ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » ACE: Nodes and independent Servers under different users?

Post new topic  Reply to topic
 ACE: Nodes and independent Servers under different users? « View previous topic :: View next topic » 
Author Message
t603
PostPosted: Fri Nov 29, 2019 4:11 am    Post subject: ACE: Nodes and independent Servers under different users? Reply with quote

Voyager

Joined: 16 Oct 2012
Posts: 88
Location: Prague, the Czech Republic, Europe

Hello,

may I ask someone, who is running ACE 11 (on AIX, Linux), if there is possibility to have on-premise server LPAR and there have binary installation under non-privileged user01 and then:

a) one or more Integration Nodes (hereinafter IN) with managed Integration Servers (hereinafter INS),

b) one or more independent Integration Servers (hereinafter IS) without their Integration Node

and each of Integration Nodes from point a) and each of Integration Servers from point b) can run under different non-privileged users on the given LPAR?

Let say I have one LPAR and:

a) binary installation made by userIB01,

b) IN01 with its serveral INS running under userIN01, IN02 with its serveral INS running under userIN02...,

c) independent ISes (without IN) - IS01 running under userIS01, IS02 running under userIS02 etc.

We would like to have one (in fact several) LPAR, where will be hosted both Integration Nodes and independent Integration Servers, each of them managed by different users (because of team security, different security levels, different availability, different BAR release process).

No cloud, no containers are possible now in my organisation.

Thank You in advance for Your answer, Stepan
Back to top
View user's profile Send private message
timber
PostPosted: Fri Nov 29, 2019 8:49 am    Post subject: Reply with quote

Grand Master

Joined: 25 Aug 2015
Posts: 1280

I'm not an AIX expert, so I won't comment on the main question, but...
Quote:
We would like to have one (in fact several) LPAR, where will be hosted both Integration Nodes and independent Integration Servers
I'm interested in your motivation for using independent Integration Servers on a standard LPAR. My understanding is that they are designed for cloud environments, where the functions of an Integration Node can be performed by a container management system (e.g. Kubernetes).

Or to put the question a different way...what's your strategy for restarting failed standalone integration servers?
Back to top
View user's profile Send private message
t603
PostPosted: Fri Nov 29, 2019 11:13 am    Post subject: Reply with quote

Voyager

Joined: 16 Oct 2012
Posts: 88
Location: Prague, the Czech Republic, Europe

The main question about the possibility of running IN and independent IS still persists.

But You are right, we are still using IIB 10.0.0.17 now, no ACE, so we do not have any experience with independent ISes. We have several server tools managed by shell watchers, so it could be a way.

Independent ISes is not a must, we can use INes, but what is a must, each IN have to run under its own (non-root-like) user.

Why all this? Because security strict requirement of our audit department, that there have to be one or more very tiny applications (flows: gateway, transformation, connector, MQ AMS client connection to MQ AMS Server, own DB2 schema, own JKS). And this tiny application may not be managable by admins of common large large ESB INes. So no possibility to change flows, MQ messages, DB2 data, JKS etc. So our idea, how to achieve it, is to have such tiny applications under separated users, to which admins will not have an access, just temporary manageable access during very seldom releases (year+). Admin can just start and stop whole application and nothing else in some way. So independent IS sound for me like a viable idea, if not independent IS, then independent IN with one IS.

But in general we would also like to run one or more LPARS, which will host INes running under own users. Common user will upgrade ACE binaries, IN users will make deploy, start, stop, manage anything, even development - all this by agile, semi-autonomous, semi-skilled ACE developers from other (nonESB) teams. The core ESB team will still develop and manage large core ESB and automated development tools, but there is requirement of other team "light integration devops" under core team rules and automated tools. And we want to separate their devops from other teams - so each will have their own IN (independent ISes?), but on one or more LPARs, because of total cost of ownership. It is not effective to have one LPAR per one small IN or even independent IS. Yes, container could be solution, but it is still prohibited in our company, but if I understand well, above approach could be that easier switched to containers that monolitic ESB.

That is a first idea, we are just checking technical possibilities - running INes and independent ISes under own accounts on shared LPAR.
Back to top
View user's profile Send private message
timber
PostPosted: Mon Dec 02, 2019 2:20 am    Post subject: Reply with quote

Grand Master

Joined: 25 Aug 2015
Posts: 1280

Fair enough - thanks for the detailed response. I suspect that you will need to set up a proof of concept environment and try it. Or, some of the admins on this forum may have some useful advice for you.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » ACE: Nodes and independent Servers under different users?
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.