App Connect Enterprise Certified Containerin CP4 I

GSE UK Virtual Conference 2021
Virtually the best way to learn about Z
App Connect Enterprise

Certified Container in CP4i
Dominic Storey
IBM
November 2021
Session 1AH
GSE UK Conference 2021 Charity Raffle

• The GSE UK Region team hope that you find this presentation and others that
follow useful and help to expand your knowledge of z Systems.
• Please consider showing your appreciation by kindly donating to our charities
this year, Royal National Lifeboat Institution (RNLI) & Guide Dogs for the Blind.
Then follow the link on your receipt to enter your receipt number & amount
donated into the GSE Raffle. You will get a raffle entry for every pound
donated.
• Follow the link below or scan the QR Code:
http://uk.virginmoneygiving.com/GuideShareEuropeUKRegion
Please Note
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at
IBM’s sole discretion. Information regarding potential future products is intended to outline our general product
direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation
to deliver any material, code or functionality. Information about potential future products may not be
incorporated into any contract. The development, release, and timing of any future features or functionality
described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled
environment. The actual throughput or performance that any user will experience will vary depending upon
many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O
configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given
that an individual user will achieve results similar to those stated here.
Agenda
• Brief Architecture Overview
• App Connect Operator
• Features of the App Connect Operator
• ACEcc Support Timeline
5
Evolution to Agile Integration Architecture

Centralized Fine-grained Decentralized
ESB Integration deployment integration ownership
API Gateway API Gateway

API
Engagement
applications
API
API API
API
API Gateway API Gateway

Integration
Event stream
API API
Systems of
record
Integration
Containerization Application autonomy

Grafana (Monitoring)
Red Hat OpenShift
Integration Server Runtime POD
Client Application Integration Server Container Kibana (Logging)
Designer Runtime Container

Dashboard / Platform Nav. ELK
Connector Container
Dashboard POD
Prometheus
Dashboard Container OD Tracing Agent Container
OpenShift Routes Content Server

Container OD Tracing Collector Container
Switch Server POD
Switch Server
BAR BAR Storage Container
Secrets
ACE Toolkit (flow authoring) Designer Authoring POD5 Designer Authoring POD6 Designer Authoring POD7
Mapping Assist CouchDB Container
Runtime Container
Container
Proxy Container Proxy Container Storage

Designer (flow authoring)
Designer Authoring POD1 Designer Authoring POD2 Designer Authoring POD3 Designer Authoring POD4
Designer UI Container Flow Doc Authoring Connector Auth Service Flow Test Manager
Container Container Container
Proxy Container Proxy Container Proxy Container Proxy Container
6
6
• App Connect Operator

ACE Certified Containers Operator

• What is an Operator ?
• Human operational knowledge encoded in software that ease the operational complexity of running another
piece of software
• Provide a method of packaging, deploying and managing a Kubernetes application
• Watch over a Kubernetes environment such as OpenShift Container Platform, Azure or AWS and use
current state to make decisions in real-time
• Why use an Operator ?

• Repeatability of installation and upgrade
• Constant health-checks of every system component
• Encapsulate knowledge and tuning
• What drives an Operator?

• The operator watches Yaml definitions called Custom Resources (CRs) that adhere to templates called
Custom Resource Definitions (CRD’s)
Cloud Pak for

Integration
API Messaging
Lifecycle and Events
App and Data

Integration
Container
platform and
operational services
On-premise on your own servers
On your cloud
Installed using Red Hat Operators

• Dashboard – Used to create instances of the ACE
dashboard
• Integration Server – Used to create instances of ACE
servers
• Designer Authoring – Used to create instances of the
Designer flow authoring experience
• Switch Server – Used to create a switch server to
enable Callable Flows within a cluster
• Configuration – used to provide integration servers
with per-environment config such as certs,
userid/password, ACE server.conf.yaml configuration
App Connect
Operator’s
Custom
Resources (CR’s)
Simplified
Consistent
Kubernetes-native
Configuration
• App Connect CRD’s

• Template which CR’s must adhere too
• Example App Connect Integration CRs

• Operator Managed Instances
• Watched by the App Connect Operator
• Cause the operator to create/ update resources eg.
• ACE Integration Servers Containers in Pods
• Secrets used by/ mounted into ACE Integration
Servers Pod
Dashboard Pod
• Dashboard UI container
• Content Server container IntegrationServer Pod
App Connect has 2 ways

to Author Flows
The web one for The Eclipse one
integrators to get for integration
started with specialists to
zero training build out the hard
stuff
App Connect Designer 1. Call shared assets App Connect Toolkit

• Award winning, browser-based usability • Powerful integration tooling
experience • Build and manage integrations for any
• Configuration based, model-driven tooling 2. Intermingle functions requirement
for rapid outcomes • Strong technology connectors
• Strong application connectors • Utilize with Designer to enable greater
Supports a broad range of use cases
3. Fully blended capabilities
• collaboration
How Designer Authoring and Dashboard CR’s interact…

Designer Authoring Dashboard Administration
Create business flows and export as bars to run in Integration Servers Create running Integrations Servers using bars and configuration
Export as BAR file to Create server and run

an Integration Server in the Dashboard
BAR
IBM App Connect Dashboard Administration

View integrations across any hybrid cloud deployment same look and feel everywhere
Accounts configurations contain account details for local connectors that are used in Designer
integrations.
AgentA configuration helps an integration server to connect to a switch server, and provide remote
administration capability.
AgentX configuration helps an integration server to connect to a switch server to run callable flows so
policy odbc.ini that message flow processing can be split between locations.
BarAuth configurations contain credentials for connecting to an external repository system that stores
setdbparms keystore truststore one or more BAR files for deployment to an integration server.
Generic files configuration accepts a zip file of arbitrary files for custom configurations beyond the scope
of the other types already provided.
Configuration Keystore configurations reference a keystore, which the integration server can use for encryption or
decryption.
LoopBack data source configuration help an integration server to exploit LoopBack connectors which
issue synchronous requests to create, retrieve, update, and delete data in a backend MongoDB or
PostgreSQL data source.
BAR odbc.ini configurations help an integration server to make Open Database Connectivity (ODBC)
connections to a database.
Code Policy project configurations contain policies within a policy project which control the behavior of
ACE message flows and message flow nodes at run time.
REST Admin SSL files contain certificates which can be used by the integration server administration REST
API, and secure communication between the App Connect Dashboard and an integration server.
MQ Client server.conf.yaml configuration defines a set of detailed properties controlling how the integration server
operates.
setdbparms.txt configuration provides one or more mqsisetdbparms commands to run, which define
credentials for use by the integration server.
Truststore configurations reference a truststore, which the integration server can use to verify a signature
ACEcc Configuration Types or perform X.509 authentication.
Truststore certificate configuration installs a truststore certificate in the default JVM truststore for use by
allow environment customising of a BAR file the integration server.
WorkdirOverride configurations contain a list of overrides to apply to one or more co-related BAR files in
your integration server work directory before the integration server is started (using the ibmint apply
Integration Server work directory Integration Server
• Integration servers run the contents of a

work directory Application Work dir
and library
• Start by reading server.conf.yaml (in run source
server.conf.yaml &
and overrides directories) overrides
• Load applications, libraries, and policies
into config objects Config
Applications
• Run the resulting combined configuration,
which may included stopped flows that are Shared Libraries
not started
• Config can change after the server is
Policies
started with REST API commands
• Does not care where the directory came
from or how it was created
IBM Integration / © 2021 IBM Corporation
Copy
Java compile
into JAR
Copy
BAR file contents

BAR
created via toolkit
Toolkit view On-disk contents BAR build or
ibmint/mqsicreatebar
IBM Integration / © 2021 IBM Corporation Workspace to BAR

Copy
DFDL compile
into PIF and BIR
Copy
Work directory
created via ibmint,
BAR file contents mqsibar, or deploy to
running server

BAR to work directory
BAR Flow Policy
Admin Web UI
The Evolution from IIB to ACE
BAR HTTP
Flow
Listener
Admin Web UI
Public
Flow Policy
Cfg Store
UNZIP and GO !
Node HTTP Listener ACEcc
Container
ACE 11 and ACE 12
BAR Flow Policy
Process
Supervision Admin Web UI
Internal Configurable
Cfg Store Node
Physical/ Service
Virtual Process
Machine Supervision
IIB 10 Physical/ Public Flow Policy
Virtual Cfg Store
https://en.wikipedia.org/wiki/IBM_App_Connect_Enterprise Machine
https://community.ibm.com/community/user/integration/participate/blogs
https://community.ibm.com/community/user/integration/blogs/ben-thompson1/2021/09/27/ace-12-0-2-0
Lots of detail in the blogs and youtube links…

IBM App Connect Enterprise recap

Architecture, Components and Form Factors
Configures
the other
resource
• Features of the App Connect Certified Container Operator

• Force all Integration Server flows to be https

• Provide tls.key and tls.crt in a secret
• Secret is mounted into the IS pod and watched
• https-keystore.p12 automatically created + server config
• Can be dynamically updates with zero downtime
• disableRoutes
• Dynamically removes all externally created Red Hat Routes
• Stops all external traffic hitting the Integration Server
• Scale to zero
• The pod consumes no resources until the deployment is
scaled up again
• Reduce cost of flows which don’t need to be up 24x7
• Knative acts as a front-end for ACE Scaling containers to zero

• Receives HTTP traffic and starts/stops containers as
needed
HTTP
• Will scale to zero after inactivity timeout Knative data ACE
Application traffic (HTTP)
• ace-demo-pipeline has knative option infra- app
structure Container
Containers
• KEDA handles scaling only scaling
• ACE message flows get messages directly from the MQ

queue manager (or other messaging source such as
Kafka)
• Polling-based approach to scaling, where the MQ queue
depth determines how many containers will be started
MQ messages
• Will scale to zero after inactivity timeout picked up by ACE
ACE message flow
• Both require a complete ACE container with applications and app
credentials already set up. Application MQ
traffic (MQ) Queue Containers
Manager
Container
scaling
Queue depth polling
KEDA infrastructure
https://github.com/tdolby-at-uk-ibm-com/ace-keda-demo
Function-as-a-Service (FaaS)
• Running ACE flows as one-shot containers
• Zero overhead when not actively working
Cloud ACE
• Container infrastructure abstracted: could be using any Application traffic Function app
technology that runs containers (HTTP) infra- Application DB
One-Shot
• Cloud Foundry, Kubernetes, Docker Swarm, etc structure
Container
can connect
to database
• More setup/teardown, and connections would have to be
made every time.
• Startup latency a concern in many cases
• Require more reengineering of applications and deployment
pipelines in many cases Cloud ACE
• FaaS best suited to short-lived applications that do not block on Function Request
infra- One-Shot
network interactions structure
Container
• Matches traditional out-and-back ACE message flow Application Kafka
architecture in use since MQSI v2 traffic (MQ) Service
• Much higher latency than the traditional server ACE Cloud
Response Function
One-Shot infra-
Works best with occasionally-used flows that can accept high latency, or structure
Container
in situations where container management needs to be abstracted out.
Timeline examples
Knative or
FaaS
KEDA
Multiple Container
One request Container requests sent shutdown
Container to the server
sent to the scaling
start
server
Flow Flow Flow Flow

Startup Startup Idle
run run1 run2 run3
Time
30 seconds 60 seconds 90 seconds 120 seconds
• Function-as-a-Service has a higher latency but no idle time.

• Knative and KEDA use the containers for longer after they have started
• This example shows a short-lived flow, which might not be ideal for FaaS; longer-
running flows would amortize the startup cost a greater period and be more
efficient.
• ACEcc Operator can run k8s native

• Can run the ACEcc operator using
• Certmanager
• https://cert-manager.io/docs/
• OLM (Operator Lifecyle Manager)
• https://olm.operatorframework.io/
• Run natively on other k8s e.g. Azure, AWS
• Need to create your own ingress and routes

• Not 1st class operand in k8s as is in Red Hat
Open Shift
• No IBM Common Services
• Designer Authoring and it’s

Integration Server Pods
App Connect Enterprise and its relationship with MQ example

MQ not
required for
Group Nodes
Group Nodes
IIBv10.0.0.13
Remote Default QMgr
ACEv11.0.0.7
MQClient
IIBv10.0.0.0
MQ Client connection MQ Client connection

“USER” Queue Manager
“SYSTEM” Queues
Queues
“USER”
Queues “SYSTEM” Queues
MQ ApplicationName = “MyApp1” MQ ApplicationName = “MyApp2”
MQEndpointPolicy X MQEndpointPolicy X
ACE and MQ Uniform Clusters
Evenly balance workload across a collection of
horizontally scaled queue managers
Flow1A Flow1D Flow2A Flow2D
Flow1B Flow1E Flow2B Flow2E
Flow1C Flow1F Flow2C Flow2F
Integration Server 1 Integration Server 2
MQ CCDT MQ CCDT
ACE Container 1 ACE Container 2
MQ Uniform
QM1 QM2 QM3 QM4
Cluster
MQ CCDT
MQEndpointPolicy X
Flow3A Flow3D
Flow3B Flow3E
Flow3C Flow3F
Integration Server 3
MQ ApplicationName = “MyApp3” ACE Container 3
• ACEcc Operator and ACE Operand Support Timeline

ACE 12 Open Beta ACE 12.0.1.0 ACE 12.0.2.0 ACE 12.0.3.0
• ACE follows a “5+3”year support model. ACE 12 was initially released on 28th May 2021 and is numbered 12.0.1.0
• Service for IBM Integration Bus 10 will be discontinued April 2022. Users of IIB 10 should migrate to ACE 11 or ACE 12.
Direct migration is possible to either version.
2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
From 2021 we are using mod releases for quarterly IBM App Connect Enterprise v12
deliveries of new features.
From 2015 we switched to agile delivery with quarterly

“fix packs” containing both maintenance and new IBM App Connect Enterprise v11
features.
End of Standard Support for

IIBv10 will be April 2022. IBM Integration Bus v10
MQ Series WebSphere MQ WebSphere Business Integration WebSphere Message IBM Integration IBM App Connect
Integrator (MQSI) Integrator (WMQI) Message Broker (WBIMB) Broker (WMB) Bus (IIB) Enterprise (ACE)
2.0 2.1 5.0 6.0 6.1 7.0 8.0 9.0 10.0 11.0 12.0
(1999) (2001) (2003) (2005 2007 2009 2011) (2013 2015) (2018 2021)
Supported ACE software versions
11.0.0.10 11.0.0.10
ACEcc Support Timeline CD Releases (6 months support)
11.0.0.9 11.0.0.9
11.0.0.10 11.0.0.11 EUS Releases (18 months support)

ACEcc ACEcc 11.0.0.10
11.0.0.9
1.0.0 1.0.1 11.0.0.9 11.0.0.12
11.0.0.12 11.0.0.11 11.0.0.11 11.0.0.11 11.0.0.11 12.0.1.0 12.0.1.0 12.0.1.0
ACEcc 11.0.0.10 11.0.0.13 ACEcc 11.0.0.10 11.0.0.10 11.0.0.10 11.0.0.10 12.0.1.0 11.0.0.13 11.0.0.13 11.0.0.13
1.1.0 11.0.0.9 11.0.0.12 11.0.0.13 1.2.0 11.0.0.9 11.0.0.9 11.0.0.9 11.0.0.9 11.0.0.12 11.0.0.12 11.0.0.12 11.0.0.12 12.0.1.0
11.0.0.10 11.0.0.11 11.0.0.11 11.0.0.11 11.0.0.11 11.0.0.13
11.0.0.12
11.0.0.9 ACEcc ACEcc ACEcc 11.0.0.10 11.0.0.10 11.0.0.10 11.0.0.10 11.0.0.12
ACEcc 11.0.0.10 ACEcc 11.0.0.9
11.0.0.9 1.3.0 1.3.1 1.3.2 11.0.0.9 11.0.0.9 11.0.0.9 11.0.0.11
1.1.1 1.4.0 11.0.0.10
ACEcc
ACEcc ACEcc ACEcc ACEcc 11.0.0.9
1.1.2 ACEcc RHOCP 1.5.0 1.5.1 1.5.2 1.5.3
1.1.3 4.5 or 4.6 ACEcc
RHOCP 4.4 or 4.5 2.0.0
RHOCP 4.6 or 4.7

RHOCP
4.6, 4.7 or
4.8
RHOCP 4.6
• Each ACEcc Operator version works in conjunction with multiple Operand versions
• The Operand version equates to the ACE software version
• Although not shown on this diagram for simplicity, each Operand version is numbered based on the ACE software version appended with a release number e.g.
12.0.1.0-r1, 12.0.1.0-r2 … etc. The release numbers typically indicate OS level security fixes which need to be built into the images.
• CD = “Continuous Delivery” provides 6 months support
• EUS = “Extended Update Support” (also known as “Long Term Support”) provides 18 months support
ACEcc ACE ACE ACE ACE ACE ACE ACE ACE ACE ACE ACE ACE ACE ACE ACE
11.0.0.9- 11.0.0.9- 11.0.0.9- 11.0.0.10- 11.0.0.10- 11.0.0.10- 11.0.0.11- 11.0.0.11- 11.0.0.12- 11.0.0.12- 11.0.0.13- 12.0.1.0- 12.0.1.0- 12.0.1.0- 12.0.1.0-
Operator r1 r2 r3 r1 r2 r3-eus r1 r2 r1 r1-eus r1-eus r1 r2 r3 r4
Version MQ MQ MQ MQ Client MQ MQ Client MQ Client MQ Client MQ Client MQ Client MQ Client MQ Client MQ Client MQ Client MQ Client
Client Client Client 9.1.5.3 Client 9.2.0.0 9.2.0.1 9.2.0.1 9.2.0.1 9.2.0.1 9.2.0.2 9.2.0.1 9.2.0.1 9.2.0.2 9.2.0.2
9.1.5.0 9.1.5.1 9.1.5.2 9.1.5.4
1.0.0
1.0.1
1.1.4-eus
1.1.0 (Oct2021)
1.1.1 (eus) ACE
11.0.0.14-
1.1.2 (eus) r1-eus
1.1.3 (eus)
1.2.0
1.3.0
1.3.1
2.1.0
1.3.2 (Oct2021)
ACE
1.4.0 12.0.2.0-r1
1.5.0
1.5.1
1.5.2
2.0.0
IBM App Connect Enterprise Certified Container Operand Deprecation

Demo of App Connect

Dashboard and Designer
https://tempestwx.com/station/33047/
Integration Technical Conference / © 2020 IBM Corporation
Please submit your session feedback!

• Do it online at
https://conferences.gse.org.uk/2021/feedback/1AH
• This session is 1AH

Become a member of GSE UK

• Company or individual membership available
• Benefits include:
• GSE Annual Conference: Receive 5 free places + 2 free places for trainees
• 20% discount on fees for IBM Technical Conferences
• 20% on IBM Training Courses in Europe
• 15% discount for IBM STG Technical Conferences in the USA
• 20% discount on the fee for taking the Mainframe Technology Professional
(MTP) exams
• European events – via GSE HQ
• Contact [email protected] for details

App Connect Enterprise Certified Containerin CP4 I

Uploaded by

Copyright:

Available Formats

App Connect Enterprise Certified Containerin CP4 I

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

App Connect Enterprise Certified Containerin CP4 I

Uploaded by

Copyright:

Available Formats

GSE UK Virtual Conference 2021

Virtually the best way to learn about Z

App Connect Enterprise

GSE UK Conference 2021 Charity Raffle

Evolution to Agile Integration Architecture

API Gateway API Gateway

API Gateway API Gateway

Containerization Application autonomy

Designer Runtime Container

OpenShift Routes Content Server

Proxy Container Proxy Container Storage

• App Connect Operator

ACE Certified Containers Operator

• Why use an Operator ?

• What drives an Operator?

Cloud Pak for

App and Data

On-premise on your own servers

Installed using Red Hat Operators

• App Connect CRD’s

• Example App Connect Integration CRs

App Connect has 2 ways

App Connect Designer 1. Call shared assets App Connect Toolkit

How Designer Authoring and Dashboard CR’s interact…

Export as BAR file to Create server and run

IBM App Connect Dashboard Administration

Integration Server work directory Integration Server

• Integration servers run the contents of a

BAR file contents

IBM Integration / © 2021 IBM Corporation Workspace to BAR

IBM Integration / © 2021 IBM Corporation

Lots of detail in the blogs and youtube links…

IBM App Connect Enterprise recap

• Features of the App Connect Certified Container Operator

• Force all Integration Server flows to be https

• Knative acts as a front-end for ACE Scaling containers to zero

• ACE message flows get messages directly from the MQ

Queue depth polling

Flow Flow Flow Flow

• Function-as-a-Service has a higher latency but no idle time.

• ACEcc Operator can run k8s native

• Need to create your own ingress and routes

• Designer Authoring and it’s

App Connect Enterprise and its relationship with MQ example

MQ Client connection MQ Client connection

MQ ApplicationName = “MyApp1” MQ ApplicationName = “MyApp2”

Flow1B Flow1E Flow2B Flow2E

Flow1C Flow1F Flow2C Flow2F

Integration Server 1 Integration Server 2

ACE Container 1 ACE Container 2

• ACEcc Operator and ACE Operand Support Timeline

ACE 12 Open Beta ACE 12.0.1.0 ACE 12.0.2.0 ACE 12.0.3.0

From 2015 we switched to agile delivery with quarterly

End of Standard Support for

Supported ACE software versions

11.0.0.10 11.0.0.11 EUS Releases (18 months support)

RHOCP 4.6 or 4.7

IBM App Connect Enterprise Certified Container Operand Deprecation

Demo of App Connect