Configurations for AI sidecar in Kafka Secure Communication
This section describes the configurations required for secure (SSL enabled) communication between OM and AI, and between AI and Kafka server. For more information see,Configuration Files for OM-AI Integration.
The Siebel CRM Application Interface communicates with Kafka through Kafka Client Java APIs over TCP/TLS and not using/over REST/HTTPs. Details about the latest version of those APIs (this version may or may not match with the version implemented/shipped with Siebel CRM) can be found at https://kafka.apache.org/documentation/#api.
For secure communication, only SSL security protocol is supported for authentication in the communication between Kafka brokers and Siebel CRM. Refer to Kafka documentation for more details of all possible security protocols https://kafka.apache.org/documentation/#security_overview
In applicationinterface.properties file:
-
The SecureAIEgressServer, SecureAIEgressServer properties should be set to TRUE or true.
-
In KafkaServers property, fully qualified hostname to be used along with port number For example: myserver.mycompany.com. Do not use just myserver or localhost.
-
Ensure that the following properties are set correctly:
- AIEgressPort
- KafkaKeyStoreName
- KafkaKeyStoreType
- KafkaKeyStorePassword
- KafkaTrustStoreName
- KafkaTrustStoreType
- KafkaTrustStorePassword
- KafkaPassword
In Kafka server (broker):
For configuration suitable for your business and performance use case, refer to:
https://kafka.apache.org/documentation/#brokerconfigs
Some of the parameters that may need changes:
-
listeners=[list of comma separated listeners in the format
listener_name://host_name:port]
for example:listener_name://host_name:port] for example: listeners=PLAINTEXT://<Fully qualified hostname>:9092,SSL://<Fully qualified hostname>:9093 Remove PLAINTEXT if only SSL is required
-
advertised.listeners=PLAINTEXT://<Fully qualified hostname>:9092,SSL://<Fully qualified hostname >:9093
-
ssl.keystore.location=<keystore location> ssl.keystore.password=<pwd value> ssl.truststore.location=<truststore location> ssl.truststore.password=<pwd value> ssl.key.password=<pwd value> ssl.client.auth=required
-
zookeeper.connect=[List of Zookeeper Servers with port] for example <Fully qualified hostname>:2181
this is for Kafka to connect to zookeeper -
message.max.bytes=20971520
Up to 5 MB is supported by Siebel CRM Event Publication Subscription.