Wiki source code of Runtime Settings

Last modified by Erik Bakker on 2024/02/20 08:31
Show last authors
1 {{container}}
2 {{container layoutStyle="columns"}}
3 (((
4 In this microlearning, we will focus on how to influence the runtime settings via the Deploy -> Architecture overview. With the help of this functionality, you can configure two settings. Firstly, you can configure HTTP settings to open ports and configure SSL settings. Secondly, you can deactivate the "control bus" for a specific runtime. This will disallow users to gain access to your (Production) data.
5
6 Should you have any questions, please contact [[academy@emagiz.com>>mailto:academy@emagiz.com]].
7
8 == 1. Prerequisites ==
9
10 * Intermediate knowledge of the eMagiz platform
11
12 == 2. Key concepts ==
13
14 This microlearning centers around configuring runtime settings
15 With runtime, we mean: This is the component in which the individual integration flows are deployed into
16
17 * Under the runtime settings option, you can configure the following
18 ** HTTP Settings
19 *** Port
20 *** SSL
21 ** Control bus enabled
22 *** Deny access to Queue Browser functionality
23 *** Deny access to Message Redelivery functionality
24
25 == 3. Runtime Settings ==
26
27 To govern and control your runtime, you sometimes need to configure additional options on the runtime level. For example, part of these settings is located on the runtime level in Deploy -> Architecture.
28 Executing a right-click while in "Start Editing" mode on a runtime provides you with one of the following context menus.
29
30 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--context-menu-runtime.png]]
31
32 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--context-menu-runtime-on-prem.png]]
33
34 {{info}}
35 The first context menu is given for cloud runtimes, and the second is for on-premises runtimes.
36 {{/info}}
37
38 One of the options in these context menus is called "Runtime Settings." When selecting this option, a pop-up will be shown in which you can toggle two possibilities. These options are:
39
40 * HTTP Settings
41 * Control bus enabled
42
43 In the remainder of this microlearning, we will discuss both toggles in detail.
44
45 === 3.1 HTTP Settings ===
46
47 The HTTP Settings toggle is set default to "No." This is done as not all eMagiz runtime will host an endpoint. So, for example, if you want to host an endpoint (REST or SOAP) within the context of eMagiz, you need to set this toggle to "Yes." As a result, a new tab will appear called "HTTP."
48
49 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-enabled.png]]
50
51 You can configure the port and the SSL settings in this second tab. When hosting a web service in eMagiz, the first one is always necessary and can be filled in with a property or via a hardcoded value.
52
53 {{info}}
54 Note that depending on whether you host a REST or SOAP web service, the last two fields are filled in or not
55 {{/info}}
56
57 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-port-property-soap.png]]
58
59 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-port-hardcoded-rest.png]]
60
61 {{warning}}
62 On top of creating this configuration, you should also configure a route for both a cloud and an on-premise setup to make the endpoint accessible. For more information on creating routes, please check out this
63 {{/warning}}
64
65 ==== 3.1.1. SSL ====
66
67 When you want to secure your endpoint via one-way SSL (adding a custom server certificate) or two-way SSL (adding a custom server certificate and demanding a client certificate), you need to toggle the "SSL" option in this view.
68
69 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-ssl-enabled.png]]
70
71 {{info}}
72 Note that when you host your endpoint in the eMagiz cloud, one-way SSL is set on default, and demanding a client certificate should be configured via the "Certificates" and "Routes" options. More on that can be found in this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Securing Data Traffic.intermediate-securing-your-data-traffic-securing-a-hosted-webservice-with-certificates-in-the-emagiz-cloud||target="blank"]]
73 {{/info}}
74
75 ===== 3.1.1.1 One-way SSL =====
76
77 As you can see from the picture above, the default is that no client authentication is needed, and you only want to configure one-way SSL. After enabling the SSL toggle, two new tabs emerge. The first tab, called "SSL," allows you to deviate from the standard in terms of protocol and ciphers. We strongly advise you to keep these settings as is unless you have a reason to change them.
78
79 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-ssl-tab.png]]
80
81 The second tab, called "Key store," allows you to access the correct Keystore, including defining additional settings. For secure information such as passwords, we advise using properties to describe them here.
82
83 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-key-store-tab-filled-in.png]]
84
85 {{info}}
86 For more information on how to create your custom Keystore or truststore, please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Securing Data Traffic.intermediate-securing-your-data-traffic-creating-a-jks||target="blank"]]
87 {{/info}}
88
89 ===== 3.1.1.2 Two-way SSL =====
90
91 Should the requirement be that you want to secure your endpoint via two-way SSL, you should select the correct option for the "SSL client authentication" on the "HTTP" tab.
92
93 [[image:Main.Images.Microlearning.WebHome@novice-emagiz-runtime-management-runtime-settings--runtime-settings-http-ssl-client-authentication-options.png]]
94
95 The difference between "Allowed" and "Mandatory" is that with "Allowed," clients can send (or not) send the client certificate, but you would like them to do so. With "Mandatory," you are forcing them to send a client certificate if they want to be able to call your endpoint.
96
97 Once you have selected either of these options, a new tab appears called "Trust store." In this tab, you can upload the correct "Trust store" and configure the additional settings (just as with the key store tab).
98
99 {{info}}
100 For more information on how to create your custom Keystore or truststore, please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Securing Data Traffic.intermediate-securing-your-data-traffic-creating-a-jks||target="blank"]]
101 {{/info}}
102
103 === 3.2 Control bus enabled ===
104
105 The other toggle under "Runtime settings" allows you to enable or disable the control bus. The control bus is a part of our internal infrastructure that will enable you to use functionalities such as the queue browser, message redelivery, and start/stop flow components within our 3rd generation runtime. Given the fact that especially the queue browser can view live data on any environment on any queue, there might be reasons to disable this on the Production environment if the data that is being exchanged via the eMagiz platform is too sensitive in nature for it to be viewed by anyone with access to your eMagiz model.
106
107 If such a case arises, you can disable the configuration per runtime to disallow the use of this functionality. Depending on which runtime you deactivate the control bus, you will lose some or all functionality related to the control bus.
108
109 {{info}}
110 At any given moment when you are satisfied with your configuration, you can press "Save" to store your changes for the runtime settings
111 {{/info}}
112
113 === 3.3 Effectuate changes on architecture ===
114
115 To effectuate the changes made to your deployed architecture, you should create a new release and deploy this via the deployment plan. In case you need more information on the creation of releases or deploying release you can check that information [[here>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Platform.crashcourse-platform-deploy-create-new-release||target="blank"]] and [[here>>doc:Main.eMagiz Academy.Microlearnings.Legacy Functionality.crashcourse-platform-deploy-execute-deployment-plan.WebHome||target="blank"]].
116
117 == 4. Key takeaways ==
118
119 * On the runtime level in Deploy -> Architecture, you have a context menu item called "Runtime Settings."
120 * In this context menu item, you can configure the HTTP Settings and whether the control bus is enabled
121 * HTTP Settings are needed when hosting a SOAP or REST web service
122 ** When enabling, the port needs to be filled in
123 ** Optionally, you can configure one-way or two-way SSL for an on-premise endpoint
124 * By disabling the control bus, you will lose (parts of) the functionality that allows you to view or halt data
125 ** Queue browser
126 ** Message redelivery
127 ** Start/Stop flow components
128 * Changes must be deployed by creating a new release and deploying it via a deployment plan.
129
130 == 5. Suggested Additional Readings ==
131
132 There are no suggested additional readings on this topic.
133 )))
134
135 (((
136 {{toc/}}
137 )))
138 {{/container}}
139 {{/container}}