This chapter explains how to configure Jolt 1.1 and describes the Jolt Internet Relay, Event Subscription, and security features. Readers of this chapter are assumed to be system administrators and/or application developers who have experience with the operating systems and workstation platforms on which they are going to configure TUXEDO and Jolt.
This chapter includes the following sections:
The Jolt Server consists of listeners and handlers.
Jolt Server Listener (JSL). The JSL is configured to support clients on an IP/port combination.The JSL works with the Jolt Server Handler (JSH) to provide client connectivity to the backend of the Jolt system. The JSL is administered by the same tools used to manage any resource within a BEA TUXEDO environment.
Jolt Server Handler (JSH). The JSH is a program that runs on a TUXEDO server machine to provide a network connection point for remote clients. The JSH works with the JSL to provide client connectivity residing on the backend of the Jolt system.
The system administrator's responsibilities for the server components of Jolt include:
Using the Jolt Server
The Jolt Internet Relay is a component that routes messages from a Jolt client to a JSL or JSH. This alleviates the need for the JSL/JSH and TUXEDO to run on the same machine as the Web server. The Jolt Relay (JRLY) is not required to be a TUXEDO server or a TUXEDO client. It is a stand-alone piece of software that routes the Jolt messages to the JSL or JSH. Refer to the "Jolt Internet Relay" in this chapter.
Authentication and key exchange data that are transmitted between Jolt clients and the JSL/JSH are encrypted using DES (56-bit) encryption. All subsequent exchanges are encrypted using RC4 encryption. International packages use a 40-bit key.
Programs using the 56/128-bit encryption cannot be used outside the United States without proper approval from the United States government. Customers with intranets extending beyond the United States cannot use this mode of encryption if any internal clients are outside of the United States.
The 128-bit version generates a 128-bit RC4 session encryption key at logon time, and this session key is transmitted over the network in a message protected by 56-bit DES encryption. The temporary session key is then used to encrypt the session's data. The overall security level achieved is equivalent to 56-bit DES encryption, even though the data encryption is using a 128-bit key.
Type
Note:
TUXEDO monitors the JSL and restarts it in the event of a failure. When TUXEDO restarts the listener process, the following occurs:
Jolt Internet Relay
Security and Encryption
Starting the Jolt Server
tmloadcf
and tmboot
-y
to start all administrative and server processes. (The prompt only displays when the command is entered with none of the limiting options). See the TUXEDO System Administration Guide for information on tmloadcf
and tmboot
.
The Jolt Server Listener (JSL) is a TUXEDO server responsible for distributing connection requests from Jolt to the JSH. TUXEDO must be running on the host machine where the JSL and JREPSVR is located.
To configure the JSL, you must modify the Configuring the Jolt Server
UBBCONFIG
file. For information regarding TUXEDO configuration, refer to the TUXEDO Administration Guide. Listing 3-1 shows relevant portions of the UBBCONFIG
file.
Listing 3-1
UBBCONFIG File
*MACHINES
MACH1 LMID=SITE1
MAXWSCLIENTS=40
*GROUPS
JSLGRP GRPNO=95 LMID=SITE1
*SERVERS
JSL SRVGRP=JSLGRP SRVID=30 CLOPT= " -- -n 0x0002PPPPNNNNNNNN -d
/dev/tcp -m2 -M4 -x10"
Change the following sections of the UBBCONFIG
file.
Section | Parameters to be specified |
---|---|
*MACHINES |
|
*GROUPS |
|
*SERVERS |
|
The parameters shown in Table 3-1 are the only parameters that should be designated for the Jolt Server groups and Jolt Servers. You do not need to specify any other parameters.
Note:
Ensure that Resource Managers are not assigned as a default value for all groups in the *GROUPS section of your UBBCONFIG
file. This will assign a Resource Manager to the JSL and you will receive an error during tmboot
. In the *SERVERS section, default values for RESTART, MAXGEN, etc., are acceptable defaults for the JSL.
The MAXWSCLIENTS
parameter is required in the *MACHINES section for the configuration file and applies to specific machines. The Jolt Server and /WS use MAXWSCLIENTS
in the same way. MAXWSCLIENTS
communicates the number of accesser slots to reserve for Jolt and /WS clients to TUXEDO. For example, if 200 slots are configured for MAXWSCLIENTS
, this number configures TUXEDO for the total number of remote clients used by Jolt and /WS.
Specify MAXWSCLIENTS
in the configuration file. If it is not specified, the default is 0.
A *GROUPS entry is required for the group that includes the Jolt Server Listener (JSL). The group name is selected by the application.
LMID
parameter in the
*MACHINES section.
GRPNO
between 1 and 30,000 in the *GROUPS section.
Clients connect to Jolt applications through the JSL. Services are accessed through the Jolt Server Handler (JSH). The JSL supports multiple clients and acts as a single point of contact for all the clients to connect to the application at the network address that is specified on the JSL command line. The JSL schedules work for handler processes. A handler process acts as a substitute for clients on remote workstations within the administrative domain of the application. The handler uses a multiplexing scheme to support the multiple clients concurrently.
The network address specified for the JSL designates a TCP/IP address for both the JSL and any JSH processes associated with that JSL. The port number identified by the network address specifies the port number on which the JSL accepts new client connections. Each JSH associated with the JSL uses consecutive port numbers at the same TCP/IP address. For example, if the initial port number is 8000 and there are a maximum of three JSH processes, the JSH processes use ports 8001, 8002, and 8003.
Note: Port numbers used by the JSHs are sequentially incremented by one numeric digit after the JSL port number. If JSL is using port number 8000, its JSHs use 8001, and so on. Misconfiguration of the subsequent JSL results in a port number collision.
Each handler uses a multiplexing scheme on its designated port to support multiple clients concurrently on one port.
TUXEDO parameters including RESTART, RQADDR, and REPLYQ can be used with the JSL. See the TUXEDO Administration Guide for additional information regarding run-time parameters. Enter the following parameters:
SRVGRP
parameter, type the previously defined group name value
from the *GROUPS section.
Note:
The CLOPT parameters may vary. Refer to Table 3-2 for pertinent command-line information.
CLOPT= "-- -n 0x0002PPPPNNNNNNNN -d /dev/tcp -m2 -M4 -x10"
SEQUENCE
parameter to determine the order that the servers are booted.
Y
to permit release of the RESTART
parameter.
0
to permit an infinite number of server restarts using the GRACE
parameter.
All shutdown requests to the Jolt servers are initiated by the TUXEDO command, tmshutdown -y
. During shutdown:
The Jolt Repository contains TUXEDO service definitions that allow the Jolt clients to access TUXEDO services. The Jolt Repository files included with the installation contain services definitions used internally by Jolt. See Chapter 5, "Using the Jolt Repository Editor," for detailed instructions on how to add definitions to the application services.
To configure the Jolt Repository, modify the application Using the Jolt Repository
Configuring the Jolt Repository
UBBCONFIG
file. The UBBCONFIG
file is an ASCII version of the TUXEDO configuration file. Create a new UBBCONFIG
file for each application. See the TUXEDO Reference Manual for information regarding the syntax of the entries for the file. Listing 3-2 shows relevant portions of the UBBCONFIG
file.
Listing 3-2
Sample of UBBCONFIG File
*GROUPS
JREPGRP GRPNO=94 LMID=SITE1
*SERVERS
JREPSVR SRVGRP=JREPGRP SRVID=98
RESTART=Y GRACE=0 CLOPT="-A -- -W -P /app/jrepository"
JREPSVR SRVGRP=JREPGRP SRVID=97
RESTART=Y RQADDR=JREPQ GRACE=0 CLOPT="-A -- -P /app/jrepository"
JREPSVR SRVGRP=JREPGRP SRVID=96
RESTART=Y RQADDR=JREPQ REPLYQ=Y GRACE=0 CLOPT="-A -- -P /app/jrepository"
Note:
For UNIX systems, use the slash (/
) when setting the path to the jrepository
file. For NT systems, use the backslash (\
) and specify the drive name (e.g., c:\app\repository
).
Change the following sections of the UBBCONFIG
file:
Section | Parameters to be specified |
---|---|
*GROUPS |
|
*SERVERS |
|
A *GROUPS entry is required for the group that includes the Jolt Repository. The group name parameter is a name selected by the application.
LMID
parameter in the
*MACHINES section.
GRPNO
between 1 and 30,000 in the *GROUPS section.
The Jolt Repository server, JREPSVR
, contains services for access and editing the Repository. Multiple JREPSVR
instances share repository information through a shared file. Include JREPSVR
in the *SERVERS section of the UBBCONFIG
file.
98
) with the SRVID
parameter.
Note:
You must install only one writable JREPSVR (i.e., only one JREPSVR with the -W
flag). Multiple read-only JREPSVRs may be installed on the same host.
-P
flag to specify the path of the repository file. An error message
displays in the TUXEDO ULOG
file if the argument for the -P
flag is not entered.
/app/jrepository
).
A Repository file, jrepository
, is available with Jolt 1.1. This file includes bankapp
services and the Repository services that you can modify, test, and delete using the Repository Editor.
Start with the jrepository
file provided with the installation, even if you are not going to test the bankapp
application with Jolt. Delete the bankapp
packages or services that are not needed.
The pathname of the file must match the argument of the -P
option.
jrepository
file can be modified and read with any text editor, the Jolt system does not have integrity checks to ensure that the file is in the proper format. Any manual changes to the jrepository
file may not be detected until runtime. See "Using the Jolt Repository Editor" for additional information.You must initially define the TUXEDO services using TUXEDO and Jolt in order to make the Jolt services available to the client.
Jolt Event Subscription is used to receive event notifications from either TUXEDO services or other TUXEDO clients:
Unsolicited Event Notifications. These are notifications that a Jolt client receives as a result of a TUXEDO client or service subscribing to unsolicited events, and a TUXEDO client issuing broadcast (using either a tpbroadcast()
or a directly targeted message via a tpnotify()
ATMI call).
Brokered Event Notifications. These notifications are received by a Jolt client via the TUXEDO Event Broker. The notifications are only received when both Jolt clients subscribes to an event and any TUXEDO client or server issues system posted event or a tppost()
call.
Configure the TUXEDO TMUSREVT server and modify the application UBBCONFIG
file. Listing 3-3 shows the relevant portions TMUSREVT parameters in the UBBCONFIG
file. See the TUXEDO Programmer's Guide for information regarding the syntax of the entries for the file.
Listing 3-3 UBBCONFIG File
TMUSREVT SRVGRP=EVBGRP1 SRVID=40 GRACE=3600
ENVFILE="/usr/tuxedo/bankapp/TMUSREVT.ENV"
CLOPT="-e tmusrevt.out -o tmusrevt.out -A --
-f /usr/tuxedo/bankapp/tmusrevt.dat"
SEQUENCE=11
Change the following sections of the UBBCONFIG
file:
Section | Parameters to be specified |
---|---|
*SERVERS |
|
"Filtering" is a process that allows you to customize a subscription. If you require additional information about the TUXEDO Event Broker, subscribing to events, or filtering, refer to the BEA TUXEDO Programmer's Guide, Volume 1.
In order to filter TUXEDO FML or VIEW buffers, the field definition file must be available to TUXEDO at runtime.
Note: There are no special requirements for filtering STRING buffers.
Listing 3-4 shows an example using the FML buffer. The FML field definition table is made available to TUXEDO by setting the FIELDTBLS and FLDTBLDIR variables.
To filter a field found in the my.flds
file:
my.flds
file to /usr/me/bankapp
directory.
my.flds
to the FIELDTBLS variable in the TMUSREVT.ENV
file as shown in
Listing 3-4:
Listing 3-4
FIELDTBLS Variable in the TMUSREVT.ENV File
FIELDTBLS=Usysflds,bank.flds,credit.flds,event.flds,my.flds
FLDTBLDIR=/usr/tuxedo/me/T6.2/udataobj:/usr/me/bankapp
If ENVFILE="/usr/me/bankapp/TMUSREVT.ENV"
is included in the definition of the UBBCONFIG
file (shown in Listing 3-3), the FIELDTBLS and FLDTBLDIR definitions are taken from the TMUSREVT.ENV file and not from your environment variable settings.
If you remove the ENVFILE="/usr/me/bankapp/TMUSREVT.ENV"
definition, the FIELDTBLS and FLDTBLDIR definitions are taken from your environment variable settings. The FIELDTBLS and FLDTBLDIR definitions must be set to the appropriate value prior to booting the TUXEDO system.
For additional information on event subscriptions and the Jolt Class Library, refer to Chapter 6, "Using the Jolt Class Library."
The Jolt Internet Relay is a component that routes messages from a Jolt client to a JSL or JSH. This eliminates the need for the JSH and TUXEDO to run on the same machine as the Web server (generally considered as insecure). The Jolt Relay (JRLY) is not a TUXEDO server or a TUXEDO client. It is a stand-alone program that routes the Jolt messages from the Internet to the JSL or JSH
The Jolt Internet Relay consists of two components illustrated in Figure 3-1.
Note:
The Jolt relay is transparent to Jolt clients and Jolt servers. A Jolt server can simultaneously connect clients directly to the Jolt Server (intranet clients), or via the Jolt Relay (Internet clients).
Figure 3-1 Jolt Internet Relay Path
Figure 3-1 shows how a browser connects to the Web server software and downloads the Jolt applets. The Jolt applet or client connects to the JRLY on the Web server machine. The JRLY forwards the Jolt messages across the firewall to the JRAD. The JRAD selectively forwards messages to the JSL or appropriate JSH.
The JRLY (front-end relay) process may be started before or after the JRAD is started. If the JRAD is not available when the JRLY is started, the JRLY attempts to connect to the JRAD when it receives a client request. If JRLY is unable to connect to the JRAD, the client is denied access and is disconnected. A warning is written to the JRLY error log file.
The JRLY process is started by typing the command name at a system prompt.
If the configuration file does not exist or cannot be opened, the JRLY prints an error message. Refer to Appendix B for the Jolt Relay messages.
If the JRLY is unable to start, it writes a message to standard error and attempts to log the startup failure in the error log if possible, then exit.
The format of the configuration file is a TAG=VALUE format. Blank lines or lines starting with a " Jolt Relay (JRLY)
Starting the JRLY
jrly -f <config_file_path>
JRLY Configuration File
#
" are ignored. Refer to Listing 3-5 for an example of the formal specifications of the configuration file.
Listing 3-5
Specification of Configuration File
LOGDIR=<LOG_DIRECTORY_PATH>
ACCESS_LOG=<ACCESS_FILE_NAME in LOGDIR>
ERROR_LOG=<ERROR_FILE_NAME in LOGDIR>
LISTEN=<IP:Port combination where JRLY will accept connections>
CONNECT=<IP:Port combination associated with JRAD
Refer to Listing 3-6 for an example of the JRLY configuration file. The CONNECT line specifies the IP address and port number of JRAD machine.
Listing 3-6 Example of JRLY Configuration File
LOGDIR=/usr/log/relay
ACCESS_LOG=access_log
ERROR_LOG=errorlog
# jrly will listen on port 4444
LISTEN=200.100.10.100:4444
CONNECT=200.100.20.200:4444
The format for directory and file names is determined by the operating system. UNIX systems use the forward slash (/). NT systems use the backslash (\). If any of the files specified in LOGDIR, ACCESS_LOG or ERROR_LOG cannot be opened for writing, the JRLY prints an error message on stderr
and exits.
The format for host names and port numbers are shown in Table 3-5.
The JRAD (back-end relay) is a TUXEDO system server. The JRAD server may or may not be located on the same TUXEDO host machine (in SHM mode) and server group that the JSL server it is connected to.
The JRAD can be started independently of its associated JRLY. JRAD tracks its startup and shutdown activity in the TUXEDO log file.
Type tmloadcf
and tmboot
to start the JRAD.
Configuration entry in the UBBCONFIG is described in the "JRAD Configuration" section.
A single JRAD process can only be connected to a single JRLY. A JRAD can only be configured to communicate with one JSL and its associated JSHs. However, multiple JRADs can be configured to communicate with one JSL. The CLOPT parameter for the TUXEDO servers must be included in the UBBCONFIG
file. For additional information about the CLOPT parameters, refer to Table 3-2 and Table 3-6.
Note:
The format is 0x0002PPPPNNN
. Refer to the Jolt 1.1 Release Notes for additional information on JRAD.
Listing 3-7 shows the sample UBBCONFIG file.
Listing 3-7 Sample JRAD Entry in UBBCONFIG File
# JRAD host 200.100.100.10 listens at port 2000, connects to JSL port 8000 on the same host
JRAD SRVGRP=JSLGRP SRVID=60
CLOPT="-A -- -l 0x000207D0C864640A -c 0x00021f40C864640A"
There are several networked components that need to be configured to work together when configuring a Jolt Internet Relay. Prior to configuration, review the criteria required in Table 3-7 and record the information. This will help minimize the possibility of misconfiguration.
You can access sample code that can be modified for use with BEA Jolt through the BEA Jolt product Web page at:
http://www.beasys.com/products/jolt/index.htm
These samples demonstrate and utilize Jolt features and functionality.
Other Web sites with Java-related information include:
http://www.javasoft.com/
)
http://www.dejanews.com/
), an archive of Java-related newsgroups
http://www.best.com/~pvdl/javafaq.txt
)