This document covers the following topics:
The following table lists available stubs and gives an overview of available features and supported transport methods.
Stub | Language | Transport Methods | More Information |
---|---|---|---|
broker.dll * | C | TCP / SSL | See below. |
Jaci | Java | TCP /SSL | See EntireX Java ACI. |
(*) | Stub broker32.dll is still supported for reasons of backward compatibility. The functionality is identical to broker.dll. |
The Broker stub can use TCP/IP and Secure Sockets Layer.
To use TCP/IP
Optional: set the timeout, see Setting the Timeout for the Transport Method.
The Broker stub requires the IP address and the TCP port number (if the Broker's default TCP port number 1971 cannot be used) for each BROKER-ID. Either add an entry in the Domain Name System (DNS) or modify your local hosts and services tables. See Modifying the Hosts and Services Tables.
You can check whether the Broker has already been added to your DNS with the command:
ping <broker-id>
for example: ping ETB001. If a message such as "...is alive" or "Reply from ..." is displayed (the text displayed varies depending on your ping implementation), the name is known to your DNS and the host where the Broker is running is reachable. However, this does not necessarily mean that the Broker is active.
ACI applications can use Secure Sockets Layer/Transport Layer Security (SSL/TLS) as the transport medium. The term "SSL" in this section refers to both SSL and TLS. ACI-based clients or servers are always SSL clients. The SSL server can be either the EntireX Broker or the Broker SSL Agent. For an introduction see SSL/TLS, HTTP(S), and Certificates with EntireX in the platform-independent Administration documentation.
With the Broker ACI, the SSL parameters (e.g. certificates) are provided with the function SETSSLPARMS
.
To use SSL
To operate with SSL, certificates need to be provided and maintained. Depending on the platform, Software AG provides sample certificates, but we strongly recommend that you create your own. See SSL/TLS Sample Certificates Delivered with EntireX in the EntireX Security documentation.
Specify the Broker ID, using one of the following styles:
URL Style, for example:
ssl://localhost:2010
Transport-method Style, for example:
ETB024:1609:SSL
If no port number is specified, port 1958 is used as default.
Specify SSL parameters in the second parameter, for example:
'broker' etbcb "VERIFY_SERVER=N&TRUST_STORE=c:\\certs\\CaCert.pem"
If the SSL client checks the validity of the SSL server only, this is known as one-way SSL. Two SSL parameters must be specified on the SSL client side: trust_store
and trust_passwd
. The mandatory trust_store
parameter specifies the file name of a PKCS#12 certificate store that must contain the certificate chain of the trusted certificate
authority (CA) that issued the SSL server's certificate.
To unlock this certificate store, the password has to be set with SSL parameter trust_passwd
.
By default a check is made that the certificate of the SSL server is issued for the hostname specified in the Broker ID.
The common name of the subject entry in the server's certificate is checked against the hostname. If they do not match, the
connection will be refused.
You can disable this check with SSL parameter verify_server=no
.
If the SSL server additionally checks the identity of the SSL client, this is known as two-way SSL. In this case the SSL server requests a client certificate
(the parameter verify_client=yes
is defined in the configuration of the SSL server).
Two additional SSL parameters must be specified on the SSL client side: key_store
and key_passwd
.
This keystore must contain the private key of the SSL client. The password that protects the private key is specified with
key_passwd
.
The ampersand (&) character cannot appear in the password.
SSL parameters are separated by ampersand (&). See also SSL/TLS Parameters for SSL Clients.
Make sure the SSL server to which the ACI side connects is prepared for SSL connections as well. The SSL server can be EntireX Broker or Broker SSL Agent. See:
See table Using SSL/TLS with EntireX Components if SSL is required for other EntireX components.
The Broker stub requires the IP address and the SSL port number for each BROKER-ID
.
Either add an entry to the Domain Name System (DNS) or modify your local hosts and services tables.
See Modifying the Hosts and Services Tables.
If no port number is specified, port 1958 is used as default.
You can check whether the Broker has already been added to your DNS with a ping <broker-id>
command, for example:
ping ETB001
If a message such as "...is alive
" or "Reply from ...
" is displayed (the text displayed varies depending on your ping implementation),
the name is known to your DNS and the host where the Broker is running is reachable. However, this does not necessarily mean
that the Broker is active.
Take care if trace is switched on:
Warning: If stub tracing level is > 1, unencrypted contents of the send/receive buffers are exposed in the trace. |
Example on running the delivered ACI example:
C:\SoftwareAG\EntireX\examples\ACI\conversational\C\convSvr -blocalhost:1958:SSL -cACLASS -sASERVER -vASERVICE -x"VERIFY_SERVER=N&TRUST_STORE=C:\SoftwareAG\EntireX\etc\ExxCACert.pem"
The timeout settings of the transport layers are independent of the
broker's timeout settings, which are set by the application in the
WAIT
field of the broker ACI control block.
If the transport layer is interrupted, communication between the
Broker and the stub (i.e. client or server application) is interrupted as well.
To prevent a client from waiting for a Broker reply indefinitely, set a timeout
value for the transport method. The actual timeout for the procedure is then
the Broker timeout (which is set by the application in the field
WAIT
(see Broker ACI Fields) plus this value.
To set a transport timeout value
Set the environment variable ETB_TIMEOUT
:
Value | Description |
---|---|
0 | Infinite wait for the application. |
n | Transport method waits additional time in seconds. Negative values are treated as ETB_TIMEOUT=0 , i.e. infinite wait.
|
No environment variable defined | Transport method waits additional 20 seconds. |
With transport method TCP/IP the broker stub establishes one or more TCP/IP connections to the brokers specified with BROKER-ID
.
On the broker stub side, these connections can be controlled by the transport-specific environment variable ETB_NONACT
.
If ETB_NONACT
is not 0, it defines the non-activity time (in seconds) of active TCP/IP connections to any broker. See ETB_NONACT
under Environment Variables in EntireX.
Whenever the broker stub is called, it checks for the elapsed non-activity time and closes connections with a non-activity
time greater than the value defined with ETB_NONACT
.
Stubs capable of running in SRB mode do not support ETB_NONACT
handling.
On the broker kernel side, non-activity can be set with the transport-specific attribute CONNECTION-NONACT
(SSL | TCP).
Both settings (the stub side and broker kernel side) act independently of each other.
Transport Non-activity Value | Description |
---|---|
0 | Infinite lifetime until application is stopped. |
n (seconds) | Transport connections with non-activity time greater than n will be closed. |
Nothing set | Infinite lifetime until application is stopped. |
To add an entry to the hosts table
Add a line similar to the following to the local hosts file:
100.100.1.1 ETB226 # ETB test host name
To add an entry to the services table
Add lines similar to the following to the local services file:
ETB226 18492/tcp # ETB test host name ETB411 21234/tcp # ETB production host name
The broker stubs provide an option for writing trace files.
To switch on tracing for the broker stub
Before starting the client application, set the environment variable ETB_STUBLOG
:
Trace Level | Description | |
---|---|---|
0 | NONE |
No tracing. Switch tracing off. |
1 | STANDARD |
Traces initialization, errors, and all ACI request/reply strings. |
2 | ADVANCED |
Used primarily by system engineers, traces everything from level 1 and provides additional information, for example the Broker ACI control block, as well as information from the transports. |
3 | SUPPORT |
This is full tracing through the stub, including detailed traces of control blocks, message information, etc. |
Example:
ETB_STUBLOG
=2
If the trace level is greater than 1, unencrypted contents of the send/receive buffers may be exposed in the trace.
Trace output, file <thread-id>.etb, is written to the trace directory.
The location of the trace file depends on the settings of environment variable %USERPROFILE%
, for example:
C:\Documents And Settings\<UserName>\My Documents\Software AG\EntireX
See Trace Directory.
Remember to switch off tracing to prevent trace files from filling up your disk.
To switch off tracing for the broker stub
Set the environment variable ETB_STUBLOG
to NONE
or delete it.
EntireX Broker supports clustering in a high-availability scenario, using the environment variable ETB_SOCKETPOOL
. See Environment Variables in EntireX. This section covers the following topics:
See also High Availability in EntireX.
A TCP/IP connection established between stub and broker is not exclusively assigned to a particular thread. With multithreaded applications, two or more threads may use the same connection. On the other hand, if a connection is busy, another new one is created to exchange data.
In order to access the same broker instance in a clustering environment, an affinity between application thread and TCP/IP connection is needed to always use the same connection within an application thread. Therefore, an environment variable is evaluated to control the handling of TCP/IP connections.
If environment variable ETB_SOCKETPOOL
is set to "OFF" (ETB_SOCKETPOOL=OFF
),
an affinity between threads and TCP/IP connections is established. All
requests to one particular broker will use the same TCP/IP connection.
ETB_SOCKETPOOL
controls all TCP/IP connections.
Stubs ARFETB
and NATETBZ
always establish an affinity between subtask and TCP/IP connection.
Broker attribute CONNECTION-NONACT
is used by the broker to close TCP/IP
connections after the elapsed non-activity time. Omit this attribute
to keep the TCP/IP connection alive.
ETB_SOCKETPOOL=ON
is the default setting. In this case, an established
broker connection can be used by any thread if the connection is not busy.
Stubs with enabled socket pool (see environment variable ETB_SOCKETPOOL
)
can be configured to limit the size of the socket pool
(environment variable ETB_POOLSIZE
)
and to define the maximum wait time for a free connection
(environment variable ETB_POOLTIMEOUT
).