Runtime Settings

Last modified by Erik Bakker on 2024/02/20 08:31

In this microlearning, we will focus on how to influence the runtime settings via the Deploy -> Architecture overview. With the help of this functionality, you can configure two settings. Firstly, you can configure HTTP settings to open ports and configure SSL settings. Secondly, you can deactivate the "control bus" for a specific runtime. This will disallow users to gain access to your (Production) data.

Should you have any questions, please contact  academy@emagiz.com.

1. Prerequisites

  • Intermediate knowledge of the eMagiz platform

2. Key concepts

This microlearning centers around configuring runtime settings
With runtime, we mean: This is the component in which the individual integration flows are deployed into

  • Under the runtime settings option, you can configure the following
    • HTTP Settings
      • Port
      • SSL
    • Control bus enabled
      • Deny access to Queue Browser functionality
      • Deny access to Message Redelivery functionality

3. Runtime Settings

To govern and control your runtime, you sometimes need to configure additional options on the runtime level. For example, part of these settings is located on the runtime level in Deploy -> Architecture.
Executing a right-click while in "Start Editing" mode on a runtime provides you with one of the following context menus.

novice-emagiz-runtime-management-runtime-settings--context-menu-runtime.png

novice-emagiz-runtime-management-runtime-settings--context-menu-runtime-on-prem.png

The first context menu is given for cloud runtimes, and the second is for on-premises runtimes.

One of the options in these context menus is called "Runtime Settings." When selecting this option, a pop-up will be shown in which you can toggle two possibilities. These options are:

  • HTTP Settings
  • Control bus enabled

In the remainder of this microlearning, we will discuss both toggles in detail.

3.1 HTTP Settings

The HTTP Settings toggle is set default to "No." This is done as not all eMagiz runtime will host an endpoint. So, for example, if you want to host an endpoint (REST or SOAP) within the context of eMagiz, you need to set this toggle to "Yes." As a result, a new tab will appear called "HTTP."

novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-enabled.png

You can configure the port and the SSL settings in this second tab. When hosting a web service in eMagiz, the first one is always necessary and can be filled in with a property or via a hardcoded value.

Note that depending on whether you host a REST or SOAP web service, the last two fields are filled in or not

novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-port-property-soap.png

novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-port-hardcoded-rest.png

On top of creating this configuration, you should also configure a route for both a cloud and an on-premise setup to make the endpoint accessible. For more information on creating routes, please check out this

3.1.1. SSL

When you want to secure your endpoint via one-way SSL (adding a custom server certificate) or two-way SSL (adding a custom server certificate and demanding a client certificate), you need to toggle the "SSL" option in this view.

novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-ssl-enabled.png

Note that when you host your endpoint in the eMagiz cloud, one-way SSL is set on default, and demanding a client certificate should be configured via the "Certificates" and "Routes" options. More on that can be found in this microlearning

3.1.1.1 One-way SSL

As you can see from the picture above, the default is that no client authentication is needed, and you only want to configure one-way SSL. After enabling the SSL toggle, two new tabs emerge. The first tab, called "SSL," allows you to deviate from the standard in terms of protocol and ciphers. We strongly advise you to keep these settings as is unless you have a reason to change them.

novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-ssl-tab.png

The second tab, called "Key store," allows you to access the correct Keystore, including defining additional settings. For secure information such as passwords, we advise using properties to describe them here.

novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-key-store-tab-filled-in.png

For more information on how to create your custom Keystore or truststore, please check out this microlearning

3.1.1.2 Two-way SSL

Should the requirement be that you want to secure your endpoint via two-way SSL, you should select the correct option for the "SSL client authentication" on the "HTTP" tab.

novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-ssl-client-authentication-options.png

The difference between "Allowed" and "Mandatory" is that with "Allowed," clients can send (or not) send the client certificate, but you would like them to do so. With "Mandatory," you are forcing them to send a client certificate if they want to be able to call your endpoint.

Once you have selected either of these options, a new tab appears called "Trust store." In this tab, you can upload the correct "Trust store" and configure the additional settings (just as with the key store tab).

For more information on how to create your custom Keystore or truststore, please check out this microlearning

3.2 Control bus enabled

The other toggle under "Runtime settings" allows you to enable or disable the control bus. The control bus is a part of our internal infrastructure that will enable you to use functionalities such as the queue browser, message redelivery, and start/stop flow components within our 3rd generation runtime. Given the fact that especially the queue browser can view live data on any environment on any queue, there might be reasons to disable this on the Production environment if the data that is being exchanged via the eMagiz platform is too sensitive in nature for it to be viewed by anyone with access to your eMagiz model.

If such a case arises, you can disable the configuration per runtime to disallow the use of this functionality. Depending on which runtime you deactivate the control bus, you will lose some or all functionality related to the control bus.

At any given moment when you are satisfied with your configuration, you can press "Save" to store your changes for the runtime settings

3.3 Effectuate changes on architecture

To effectuate the changes made to your deployed architecture, you should create a new release and deploy this via the deployment plan. In case you need more information on the creation of releases or deploying release you can check that information here and here.

4. Key takeaways

  • On the runtime level in Deploy -> Architecture, you have a context menu item called "Runtime Settings."
  • In this context menu item, you can configure the HTTP Settings and whether the control bus is enabled
  • HTTP Settings are needed when hosting a SOAP or REST web service
    • When enabling, the port needs to be filled in
    • Optionally, you can configure one-way or two-way SSL for an on-premise endpoint
  • By disabling the control bus, you will lose (parts of) the functionality that allows you to view or halt data
    • Queue browser
    • Message redelivery
    • Start/Stop flow components
  • Changes must be deployed by creating a new release and deploying it via a deployment plan.

5. Suggested Additional Readings

There are no suggested additional readings on this topic.