Configuring a fail-safe enterprise service bus after installation

If you are using the embedded version of BMC Remedy Single Sign-On  (Remedy SSO) authentication, you must set up a fail-safe configuration for the enterprise service bus (ESB). This ensures that local user management changes made on one instance of Remedy SSO are reflected in other Remedy SSO instances in your environment.

For example, with this fail-safe service bus configuration, if you add a new local user in the Remedy SSO instance on your repository, it is added to the Remedy SSO instance on your CDP and HA-CDP (if you have an HA-CDP installed).

To configure the fail-safe service bus communication between all three peers, you must modify the Tomcat context.xml and server broker-config.xml files for the repository, CDP, and HA-CDP (if you have an HA-CDP installed). Use the instructions on this page. If you do not have an HA-CDP installed, you can ignore the instructions related to the HA-CDP.

In these instructions 

  • Repo_HOME represents the repository installation directory.
  • CDP_HOME represents the CDP installation directory.
  • HACDP_HOME represents the HA-CDP installation directory.


Notes

  1. These steps are needed only if you are using the embedded version of BMC Remedy SSO authentication.
  2. Complete the fail-safe ESB configuration before performing user and role management tasks to ensure that user/role setup is propagated throughout your BAO environment.
  3. Only configuration items under the Local User Management tab are replicated. Configuration items under the General, Realm, and Session tabs are not replicated.


The following diagram illustrates the ESB configuration for the Remedy SSO synchronization.



To set up a fail-safe configuration for the enterprise service bus (ESB), complete the following steps:


  1. Stop the component services
  2. Configure the Tomcat context.xml files
  3. Configure the broker-config.xml files
  4. Restart the component services


Stop the component services


Before editing the files, stop the repository, CDP, and HA-CDP services (see Starting and stopping product components and services).


Configure the Tomcat context.xml files


Configure the Tomcat context.xml files for the repository, CDP, and HA-CDP (if you have one installed).


Configure the repository Tomcat context.xml file


  1. Navigate to the Repo_HOME/tomcat/conf directory.
  2. Edit the context.xml file and verify that the following parameters are set:

    <Parameter name="com.bmc.ao.ha.repo.ip" override="true" value=”<Repo_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.repo.port" override="true" value=”<Repo_HA_port>"/>
    • <Repo_IPaddress> is the repository HA address that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).

    • <Repo_HA_port> is the repository HA port that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).
  3. Verify that the following parameters are set to true:

    <Parameter name="com.bmc.ao.USE_HA_FAIL_SAFE_MODE" override="true" value=”true"/>
    <Parameter name="com.bmc.ao.USE_HA" override="true" value="true"/>
  4. Save your changes and close the file.


Configure the CDP Tomcat context.xml file


  1. Navigate to the CDP_HOME/tomcat/conf directory.
  2. Edit the context.xml file and verify that the following parameters are set:

    <Parameter name="com.bmc.ao.ha.repo.ip" override="true" value=”<Repo_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.repo.port" override="true" value=”<Repo_HA_port>"/>
    <Parameter name="com.bmc.ao.ha.cdp.ip" override="true" value=”<CDP_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.cdp.port" override="true" value=”CDP_HA_port>"/>
    • <Repo_IPaddress>is the repository HA address that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).

    • <Repo_HA_port>is the repository HA port that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).
    • <CDP_IPaddress> is the CDP HA address that was provided during the primary CDP installation/upgrade in Advanced Options (see CDP installation worksheet)

    • <CDP_HA_port> is the CDP HA port that was provided during the primary CDP installation/upgrade in Advanced Options (see CDP installation worksheet).

  3. Verify that the following parameters are set to true:

    <Parameter name="com.bmc.ao.USE_HA_FAIL_SAFE_MODE" override="true" value="true"/>
    <Parameter name="com.bmc.ao.USE_HA" override="true" value="true"/> 
  4. Save your changes and close the file.

Configure the HA-CDP Tomcat context.xml file

  1. Navigate to the HACDP_HOME/tomcat/conf directory.
  2. Edit the context.xml file and verify that the following parameters are set:

    <Parameter name="com.bmc.ao.ha.repo.ip" override="true" value=”<Repo_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.repo.port" override="true" value=”<Repo_HA_port>"/>
    <Parameter name="com.bmc.ao.ha.cdp.ip" override="true" value=”<CDP_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.cdp.port" override="true" value=”CDP_HA_port>"/>
    <Parameter name="com.bmc.ao.ha.hacdp.ip" override="true" value=”<HACDP_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.hacdp.port" override="true" value=”HACDP_HA_port>"/>
    • <Repo_IPaddress>is the repository HA address that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).

    • <Repo_HA_port>is the repository HA port that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).
    • <CDP_IPaddress> is the CDP HA address that was provided during the primary CDP installation/upgrade in Advanced Options (see CDP installation worksheet)

    • <CDP_HA_port> is the CDP HA port that was provided during the primary CDP installation/upgrade in Advanced Options (see CDP installation worksheet).

    • <HACDP_IPaddress> is the HA-CDP HA address that was provided during the HA-CDP installation/upgrade in Advanced Options (see HA-CDP installation worksheet)

    • <HACDP_HA_port> is the HA-CDP HA port that was provided during the HA-CDP installation/upgrade in Advanced Options (see HA-CDP installation worksheet).

  3. Verify that the following parameters are set to true:

    <Parameter name="com.bmc.ao.USE_HA_FAIL_SAFE_MODE" override="true" value="true"/>
    <Parameter name="com.bmc.ao.USE_HA" override="true" value="true"/>
  4. Save your changes and close the file.

Configure the broker-config.xml files

Configure the broker.xml files for the repository, CDP, and HA-CDP (if you have one installed).

Configure the repository communication in the broker-config.xml file

  1. Navigate to the AO_HOME/repository/server/.jms directory.
  2. Edit the broker-config.xml file, search for the <transportConnectors> section, and after the </transportConnectors> line, add the following lines to the file using the sample for your environment.

    • CDP only (no HA-CDP installed)

      <networkConnectors>
          <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
        </networkConnectors> 
      • <CDP_IPaddress> is the value for the com.bmc.ao.ha.cdp.ip parameter in the CDP_HOME/tomcat/conf/context.xml file.

      • <CDP_HA_port> is the value for the com.bmc.ao.ha.cdp.port parameter in the CDP_HOME/tomcat/conf/context.xml file.

    • CDP and HA-CDP installed

      <networkConnectors>
          <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
          <networkConnector uri="static:(ssl://<HACDP_IPaddress>:<HACDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_HACDP">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
        </networkConnectors> 
      • <CDP_IPaddress> is the value for the com.bmc.ao.ha.cdp.ip parameter in the CDP_HOME/tomcat/conf/context.xml file.

      • <CDP_HA_port> is the value for the com.bmc.ao.ha.cdp.port parameter in the CDP_HOME/tomcat/conf/context.xml file.

      • <HACDP_IPaddress> is the value for the com.bmc.ao.ha.hacdp.ip parameter in the HACDP_HOME/tomcat/conf/context.xml file.

      • <HACDP_HA_port> is the value for the com.bmc.ao.ha.hacdp.port parameter in the HACDP_HOME/tomcat/conf/context.xml file.

  3. Save your changes and close the file.

Sample repository broker-config.xml file

The following example shows an example of the entire broker-config.xml file for the repository with fail-safe configuration for the enterprise service bus. This is meant to demonstrate where the new lines are added.

Important

Do not replace the existing broker-config.xml file in your environment with this example. You should retain your existing values for the following elements: external, cipher-suites, enable-jmx, broker-name, and transportConnectors.

<broker-config>
  <external>false</external>
  <cipher-suites>TLS_RSA_WITH_AES_256_CBC_SHA</cipher-suites>
  <enable-jmx>true</enable-jmx>
  <broker-name>ao-grid-framework-embedded-broker-0659d650-1ebc-4031-b587-857289635667</broker-name>
  <transportConnectors>
    <transportConnector uri="ssl://<Repo_HA_IPaddress>:<Repo_HA_Port>" name="ESB_TRANSPORT" enableStatusMonitor="true" 
                        updateClusterClients="true" updateClusterClientsOnRemove="true" networkTTL="3" prefetchSize="1" 
                        decreaseNetworkConsumerPriority="true" dynamicOnly="true" duplex="true" />
  </transportConnectors>
  <networkConnectors>
    <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
    <networkConnector uri="static:(ssl://<HACDP_IPaddress>:<HACDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_HACDP">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
  </networkConnectors> 
</broker-config>

Configure the primary CDP communication in the broker-config.xml file

  1. Navigate to the AO_HOME/server/.jms directory.
  2. Edit the broker-config.xml file, search for the <transportConnectors> section, and after the </transportConnectors> line, add the following lines to the file using the sample for your environment.
    • CDP only (no HA-CDP installed)

      <networkConnectors>
          <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
      </networkConnectors> 
      • <Repo_IPaddress> is the value for the com.bmc.ao.ha.repo.ip parameter in the Repo_HOME/tomcat/conf/context.xml file.

      • <Repo_HA_port> is the value for the com.bmc.ao.ha.repo.port parameter in the Repo_HOME/tomcat/conf/context.xml file.

    • CDP and HA-CDP installed

      <networkConnectors>
          <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
          <networkConnector uri="static:(ssl://<HACDP_IPaddress>:<HACDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_HACDP">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
        </networkConnectors> 
      • <Repo_IPaddress> is the value for the com.bmc.ao.ha.repo.ip parameter in the Repo_HOME/tomcat/conf/context.xml file.

      • <Repo_HA_port> is the value for the com.bmc.ao.ha.repo.port parameter in the Repo_HOME/tomcat/conf/context.xml file.

      • <HACDP_IPaddress> is the value for the com.bmc.ao.ha.hacdp.ip parameter in the HACDP_HOME/tomcat/conf/context.xml file.

      • <HACDP_HA_port> is the value for the com.bmc.ao.ha.hacdp.port parameter in the HACDP_HOME/tomcat/conf/context.xml file.

  3. Save your changes and close the file.

Sample CDP broker-config.xml file with fail-safe configuration for the service bus

The following example shows an example of the entire broker-config.xml file for the primary CDP with fail-safe configuration for the enterprise service bus. This is meant to demonstrate where the new lines are added.

Important

Do not replace the existing broker-config.xml file in your environment with this example. You should retain your existing values for the following elements: external, cipher-suites, enable-jmx, broker-name, uri, and transportConnectors.

<broker-config>
  <external>false</external>
  <cipher-suites>TLS_RSA_WITH_AES_256_CBC_SHA</cipher-suites>
  <enable-jmx>true</enable-jmx>
  <broker-name>ao-grid-framework-embedded-broker-0659d650-1ebc-4031-b587-857289635667</broker-name>
  <uri>ssl://<CDP_HA_IPaddress>:<CDP_Peer-to-Peer_Port>?connectionTimeout=1000</uri>
  <transportConnectors>
    <transportConnector uri="ssl://<CDP_HA_IPaddress>:<CDP_HA_Port>" name="ESB_TRANSPORT" enableStatusMonitor="true" 
                        updateClusterClients="true" updateClusterClientsOnRemove="true" networkTTL="3" prefetchSize="1" 
                        decreaseNetworkConsumerPriority="true" dynamicOnly="true" duplex="true" />
  </transportConnectors>
  <networkConnectors>
    <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
    <networkConnector uri="static:(ssl://<HACDP_IPaddress>:<HACDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_HACDP">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
  </networkConnectors> 
</broker-config>

Configure the HA-CDP communication in the broker-config.xml file

  1. Navigate to the AO_HOME/server/.jms directory.
  2. Edit the broker-config.xml file, search for the <transportConnectors> section, and after the </transportConnectors> line, add the following lines to the file.

    <networkConnectors>
        <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
          <dynamicallyIncludedDestinations>
            <topic physicalName="&gt;" />
          </dynamicallyIncludedDestinations>
        </networkConnector>
        <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
          <dynamicallyIncludedDestinations>
            <topic physicalName="&gt;" />
          </dynamicallyIncludedDestinations>
        </networkConnector>
      </networkConnectors> 
    • <Repo_IPaddress> is the value for the com.bmc.ao.ha.repo.ip parameter in the Repo_HOME/tomcat/conf/context.xml file.

    • <Repo_HA_port> is the value for the com.bmc.ao.ha.repo.port parameter in the Repo_HOME/tomcat/conf/context.xml file.

    • <CDP_IPaddress> is the value for the com.bmc.ao.ha.cdp.ip parameter in the CDP_HOME/tomcat/conf/context.xml file.

    • <CDP_HA_port> is the value for the com.bmc.ao.ha.cdp.port parameter in the CDP_HOME/tomcat/conf/context.xml file.

  3. Save your changes and close the file.

Sample HA-CDP broker-config.xml file with fail-safe configuration for the service bus

The following example shows an example of the entire broker-config.xml file for the HA-CDP with fail-safe configuration for the enterprise service bus. This is meant to demonstrate where the new lines are added.

Important

Do not replace the existing broker-config.xml file in your environment with this example. You should retain your existing values for the following elements: external, cipher-suites, enable-jmx, broker-name, uri, and transportConnectors.

<broker-config>
  <external>false</external>
  <cipher-suites>TLS_RSA_WITH_AES_256_CBC_SHA</cipher-suites>
  <enable-jmx>true</enable-jmx>
  <broker-name>ao-grid-framework-embedded-broker-0659d650-1ebc-4031-b587-857289635667</broker-name>
  <uri>ssl://<HACDP_HA_IPaddress>:<HACDP_Peer-to-Peer_Port>?connectionTimeout=1000</uri>
  <transportConnectors>
    <transportConnector uri="ssl://<HACDP_HA_IPaddress>:<HACDP_HA_Port>" name="ESB_TRANSPORT" enableStatusMonitor="true" 
                        updateClusterClients="true" updateClusterClientsOnRemove="true" networkTTL="3" prefetchSize="1" 
                        decreaseNetworkConsumerPriority="true" dynamicOnly="true" duplex="true" />
  </transportConnectors>
  <networkConnectors>
    <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
    <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
  </networkConnectors> 
</broker-config>

Restart the component services

After editing the context.xml and broker-config.xml files for all components, restart the repository, CDP, and HA-CDP services (see Starting and stopping product components and services).

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Andrew Pelz

    We are planning new architecture of 2 AO servers, each having Repo with Embedded RSSO, and either CDP/HACDP with Embedded RSSO.  Repo will be configured to connect to Oracle DB for HA, with only 1 REPO active at a time.

    How can we setup failsafe to this additional passive REPO/RSSO for High Availability?  Can we just add additional networkConnectors here for that 2nd REPO/RSSO, or would these need to be manually edited to switch between active REPO's for HA?

    or should we put both the active and passive REPO/RSSO on a virtual IP, and point these networkConnector entries to the vip instead? 

    Dec 15, 2016 05:14
    1. Dorothy Poole

      Hi Andrew. I will run this scenario by the development team and get an answer to your question. I've created a defect, DRAUM-21813, to track this.

      Dec 16, 2016 06:24
    1. Ranganath Samudrala

      Since an Oracle DB is in use to store content, is there a reason why the same DB is not used to store RSSO data? Our recommendation would be that RSSO be configured to use the external Oracle DB as opposed to use Embedded RSSO. 

      Jan 12, 2017 08:22
  2. Andrew Pelz

    Maybe a note should be added to let others know that user/role management should only be done after fail-safe configuration is complete.  I found that if you add a user/role before you setup fail-safe they don't propagate out.

    Dec 16, 2016 10:24
    1. Dorothy Poole

      I confirmed this with the team and added the information to the Notes section near the top of the page. Thank you for pointing this out.

      Dec 16, 2016 10:43
  3. Bala Dengale

    Hi Team,

    We do have shared Repository between 4 CDP/HA-CDP environment. How to configure broker config on Repository with multiple CDP/HA-CDP?

    Aug 14, 2017 08:19
    1. Shweta Hardikar

       Let me check with the team and get back to you, Bala.

      You can also ask this question on BMC Communities - Atrium Orchestrator and seek help from the wider AO user group.

      Thanks!

      Aug 17, 2017 12:08
      1. Tim Mcneeley

        Was this ever confirmed? Can this be configured when there is 1 repository shared between multiple grids?

        Dec 04, 2017 03:58
  4. Manoj Potluri

    Hello, After configuring fail-safe esb, local user management changes like creating a user, Deleting a user in one rsso is being replicated to all other component's embedded rsso, but when i change a password for a local user, password changes are not being propagated, is this by design? Thanks, Manoj.

    Aug 17, 2017 01:08
    1. Shweta Hardikar

      This is a known issue in the product, Manoj. We are working on fixing this. This is not by design. 

      Known and corrected issues: DRAUM-22116.

      Hope this helps!

      Shweta

      Aug 18, 2017 01:15
  5. Iain Taylor

    I get the following error when I try to view this page, has the page been restricted, if so what permissions are needed to view it. I want to configure my AO environment with High Availibility, and I am under the impression that I will need to use external DB's for both the Repository and RSSO. is this correct.

    Error rendering macro 'excerpt-include' : User 'iain.taylor@tiberone.com' does not have permission to view the page '_Configuring a fail-safe enterprise service bus'.

    Thank you Iain

    Nov 06, 2017 03:50
    1. Shweta Hardikar

      Can you check now, please Iain. 

      Nov 06, 2017 04:56
      1. Iain Taylor

        Hi Shweta, unfortunatly I now get the following error:

        Unable to render {include} The included page could not be found.

        Nov 08, 2017 08:53
        1. Shweta Hardikar

          Hi Iain,

          Apologies for this. I have now fixed the page. 

          Let me know if you are facing any issues anymore. 

          Thanks! 

          Nov 09, 2017 04:36
          1. Iain Taylor

            Thank you Shweta, I can see it all now. much appreciated.

            Nov 10, 2017 04:05
  6. Eugen Degraf

    Is there any update on this configuration ? Currently the suggested configuration for fail-safe is not available.

    Nov 08, 2017 02:48
    1. Shweta Hardikar

      Hi Eugen, Are you facing any problem with the configuration?

      Nov 08, 2017 04:14
      1. Eugen Degraf

        I see only following "{include} konnte nicht gerendert werden Die eingeschlossene Seite konnte nicht gefunden werden. " within this page

        Nov 09, 2017 03:15
  7. Eugen Degraf

    I see only following "{include} konnte nicht gerendert werden Die eingeschlossene Seite konnte nicht gefunden werden. " within this page.

    Nov 09, 2017 03:12
    1. Shweta Hardikar

      Hi Eugen,

      Apologies for this. I have now fixed the page. 

      Let me know if you are facing any issues anymore. 

      Thanks! 

      Nov 09, 2017 04:34