|  | 
 
  
    | RSS Feed - WebSphere MQ Support | RSS Feed - Message Broker Support |  
 
  
	|    |  |  
  
	| ACE: Nodes and independent Servers under different users? | « View previous topic :: View next topic » |  
  	| 
		
		
		  | Author | Message |  
		  | t603 | 
			  
				|  Posted: Fri Nov 29, 2019 4:11 am    Post subject: ACE: Nodes and independent Servers under different users? |   |  |  
		  | Voyager
 
 
 Joined: 16 Oct 2012Posts: 88
 Location: Prague, the Czech Republic, Europe
 
 | 
			  
				| Hello, 
 may I ask someone, who is running ACE 11 (on AIX, Linux), if there is possibility to have on-premise server LPAR and there have binary installation under non-privileged user01 and then:
 
 a) one or more Integration Nodes (hereinafter IN) with managed Integration Servers (hereinafter INS),
 
 b) one or more independent Integration Servers (hereinafter IS) without their Integration Node
 
 and each of Integration Nodes from point a) and each of Integration Servers from point b) can run under different non-privileged users on the given LPAR?
 
 Let say I have one LPAR and:
 
 a) binary installation made by userIB01,
 
 b) IN01 with its serveral INS running under userIN01, IN02 with its serveral INS running under userIN02...,
 
 c) independent ISes (without IN) - IS01 running under userIS01, IS02 running under userIS02 etc.
 
 We would like to have one (in fact several) LPAR, where will be hosted both Integration Nodes and independent Integration Servers, each of them managed by different users (because of team security, different security levels, different availability, different BAR release process).
 
 No cloud, no containers are possible now in my organisation.
 
 Thank You in advance for Your answer, Stepan
 |  |  
		  | Back to top |  |  
		  |  |  
		  | timber | 
			  
				|  Posted: Fri Nov 29, 2019 8:49 am    Post subject: |   |  |  
		  |  Grand Master
 
 
 Joined: 25 Aug 2015Posts: 1292
 
 
 | 
			  
				| I'm not an AIX expert, so I won't comment on the main question, but... 
 
  I'm interested in your motivation for using independent Integration Servers on a standard LPAR. My understanding is that they are designed for cloud environments, where the functions of an Integration Node can be performed by a container management system (e.g. Kubernetes). 
	| Quote: |  
	| We would like to have one (in fact several) LPAR, where will be hosted both Integration Nodes and independent Integration Servers |  
 Or to put the question a different way...what's your strategy for restarting failed standalone integration servers?
 |  |  
		  | Back to top |  |  
		  |  |  
		  | t603 | 
			  
				|  Posted: Fri Nov 29, 2019 11:13 am    Post subject: |   |  |  
		  | Voyager
 
 
 Joined: 16 Oct 2012Posts: 88
 Location: Prague, the Czech Republic, Europe
 
 | 
			  
				| The main question about the possibility of running IN and independent IS still persists. 
 But You are right, we are still using IIB 10.0.0.17 now, no ACE, so we do not have any experience with independent ISes. We have several server tools managed by shell watchers, so it could be a way.
 
 Independent ISes is not a must, we can use INes, but what is a must, each IN have to run under its own (non-root-like) user.
 
 Why all this? Because security strict requirement of our audit department, that there have to be one or more very tiny applications (flows: gateway, transformation, connector, MQ AMS client connection to MQ AMS Server, own DB2 schema, own JKS). And this tiny application may not be managable by admins of common large large ESB INes. So no possibility to change flows, MQ messages, DB2 data, JKS etc. So our idea, how to achieve it, is to have such tiny applications under separated users, to which admins will not have an access, just temporary manageable access during very seldom releases (year+). Admin can just start and stop whole application and nothing else in some way. So independent IS sound for me like a viable idea, if not independent IS, then independent IN with one IS.
 
 But in general we would also like to run one or more LPARS, which will host INes running under own users. Common user will upgrade ACE binaries, IN users will make deploy, start, stop, manage anything, even development - all this by agile, semi-autonomous, semi-skilled ACE developers from other (nonESB) teams. The core ESB team will still develop and manage large core ESB and automated development tools, but there is requirement of other team "light integration devops" under core team rules and automated tools. And we want to separate their devops from other teams - so each will have their own IN (independent ISes?), but on one or more LPARs, because of total cost of ownership. It is not effective to have one LPAR per one small IN or even independent IS. Yes, container could be solution, but it is still prohibited in our company, but if I understand well, above approach could be that easier switched to containers that monolitic ESB.
 
 That is a first idea, we are just checking technical possibilities - running INes and independent ISes under own accounts on shared LPAR.
 |  |  
		  | Back to top |  |  
		  |  |  
		  | timber | 
			  
				|  Posted: Mon Dec 02, 2019 2:20 am    Post subject: |   |  |  
		  |  Grand Master
 
 
 Joined: 25 Aug 2015Posts: 1292
 
 
 | 
			  
				| Fair enough - thanks for the detailed response. I suspect that you will need to set up a proof of concept environment and try it. Or, some of the admins on this forum may have some useful advice for you. |  |  
		  | Back to top |  |  
		  |  |  
		  |  |  |  
  
	|    |  | Page 1 of 1 |  
 
 
  
  	| 
		
		  | 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 |  |  |  |