Configuring a fail-safe enterprise service bus after installation

If you are using the embedded version of BMC Remedy Single Sign-On  (Remedy SSO) authentication, you must set up a fail-safe configuration for the enterprise service bus (ESB). This ensures that local user management changes made on one instance of Remedy SSO are reflected in other Remedy SSO instances in your environment.

For example, with this fail-safe service bus configuration, if you add a new local user in the Remedy SSO instance on your repository, it is added to the Remedy SSO instance on your CDP and HA-CDP (if you have an HA-CDP installed).

To configure the fail-safe service bus communication between all three peers, you must modify the Tomcat context.xml and server broker-config.xml files for the repository, CDP, and HA-CDP (if you have an HA-CDP installed). Use the instructions on this page. If you do not have an HA-CDP installed, you can ignore the instructions related to the HA-CDP.

In these instructions 

  • Repo_HOME represents the repository installation directory.
  • CDP_HOME represents the CDP installation directory.
  • HACDP_HOME represents the HA-CDP installation directory.


Notes

  1. These steps are needed only if you are using the embedded version of BMC Remedy SSO authentication.
  2. Complete the fail-safe ESB configuration before performing user and role management tasks to ensure that user/role setup is propagated throughout your BAO environment.
  3. Only configuration items under the Local User Management tab are replicated. Configuration items under the General, Realm, and Session tabs are not replicated.


The following diagram illustrates the ESB configuration for the Remedy SSO synchronization.



To set up a fail-safe configuration for the enterprise service bus (ESB), complete the following steps:


  1. Stop the component services
  2. Configure the Tomcat context.xml files
  3. Configure the broker-config.xml files
  4. Restart the component services


Stop the component services


Before editing the files, stop the repository, CDP, and HA-CDP services (see Starting and stopping product components and services).


Configure the Tomcat context.xml files


Configure the Tomcat context.xml files for the repository, CDP, and HA-CDP (if you have one installed).


Configure the repository Tomcat context.xml file


  1. Navigate to the Repo_HOME/tomcat/conf directory.
  2. Edit the context.xml file and verify that the following parameters are set:

    <Parameter name="com.bmc.ao.ha.repo.ip" override="true" value=”<Repo_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.repo.port" override="true" value=”<Repo_HA_port>"/>
    • <Repo_IPaddress> is the repository HA address that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).

    • <Repo_HA_port> is the repository HA port that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).
  3. Verify that the following parameters are set to true:

    <Parameter name="com.bmc.ao.USE_HA_FAIL_SAFE_MODE" override="true" value=”true"/>
    <Parameter name="com.bmc.ao.USE_HA" override="true" value="true"/>
  4. Save your changes and close the file.


Configure the CDP Tomcat context.xml file


  1. Navigate to the CDP_HOME/tomcat/conf directory.
  2. Edit the context.xml file and verify that the following parameters are set:

    <Parameter name="com.bmc.ao.ha.repo.ip" override="true" value=”<Repo_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.repo.port" override="true" value=”<Repo_HA_port>"/>
    <Parameter name="com.bmc.ao.ha.cdp.ip" override="true" value=”<CDP_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.cdp.port" override="true" value=”CDP_HA_port>"/>
    • <Repo_IPaddress>is the repository HA address that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).

    • <Repo_HA_port>is the repository HA port that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).
    • <CDP_IPaddress> is the CDP HA address that was provided during the primary CDP installation/upgrade in Advanced Options (see CDP installation worksheet)

    • <CDP_HA_port> is the CDP HA port that was provided during the primary CDP installation/upgrade in Advanced Options (see CDP installation worksheet).

  3. Verify that the following parameters are set to true:

    <Parameter name="com.bmc.ao.USE_HA_FAIL_SAFE_MODE" override="true" value="true"/>
    <Parameter name="com.bmc.ao.USE_HA" override="true" value="true"/> 
  4. Save your changes and close the file.

Configure the HA-CDP Tomcat context.xml file

  1. Navigate to the HACDP_HOME/tomcat/conf directory.
  2. Edit the context.xml file and verify that the following parameters are set:

    <Parameter name="com.bmc.ao.ha.repo.ip" override="true" value=”<Repo_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.repo.port" override="true" value=”<Repo_HA_port>"/>
    <Parameter name="com.bmc.ao.ha.cdp.ip" override="true" value=”<CDP_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.cdp.port" override="true" value=”CDP_HA_port>"/>
    <Parameter name="com.bmc.ao.ha.hacdp.ip" override="true" value=”<HACDP_IPaddress>"/>
    <Parameter name="com.bmc.ao.ha.hacdp.port" override="true" value=”HACDP_HA_port>"/>
    • <Repo_IPaddress>is the repository HA address that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).

    • <Repo_HA_port>is the repository HA port that was provided during the repository installation/upgrade in Advanced Options (see Repository installation worksheet).
    • <CDP_IPaddress> is the CDP HA address that was provided during the primary CDP installation/upgrade in Advanced Options (see CDP installation worksheet)

    • <CDP_HA_port> is the CDP HA port that was provided during the primary CDP installation/upgrade in Advanced Options (see CDP installation worksheet).

    • <HACDP_IPaddress> is the HA-CDP HA address that was provided during the HA-CDP installation/upgrade in Advanced Options (see HA-CDP installation worksheet)

    • <HACDP_HA_port> is the HA-CDP HA port that was provided during the HA-CDP installation/upgrade in Advanced Options (see HA-CDP installation worksheet).

  3. Verify that the following parameters are set to true:

    <Parameter name="com.bmc.ao.USE_HA_FAIL_SAFE_MODE" override="true" value="true"/>
    <Parameter name="com.bmc.ao.USE_HA" override="true" value="true"/>
  4. Save your changes and close the file.

Configure the broker-config.xml files

Configure the broker.xml files for the repository, CDP, and HA-CDP (if you have one installed).

Configure the repository communication in the broker-config.xml file

  1. Navigate to the AO_HOME/repository/server/.jms directory.
  2. Edit the broker-config.xml file, search for the <transportConnectors> section, and after the </transportConnectors> line, add the following lines to the file using the sample for your environment.

    • CDP only (no HA-CDP installed)

      <networkConnectors>
          <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
        </networkConnectors> 
      • <CDP_IPaddress> is the value for the com.bmc.ao.ha.cdp.ip parameter in the CDP_HOME/tomcat/conf/context.xml file.

      • <CDP_HA_port> is the value for the com.bmc.ao.ha.cdp.port parameter in the CDP_HOME/tomcat/conf/context.xml file.

    • CDP and HA-CDP installed

      <networkConnectors>
          <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
          <networkConnector uri="static:(ssl://<HACDP_IPaddress>:<HACDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_HACDP">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
        </networkConnectors> 
      • <CDP_IPaddress> is the value for the com.bmc.ao.ha.cdp.ip parameter in the CDP_HOME/tomcat/conf/context.xml file.

      • <CDP_HA_port> is the value for the com.bmc.ao.ha.cdp.port parameter in the CDP_HOME/tomcat/conf/context.xml file.

      • <HACDP_IPaddress> is the value for the com.bmc.ao.ha.hacdp.ip parameter in the HACDP_HOME/tomcat/conf/context.xml file.

      • <HACDP_HA_port> is the value for the com.bmc.ao.ha.hacdp.port parameter in the HACDP_HOME/tomcat/conf/context.xml file.

  3. Save your changes and close the file.

Sample repository broker-config.xml file

The following example shows an example of the entire broker-config.xml file for the repository with fail-safe configuration for the enterprise service bus. This is meant to demonstrate where the new lines are added.

Important

Do not replace the existing broker-config.xml file in your environment with this example. You should retain your existing values for the following elements: external, cipher-suites, enable-jmx, broker-name, and transportConnectors.

<broker-config>
  <external>false</external>
  <cipher-suites>TLS_RSA_WITH_AES_256_CBC_SHA</cipher-suites>
  <enable-jmx>true</enable-jmx>
  <broker-name>ao-grid-framework-embedded-broker-0659d650-1ebc-4031-b587-857289635667</broker-name>
  <transportConnectors>
    <transportConnector uri="ssl://<Repo_HA_IPaddress>:<Repo_HA_Port>" name="ESB_TRANSPORT" enableStatusMonitor="true" 
                        updateClusterClients="true" updateClusterClientsOnRemove="true" networkTTL="3" prefetchSize="1" 
                        decreaseNetworkConsumerPriority="true" dynamicOnly="true" duplex="true" />
  </transportConnectors>
  <networkConnectors>
    <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
    <networkConnector uri="static:(ssl://<HACDP_IPaddress>:<HACDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_HACDP">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
  </networkConnectors> 
</broker-config>

Configure the primary CDP communication in the broker-config.xml file

  1. Navigate to the AO_HOME/server/.jms directory.
  2. Edit the broker-config.xml file, search for the <transportConnectors> section, and after the </transportConnectors> line, add the following lines to the file using the sample for your environment.
    • CDP only (no HA-CDP installed)

      <networkConnectors>
          <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
      </networkConnectors> 
      • <Repo_IPaddress> is the value for the com.bmc.ao.ha.repo.ip parameter in the Repo_HOME/tomcat/conf/context.xml file.

      • <Repo_HA_port> is the value for the com.bmc.ao.ha.repo.port parameter in the Repo_HOME/tomcat/conf/context.xml file.

    • CDP and HA-CDP installed

      <networkConnectors>
          <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
          <networkConnector uri="static:(ssl://<HACDP_IPaddress>:<HACDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_HACDP">
            <dynamicallyIncludedDestinations>
              <topic physicalName="&gt;" />
            </dynamicallyIncludedDestinations>
          </networkConnector>
        </networkConnectors> 
      • <Repo_IPaddress> is the value for the com.bmc.ao.ha.repo.ip parameter in the Repo_HOME/tomcat/conf/context.xml file.

      • <Repo_HA_port> is the value for the com.bmc.ao.ha.repo.port parameter in the Repo_HOME/tomcat/conf/context.xml file.

      • <HACDP_IPaddress> is the value for the com.bmc.ao.ha.hacdp.ip parameter in the HACDP_HOME/tomcat/conf/context.xml file.

      • <HACDP_HA_port> is the value for the com.bmc.ao.ha.hacdp.port parameter in the HACDP_HOME/tomcat/conf/context.xml file.

  3. Save your changes and close the file.

Sample CDP broker-config.xml file with fail-safe configuration for the service bus

The following example shows an example of the entire broker-config.xml file for the primary CDP with fail-safe configuration for the enterprise service bus. This is meant to demonstrate where the new lines are added.

Important

Do not replace the existing broker-config.xml file in your environment with this example. You should retain your existing values for the following elements: external, cipher-suites, enable-jmx, broker-name, uri, and transportConnectors.

<broker-config>
  <external>false</external>
  <cipher-suites>TLS_RSA_WITH_AES_256_CBC_SHA</cipher-suites>
  <enable-jmx>true</enable-jmx>
  <broker-name>ao-grid-framework-embedded-broker-0659d650-1ebc-4031-b587-857289635667</broker-name>
  <uri>ssl://<CDP_HA_IPaddress>:<CDP_Peer-to-Peer_Port>?connectionTimeout=1000</uri>
  <transportConnectors>
    <transportConnector uri="ssl://<CDP_HA_IPaddress>:<CDP_HA_Port>" name="ESB_TRANSPORT" enableStatusMonitor="true" 
                        updateClusterClients="true" updateClusterClientsOnRemove="true" networkTTL="3" prefetchSize="1" 
                        decreaseNetworkConsumerPriority="true" dynamicOnly="true" duplex="true" />
  </transportConnectors>
  <networkConnectors>
    <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
    <networkConnector uri="static:(ssl://<HACDP_IPaddress>:<HACDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_HACDP">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
  </networkConnectors> 
</broker-config>

Configure the HA-CDP communication in the broker-config.xml file

  1. Navigate to the AO_HOME/server/.jms directory.
  2. Edit the broker-config.xml file, search for the <transportConnectors> section, and after the </transportConnectors> line, add the following lines to the file.

    <networkConnectors>
        <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
          <dynamicallyIncludedDestinations>
            <topic physicalName="&gt;" />
          </dynamicallyIncludedDestinations>
        </networkConnector>
        <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
          <dynamicallyIncludedDestinations>
            <topic physicalName="&gt;" />
          </dynamicallyIncludedDestinations>
        </networkConnector>
      </networkConnectors> 
    • <Repo_IPaddress> is the value for the com.bmc.ao.ha.repo.ip parameter in the Repo_HOME/tomcat/conf/context.xml file.

    • <Repo_HA_port> is the value for the com.bmc.ao.ha.repo.port parameter in the Repo_HOME/tomcat/conf/context.xml file.

    • <CDP_IPaddress> is the value for the com.bmc.ao.ha.cdp.ip parameter in the CDP_HOME/tomcat/conf/context.xml file.

    • <CDP_HA_port> is the value for the com.bmc.ao.ha.cdp.port parameter in the CDP_HOME/tomcat/conf/context.xml file.

  3. Save your changes and close the file.

Sample HA-CDP broker-config.xml file with fail-safe configuration for the service bus

The following example shows an example of the entire broker-config.xml file for the HA-CDP with fail-safe configuration for the enterprise service bus. This is meant to demonstrate where the new lines are added.

Important

Do not replace the existing broker-config.xml file in your environment with this example. You should retain your existing values for the following elements: external, cipher-suites, enable-jmx, broker-name, uri, and transportConnectors.

<broker-config>
  <external>false</external>
  <cipher-suites>TLS_RSA_WITH_AES_256_CBC_SHA</cipher-suites>
  <enable-jmx>true</enable-jmx>
  <broker-name>ao-grid-framework-embedded-broker-0659d650-1ebc-4031-b587-857289635667</broker-name>
  <uri>ssl://<HACDP_HA_IPaddress>:<HACDP_Peer-to-Peer_Port>?connectionTimeout=1000</uri>
  <transportConnectors>
    <transportConnector uri="ssl://<HACDP_HA_IPaddress>:<HACDP_HA_Port>" name="ESB_TRANSPORT" enableStatusMonitor="true" 
                        updateClusterClients="true" updateClusterClientsOnRemove="true" networkTTL="3" prefetchSize="1" 
                        decreaseNetworkConsumerPriority="true" dynamicOnly="true" duplex="true" />
  </transportConnectors>
  <networkConnectors>
    <networkConnector uri="static:(ssl://<Repo_IPaddress>:<Repo_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_REPO">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
    <networkConnector uri="static:(ssl://<CDP_IPaddress>:<CDP_HA_port>)?maxReconnectDelay=60000&amp;useExponentialBackOff=false" name="ESB_NETWORK_CDP">
      <dynamicallyIncludedDestinations>
        <topic physicalName="&gt;" />
      </dynamicallyIncludedDestinations>
    </networkConnector>
  </networkConnectors> 
</broker-config>

Restart the component services

After editing the context.xml and broker-config.xml files for all components, restart the repository, CDP, and HA-CDP services (see Starting and stopping product components and services).