsdefined(NUM_ACCEPTORS=n,wheren>1),onlythefirstacceptorisusedforredirectingaconnection.
Figure10onpage60showsaroutingtablewithloadbalancingselected.
ClientAccesstoLoad-balancedConnectionsYoucanalsouseload-balancedconnectionsfromaclient.
Youshouldnotenableloadbalancingifyourclientapplicationalwayshastoconnecttothesamephysicalserver.
ThisfeatureisavailablefromtheConnectionFactoryobjectsandisspecifictotheSonicMQAPIs.
ItisnotJMS-standard.
Thespecificsonusingloadbalancingfromaclientcanbefoundinthejavadocfortheprogress.
message.
jclientpackage.
TherelevantclassesandmethodsforbothTopicConnectionFactoryandQueueConnectionFactoryaresetLoadBalancing(…)andgetLoadBalancing().
SonicMQDeploymentGuide63AfterConnectingAfterConnectingOnceyouhaveaload-balancedorfailoverconnection,youcanquerywheretheconnectionendedupbyusingthegetbrokerURL()methodontheconnection.
NoteFailovercanspecifyalistofserversthatmayormaynotbepartofacluster.
However,loadbalancingcanonlyoccuracrossclusteredservers.
Chapter4:FailoverandLoadBalancing64SonicMQDeploymentGuideSonicMQDeploymentGuide65Chapter5SecurityThischapterconsistsofanumberofsectionsdealingwithsecuritytopics:n"SonicMQSecurityBasics"givesadetailedoverviewofthewaySonicMQhelpsyouaddresssecurityconcerns.
n"Client-sideSecurityIssues"dealswithHTTPtunneling,andforwardandreverseproxies.
n"SignedApplets"givesdetailsonhowtousesignedappletsandJavaplug-instoovercometheJavasandboxsecurityrestriction.
n"Certificate-basedMutualAuthentication"describeshowSonicMQsupportsmutualauthenticationforbothsidesofanSSLconnection.
n"Password-basedEncryption(PBE)Tool"describesacommandlinetoolforencryptingtheSonicMQbroker.
inifile.
n"SSLSupport"mentionsSonicMQ'ssupportforIAIKSSLanddirectsyoutoconfigurationinformation.
n"CertificateManagementTools"mentionstheGUItoolsformanagingSSLcertificatesanddirectsyoutousageinformation.
SonicMQSecurityBasicsInacommonSonicMQconfiguration,oneapplicationcommunicatesasynchronouslywithanotheracrosstheInternet.
TheSonicMQclientembeddedinanapplicationcommunicateswithanotherapplicationbysendingmessagestoamessageserver.
OneormoreSonicMQclientsthenconsumeChapter5:Security66SonicMQDeploymentGuidemessagesfromtheserver.
AlltheseapplicationsareclientsofaSonicMQserver.
TheNeedforSecurityThebusinessdataencapsulatedinamessagemightbeofahighlyconfidentialnature.
Acompany'scontinuedsuccessdependsonretainingprivateinformationsuchasacustomer'screditcardnumber,designspecificationsforanupcomingproduct,orthedetailsofasealedbid.
Youmustalsoensuretheintegrityofbusinessinformation;thatis,youmustpreventanattackerfromchangingthecontentofamessage.
Inadditiontomaintainingtheprivacyandintegrityofmessages,amessagingsystemmustbeconfiguredtopreventmalicioususersfromcompromisingyourcomputersysteminsomeotherway,suchasbyaccessingadatabaseorerasingfiles.
SecurityToolsSonicMQsuppliestoolsthatallowyouto:nProtectmessagessentanddeliverednSecuretheconnectionsoverwhichthemessagestravelnLimitaccesstothemessagingsystemtoauthorizedusersonlynLimitaccesstospecificmessagestoauthorizedusersonlySonicMQalsoworkswiththird-partyfirewallproductsthatenableyoutoprotectyourinternalnetworkfromindividualswithmaliciousintent.
ThischapterdescribeshowyoucanusethesesecuritytoolstoprotectyourSonicMQapplications.
OverallSecurityPolicySecuringaSonicMQapplicationshouldbepartofanoverallcorporatesecuritystrategythatprotectsnotonlytheSonicMQserver,butalsoallapplicationsanddatathatacorporationwantstoshieldfromattack.
Afterall,aWebsiteisjustapublicplaceonacorporatenetworkallowingaccesstoInternetusers.
SonicMQDeploymentGuide67SonicMQSecurityBasicsLongbeforeSonicMQisdeployedonacorporatenetwork,theadministratorofthenetworkshouldrecognizethatsignificantthreatsexistandthatsecuritysolutionsareneededtolowertheriskofsomeonegainingillegalaccesstothecorporatenetwork.
Inshort,theadministratormustrealizetheneedforasetofcorporatesecurityrulesthatdictateswhatisandisnotallowedtohappenonthecorporatenetwork.
Thereshouldbeatleastonepersonatyoursitewhosejobitistoadministersecurity.
ThatpersonistheSecurityAdministrator.
TheSecurityAdministratormanagesSonicMQsecuritybyusingtheSonicMQExplorer,theAdminTool,ortheManagementAPI.
Theadministrativetoolconnectstoaserverthatcentrallyadministersmessagesecurity.
Ifyouareusingaclusterofservers,theconfigurationserverhandlessecurityadministrationfortheentirecluster.
WhenmanypeoplethinkaboutsecuringanInternetapplication,thefirstthingtheyconsiderissettingupafirewall.
Establishingandimplementingfirewallarchitectureisanimportantandcomplextopic,andthisdocumentdevotesamajorsubsectiontoit.
Othersecurityissuesincludingauthentication,authorization,andencryptionarecoveredintheSonicMQInstallationandAdministrationGuide.
CorporateSecurityPolicyThefirststepinensuringcorporatesecurityistoformasecuritypolicy.
Asecuritypolicyisasetofrulesthatdefinesaccesstoandfromacorporatenetwork.
Asecuritypolicymustbalancetherisksandbenefitsofdistributedinformationandestablishacceptableguidelinesforemployeebehavior.
Asecuritypolicyoftenlimitsthefreedomthatexternal(typicallyInternet)usershavetocorporatedataandlimitstheaccessthatinternalusershavetocorporateorexternalsourcesofdata.
Forexample,youmightnotwanttoallowTELNETrequestsintoyourcorporateWebsite.
Inaddition,youmightnotwantcorporateuserstoaccessparticularWebsitesavailableontheInternet.
Bothoftheseareexamplesofrulesthatshouldbedefinedinyoursecuritypolicy.
Afterdeterminingthepolicyyouwanttoadopt,itistimetoimplementit.
Chapter5:Security68SonicMQDeploymentGuideSecurityIssuesCoveredElsewhereAnumberofsecurityissuesthatyoumustconsiderarecoveredintheSonicMQInstallationandAdministrationGuide.
Theseinclude:nUserauthenticationnUserauthorizationnEncryptionatthemessagelevelnQualityofProtection(QoP)nAccesscontrollistsSSLSupportSonicMQsupportsencryptionattheconnectionlevelthroughSSL.
SonicMQshipswithBSAFE-JSSLbyRSASecuritytoinsuresecureconnections.
SonicMQalsosupports(butdoesnotinclude)IAIK(InstituteforAppliedInformationProcessingandCommunications)SSL.
SeetheSonicMQInstallationandAdministrationGuideformoreinformationaboutSSLandfordirectionsforconfiguringSSL.
CertificateManagementToolsSonicMQsupportsasuiteofCertificateManagementToolswhichareintegratedintotheExploreradministrationtool.
ForinformationontheCertificateManagementTools,seetheSonicMQInstallationandAdministrationGuide.
SecuringtheSonicMQDataStoreTokeepaSonicMQinstallationsecure,thedatastoremustbesecuresinceitcontainssensitiveinformationsuchas:nPersistentmessagesnUsernamesandpasswordsnAccesscontrollistsOnewaytosecurethedatastoreistolimitaccesstoit.
Inadditiontomaintainingtheaccesscontrollistsinasecuremanner,youalsoneedtolimitSonicMQDeploymentGuide69SonicMQSecurityBasicsaccesstothepersistentdatastorethroughothermeans.
IfyouareusinganexternalDBMS,youshoulduseaseparatedatabaseforSonicMQsecurityandyoushouldrestrictaccesstothedatabasetoSonicMQclientsonly.
MaintainingSecurityAftersettingupyourfirewallandimplementingyoursecuritypolicy,itiscriticaltokeepthesystemworkingproperly.
Herearesometipsformaintainingyoursecuritysystem:nPerformregularsystembackups.
Ifasystemispenetrated,thiswillenableyoutorecoverinformationthathasbeenhackedordestroyed.
nManageuseraccountsproperly.
Personnelcomeandgofromcompanies,sobesuretocloseaccountsquicklysotheycannotbeexploited.
nKeephardwareandsoftwareuptodate.
Ashackersfindnewwaystoexploitperimeterdefenses,thecompanieswhoproducethedefensesreleasenewproductstopreventthosebreak-ins.
Ifyoufailtoupgradeyourdefenses,youleaveyournetworkopentodamagebyhackersexploitingwell-knownproblems.
nMonitorlogfiles,audittrails,andalarms.
Thesearethemechanismsthatafirewallanditscomponentsusetoenableanetworkadministratortodiscoverpotentialproblems.
Payattentiontothem.
Theymightalertyoutopotentialproblemsbeforeanydamageisdone.
nRespondtoattackers.
Ifyouidentifythesourceofanattack,alerttheappropriateInternetserviceprovider.
FirewallArchitectureBasicsFirewallimplementationscanbedesignedusingavarietyofarchitectures.
Toensurethehighestlevelofsecurityyoushoulduseascreenedsubnetarchitecturetosetupyourfirewall.
Figure11showsatypicalscreenedsubnetarchitectureusinganexteriorrouter(sometimescalledanaccessrouter)andaninteriorrouter(sometimescalledachokerouter).
OneofthemostimportantfeaturesinthisdiagramistheDemilitarizedZone(DMZ).
Itsjobistoprovideamedium-securityzonethatisaccessibletotheChapter5:Security70SonicMQDeploymentGuideInternetwhileisolatingyourapplication.
IfsomeonedoesgetintoyourDMZmachine,yourapplicationdataissafeontheinsidenetwork.
TheDMZareaisprotectedbythefirewall,butdoesnotexposetheportsusedtocommunicatewiththeinside(mostsecure)networktotheoutside(leastsecure)world.
AnimportantcomponentoftheDMZisthebastionhost,ahostmachinewhoseaddressisknownontheInternet.
Duetoitsexposedposition,itisfortifiedbyremovinganyunnecessaryapplicationsthatmightcompromisesecurity.
Manyvariationsofthisarchitectureexist.
Thisdiagramoutlinesonlythemostcommontypeofscreenedsubnetarchitecture.
ThisarchitectureusesaDMZtogivetwomajoradvantages:BycreatingaseparatenetworkasaDMZ,youcansetupaconfigurationthatusesbothpacketfilteringandproxyservertechnology.
ThishelpswiththediversityofyourdefensesandmakesyourinternalnetworkveryhardforFigure11.
ScreenedSubnetArchitectureFirewallInternet(OutsideNetwork)ExteriorRouterInternalHostInteriorRouterBastionHostInternalHostPrivate(InsideNetwork)DMZSonicMQDeploymentGuide71SonicMQSecurityBasicsoutsideuserstoreach.
Manyofthecurrentfirewallproductsuseacombinationoftechniquessothatyoucancustomizeyoursystemtomeetyoursecuritycriteria.
ADMZminimizestheimpacttoyourinternalnetworkifthebastionhostiscompromised.
ThisDMZcancontainanothernetwork,aseriesofrouters,orevenanotherfirewalltoaddanotherlevelofsecurityprotectionshouldthebastionhostbecompromised.
Inrecentyears,ithasbecomecommonpracticetoaddadditionalDMZmachinesornetworkstosomefirewallconfigurations.
Thevalueofthispracticeiscontroversial.
ThemainreasonitisdoneistosetupaspecialDMZnetworkforparticularuserscominginfromtheoutsidenetwork.
Forexample,ifyouhaveaspecialpartnershipwithacompanycalledAcmeProducts,youmightwanttosetupaspecialareaforthemtoaccessthroughtheInternet.
ThefirewallcanbeconfiguredtoallowtrafficfromtheAcmecorporateIPaddresstoaspecialDMZnetworkwhereyoumightallowthemaccesstomoreoftheinsidenetworkthanusersroutedtothenormalDMZnetwork.
Thedisadvantagehereisthatyoucomplicatethesetofrulesthatthefirewallhastodealwithandopenmoreholesinthefirewalltobeexploited.
Usethisvariationofthescreenedsubnetarchitecturewithcare.
ThescreenedsubnetarchitectureiswellsuitedforaSonicMQconfigurationbecauseitallowsyoutoseparateapplicationcomponentsfromeachotherandprotectthemindividually.
Figure12showsasamplebrowser-basedapplicationforprocessingorderentries.
Chapter5:Security72SonicMQDeploymentGuideWiththisscreenedsubnetarchitecture,theSonicMQserverandWebservercanberemovedfromtheinsidenetwork,wherethedatabases,applicationcode,andsensitiveprivatedatareside.
Theyareremovedtoanareaofmediumsecuritywheretheycanstillbridgethegapbetweentheenduser'sWebbrowserlookingfororderstatusandtheapplicationcodeanddata.
However,ifthenetworktheyresideoniscompromised,thedatabasefortheorder-entrysystemandtheapplicationtoaccessitarestillprotected.
SonicMQFirewallArchitectureThebestsolutionwhenbuildingafirewallisseldomasingletechnique.
Itisusuallyacombinationoftechniquesimplementedtosolvetheuserrequirementsataparticularsite.
TherecommendedSonicMQfirewallarchitectureisavariationofthescreenedsubnetarchitecture.
Thisarchitectureissometimescalledathree-leggedarchitectureinthatitdealswiththreemainnetworks:theoutsidenetwork(leastFigure12.
ScreenedSubnetArchitecturewithSonicMQInternet(OutsideNetwork)ScreeningRouterBastionHostWebServerSonicMQServerInternalHostApplicationServerOrderEntryApplicationDataSinglePointofFailurePrivate(InsideNetwork)FirewallSonicMQDeploymentGuide73SonicMQSecurityBasicssecure),theinsidenetwork(mostsecure),andtheDMZ(mediumsecurity).
WhendesigninganarchitectureforprotectingyourSonicMQconfigurations,youmighthavetomakecompromisestosuittheneedsofyourparticularusers.
Recognizingthatfact,Progressrecommendsanarchitecturethatisasrobustaspossible,butthatstillprovidesthebestfirewallsecuritystrategy.
Thisrobustnessisbuiltintothefirewallarchitecturebyusingnetworkhubsandnetworkroutersplacedatvariouslocations.
Addingnetworkhubsallowsyoutoreconfigureyourfirewallsystemastheneedarisesandlimitsthenumberofchangesthatwillberequiredwhenthistimecomes.
Forexample,sitesecuritypoliciesmightrequireyoutoaddanothermachinetotheDMZnetwork.
IfyouhaveanetworkhubinplaceonyourDMZnetwork,youcansimplyaddtheothermachinetothehub,andnootherrewiringorconfigurationisnecessary.
Addingnetworkroutersinvolvesaddingextrasecuritymeasuresaswell.
Thisisprimarilybecausemostroutersincludesoftwarethatallowsyoutoaddaccessrulesandtonotifyasystemadministratoraboutpotentialattacks.
Thisarchitecturealsogivesyouadepthtoyourfirewall;thatis,ithasseveralpointswhereyoucanmakesecuritycheckssothatasinglefailurewillnotleaveyoursystemopentomaliciousattacks.
MachinesthatresideintheDMZandhosttheWebserverandtheSonicMQserversshouldbebattle-hardened.
Thatis,youshoulddisableFTPaccessandremoveanyunnecessarysoftwarethatpresentssecurityrisks.
Youshouldimplementthisarchitecturewithadiversityofdefensesinmind.
Itisnotonlyimportanttouseanumberofdifferentsystemsforyourfirewalldefense,butalsotousehardwareandsoftwarefromdifferentvendors.
Thereasonfordoingthisissimple:Theremightbeabuginaparticularvendor'shardwareorsoftwarethatcancompromiseyoursystem.
Havingsystemsfromdifferentvendorsreducestheriskofyourwholesystembeingopentosomeonewhousesthatbugtocompromiseyoursystem.
Forexample,usearouterfromonevendoronyourlinetotheInternet(yourexternalrouter),butuseanotherrouterfromanothervendoronthelinetoyourinsidenetwork(yourinternalrouter).
Ifsomeonegainsaccessfromtheoutsidebyexploitingarouterbugintheexternalrouter,theywillnotbeabletoexploitthesamebugtogainaccesstotheinsideLAN,whichhasarouterbyadifferentvendor.
Figure13showsarecommendedfirewallarchitecturefortheserversideofatypicalSonicMQserverconfiguration.
Chapter5:Security74SonicMQDeploymentGuideWiththismodel,thefirewallsoftwareisperformingtheroleofbothaninteriorrouterandanexteriorrouter.
Dependingonyourneeds,youmightwanttohavetheSonicMQserverplacedinyourprivateinsidenetworkwhereyoucouldinstallitonamachinenon-battle-hardenedmachine.
Youcandothisusinganoff-the-shelfreverseproxyFigure13.
RecommendedArchitecture:VariationIFirewallExteriorRouter(Optional)HubInternet(OutsideNetwork)BastionHostFirewallSoftwareHubDMZMachineSonicMQServerWebServer(Optional)SonicMQDataHubInteriorRouter(Optional)InternalHostInternalHostApplicationApplicationDataPrivate(InsideNetwork)SonicMQDeploymentGuide75SonicMQSecurityBasicsserver.
SeetheSonicMQReleaseNotesforthelatestinformationaboutsupportedreverseproxyserversforSonicMQ.
Ifyouchoosetovarythescreenedsubnetarchitecture,youcouldplacethereverseproxyserverintheDMZandtheSonicMQserverintheinsidenetwork,asshowninFigure14.
Figure14.
RecommendedArchitecture:VariationIIFirewallExteriorRouter(Optional)HubInternet(OutsideNetwork)BastionHostFirewallSoftwareHubInteriorRouter(Optional)InternalHostApplicationApplicationDataPrivate(InsideNetwork)InternalHostSonicMQServerSonicMQDataStoreHubDMZMachineReverseProxyWebServer(Optional)Chapter5:Security76SonicMQDeploymentGuideAdvantagesoftheScreenedSubnetArchitectureThescreenedsubnetarchitectureismoresecurethanrouter-basedsolutionsbecausetoday'sfirewallsoftwareproductsprovidemuchbetterprotectionthanthesoftwaretypicallyusedonastandardrouter.
IntherecommendedSonicMQfirewallarchitecture,ahost-basedPCorUNIXworkstationhoststhefirewallsoftware.
ThisallowsWebsitesthatcannotaffordexpensivehardwaretoimplementthisarchitectureeffectively.
However,youmightwanttoaddoptionalrouterstotherecommendedarchitecture,dependingonthecomplexityofyourinternalnetworkoryourbudget.
Thisprovidesanoutstandingwaytoaddextralevelsofdefense.
Inthefirstrecommendedvariation,theWebserverandtheSonicMQserverresideintheDMZ.
InternetuserscanaccesstheseportionsoftheSonicMQapplication,butcannotdirectlyaccessthemainportionofyourSonicMQapplication.
ThefirewallisconfiguredsothatonlytheSonicMQserversthemselvesareallowedtotalkwiththeinsidenetwork.
Theremainderoftheapplicationresidesontheinsidenetwork.
IntheFigure13,thecomponentsallresideononehostmachine.
Inthesecondrecommendedvariation,theSonicMQserverresidesintheprivateinsidenetwork,anditsaddressremainsunknowntoInternetuserswhocommunicatewithitthroughthereverseproxyserver.
Ineffect,thisaddsanextralayerofsecuritytoyourSonicMQapplication.
SettingtheFirewallRulesforaSonicMQApplicationThissectionexplainshowtousethefirewalltoprotecttheDMZfromtheoutsidenetworkandusingtheDMZtoprotecttheinsidenetwork.
Youmustdevelopasetofrulestogivetothefirewalltosetupthisprotection.
Eachfirewallsystem(hardwareorsoftware)willhavedifferentwaystosetuptheserules.
Checkthedocumentationfortheproductyouareusing.
Tosetupyourfirewall,startthefirewallsoftwarewithnorulesdefined.
Thensystematicallyaddrulesandtesteachruleasitisadded.
Whenyouinitializethefirewallandtherearenorulesdefined,youshouldnotbeableaccessanyhostmachinefromtheoutsidenetwork.
SonicMQDeploymentGuide77SonicMQSecurityBasicsMostfirewallproductsrequireyoutoconfigureaDomainNameService(DNS),whichrunsonvirtuallyallhostmachines.
IttranslatestheIPaddressassociatedwithamachinetoalogicalname.
YoushoulduseDNSnamestoavoidhavingtorepeatedlysupply10-digitIPaddresses.
AddingandTestingYourSonicMQ-specificRulesOnceyouhaveconfiguredDNS(ifrequired)youarereadytodefineyourrules.
ThereareavarietyofwaystotestgenericrulesforapplicationsincludingHTTP,FTP,andTELNET.
ThefirstruleyousetupshouldallowaccessfromtheoutsidenetworktotheWebserverontheDMZ.
Onceyouhavesetupthisrule,testitbystartingaclientontheoutsidenetworkandhaveitconnecttotheDMZmachine.
Thiscanbedonebypingingthemachine,orifpingisnotsupported,bytelnetingtotheport.
Iftheconnectionissuccessful,proceedtothenextrule.
Ifnot,recheckyourrulesinthefirewallrulesdatabase.
Beginaddingtherulesandtestyourconfigurationafteraddingeachone.
Dependingonyourfirewall,youmightneedtosaveandreconfigureafteraddingeachrule.
Ifyoudonot,therulemightnotbeappliedandtheresultcouldbeconfusing.
Onceyouhavesuppliedtheserulestoyourfirewallsoftware,youcantestyourSonicMQconfigurationcomponentstogether.
Allfirewallproductskeepextensivelogfiles.
Ifyoumakeamistake,usethelogfilestotellyouwhichcomponentsaretryingtoaccessrestrictedports.
Closeanyportsyoumighthaveopenedwhenyoudefinedyourrules.
Ifyouinadvertentlyleavetheportsopen,theseholesmightbeexploitedforattacks.
Chapter5:Security78SonicMQDeploymentGuideClient-sideSecurityIssuesClient-sidesecurityinvolvesthefollowingtopics:nHTTPtunnelingnUseofforwardproxiesnUseofreverseproxiesHTTPOverviewSonicMQinsulatesthedetailsoftheprotocollayerfromtheapplicationdeveloper.
Whichprotocollayeristobeusedontheclient-sideisdeterminedentirelybyhowyouspecifythemessageserver'sURLtotheclientapplication.
TheHypertextTransferProtocol(HTTP),liketheTCPandSSLprotocols,isalwaysavailabletotheclientapplication.
Fromthedeveloper'sperspectiveallthreeprotocolsbehavethesameway.
Synchronousandasynchronouscommunicationsarebothavailableregardlessoftheprotocolchoice,andtheapplicationdoesnotrequirespecialcodingtoaccommodatetheprotocol.
Byserverdesignorbycompanysecuritypolicy,proxyserversandfirewallsfrequentlyonlyallowHTTP-basedtraffictopassthrough.
YoucanestablishadirectconnectionbetweenclientandserverusingHTTPTunnelingastheprotocol,asshowninFigure15.
However,becausetheHTTPtunnelingprotocolissignificantlyslowerthanTCPorSSL,thisoptionisonlyrecommendedwhenTCPandSSLprotocolsarenotavailable.
Figure15.
DirectHTTPConnectionHTTPSonicMQServerClientSonicMQDeploymentGuide79Client-sideSecurityIssuesTodeployontheInternet,youusuallyuseHTTP.
InFigure16,theproxyserverandfirewallareoptionalcomponents.
ThediagramshowsthatiftheSonicMQserverisgoingtodirectlyprocessmessagesreceivedfromtheclientsovertheInternet,itmustbedeployedasifitwereaWebserver.
Itmustresideonasysteminyourdemilitarizedzone(DMZ),andnotonyourintranet.
TherequirementthatamessagingserverresideintheDMZcanberemovedifyouplaceareverseproxyserverinyourDMZanduseittore-directdatatraffictoaserverrunningonyourintranet,asshowninFigure17.
SomeWebserverscanbeconfiguredtofunctionasareverseproxyserveraswellasaWebserver.
Figure16.
InternetDeploymentwithProxyServerandFirewallInternetProxyServerHTTPHTTPHTTPClientSonicMQServerHTTPFirewallIntranetDMZBoundaryChapter5:Security80SonicMQDeploymentGuideUnderstandingHTTPTunnelinginSonicMQHTTPTunnelingsupportsbothsynchronousandasynchronouscommunications.
TheHTTPprotocolisnotinherentlyanasynchronouscommunicationprotocol,butSonicMQmakesitfunctionasone.
ThisisFigure17.
InternetDeploymentwithReverseProxyServerInternetProxyServerHTTPClientFirewallFirewallIntranetDMZBoundaryReverseProxy(orWebServerconfiguredforReverseProxy)SonicMQServerHTTPHTTPHTTPHTTPHTTPSonicMQDeploymentGuide81Client-sideSecurityIssuesaccomplishedbycreatingmultiplephysicalconnectionstotheserverfromtheclient.
IfHTTP1.
1PersistentConnectionisavailablebetweentheclientandtheserver,SonicMQestablishesminimumofthreeconnections:nThefirstphysicalconnectionisusedtoinitiatetheJMSConnection.
nThesecondphysicalconnectionisusedforsendingdatatotheserver.
nThethirdphysicalconnectionallowstheservertosenddatabacktotheclient.
HTTPoriginallyallowedonlyonerequestperphysicalTCPconnection.
However,establishingaTCPconnectionisfairlyexpensive,sosomeimplementersofHTTP/1.
0addedtheKeep-Aliveconnectionheadervaluetokeepaconnectionopenafterarequestwascompletedandtoallowfurtherrequeststobemadeoverthatconnection.
Unfortunately,theHTTP/1.
0Keep-AliveconnectionheaderisnotimplementedinallproxyserversclaimingHTTP/1.
0compliance.
TheHTTP/1.
1specificationdefinespersistentconnectionsandmakesthemthedefault.
TheprocessingofthefirstconnectrequestisusedtodeterminewhichlevelofHTTPprotocolsupportisavailable.
TheoptimumsituationiswhenHTTP/1.
1PersistentConnectionsareavailable,sothecostofcreatingthephysicalTCPconnectionispaidonlyonetime.
IfHTTP/1.
1PersistentConnectionsarenotavailable,theserverlooksforHTTP/1.
0Keep-AliveConnections.
SonicMQreusesconnectionsasmuchaspossible,minimizingthecostofcreatingthephysicalconnections.
Thelowest,andslowest,leveliswhenHTTP/1.
0withoutKeep-Aliveistheonlylevelavailable,whichmightwellbethecaseifaclient-sideproxyserverisbetweentheclientandtheserver.
Thislevelisslowestbecauseaphysicalconnectionmustbecreatedforeachrequestpostedfromtheclienttotheserver.
HTTPTunnelingThissectionpresentsaprocedureforusingHTTPtunneling.
TouseHTTPtunneling:1.
UsetheSonicMQwebclient.
jarfiletofindtheJMSclientclassesinsteadofusingclient.
jar.
Thewebclient.
jarfileincludestheHTTPClientpackage.
Chapter5:Security82SonicMQDeploymentGuide2.
DirecttheclienttousetheHTTPTunnelingnetworkprotocolbybeginningtheURLstringfortheserverwithhttp://asinthefollowinglineofcode:TopicConnectionmyconn=newTopicConnection("http://myserverhost:80",appid,usrname,passwd);3.
ConfiguretheservertoreceiveHTTPconnections.
Editthefollowinglinesinthebroker.
inifile:;SetprotocolDEFAULT_SOCKET_TYPE=tcp;DEFAULT_SOCKET_TYPE=http;DEFAULT_SOCKET_TYPE=sslbycommentingoutthesecondlineanduncommentingthethirdlineasfollows:;Setprotocol;DEFAULT_SOCKET_TYPE=tcpDEFAULT_SOCKET_TYPE=http;DEFAULT_SOCKET_TYPE=ssl4.
Savethebroker.
inifile.
Whenyourestarttheserveritwilldisplayamessagelike:SonicMQBrokerstarted,nowacceptinghttpconnectionsonport2506.
.
.
UsingaClient-sideForwardProxyAclient-sideforwardproxy(proxyserver)isathird-partyserverwhichliesbetweenoneormoreSonicMQclients(orserversactingasclients)andafirewall.
SonicMQsupportsthestandardSSLproxy.
SeetheSonicMQReleaseNotesforthelatestinformationaboutsupportedforwardproxiesforSonicMQ.
Toobtaintheproxyserver'shostandportinformation,theHTTPClientpackage:1.
Readsthecase-sensitivesystempropertieshttp.
proxyHostandhttp.
proxyPortfromtheJVM.
2.
Automaticallyconfiguresitselftousetheproxyservertomaketheconnections.
3.
Oncethepropertiesareset,theHTTPconnectionsaremadethroughthatproxyserver.
Thepropertieshttp.
proxyHostandhttp.
proxyPortcanbereadinthreeways:SonicMQDeploymentGuide83Client-sideSecurityIssuesnForapplications,youcansetthesepropertiesfromthecommandline:-Dhttp.
proxyHost=hostname–Dhttp.
proxyPort=80nThepropertiescanbesetprogrammaticallyasinthefollowingexample:Propertiesprops=System.
getProperties();props.
put("http.
proxyHost",proxyhost);props.
put("http.
proxyPort",proxyport);nInanappletscenario,thebrowserautomaticallysetstheseproperties.
Becausetheclassthatusesthepropertiesreadstheminitsstaticinitializer,theymustalsobesetbeforeanyconnectionisattemptedandcannotbechangedlater.
Whenrunfromanappletinabrowser,theSecurityExceptionmessagewillappearintheJavaConsoleeverytimetheAppletstarts.
Thisexceptioniscaughtinsidetheinitializer,butthebrowser'sAppletSecurityManagerprintsthemessagebeforethrowingtheexception.
AppletsusingHTTPmustbeusuallybesigned.
See"SignedApplets"onpage84fordetails.
UsingaServer-sideReverseProxyIftheUniversalResourceIdentifier(URI)foraresourcerequestcontainsan/SCidentifier:http://hostname:port/SC/.
.
.
areverseproxyrecognizestherequestasaSonicMQHTTPrequestandmapsandforwardstherequesttoaSonicMQserver.
Forexample,youcouldusetheselinesforanApacheconfiguration:ProxyPass/SChttp://serverhost:2506/SCProxyPassReverse/SChttp://serverhost:2506/SCNoteSeetheSonicMQReleaseNotesforthelatestinformationaboutsupportedproxyserversforSonicMQ.
Chapter5:Security84SonicMQDeploymentGuideUsinganActiveXClientwithHTTPTunnelingCreatingHTTPtunnelingconnectionsfromanActiveXclientisessentiallythesameascreatingconnectionsfromaJavaclient,withthefollowingcaveat:TheJavasoftplug-indoesnotcurrentlysupportsettingcommand-lineparameterslikethe-Dhttp.
proxyHost.
ThereisalsonowaytosetthemprogrammaticallyfromtheActiveXcontainer.
YoucanusetheSonicMQActiveXControl'ssetBrokerURL()methodtospecifyproxyHostandproxyPortwithinintheserver'sURLstringusingthefollowingformat:http://serverHost:serverPort:proxyHost:proxyPortIfyouarenotusingaproxyserver,thenyoudonotneedtheproxyHostandproxyPortstrings.
Youcanusethestring:http://serverHost[:serverPort]IfyouomitserverPort,thedefaultvalueof2506isused.
However,youcannotomitserverPortifyouuseproxyHostandproxyPort.
SignedAppletsIfyouwanttouseapplets,youarefacedwiththeJavasandboxsecurityrestriction.
Ifthisrestrictionisnotlifted,useofappletsislimitedtothesimplestkindofdeploymentwheretheWebserverandthemessageserverareonthesamemachineandthereisnoproxyserverbetweentheclientandtheservermachine.
NoteOff-the-selfreverseproxiesmayhavescalabilitylimitationsinthenumberofclientsthatcanbesupported.
ImportantIfyouuseareverseproxyserver,youwillnotbeabletousesomeSonicMQfeatures,suchasSSLorloadbalancing.
ThisrestrictiondoesnotapplytoclientsideforwardproxieswheretheserverisintheDMZ.
SonicMQDeploymentGuide85SignedAppletsSinceyoutypicallyhavenocontroloverwhethertheclientusesaproxyserverandsinceyouoftenwanttheWebserverandthemessageservertobeondifferentmachines,youneedtogetaroundtheJavasandboxsecurityrestriction.
Todothis,youmustsignyourapplets.
Therearetwomainwaystodothis:nBrowser-specifictoolsnJavaplug-insBrowser-specificToolsAppletsigningissupportedbyNetscapeCommunicatorandMicrosoftInternetExplorer.
TosignappletswithNetscapeorMicrosoftbrowsers:1.
CreateaninstallablesignedJARfilecontainingallfilesrequiredbytheapplet.
2.
DistributetheinstallableJARfilefromtheservertotheuser'scomputer.
3.
CreateatriggerscriptwhichdetermineswhichfilesfromthesignedJARfileactuallyneedtobedownloaded,andwhicharealreadypresent.
(Optional,Netscapeonly)Eachofthesestepsiscomplexandvendor-dependent.
Forinstructions,gototheNetscapeorMicrosoftWebpages.
JavaPlug-insYoucanovercometheproblemofthebrowser-dependenceinthecreationofsignedappletsbyusingaJavaplug-in.
TosignappletsusingaJavaplugin,youmustdownloadtheappropriateapplet-signingtool:nForJDK1.
1.
x,downloadjavakeynForJDK1.
2andJDK1.
3downloadkeytoolTheJDKsareavailableasfreedownloadsfromtheSunMicrosystemWebpage.
YouwillalsofindinstructionsforusingtheJavaplug-insontheSunMicrosystemWebpage.
Chapter5:Security86SonicMQDeploymentGuideCertificate-basedMutualAuthenticationCertificate-basedmutualauthenticationissupportedwithSecureSocketLayer(SSL)forserver-to-servercommunicationandforserver-to-clientcommunication.
Youcanimportthecertificateidentity,whichisusedasausername,directlyintotheuserdatabaseusingtheExplorer.
Youcanusethecertificateidentityastheroutingusernameforaccesscontroltoremotequeuesinremoteroutingnodes.
TousemutualauthenticationyouspecifythespecialroutingusernameAUTHENTICATED.
See"ConnectionSecurity"onpage121formoreinformation.
SeeChapter2,"Multi-nodeArchitecture"formoreaboutremoteroutingnodes.
Password-basedEncryption(PBE)ToolThePBEToolisacommand-linetoolthatyoucanusetoDES-encryptandDES-decryptabroker.
inifile.
WhenSonicMQserversaredeployedintheDMZ,thebroker.
inifileisalsocommonlyplacedintheDMZ.
Youmightbeconcernedaboutthevulnerabilityofsensitiveinformationinthatfile.
TheBROKER_PASSWORDandSSL_PRIVATE_KEY_PASSWORDaretwoexamplesofsuchsensitiveinformation.
TheSonicMQserverandtheSonicMQdbtoolcanreadboththeclear-textandtheencryptedversionsofthebroker.
inifile.
Figure18showstherelationshipsbetweenthecomponentsinvolved.
NoteThebroker.
inifileneednotresideonthesamesystemastheSonicMQserver.
Thebroker.
inifileisopenedusingajava.
io.
FileInputStream,andthereforebroker.
inicanbemovedtoasystemontheintranetoutsideoftheDMZwhichisavailabletothesysteminsidetheDMZ.
SonicMQDeploymentGuide87Password-basedEncryption(PBE)ToolTheencryptedversionofthefileisbase64encoded.
base64encodingisamethodforencodingbinaryfilessothattheycanbetransferredeasily.
Forexample,youcansendbase64-encodedbinaryfilesinthebodyofane-mailmessage.
SonicMQsuppliesscriptfilestosimplifytheuseofPBETool.
ThePBEToolscriptssettheenvironmentforthetoolandtheninvokethePBEToolwithaninputfile,outputfile,andpasswordwhichyouspecify.
ForencryptiononWindowsusethecommand:pbetool/mencrypt/cbroker.
ini/eencrypted_file/ppassword[/x]ForencryptiononUNIXorLinuxusethecommand:pbetool.
sh-mencrypt-cbroker.
ini-eencrypted_file-ppassword[-x]FordecryptiononWindowsusethecommand:pbetool/mdecrypt/cbroker.
ini/eencrypted_file/ppassword[/x]FordecryptiononUNIXorLinuxusethecommand:pbetool.
sh-mdecrypt-cbroker.
ini-eencrypted_file-ppassword[-x]ThePBEToolcanonlydecryptthefileusingtheclear-textversionofthepassword.
Thisrequirementensuresthatiftheencryptedpasswordiscompromised,itcannotbeusedtodecryptthefile.
Figure18.
Password-basedEncryptionArchitectureencryptedbroker.
iniPBEToolclear-textbroker.
iniServerdbtoolChapter5:Security88SonicMQDeploymentGuideTable6describestheparametersacceptedbythepbetoolcommandforUNIXorLinuxsystems.
Replacetheinitialdash(-)byaslash(/)forWindowssystems.
EncryptionWhenyouinvokethePBEToolyouspecifyaclear-textversionofbroker.
iniasclear-text-file.
SeeTable6,"PBEToolParameters.
"Thecontentsofthisfilearethenreadintoabyte-arrayinmemory.
Anencryptionkeyisderivedfromthepasswordyouprovide,andthebyte-arrayisDES-encryptedusingthatkey.
PBEToolusesaMessageAuthenticationCode(MAC)tochecktheintegrityofencryptedbroker.
inifile,basedonasecretkey.
TheMACisproducedusingthecryptographichashfunctionMD5orSHA1.
TheMACoftheoriginalclear-text-fileisgeneratedandisembeddedintheencrypteddata.
WhenTable6.
PBEToolParametersParameterRequiredDescription-mmodeYesIndicatesthemodethatthetoolwillrunin.
Validvaluesforthisoptionareencryptanddecrypt,whicharecase-insensitive.
-cclear-text-fileYesSpecifiesthenameofthefilethatcontainstheclear-textdata.
Thisistheinput-source-fileforanencryption,ortheoutput-destination-fileforadecryption.
-eencrypted-data-fileYesSpecifiesthenameofthefilethatcontainstheencrypteddata.
Thisistheinput-source-fileforadecryptionortheoutput-destination-fileforanencryption.
-ppasswordYesSpecifiesthepasswordusedtocreatetheencryptionkeytoencryptordecryptthefile.
-xNoSpecifiesthatanencryptedversionofthespecifiedpasswordwillbewrittentotheJVMstandardoutput.
Thisencryptedpasswordmightbeusedbytheservertodecryptthefile.
Ifyoumustplacethepasswordinaninsecurelocation,youshouldusetheencryptedpassword.
-hNoDisplaysthelistofcommand-lineoptionsforPBETool.
SonicMQDeploymentGuide89Password-basedEncryption(PBE)Tooldecryptingthefile,theembeddeddigestiscomparedagainstthedigestcomputedfromthedecrypteddata.
Thesun.
misc.
BASE64Encoderclassbase64encodestheentireencryptedoutput,includingthefilesize.
Theresultiswrittentothefileyouspecifybyencrypted-data-file.
ToenhancesecuritySonicMQdoesnotrequireyoutoplacepasswordsinsidescriptfiles.
However,ifyoustarttheserverautomaticallyusingaWindowsservicethepasswordisplacedinthesystemregistry.
IfyouusetheUNIXorLinuxcroncommand,thepasswordisplacedincrontabfiles.
Ineithercase,thepasswordisplacedinaninsecurelocation.
Ifyoumustplacethepasswordinaninsecurelocation,youshouldspecify(usingthe/xor-xswitch)thatPBEToolgenerateanencryptedversionofthepasswordwhenencryptingthebroker.
inifile.
PBEToolwritesthisencryptedpasswordtostandardoutput,allowingyoutoputtheencryptedpasswordintotheinsecurelocation.
Thatway,youavoidstoringtheclear-textpasswordinafile.
Ifyouneedtoreadtheencryptedbroker.
inifile,youmustsupplytheclear-textpassword.
DecryptionTheentirecontentsofencrypted-data-fileisreadintoabytearrayinmemory.
Thisusesthesun.
misc.
BASE64Decoderclasstofirstdecodethebinarydata.
Anencryptionkeyisderivedfromthepasswordprovided.
Thelengthoftheoriginalfileisfirstextractedfromthedata,andthenthebinarydataisdecryptedusingthekey.
Toverifythatthepasswordprovidediscorrectandthatthedecrypteddataisaccurate,theembeddedMACdigestiscomparedagainstthedigestcomputedfromthedecrypteddata.
Thedecryptedresultiswrittentotheclear-text-file.
WarningIfyouencryptthepasswordyouwillneedtheencryptedversiontosetupaWindowsserviceorcroncommand.
Ifyouloseanencryptedpassword,thereisnowaytoregenerateit.
Youronlyoptionistodecryptthefilewiththeclear-textversionofthepasswordandencrypttheconfigurationfileagain.
Chapter5:Security90SonicMQDeploymentGuideUsingtheEncryptedbroker.
iniFileTostartaserverwithanencryptedserverinitializationfileasaWindowsService,usetheparameter-inipwd=clear-text-passwdintheSonicServiceSetupparameters.
Alternatively,youcanuseanencryptedpasswordbyusingtheparameter-encpwd=encrypted-passwd.
TostartaserverwithanencryptedserverinitializationfileusingtheUNIXorLinuxcronfacility,youcanusetheclear-textpasswordwiththeparameter-ppassword.
Alternatively,youcanuseanencryptedpasswordwiththeparameter-xenc-password.
Thestartbranddbtoolscriptscanreadtheencryptedorunencryptedversionofthebroker.
inifile.
Forthesetoolstoreadthefile,theymustbeprovidedapasswordatstartup.
Thepasswordshouldbeunrelatedtoanypasswordscontainedinsidetheencryptedbroker.
inifile.
Bydefault,thestartbranddbtooltoolsassumethattheserverinitializationfileislocatedinthecurrentdirectoryandisnamedbroker.
ini.
Whenusinganencryptedorrenamedserverinitializationfile,usetheadditionalparametersdescribedinTable7.
Table7.
NewParametersfordbtoolandstartbrParameterDescription/fpath_to_INI_file(Windows)-fpath_to_INI_file(UNIX/Linux)Tellsdbtoolwheretofindtheserverinitialization(INI)file.
Ifno–poptionisspecifiedwiththisoption,theserverinitializationfileisassumedtobeincleartext.
Ifa–poptionisspecified,theserverinitializationfileisassumedtobeencrypted.
/pclear-text-password(Windows)-pclear-text-password(UNIX/Linux)Specifiesthepasswordthatwillbeusedtodecryptanencryptedserverinitializationfile.
/xencrypted-password(Windows)-xencrypted-password(UNIX/Linux)Specifiestheencryptedpasswordthatwillbeusedtodecryptanencryptedserverinitializationfile.
(Thisdoesnotapplytodbtool.
)SonicMQDeploymentGuide91Password-basedEncryption(PBE)ToolImportantWhenusingdbtool,theparameters-fpath_to_INI_fileand-pclear-text-passwordortheirWindowsequivalentsmustbetheinitialparametersinthecommand.
Forexample:dbtool/fencrypted_file/ppassword/cbasic(Windows)dbtool.
sh-fencrypted_file-ppassword-cbasic(UNIXorLinux)Chapter5:Security92SonicMQDeploymentGuideSonicMQDeploymentGuide93Chapter6DesigningMessagingModelsThischaptershowssomeconceptsofhowyoumightdeploySonicMQ.
ClarifyingsomeofthetopologiescanhelpyoutakeadvantageofSonicMQ'sfeaturesinyourapplication—whetheritbebasicmessaging,asupplychain,EnterpriseApplicationIntegration(EAI),orPortalwithTradingPartners.
Theflowofdataduringitstimeinamessagingsystemhasseveralfunctions:nBusinessApplicationServices—Thefundamentalmessagingactivityisitsintegrationwiththeapplicationsthatmeasureandrecordbusinessandrealworldactivities.
nValidation—Themessageanditsdatacanbeverifiedtoensurethatitiswell-formattedandcontainsvalidvalues.
Thiscouldbedoneassoonasthemessageiscomposed,orwhenthemessageisreceived.
Theformeraddsoverheadtomessagepackagingwhilethelatteraddsafunctionatapointwheremessagesthatarenotacceptablecannotbecorrected.
nTransformation—Amessagemightnotbeeasilyconsumedbyasingletargetapplication.
ThemessagemighthavetochangeitstypefromanXMLmessagetoatextmessage,orthemessagebodymayhavetobesplitup.
Forexample,amessageorderforabundledproduct—acomputerwithcableandprinter—couldspawnmultiplemessagestootherchannels.
nRouting—Theultimatedestinationofamessagemightbeunknownwhenamessageisinitiated.
Ifthereisanywayamessagecanlookupsomeinformationitcansavestepsinreachingitsgoal.
Thesefunctions,andthepointatwhichtheyareapplied,haveasignificantimpactontheoverallperformanceofamessagingsystem.
Chapter6:DesigningMessagingModels94SonicMQDeploymentGuideThischapterpresentsinformationaboutclientapplicationsthendiscussionsonthefollowingtopologies:n"Topologies"onpage98describesachaintopology,consistingofalinearsequenceofroutingnodes.
n"HubandSpoke"onpage100describesatopologyofahubhavinganynumberofspokesconnectedtothehub.
n"CentralHub"onpage101describesatopologywhereanodecanconnecttoanothernode,thuscreatingaspokeconnectiontothecentralhub.
n"Peer-to-peer"onpage104describesatopologywhereawebnodescancommunicatedirectlywitheachother.
ClientFunctionsWhatyoucancausetohappenthroughclientapplicationscombineswiththefeaturesofthemessageserverarchitecturestodeterminejusthowyoucansetupadeployment.
AgentApplicationsSystemsthatarelinkedtorecord-keepingsystemsarenormallythestartingpointandendpointinamessagelifecycle.
Real-timedevicesandaccountingdocumentlifecyclescreatemessagesthataremovedintothemessagingstreambyagentapplications.
Correspondingly,receiversgatherappropriatemessagestofunnelintotheirapplication.
Figure19showsabusinessapplicationwhereAproducesandconsumesmessagesatdestinationsonmessageserver1.
Figure19.
AgentApplicationA1BusinessApplicationSonicMQDeploymentGuide95ClientFunctionsTransformationApplicationsAtransformationapplicationwatchesformessagessothatembeddedbusinesslogiccantransformthemessageintopiecesappropriateforseveralmessagingchannels.
Byexposingthegranularityofthemessage,eachelementofamessagemightproceedontoadifferentpath.
AsFigure20illustrates,anapplicationreceivesamessagefromamessageserver,probablybyfirstqualifyingthemessagesthatitcanservice.
ThenapropertiesorXMLconfigurationfilemightprovidemodifiablebusinessrulesthatprovidethemethodstounpackthemessagepayload,determinehowtoroutethecontentelements,andthensendthetransformedmessageset.
InFigure20,amessageistransformedfromitssendertoitsultimaterecipientsasfollows:nApplicationAsendsamessagetoaqueueonitslocalmessageserver,server1.
nApplicationBreceivesthemessagefromserver1,examinesitanddeterminesthatitcansendpartofthemessagetoserver2andtheotherremaindertoserver3.
ApplicationBthenacknowledgesthereceiptoftheoriginalmessagefrommessageserver1.
nApplicationCreceivesthemessagefromthequeueonmessageserver2.
nApplicationDreceivesthemessagefromthequeueonmessageserver3.
Figure20.
TransformationApplicationBAC123DChapter6:DesigningMessagingModels96SonicMQDeploymentGuideRoutingApplicationsWhenanapplicationworkswithmessagesforthesolepurposeofforwardingthemessagewithouttouchingitscontentandwithoutchangingtheintendedservicelevels,thatapplicationisaroutingapplication.
Everymessagehasinformationexposedinitsmeta-data—themessageheaderfields,andtheproperties—thatenablearoutingapplicationtochoosemessagesbydefiningqualifiedmessagesthatitwillreceiveinamessageselectorstring.
Whenamessageisreceivedbytheroutingapplication,itclonesthemessage,looksupthedatathattellsitwhatthenextdestinationshouldbe,updatesthemessage'sdestination,sendsoutthecloneandthenacknowledgesanddiscardstheoriginalmessage.
InFigure21,thetransformationatapplicationBisatransformationofonlyroutinginformationinthemessageheader.
Themessageisroutedfromitssendertoitsultimaterecipientsasfollows:nApplicationAsendsamessagetoaqueueonitslocalmessageserver,server1.
nApplicationBreceivesthemessagefromserver1becauseB'sselectorknowsthatthemessagecanbeforwardedtoserver2.
ApplicationBthenacknowledgesthereceiptoftheoriginalmessagefrommessageserver1.
nApplicationCreceivesthemessagefromthequeueonmessageserver2.
Figure21.
RoutingApplicationABC21SonicMQDeploymentGuide97ClientFunctionsDynamicRoutingApplicationsSonicMQ'sDynamicRoutingArchitectureenablesmessagestoberoutedacrossnodessothatthemessagingflowfromthesendertotheultimaterecipientismoreefficient,andenforceablebytheadministratoroftheroutingnode.
InFigure22,messageserver1hasaroutingtable—alistofserversandqueuesthatthesendercanrequestandtheservercanhandle—thatenablestheoriginatorofthemessagetopresentthemessagetotheserverwhosetasksaretofirstvalidatethatthetargetqueueonmessageserver2isaregistereddestination,andthento"storeandforward"themessagetoserver2onbehalfofthesender.
Thesyntaxofthequeuenameis::.
WhenapplicationAwantstosendamessagetoaqueueonnode2itmightnotbeauthorizedtoconnectdirectlytonode2.
ButthenodewhereAisauthorizedtoconnect,node1,mighthaveanentryinitsroutingtableforQueuenameonnode2.
Ifso,applicationAcansendamessagenode2::Queuename.
Themessagewouldhopthroughnode1andbeaccessiblebyreceiversofQueuenameonnode2suchasapplicationB.
Nodetonodeconnectionscanbefocusedaroundonecentralhubwhereonlyalimitedsetofcontrolledapplications,suchasM,canconnectdirectlytothecentralhubasshowninFigure27.
Figure22.
DynamicRouting'sStore-and-forwardmechanismAB12Chapter6:DesigningMessagingModels98SonicMQDeploymentGuideTopologiesChainInachaintopology,aseriesofnodes,eachcontainingaSonicMQmessageserver,areconnectedtogether.
Youcancreateapplicationsforeachoftheserverstoenabletheserverstosendreceivedmessagesfromonehubtoanotherhub.
Thisisessentiallyalinearchainofroutingnodes.
Figure23showsanexampleofthisconfiguration.
Inthisexample,routingnodeAcansendamessagetoroutingnode1.
TheroutingapplicationBcanreceivethemessageandthenforwardittonode2.
Whensimilarapplicationsexistasreceiversonaseriesofservers,achainstructureemerges.
Thedisadvantagetoanychainisaweaklink.
Here,ifoneapplicationforwardingislost,thechainmightendatthelastconnection.
Thechaintopologyissensitivetoanyclientorservergoingoffline.
However,whenadequatestepsaretakentopersistmessagesandprovideloadbalanced,reliableconnections,thechaintopology.
Figure23.
ChainTopologyA21B4D3CSonicMQDeploymentGuide99TopologiesMuchoftheinherentriskinasimplechaintopologyishandledbySonicMQ'sDynamicRoutingArchitecture(DRA),asshowninFigure24:Intheenhancedchaintopology,asingleroutingapplicationcarriedamessageacrossfourservers.
TheDynamicRoutingArchitectureaddsleveragetotransformations.
InFigure25,theroutingapplicationCtraverses6servers.
Figure24.
EnhancedChainTopologyThroughDynamicRoutingFigure25.
ChainTransformationTopologywithDynamicRoutingA2143CA211413C2423Chapter6:DesigningMessagingModels100SonicMQDeploymentGuideHubandSpokeThebasicclient-servermodel,thehub-and-spokemodel,featuresacentralhubhavinganynumberofspokesconnectedtothehub.
Inthistopology,theclientscancommunicateonlywiththehub;theclientscannotcommunicatedirectlywitheachother.
Figure26showsahub-and-spoketopologywithSonicMQclientsAthroughF,eachlocatedattheendofaspoke.
Eachclienthasaconnectiontothehub.
ThehubispresentedasaSonicMQnode.
Anodecanbeamessageserveroraclusterofmessageservershavingsharedsecurity.
Inthisexample,SonicMQclientAcancommunicatewithclientEbysendingamessagetothehub.
Themessageserveratthehubthenprocessesthemessage,makingitavailabletotheintendedrecipient,clientE.
Inpracticalterms,themessageserverneversendsamessagetoarecipient.
ButifclientAandclientEagreethatthequeue(ortopic)named,say,AandE,is"their"channel,theycansetsecuritytoallowonlytheirclientsaccess.
Thiscreatesanindirect,dedicateddeliverydestination.
Theonlysignificantissueinthiscaseiswhohasadministrativeprivilegesoveraccesscontrollists.
Figure26.
HubandSpokeTopologySonicMQNodeHUBClientApplicationFClientApplicationCClientApplicationAClientApplicationBClientApplicationEClientApplicationDSPOKESSonicMQDeploymentGuide101TopologiesCentralHubWhenanodecanconnecttoanothernode,thefirstnodecreatesaspokeconnectiontothecentralnode,thuscreatingacentralhubtopology.
ThistopologyisfeasiblebecauseofSonicMQ'sDynamicRoutingArchitecture(DRA)usesrelationshipsandregisteredroutingroutessothatanapplicationcanbeconnectedtoanodeandsendamessagedirectlytoaglobalqueueonaremotenode.
SeeChapter2,"Multi-nodeArchitecture,"foracompletedescriptionofDRA.
Figure27.
CentralHubTopologyCentralHubHubMChapter6:DesigningMessagingModels102SonicMQDeploymentGuideThecentralhubmodelistheessenceofthemarketplacemodelasshowninFigure28.
Inthemarketplacediagram,clientapplicationAconnectstolocalmessageserver1thathasaroutingqueuethatcanstoreamessagewherethedestinationPortal::X—the::—islistedintheroutingtableandthenforwardittoPortalmessageserver'sglobalroutingqueuex.
There,aRoutingAppreceivesthemessageonbehalfofthemarketplaceandexaminesittodeterminewhereitshouldbererouted.
Thehintsforthenextdestinationarebusinessrulesthatmightbe:Figure28.
CentralHubwithApplicationControl(Marketplace)APortalTradingPartnersB12RoutingAppGlobalRoutingQueuesYxRoutingTablezYzxSonicMQDeploymentGuide103TopologiesnUser-definedpropertiessuchAIA_Phase=FinishesorSIC_code=2345.
Propertiesareaccessibletomessageselectorssothatroutingapplicationsonlyreceiveknownmessagecategories.
nManifestdatastoredinamessagebodysuchasXPathinfoinanXMLheader.
However,routingapplicationscannotensuretheintegrityofamessagebody,especiallyifitisdecryptedandre-encrypted.
TheRoutingAppsendstheclonedmessagetoanappropriatemessageserverwheretheclientsareallinthatmarket,inthiscase,messageserver2.
ThePortal'sroutingtableroutesthemessagetothedestination2::yaslistedintheroutingtable.
Themessageisstoredontheportaland,whenconnectionisavailable,itisforwardedtomessageserver2'squeuey.
AssumingclientapplicationBwasreceivingwithaninclusivemessageselectorontheyqueue,Btakesthemessageasthefinalreceiver.
ThemessagetakenbyBcouldbedirectedtoanapplicationwhereitwillbeassimilatedandtransformedsuchasanopenorderbecominganinvoice.
Orthemessagecouldcontinuetoberoutedthroughotherportals.
Chapter6:DesigningMessagingModels104SonicMQDeploymentGuidePeer-to-peerWhilethestructureofportalsandtradingpartnersmightseemrigid,nothingpreventsthetradingpartnersfromestablishingdirectconnections,asshowninFigure29.
Inthefigure,TP1isatradingpartneronPortal.
TP1findsitinitsbusinessinteresttoestablishdirectconnectionstosomeofitsothertradingpartnerssuchasTP2,TP3,andTP4.
Inthisexample,routingnodeAseekstoestablishaconnectionwithroutingnodeB.
Afirstconnectstothehubwheresomemechanismlikea"RelationshipDatabase"providesthemeta-datanecessarytoestablishthisconnectiontoB.
AthenconnectsdirectlywithBusingtheinformationitobtainedfromthehub.
Alloftheroutingnodesarepeersinthisexample,andeachroutingnodecanconnecttoanotherbyfirstobtainingtheconnectioninformationfromthehub,thendirectlyconnectingtotheotherroutingnode.
Figure29.
Peer-to-PeerwithaCentralHubTP3APortalTP2TP4BTP1RelationshipDatabaseApplicationSonicMQDeploymentGuide105TopologiesStoreandForwardYourapplication'sarchitecturecantakeadvantageofroutingtomaintain:nLowerexpenses—AsshownintheexampleFigure30,connectionfromNewYorktoParisandotherlocationsmightbeanexpensivemeasuredline.
ThetrafficcanbebatcheduntiltheserverisreadytosendmessagesfromNewYorkandtheserverinParisisreadytoreceivemessages.
nHigherefficiency—TheNewYorkservercanstoremessageslocallyandnotmaintainaremoteconnection.
nConnectionindependence—TheclientmaintainsaconnectiontothelocalserverinNewYork,anddoesnotcarewhethertheconnectiontoParisisestablished.
Themessageissentwhentheconnectionisestablished.
Store-and-forwardroutingallowsthemessageservertostoremessagesuntilanumber,size,orelapsedtimeindicatestoamonitoringapplication(suchasmanagementfunctionsoraqueuebrowser)thataconnectionshouldbeestablishedandthemessagestransferred.
SeeChapter2,"Multi-nodeArchitecture,"formoreinformationaboutstore-and-forwardrouting.
Figure30illustratesanexampleofpeer-to-peerroutingusingstoreandforwardrouting.
Figure30.
Peer-to-peerTopologyforStore-and-forwardRoutingParisMadridNewYorkMessagetoParis::QTokyoLAChapter6:DesigningMessagingModels106SonicMQDeploymentGuideAclientonaNewYorkmessageserverissendingamessagetotheParis::Qdestination.
TheNewYorkservermightofferimmediateconnectiontohighprioritymessagesandretainmessagesforotherremoteserversuntilitistriggeredtoconnecttotheremoteserverandsendthemessagestotheremoteserver'squeue,QontheParismessageserverinthisexample.
107PartIIImplementingYourDeploymentThispartdescribeshowSonicMQcanbedeployedinverylarge-scaleapplications,suchasmarketplace(portalandtradingpartners)scenarios,usingamulti-nodearchitecture.
Thispartcontainsthefollowingchapters:nChapter7,"DynamicRoutingArchitectureinaMulti-nodeApplication,"describeskeyelementsoftheDynamicRoutingArchitecture.
nChapter8,"ImplementingMulti-nodeInstallations,"describesthestepsyoumightfollowtosetupaSonicMQdeploymentwithportalsandtradingpartners.
nChapter9,"RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture,"givesstep-by-stepdetailsonhowtosetupademonstrationportalandtradingpartner.
108SonicMQDeploymentGuideSonicMQDeploymentGuide109Chapter7DynamicRoutingArchitectureinaMulti-nodeApplicationTherearemanyapplicationsfordynamicrouting,butthisguideusesamarketplaceasacomprehensiveexample.
ThischapterdescribeskeyelementsoftheDynamicRoutingArchitecture(DRA)intermsofhowtheyareusedtosetupamarketplaceapplication.
InparticularthischaptershowshowtheelementsoftheSonicMQsolutionrelatetosuchareasas:nStore&forwardqueueroutingfromTradingPartnersnLoad-balancedTradingPartnerconnectionsnLoad-balancingPortalapplicationsnQueueroutingfromPortaltoTradingPartnersnTradingPartnerconfigurationnSystemmanagementnPortalmanagementnTradingPartnermanagementnDeadmessagequeuenTradingPartnerrequest/replyexampleChapter7:DynamicRoutingArchitectureinaMulti-nodeApplication110SonicMQDeploymentGuideForthepurposeofthisexample,weusethequeuenameslistedbelow.
Thesenamesmightdifferinyourimplementation:nPortal::appQ—ThenameofthequeuethatistobehandledbyaserviceonthePortalitself.
Thisservicecanbereplicated.
TradingPartnerapplicationswillwritetothisqueue.
nTPname::inQ—ThenameofthequeuethatistoreceivemessagesforaparticularTradingPartner.
OnlythePortalitselfwillbeabletoconnecttothisroutingnodeandforwardtothisqueue.
nTPname::tmpQ—ThenameofthequeuethatistoreceivetransientreplymessagesforaparticularTradingPartner.
ThetmpQqueuedoesnothavetobeadifferentqueuefromtheinQqueue.
However,therearereasonstouseaseparatequeueforsmall,nonpersistentrepliestosynchronousrequests.
Havingaseparatequeuefacilitateseasiermaintenanceandadministration.
ThetmpQqueuecanbeclearedwithoutlosinganythingcritical,whiletheinQqueuecontainsmessagesyoucannotaffordtolose.
Store&ForwardQueueRoutingfromaTradingPartnerThefollowingcomponentsareinstalledattheTradingPartner:nASonicMQServersetupforQueueRoutingnASonicMQadministrationclient(ExplorerorAdmin)nOneormoreTradingPartnerApplicationsThesecomponentscanresideononeormoremachinesanddonothavetoberunningcontinuously.
OnlytheSonicMQserverisneededtostoreandforwardmessagestothePortal.
TheTradingPartnerwouldprobablyhavemanyapplicationusersthatwouldbeconfiguredintheserverdatabase.
TheseusersareknownonlytotheTradingPartnerserverandarenotsharedwiththePortal.
SonicMQDeploymentGuide111Store&ForwardQueueRoutingfromaTradingPartnerFigure31showshowatypicalinstallationataTradingPartnernamedXyzCompanycommunicateswiththePortalApplicationrunningatthePortal.
WhenaTradingPartnerapplicationstarts,itperformsthefollowingtasks:nTheapplicationconnectstotheTradingPartnerserver.
nAnapplication-specificclientsessioniscreatedintheconnection.
nAnapplicationthatwishestosenddocumentstothePortalmustcreateaQueueSenderforthePortal::appQqueue.
nToreceivedocumentsroutedtotheTradingPartner,anapplicationmustcreateaQueueReceiverfortheglobalqueue,inQ.
(ApplicationsattheTradingPartnersimplyconnecttotheTradingPartner'sserversandconsumemessagesusingnormalcalls.
)nATradingPartnerapplicationcanbeaQueueSender,aQueueReceiver,orboth.
Figure31.
RoutingCommunicationTradingPartner(Xyz)ServerSSLServerappQRoutingQueueTradingPartnerApp(s)createQueueSender("Portal::appQ")inQtmpQcreateQueueReceiver("inQ")SonicMQAdminClientClusterPortalApplicationRoutingQueuePortalChapter7:DynamicRoutingArchitectureinaMulti-nodeApplication112SonicMQDeploymentGuideTradingPartnerscannotcommunicatedirectlywithoneanother.
AllcommunicationismadetothePortalitself.
ThePortalistheonlyroutingnodethatcanroutemessagestotheTradingPartner.
WhenanapplicationattheTradingPartnersendsmessagestothePortal:1.
Amessageiscreatedandpopulatedwithapplication-specificdata.
2.
AQueueSenderisusedtosendthemessagetothePortal::appQqueue.
BoththemessageandtheQueueSenderusestandardJMScallstosetqualityofserviceanddeliveryoptions.
3.
TheTradingPartnerserverreceivesthemessageinaguaranteedmannersubjecttothequalityofserviceoptionsusedbythesender.
4.
BecausethePortal::appQisaremotequeuename,themessagewillbeplacedontheroutingqueue.
5.
Theserverwillprocesstheroutingqueuebycheckingtheroutingnodenameoneachrequesttoseeifanactiveconnectionexiststothisroutingnode.
Ifnot,anewroutingconnectionwillbecreated.
(Seethesection"Load-balancedTradingPartnerConnections"onpage113.
)ThisconnectionwillbeauthenticatedusingtheidentityoftheTradingPartnerinstallationasawhole,andnotusingtheidentityoftheoriginalapplicationconnection.
Thecheckdescribedhereensuresthataroutingnodecanforwardonlytoadjacentroutingnodes.
Thatis,queueroutingonlyappliestoasingleroutingnodehopoveraroutingconnectionthathasbeendefinedasvalidbytheadministrator.
6.
OneofmanysimilarserversatthePortalwillreliablyreceivethemessage.
ThePortalnowchecksiftheTradingPartnerhaspermissiontosendtotheappQqueue.
IfthemessageisPERSISTENT,itisacknowledgedbythePortal.
TheTradingPartnerserverwillconfirmtheacknowledgement.
Thisacknowledgementconfirmationisnecessarytoguaranteeonce-and-only-oncedeliveryofPERSISTENTmessages.
ThemessageisnowremovedfromtheTradingPartnerroutingqueue.
SonicMQDeploymentGuide113Store&ForwardQueueRoutingfromaTradingPartner7.
ThemessagewillbedeliveredtooneofmanyPortalApplicationsservicingload-balancedversionsofPortal::appQ.
(Seethesection"Load-balancedTradingPartnerConnections"onpage113).
Load-balancedTradingPartnerConnectionsTherewillgenerallybenumerousTradingPartnerssothataserverclusterwillberequiredatthePortal.
Theconnectiontotheseserverscannotbestaticallydefined.
Inordertoprovidescalability,aswellasfail-overintheeventofsystemfailure,eachTradingPartnerservercanbeconfiguredtoconnecttoanyoneofthePortalservers.
TradingPartnerConnectionsaremaintainedasfollows:1.
ThePortalcreatesaSonicMQclusterofserversthatcanreceiveconnectionsfromTradingPartners.
2.
Atconfiguration,eachTradingPartnerestablishesalistofdefaultURLstoconnecttothecluster.
Typically,thiswillbeasubsetoftheserversintheclusterandprovidesalevelofinitialcorrectionfailover.
TheseURLscanbeSSLconnections(oranyotherserverprotocolacceptedbySonicMQ).
Theinitialconnectiontooneclustermemberisusedstrictlytoreturnaload-balancedconnectiontoanyoneoftheserversinthecluster.
3.
WhenamessagearrivesintheTradingPartner'sRoutingqueue,andifthereisnoroutingconnection,theTradingPartnerservertriestoestablishaconnectiontothePortal'scluster.
SSLissupportedforserver-to-servercommunicationsbetweenroutingnodesandcanbeturnedoff.
Mutualauthenticationcanbespecified.
4.
Anentryintheconnectionlistisread,chosensequentiallyorrandomly,dependingonconfigurationsettings.
Aconnectionismadetothisserver.
Thisconnection,however,returnstheURLforanotherserverinthePortal'scluster.
ThechoiceofURLisbasedonaround-robinofalltheserverscurrentlyactiveinthecluster.
Asserversareaddedorremoved,thechoicesforthisround-robinautomaticallychange.
NoteTheuseofbothafailoverlistandloadbalancingareoptional.
Chapter7:DynamicRoutingArchitectureinaMulti-nodeApplication114SonicMQDeploymentGuide5.
TheTradingPartnerconnectionismadetotheredirectedserver.
Thisnewconnectioniswheremessagetrafficactuallyoccurs.
6.
ThelistofinitialconnectURLsfortheroutingconnectioncanbeupdatedbytheadministrationtooleitherlocallyattheTradingPartnerorremotelyfromthePortal.
TheconnectionfromtheTradingPartnertothePortalremainsactiveuntileither:nTheTradingPartnerserverisshutdownnThePortalserverisshutdownorthenetworkconnectionislostnTheconnectiontimesoutafteranoptionallypreconfiguredidleperiodIntheeventofafailure(ifmessagesremainintheroutingqueue),theTradingPartnerserverattemptstoreconnectwiththeconnectioninformationitpreviouslyused.
This"sticky"reconnectistriedforanumberoftimesspecifiedbytheCONNECT_RETRY_COUNTproperty.
TheseattemptsarespacedCONNECT_RETRY_INTERVALsecondsapart.
Youspecifythesepropertiesinthebroker.
inifile.
Ifaconnectioncannotbere-establishedaftertheretryattempts,thenafterwaitingCONNECT_ATTEMPT_INTERVAL,updatedconnectioninformationisretrievedandaconnectionattemptismadefromtheconfiguredlistofconnectionURLs.
TheTradingPartnerservercontinuestryingallserversinthelistuntiloneoftheconnectionsisestablished.
Ifallattemptstoestablisharoutingnodeconnectionfail,thenerrorsareloggedandtheprocessrestarts.
ThenewinformationisretriedCONNECT_RETRY_COUNTtimesbeforethetypicallylongerCONNECT_ATTEMPT_INTERVAL.
ThiscontinuesuntilthespecifiedROUTING_TIMEOUTisreached.
Thereconnectlogichandlesoneadditionalcomplication.
Ifaserver-to-clusterconnectionfailsduringtheforwardingofsomemessagebetweenaTradingPartnerandaPortal,themessagemightbeinanindoubtstate.
Seethe"RoutingUnderFailureScenarios"sectionformoreinformationaboutthissituation.
Fromaconnectionperspective,however,thesendingserverrememberswhichmessagesareindoubtandassociatesthesewithaparticularconnection.
EvenifanewconnectioniscreatedbetweentheTradingPartnerandthePortalthatgoestoadifferentserver,attemptsaremade(subjecttoatimeoutparameter)tore-establishthefailedconnectionandresolvetheindoubtstate.
SonicMQDeploymentGuide115Store&ForwardQueueRoutingfromaTradingPartnerThatis,indoubtmessageswillalwaysusetheoriginalconnection,evenifanewconnectionisusedtodoroutingtoaroutingnodethatisaclusterofservers.
Formorespecificsonconnectionload-balancingproperties,seeChapter4,"FailoverandLoadBalancing.
"RoutingUnderFailureScenariosThissectiondealswiththepossibilityoffailuresduringtheactualprocessofglobalqueuerouting.
Thereisalwaysapossibilityofanetworkfailureorserverfailure.
IfthisoccursafterthesendingserverhassentaPERSISTENTmessage,butbeforeithasreceivedanacknowledgement,thenthemessageisconsideredtobeinanindoubtstate.
Themessagewillremaininthisstateuntilaconnectionisre-establishedbetweenthetwoservers(oruntiltheINDOUBT_TIMEOUTexpires).
Thesendingserverwillautomaticallytrytore-establishanyconnectionsnecessarytoresolvethestateoftheindoubtmessages.
Untilthisoccurs,however,alltheindoubtmessageswillbeheldwheretheywillnotbelost.
Thereisnopossibilityofmessageredeliveryduetoanyfailuresituation,butthereisapossibilitythatthemessagewilltakealongtimetobedelivered.
SonicMQhandlesthissituationasfollows:nAspartofserverconfiguration,aparameterexiststhatspecifiesINDOUBT_TIMEOUT(inseconds).
nAllmessagesthatareheldintheindoubtstateforaperiodthatexceedsINDOUBT_TIMEOUTareautomaticallyexpired.
YouwouldusuallyconfigureallPERSISTENTmessagestobesenttotheSonicMQ.
deadMessagequeueandtoraiseanadministrationnotification.
nAreasoncodeisassociatedwithmessagesinSonicMQ.
deadMessagequeuethatexpirebecausetheyareheldtoolongintheindoubtstate.
nAtnopointarethesemessageslostorinadvertentlyplacedinastatewheretheycanberedelivered.
MessagesthatarenotPERSISTENTarenotsubjecttotheaddedoverheadofthisacknowledgementcycle.
ThisisinkeepingwiththeJMSspecificationrequirementof"atmostonce"deliveryfornon-persistentmessages.
Chapter7:DynamicRoutingArchitectureinaMulti-nodeApplication116SonicMQDeploymentGuideItisalsoworthlookingatthefailuresituationfromtheperspectiveofthereceivingserver.
Assoonasthisserverreceivesamessagefromthesendingserver,itpreparesforguaranteedonce-and-only-oncedelivery,andthensendstheacknowledgementbacktotheoriginatingserver.
Themessagewillbeloggedifnecessary.
Atrackingnumberiscreatedandretaineduntilaconfirmationisreturnedfromthatserver.
Ifthenetworkorthesendingserverfailsbeforethereceivingserverhasreceivedconfirmationoftheacknowledgement,thenthereceivingserverwillnotdiscardtheacknowledgement.
Itwillretainituntiltheconnectionhasbeenre-established.
Whenthetwoserversreconnect,allunconfirmedacknowledgementscanautomaticallyberesenttoresolveallinconsistencies.
Theimportantfactsaboutthesescenariosarethat:nMessagesareneverredeliveredbySonicMQqueueroutingevenintheeventofnetworkfailure.
nMessagescanbestoredonasendingserverinanindoubtstateifthereissomefailure.
nSonicMQwillattempttore-establishtheserver-to-serverconnectiontoresolveindoubtmessagesevenifanotherserver-to-clusterconnectionhasbeencreatedforthedestinationroutingnode.
nThedestinationserverwillprocessmessagesassoonastheyhavebeensuccessfullyreceivedandtheacknowledgementhasbeensent.
nTheindoubtresolutionprocessusestheSonicMQjournaltoretainstate.
Evenifbothserversfailintheprocessatdifferenttimes,guaranteedexactlyoncedeliveryisassured.
AmoredetaileddescriptionofSonicMQdeadmessagequeuescanbefoundinChapter3,"GuaranteeingMessages.
"ExchangingConnectionInformationforIndoubtResolutionWhenoneserverconnectstoanotherforglobalqueuerouting,thetwoserverspassinformationabouteachother'sroutingnodebetweenthem.
Twopiecesofthisinformationrelatetohowtheserverthatreceivedtheoriginalconnectioncanreconnecttotheoriginatingserver.
SonicMQDeploymentGuide117Store&ForwardQueueRoutingfromaTradingPartnerConsiderthecasewhereaserverinaRoutingNode(namedMart)connectstoaportalnamedXchange.
Considerthemostcomplicatedcase,wherebothMartandXchangeareclusters.
ItisclearthatMartknowshowtoconnecttoXchange(becauseitmadetheoriginalconnectioninthefirstplace).
Regardlessofwhethertheinitialcontactwasload-balancedacrosstheXchangecluster,theparticularserverinMartknowsexactlywhattheultimateconnectionpropertieswerethatallowedittoconnecttoaparticularserverinXchange(serverURL,password,username).
Iftheconnectionfails,thenMartcanreusethisinformationtoattempttoreconnectbacktotheexactsameserveronXchange.
IfMartneedstoreconnect,itcanreusetheoldconnectioninformationinordertoresolveindoubtmessages.
However,thisdoesnotexplainhowXchangecanreconnecttoMartifmessagesareindoubtonXchange.
ThereasonXchangecanreconnecttoMartisthatMartpassedthevalueofitsDEFAULT_ROUTING_ACCEPTOR(fromitsbroker.
inifile)intoXchangewhentheconnectionwasfirstestablished.
AdvertisingRoutingConnectionInformationTheotherpropertiesforthisconnection(username,password,timeout,advertising)areretrievedfromtheXchangeroutingconnectiondatabase.
XchangelooksupMartandusesonlythesefields,nottheentireconnectionURLorload-balancing.
IfthereisnoentryforMart,thenthefollowingdefaultsareused:nusername="AUTHENTICATED"ThisindicatesthatthecertificateidentitywillbeusedintheSSLconnection.
npassword=""ntimeout=CONNECT_IDLE_TIMEOUTnadvertise=falseNoteTheDEFAULT_ROUTING_ACCEPTORpropertyappliesonlytoindoubtmessages.
Newmessagesthatarrivecantriggeranewconnectiontoadifferentserverinthecluster.
Chapter7:DynamicRoutingArchitectureinaMulti-nodeApplication118SonicMQDeploymentGuideTheotherpieceofconnection-relatedinformationthatpassesbetweenMartandXchangewhenMartconnectstoXchangeisastaticallydefined"routingincoming-connection.
"ThisallowsMarttooverridetheoutgoingroutingconnectionpre-configuredonXchangeorcreateadynamicvalueforitiftheconnectionisnotpresent.
Martcreatesitsroutingincoming-connectionbyenteringaroutingconnectionforitselfinitsownroutingconnectiondatabase.
TheAdministratoronMartcanuseAdmintool,Explorer,ortheManagementAPItocreatethisentry.
Forexample,theAdministratorscouldissuethefollowingAdmintoolcommands:[onMart]:Admin>setroutingMart"ssl://www.
mart.
com"userpwd300lbThisinformationwillonlybesenttoXchange(butonlyifMarthasusedtheadvertiseflagonitsconnectiontoXchange).
Thatis,ithas[onMart]:Admin>setroutingXchange"ssl://xchange.
com"userpwdadvertiseXchangecanchoosetoignorethisincoming-connectioninformationsentfromMartbyspecifyingthatitistousestaticroutingsonlywhengoingtoMart.
[onXchange]:Admin>setroutingMart"ssl://172.
09.
3.
192"""""4000nolbstaticRoutingconnectionsaresubjecttothefollowingconditions:nDEFAULT_ROUTING_ACCEPTORisalwayspassed.
However,advertisingtheroutingincoming-connectionisonlydoneiftheoriginalroutingconnectionhastheadvertiseflagset.
nTheincoming-connectioninformationisneverusediftheroutingnodehasanoutgoingconnectiondefinedasstatic.
nToenhancesecurity,theroutingincoming-connectionneverpassestheusernameorpasswordacrossthewire.
nThefollowingparametersofanadvertisedincoming-connectionareneverusedbythereceivingserver:username,password,idletimeout,andtheadvertiseflag.
Theseparametersarealwaysretrievedfromtheoutgoingroutingconnectiontable.
SonicMQDeploymentGuide119Store&ForwardQueueRoutingfromaTradingPartnernIftheoutgoingroutingconnectiontabledoesnotcontainanentryforagivenroutingnode,thevaluesforusername,password,idletimeout,andtheadvertiseflagaresetto:–username="AUTHENTICATED"ThisindicatesthatthecertificateidentitywillbeusedintheSSLconnection.
–password=""–timeout=CONNECT_IDLE_TIMEOUT–advertise=falsenIfDEFAULT_ROUTING_ACCEPTORisnotdefined,itwilldefaulttoacombinationofthefirst(index=1)acceptorinthebroker.
inifile.
Thatis,itwillbe:DEFAULT_SOCKET_TYPE://IP_OR_HOST_1:PORTnTheusernameandpasswordfoundintheoutgoingroutingconnectiontable.
Ifthesearenotfound,thenAUTHENTICATEDisused,whichimpliestheuseofcertificateidentityonanSSLconnection.
ConnectionTimeoutTheconnectionfromTradingPartnertoPortalcanbeautomaticallyclosedbytheTradingPartneriftheconnectionhasbeenconfiguredwithatimeout(oridle)parameter.
Thevalueoftheidleconnectiontimeoutinseconds(CONNECT_IDLE_TIMEOUT)isspecifiedwhenaroutingforaroutingnodeisdefinedthroughtheAdmintool,Explorer,orAdministrationAPI.
Thedefaultvalueoftheidleconnectiontimeoutis300seconds(5minutes).
Iftheconnectionidletimeoutvalueis0,theconnectionwillnottimeout.
Ifaroutingconnectionremainsidleforthedurationspecifiedbythetimeout,itisterminated.
Amessagedescribingthiseventisdisplayedontheserversatbothendsoftheconnection.
Whenthenextmessagearrivesintheroutingqueueforthisservernewload-balancedconnectionwillbemade(usingtheconnectionlogicdescribedabove).
Eachsideofaconnectionbetweenroutingnodesindependentlymonitorstheidletime,andeitheronecanterminatetheconnection.
EachusesitsownChapter7:DynamicRoutingArchitectureinaMulti-nodeApplication120SonicMQDeploymentGuidetimeout,asspecifiedintheroutingconnectionsdatabase.
Ifthereisnoentryfortheremoteroutingnode,theCONNECT_IDLE_TIMEOUTinthebroker.
inifilewillbeused.
Ifthisvalueisalsonotset,itdefaultsto300seconds.
Iftheidletimeoutvalueischangedforaremoteroutingnodeandthereareactiveconnectionsbetweenthelocalroutingnodeandtheremoteroutingnode,thenewvaluetakeseffectimmediately(onthelocalsideoftheconnection).
However,ifyouchangeanidletimeoutvaluedynamically,anewtimeoutperiodisstarted.
Portal-initiatedConnectionsOftenthePortalwillberequiredtosendmessagestotheTradingPartners.
IntheeventthattheTradingPartnerhastimed-outitsconnection,however,thePortalwillberequiredtore-establishtheconnection.
ThePortal(oranyserverinthecluster)sharesroutinginformationbyqueuename.
EachTradingPartner'sglobalqueue,suchasXyz::inQ,isassociatedwiththeconnectionthattheTradingPartnerhadpreviouslyestablished.
Intheeventthatnopreviousconnectionhasbeencreated,thenthePortaladministratormusthavecreatedalistofroutingconnectionsthatassociatetheindividualroutingnodenamestoparticularserverURLs(orlistsofURLs).
IfamessageneedstobesenttotheTradingPartner,theroutetableisusedtoseehowtore-establishtheconnection,ifnecessary.
Iftheconnectioncurrentlyexists,themessagewillberoutedtotheserverintheclusterwheretheconnectionisactive.
Iftheconnectiondoesnotexist,theroutingconnectiontableisqueriedforitscurrentvalueoftheconnectionURLsandotherconnectionproperties.
ThisispreconfiguredadministrativelyusingtheAdmintool,Explorer,ortheManagementAPI.
IfnoconnectionURLhasbeenpreconfiguredandnoincoming-connectionhasbeenadvertised,thenthemessagewillbeflaggedasundeliverableandcheckedtoseeifitwillbesenttotheSonicMQ.
deadMessagesystemqueue.
Administrativenotificationsmightalsobesent.
ATradingPartnercanalsospecifyaConnectURLtouseforincomingroutingconnections.
ThisisspecifiedfortheserverandwillbeadvertisedtothePortalwhentheTradingPartnerfirstconnects.
IfthisadvertisedconnectURLisspecified,thenitwillbeusedbeforetheconnectionURLsstaticallyconfiguredSonicMQDeploymentGuide121Store&ForwardQueueRoutingfromaTradingPartneronthePortal,unlessthePortaloverridesthissettingbyusingthestaticflagonitspreconfiguredroutingconnection.
TheremightbesomecaseswhereaTradingPartnerisunwillingtoexposeitsroutingnodetoexternalconnections.
Inthiscase,theTradingPartnermustmaintaintheconnectiontothePortalwithoutatimeout.
Otherwise,iftheconnectiontimesout,messagesdestinedfortheTradingPartnerwillbelost.
ConnectionSecurityTheconnectionbetweentwoserverswillbemutuallyauthenticated.
Server-to-serverconnectionscanoccurwhentworoutingnodesconnectorwhenserversmutuallyconnectwithinacluster.
Inbothcases,SSLisoptional.
Table8indicateswhatauthenticationisdoneonaconnectionbyaSonicMQserverwhenaclientoranotherserverattemptstogetaconnection.
Note:SSLsupportisonlyavailablewithSonicMQProfessionalDeveloperEditionandE-BusinessEdition.
Table8.
ConnectionSecurityCheckingPassword-basedAuthenticationSSLClientAuthenticationBehaviordisableddisabledTheclientconnectionisalwaysaccepted.
disabledenabledOnlyvalidchainsthatcontainatrustedcertificateareaccepted.
Validmeansthatallsignaturesverifyandnocertificatesareexpired.
enableddisabledTheclientconnectionisacceptedonlyiftheclientissuccessfullyauthenticatedbyusername/password.
Thisauthenticationmodeistypicallyusedinmulti-nodeapplications,betweenindividualclientsandtheirlocalservers.
Chapter7:DynamicRoutingArchitectureinaMulti-nodeApplication122SonicMQDeploymentGuideLoad-balancingAcrossPortalApplicationsYourPortalwillprobablycontainacollectionofreplicatedservices.
ChiefamongthesecouldbethemainPortalApplicationwhosetaskistoexamineincomingmessagesfromaTradingPartnerandroutethesetootherTradingPartners.
ThetasksofthePortalApplicationareto:nReceiveasinglerequesttothePortal::appQqueue.
nLookatthemanifest.
nDecidewherethemessageneedstoberouted.
nUpdatethemanifestifnecessaryandsendthemessagetoaQueueassociatedwithsomeotherTradingPartner.
enabledenabledOnlyvalidchainsthatcontainatrustedcertificateareaccepted.
Validmeansallsignaturesverifyandnocertificatesareexpired.
Onceaclientcertificatechainisaccepted,theclientconnectionisacceptedonlyiftheclientisrecognizedbytheserver.
Thisisdonebyverifyingthattheusernamefortheconnectionmatchestheprincipalnameinthesecuritydatabase.
IftheusernameisthestringAUTHENTICATED,theeffectiveusernamewillberetrievedfromtheidentityembeddedintheclientcertificate(theSubjectCommonName).
Whenusingthiscertificateidentity,theuserisautomaticallyauthenticatedwithoutcheckingpasswords.
Thisauthenticationmodeistypicallyusedinconnectionsbetweenserversindifferentroutingnodes.
Table8.
ConnectionSecurityChecking(continued)Password-basedAuthenticationSSLClientAuthenticationBehaviorSonicMQDeploymentGuide123Store&ForwardQueueRoutingfromaTradingPartnerToaccomplishthisprocessing,youmightuseoneormoreofthefollowingfeatures:nYoucanmakeboththereceiveandthesendpartofasinglelocalclienttransaction.
Thatis,asetofmessagesmightneedtobecommittedasasinglelogicalunitofwork.
nTheprocessingofroutingrequestsmightneedtobetotallystateless.
Inthiscase,eachactiveapplicationshouldnotbededicatedtoaparticularTradingPartner.
nPortalApplicationscanbelocatedonremotecomputers.
Eachapplicationcanconnecttomanyorallserversinthecluster.
TheabilityofthePortaltoload-balancedynamicallybetweenthePortalApplicationshappensautomaticallybasedonstandardJMSQueueReceiverbehavior:nEachPortalApplicationcreatesconnectionstooneormoreserversinthePortalcluster.
nEachoftheseconnectionsisusedtocreateatransactedJMSQueueSession.
nTheQueueSessionisusedtocreateaQueueReceiveronthequeueappQ,whichexistsoneachserverinthecluster.
nAQueueSenderisalsocreatedoneachoftheseQueueSessions.
nThisload-balancingacrossQueueReceiversonthesamequeueoccursautomaticallyinSonicMQ.
Load-balancingofPortalservicesisnotconfiguredattheserver/clusterlevel.
Chapter7:DynamicRoutingArchitectureinaMulti-nodeApplication124SonicMQDeploymentGuideFigure32illustratestheconceptofloadbalancing.
Whenmessagesarriveataclusterdestinedforaparticularqueue,theyareautomaticallyroutedtothenearestserverthatsupportsthisqueue.
Thismeansthatiftheactualserverwheretheconnectionismadesupportsthisglobalqueue,themessagewillbedeliveredthere.
Onlyifthereceivingserverdoesnotsupportthequeuedirectlywillitberoutedtoanotherserverintheroutingnodewherethisglobalqueueisdefined.
Figure32.
Routing:LoadBalancingPortalSSLServerRoutingQueueClusterServerto/fromTradingPartnersRoutingQueueappQappQPortalApplicationMachine1createQueueReceiver("appQ");createQueueReceiver("appQ");PortalApplicationMachine2createQueueReceiver("appQ");createQueueReceiver("appQ");SonicMQDeploymentGuide125QueueRoutingfromPortaltoTradingPartnersQueueRoutingfromPortaltoTradingPartnersInroutingfromthePortalApplicationtoaTradingPartner,thePortalApplicationsimplyneedstoidentifytheappropriatelynamedqueueforthatpartner.
Figure33illustratesroutingfromaPortalApplicationtoaTradingPartner.
TosendamessagefromaPortalApplicationtoaqueueonaTradingPartner:1.
ThePortalApplicationneedstosendtoaparticularTradingPartnersoitfindstheassociatedroutingnodenameforthatTradingPartner.
Intheexample,thenameisXyz.
2.
Theroutingnodenameiscombinedwiththenameofthequeuetocreatetheremotequeuename(Xyz::inQ).
ThePortalApplicationcreatesaJMSqueuedestinationforthisnameandsendsittoaserverinthecluster.
Figure33.
Routing:PortaltoPartnerTradingPartner:XyzServerPortalSSLRoutingQueueTradingPartnerApp(s)ServerappQRoutingQueueinQtmpQPortalApplicationsend(msg,"Xyz::inQ")ClustercreateQueueReceiver("inQ")ServerappQRoutingQueueChapter7:DynamicRoutingArchitectureinaMulti-nodeApplication126SonicMQDeploymentGuide3.
Theclusteredserverlooksupthisdestinationinitsroutetable.
TheconnectionfortheXyzroutingnodeexistsintheroutetablebecausethelasttimethatTradingPartnerXYZconnected,itadvertisedthisqueuetotheclusterasaglobalqueuethatitsupports.
Theroutetablepersistentlyremembersthisconnection.
4.
WhentherouterneedstoforwardtoXyz::inQitlooksuptheconnectionintheroutetable:nIftheconnectionisstillactive,itisused.
ThisstepmightinvolveahopwhereoneserverintheclusterroutesthemessagetotheserverthatisconnectedtoXyz.
nIftheconnectionhastimed-out,becomeidle,orjustclosed,theroutingserverwillattempttore-establishtheconnectionwiththeTradingPartnerserver.
5.
WhenthemessagedoesarriveattheTradingPartnerserver,itisimmediatelyplacedontheinQqueue.
6.
AnexistingapplicationthathascreatedaQueueReceiverontheinQqueuewillreceivethemessage(eithersynchronouslyorasynchronously)asprogrammedusingnormaldesignpatterns.
AccesscontrolismaintainedinthePortalconfigurationwheretheusernameofaTradingPartnerisuniquelymappedtothenameofitsroutingnode.
NootherTradingPartnercanreceivemessagesfortheroutingnodeassociatedwithagivenTradingPartner.
BecausetheusernameisdeterminedfromthecertificateusedtocreatetheSSLconnection,thislevelofsecurityensuresthatnoTradingPartnercanaccidentallyorintentionallyinterceptmessagesintendedforanotherTradingPartner.
SonicMQDeploymentGuide127SystemManagementSystemManagementTheSonicMQmulti-nodesolutionsupportscentralizedmanagementofthePortalandtheTradingPartners.
ItalsoletsindividualTradingPartnersmanagetheirresourceslocally.
Youcanperformallmanagementtasksoneofthreeways:nAdmintool,acommand-linetoolthatsupportstheuseofscripts.
SeetheSonicMQInstallationandAdministrationGuideforadescription.
nSonicMQExplorer,agraphicalinterfacetool.
SeetheSonicMQInstallationandAdministrationGuideforadescription.
nTheManagementAPI.
Seeprogress.
message.
tools.
BrokerManagerinthejavadoc.
Allthreeoptionsrequireyoutoconnecttotheserverwithanadministrationnameandpassword.
TheconnectionismadethroughJMS,canbedoneremotely,andcanbesecuredusingSSL.
PortalManagementThePortalisusuallyaclusterofservers,inwhichcaseyoushouldmanageallserversusingaconfigurationserver.
ByusingaconfigurationserveryoucanupdateinformationoncefortheentirePortal.
TradingPartnerManagementYoucanmanageTradingPartnerserversinthreeways:nUseAdminorExplorertoolsfromtheTradingPartneritself.
nUseAdminorExplorertoolsfromthePortaltoallowforremoteconfigurationoftheTradingPartnerbythePortaloperators.
nHaveTradingPartnerapplicationsorapplicationsrunningatthePortalsitemanagetheserversusingtheManagementAPI.
NoteThisisoptional.
TradingPartnersmaynotallowremoteadministrationoftheirserverfromthePortal.
Chapter7:DynamicRoutingArchitectureinaMulti-nodeApplication128SonicMQDeploymentGuideForexample,asPortalconfigurationchangesorTradingPartnerinformationisupdated,theseapplicationscanautomaticallyreconfiguretheserverinformationattheTradingPartner.
ThiscouldonlybedonewithpermissionsgrantedbytheTradingPartner.
DeadMessageQueueBecauseofhardwareornetworkfailures,orforotherreasons,itisalwayspossiblethatamessagewillfailtobedelivered.
Whenthishappens,anadministrativeeventisgeneratedand(dependingonasettinginthemessageheader)themessagemightbesenttoaspecialsystemqueuecalledtheDeadMessageQueue.
SeeChapter3,"GuaranteeingMessages"forathoroughdescriptionofthissubject.
TradingPartnerRequest/ReplyExampleThissectionpresentsanexampleshowinghowapplicationsattheTradingPartnercanimplementasynchronousrequest/replylayerontopofglobalqueuerouting.
Normalsupportforsynchronousrequest/replydesignpatternsiscomplicatedinthecaseofglobalqueueroutingduetothefollowingissues:nCreatinguniquetemporaryqueuesnAccessingtemporaryqueuesacrossTradingPartnersecuritydomainsTypically,thedesignpatternforrequest/replyisto:nMakeatemporaryqueuenSettheJMSReplyToheadertothisdestinationnDoasynchronousQueueSender.
receive()onthemessage(withanoptionaltimeout)TheJMSReplyToheaderislikelytobeusedwhenaTradingPartnerapplicationneedssomelow-latencysynchronousinteractionwithotherpartners.
Thismightbeaquickpricecheck,inventorystatus,orsimilartypeofinformation.
Forthistypeofrequest,theapplicationisexpectedtobeblockingforlessthanSonicMQDeploymentGuide129TradingPartnerRequest/ReplyExample10secondsorso.
Thedevelopershouldusemessagingwiththefollowingsettingsforsynchronousrequests:nLowQualityofService(NON_PERSISTENT,unencrypted,smallmessages).
nExplicit,andshort,TimeToLive.
nMessageexpirationmightraiseanotification,butthemessagewillnotbesavedintheDeadMessageQueue.
nHighpriority(toexpeditedelivery).
Iftherequestislost,theapplicationisexpectedtosimplyretrytherequest.
TheissuewiththenormaldesignpatternofusingatemporaryqueueforthisinteractionistheneedtopreventaTradingPartnerfromknowingaboutanother'srequests.
Insteadofatemporaryqueue,itismoreconvenienttouseasecondglobalqueueattheTradingPartner'ssite.
ThissecondqueuecanbeconfiguredatthePortaltoensuresecurity.
Inourexamples,thisqueueisnamedtmpQ.
ThereasonthisqueueisnotthesameasthenormalinQqueueistoallowforeasieradministration.
MessagesontmpQcanbeassumedtobetransient,andthequeuecanbecleanedupwithoutworryingaboutlosingimportantbusinessdocuments.
ManyapplicationsattheTradingPartnermightsimultaneouslyrequestinformation.
Becauseofsecurityconcerns,itiseasierforthemtoshareasinglequeue.
EachapplicationcanuseselectorsonitsQueueReceivertorequestitsreply.
Hereissamplepseudo-codethatillustatesthisuseofselectors://CreatearequestTextMessagem=session.
createTextMessage();m.
setJMSReplyTo("acme::tmpQ");//psuedo-codem.
setText("InventoryCheck:#1234");//Createauniquequeuereceiverforthereply//NOTEuseofselectorStringuniqueID=createUniqueId();m.
setProperty("AppUniqueId",uniqueID);QueueReceiverqr=session.
createQueueReceiver("tmpQ","AppUniqueID='"+uniqueID+"'");//Wait7secondsforareply.
TextMessagerep=qr.
receive(m,7000);Chapter7:DynamicRoutingArchitectureinaMulti-nodeApplication130SonicMQDeploymentGuideSonicMQDeploymentGuide131Chapter8ImplementingMulti-nodeInstallationsIntroductionThischapterdescribestheSonicMQsetupneededtoimplementtheTradingPartnerandPortalinstallationsdescribedearlier.
Figure34illustratestherelationshipbetweentheTradingPartnerandPortal.
Figure34.
High-levelViewofTradingPartner-PortalConfigurationPortalInternetPortalFirewallFirewallFirewallPortalApp(Routing)PortalApp(Routing)TradingPartnersPortalServicesPortalServicesSSLSSLCompanyAAppAppStore&FwdCompanyBAppAppStore&FwdChapter8:ImplementingMulti-nodeInstallations132SonicMQDeploymentGuideInparticular,thischapteraddresses:nTradingPartnerConfiguration:–Firewallsetup–SonicMQserverinstallationandsetup–SonicMQroutingnodesetup–SonicMQsecurity/routingconfigurationnPortalConfiguration:–Firewallsetup–SonicMQserverinstallationandsetup–SonicMQconfigurationserverinstallationandsetup–SonicMQroutingnodesetup–SonicMQsecurity/routingconfigurationDefinitionofTermsTable9providesdefinitionsforthenamesusedinthesampleconfigurationfilesandAdminShellscriptsthatarepresentedlaterinthechaptertoimplementtheconfigurations.
YouwouldchangemostofthesenameswhendeployingyourownSonicMQmulti-nodeconfiguration.
ImportantSeetheSonicMQInstallationandAdministrationGuideformoreinformation,especiallyintheareasofsecurityandserverclusterconfiguration.
SonicMQDeploymentGuide133DefinitionofTermsTable9.
NamesUsedinSampleAdminShellScriptsNameDefinitionLocationAcmeTheroutingnodenameforthesampleTradingPartnerAcme'sbroker.
iniAcmeCoTheroutingusernameAcmeusestoconnecttoXchangeSecuritydatabaseatportal(ntconfig)ApplicationsThegroupnameforadministeringsecurityforallapplicationusersasagroup(user1,user2,anduser3aremembersofthisgroup)SecuritydatabaseatAcmeappQTheglobalqueuethatistobehandledbytheportalroutingapplicationEveryportalserverConfigServerTheBROKER_NAMEfortheconfigurationserverattheportalbroker.
inionntconfigdirect.
ATheglobalqueueonportala.
xchange.
comthathandlessynchronousrequestsOnserverPortalA(atportal)direct.
BTheglobalqueueonportalb.
xchange.
comthathandlessynchronousrequestsOnserverPortalB(atportal)direct.
CTheglobalqueueonportalc.
xchange.
comthathandlessynchronousrequestsOnserverPortalC(atportal)inQTheglobalqueuethatistoreceivemessagesforaparticularTradingPartnerAcme'sserverntconfigThemachinenamefortheconfigurationserver(notaccessiblefromoutsidetheportalbyaDNSlookup)"Hosts"fileavailabletoallportalmachinesPortalATheBROKER_NAMEforoneoftheclusteredserversattheportalbroker.
iniononeportalmachineportala.
xchange.
comThenameofthemachinehostingoneoftheportal'spubliclyaccessibleserversDNSlookupserverontheInternetChapter8:ImplementingMulti-nodeInstallations134SonicMQDeploymentGuidePortalBTheBROKER_NAMEforoneoftheclusteredserversattheportalbroker.
iniononeportalmachineportalb.
xchange.
comThenameofthemachinehostingoneoftheportal'spubliclyaccessibleserversDNSlookupserverontheInternetPortalCTheBROKER_NAMEforoneoftheclusteredserversattheportalbroker.
iniononeportalmachineportalc.
xchange.
comThenameofthemachinehostingoneoftheportal'spubliclyaccessibleserversDNSlookupserverontheInternetPortalClusterThenameoftheclusterattheportalClusterdatabaseatportal(ntconfig)pUserTheusernameusedbyportalroutingapplicationsSecuritydatabaseatportal(ntconfig)RoutingQueueTheinternal"routingqueue"automaticallycreatedonallserversAllSonicMQserversRoutingUsersThegroupnameforadministeringsecurityforallportalroutingapplicationsasagroup(pUserisamember)Securitydatabaseatportal(ntconfig)thePortalRoutingusernamefortheXchangeroutingnodewhenitconnectstoAcmeSecuritydatabaseatAcmeTradingPartnersThegroupnameforadministeringsecurityforalltradingpartnersasagroup(AcmeCoisamember)Securitydatabaseatportal(ntconfig)user1SampleusernameforapplicationusersatAcmeSecuritydatabaseatAcmeuser2SampleusernameforapplicationusersatAcmeSecuritydatabaseatAcmeuser3SampleusernameforapplicationusersatAcmeSecuritydatabaseatAcmeTable9.
NamesUsedinSampleAdminShellScripts(continued)NameDefinitionLocationSonicMQDeploymentGuide135DefinitionofTermswww.
acme.
comThenameofthemachinehostingAcme'sSonicMQserver(accessiblebyexternalDNSlookup)DNSlookupserverontheInternetXchangeTheroutingnodenamefortheportalEachbroker.
iniforallclusteredportalserversTable9.
NamesUsedinSampleAdminShellScripts(continued)NameDefinitionLocationChapter8:ImplementingMulti-nodeInstallations136SonicMQDeploymentGuideHigh-levelArchitectureFigure35illustrateshowatypicalinstallationataTradingPartner(namedAcme)communicateswiththePortalApplicationrunningattheportal(namedXchange).
Thefollowingsectionsdiscussthissetupingreaterdetail.
TradingPartnerConfigurationThissectiondescribestheconfigurationofaTradingPartnernamedAcmeCompany.
ThiscompanyhasinstalledtheirSonicMQserverintheDMZonamachineaccessibleaswww.
acme.
com.
AspartoftheiragreementwiththeXchangePortal,AcmeCompanyhascommittedto:Figure35.
TradingPartner-PortalConfigurationBrokerPortalApplicationcreateQueueSender("Acme::inQ")createQueueReceiver("appQ")ServerTradingPartnerApp(s)createQueueSender("Central::appQ")createQueueReceiver("inQ")ServerRoutingQueueinQSonicMQAdminClient(s)ServerAConfigurationServerSonicMQAdminClient(s)TradingPartner(Acme)Portal(Xchange)SSLappQRoutingQueueSonicMQDeploymentGuide137High-levelArchitecturenInstalltheSonicMQserveronwww.
acme.
com.
nPunchaholeintheoutsidefirewalltoallowSSLconnectionsonport2507.
nAllowincomingconnectionsfromXchangeonport2507.
TheXchangeusermustidentifyitselfasthePortaloverthisconnection.
nUsetheroutingnodenameAcmeindealingswithXchange.
WhenconnectingtothePortal,AcmeCompanyhasagreedto:nConnectusingthePortalcontactpoints:ssl://portala.
xchange.
com:2507andssl://portalb.
xchange.
com:2507.
nIdentifyitselfusingacertificatesuppliedbythePortal.
ThiscertificatecontainstheusernameAcmeCo.
AcmeCompanyalsoplanstouseTradingPartnerapplicationsthatwillaccessthelocalserveronwww.
acme.
com:nAcmeCowillcreateagroupofuserscalledApplications.
nTheusersinthisgroup,user1,user2,anduser3,willbemanagedbyAcme.
nNousersexceptuser1,user2,anduser3cansendtotheappQatXchangeorcanreadfromtheinQ.
nTheseusersmustbeabletoaccesstheAcmeCompanyserver.
AcmeCompanyhasdecidedtousenormalTCPconnectionstotheserver.
Theirinternalfirewallwillbeconfiguredtoallowforconnectionstotcp://www.
acme.
com:2506.
AcmeCompanyhasrefusedtoallowtheXchangePortaltoremotelyadministertheirinstallation:nAcmeCompanywillnotconfigureaRemoteXchangeAdminuser(intheAdministratorsgroup).
nTheAdministratorsgroupwillhaveasingleuser,Administrator,setuplocally.
Chapter8:ImplementingMulti-nodeInstallations138SonicMQDeploymentGuideFigure36showshowtheAcmeinstallationwilllook.
FirewallSetupThefirewallsetuprequiresthefollowingsteps:nConfiguretheDMZtoallowanSSLconnectionoverport2507.
nConfigureinternalapplicationstoallowTCPconnectionoverport2506.
Figure36.
TradingPartnerConfigurationforAcmeInstallationTradingPartnerApp(user1)TradingPartnerApp(user2)TradingPartnerApp(user3)SonicMQAdminClient(s)(Administrator)to/fromportal(Xchange)Firewallwww.
acme.
comSonicMQServerhole:ssl/2507RoutingQueueinQCertificatetcp/2506IntranetDMZInternetSonicMQDeploymentGuide139High-levelArchitectureSonicMQTradingPartnerConfigurationThefollowingstepstellyouhowtoconfigureatradingpartner.
StandardSonicMQconfigurationforallTradingPartners:1.
InstallSonicMQ.
2.
Re-createthedatabaseusingtheSonicMQdbtooltoreconfigurethebasictablesandcreatethesecuritydatabase:c:\sonic\bin>dbtool/rbasicc:\sonic\bin>dbtool/csecurity3.
Changetheserverlogfilename(recommended):BROKER_LOG=server.
log4.
Makeanyotherchangestothebroker.
inifilethatyouwish.
Forexample,youmightwishtomaketheserverpartofacluster.
Moreinformationonstandardbroker.
inisettingsisavailableintheSonicMQInstallationandAdministrationGuide.
SonicMQStaticConfigurationAfteryouhavecompletedtheinstallationataTradingPartner,youmustsetparameterstodefinethespecificsofthisinstallation.
Settheparametersinbroker.
iniasfollows:nGlobalRoutingParameters:–SetROUTING_NODE_NAME,theunique,maximum256-character,routingnodenameforthisportal.
Inthisexample,setROUTING_NODE_NAME=Acme.
–SetDEFAULT_ROUTING_ACCEPTOR,thepreferredURLforindoubtconnections.
Thisparameterisoptional,butusefulifthereareanyissueswithhowtheRoutingNodeistobeexposedtotheInternet.
SonicMQattemptstocreatethisbydefaultbasedontheIPaddressofthenodeanditsdefaultsocket/port,thatis,ssl://www.
acme.
com:2507.
Chapter8:ImplementingMulti-nodeInstallations140SonicMQDeploymentGuidenSonicMQAcceptors:–SettheNUM_ACCEPTORStospecifyhowmanyaccessmodestherewillbe.
ForeachmodeyoumustalsospecifytheIPaddressorname,sockettype(SSLorTCP),andport.
–Foreachacceptor,specifythesockettypeandport.
–ForeachSSLacceptor,specifytheSSLcertificateinformation(seebelow).
Inthisexamplethesesettingsare:NUM_ACCEPTORS=2DEFAULT_SOCKET_TYPE=sslIP_OR_HOST_1=www.
acme.
comPORT=2507SOCKET_TYPE_2=tcpIP_OR_HOST_2=www.
acme.
comPORT_NUMBER_2=2506nSSLmustbeconfiguredtosupportcertificatesandencryption:SSL_CLIENT_AUTHENTICATION=TRUESSL_CIPHER_SUITES=SSL_RSA_WITH_3DES_EDE_CBC_SHASSL_PRIVATE_KEY=certs/serverkey.
derSSL_PRIVATE_KEY_PASSWORD=your_passwordThisconfigurationassumesthedefaultvaluesofthefollowingSSLsettings:SSL_CA_CERTIFICATES_DIR=certs/caSSL_CERTIFICATE_CHAIN=certs/serverCertChain.
chainSonicMQAdminConfigurationAftertheprecedingconfigurationsarecomplete,youmustestablishqueues,users,andgroups.
YoucancompletethefollowingtaskswiththeAdminshellscriptprovidedinthissection.
YoucanalsouseExplorerortheAdministrationAPI:1.
InitializetheserverconfigurationforthoseitemsneededtosupporttheTradingPartnerapplication:–Applicationqueues/topics–Application-relatedusers/adminSonicMQDeploymentGuide141High-levelArchitecture2.
PuttheusersinanApplicationsgroupandgivethemthefollowingaccessrights:–SENDtoappQ–RECEIVEtoinQ3.
GivethePortalroutinguseraccessrightsto:–SENDtoinQ(andanyotherapplicationqueues)ThefollowingAdminshellscriptshowsthecommandsnecessaryforsettingupthePortal:////SetupfileforTradingPartner//connectbrokerlocalhostAdministratorAdministrator//Createlocalapplicationusers(inan"Applications"group)//AddsampleuserstothegroupaddgroupApplicationsadduseruser1pwd1adduseruser2pwd2adduseruser3pwd3addgroupuserApplicationsuser1addgroupuserApplicationsuser2addgroupuserApplicationsuser3//Portalisat"ssl://portala.
xchange.
com:2507".
Useaload//balancedconnectionwitha10minutetimeout.
setroutingXchange"ssl://portala.
xchange.
com:2507"/AcmeCopwdlb600advertise//ConfigurethePortaluser(toallow"Xchange"to//callbackintothisroutingnode)addroutinguserthePortal"Xchange"pwd//Createincomingglobalqueues.
setqueueinQglobal//Overridepropertiestothesystemqueues.
setqueueSonicMQ.
deadMessagelocal1200,1400,15000setqueueSonicMQ.
routingQueuelocal1200,1400,2000//ACLs--PreventeveryonefromaccessingallQueues//unlessexplicitlygrantedbelow.
setqueueacl#PUBLIC-snd-rcvChapter8:ImplementingMulti-nodeInstallations142SonicMQDeploymentGuide//ACLs--ApplicationscansendtoappQanddirectqueues//(onXchange),andreceivefromothersqueuesetqueueaclappQApplications+snd-rcvsetqueueacldirect.
*Applications+snd-rcvsetqueueaclinQApplications-snd+rcv//ACLs--theportalusercanonlysendtoinQ/tmpQsetqueueaclinQthePortal+snd-rcv//logoutbye4.
ChangetheAdministrationpasswordforthisinstallation.
PortalConfigurationThesetupofthePortalismorecomplexthanthatoftheTradingPartnerbecausethereisaclusterofservers,andallthepossibletradingpartnersmustbeconfiguredinthesecurityandroutingdatabase.
Figure37showsatypicalPortalconfiguration.
SonicMQDeploymentGuide143High-levelArchitectureInFigure37,notethattheconfigurationserver(ConfigServer)isonaseparatemachinefromalltheclusteredserversintheDMZ.
ThemachinedoesnothavetobeaccessibletotheInternetsoitisnamedlocallyasntconfig.
ThisserverissetupwithBROKER_NAME=ConfigServer.
TheservermanagestheclusterPortalCluster.
Figure37.
TypicalPortalConfigurationntconfigConfigServerportala.
xchange.
comportalb.
xchange.
comportalc.
xchange.
comPortalAPortalBPortalCRoutingQueuedirect.
AappQRoutingQueuedirect.
BappQRoutingQueuedirect.
CappQCertificateCertificateCertificateSonicMQAdminClient(s)(Administrator)PortalApplication(pUser)PortalApplication(pUser)PortalApplication(pUser)hole:ssl:2507to/fromTradingPartners(forexample,Acme)hole:ssl:2507hole:ssl:2507FirewallInternetDMZIntranettcptcpChapter8:ImplementingMulti-nodeInstallations144SonicMQDeploymentGuideAdministrationisdoneonlyontheconfigurationserver.
AllPortalApplicationsusethesameusername,pUser.
ThePortalApplicationsconnectwithuniqueConnectIDstoavoidconflict.
Therearethreemachinesshownaspartofthecluster.
TheirSonicMQservernamesarePortalA,PortalB,andPortalC.
TheseserversareexposedtotheInternetusingthehostnames:portala.
xchange.
com,portalb.
xchange.
com,andportalc.
xchange.
com.
EachoftheseserverssupportstheappQasaglobalqueue,buttheyalsosupportauniquelynameddirectaccessqueuethatenablesapplicationstoaddressmessagesbacktothisserver.
(Forexample,PortalBsupportsdirect.
Basitsglobalqueue.
AnyapplicationconnectedanywheretotheportalcanaddressmessagestoXchange::direct.
Bandthemessagewillberoutedtothecorrectserverinthecluster.
)Thenamesofthesynchqueues,direct.
A,direct.
B,anddirect.
C,includeperiodstoallowforwildcardACLs,asshowninthefollowingexample:setqueueacldirect.
*pUser+sndFirewallSetupThefollowingstepstellyouhowtoconfiguretheDMZandinternalapplicationstosetupafirewallforyourportal.
TosetupthefirewallforthePortal:1.
ConfiguretheDMZtoallowanSSLconnectionoverport2507foreachcomputerthatisaccessiblefromTradingPartners.
2.
ConfigureinternalapplicationstoallowSSLconnectionoverport2508.
3.
Serverclustercommunication(betweenserversinthecluster)isassumedtobeoverTCP(port2506).
SonicMQDeploymentGuide145High-levelArchitectureConfigurationServerSetupYoumustsetuptheconfigurationserverwiththebroker.
inisettingsshowninthefollowingprocedure.
TosetuptheConfigurationServer:1.
InstallSonicMQ.
MakesuretheservernameisConfigServer.
Thiswillsetupthecorrectdatabasetables,aswellassetthevalueforBROKER_NAME=ConfigServer.
2.
RecreatethedatabaseusingtheSonicMQdbtooltoreconfigurethebasictables,createthesecuritydatabase,andincludetheserverclusterconfigurations:c:\sonic\bin>dbtool/rall3.
Changetheserverlogfilename(recommended):BROKER_LOG=config.
logMoreinformationonsettingupconfigurationserversisavailableaspartoftheSonicMQInstallationandAdministrationGuide.
ClusteredServerSetupYoumustsetupeachservertobeclusteredwithauniquename.
TosetupPortalA:1.
InstallSonicMQ.
1.
1MakesuretheservernameisPortalA.
ThiswillsetupthecorrectdatabasetablesandsetthevalueforBROKER_NAME=PortalA2.
RecreatethedatabaseusingtheSonicMQdbtooltoreconfigurethebasicdatabasetables:NoteYoumustenterthenamesofclusteredserversasusernamesintheconfigurationserver'ssecuritydatabase,andyoumustaddthoseusernamestotheAdministratorsgroup.
Chapter8:ImplementingMulti-nodeInstallations146SonicMQDeploymentGuidec:\sonic\bin>dbtool/rbasic3.
Setupeachserverwiththesameroutingnodename,butwiththedefaultroutingacceptorspecifictoitshost:ROUTING_NODE_NAME=XchangeDEFAULT_ROUTING_ACCEPTOR=ssl://portala.
xchange.
com:25074.
SetupacceptorsforPortalA.
Typically,youwouldsetupeachserverintheclusterwiththreeacceptors:oneforconnectionsfromtheexternaltradingpartners(usingSSLandport2507),oneforserverclustercommunications(usingTCPandport2506),andonetobeusedbyPortalApplications(usingSSLandport2508).
Usethefollowingpropertysettings:NUM_ACCEPTORS=3DEFAULT_SOCKET_TYPE=sslIP_OR_HOST_1=portala.
xchange.
comPORT=2507SOCKET_TYPE_2=tcpIP_OR_HOST_2=portala.
xchange.
comPORT_NUMBER_2=2506SOCKET_TYPE_3=sslPORT_NUMBER_3=2508IP_OR_HOST_3=portala.
xchange.
com5.
Setupthesecondacceptorforserverclustercommunicationswiththefollowingserverclustersettings:ENABLE_INTERBROKER=TRUEIB_CONFIG_SERVER=tcp://ntconfig:2506INTERBROKER_ACCEPTOR=2MoreinformationonsettingupclusteredserversisavailableintheSonicMQInstallationandAdministrationGuide.
SettingUpGlobalQueuesinaClusterYoumustconfigureeachoftheserversintheclustertosupporttheappropriateglobalqueues.
(Theaccesscontroltothesequeuesissetinthesecuritydatabasemaintainedbytheconfigurationserver.
)SonicMQDeploymentGuide147High-levelArchitectureForexample,youcanusethefollowingscripttocreatethequeuesfortheserverPortalB:////Setupfileforeachserverintheportalcluster.
//connectbrokerportalb.
xchange.
comAdministratorAdministrator//Createincomingglobalqueues.
setqueueappQglobalsetqueuedirect.
Bglobal//Overridepropertiesofsystemqueues.
setqueueSonicMQ.
deadMessagelocal1200,1400,20000setqueueSonicMQ.
routingQueuelocal1200,1400,4000//logoutbyeConfigurationServerSecurityConfigurationAftertheprecedingconfigurationsarecomplete,youmustestablishgroups,users,andaccesscontrolpermissionsintheconfigurationserver'ssecuritydatabase.
YoucanusetheAdmintool,Explorer,ortheManagementAPI.
Youcanfollowtheserulestosimplifytheprocess:nAlltradingpartnersarepartofalargerTradingPartnergroup.
nThisgroupcansendtotheglobalqueues(appQ,direct.
A,etc.
)onthePortal.
nThePortalApplicationswillallloginasacommonuser(pUser).
Theymightuseseparateusernames,butforthisexampleaddthemintoasinglegroup:RoutingUsers.
nPortalmembersofRoutingUsershaveaccessrightsto:–RECEIVEfromappQqueue–RECEIVEfromdirect.
*queues–SENDtoinQNoteYoumustspecifytheappropriateincomingglobalqueueforeachserverintheclusterwhencreatingincomingglobalqueues.
FortheserverPortalBintheprecedingcase,thecommandis:setqueuedirect.
Bglobal.
Chapter8:ImplementingMulti-nodeInstallations148SonicMQDeploymentGuideThefollowingAdminshellscriptshowsthecommandsnecessaryforsettingupthePortal:////SetupfileforPortalsecuritydatabase//connectbrokerntconfigAdministratorAdministrator//Createagroupforalltheinternalportalapplications.
//AddthenecessarylocaluserstothisgroupaddgroupRoutingUsersadduserpUserpwdaddgroupuserRoutingUserspUser//Createagroupforallthetradingpartners//(routinguserswillbeaddedtothisgroup,later).
addgroupTradingPartners//ACLs--PreventeveryonefromaccessingallQueues//unlessexplicitlygrantedbelow.
setqueueacl#PUBLIC-snd-rcv//ACLs--PortalApplicationscanreceivefromappQ/directqueues//andsendtothetradingpartnersinQ/tmpQsetqueueaclappQRoutingUsers-snd+rcvsetqueueacldirect.
*RoutingUsers-snd+rcvsetqueueaclinQRoutingUsers+snd-rcv//ACLs--theTradingPartnerscanonlysendtoappQ/directqueuessetqueueaclappQTradingPartners+snd-rcvsetqueueacldirect.
*TradingPartners+snd-rcv//logoutbyePortalConfigurationforAddingaNewTradingPartnerYouarenowreadytocreateanewTradingPartnerandconfigureitinthesecurityandroutingdatabasesforthePortalcluster.
ThissamplecreatestheinformationforAcmeatssl://www.
acme.
com:2507.
ToaddanewTradingPartner(Acme)atthePortal:1.
AddtheroutinguserAcme.
TheusernameisAcmeCo.
ByaddingAcmeCototheTradingPartnersgroup,youautomaticallygiveitthecorrectaccesspermissions.
SonicMQDeploymentGuide149High-levelArchitecture2.
AddtheroutingconnectionfortheAcmesite.
TheroutingnodenameisAcme.
ThisconfigurationcanbedonewiththeSonicMQExplorer,Admintool,orManagementAPI.
ThefollowingAdminshellscriptshowsthecommandsnecessaryforsettingupthePortal:////Setupfileforaddinguser"Acme"totheportal.
//connectbrokerntconfigAdministratorAdministrator//CreatethenewuserintheTradingPartnersgroup.
addroutinguserAcmeCoAcmepwdaddgroupuserTradingPartnersAcmeCo//SetuptheroutingtoAcmeusingtheusername/password//thatisexpectedbyAcme'ssecuritydatabase.
//Usea5minutetimeoutandadirect(notload-balanced)//connection.
setroutingAcme"ssl://www.
acme.
com:2507"thePortalpwd300/advertisestatic//logoutbyeYouhavenowcompletedtheconfigurationofyourTradingPartnerandPortalinstallations.
Chapter8:ImplementingMulti-nodeInstallations150SonicMQDeploymentGuideSonicMQDeploymentGuide151Chapter9RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitectureIntroductionThischapterwalksyouthroughasamplesetupprocedureforapossiblescenariousingSonicMQ'sDynamicRoutingArchitecture.
ThischapterdoesnotcoverallthefeaturesavailableinSonicMQ,butratherdemonstratesaparticularapplicationoftheDynamicRoutingArchitecturewithSonicMQ.
YouwillusescriptsandsampleprogramstosetupglobalroutingbetweenaTradingPartnerandaPortal.
ThisexampleisonlyoneofavarietyofapplicationsofglobalroutingintendedtoprovideaspecificexampleoftheimplementationsdiscussedinmoredetailinChapter8,"ImplementingMulti-nodeInstallations.
"Thischaptershowsyouhowtodothefollowing:nCreateaPortalnCreateaTradingPartnernDefinedefaultroutingbetweentheseroutingnodesnUsetheSonicMQGlobalTalksampleapplicationacrossthesenodesNoteTheexampleinthischapterusessecurityfeaturesandglobalroutingconcepts.
IfyouaregettingstartedforthefirsttimewithSonicMQ,seethesamplesprovidedinGettingStartedwithSonicMQ,whichdonotenablesecurityfeaturesorapplyglobalroutingconcepts.
Chapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture152SonicMQDeploymentGuideScriptsareprovidedtohelpyousetupyourPortalandTradingPartner.
Thesescriptsareprintedattheendofthischapter.
AssumptionsInthisexampleyouwillinstallSonicMQontwomachines.
Forsimplicity,thisexamplespecifiestheinstalldirectoryc:\soniconbothmachines.
ThisexampleprovidesthecommandsforWindowsoperatingsystems.
YoucanperformthisexampleonUnixoperatingsystemsbyfollowingthesamestepsbutusingtheequivalentUnixcommands.
ThisexampleincludesaPortalnamedXchangeandaTradingPartnernamedAcme.
ThestepsshowyouhowtoinstallthePortalXchangeonamachinenamedntportalandtheTradingPartnerAcmeonasecondmachinenamedntacme.
NoteIfyouwanttochangetheinstalldirectoryforyourinstallation,youmustmaketheappropriatechangesinthecommandsthatfollow.
SonicMQDeploymentGuide153IntroductionFigure38showsthecompletedinstallationconfiguration:Figure38.
ConfigurationforDynamicRoutingArchitectureBROKER_NAME=SonicMQROUTING_NODE_NAME=AcmeServerinQRoutingQueueClient(GlobalTalkSample)Computer:ntacmeBROKER_NAME=Portal1BROUTING_NODE_NAME=XchangeComputer:ntportalServerappQRoutingQueuedirect.
BClient(GlobalTalkSample)Chapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture154SonicMQDeploymentGuideBeforeYouStartTheAdminshellscriptscontainthecommandstosetupthesecurity,routing,andqueuesfortheportalandtradingpartnerusedinthisexample.
WhenyousetupyourPortalandTradingPartner,youwillmodifythesescriptstoincludethenamesofyourPortalandTradingPartnermachines.
TheassociatedscriptsfortheAdminShellmanagementtoolarecontainedinC:\Sonic\samples\Marketplace\scriptsandareprintedattheendofthischapter.
Ifyoudonotfindthescriptsinthe\scriptsdirectoryspecifiedhere,youcancopythescriptsfromthisbookintotextfilesandstoretheminthedirectorypathusedinthischapter.
Beforeyoucontinue,performthefollowingstepstodetermineyourPortalandTradingPartnermachinenamesandsettheadmin.
echosystemproperty.
DeterminingYourMachineNamesOnthePortalmachineandontheTradingPartnermachine,performthefollowingstepstodetermineyourmachinenames:1.
FromtheWindowsdesktopselectStart>>Settings>>ControlPanel.
2.
Double-clicktheNetworkicon.
3.
SelecttheIdentificationtab.
4.
RecordyourComputerNames:–Portal(touseinplaceofntportal)–TradingPartner(touseinplaceofntacme)NotePerformthefollowingproceduresonBOTHthePortalandTradingPartnermachines.
SonicMQDeploymentGuide155BeforeYouStartInstallingSonicMQforYourPortalandTradingPartnerPerformthefollowingstepstoinstallSonicMQonyourPortalandTradingPartnermachines.
ToinstallSonicMQonyourPortalmachine:1.
InstallSonicMQtothec:\sonicdirectoryonthePortalmachinentportal.
ChangethenameoftheservertoPortalBduringtheinstallation.
2.
CheckyourSonicMQinstallation.
Select:Start>>Programs>>ProgressSonicMQ>>StartBrokerEnsurethattheserverstarts.
YoumightconsideropeningtheSonicMQExplorertofurthercheckyourinstallation.
Shutdowntheserverafteryouconfirmyourinstallation.
ToinstallSonicMQonyourTradingPartnermachine:1.
InstallSonicMQtothec:\sonicdirectoryontheTradingPartnermachinentacme.
2.
CheckyourSonicMQinstallation.
Select:Start>>Programs>>ProgressSonicMQ>>StartBrokerEnsurethattheserverstarts.
YoumightconsideropeningtheSonicMQExplorertofurthercheckyourinstallation.
Shutdowntheserverafteryouconfirmyourinstallation.
NoteRemembertousetheappropriatenameforthePortalmachineinyourTradingPartnersetup.
NoteThisservernamechangeisnotstrictlynecessaryunlessyouplantocreateaclusterinthefuturewiththisserver.
Chapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture156SonicMQDeploymentGuideSettingtheadmin.
echoSystemPropertyThisexampleassumesyouareusingaWindowssystemandusestheAdminshellscriptfeaturethatechoescommandstotheconsole.
IfyouareusingaUNIXorLinuxsystem,youmightconsidermodifyingyoursystembehavioraccordingly.
Itisusefultoedittheadmin.
batfiletosetthesystempropertyforadmin.
echo=true.
Tosetthesystempropertyforadmin.
echo:1.
Editc:\sonic\bin\Admin.
bat.
2.
Findthelinethatbegins:"%SONICMQ_JRE%"%SONICMQ_SSL_CLIENT%.
.
.
3.
AddthefollowingparametertothecommandthatstartsAdmin:-Dadmin.
echo=trueThelineshouldnowreadasfollows:"%SONICMQ_JRE%"%SONICMQ_SSL_CLIENT%-Dadmin.
echo=true-cp.
.
.
SonicMQDeploymentGuide157SettingUpthePortal:XchangeSettingUpthePortal:XchangePerformthefollowingproceduresonyourPortalmachine(ntportal)tosetupaPortal.
TopreconfigurethePortalAdminshellscript:TheAdminshellscriptscontainthecommandstosetupthesecurity,routing,andqueuesforthePortalandTradingPartnerusedinthisexample.
YoumustpreconfigurethePortal_Add_TP.
txtAdminshellscriptwiththecorrectURLfortheSonicMQserver.
Changethefollowingparameterbasedonyoursetup,usingtheappropriatenameforyourTradingPartnermachine(seethe"DeterminingYourMachineNames"section).
1.
ReplacentacmewithyourmachinenameinthefollowingURL:ACME_URLàtcp://ntacme:2506YourTradingPartnerURL:tcp:25062.
EditthefilePortal_Add_TP.
txtinthedirectoryc:\sonic\samples\Marketplace\scriptsReplaceACME_URLwiththeURLforyourtradingpartnermachineinthefollowinglineofthePortal_Add_TP.
txtscript:setroutingAcme"ACME_URL"thePortalpwd3600staticTosetupyourPortalforsecurityandglobalrouting:1.
Editc:\sonic\broker.
iniontheportalmachine,changingthefollowingpropertiesasshown:ENABLE_SECURITY=TRUEROUTING_NODE_NAME=Xchange2.
Re-createthedatabaseusingtheSonicMQdbtooltoreconfigurethebasictablesandcreatethesecuritydatabase.
Openaconsolewindowandenterthefollowingcommandsinthe\sonic\bindirectory:c:\sonic\bin>dbtool/rbasicc:\sonic\bin>dbtool/csecurityNoteRemembertousetheappropriatenameforthePortalmachineinyoursetup.
Chapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture158SonicMQDeploymentGuide3.
Starttheserver:Start>>Programs>>ProgressSonicMQ>>StartBrokerTousescriptstoconfiguresecurity,routing,andqueues:1.
OnthePortalmachine,openaconsolewindowandgototheinstalldirectory,c:\sonic.
2.
EnterthefollowingcommandstopipeineachofthefollowingAdminshellscriptsfromthe\JumpStart\Scriptsdirectory:c:\Sonic>bin\Adminbin\Adminbin\Admindbtool/rbasicc:\sonic\bin>dbtool/csecurity3.
Startthebroker:Start>>Programs>>ProgressSonicMQ>>StartBrokerTousescriptstoconfigurethesecurity,routing,andqueues:1.
Onthetradingpartnermachine,openaconsolewindowandgototheinstalldirectory:c:\sonic2.
EnterthefollowingcommandtopipeintheAdminShellscriptsfromthe\JumpStart\Scriptsdirectory:c:\sonic>bin\Admin>Programs>>ProgressSonicMQ>>ExplorerIntheSonicMQExplorer,youcanconnectwithausernameofAdministratorandthedefaultpasswordofAdministrator.
Onceyouconnect,youcanreviewusers,groups,routings,andqueuestoinvestigatethescripts.
ThefollowingstepstellyouhowtosendmessagesbetweenthetradingpartnerandportalusingtheGlobalTalkapplication.
Seethe"TheGlobalTalkApplication(PTP)"sectionformoreinformationaboutthisapplication.
TorunGlobalTalkoneachserverwiththeappropriatestartupoptions:1.
OnthetradingpartnerAcme,simulateatradingpartnerapplicationthathasloggedinasuser1/pwd.
ThisapplicationwillsendtotheportalatXchange::appQandlistenontheinQ.
OpenaconsolewindowandenterthefollowingcommandintheGlobalTalkdirectory:cdc:\sonic\samples\QueuePTP\GlobalTalk.
.
\.
.
\SonicMQGlobalTalk–uuser1–ppwd–qsXchange::appQ–qrinQ2.
OntheportalXchange,simulatearoutingapplicationthathasloggedinaspUser/pwd.
ThisapplicationwillsendtothepartneratAcme::inQandlistenontheappQ.
OpenaconsolewindowandenterthefollowingcommandintheGlobalTalkdirectory:cdc:\sonic\samples\QueuePTP\GlobalTalk.
.
\.
.
\SonicMQGlobalTalk–upUser–ppwd–qsAcme::inQ–qrappQ3.
YoucannowtypemessagesineitherGlobalTalkapplicationandhavethemsenttotheremotequeueontheotherroutingnode.
Chapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture162SonicMQDeploymentGuideTroubleshootingYourSetupThefollowingissuemightarisewhenyouusetheJumpStartscripts.
PermissionProblemsWhenSendingMessagestoValidQueuesYoumightencounterpermissionproblemswhenyousendmessagestoqueuesthatyouknowtobevalid.
Thisproblemmightbecausedbyasecuritysettinginthesecuritystartupscripts.
TheJumpStartscriptsaremodeledonportal/marketplacesituationswheresecurityisanissue.
ThereisacommandlineinthesetupscriptsforboththePortalandtheTradingPartnerthatsetsthedefaultsecuritytodenyallusersaccesstoallqueues.
Thislineis:setqueueacl#PUBLIC-snd-rcvYoucanremovethislinefromthesecuritysetupscripts:Portal_Config_Setup.
txtandTP_Setup.
txt.
SampleApplicationandScriptsThischapterusestheGlobalTalkapplicationandfourAdminShellscripts.
ThefollowingsectionsprovidemoreinformationaboutGlobalTalkandthescripts.
TheGlobalTalkApplication(PTP)ThisexampleusestheGlobalTalkapplicationtoillustrateyourtradingpartnerandportalsetup.
ThissectionexplainstheGlobalTalkapplication.
ThestepstostartGlobalTalkandsendmessagesbetweentheAccountingandOrderswindowsareprovidedheretoillustratehowtheapplicationmightbeused.
Youdonotneedtoperformthesestepstotestyourtradingpartner-portalsetup.
IntheGlobalTalkapplication,wheneveratextmessageissenttoagivenqueue,allactiveGlobalTalkapplicationsarewaitingtoreceivemessagesonthatqueue,takingturnsasthesolereceiverofthemessageatthefrontofthequeue.
SonicMQDeploymentGuide163SampleApplicationandScriptsTostartGlobalTalk:ThefirstGlobalTalksessionreceivesonthefirstqueueandsendstothesecondqueuewhiletheotherGlobalTalksessiondoestheopposite.
1.
Openaconsolewindowtothe\samples\QueuePTP\GlobalTalkfolder,thenenter:.
.
\.
.
\SonicMQGlobalTalk-uAccounting-qrSampleQ1-qsSampleQ22.
Openanotherconsolewindowtothe\samples\QueuePTP\GlobalTalkfolder,thenenter:.
.
\.
.
\SonicMQGlobalTalk-uOrders-qrSampleQ2-qsSampleQ1Talking:oIntheOrderswindow,typeanytextandthenpressEnter.
ThetextisdisplayedinonlytheAccountingwindow.
IntheAccountingwindow,typetextandthenpressEnter.
ThetextisdisplayedinonlytheOrderswindow.
TheAdminShellScriptsThefollowingfourscriptssetupyourPortalandTradingPartnerconfigurationsfortheexampleusedinthischapter.
Shortcutsusedinthisexampleinclude:nUsingdefaultacceptors(tcponport2506)nSettingupallroutingnodesasstand-aloneservers(notclusters)TosetupyourPortal,usethesescripts:nPortal_Broker_Setup.
txt—SetsupqueuesfortheserversnPortal_Config_Setup.
txt—SetsupPortalsecuritynPortal_Add_TP.
txt—AddsanewusertothePortalandsetsuproutingtotheTradingPartnerTosetupyourTradingPartner,usethisscript:nTP_Setup.
txt—Addsnewusers,setsupqueues,andsetsupsecurityfortheTradingPartnerChapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture164SonicMQDeploymentGuidePortal_Broker_SetupThePortal_Broker_Setup.
txtscriptprovidesasetupfileforeachserverinthePortalcluster.
Thisscript:nCreatesincomingglobalqueuesnOverridesthepropertiesofthesystemqueues////SetupfileforEACHserverintheportalcluster.
//connectbrokerlocalhostAdministratorAdministrator//Createincomingglobalqueues.
//--appQwillexistonallservers//--direct.
Bwillonlyexistonone(e.
g.
PortalB)setqueueappQglobalsetqueuedirect.
Bglobal//Overridepropertiesofsystemqueues.
setqueueSonicMQ.
deadMessagelocal1200,1400,20000setqueueSonicMQ.
routingQueuelocal1200,1400,4000//ClosetheAdminShell.
byePortal_Config_SetupThePortal_Config_Setup.
txtscriptprovidesasetupfileforthePortalsecuritydatabase.
Thisscript:nCreatesagroupforalltheinternalportalapplicationsnCreatesagroupforalltheTradingPartnersnSetstheAccessControlList(ACL)to:–PreventeveryonefromaccessingallQueues–AllowPortalApplicationstoreceivefromappQ/directqueues–AllowTradingPartnerstosendonlytoappQ/directqueuesSonicMQDeploymentGuide165SampleApplicationandScripts////SetupfileforPortalsecuritydatabase//connectbrokerlocalhostAdministratorAdministrator//Createagroupforalltheinternalportalapplications.
//AddthenecessarylocaluserstothisgroupaddgroupRoutingUsersadduserpUserpwdaddgroupuserRoutingUserspUser//Createagroupforallthetradingpartners//(routinguserswillbeaddedtothisgroup,later).
addgroupTradingPartners//ACLs--PreventeveryonefromaccessingallQueues//unlessexplicitlygrantedbelow.
setqueueacl#PUBLIC-snd-rcv//ACLs--PortalApplicationscanreceivefromappQ/directqueues//andsendtothetradingpartner'sinQ.
setqueueaclappQRoutingUsers-snd+rcvsetqueueacldirect.
*RoutingUsers-snd+rcvsetqueueaclinQRoutingUsers+snd-rcv//ACLs--theTradingPartnerscanonlysendtoappQ/directqueues.
setqueueaclappQTradingPartners+snd-rcvsetqueueacldirect.
*TradingPartners+snd-rcv//ClosetheAdminShell.
byePortal_Add_TPThePortal_Add_TP.
txtscriptprovidesasetupfiletoaddanewusertothePortalandtosetuproutingtotheTradingPartner.
Thisscript:nCreatesanewuserintheTradingPartnersgroupnSetsuptheroutingtotheTradingPartner////Setupfileforaddinguser"Acme"totheconfiguration//atthePortal(Xchange).
//connectbrokerlocalhostAdministratorAdministrator//CreatethenewuserintheTradingPartnersgroup.
addroutinguserAcmeCoAcmepwdaddgroupuserTradingPartnersAcmeCo//SetuptheroutingtoAcme.
//Thisisnotaload-balancedconnection.
Alwaysuse//thisrouting(static)andnotanyadvertisedroutingsChapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture166SonicMQDeploymentGuide//fromthepartner.
setroutingAcme"ACME_URL"thePortalpwd3600static//ClosetheAdminShell.
byeTP_SetupTheTP_Setup.
txtscriptprovidesasetupfilefortheTradingPartner.
Thisscript:nCreateslocalapplicationusersinanApplicationsgroupnSetsthePortaltoPORTAL_URLusingaload-balancedconnectionnConfiguresthePortalusertoallowXchangetocallbackintothisroutingnodenCreatesincomingglobalqueuesnOverridespropertiestothesystemqueuesnSetstheAccessControlList(ACL)to:–PreventeveryonefromaccessingallQueues–AllowapplicationstosendtoappQanddirectqueues–AllowtheportalusertosendonlytoinQ////SetupfileforTradingPartner(Acme)//connectbrokerlocalhostAdministratorAdministrator//Createlocalapplicationusers(inan"Applications"group)//AddsampleuserstothegroupaddgroupApplicationsadduseruser1pwdadduseruser2pwdadduseruser3pwdaddgroupuserApplicationsuser1addgroupuserApplicationsuser2addgroupuserApplicationsuser3//Portalisat"PORTAL_URL".
UseLoad-balancedconnection.
//Advertisingisrequiredconnectiontoclusters.
setroutingXchange"PORTAL_URL"AcmeCopwd3600lbadvertiseSonicMQDeploymentGuide167SampleApplicationandScripts//ConfigurethePortaluser(toallow"Xchange"to//callbackintothisroutingnode)addroutinguserthePortal"Xchange"pwd//Createincomingglobalqueues.
setqueueinQglobal//Overridepropertiestothesystemqueues.
setqueueSonicMQ.
deadMessagelocal1200,1400,15000setqueueSonicMQ.
routingQueuelocal1200,1400,2000//ACLs--Preventeveryonefromaccessingallqueues//(unlessexplicitlygrantedbelow).
setqueueacl#PUBLIC-snd-rcv//ACLs--ApplicationscansendtoappQanddirectqueues//(onXchange),andreceivefromtheinQ(definedabove).
setqueueaclappQApplications+snd-rcvsetqueueacldirect.
*Applications+snd-rcvsetqueueaclinQApplications-snd+rcv//ACLs--theportalroutingusercanonlysendtoinQ.
setqueueaclinQthePortal+snd-rcv//ClosetheAdminShell.
byeChapter9:RunningaSampleMulti-nodeApplicationwiththeDynamicRoutingArchitecture168SonicMQDeploymentGuideSonicMQDeploymentGuide169AppendixAPerformanceTuningYourSonicMQapplicationperformancewillvarybasedonyourspecificfunctionalrequirementsandyourindividualdeploymentenvironment.
However,youcantunesomeparametersofyourSonicMQconfigurationtooptimizetheoverallperformanceofyourimplementation.
Dependingonyourapplication,youmightchoosetoadjustsomeoralloftheparametersdiscussedinthefollowingsections.
TuningYourJVMPropertiesYourchoiceofJavaVirtualMachine(JVM),Javaheapsize,andmemorysettingswillhavesignificantimpactonyourSonicMQperformance.
ThefollowingsectionsdiscusssomeissuesyoushouldconsiderwhenoptimizingyourJVM.
ChoosingaJavaVirtualMachinefortheSonicMQServerBoththeSonicMQserverandstandardclientarewritteninJava.
TheJavaVirtualMachinethatyouusetoruntheSonicMQbrokercanhaveasignificantimpactonoverallmessagingperformance.
RecentJVMadvancesallowforjust-in-timecompilationofJavaclasses,enhancedgarbagecollection,efficientinputandoutputprocessing,andothersignificantcapabilities.
Theseadvancescanimproveoverallperformancebyasmuchas300%,makingthechoiceofJVMcriticaltoattaininghighperformancelevels.
AppendixA:PerformanceTuning170SonicMQDeploymentGuideSettingtheJavaHeapSizeAsignificantperformancefactoristhesizeoftheJavaheap,whichyoucanspecifyintheJVMcommandlinewiththe-mxparameterasexplainedin"TuningJVMParameters.
"Typicallythisparameterissetto128or256MB.
Ifyouplantosendorreceiveverylargemessagesorhavemultipleconcurrentsessionsinyourapplication,youshouldincreasethejavamemoryfortheclientmachine.
Youshoulddetermineyourmaximumheapsizebasedonyouravailablememoryandonthesizeandnumberofmessagesandqueuesyouanticipatehandling.
Thefollowingsectionsdiscusstheseconsiderations.
UsingtheMaximumAvailableMemoryfortheServerTooptimizeperformance,youshouldsetthemaximumJavaheapsizepossibleforyourSonicMQbroker.
Thismaximumsizeshouldcorrespondtotheavailablememoryonyourmachine.
Themorememoryyouset,thelessJavawillusethegarbagecleanup.
Lessuseofthegarbagecleanupresultsinbetterperformance.
However,youshouldbecarefulnottosettheJavaheapsizetoohigh.
IfthisparameterexceedsthememoryavailabletotheJVMprocess,performancecansignificantlydegradeasaresultofpageswappingintheunderlyingoperatingsystem.
ThememoryavailabletotheJVMmightnotmatchthetotalmemoryintheservermachineduetothememoryrequirementsofotherprocesses.
Inthiscase,loweringthetotalheapfortheJVMwillincreaseperformance.
AnticipatingtheSizeandNumberofMessagesandQueuesontheServerYoushouldbaseyourJVMmemorysizeonthesizeandnumberofmessagesyouexpecttohaveinallqueuesonyourSonicMQserver.
Similarly,youshouldsetthesizeofyourqueuestothemaximumsizeofthemessagesyouexpecttostore.
YoucandeterminetherequiredJVMmemorysizebyanticipatingthemaximummessagesizeyouexpecttostoreinthequeue,andmultiplyingthatsizebythenumberofmessagesyouplantostoreatonetimeonthequeue.
Totalthememoryneededforallqueuesinyourapplication,andbaseyourJMVmemorysizeonthisfigure.
SonicMQDeploymentGuide171TuningYourJVMPropertiesTuningJVMParametersTable10describespropertiesinthebroker.
iniandthestartbr.
bat(NT)andsetenv(UNIX)filesthataffectperformancefortheJVMandtheSonicMQserver.
Table11liststhedefaultsettingsfortheJVM_PARAMandMAX_LOG_FILE_SIZEparameters.
TheseparametersaresetduringtheSonicMQinstallationbasedonyourproductchoice.
TheMAX_LOG_FILE_SIZEresidesinstartbr.
batonWindows.
OnUNIX,usesetenv.
Table10.
JVMSettingsOptionDescription-msSetstheinitialJavaheapsize-mxSetsthemaximumJavaheapsize-ossSetsthemaximumJavastacksizeforanythread-ssSetsthemaximumnativestacksizeforanythreadTable11.
JVMSettingsforSonicMQEditionsSonicMQEditionSuggestedSettingsSonicMQDeveloperEditionJVMParamString="-mx32m-ss64k-oss64k"logFileParamString="10000000";//10MBSonicMQProfessionalDeveloperEditionJVMParamString="-ms32m-mx256m-oss64k"logFileParamString="104857600";//100MBSonicMQE-BusinessEditionJVMParamString="-ms32m-mx256m-oss64k"logFileParamString="104857600";//100MBAppendixA:PerformanceTuning172SonicMQDeploymentGuideSettingBufferLimitsinMessageFlowControlWhenclientssendmessagesatafasterratethantheycanbereceivedattheirdestination,aservermustsavethemfordelivery.
Whentheserver'scapacitylimitsarereached,thesendingclientmustbethrottledusingflowcontroltoavoidlosingmessages.
Thisthrottlingresultsinthereductionoftheclient'ssendrate.
Youcaneitherpredefinetheserver'scapacitylimitadministrativelyordeterminethislimitbasedonlimitationsinmemoryordiskspace.
Howandwhenyouapplyflowcontrolcansignificantlyaltertheperformanceresultsofyourmessagingsystem.
Whenyouconfigureaserverwithahighbufferlimit,messagesaccumulateinthatserver'smemorybeforeflowcontrolisapplied.
Asaresult,thesendingclientattainsahighlevelofperformanceuntiltheflowcontrolpointisreached.
Ontheotherhand,ifyouconfiguretheserverwithalowerbufferlimit,thereisashorterperiodoftimeduringwhichclientsendratesarehigherthanreceiverates.
Asaresult,lessmemoryisusedonmessagesbufferedfordelivery.
Anothereffectofsettinghighbuffersizelimitsisincreaseddeliverytimeforeachmessage,sincebufferedmessagesspendmoretimeinmemoryandtakelongertoarriveatareceiver.
Inadditiontosendrates,youshouldconsiderthetotalnumberofmessagesdeliveredinasystemunderload.
Excessivebufferingtypicallyhindersabsolutethroughput.
Flowcontroltakeseffectanytimethesendrateexceedsthereceiverate.
Asaresult,messagesmightbebufferedintheserverandremainundeliveredforameasurableperiodoftime.
Theappropriatesizelimitsthatgovernflowcontrolwillvarybetweenapplications.
Youmightfinditadvantageoustoenableahighsendrateforaclient,particularlyifthenumberofmessageswillbesmallandbufferingwillnothaveagreateffect.
SonicMQallowsyoutoadjusttheeffectofflowcontrolbysettingtunablebuffersizesforPub/SubandQueues.
Forqueue-basedmessaging,thesizeofthequeueaffectswhenflowcontrolisapplied:nYoucansettheparameterOUTPUT_QUEUE_SIZEinthebroker.
inifiletoadjustthebuffersizeforeachclient'sdeliveryqueue.
Thedefaultvalueofthisparameteris150000bytes.
SonicMQDeploymentGuide173SettingQueueSave/RetrieveExtentsnYoucansettheparameterGUAR_QUEUE_SIZEtosetthebuffersizelimitperclientformessagesthathavebeendeliveredandarewaitingforacknowledgement.
Thedefaultvalueofthisparameteris150000bytes.
SettingQueueSave/RetrieveExtentsWhenflowcontrolisnotappropriate,itispossibletohaveaverylargequeuebyforcingsomemessagestodiskratherthanbeingstoredinmemory.
ForthesecasesSonicMQprovidestheSave_Extentparameteroneveryqueue.
Thesave/retrieveextentsdefine:nThemaximumsizeofthequeue(maxextent)nThein-memoryportionofthequeue(saveextent)nWhentoretrievemessagesfromthedatabase(retrieveextent)TheSave_Extentparameterdefinesthequeuesizeatwhichmessagesaresavedtothedatabase.
Whenthein-memoryportionofthequeuefallsbelowtheretrieveextent,messagesareretrievedfromthedatabasetofillthequeue.
Bysettingthesaveextentlargerthanthemaxsize,youcanensurethatqueuemessagesareneversavedtothedatabases.
Thistechniqueavoidstheoverheadofdatabaseoperationsandisappropriateforfast-movingqueues.
ReducingtheNumberofSyncpointsAsyncpointinSonicMQisthetimewhentherunningstateofthemessageserverissavedintherecoverylogfiles.
Thisinformationensuresthedeliveryofpersistentmessages.
(Non-persistentmessagesarenotwrittentothelog.
)Syncpointsprovideasafestartingpointforrecoveryoperationsinthecaseofservermachinefailureandallowolderrecoveryinformationtobediscardedoncethesyncpointiscomplete.
InSonicMQ,asyncpointisperformedwhentheserverfillsonelogfileandswitchestothesecond.
Thelengthofthelogfilesthereforedetermineshowoftenthesyncpointsoccur.
YousetthelogfilesizewiththeparameterMAX_LOG_FILE_SIZE.
SeeTable11forthedefaultsettingsfortheMAX_LOG_FILE_SIZEparameter.
AppendixA:PerformanceTuning174SonicMQDeploymentGuideYoucanalsosettheSYNCPOINT_INTERVALparametertodeterminethenumberofbytesoflogbetweensyncpoints.
Youshouldbasethelengthofthisparameterontheanticipatedsizesofyourmessages.
Becausethesyncpointprocessconsumesresourcesintheserver,longerfilesyieldhigherperformancelevelsoverall.
TheSonicMQserverprovidesawarningwhensyncpointoperationsaccountformorethan50%ofthetotallogfilesize.
ChoosingAutomaticMessageAcknowledgementWhenyouusemessaging,youcanchoosetohavemessagesacknowledgedinoneofthefollowingways:nAcknowledgedautomaticallybymessagereceiversnAcknowledgedthroughclientacknowledge,whichisunderthecontrolofthereceiverWhenyouchooseCLIENT_ACKNOWLEDGEMENT,theservercannotsendsubsequentmessagesuntiltheacknowledgmentoccurs.
Choosingtohavemessagesacknowledgedasynchronouslycanhelpyoursystemavoidunnecessaryslowdownswhenusingguaranteedmessages.
TheDUPS_OK_ACKNOWLEDGEisthefastedacknowledgementmodeyoucanchoose.
DiskDriveCachingDiskfileaccessfromtheservercanhaveamajorinfluenceonoverallperformance.
Increaseddrivespeedsdirectlytranslatetohighermessagethroughputwhenyoursystemprocessesguaranteedmessages.
Manydiskdrivecontrollerssupportwritecachesthatallowdiskwritestobedelayed,increasingwritespeedsfortheoperatingsystem.
However,whileawritecacheincreasesWarningDONOTusedisksconfiguredtouseawritecache.
Thiscanleadtofailuretorecovermessagesintheeventofaserverfailure.
Reliabilitycannotbeguaranteedifyouusedisksconfiguredtobufferwrites.
SonicMQDeploymentGuide175UsingQueuePrefetchperformance,italsoincreasesthepossibilitythatmessageswillbelostwhenaservermachinefails.
Forthisreasonyoushouldnotusedisksconfiguredtouseawritecache.
UsingQueuePrefetchSonicMQsupportsprefetchingmessagesfromaqueuetooptimizeoverallthroughput.
PrefetchingallowsaclienttoreceivemessagesfromtheSonicMQserverbeforetheclientexplicitlyrequeststhemessages,eliminatingtheoverheadofserverrequestsonaper-messagebasis.
However,prefetchingalsochangestheoperationoftheSonicMQsystembyallowingmessagestoaccumulateattheclientuntilthenumberofmessagesreachestheapplication-definedcount.
Youcanachievesomeperformancegainwithprefetchingprimarilyonlightlyloadedservers,whereareceivingclienttendstogovernoverallthroughput.
Whentheserverisoperatingatfullcapacity,otherfactors(suchasqueuesizeanddiskI/O)tendtolimitmessage-deliveryrates.
QueueCleanupThreadThequeuecleanupthreadparametersspecifyhowoftenSonicMQchecksforexpiredmessages.
Thischeckingtakestime,andsoreducingthefrequencyofthechecks,oreliminatingthemaltogether,canhelpimproveyourSonicMQperformance.
Youcansetthefollowingbroker.
iniparameterstoadjustthefrequencyoforeliminatethequeuecleanups:nENABLE_DYNAMIC_QUEUE_CLEANUP—ThisparameterdefaultstoTRUE,enablingqueuecleanup.
SettingthisparametertoFALSEeliminatesqueuecleanup.
nQUEUE_CLEANUP_INTERVAL—Thisparameterdeterminestheamountoftimebetweencleanup(inseconds).
NoteMappeddrivestypicallycachediskwrites.
AppendixA:PerformanceTuning176SonicMQDeploymentGuideMessageSizeAsyouincreasemessagesize,youshouldadjustotherparameterstooptimizeyoursystemperformancewithyourselectedmessagesize.
Theseparametersincludemessagelatency,messagetype,andlogqueuesize.
MessageTypeYoumightbeabletoreduceyourmessagesizebyconvertingtextmessagestobytesmessages.
Eachcharacterinatextmessageistwobytes,whichdoublesthesizeofthemessage(comparedtothesizeofthesamemessageconvertedtobytes).
Unlessyourapplicationrequiresdoublebytesize,youcanreduceyourtextmessagesizebyconvertingtobytes.
LatencyTheoutputqueuesizedirectlyaffectsthemessagelatency.
Asalargenumberofmessagescollectsinaqueue,themessagescomingintothequeuetakelongertobedelivered.
Tooptimizeyourperformance,youshouldbaseyourqueuesizeonthesizeofthemessages,sothatthenumberofmessagesbufferedatanyonetimeisminimized.
LogQueueSizeThelogqueuesizedeterminesthemaximumamountofmemory(inbytes)thatcanbeusedbymessagesbeingwrittentothelog.
Ifthisparameterissettoolowforyourapplication,largemessages(thatis,messageswhosesizeexceedthelogqueuesize)willbeloggedonebyone.
Thisindividualloggingdecreasesyoursystemperformance.
Settingyourlogqueuesizetoahighervalueallowsmoreeventstobequeuedupinmemorybeforethelogisflushedtodisk.
Iftheflushoperationtakesasignificantamountoftimeandthereareasignificantnumberofpublishers/senders,flowcontrolmightbeactivatedtoreducepublish/subscriberatesuntilspaceopensuponthelog'seventqueue.
YoucansettheLOG_QUEUE_SIZEparameterinthebroker.
inifile.
Thedefaultvalueofthisparameteris500000bytes.
SonicMQDeploymentGuide177SecuritySecuritySecurityrequiresthatyoursystemuseencryption,whichresultsinslowerperformance.
Ifonlysomeofyourclientsrequiresecurity,youcanincreaseperformancebyenablingsecurityonlyforthoseclientsthatrequireit.
YoucanenableordisablesecuritybyeditingtheparameterENABLE_SECURITYinthebroker.
inifile.
ThedefaultsettingforthisparameterisTRUE,whichenablessecurity.
ChangingthisvaluetoFALSEdisablessecurity.
AppendixA:PerformanceTuning178SonicMQDeploymentGuideSonicMQDeploymentGuide179Index@ABCDEFGHIJKLM#NOPQRSTUVWXYZAadjacentroutingnode28Adminshellsamplescripts163administrativenotification38advertisingglobalqueues31routingconnectioninformation117agentapplications94architecturemulti-node27AUTHENTICATED119routingusername86authenticationconnection53authorizationconnection55automaticmessageacknowledgementperformancetuning174Bbase64encoding87bastionhost70broker.
inifilesecurity86BSAFE-JSSL68bufferlimitsperformancetuning172bufferwritesunreliabilitywhenusing174Ccaching174certificatemanagementtools68chaintopology98clientaccesstoload-balancedconnections62client.
jarfile81cluster34functionalitylimitations24multi-server22scalability22,22sizelimitation23configurationmulti-node23portal142usingAdminshellscripts157single-server21tradingpartner136usingAdminshellscripts159connectURL120Index180SonicMQDeploymentGuideCONNECT_IDLE_TIMEOUT119connectionandroutingnodename31load-balanced113portal-initiated120security121timeout119URLs60connectionauthentication53connectionauthorization55connect-timefailover59Ddatatransformation93deadmessage37DeadMessageQueue37,38,128defaultproperties42enablingfeatures40full46modifyingaccesscontrol42monitoring40notificationfactor41system39,41DEFAULT_ROUTING_ACCEPTOR118,119deliverymodeNON_PERSISTENT38De-MilitarizedZone69deploymenttopologies93directaccessqueue144disconnectedoperation24diskdrivecachingperformancetuning174DMQSeedeadmessagequeueDMZSeeDemilitarizedZoneDNSSeeDomainNameServicedocumentation,available15DomainNameService77DRASeeDynamicRoutingArchitectureDynamicRoutingArchitecture24,29,97,109application151EENABLE_LOADBALANCING61enterprise-levelconnectionsecurity24expiredmessage38Ffailoverconnect-time59withrouting60firewalllogfiles77settingrulesfor76testingrulesfor77firewallarchitecturebasics69screenedsubnet72SonicMQ72three-leggedSeefirewallarchitecture,screenedsubnetGgetbrokerURL()method63getConnectionURLs()method61getLoadBalancing()method62getSequential()method61globalmessagingscalability28globalqueue31advertising31TradingPartner120GlobalTalksampleapplication161,162guaranteedexactly-oncedeliverySeeonce-and-only-oncedeliveryguarenteeingdelivery39SonicMQDeploymentGuide181IndexHHTTP1.
0specificationKeep-Aliveconnectionheader81HTTP1.
1specificationPersistentConnection81HTTPtunnelingdirectconnection78using81http.
proxyHostsystemproperty82http.
proxyPortsystemproperty82HTTPClientpackage81,82hub-and-spoketopology100HypertextTransferProtocol(HTTP)78IIAIKSSL68indoubtmessage39,39indoubttimeoutexpired52INDOUBT_TIMEOUT115installationmulti-node131portal131SonicMQ155tradingpartner131Internetdeploymentwithproxyserver(figure)79withreverseproxyserver(figure)80Jjarfile,client81jarfile,webclient81Javajavakeyplug-in85keytoolplug-in85sandbox84Javaheapsizeperformancetuning170JMSclientaccesstofailoverconnections61JMS_SonicMQmessageproperties43JMSReplyToheader128JVMidentifying17performancetuning169Llatencyperformancetuning176loadbalancing61acrossPortalApplications122androuting62androuting(figure)124TradingPartnerconnections113localmanagement24logqueuesizeperformancetuning176MMACSeeMessgeAuthenticationCodemachinenamedetermining154managementPortal127system127TradingPartner127messagedead37expired38indoubt39JMS_SonicMQproperties43lost57,57Index182SonicMQDeploymentGuideNON_PERSISTENT38PERSISTENT115sizeperformancetuning176undeliverable38undeliveredhandling44toolarge56types47unroutable39MessageAuthenticationCode88messagingmodels93multi-CPUmachines22multi-nodearchitecture27configuration23installation131multi-servercluster22mutualauthentication113Nnode24NON_PERSISTENT129message38notificationfactor41Oonce-and-only-oncedelivery116outgoingroutingconnectiontable119Ppassword,encrypted89PBETool86–91commandsyntax87peer-to-peertopology104performancetuning169automaticmessageacknowledgement174bufferlimits172diskdrivecaching174Javaheapsize170JVMproperties169latency176logqueuesize176messagesize176queuecleanupthread175queueprefetch175queuesave/retrieveextents173security177syncpoints173portal109configuration142addingatradingpartner148usingAdminshellscripts157installation131Xchange117progress.
message.
jclientpackage61,62proxyclient-sideforward82proxyserverreverse74QqueueappQ123global31advertising31inQ110,126,129Portal::appQ110remote30SonicMQ.
deadMessage115tmpQ110,129TPname::inQ110TPname::tmpQ110Xyz125,126Xyz::inQ125,126queuecleanupthreadperformancetuning175queueprefetchperformancetuning175SonicMQDeploymentGuide183IndexqueueroutingPortaltoTradingPartners125store-and-forward110queuesave/retrieveextentsperformancetuning173QueueSender.
receive()method128Rrandomlistaccess59reasoncodeauthenticationfailure53authorizationfailure55indoubttimeout52invaliddestination50invalidnode49messagetoolarge56routingtimeout51TTLexpired48remotequeue30requestandreplysynchronous128round-robinalgorithm113routetable32routetableforwarder33routing93,97configuredandadvertisedinformation33failurescenarios115incoming-connection118portaltopartner(figure)125store-and-forward105routingapp102routingapplication96routingcommunication(figure)111routingconnectiondefaults117table32routingdestinationinvalid50routingnode28,30,30,34adjacent28invalid49Mart117routingqueue25inSonicMQserver31routingtable97routingtimeout51RSASecurity68RTFSeeroutetableforwarderSscalabilityglobalmessaging28scalable24security65–91maintaining69performancetuning177SecurityAdministrator67securitypolicy67sequentiallistaccess59servercluster113setroutingcommand118setConnectionURLs(…)method61setLoadBalancing(…)method62setSequential(…)method61single-serverconfiguration21SonicMQinstallating155SSLBSAFE-J68IAIK68statelessprocessing123staticflag118,121store-and-forward97store-and-forwardrouting105sun.
misc.
BASE64Encoderclass89support,technical16syncpointperformancetuning173syntaxnotationsusedinthismanual13systemDeadMessageQueue39,41Index184SonicMQDeploymentGuideTtechnicalsupport16timetolive48topologiesdeployment93topologychain98hub-and-spoke100peer-to-peer104trackingnumber116tradingpartner109addingtoaportalconfiguration148configuration136usingAdminshellscripts159installation131transformationapplications95troubleshootingGlobalTalksampleapplication162TTLSeetimetolivetypographicalconventions13Uundeliverablemessage38undeliveredmessagehandling44,44reasoncode115toolarge56types47,47unroutablemessage39,39URLs,default113Vvalidation93Wwebclient.
jarfile81writecacheunreliabilitywhenusing174