BEA Tuxedo / D component provides different kinds of Domain Gateways. Communication between domains is done through one or more Domain Gateways. Native clients continue to connect to their machine's local bulletin board. Remote Clients continue to use the WSL or JSL.
BEA Tuxedo / D component provides different kinds of Domain Gateways. Communication between domains is done through one or more Domain Gateways. Native clients continue to connect to their machine's local bulletin board. Remote Clients continue to use the WSL or JSL.
BEA Tuxedo / D component provides different kinds of Domain Gateways. Communication between domains is done through one or more Domain Gateways. Native clients continue to connect to their machine's local bulletin board. Remote Clients continue to use the WSL or JSL.
and Administration At the end of this module, you will be able to: Understand the Domain Gateway architecture and components Configure a Tuxedo application to support remote domain connectivity Monitor and manage Gateway activity with the dmadmin utility Module 13 Domain Gateway Configuration and Administration-1 2006 BEA Systems, Inc. 376 Road Map 1. Basic Domain Gateway Configuration Domain Gateway Usages Tuxedo System Server Components The DMCONFIG File Using the dmadmin Utility 2. Advanced Domain Gateway Enhancements Domain Gateway Configuration and Administration-2 2006 BEA Systems, Inc. 377 Multiple Domains Domains are an administrative construct One UBBCONFIG = One Domain IPCKEY uniquely identifies domain / resources One machine can support one to many domains One Domain can span one to many machines Domains are used to demarcate : development / test / production boundaries administrative boundaries secure regions organizational / business divisions Domain Gateway Configuration and Administration-3 2006 BEA Systems, Inc. 378 Communication between domains is done through one or more Domain Gateways. Native clients continue to connect to their machines local bulletin board to look up services. Remote Clients continue to use the WSL or JSL. The location of the service is transparent to applications making the request. Domain Gateways Domain A Client Domain Gateway A Domain B Server Domain Gateway B Domain Gateway Configuration and Administration-4 2006 BEA Systems, Inc. 379 The BEA Tuxedo/D component provides different kinds of Gateways: BEA eLink Adapter for Mainframe TCP Gateway BEA eLink Adapter for Mainframe SNA Gateway BEA eLink Adapter for Mainframe OSI TP Gateway Tuxedo TDomain Gateway All Gateways are interoperable.
Types of Domain Gateways eLink SNA DomainB Server Domain Gateway B WebLogic TDomainC EJBs WTC Component WTC Client Tuxedo TDomainA Client Domain Gateway A Server Domain Gateway Configuration and Administration-5 2006 BEA Systems, Inc. 380 Configuring Multiple Domains Two configuration files are needed to configure domain interoperability: Deploys Domain Gateway Servers UBBCONFIG Defines Domain Gateway Connectivity DMCONFIG Description Configuration File Domain A UBBCONFIG A DMCONFIG A Domain B UBBCONFIG B DMCONFIG B Domain Gateway Configuration and Administration-6 2006 BEA Systems, Inc. 381 Configuring Gateways in UBBCONFIG The UBBCONFIG file declares: A unique identity / name for the domain Admin and communications gateway servers Declare the domain name in RESOURCES. Declare the following servers in SERVERS: DMADM: domain administration server GWADM: gateway administration server GWTDOMAIN: communication gateway server Associate the servers with unique server groups. Domain Gateway Configuration and Administration-7 2006 BEA Systems, Inc. 382 Example UBB Configuration File Here's an example configuration file that declares the servers needed to support inter-domain communication:
Example UBBCONFIG text file: *RESOURCES DOMAINID MUTT ... *GROUPS ... LDMGRP GRPNO=3 # used for the DMADM server LGWGRP GRPNO=4 # used to pair GWADM & GWTDOMAIN ... *SERVERS DMADM SRVGRP=LDMGRP SRVID=1 # domain admin server GWADM SRVGRP=LGWGRP SRVID=1 # gateway admin server GWTDOMAIN SRVGRP=LGWGRP SRVID=2 # gateway comm server ... ADMGRP DOM_GW1 DOM_GW1 ADMGRP GRPNO=3 DOM_GW1 GRPNO=4 Domain Gateway Configuration and Administration-8 2006 BEA Systems, Inc. 383 DMCONFIG Text File DMCONFIG defines local and remote domain gateways: includes seven sections describes the relationship between gateways is compiled with dmloadcf (use dmunloadcf to print a text copy) The BDMCONFIG environment variable must be set to the name and location of the bdmconfig binary version of DMCONFIG. Unlike the tuxconfig binary, the bdmconfig binary is NOT propagated to other machines during a tmboot. Compiling DMCONFIG with dmloadcf: C:\> set BDMCONFIG=C:\apps\bdmconfig C:\> dmloadcf y dmconfig.bdm The examples in the following slides are valid for versions 7.1+ For version 6.5, refer to your documentation Domain Gateway Configuration and Administration-9 2006 BEA Systems, Inc. 384 Example DMCONFIG Text Files Example MUTT DMCONFIG file:
*DM_RESOURCES VERSION=Internal2.3 *DM_LOCAL LDOM1 GWGRP=GW_GRP1 TYPE=TDOMAIN ACCESSPOINTID=jgw1 *DM_REMOTE RDOM1 TYPE=TDOMAIN ACCESSPOINTID=mgw1 *DM_TDOMAIN LDOM1 NWADDR=//jeff:3186 TDOM1 NWADDR=//mutt:2507 *DM_EXPORT TOUPPER *DM_IMPORT INQ RACCESSPOINT=RDOM1 UPDATE RACCESSPOINT=RDOM1 Domain Gateway Configuration and Administration-10 2006 BEA Systems, Inc. 385 DM_RESOURCES DM_RESOURCES has a single field, VERSION. The VERSION field can be set to an arbitrary string that can serve as versioning or documentation. Example DM_RESOURCES section: *DM_RESOURCES VERSION=Experimental8.9 Domain Gateway Configuration and Administration-11 2006 BEA Systems, Inc. 386 DM_LOCAL The DM_LOCAL section identifies local gateways associated with this domain. Each gateway is mapped to a gateway server group in the domains UBBCONFIG file. Syntax of DM_LOCAL section: *DM_LOCAL unique_identifier GWGRP=gateway_server_group_specified_in_UBBCONFIG TYPE=always_TDOMAIN_for_Tuxedo ACCESSPOINTID=unique_identifier_for_this_gateway
Example DM_LOCAL section: *DM_LOCAL MuttGateway1 GWGRP=DOM_GW_GRP1 TYPE=TDOMAIN ACCESSPOINTID=mutt_gw_1 Domain Gateway Configuration and Administration-12 2006 BEA Systems, Inc. 387 DM_REMOTE This section identifies gateways configured in remote domains. Multiple remote gateway configurations indicate: multiple gateways into one remote domain < OR > multiple remote domains < OR > both Syntax of DM_REMOTE section: *DM_REMOTE unique_identifier TYPE=is_always_TDOMAIN_for_Tuxedo_or_WebLogic ACCESSPOINTID=unique_identifier_for_this_gateway
Example DM_REMOTE section: *DM_REMOTE RDOM1 TYPE=TDOMAIN ACCESSPOINTID=JEFF1 RDOM2 TYPE=TDOMAIN ACCESSPOINTID=MARY2 Domain Gateway Configuration and Administration-13 2006 BEA Systems, Inc. 388 DM_TDOMAIN This section defines network addresses for all of the TDomain gateways (LOCAL & REMOTE) visible to this domain. Syntax of DM_TDOMAIN section: *DM_TDOMAIN identifier_used_in_DM_LOCAL_or_DM_REMOTE NWADDR=//host:port
Example DM_TDOMAIN section: *DM_TDOMAIN MuttGateway1 NWADDR=//mutt:2507 RDOM1 NWADDR=//jeff:3186 RDOM2 NWADDR=//mary:4377 Domain Gateway Configuration and Administration-14 2006 BEA Systems, Inc. 389 DM_EXPORT This section lists the services that can be made available to remote gateways. By default, these services can be accessed from all local gateways. Syntax for DM_EXPORT section: *DM_EXPORT Name_of_SERVICE_advertised_in_local_BB [LACCESSPOINT=local_gateway_name_in_DM_LOCAL] [ACL=...] [RNAME=alias_SERVICE_name_used_by_remote_gateways]
Example DM_EXPORT section: *DM_EXPORT INQ LACCESSPOINT=MuttGateway1 ACL=myRestrictedList Domain Gateway Configuration and Administration-15 2006 BEA Systems, Inc. 390 DM_IMPORT This section lists the services to be requested from remote gateways. By default, these will be advertised by all local gateways. Syntax for DM_IMPORT section: *DM_IMPORT Name_of_SERVICE_in_remote_domain RACCESSPOINT=remote_gateway_name_in_DM_REMOTE [LACCESSPOINT=local_gateway_name_in_DM_LOCAL] [BLOCKTIME=max_time_before_requests_timeout] [LOAD=load_factor] [RNAME=alias_SERVICE_name_locally_advertised] [ROUTING=routing_criteria]
Example DM_IMPORT section: *DM_IMPORT UPDATE RACCESSPOINT=RDOM1 TOUPPER RACCESSPOINT=RDOM2 Domain Gateway Configuration and Administration-16 2006 BEA Systems, Inc. 391 CONNECTION_POLICY Configured in the DM_LOCAL section (all versions) or DM_TDOMAIN section (versions 8.1 +). Specifies the conditions under which a local domain gateway tries to establish a connection to a remote domain gateway. Supported Values: ON_DEMAND(Default),ON_STARTUP, INCOMING_ONLY Example CONNECTION_POLICY Setting: *DM_LOCAL GW1 GWGRP=GW_GRP1 TYPE=TDOMAIN ACCESSPOINTID=mutt_ap1
CONNECTION_POLICY=ON_STARTUP Domain Gateway Configuration and Administration-17 2006 BEA Systems, Inc. 392 Dynamic Status Connections - Incoming connection - Administrator connect with dmadmin - Gateway server initialization - After connection failure as configured - Administrator connect with dmadmin - Local client request - Incoming connection - Administrator connect with dmadmin Connection Attempted NO ON_DEMAND YES ON_STARTUP N/A INCOMING_ONLY Retry Support Connection Policy Domain Gateway Configuration and Administration-18 2006 BEA Systems, Inc. 393 CONNECTION_POLICY Options - Always advertised ON_DEMAND - While a valid connection exists - Suspended if connection lost ON_STARTUP - While a valid connection exists - Suspended if connection lost INCOMING_ONLY Service Advertisement Connection Policy The gateway attempts to establish a connection every 30 seconds 3 times before quitting RETRY_INTERVAL=30 MAXRETRY=3 The gateway attempts to establish a connection at initialization with no retries MAXRETRY=0 The gateway attempts to establish a connection every 30 seconds until a connection is established RETRY_INTERVAL=30 Behavior Options The ON_STARTUP options provides these additional settings: Domain Gateway Configuration and Administration-19 2006 BEA Systems, Inc. 394 The dmadmin utility dmadmin is used to monitor and control domain gateway connectivity. The BDMCONFIG environment variable must first be set Displaying gateway statistics with dmadmin: c:\> dmadmin > default d ENG_AP1 > pd Local domains :ENG_AP1 Connected domains: Domainid: mktap1 Attempt manual reconnect co [-R] Print domain gateway statistics pstats Print domain connectivity information pd Description Command Force the gateway to disconnect dco Domain Gateway Configuration and Administration-20 2006 BEA Systems, Inc. 395 Section Review Understand multiple domain architectures Configure and deploy the Domain Gateway server components Configure the DMCONFIG File Use the dmadmin utility In this section, we learned how to: Domain Gateway Configuration and Administration-21 2006 BEA Systems, Inc. 396 Lab Exercise For details on the exercise, refer to the Lab Guide. If questions arise, ask the instructor. The instructor will determine the stop time. Lab 14 DOMS: Configure, Deploy, and Test a Domain Gateway Domain Gateway Configuration and Administration-22 2006 BEA Systems, Inc. 397 Road Map 1. Basic Domain Gateway Configuration 2. Advanced Domain Gateway Enhancements Using Multiple Domain Gateways Performance Enhancement Options Configuring Support for XA Transactions Domain Gateway Security Options Domain Gateway Configuration and Administration-23 2006 BEA Systems, Inc. 398 Improving Domain Gateway Performance Use multiple gateways to improve throughput: Add a second GWADM/GWTDOMAIN in the UBBCONFIG file (in another server group) Add a second entry in DM_LOCAL section of the DMCONFIG file Encoding: Turn it OFF by setting MTYPE; the default is ON if MTYPE is not set Compression: set CMPLIMIT in the DMCONFIG configuration file Setting BLOCKTIME for each local domain gateway We will look at examples of these next ... Domain Gateway Configuration and Administration-24 2006 BEA Systems, Inc. 399 Example Multiple Gateways... MUTT DMCONFIG file:
Domain Gateway Configuration and Administration-26 2006 BEA Systems, Inc. 401 Setting MTYPE for Encoding Preference Example: setting MTYPE; encoding OFF: *DM_LOCAL LDOM1 ACCESSPOINTID = mkt_ap1 MTYPE = SOLARIS
*DM_REMOTE RDOM1 ACCESSPOINTID = eng_ap1 MTYPE = SOLARIS Example: setting MTYPE; encoding ON: (Note: Encoding ON by default when MTYPE is undefined)
*DM_LOCAL LDOM1 ACCESSPOINTID = mkt_ap1 MTYPE = SOLARIS
*DM_REMOTE RDOM2 ACCESSPOINTID = eng_ap2 MTYPE = WIN Domain Gateway Configuration and Administration-27 2006 BEA Systems, Inc. 402 Setting CMPLIMIT for Data Compression Example: setting a CMPLIMIT for REMOTE gateways: . . . *DM_LOCAL MDOM1 GWGRP=LGWGRP1 TYPE=TDOMAIN ACCESSPOINTID=mutt1 *DM_REMOTE RDOM1 TYPE=TDOMAIN ACCESSPOINTID=jeff1 RDOM2 TYPE=TDOMAIN ACCESSPOINTID=mary1 RDOM3 TYPE=TDOMAIN ACCESSPOINTID=frank1 *DM_TDOMAIN MDOM1 NWADDR=//mutt:2507 RDOM1 NWADDR=//jeff:3186 CMPLIMIT=8192 RDOM2 NWADDR=//mary:8754 CMPLIMIT=MAXLONG RDOM3 NWADDR=//frank:9032 CMPLIMIT=1024 . . . Domain Gateway Configuration and Administration-28 2006 BEA Systems, Inc. 403 Setting BLOCKTIME for Local Gateways Example: Setting a BLOCKTIME for LOCAL Gateways: . . . *DM_LOCAL MDOM1 GWGRP=LGWGRP1 BLOCKTIME=12 TYPE=TDOMAIN ACCESSPOINTID=mutt1 MDOM2 GWGRP=LGWGRP2 BLOCKTIME=12 TYPE=TDOMAIN ACCESSPOINTID=mutt2 MDOM3 GWGRP=LGWGRP3 BLOCKTIME=3 TYPE=TDOMAIN ACCESSPOINTID=mutt3 *DM_REMOTE RDOM1 TYPE=TDOMAIN ACCESSPOINTID=jeff1 *DM_TDOMAIN MDOM1 NWADDR=//mutt:2507 MDOM2 NWADDR=//mutt:2508 MDOM3 NWADDR=//mutt:2509 RDOM1 NWADDR=//jeff:2507 . . . Total block will be a multiplier of BLOCKTIME x SCANUNIT(def=10s) Domain Gateway Configuration and Administration-29 2006 BEA Systems, Inc. 404 Domain Gateway Failover Domain gateway failover is available with ON_STARTUP or INCOMING_ONLY connection policies. Provides for automatic failover as well as automatic failback to the primary when connection is restored.
Syntax for Domain-level failover: *DM_IMPORT SERVICE_Name RACCESSPOINT=remote_gw1[,remote_gw2][,remote_gw3]
Example Domain-level failover configuration: *DM_IMPORT TOUPPER RACCESSPOINT=jeffgw1,jeffgw2,jeffgw3 Domain Gateway Configuration and Administration-30 2006 BEA Systems, Inc. 405 Example Domain Routing Usage Example Configuring DDR over Domain Gateways: *DM_IMPORT BALANCE ROUTING=on_account *DM_ROUTING on_account BUFTYPE=FML32 FIELD=account_id RANGES=1-500:MDG1,501-1000:MDG2,*:MDG3 Routing Identifier Remote Domain Gateways Data-Dependent Routing (DDR) can also be configured for multiple remote gateways. Configuration is similar to DDR Server Groups. Domain Gateway Configuration and Administration-31 2006 BEA Systems, Inc. 406 Transactions Across Domain Gateways Distributed transactions can span Domain boundaries. A gateway acts as a subordinate of the transactions coordinated by another server group within the originating domain. Gateways advertise the TMS service and coordinate the 2PC of transactions executed across domains. GWADM Tuxedo System TLOG Domain Gateway DMTLOG GWTDOMAIN DMTLOG created by Administrator with dmadmin TLOG created by Administrator with tmadmin Domain Gateway Configuration and Administration-32 2006 BEA Systems, Inc. 407 Domain Transaction Configuration Section: DM_IMPORT Section: DM_LOCAL Size of DMTLOG [def=100 pages] DMTLOGSIZE Max number of domains in a transaction [0-32768; def=16] MAXRDTRAN Specifies name of DMTLOG [<30 chars][def=DMTLOG] DMTLOGNAME Enables domain gateway to automatically begin, commit or rollback transactions AUTOTRAN Sets default timeout for a transaction started by Tuxedo [0- 2147483648s; def=30s] Max number of simultaneous global transactions on local domain [0-MAXGTT; def=MAXGTT] Specifies file system that contains domain transaction log (DMTLOG) for this machine Description MAXTRAN DMTLOGDEV TRANTIME Parameter Domain Gateway Configuration and Administration-33 2006 BEA Systems, Inc. 408 Security Across Domain Gateways Enhanced security is available through: Restricting services which are available Defining access control lists for remote gateways Setting of Link-Level Encryption (LLE) between gateways Enforcing application passwords Defining domain gateway passwords Password Security Levels: No security (NONE) Application level security (APP_PW) Provided by normal security configuration Domain gateway passwords (DM_PW) Domain Gateway Configuration and Administration-34 2006 BEA Systems, Inc. 409 Domain Gateway Security: DM_PW Example MUTT Config files:
*DM_REMOTE RemAP ACCESSPOINTID=d1 Connections from remote domains are authenticated using passwords defined in the DM_PASSWORDS section of BDMCONFIG file.
Domain Gateway Configuration and Administration-35 2006 BEA Systems, Inc. 410 Example setting the DM_PW After the TUXCONFIG and BDMCONFIG files are generated, boot the applications on DOMAIN1 and DOMAIN2:
On DOMAIN1: dmadmin passwd Dom1AP Dom2AP Enter Local Domain Password:foo1 Reenter Local Domain Password:foo1 Enter Remote Domain Password:foo2 Reenter Remote Domain Password:foo2
On DOMAIN2: dmadmin passwd MyAP RemAP Enter Local Domain Password:foo2 Reenter Local Domain Password:foo2 Enter Remote Domain Password:foo1 Reenter Remote Domain Password:foo1 Local and remote gateway passwords must match Domain Gateway Configuration and Administration-36 2006 BEA Systems, Inc. 411 DM_ACCESS_CONTROL DM_ACCESS_CONTROL specifies an access control list of remote domains allowed to access this domain Syntax for DM_ACCESS_CONTROL section: *DM_ACCESS_CONTROL acl_name ACLIST = identifier [, identifier]
Example DM_ACCESS_CONTROL section for MUTT: *DM_ACCESS_CONTROL MyRemoteList ACLIST = JEFF1,MARY1 Example DM_EXPORT section: *DM_EXPORT INQ ACL = MyRemoteList Domain Gateway Configuration and Administration-37 2006 BEA Systems, Inc. 412 LLE between Gateways Connecting process negotiates encryption level for the link based on two configured parameters in the DM_TDOMAIN section: MINENCRYPTBITS: Minimum encryption level - (0, 56, or 128 bit key size) MAXENCRYPTBITS: Maximum encryption level - (0, 56, or 128 bit key size) GW1 LLE LLE Standard Tuxedo Link Level Encryption GW2 LLE encrypts all data between the Domain Gateways Server Domain Gateway Configuration and Administration-38 2006 BEA Systems, Inc. 413 WebLogic-Tuxedo Connector (WTC) WTC provides integration between WebLogic Server and Tuxedo applications. WebLogic clients call local EJBs to access Tuxedo services Tuxedo clients can call WebLogic EJBs. WebLogic Server Connector EJB JSP RMI Tuxedo GWTDOMAIN TDOMAIN Protocol Domain Gateway Configuration and Administration-39 2006 BEA Systems, Inc. 414 Section Review Configure and deploy multiple domain gateways Implement performance enhancement options Configure support for XA transactions Leverage the domain gateway security options In this section, we learned how to: Domain Gateway Configuration and Administration-40 2006 BEA Systems, Inc. 415 Module Review Understand the Domain Gateway architecture and components Configure a Tuxedo application to support remote domain connectivity Configure additional gateway options Monitor and manage gateway activity with the dmadmin utility In this module, we learned how to: Domain Gateway Configuration and Administration-41