Administering Broker Stubs

This document covers the following topics:


Available Stubs

The following table lists available stubs and gives an overview of available features and supported transport methods.

Stub Language Transport Methods More Information
broker.dll * C TCP / SSL See below.
Jaci Java TCP /SSL See EntireX Java ACI.
(*) Stub broker32.dll is still supported for reasons of backward compatibility. The functionality is identical to broker.dll.

Transport Methods for Broker Stubs

The Broker stub can use TCP/IP and Secure Sockets Layer.

Using TCP/IP as Transport Method for the Broker Stub

Start of instruction setTo use TCP/IP

  1. Optional: set the timeout, see Setting the Timeout for the Transport Method.

  2. The Broker stub requires the IP address and the TCP port number (if the Broker's default TCP port number 1971 cannot be used) for each BROKER-ID. Either add an entry in the Domain Name System (DNS) or modify your local hosts and services tables. See Modifying the Hosts and Services Tables.

    You can check whether the Broker has already been added to your DNS with the command:

    ping <broker-id>

    for example: ping ETB001. If a message such as "...is alive" or "Reply from ..." is displayed (the text displayed varies depending on your ping implementation), the name is known to your DNS and the host where the Broker is running is reachable. However, this does not necessarily mean that the Broker is active.

Using SSL/TLS as Transport Method for the Broker Stub

ACI applications can use Secure Sockets Layer/Transport Layer Security (SSL/TLS) as the transport medium. The term "SSL" in this section refers to both SSL and TLS. ACI-based clients or servers are always SSL clients. The SSL server can be either the EntireX Broker or the Broker SSL Agent. For an introduction see SSL/TLS, HTTP(S), and Certificates with EntireX in the platform-independent Administration documentation.

With the Broker ACI, the SSL parameters (e.g. certificates) are provided with the function SETSSLPARMS.

Start of instruction setTo use SSL

  1. To operate with SSL, certificates need to be provided and maintained. Depending on the platform, Software AG provides sample certificates, but we strongly recommend that you create your own. See SSL/TLS Sample Certificates Delivered with EntireX in the EntireX Security documentation.

  2. Specify the Broker ID, using one of the following styles:

    If no port number is specified, port 1958 is used as default.

  3. Specify SSL parameters in the second parameter, for example:

    'broker' etbcb "VERIFY_SERVER=N&TRUST_STORE=c:\\certs\\CaCert.pem"

    If the SSL client checks the validity of the SSL server only, this is known as one-way SSL. Two SSL parameters must be specified on the SSL client side: trust_store and trust_passwd. The mandatory trust_store parameter specifies the file name of a PKCS#12 certificate store that must contain the certificate chain of the trusted certificate authority (CA) that issued the SSL server's certificate.
    To unlock this certificate store, the password has to be set with SSL parameter trust_passwd.
    By default a check is made that the certificate of the SSL server is issued for the hostname specified in the Broker ID. The common name of the subject entry in the server's certificate is checked against the hostname. If they do not match, the connection will be refused.
    You can disable this check with SSL parameter verify_server=no.

    If the SSL server additionally checks the identity of the SSL client, this is known as two-way SSL. In this case the SSL server requests a client certificate (the parameter verify_client=yes is defined in the configuration of the SSL server). Two additional SSL parameters must be specified on the SSL client side: key_store and key_passwd. This keystore must contain the private key of the SSL client. The password that protects the private key is specified with key_passwd.

    The ampersand (&) character cannot appear in the password.

    SSL parameters are separated by ampersand (&). See also SSL/TLS Parameters for SSL Clients.

  4. Make sure the SSL server to which the ACI side connects is prepared for SSL connections as well. The SSL server can be EntireX Broker or Broker SSL Agent. See:

Notes

  • See table Using SSL/TLS with EntireX Components if SSL is required for other EntireX components.

  • The Broker stub requires the IP address and the SSL port number for each BROKER-ID. Either add an entry to the Domain Name System (DNS) or modify your local hosts and services tables. See Modifying the Hosts and Services Tables.

    If no port number is specified, port 1958 is used as default.

  • You can check whether the Broker has already been added to your DNS with a ping <broker-id> command, for example:

    ping ETB001

    If a message such as "...is alive" or "Reply from ..." is displayed (the text displayed varies depending on your ping implementation), the name is known to your DNS and the host where the Broker is running is reachable. However, this does not necessarily mean that the Broker is active.

  • Take care if trace is switched on:

    Warning:
    If stub tracing level is > 1, unencrypted contents of the send/receive buffers are exposed in the trace.
  • Example on running the delivered ACI example:

    C:\SoftwareAG\EntireX\examples\ACI\conversational\C\convSvr -blocalhost:1958:SSL -cACLASS -sASERVER -vASERVICE -x"VERIFY_SERVER=N&TRUST_STORE=C:\SoftwareAG\EntireX\etc\ExxCACert.pem"

Setting the Timeout for the Transport Method

The timeout settings of the transport layers are independent of the broker's timeout settings, which are set by the application in the WAIT field of the broker ACI control block.

If the transport layer is interrupted, communication between the Broker and the stub (i.e. client or server application) is interrupted as well. To prevent a client from waiting for a Broker reply indefinitely, set a timeout value for the transport method. The actual timeout for the procedure is then the Broker timeout (which is set by the application in the field WAIT (see Broker ACI Fields) plus this value.

Start of instruction setTo set a transport timeout value

  • Set the environment variable ETB_TIMEOUT:

    Value Description
    0 Infinite wait for the application.
    n Transport method waits additional time in seconds. Negative values are treated as ETB_TIMEOUT=0, i.e. infinite wait.
    No environment variable defined Transport method waits additional 20 seconds.

Limiting the TCP/IP Connection Lifetime

With transport method TCP/IP the broker stub establishes one or more TCP/IP connections to the brokers specified with BROKER-ID.

  • On the broker stub side, these connections can be controlled by the transport-specific environment variable ETB_NONACT.
    If ETB_NONACT is not 0, it defines the non-activity time (in seconds) of active TCP/IP connections to any broker. See ETB_NONACT under Environment Variables in EntireX. Whenever the broker stub is called, it checks for the elapsed non-activity time and closes connections with a non-activity time greater than the value defined with ETB_NONACT.
    Stubs capable of running in SRB mode do not support ETB_NONACT handling.

  • On the broker kernel side, non-activity can be set with the transport-specific attribute CONNECTION-NONACT (SSL | TCP).

Both settings (the stub side and broker kernel side) act independently of each other.

Transport Non-activity Value Description
0 Infinite lifetime until application is stopped.
n (seconds) Transport connections with non-activity time greater than n will be closed.
Nothing set Infinite lifetime until application is stopped.

Modifying the Hosts and Services Tables

Start of instruction setTo add an entry to the hosts table

  • Add a line similar to the following to the local hosts file:

    100.100.1.1 ETB226 # ETB test host name

Start of instruction setTo add an entry to the services table

  • Add lines similar to the following to the local services file:

    ETB226 18492/tcp # ETB test host name
    ETB411 21234/tcp # ETB production host name

Tracing for Broker Stubs

The broker stubs provide an option for writing trace files.

Start of instruction setTo switch on tracing for the broker stub

  • Before starting the client application, set the environment variable ETB_STUBLOG:

    Trace Level Description
    0 NONE No tracing. Switch tracing off.
    1 STANDARD Traces initialization, errors, and all ACI request/reply strings.
    2 ADVANCED Used primarily by system engineers, traces everything from level 1 and provides additional information, for example the Broker ACI control block, as well as information from the transports.
    3 SUPPORT This is full tracing through the stub, including detailed traces of control blocks, message information, etc.

    Example:

    ETB_STUBLOG=2

If the trace level is greater than 1, unencrypted contents of the send/receive buffers may be exposed in the trace.

Trace output, file <thread-id>.etb, is written to the trace directory. The location of the trace file depends on the settings of environment variable %USERPROFILE%, for example:

C:\Documents And Settings\<UserName>\My Documents\Software AG\EntireX

See Trace Directory.

Remember to switch off tracing to prevent trace files from filling up your disk.

Start of instruction setTo switch off tracing for the broker stub

  • Set the environment variable ETB_STUBLOG to NONE or delete it.

Support of Clustering in a High Availability Scenario

EntireX Broker supports clustering in a high-availability scenario, using the environment variable ETB_SOCKETPOOL. See Environment Variables in EntireX. This section covers the following topics:

See also High Availability in EntireX.

Introduction

A TCP/IP connection established between stub and broker is not exclusively assigned to a particular thread. With multithreaded applications, two or more threads may use the same connection. On the other hand, if a connection is busy, another new one is created to exchange data.

In order to access the same broker instance in a clustering environment, an affinity between application thread and TCP/IP connection is needed to always use the same connection within an application thread. Therefore, an environment variable is evaluated to control the handling of TCP/IP connections.

If environment variable ETB_SOCKETPOOL is set to "OFF" (ETB_SOCKETPOOL=OFF), an affinity between threads and TCP/IP connections is established. All requests to one particular broker will use the same TCP/IP connection. ETB_SOCKETPOOL controls all TCP/IP connections.

Stubs ARFETB and NATETBZ always establish an affinity between subtask and TCP/IP connection.

Exceptions

Broker attribute CONNECTION-NONACT is used by the broker to close TCP/IP connections after the elapsed non-activity time. Omit this attribute to keep the TCP/IP connection alive.

Default

ETB_SOCKETPOOL=ON is the default setting. In this case, an established broker connection can be used by any thread if the connection is not busy.

Configuring the Socket Pool

Stubs with enabled socket pool (see environment variable ETB_SOCKETPOOL) can be configured to limit the size of the socket pool (environment variable ETB_POOLSIZE) and to define the maximum wait time for a free connection (environment variable ETB_POOLTIMEOUT).