The integration solutions that you run in IBM® App Connect on IBM Cloud™ might contain message flows that need to interact with your on-premises systems like databases or IBM MQ. You must provide the credentials that are required by your on-premises systems (such as user names and passwords), and enable network connectivity so that your integration solutions can communicate securely with those on-premises systems.

You provide credentials to access your on-premises systems by attaching policies to your App Connect on IBM Cloud integration servers. For example, if message flows on your App Connect on IBM Cloud integration server need to communicate with a Db2 database, you’d attach a Db2 policy to the integration server that contains credentials like the database name, host name, port number, user name, and password. You can also attach policies that allow resources on your integration server to use FTP or SFTP, for example, or to view logs for your integration server. You can attach a policy type to multiple integration servers. But you can attach only one instance of each policy type to an integration server. If you create and attach a policy to an integration server that already has a policy of that type, the original policy is detached when the new one is attached. For instructions, see Attaching policies to integration servers.

When you’ve created some policies with credentials for your on-premises systems, you can then configure your integration solutions to communicate securely with your on-premises systems by using a Switch server and a connectivity agent. The Switch server is a special kind of integration server that routes data. The connectivity agent contains the certificates that your integration solutions need to communicate securely with the Switch server. By synchronizing your connectivity agent in App Connect on IBM Cloud with the Switch server on premises, your integration solutions can interact securely with your on-premises systems. This single agent is used by all integration servers to connect securely to on-premises systems. Data that’s transferred between the on-premises systems and the cloud is encrypted by using a mutually authenticated TLS connection. For instructions, see Creating a connectivity agent and synchronizing it with the IBM App Connect Enterprise Switch server.

Attaching policies to integration servers

Policies contain configuration information that extends the properties on message flow nodes. You attach a policy to an integration server so that message flows that are running on that integration server can use the credentials stored in the policy. Different types of policy provide different functions for your integration servers. For example, to access data in an on-premises database, you must attach a database policy such as Db2 or Oracle. Or to view the logs for your integration server, you must attach a Logging policy to that integration server (see Viewing logs for your integration servers in App Connect on IBM Cloud).

You can detach policies when you no longer need them to be associated with an integration server, and you can delete them when you no longer need them to be available in App Connect on IBM Cloud.

To attach a policy to an integration server in App Connect on IBM Cloud:

  1. On the App Connect on IBM Cloud dashboard, make sure that the integration server that you want to attach a policy to is stopped, then open it.
  2. Open the Attached policies tab.
  3. Click Manage. If you’ve already created a policy select the policy that you need and click Save. If you don’t have the appropriate policy, click Create and attach new policy and continue with the following steps.
  4. Select a policy type from the list.
  5. Provide all the requested values, then click Create.

The policy is now attached to your integration server. If you need to attach another policy to your integration server, click Manage, then Create and attach a policy.

If you’re attaching a policy for Db2, MQ, Oracle, or SQL so that resources on your integration server in App Connect can communicate with your on-premises systems, you need to configure secure connectivity between App Connect on IBM Cloud and those on-premises systems. A status of “Connectivity paused” for a policy indicates that the communication channel between your integration server and on-premises system isn’t open. If you’ve already configured the connectivity agent, hover your mouse over the status, then click Restart. This reinstates the connection between your integration server and on-premises system. A status of “Not connected” for a policy indicates that an agent hasn’t been created yet, or isn’t synchronized with the App Connect Enterprise Switch server. Hover your mouse over the status, then click Create agent and continue with the following steps.

Creating a connectivity agent and synchronizing it with the App Connect Enterprise Switch server

The following instructions assume that you’ve already attached a policy to your integration server for the appropriate on-premises system.

To configure secure connectivity in App Connect on IBM Cloud:

  1. On the App Connect on IBM Cloud dashboard, open a stopped integration server that has an attached policy.

    The agent that you create is used by all integration servers in App Connect on IBM Cloud, so it doesn’t matter which integration server you open.

  2. Open the Attached policies tab.
  3. If the status for any policies says “Connectivity paused”, hover your mouse over the “Connectivity paused” status, then click Restart.
  4. If you’ve not yet created an agent, the status should change to “Not connected”. Hover your mouse over the “Not connected” status, then click Create agent.

    A dialog box opens to synchronize your App Connect on IBM Cloud agent with your on-premises agent.

  5. Click Download the configuration.
  6. For App Connect Enterprise, save the agent configuration file (agentp.json) to the following location on the computer where App Connect Enterprise is installed:
    IntegrationServerWorkDirectory\config\iibswitch\agentp.

    (If you don’t see this directory, you’ll need to create the work directory for your integration server by running the mqsicreateworkdir command in App Connect Enterprise. For more information, see Configuring an integration server in the App Connect Enterprise Knowledge Center.)

  7. For Integration Bus, save the agent configuration file (agentp.json) to the same computer where Integration Bus is installed. Start an Integration Bus command environment, then run the appropriate command.

    If you haven’t created a Switch server yet in Integration Bus, run the iibswitch create command, which creates the Switch server, and synchronizes it with the downloaded agent configuration:

    On Linux:
    iibswitch create agentp -c filepath/agentp.json
    On Windows:
    iibswitch create agentp /config filepath\agentp.json

    If you’ve already created a Switch server in Integration Bus, run the iibswitch update command, which updates the Switch server to use the downloaded agent configuration:

    On Linux:
    iibswitch update agentp -c filepath/agentp.json
    On Windows:
    iibswitch update agentp /config filepath\agentp.json

  8. In App Connect on IBM Cloud, click Test your agent to ensure that App Connect can connect to your on-premises agent. If the test is successful, close the dialog box.

You’ve created a Switch server in App Connect Enterprise or Integration Bus that uses the agent configuration that you downloaded from App Connect on IBM Cloud. The flows on your integration servers in App Connect can now communicate securely with your on-premises resources by using the policies that you’ve attached to the integration servers. When you return to the Attached policies tab for your integration server, the status of your policies should now be “Connected”. You’re now ready to start the integration server.

If you can’t find what you want, or have comments about this tutorial, please either add comments to the bottom of this page or .

Join The Discussion

Your email address will not be published. Required fields are marked *