Tib Ems Users Guide
Tib Ems Users Guide
Tib Ems Users Guide
Service
Users Guide
Software Release 8.1
April 2014
Two-Second Advantage
Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED
ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED
SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR
ANY OTHER PURPOSE.
USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A
LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE
AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER
LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE
SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE
LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED
IN THE LICENSE FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS
AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN
AGREEMENT TO BE BOUND BY THE SAME.
This document contains confidential information that is subject to U.S. and international copyright laws and
treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO
Software Inc.
TIBCO, Two-Second Advantage, The Power of Now, TIB, Information Bus , TIBCO Enterprise Message Service,
TIBCO Rendezvous, TIBCO Enterprise, TIBCO SmartSockets, TIBCO ActiveMatrix BusinessWorks, and TIBCO
Hawk are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other
countries.
Enterprise Java Beans (EJB), Java Platform Enterprise Edition (Java EE), Java 2 Platform Enterprise Edition
(J2EE), and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle Corporation
in the U.S. and other countries.
All other product and company names and marks mentioned in this document are the property of their
respective owners and are mentioned for identification purposes only.
THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL
OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME
TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC
OPERATING SYSTEM PLATFORM.
THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS.
CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE
INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE
IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN
THIS DOCUMENT AT ANY TIME.
THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR
INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING
BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.
Copyright 1997-2014 TIBCO Software Inc. ALL RIGHTS RESERVED.
TIBCO Software Inc. Confidential Information
| iii
Contents
Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxv
Changes from the Previous Release of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi
Feature Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi
Changes in Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi
Deprecated and Removed Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii
TIBCO Enterprise Message Service Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii
Other TIBCO Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii
Third Party Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii
Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix
Connecting with TIBCO Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to Join TIBCOmmunity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to Access TIBCO Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to Contact TIBCO Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xxxii
xxxii
xxxii
xxxii
Chapter 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
JMS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
JMS Message Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Point-to-Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Publish and Subscribe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
EMS Destination Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Client APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Sample Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
TIBCO Rendezvous Java Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Administering the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
User and Group Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Using TIBCO Hawk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Modes, Roles, and States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
TIBCO Enterprise Message Service Users Guide
iv
| Contents
Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Integrating With Third-Party Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Transaction Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Chapter 2 Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
EMS Extensions to JMS Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
JMS Message Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
JMS Message Header Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
EMS Message Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
JMS Message Bodies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Maximum Message Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19
19
21
23
24
Message Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Message Delivery Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PERSISTENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NON_PERSISTENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RELIABLE_DELIVERY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
26
26
27
28
28
28
29
31
31
32
33
34
40
41
41
42
Message Selectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Data Type Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Sending Messages Synchronously and Asynchronously . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Sending Synchronously . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Sending Asynchronously . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
TIBCO Enterprise Message Service Users Guide
Contents v
vi
| Contents
Creating a Bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Access Control and Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Transactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enforcing Flow Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Multicast and Flow Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Routes and Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Destination Bridges and Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Flow Control, Threads and Deadlock. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
87
87
87
88
88
89
89
Delivery Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
104
104
104
104
105
105
105
105
106
108
108
108
109
Contents vii
viii
| Contents
create jndiname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
create queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
create route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
create rvcmlistener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
create topic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
create user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete durable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete factory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete jndiname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete rvcmlistener. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete topic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
echo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
grant queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
grant topic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
grant admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
jaci clear. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
jaci resetstats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
jaci showstats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
purge all queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
purge all topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
purge durable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
purge queue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
purge topic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
remove member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
removeprop factory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
removeprop queue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
removeprop route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
removeprop topic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
resume route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
revoke admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
revoke queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
revoke topic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
rotatelog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TIBCO Enterprise Message Service Users Guide
133
134
134
134
135
135
135
135
136
136
136
136
136
136
137
137
137
137
137
138
138
138
138
139
140
140
140
140
140
140
141
141
141
141
141
141
142
142
142
142
142
142
143
143
144
Contents ix
| Contents
show user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
showacl admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
showacl group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
showacl queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
showacl topic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
showacl user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
suspend route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
transaction commit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
transaction rollback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
updatecrl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
whoami . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
182
182
182
183
183
183
183
184
184
184
184
185
185
185
185
189
201
209
210
214
216
220
220
222
223
226
228
232
239
241
243
244
245
246
249
250
258
259
259
Contents xi
routes.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
stores.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
tibrvcm.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
topics.conf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
transports.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
users.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
xii
| Contents
The JVM in the EMS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Enabling the JVM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
312
312
313
313
317
317
318
322
328
333
334
336
336
341
342
343
347
354
354
355
355
Contents xiii
xiv
| Contents
Monitoring and Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
418
418
420
420
424
424
426
429
433
433
435
436
446
446
446
447
Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ImportStart and Stop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
448
448
448
448
Import Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Field Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
JMSDestination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
JMSReplyTo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
JMSExpiration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Guaranteed Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
450
450
450
450
450
451
Export Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
JMSReplyTo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Certified Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Guaranteed Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
452
452
452
452
Contents xv
xvi
| Contents
Message Tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Enabling Message Tracing for a Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Enabling Message Tracing on a Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Monitoring Server Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
System Monitor Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Monitoring Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Monitor Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performance Implications of Monitor Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
490
490
490
493
494
496
496
497
499
524
524
524
525
Contents xvii
xviii Contents
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651
Figures xix
Figures
Figure 1
Message Delivery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 2
Point-to-point messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 3
Figure 4
Multicast messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16
Figure 17
Figure 18
Figure 19
Figure 20
Figure 21
Figure 22
Figure 23
Figure 24
Figure 25
Figure 26
Figure 27
Figure 28
xx
| Figures
Figure 29
Figure 30
Figure 31
Figure 32
Figure 33
Figure 34
Figure 35
Figure 36
Figure 37
Figure 38
Tables xxi
Tables
Table 1
Table 2
Table 3
Table 4
tibemsd States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Table 5
Table 6
Table 7
Table 8
Table 9
Destination Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Table 10
Table 11
Table 12
Table 13
Destination properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Table 14
Prefetch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Table 15
Table 16
Table 17
Table 18
Table 19
Table 20
Table 21
Table 22
Table 23
Table 24
Table 25
Table 26
Table 27
Table 28
xxii
| Tables
Table 29
Table 30
Table 31
Table 32
Table 33
Table 34
Table 35
Table 36
Table 37
Table 38
Table 39
Table 40
Table 41
Table 42
Table 43
Table 44
Table 45
Table 46
Table 47
Table 48
Table 49
Table 50
Table 51
Table 52
Table 53
Table 54
Table 55
Table 56
Table 57
Table 58
Table 59
Table 60
Tables xxiii
Table 61
Table 62
Table 63
Table 64
Table 65
Table 66
Table 67
Table 68
Table 69
Table 70
Table 71
Table 72
Table 73
Table 74
Table 75
Table 76
Table 77
Table 78
Table 79
Table 80
Table 81
Table 82
Table 83
Table 84
Table 85
Table 86
Table 87
Table 88
Table 89
Table 90
xxiv Tables
| xxv
Preface
Topics
Feature Enhancements
The following enhancements are documented in the sections shown:
fully functional JAAS modules that can be used to authenticate users in the
EMS server. For more information, see Chapter 10, JAAS Authentication
Modules.
Increased Network Threads You can now control the number of network
threads used by the EMS server without assigning them to specific cores. For
more information, see the description for the network_thread_count
parameter and the section on Increasing Network Threads without Setting
Thread Affinity on page 121.
Changes in Functionality
jaas_classpath
Preface xxvii
Related Documentation
This section lists documentation resources you may find useful.
TIBCO Enterprise Message Service Users Guide Read this manual to gain an
overall understanding of the product, its features, and configuration.
TIBCO Enterprise Message Service Central Administration Read this manual for
information on the central administration interface.
TIBCO Enterprise Message Service Installation Read the relevant sections of this
manual before installing this product.
TIBCO Enterprise Message Service C & COBOL Reference The C API reference is
available in HTML and PDF formats.
TIBCO Enterprise Message Service Java API Reference The Java API reference can
be accessed only through the HTML documentation interface.
TIBCO Enterprise Message Service .NET API Reference The .NET API reference
can be accessed only through the HTML documentation interface.
TIBCO Enterprise Message Service Release Notes Read the release notes for a list
of new and changed features. This document also contains lists of known
issues and closed issues for this release. This document is available only in
PDF format.
TIBCO Rendezvous
TIBCO SmartSockets
TIBCO Hawk
Preface xxix
Typographical Conventions
The following typographical conventions are used in this manual.
Table 1 General Typographical Conventions
Convention
Use
TIBCO_HOME
ENV_NAME
EMS_HOME
Path The folder into which the product is installed. This folder is referenced
in documentation as TIBCO_HOME. The value of TIBCO_HOME depends on
the operating system. For example, on Windows systems, the default value is
C:\tibco.
TIBCO Enterprise Message Service installs into a directory within TIBCO_HOME.
This directory is referenced in documentation as EMS_HOME. The value of
EMS_HOME depends on the operating system. For example on Windows
systems, the default value is C:\tibco\ems\8.1.
code font
bold code
font
In large code samples, to indicate the parts of the sample that are of
particular interest.
xxx
| Typographical Conventions
Table 1 General Typographical Conventions (Contd)
Convention
Use
italic font
Key
combinations
To introduce new terms For example: A portal page may contain several
portlets. Portlets are mini-applications that run in a portal.
Key name separated by a plus sign indicate keys pressed simultaneously. For
example: Ctrl+C.
Key names separated by a comma and space indicate keys pressed one after the
other. For example: Esc, Ctrl+Q.
The note icon indicates information that is of special interest or importance, for
example, an additional action required only in certain circumstances.
The tip icon indicates an idea that could be useful, for example, a way to apply
the information provided in the current section to achieve a specific result.
The warning icon indicates the potential for a damaging situation, for example,
data loss or corruption if certain steps are taken or not taken.
Use
[ ]
A logical OR that separates multiple items of which only one may be chosen.
For example, you can select only one of the following parameters:
MyCommand para1 | param2 | param3
Preface xxxi
Use
{ }
In the next example, the command requires two parameters. The first parameter
can be either param1 or param2 and the second can be either param3 or param4:
MyCommand {param1 | param2} {param3 | param4}
In the next example, the command can accept either two or three parameters.
The first parameter must be param1. You can optionally include param2 as the
second parameter. And the last parameter is either param3 or param4.
MyCommand param1 [param2] {param3 | param4}
If you already have a valid maintenance or support contract, visit this site:
https://support.tibco.com
Entry to this site requires a user name and password. If you do not have a user
name, you can request one.
|1
Chapter 1
Overview
This chapter contains a general overview of Java Message Service (JMS) and
TIBCO Enterprise Message Service concepts.
Topics
Administration, page 11
Security, page 15
Routing, page 16
| Chapter 1
Overview
JMS Overview
Java Message Service (JMS) is a Java framework specification for messaging
between applications. This specification was developed to supply a uniform
messaging interface among enterprise applications.
Using a message service allows you to integrate the applications within an
enterprise. For example, you may have several applications: one for customer
relations, one for product inventory, and another for raw materials tracking. Each
application is crucial to the operation of the enterprise, but even more crucial is
communication between the applications to ensure the smooth flow of business
processes. Message-oriented-middleware (MOM) creates a common
communication protocol between these applications and allows you to easily
integrate new and existing applications in your enterprise computing
environment.
The JMS framework (an interface specification, not an implementation) is
designed to supply a basis for MOM development. TIBCO Enterprise Message
Service implements JMS and integrates support for connecting other message
services, such as TIBCO Rendezvous and TIBCO SmartSockets. This chapter
describes the concepts of JMS and its implementation in TIBCO Enterprise
Message Service. For more information on JMS requirements and features, see the
following sources:
JMS Compliance
TIBCO Enterprise Message Service 8.1 has passed Oracle Technology
Compatibility Kit (TCK) for Java Message Service 2.0 (JMS 2.0). Therefore, EMS
8.1 is compliant with the JMS 2.0 specification, assuming the following
requirements are met:
Both the Java client and EMS server must be software release 8.0 or higher.
Message
TIBCO EMS
Server
EMS Client
Message
Message
Consumer
EMS Client
Point-to-Point (queues)
Multicast (topics)
Point-to-Point
Point-to-point messaging has one producer and one consumer per message. This
style of messaging uses a queue to store messages until they are received. The
message producer sends the message to the queue; the message consumer
retrieves messages from the queue and sends acknowledgement that the message
was received.
More than one producer can send messages to the same queue, and more than
one consumer can retrieve messages from the same queue. The queue can be
configured to be exclusive, if desired. If the queue is exclusive, then all queue
messages can only be retrieved by the first consumer specified for the queue.
Exclusive queues are useful when you want only one application to receive
messages for a specific queue. If the queue is not exclusive, any number of
| Chapter 1
Overview
receivers can retrieve messages from the queue. Non-exclusive queues are useful
for balancing the load of incoming messages across multiple receivers. Regardless
of whether the queue is exclusive or not, only one consumer can ever consume
each message that is placed on the queue.
Figure 2 illustrates point-to-point messaging using a non-exclusive queue. Each
message consumer receives a message from the queue and acknowledges receipt
of the message. The message is taken off the queue so that no other consumer can
receive it.
Figure 2 Point-to-point messages
TIBCO EMS
Server
Message
Producer
Send Message
Queue
Receive Message
Message
Consumers
Acknowledge
EMS Client
EMS Clients
Send Message
EMS Client
Topic
Subsecribe to
Topic
Deliver Message
Acknowledge
(if necessary)
Message
Consumers
EMS Clients
| Chapter 1
Overview
Shared subscriptions are created with a specific name, and optionally a client ID.
Consumers sharing the subscription specify this name when subscribing to the
topic. If the shared subscription type is durable, it persists an continues to
accumulate messages until deleted. If the shared subscription type is
non-durable, it persists only so long as subscribers exist.
For example, the topic foo might have the following subscriptions:
If a message is received on foo, each of the above four subscriptions receive that
same message. For the shared subscriptions mySharedSub and
myDurableSharedSub, the message is delivered to only one if its respective
shared consumers.
If the shared consumers of the shared durable subscription myDurableSharedSub
are closed, then the shared durable subscription continues to exist and
accumulate messages until it is deleted, or until the application creates a new
durable shared consumer named myDurableSharedSub to resume this
subscription. If the shared consumers of mySharedSub are all closed, the
subscription is removed from topic foo.
Shared subscriptions cannot be used with multicast-enabled topics. That is, if a
topic has a channel property set, shared subscriptions are not supported.
See Creating a Message Consumer on page 383 for details on how to create shared
subscriptions.
Multicast
Multicast messaging allows one message producer to send a message to multiple
subscribed consumers simultaneously. As in the publish and subscribe messaging
models, the message producer addresses the message to a topic. Instead of
delivering a copy of the message to each individual subscriber over TCP,
however, the EMS server broadcasts the message over Pragmatic General
Multicast (PGM). A daemon running on the machine with the subscribed EMS
client receives the multicast message and delivers it to the message consumer.
EMS Client
Send Message
Broadcast
Message
Deliver
Message
Multicast
Topic
Subscribe to
Topic
Message
Consumer
EMS Client
For more information about multicast, see Chapter 14, Using Multicast, on
page 405.
| Chapter 1
Overview
Set a secure mode for access control at the queue or topic level, so that some
destinations may require permission and others may not. See Destination
Control on page 284.
Set threshold limits for the amount of memory used by the EMS server to store
messages for a topic or a queue and fine-tune the servers response to when
the threshold is exceeded. See flowControl on page 61 and overflowPolicy
on page 65.
Exchange messages with other message services. Queues can receive TIBCO
Rendezvous and TIBCO SmartSockets messages. Topics can either receive or
send Rendezvous and TIBCO SmartSockets messages. See Working With
TIBCO Rendezvous on page 437 and Working With TIBCO SmartSockets on
page 461.
Trace and log all messages passing through a destination. See trace on
page 74.
Include the user name of the message producer in the message. See
on page 72 and sender_name_enforced on page 72.
sender_name
10
| Chapter 1
Overview
Client APIs
Java applications use the javax.jms package to send or receive JMS messages.
This is a standard set of interfaces, specified by the JMS specification, for creating
the connection to the EMS server, specifying the type of message to send, and
creating the destination (topic or queue) on which to send or receive messages.
You can find a description of the javax.jms package in TIBCO Enterprise Message
Service Java API Reference included in the online documentation. Because EMS
implements the JMS standard, you can also view the documentation on these
interfaces along with the JMS specification at
http://www.oracle.com/technetwork/java/jms/index.html.
TIBCO Enterprise Message Service includes parallel APIs for other development
environments. See the following for more information:
Sample Code
EMS includes several example programs. These examples illustrate various
features of EMS. You may wish to view these example programs when reading
about the corresponding features in this manual. The examples are included in
the samples subdirectory of the EMS installation directory.
For more information about running the examples, see Chapter 4, Getting Started,
on page 93.
Administration 11
Administration
EMS provides mechanisms for administering server operations and creating
objects that are managed by the server, such as ConnectionFactories and
Destinations.
Administration functions can be issued either using the command-line
administration tool or by creating an application that uses the administration API
(either Java or .NET). The command-line administration tool is described in
Chapter 6, Using the EMS Administration Tool, on page 125. The administration
APIs are described in the online documentation.
The administration interfaces allow you to create and manage administered
objects such as ConnectionFactories, Topics, and Queues. EMS clients can retrieve
references to these administered objects by using Java Naming and Directory
Interface (JNDI). Creating static administered objects allows clients to use these
objects without having to implement the objects within the client.
More Information
12
| Chapter 1
Overview
More Information
Roles
Each server operating in a fault tolerant mode has a distinct role: primary or
secondary.
These roles are implicit for EMS servers started using tibemsd.conf files. They
are explicit for EMS servers started using a JSON configuration file. For
JSON-configured servers, the primary server is the EMS server started without
the -secondary command line parameter, while the secondary server is started
with it. In the .conf files, each server in the fault tolerant pair has a distinct
tibemsd.conf file.
14
| Chapter 1
Overview
States
The state of the EMS server will tell you about its current operations. Use the info
or show state command in the administration tool to determine the state of the
EMS server.
Table 4 tibemsd States
State
Description
active
standby
Security 15
Security
For communication security between servers and clients, and between servers
and other servers, you must explicitly configure SSL within EMS.
Secure Sockets Layer (SSL) is a protocol for transmitting encrypted data over the
Internet or an internal network. SSL works by using public and private keys to
encrypt data that is transferred over the SSL connection. Most web browsers
support SSL, and many Web sites and Java applications use the protocol to obtain
confidential user information, such as credit card numbers.
EMS supports SSL between the following components:
See Chapter 19, Using the SSL Protocol, on page 501 for more information about
SSL support in EMS.
Fault Tolerance
You can configure EMS servers as primary and secondary servers to provide fault
tolerance for your environment. The primary and secondary servers act as a pair,
one of them starting out in the active state and the other in the standby state. The
active server accepts client connections and performs the work of handling
messages, while the standby server acts as a backup in case of failure. If the active
server fails, the standby server assumes operation and becomes the active server.
See Chapter 20, Fault Tolerance, on page 521 for more information about the
fault-tolerance features of EMS.
16
| Chapter 1
Overview
Routing
EMS provides the ability for servers to route messages between each other. Topic
messages can be routed across multiple hops, provided there are no cycles (that is,
the message can not be routed to any server it has already visited). Queue
messages can travel at most one hop to any other server from the server that owns
the queue.
EMS stores and forwards messages in most situations to provide operation when
a route is not connected.
See Chapter 21, Working With Routes, on page 547 for more information about
the routing features of EMS.
Transaction Support
TIBCO Enterprise Message Service can integrate with Java Transaction API (JTA)
compliant transaction managers. EMS implements all interfaces necessary to be
JTA compliant. The EMS C API is compliant with the X/Open XA specification.
The EMS .NET API supports Microsoft Distributed Transaction Coordinator (MS
DTC). Transactions created using MSDTC in a .NET client are seen as XA
transactions in C and Java clients.
| 17
Chapter 2
Messages
Topics
18
| Chapter 2
Messages
The JMS standard specifies two delivery modes for messages, PERSISTENT
and NON_PERSISTENT. EMS also includes a RELIABLE_DELIVERY mode that
eliminates some of the overhead associated with the other delivery modes. See
RELIABLE_DELIVERY on page 27.
Header (required)
Properties (optional)
Body (optional)
Set by
Comments
JMSDestination
send or publish
method
JMSDeliveryMode
send or publish
method
JMSExpiration
send or publish
method
20
| Chapter 2
Messages
Set by
Comments
JMSDeliveryTime
send or publish
method
send or publish
method
JMSMessageID
send or publish
method
JMSTimestamp
send or publish
method
JMSCorrelationID
message client
JMSReplyTo
message client
JMSType
message client
JMSRedelivered
JMS provider
Property
Description
JMS_TIBCO_CM_PUBLISHER
Correspondent name of an
RVCM sender for messages
imported from TIBCO
Rendezvous.
454
JMS_TIBCO_CM_SEQUENCE
454
JMS_TIBCO_COMPRESS
Allows messages to be
compressed for more efficient
storage.
39
JMS_TIBCO_DISABLE_SENDER
23
JMS_TIBCO_IMPORTED
454
18
JMS_TIBCO_MSG_EXT
474
454
474
22
| Chapter 2
Messages
Property
Description
JMS_TIBCO_MSG_TRACE
488
JMS_TIBCO_PRESERVE_UNDELIVERED
22
JMS_TIBCO_SENDER
23
JMS_TIBCO_SS_SENDER
474
You should create a queue receiver to receive and handle messages as they arrive
on the undelivered message queue. If you wish to remove messages from the
undelivered message queue without receiving them, you can purge the
$sys.undelivered queue with the administration tool, using the purge queue
command described under Command Listing on page 130. You can also remove
messages using the administrative API included with TIBCO Enterprise Message
Service.
Note that $sys.undelivered ignores the global destination property setting.
Messages in the undelivered message queue are not routed to other servers.
Including the Message Sender
Within a message, EMS can supply the user name given by the message producer
when a connection is created. The sender_name and sender_name_enforced
server properties on the destination determine whether the message producers
user name is included in the sent message.
When a user name is included in a message, a message consumer can retrieve that
user name by getting the string message property named JMS_TIBCO_SENDER.
When the sender_name property is enabled and the sender_name_enforced
property is not enabled on a destination, message producers can specify that the
user name is to be left out of the message. Message producers can specify the
JMS_TIBCO_DISABLE_SENDER boolean property for a particular message, and the
message producers user name will not be included in the message. However, if
the sender_name_enforced property is enabled, the
JMS_TIBCO_DISABLE_SENDER property is ignored and the user name is always
included in the message.
Message
TextMessage
A java.lang.String.
24
| Chapter 2
Messages
java.lang.String
StreamMessage
ObjectMessage
Message Priority 25
Message Priority
The JMS specification includes a JMSPriority message header field in which
senders can set the priority of a message, as a value in the range [0,9]. EMS does
support message priority (though it is optional, and other vendors might not
implement it).
When the EMS server has several messages ready to deliver to a consumer client,
and must select among them, then it delivers messages with higher priority
before those with lower priority.
However, priority ordering applies only when the server has a backlog of
deliverable messages for a consumer. In contrast, when the server has only one
message at a time to deliver to a consumer, then the priority ordering feature will
not be apparent.
You can set default message priority for the Message Producer, as described in
Configuring a Message Producer on page 379. The default priority can be
overridden by the client when sending a message, as described in Sending
Messages on page 391.
See Also
26
| Chapter 2
Messages
PERSISTENT
As shown in Figure 5, when a producer sends a PERSISTENT message, the
producer must wait for the server to reply with a confirmation. The message is
persisted on disk by the server. This delivery mode ensures delivery of messages
to the destination on the server in almost all circumstances. However, the cost is
that this delivery mode incurs two-way network traffic for each message or
committed transaction of a group of messages.
Figure 5 Persistent Message Delivery
Message
Message
Producer
Confirmation
TIBCO EMS
Server
EMS Client
NON_PERSISTENT
Sending a NON_PERSISTENT message omits the overhead of persisting the
message on disk to improve performance.
If authorization is disabled on the server, the server does not send a
confirmation to the message producer.
If authorization is enabled on the server, the default condition is for the
producer to wait for the server to reply with a confirmation in the same manner as
when using PERSISTENT mode.
Depending on
npsend_check_mode
TIBCO EMS
Server
EMS Client
RELIABLE_DELIVERY
EMS extends the JMS delivery modes to include reliable delivery. Sending a
RELIABLE_DELIVERY message omits the server confirmation to improve
performance regardless of the authorization setting.
Figure 7 Reliable Message Delivery
Message
Producer
Message
TIBCO EMS
Server
EMS Client
When using RELIABLE_DELIVERY mode, the server never sends the producer a
receipt confirmation or access denial and the producer does not wait for it.
Reliable mode decreases the volume of message traffic, allowing higher message
rates, which is useful for messages containing time-dependent data, such as stock
price quotations.
When you use the reliable delivery mode, the client application does not receive
any response from the server. Therefore, all publish calls will always succeed (not
throw an exception) unless the connection to the server has been terminated.
In some cases a message published in reliable mode may be disqualified and not
handled by the server because the destination is not valid or access has been
denied. In this case, the message is not sent to any message consumer. However,
unless the connection to the server has been terminated, the publishing
application will not receive any exceptions, despite the fact that no consumer
received the message.
28
| Chapter 2
Messages
Send Message
Queue
EMS Client
Receive Message
Message
Consumer
EMS Client
Disk
TIBCO EMS
Server
Message
Producer
Publish
Message
Subscribe
to Topic
Topic
Either type of
consumer must
subscribe to the topic
for messages to be
saved to disk
EMS Client
Durable
Consumer
...and/or...
Fault
Tolerant
Consumer
Store
EMS Clients
This behavior is consistent with the JMS specification because durable subscribers
to a topic cause published messages to be saved. Additionally, subscribers to a
topic that have a fault-tolerant connection need to receive messages from the new
active server after a failover. However, non-durable subscribers without a
fault-tolerant connection that re-connect after a server failure are considered
newly created subscribers and are not entitled to receive any messages created
prior to the time they are created (that is, messages published before the
subscriber re-connects are not resent).
30
| Chapter 2
Messages
Each EMS server writes persistent messages to a store file. To prevent two servers
from using the same store file, each server restricts access to its store file for the
duration of the server process. For details on how EMS manages shared store
files, see How EMS Manages Access to Shared Store Files on page 120.
With the multiple stores feature, you can configure your messaging application to
store messages in different locations for each application, or to create separate
files for related destinations. For example, you can create one store for messages
supporting Marketing, and one for messages supporting Sales. Because stores are
configured in the server, they are transparent to clients.
The EMS Administration Tool allows administrators to review the systems
configured stores and their settings by using the show stores and show store
commands.
Store Types
TIBCO Enterprise Message Service allows you to configure several different types
of stores, described here.
File-Based Stores
The EMS server stores persistent messages in file-based stores. You can use the
default store files, or create your own file-based stores. You direct the EMS server
to write messages to these store files by associating a destination with a store.
32
| Chapter 2
Messages
File-based stores are enabled by default, and the server automatically defines
three default stores, described below. You do not need to do anything in order to
use the default stores.
The section Configuring Multiple Stores on page 33 describes how to change store
settings or create custom stores.
mstores
The mstore is designed to recover quickly after a failover. When mstores are in
use, the EMS server starts quickly, but may run more slowly until the mstore
cache is fully loaded. This is because the EMS server continually monitors the
store in the background. The server reads through the mstore incrementally and
discards stale data, such as purged and expired messages.
As a result, expired and purged messages are not immediately removed from the
mstore, and may remain in the store longer than they would in a file-based or
database storealthough they are not delivered to the consumer. These messages
are discarded during the periodic scans of the store. The scanning behavior is
determined by parameter settings in the store configuration, and is further
described in Understanding mstore Intervals on page 34.
Because of this behavior, querying the server for a total pending message count
may return an inaccurate value. However, querying specific destinations returns
an accurate count.
The section Configuring Multiple Stores on page 33 describes the mstore
configuration process. Note that an mstore cannot be configured dynamically.
Database Stores
The EMS server can store messages in one or more database instances. Database
stores must be configured to use a supported database. See Chapter 11, Using
Database Stores for a full description of this feature.
$sys.nonfailsafePersistent
The EMS server creates these file-based stores automatically, and no steps are
required to enable or deploy them. However, you can change the system
configuration to customize the default store file settings, or even override the
default store settings to either point to different file location, or write to an mstore
or database.
Note that the $sys.meta store may not be reconfigured to use the mstore type.
When using file-based stores, you can also change store associations
dynamically using the setprop topic or setprop queue command in the
EMS Administration Tool.
34
| Chapter 2
Messages
mstores
When using mstores, you cannot dynamically change the mstore associations
after they have been set. In order to change a destinations store property
from a store of the type mstore:
a. Stop the EMS server.
b. Empty the associated mstore of messages from the destination.
c. Change the store association by manually editing the destinations store
property in the topics.conf or queues.conf file.
d. Restart the EMS server.
Once mstores are enabled for a destination, you cannot dynamically change
the store property value using setprop or addprop. To change the store
property, you must stop the server, empty the mstore, manually make the
change, and restart.
The mstore stores data in multiple files. As a result, mstores cannot operate in
out of space conditions. In order to prevent an out of space situation
from arising, we recommend ensuring that there is at least twice as much disk
space available for the mstore as needed to hold the maximum amount of data
that might be stored in it.
Multiple destinations can be mapped to the same store, either explicitly or using
wildcards. Even if no stores are configured, the server sends persistent messages
that are not associated with a store to default stores. See Default Store Files for
more information.
For details about the store parameter, see store on page 73.
affect message transmission rates in the EMS server. If the EMS server
performance is negatively affected by the size of the mstore, you can tune the
mstore parameter values to spread mstore background activity over a longer
period of time, thereby decreasing the associated read rates.
scan_target_interval
scan_iter_interval
background activity.
For example, if the scan_iter_interval is 10 seconds, the EMS server begins
examining a new section of the mstore every 10 seconds. The amount of data
read in each increment is dependent on the total size of the store and the
length of the scan_target_interval. The server must examine enough data
in each interval to fully traverse the store within the target interval.
Example
For example, assume that scan_iter_interval is 10 seconds,
is 1 day (86,400 seconds), and the mstore contains 9 GBs
of data. Every 10 seconds, the EMS server will examine about 1 MB of data. This
produces an average read rate of about 100 KB/sec, which is unlikely to produce
performance degradation with most modern storage mediums.
scan_target_interval
If EMS server performance does slow, you may need to increase the
value in order to spread the background activity over
longer period of time. You can monitor the settings for problems using the show
store command and checking the ratio of "Discard scan bytes" to "Discard scan
interval". For best results, this ratio should be kept below 20% of the disk
processing capacity for each mstore. Consider this ratio in relation to your storage
medium's overall data transfer capacity, so as to make sure that the background
activity does not occupy an excessive amount of the system's resources.
scan_target_interval
36
| Chapter 2
Messages
MapMessage
The EMS client APIs (Java, .NET and C) include mechanisms for handling strings
and specifying the character encoding used for all strings within a message. The
following sections describe the implications of string character encoding for EMS
clients.
Nearly all character sets include unprintable characters. EMS software does not
prevent programs from using unprintable characters. However, messages
containing unprintable characters (whether in headers or data) can cause
unpredictable results if you instruct EMS to print them. For example, if you
enable the message tracing feature, EMS prints messages to a trace log file.
38
| Chapter 2
Messages
Sending Messages
When a client sends a message, the message stores the character encoding name
used for strings in that message. Java clients represent strings using Unicode. A
message created by a Java client that does not specify an encoding will use UTF-8
as the named encoding within the message. UTF-8 uses up to four bytes to
represent each character, so a Java client can improve performance by explicitly
using a single-byte character encoding, if possible.
Java clients can globally set the encoding to use with the setEncoding method or
the client can set the encoding for each message with the setMessageEncoding
method. For more information about these methods, see the TIBCO Enterprise
Message Service Java API Reference.
Typically, C clients manipulate strings using the character encoding of the
machine on which they are running.
Message Compression 39
Message Compression
The TIBCO Enterprise Message Service client can compress the body of a message
before sending the message to the server. EMS supports message
compression/decompression across client types (Java, C and C#). For example, a
Java producer may compress a message and a C consumer may decompress it.
40
| Chapter 2
Messages
Message Acknowledgement
The interface specification for JMS requires that message delivery be guaranteed
under many, but not all, circumstances. Figure 10 illustrates the basic structure of
message delivery and acknowledgement.
Figure 10 Message Delivery and Acknowledgement
3
1 Message
Message
Producer
Confirmation
TIBCO EMS
Server
4
5
Message
Acknowledgement
Confirmation of
acknowledgement
EMS Client
Message
Consumer
EMS Client
DUPS_OK_ACKNOWLEDGE
Message Acknowledgement 41
meanwhile the server might redeliver messages. This mode reduces session
overhead. Should JMS fail, the consumer may receive duplicate messages.
EMS extends the JMS session modes to include:
NO_ACKNOWLEDGE
EXPLICIT_CLIENT_ACKNOWLEDGE
EXPLICIT_CLIENT_DUPS_OK_ACKNOWLEDGE
The Simplified JMS API introduced in JMS 2.0 supports the session modes
defined in the JMS specification: CLIENT_ACKNOWLEDGE, AUTO_ACKNOWLEDGE,
DUPS_OK_ACKNOWLEDGE and SESSION_TRANSACTED. However, it does not support
the EMS extended session modes.
The session mode is set when creating a Session, as described in Creating a
Session on page 373.
NO_ACKNOWLEDGE
NO_ACKNOWLEDGE mode suppresses the acknowledgement of received messages.
After the server sends a message to the client, all information regarding that
message for that consumer is eliminated from the server. Therefore, there is no
need for the client application to send an acknowledgement to the server about
the received message. Not sending acknowledgements decreases the message
traffic and saves time for the receiver, therefore allowing better utilization of
system resources.
EXPLICIT_CLIENT_ACKNOWLEDGE
EXPLICIT_CLIENT_ACKNOWLEDGE is like CLIENT_ACKNOWLEDGE except it
acknowledges only the individual message, rather than all messages received so
far on the session.
42
| Chapter 2
Messages
EXPLICIT_CLIENT_DUPS_OK_ACKNOWLEDGE
EXPLICIT_CLIENT_DUPS_OK_ACKNOWLEDGE is like DUPS_OK_ACKNOWLEDGE except
it lazily" acknowledges only the individual message, rather than all messages
received so far on the session.
Message Selectors 43
Message Selectors
A message selector is a string that lets a client program specify a set of messages,
based on the values of message headers and properties. A selector matches a
message if, after substituting header and property values from the message into
the selector string, the string evaluates to true. Consumers can request that the
server deliver only those messages that match a selector.
The syntax of selectors is based on a subset of the SQL92 conditional expression
syntax.
Identifiers
Identifiers can refer to the values of message headers and properties, but not to
the message body. Identifiers are case-sensitive.
Basic Syntax
An identifier is a sequence of letters and digits, of any length, that begins with a
letter. As in Java, the set of letters includes _ (underscore) and $ (dollar).
Illegal
Value
Identifiers refer either to message header names or property names. The type of
an identifier in a message selector corresponds to the type of the header or
property value. If an identifier refers to a header or property that does not exist in
a message, its value is NULL.
Literals
String Literal
Exact Numeric
Literal
An exact numeric literal is a numeric value without a decimal point, such as 57,
-957, and +62; numbers in the range of long are supported.
Approximate
Numeric Literal
44
| Chapter 2
Messages
Boolean Literal
Expressions
Selectors as
Expressions
Arithmetic
Expression
Conditional
Expression
Order of
Evaluation
Operators
Case Insensitivity
Logical Operators
Comparison
Operators
Arithmetic
Operators
+, -
(unary)
*, /
+, -
Message Selectors 45
is equivalent to
is equivalent to
String
Set Membership
Pattern Matching
The identifier must evaluate to either a string or NULL. If it is NULL, then the value of
this expression is unknown.
Null Header or
Property
identifier IS NULL
46
| Chapter 2
Messages
byte
short
char
int
long
float
double
byte[]
byte
short
char
int
X
X
long
float
double
string
string
byte[]
X
X
Notes
Synchronous sending blocks the application thread until the entire send is
complete.
Each sending mode has certain benefits. The following sections describe the
benefits of the different modes.
Sending Synchronously
Because synchronous sending does not have the overhead involved in
asynchronous sending, it yields better performance in most cases. Synchronous
sending is also the best choice when sending the following types of messages:
Sending Asynchronously
The message producer can send messages asynchronously by registering a
completion listener to monitor message send success or failure. Operating in a
thread separate from that of the message producer, the completion listener
manages the response to a successful or failed send, leaving the message producer
free to perform other operations. See Creating a Completion Listener for
Asynchronous Sending on page 380 for details.
48
| Chapter 2
Messages
50
| Chapter 2
Messages
| 51
Chapter 3
Destinations
Topics
Wildcards, page 77
Inheritance, page 80
52
| Chapter 3
Destinations
Destination Overview
Destinations for messages can be either Topics or Queues. A destination can be
created statically in the server configuration files, or dynamically by a client
application.
Servers connected by routes exchange messages sent to temporary topics. As a
result, temporary topics are ideal destinations for reply messages in request/reply
interactions.
Table 9 summarizes the differences between static, dynamic, and temporary
destinations. The sections that follow provide more detail.
Table 9 Destination Overview (Sheet 1 of 2)
Aspect
Static
Dynamic
Temporary
Purpose
Temporary destinations
are ideal for limited-scope
uses, such as reply
subjects.
Scope of
Delivery
Dynamic destinations
support concurrent use.
That is, several client
processes (and in several
threads within a process)
can create local objects
denoting the destination,
and consume messages
from it.
Temporary destinations
support only local use.
That is, only the client
connection that created a
temporary destination can
consume messages from it.
Administrators create
static destinations using
EMS server administration
tools or API.
Creation
However, servers
connected by routes do
exchange messages sent to
temporary topics.
Destination Overview 53
Static
Dynamic
Temporary
Lookup
Not applicable.
Not applicable.
Duration
A static destination
remains in the server until
an administrator explicitly
deletes it.
A dynamic destination
remains in the server as
long as at least one client
actively uses it. The server
automatically deletes it (at
a convenient time) when
all applicable conditions
are true:
A temporary destination
remains in the server either
until the client that created
it explicitly deletes it, or
until the client disconnects
from the server.
Topic no offline
durable subscribers
exist for the topic
Queue queue, no
messages are stored in
the queue
Destination Names
A destination name is a string divided into elements, each element separated by
the dot character (.). The dot character allows you to create multi-part destination
names that categorize destinations.
For example, you could have an accounting application that publishes messages
on several destinations. The application could prefix all messages with ACCT,
and each element of the name could specify a specific component of the
application. ACCT.GEN_LEDGER.CASH, ACCT.GEN_LEDGER.RECEIVABLE,
and ACCT.GEN_LEDGER.MISC could be subjects for the general ledger portion
of the application.
54
| Chapter 3
Destinations
Separating the subject name into elements allows applications to use wildcards
for specifying more than one subject. See Wildcards on page 77 for more
information. The use of wildcards in destination names can also be used to define
"parent" and "child" destination relationships, where the child destinations inherit
the properties from its parents. See Inheritance of Properties on page 80.
Static Destinations
Configuration information for static destinations is stored in configuration files
for the EMS server. Changes to the configuration information can be made in a
variety of ways. To manage static destinations, you can edit the configuration files
using a text editor, you can use the administration tool, or you can use the
administration APIs.
Clients can obtain references to static destinations through a naming service such
as JNDI or LDAP. See Creating and Modifying Destinations on page 75 for more
information about how clients use static destinations.
Dynamic Destinations
Dynamic destinations are created on-the-fly by the EMS server, as required by
client applications. Dynamic destinations do not appear in the configuration files
and exist as long as there are messages or consumers on the destination. A client
cannot use JNDI to lookup dynamic queues and topics.
When you use the show queues or show topics command in the administration
tool, you see dynamic topics and queues have an asterisk (*) in front of their name
in the list of topics or queues. If a property of a queue or topic has an asterisk (*)
character in front of its name, it means that the property was inherited from the
parent queue or topic and cannot be changed.
See Dynamically Creating Topics and Queues on page 376 for details on topics
and queues can be dynamically created by the EMS server.
Temporary Destinations
TIBCO Enterprise Message Service supports temporary destinations as defined in
JMS specification and its API.
Servers connected by routes exchange messages sent to temporary topics. As a
result, temporary topics are ideal destinations for reply messages in request/reply
interactions.
For more information on temporary queues and topics, refer to the JMS
documentation described in Third Party Documentation on page xxviii.
Destination Overview 55
Destination Bridges
You can create server-based bridges between destinations of the same or different
types to create a hybrid messaging model for your application. This allows all
messages delivered to one destination to also be delivered to the bridged
destination. You can bridge between different destination types, between the
same destination type, or to more than one destination. For example, you can
create a bridge between a topic and a queue or from a topic to another topic.
See Destination Bridges on page 82 for more information about destination
bridging.
56
| Chapter 3
Destinations
Length
Destinations are limited to a total length of 249 characters. However, some of that
length is reserved for internal use. The amount of space reserved for internal use
varies according to the number of elements in the destination; destinations that
include the maximum number of elements are limited to 196 characters.
A destination can have up to 64 elements. Elements cannot exceed 127 characters.
Dot separators are not included in element length.
Destination Name
Performance
Considerations
Special
Characters in
Destination
Names
Destinations with several short elements perform better than one long
element.
A set of destinations that differ early in their element lists perform better than
subjects that differ only in the last element.
Char Name
Special Meaning
Dot
>
Greater-than
Char Name
Special Meaning
Asterisk
For more information on wildcard matching, see Wildcards * and > on page 77.
Examples
These examples illustrate the syntax for destination names.
Table 11 Valid Destination Name Examples
NEWS.LOCAL.POLITICS.CITY_COUNCIL
NEWS.NATIONAL.ARTS.MOVIES.REVIEWS
CHAT.MRKTG.NEW_PRODUCTS
CHAT.DEVELOPMENT.BIG_PROJECT.DESIGN
News.Sports.Baseball
finance
This.long.subject_name.is.valid.even.though.quite.uninformative
(null element)
(null element)
.TRIPLE.WRONG..
News.Tennis.Stats.Roger\.Federer
58
| Chapter 3
Destinations
Destination Properties
This section contains a description of properties for topics and queues.
You can set the properties directly in the topics.conf or queues.conf file or by
means of the setprop topic or setprop queue command in the EMS
Administration Tool.
Table 13 lists the properties that can be assigned to topics and queues. The
following sections describe each property.
Table 13 Destination properties (Sheet 1 of 2)
Property
Described on Page
Topic
Queue
channel
59
Yes
No
exclusive
59
No
Yes
expiration
60
Yes
Yes
export
60
Yes
No
flowControl
61
Yes
Yes
global
62
Yes
Yes
import
62
Yes
Yes
maxbytes
63
Yes
Yes
maxmsgs
64
Yes
Yes
maxRedelivery
64
No
Yes
overflowPolicy
65
Yes
Yes
prefetch
68
Yes
Yes
redeliveryDelay
70
No
Yes
secure
71
Yes
Yes
sender_name
72
Yes
Yes
sender_name_enforced
72
Yes
Yes
store
73
Yes
Yes
Destination Properties 59
Described on Page
Topic
Queue
74
Yes
Yes
trace
channel
The channel property determines the multicast channel over which messages
sent to this topic are broadcast. By including the channel property, the associated
topic is enabled for multicast.
Set the channel property using this form:
channel=name
Only one channel is allowed for each topic. For this reason, overlapping wildcard
topics are incompatible with channel properties. The creation of a wildcard topic
with a channel property that overlaps with another wildcard topic with a
channel property will fail. See Overlapping Wildcards and Disjoint Properties on
page 77 for more information.
This parameter cannot be used without first configuring multicast channels in the
channels.conf file and enabling this feature in the tibemsd.conf file.
For more information, see Chapter 14, Using Multicast, on page 405.
exclusive
The exclusive property is available for queues only (not for topics), and cannot
be used with global queues.
When exclusive is set for a queue, the server sends all messages on that queue to
one consumer. No other consumers can receive messages from the queue. Instead,
these additional consumers act in a standby role; if the primary consumer fails, the
server selects one of the standby consumers as the new primary, and begins
delivering messages to it.
You can set exclusive using the form:
exclusive
60
| Chapter 3
Destinations
Non-Exclusive
Queues &
Round-Robin
Delivery
By default, exclusive is not set for queues and the server distributes messages in
a round-robinone to each receiver that is ready. If any receivers are still ready to
accept additional messages, the server distributes another round of messages
one to each receiver that is still ready. When none of the receivers are ready to
receive more messages, the server waits until a queue receiver reports that it can
accept a message.
This arrangement prevents a large buildup of messages at one receiver and
balances the load of incoming messages across a set of queue receivers.
expiration
If an expiration property is set for a destination, the server honors the
overridden expiration period and retains the message for the length of time
specified by the expiration property.
However, the server overrides the JMSExpiration value set by the producer in
the message header with the value 0 and therefore the consuming client does not
expire the message.
You can set the expiration property for any queue and any topic using the form:
expiration=time[msec|sec|min|hour|day]
where time is the number of seconds. Zero is a special value that indicates
messages to the destination never expire.
You can optionally include time units, such as msec, sec, min, hour or day to
describe the time value as being in milliseconds, seconds, minutes, hours, or days,
respectively. For example:
expiration=10min
Means 10 minutes.
When a message expires it is either destroyed or, if the
JMS_TIBCO_PRESERVE_UNDELIVERED property on the message is set to true, the
message is placed on the undelivered queue so it can be handled by a special
consumer. See Undelivered Message Queue on page 22 for details.
All machines running EMS servers must be synchronized using NTP. Machines
running EMS clients do not need to synchronized. For information about how
non-synchronized client machines are handled, refer to the
clock_sync_interval parameter.
export
The export property allows messages published by a client to a topic to be
exported to the external systems with configured transports.
TIBCO Enterprise Message Service Users Guide
Destination Properties 61
where list is one or more transport names, as specified by the [transport_name] ids in
the transports.conf file. Multiple transport names in the list are separated by
commas.
For example:
export="RV1,RV2"
flowControl
The flowControl property specifies the target maximum size the server can use
to store pending messages for the destination. Should the number of messages
exceed the maximum, the server will slow down the producers to the rate
required by the message consumers. This is useful when message producers send
messages much more quickly than message consumers can consume them. Unlike
the behavior established by the overflowPolicy property, flowControl never
discards messages or generates errors back to producer.
You can set flowControl using the form:
flowControl=size[KB|MB|GB]
where size is the maximum number of bytes of storage for pending messages of
the destination. If you specify the flowControl property without a value, the
target maximum is set to 256KB.
You can optionally include a KB, MB or GB after the number to specify kilobytes,
megabytes, or gigabytes, respectively. For example:
flowControl=1000KB
62
| Chapter 3
Destinations
global
Messages destined for a topic or queue with the global property set are routed to
the other servers that are participating in routing with this server.
You can set global using the form:
global
For further information on routing between servers, see Chapter 21, Working
With Routes, on page 547.
import
The import property allows messages published by an external system to be
received by a EMS destination (a topic or a queue), as long as the transport to the
external system is configured.
You can set import using the form:
import="list"
where list is one or more transport names, as specified by the [NAME] ids in the
transports.conf file. Multiple transport names in the list are separated by
commas. For example:
import="RV1,RV2"
Destination Properties 63
maxbytes
Topics and queues can specify the maxbytes property in the form:
maxbytes=value[KB|MB|GB]
64
| Chapter 3
Destinations
maxmsgs
Topics and queues can specify the maxmsgs property in the form:
maxmsgs=value
where value defines the maximum number of messages that can be waiting in a
queue. When adding a message would exceed this limit, the server does not
accept the message into storage, and the message producers send call returns an
error (but see also overflowPolicy).
If maxmsgs is zero, or is not set, the server does not limit the number of messages
in the queue.
You can set both maxmsgs and maxbytes properties on the same queue. Exceeding
either limit causes the server to reject new messages until consumers reduce the
queue size to below these limits.
Under certain conditions, because of the pipelined nature of message processing
or the requirements of transactional messaging, the maxmsgs limit can be slightly
exceeded. You may see message totals that are marginally larger than the set limit.
You can further protect against consumers that receive messages without
acknowledging them using the parameter disconnect_non_acking_consumers.
maxRedelivery
The maxRedelivery property specifies the number of attempts the server should
make to deliver a message sent to a queue. Set maxRedelivery using the form:
maxRedelivery=count
where count is an integer between 2 and 255 that specifies the maximum number
of times a message can be delivered to receivers. A value of zero disables
maxRedelivery, so there is no maximum.
Once the server has attempted to deliver the message the specified number of
times, the message is either destroyed or, if the
JMS_TIBCO_PRESERVE_UNDELIVERED property on the message is set to true, the
message is placed on the undelivered queue so it can be handled by a special
consumer. See Undelivered Message Queue on page 22 for details.
For messages that have been redelivered, the JMSRedelivered header property is
set to true and the JMSXDeliveryCount property is set to the number of times the
message has been delivered to the queue. If the server restarts, the current
number of delivery attempts in the JMSXDeliveryCount property is not retained.
Destination Properties 65
In the event of an abrupt exit by the client, the maxRedelivery count can be
mistakenly incremented. An abrupt exit prevents the client from communicating
with the server; for example, when the client exits without closing the connection
or when the client application crashes. If a client application exits abruptly, the
EMS server counts all messages sent to the client as delivered, even if they were
not presented to the application.
For more information, see Undelivered Message Queue on page 22.
overflowPolicy
Topics and queues can specify the overflowPolicy property to change the effect
of exceeding the message capacity established by either maxbytes or maxmsgs.
Set the overflowPolicy using the form:
overflowPolicy=default|discardOld|rejectIncoming
66
| Chapter 3
Destinations
default
For topics, default specifies that messages are sent to each subscriber in turn. If
the maxbytes or maxmsgs setting has been reached for a subscriber, that subscriber
does not receive the message. No error is returned to the message producer.
For queues, default specifies that new messages are rejected by the server and an
error is returned to the producer if the established maxbytes or maxmsgs value has
been exceeded.
When delivery delay is enabled for a topic, the behavior of
overflowPolicy=default mimics that of a queue. That is, when maxbytes or
maxmsgs has been reached, new messages are rejected by the server and an error
is returned to the producer.
Note that this is the same default behavior for topics and queues as in EMS 4.3.
discardOld
For topics, discardOld specifies that, if any of the subscribers have an
outstanding number of undelivered messages on the server that are over the
message limit, the oldest messages are discarded before they are delivered to the
subscriber.
The discardOld setting impacts subscribers individually. For example, you might
have three subscribers to a topic, but only one subscriber exceeds the message
limit. In this case, only the oldest messages for the one subscriber are discarded,
while the other two subscribers continue to receive all of their messages.
When messages for a topic or queue exceed the maxbytes or maxmsgs value, the
oldest messages are silently discarded. No error is returned to the producer.
rejectIncoming
For topics, rejectIncoming specifies that, if any of the subscribers have an
outstanding number of undelivered messages on the server that are over the
message limit, all new messages are rejected and an error is returned to the
producer.
For queues, rejectIncoming specifies that, if messages on the queue have
exceeded the maxbytes or maxmsgs value, all new messages are rejected and an
error is returned to the producer. (This is the same as the default behavior.)
Examples
To discard messages on myQueue when the number of queued messages exceeds
1000, enter:
TIBCO Enterprise Message Service Users Guide
Destination Properties 67
To reject all new messages published to myTopic when the memory used by
undelivered messages for any of the topic subscribers exceeds 100KB, enter:
setprop topic myTopic maxbytes=100KB,overflowPolicy=rejectIncoming
68
| Chapter 3
Destinations
prefetch
The message consumer portion of a client and the server cooperate to regulate
fetching according to the prefetch property. The prefetch property applies to
both topics and queues.
You can set prefetch using the form:
prefetch=value
or more
Description
The message consumer automatically fetches messages from the
server. The message consumer never fetches more than the
number of messages specified by value.
See Automatic Fetch Enabled on page 69 for details.
none
Destination Properties 69
If both prefetch and maxRedelivery are set to a non-zero value, then there is a
potential to lose prefetched messages if one of the messages exceeds the
maxRedelivery limit. For example, prefetch=5 and maxRedelivery=4. The first
message is redelivered 4 times, hits the maxRedelivery limit and is sent to the
undelivered queue (as expected). However, the other 4 pre-fetched messages are
also sent to the undelivered queue and are not processed by the receiving
application. The work around is to set prefetch=none, but this can have
performance implications on large volume interfaces.
Background
Delivering messages from the server destination to a message consumer involves
two independent phasesfetch and accept:
The fetch phase is a two-step interaction between a message consumer and the
server.
The message consumer initiates the fetch phase by signalling to the server
that it is ready for more messages.
The server responds by transferring one or more messages to the client,
which stores them in the message consumer.
In the accept phase, client code takes a message from the message consumer.
The receive call embraces both of these phases. It initiates fetch when needed
and it accepts a message from the message consumer.
To reduce waiting time for client programs, the message consumer can prefetch
messagesthat is, fetch a batch of messages from the server, and hold them for
client code to accept, one by one.
Automatic Fetch Enabled
To enable automatic fetch, set prefetch to a positive integer. Automatic fetch
ensures that if a message is available, then it is waiting when client code is ready
to accept one. It can improve performance by decreasing or eliminating client idle
time while the server transfers a message.
However, when a queue consumer prefetches a group of messages, the server
does not deliver them to other queue consumers (unless the first queue
consumers connection to the server is broken).
A positive prefetch must be configured in order to use receiveNoWait function
calls.
70
| Chapter 3
Destinations
Inheritance
When a destination inherits the prefetch property from parent destination with
matching names, these behaviors are possible:
When all parent destinations set the value none, then the child destination
inherits the value none.
When any parent destination sets a non-zero numeric value, then the child
destination inherits the largest value from among the entire parent chain.
When none of the parent destinations sets any non-zero numeric value, then
the child destination uses the default value (which is 5).
redeliveryDelay
When redeliveryDelay is set, the EMS server waits the specified interval before
returning an unacknowledged message to the queue. When a previously
delivered message did not receive a successful acknowledgement, the EMS server
waits the specified redelivery delay before making the message available again in
the queue. This is most likely to occur in the event of a transaction rollback,
session or message recovery, session or connection close, or the abrupt exit of a
client application. However, note that the delay time is not exact, and in most
situations will exceed the specified redeliveryDelay.
The redelivery delay is not available for routed queues.
Destination Properties 71
The value can be specified in seconds, minutes, or hours. The value may be in the
range of 15 seconds and 8 hours.
You can set redeliveryDelay using the form:
redeliveryDelay=time[sec|min|hour]
where time is the number of seconds. Zero is a special value that indicates no
redelivery delay.
You can optionally include time units, such as sec, min, or hour describe the time
value as being in seconds, minutes, or hours, respectively. For example:
redeliveryDelay=30min
secure
When the secure property is enabled for a destination, it instructs the server to
check user permissions whenever a user attempts to perform an operation on that
destination.
You can set secure using the form:
secure
If the secure property is not set for a destination, the server does not check
permissions for that destination and any authenticated user can perform any
operation on that topic or queue.
The secure property is independent of SSLit controls basic authentication and
permission verification within the server. To configure secure communication
between clients and server, see Using the SSL Protocol on page 501.
The server authorization property acts as a master switch for checking
permissions. That is, the server checks user permissions on secure destinations
only when the authorization property is enabled. To enforce permissions, you
must both enable the authorization configuration parameter, and set the secure
property on each affected destination.
TIBCO Enterprise Message Service Users Guide
72
| Chapter 3
Destinations
See Chapter 8, Authentication and Permissions, on page 273 for more information
on permissions and the secure property.
sender_name
The sender_name property specifies that the server may include the senders
username for messages sent to this destination.
You can set sender_name using the form:
sender_name
When the sender_name property is enabled, the server takes the user name
supplied by the message producer when the connection is established and places
that user name into the JMS_TIBCO_SENDER property in the message.
The message producer can override this behavior by specifying a property on a
message. If a message producer sets the JMS_TIBCO_DISABLE_SENDER property
to true for a message, the server overrides the sender_name property and does
not add the sender name to the message.
If authentication for the server is turned off, the server places whatever user name
the message producer supplied when the message producer created a connection
to the server. If authentication for the server is enabled, the server authenticates
the user name supplied by the connection and the user name placed in the
message property will be an authenticated user. If SSL is used, the SSL connection
protocol guarantees the client is authenticated using the clients digital certificate.
sender_name_enforced
The sender_name_enforced property specifies that messages sent to this
destination must include the senders user name. The server retrieves the user
name of the message producer using the same procedure described in the
sender_name property above. However, unlike, the sender_name property, there
is no way for message producers to override this property.
You can set sender_name_enforced using the form:
sender_name_enforced
Destination Properties 73
If the sender_name property is also set on the destination, this property overrides
the sender_name property.
In some business situations, clients may not be willing to disclose the username of
their message producers. If this is the case, these clients may wish to avoid
sending messages to destinations that have the sender_name or
sender_name_enforced properties enabled.
In these situations, the operator of the EMS server should develop a policy for
disclosing a list of destinations that have these properties enabled. This will allow
clients to avoid sending messages to destinations that would cause their message
producer usernames to be exposed.
store
The store property determines where messages sent to this destination are
stored. Messages may be stored in a file, or in a database. See Store Messages in
Multiple Stores on page 31 for more information on using and configuring
multiple stores.
When using the setprop or addprop commands to change the store settings for a
topic or queue, note that existing messages are not migrated to the new store. As a
result, stopping the EMS server and deleting the original store may result in data
loss, if a destination still had messages in the original store.
Set the store property using this form:
store=name
Only one store is allowed for each destination. If there is a conflict, for example if
overlapping wildcards cause a topic to inherit multiple store properties, the topic
creation will fail.
This parameter cannot be used without first enabling this feature in the
tibemsd.conf file. The stores.conf file must also exist, but can be left empty if
the only store names that are associated with destinations are the default store
files.
See Store Messages in Multiple Stores on page 31 for more information.
TIBCO Enterprise Message Service Users Guide
74
| Chapter 3
Destinations
trace
The trace property specifies that tracing should be enabled for this destination.
You can set trace using the form:
trace = [body]
Specifying trace (without =body), generates trace messages that include the
message sequence, message ID, and message size. Specifying trace=body
generates trace messages that include the message body. See Message Tracing on
page 488 for more information about message tracing.
The queue and topic data stored on the EMS server is located in the queues.conf
and topics.conf files, respectively. You can use the show queues and show
topics commands to list all of the queues and topics on your EMS server and the
show queue and show topic commands to show the configuration details of
specific queues and topics.
A queue or topic may include optional properties that define the specific
characteristics of the destination. These properties are described in Destination
Properties on page 58 and they can be specified when creating the queue or topic
or modified for an existing queue or topic using the addprop queue, addprop
topic, setprop queue, setprop topic, removeprop queue, and removeprop
topic commands.
For example, to discard messages on myQueue when the number of queued
messages exceeds 1000, you can set an overflowPolicy by entering:
addprop queue myQueue maxmsgs=1000,overflowPolicy=discardOld
The setprop queue and setprop topic commands remove properties that are
not explicitly set by the command. For example, to change maxmsgs to 100 and to
remove the overflowPolicy parameter, enter:
setprop queue myQueue maxmsgs=100
76
| Chapter 3
Destinations
Wildcards 77
Wildcards
You can use wildcards when specifying statically created destinations in
queues.conf and topics.conf. The use of wildcards in destination names can
be used to define "parent" and "child" destination relationships, where the child
destinations inherit the properties and permissions from its parents. You must
first understand wildcards to understand the inheritance rules described in
Inheritance on page 80.
When > is mixed with text, it matches one or more trailing elements. For
example:
foo.>
The wildcard * means that any token can be in the place of *. For example:
foo.*
78
| Chapter 3
Destinations
channel
store
Wildcards in Topics
TIBCO Enterprise Message Service enables you to use wildcards in topic names in
some situations:
foo.*
Wildcards in Queues
TIBCO Enterprise Message Service enables you to use wildcards in queue names
in some situations. You can neither send to nor receive from wildcard queue
names. However, you can use wildcard queue names in the configuration files.
For example, if the queue configuration file includes a line:
foo.*
foo.bar, foo.bob,
Wildcards 79
channel=channel-1
channel=channel-2
The EMS server can dynamically create a queue with any name.
The EMS server can dynamically create topics with names like foo.bar,
foo.boo, foo.boo.bar, and foo.bar.boo.
The EMS server can dynamically create queues with names like foo.bar and
foo.boo, but not foo.bar.boo.
The EMS server can dynamically create topics with names like foo.boo.bar,
but not foo.bar.
80
| Chapter 3
Destinations
Inheritance
This section describes the inheritance of properties and permissions. For more
information on wildcards, refer to Wildcards on page 77. For more information on
destination properties, refer to Destination Properties on page 58. For more
information on permissions, refer to Chapter 8, Authentication and Permissions,
on page 273.
Inheritance of Properties
All destination properties are inheritable for both topics and queues. This means
that a property set for a "wildcarded" destination is inherited by all destinations
with matching names.
For example, if you have the following in your topics.conf file:
foo.* secure
foo.bar
foo.bob
Topics foo.bar and foo.bob are secure topics because they inherit secure from
their parent, foo.*. If your EMS server were to dynamically create a foo.new
topic, it too would have the secure property.
The properties inherited from a parent are in addition to the properties defined for
the child destination.
For example, if you have the following in your topics.conf file:
foo.* secure
foo.bar sender_name
Inheritance 81
When there are multiple ancestors for a destination, the destination inherits the
properties from all of the parents. For example:
> sender_name
foo.* secure
foo.bar trace
The foo.bar topic has the sender_name, secure and trace properties.
When there are multiple parents for a destination that contain conflicting
property values, the destination inherits the smallest value. For example:
> maxbytes=2000
foo.* maxbytes=200
foo.bar
you make every topic store messages, regardless of additional entries. This might
require a great deal of memory for storage and greatly decrease the system
performance.
Inheritance of Permissions
Inheritance of permissions is similar to inheritance of properties. If the parent has
a permission, then the child inherits that permission. For example, if Bob belongs
to GroupA, and GroupA has publish permission on a topic, then Bob has
publish permission on that topic.
Permissions for a single user are the union of the permissions set for that user, and
of all permissions set for every group in which the user is a member. These
permission sets are additive. Permissions have positive boolean inheritance. Once
a permission right has been granted through inheritance, it can not be removed.
All rules for wildcards apply to inheritance of permissions. For example, if a user
has permission to publish on topic foo.*, the user also has permission to publish
on foo.bar and foo.new.
For more information on wildcards, refer to Wildcards on page 77. For more
information on permissions, refer to User Permissions on page 291.
82
| Chapter 3
Destinations
Destination Bridges
Some applications require the same message to be sent to more than one
destination, possibly of different types. For example, an application may send
messages to a queue for distributed load balancing. That same application,
however, may also need the messages to be published to several monitoring
applications. Another example is an application that publishes messages to
several topics. All messages however, must also be sent to a database for backup
and for data mining. A queue is used to collect all messages and send them to the
database.
An application can process messages so that they are sent multiple times to the
required destinations. However, such processing requires significant coding effort
in the application. EMS provides a server-based solution to this problem. You can
create bridges between destinations so that messages sent to one destination are
also delivered to all bridged destinations.
Bridges are created between one destination and one or more other destinations
of the same or of different types. That is, you can create a bridge from a topic to a
queue or from a queue to a topic. You can also create a bridge between one
destination and multiple destinations. For example, you can create a bridge from
topic a.b to queue q.b and topic a.c.
When specifying a bridge, you can specify a particular destination name, or you
can use wildcards. For example, if you specify a bridge on topic foo.* to queue
foo.queue, messages delivered to any topic matching foo.* are sent to
foo.queue.
Because global topics are routed between servers and global queues are limited to
their neighbors, in most cases the best practice is to send messages to a topic and
then bridge the topic to a queue.
When multiple bridges exist, using wildcards to specify a destination name may
result in a message being delivered twice. For example, if the queues Q.1 and Q.>
are both bridged to QX.1, the server will deliver two copies of sent messages to
QX.1.
The following three figures illustrate example bridging scenarios.
Destination Bridges 83
Subscriber
Topic
A.B
Publisher
Subscriber
Queue
queue.B
Consumer
Topic
Publisher
A.B
Subscriber
Queue
Topic
queue.B
C.B
Subscriber
Consumer
84
| Chapter 3
Destinations
Queue
Publisher
queue.foo
Subscriber
Queue
Topic
queue.bar
topic.foo
Subscriber
Consumer
When a bridge exists between two queues, the message is delivered to both
queues. The queues operate independently; if the message is retrieved from one
queue, that has no effect on the status of the message in the second queue.
Bridges are not transitive. That is, messages sent to a destination with a bridge are
only delivered to the specified bridged destinations and are not delivered across
multiple bridges. For example, topic A.B has a bridge to queue Q.B. Queue Q.B
has a bridge to topic B.C. Messages delivered to A.B are also delivered to Q.B, but
not to B.C.
The bridge copies the source message to the target destination, which assigns the
copied message a new message identifier. Note that additional storage may be
required, depending on the target destination store parameters.
Creating a Bridge
Bridges are configured in the bridges.conf configuration file. You specify a
bridge using the following syntax:
[destinationType:destinationName]
destinationType=destinationToBridgeTo selector="messageSelector"
Destination Bridges 85
For detailed information about message selector syntax, see the documentation
for the Message class in the relevant EMS API reference document.
Transactions
When a message producer sends a message within a transaction, all messages
sent across a bridge are part of the transaction. Therefore, if the transaction
succeeds, all messages are delivered to all bridged destinations. If the transaction
fails, no consumers for bridged destinations receive the messages.
86
| Chapter 3
Destinations
Flow Control 87
Flow Control
In some situations, message producers may send messages more rapidly than
message consumers can receive them. The pending messages for a destination are
stored by the server until they can be delivered, and the server can potentially
exhaust its storage capacity if the message consumers do not receive messages
quickly enough. To avoid this, EMS allows you to control the flow of messages to
a destination. Each destination can specify a target maximum size for storing
pending messages. When the target is reached, EMS blocks message producers
when new messages are sent. This effectively slows down message producers
until the message consumers can receive the pending messages.
88
| Chapter 3
Destinations
When the storage for pending messages is near the specified limit, the server
blocks all new calls to send a message from message producers. The calls do not
return until the storage has decreased below the specified limit, or the
flowControl limit is increased. Once message consumers have received
messages and the pending message storage goes below the specified limit, the
server allows the send message calls to return to the caller and the message
producers can continue processing.
If there are no message consumers for a destination, the server does not enforce
flow control for the destination. That is, if a queue has no started receivers, the
server cannot enforce flow control for that queue. Also, if a topic has inactive
durable subscriptions or no current subscribers, the server cannot enforce flow
control for that topic. For topics, if flow control is set on a specific topic (for
example, foo.bar), then flow control is enforced as long as there are subscribers
to that topic or any parent topic (for example, if there are subscribers to foo.*).
Flow Control 89
If the flowControl property is set on the topic on the server receiving the
messages, when the pending message size limit is reached, messages are not
forwarded by way of the route until the topic subscriber receives enough
messages to lower the pending message size below the specified limit.
If the flowControl property is set on the topic on the server sending the
messages, the server may block any topic publishers when sending new messages
if messages cannot be sent quickly enough by way of the route. This could be due
to network latency between the routed servers or it could be because flow control
on the other server is preventing new messages from being sent.
The dependency analysis is analogous to mutex deadlock. You must analyze your
programs and distributed systems in a similar way to avoid potential deadlock.
90
| Chapter 3
Destinations
Thread T1
P1
C1
Destinations with
Flow Control
Send Msg
Consume
Dest
A
Consume
Dest
B
Send Msg
Dependency
Thread T2
C2
P2
D
e
p
e
n
d
e
n
c
y
Delivery Delay 91
Delivery Delay
This feature is currently available only with EMS clients for Java.
The delivery delay feature allows the message producer to specify the earliest
time at which a message should be delivered to consumers. This is done by using
the setDeliveryDelay() method to set the minimum length of time that must
elapse after a message is sent before the EMS server may deliver the message to a
consumer.
Whenever a message is sent to destination dest with a non-zero delivery delay for
the first time, the server dynamically creates a queue named
$sys.delayed.q.dest when dest is a queue, or $sys.delayed.t.dest when dest is a
topic.
$sys.delayed queues support browsing and purging but do not support other
permissions such as receive or send. They inherit destination limits, security, and
storage selection properties from dest. However, note that a $sys.delayed.t
queue created for a topic that has the secure property cannot be browsed.
92
| Chapter 3
Destinations
| 93
Chapter 4
Getting Started
Topics
94
| Chapter 4
Getting Started
The JNDI subdirectory contains sample clients that use the JNDI lookup
technique.
In this chapter, you will use some of the sample clients in the
EMS_HOME/samples/java directory. For information on compiling and running
the other sample clients, see the Readme files in their respective folders.
This compiles all the samples in the directory, except for those samples in the
JNDI and tibrv subdirectories.
If the files compile successfully, the class files will appear in the
EMS_HOME/samples/java directory. If they do not compile correctly, an
96
| Chapter 4
Getting Started
If you are using TIBCO Enterprise Message Service on a single computer, type
connect in the command line of the Administration tool:
> connect
You will be prompted for a login name. If this is the first time youve used the
EMS administration tool, follow the procedure described in When You First
Start tibemsadmin on page 128.
Once you have logged in, the screen will display:
connected to tcp://localhost:7222
tcp://localhost:7222>
If you are using TIBCO Enterprise Message Service in a network, use the
connect server command as follows:
> connect [server
Create Users
Once you have connected the administration tool to the server, use the create
user command to create two users.
In the administration tool, enter:
tcp://localhost:7222> create user user1
tcp://localhost:7222> create user user2
user2
have been
You have now created two users. You can confirm this with the show
command:
users
user
user
on
98
| Chapter 4
Getting Started
Create a Queue
In the point-to-point messaging model, client send messages to and receive
messages from a queue.
To create a new queue in the administration tool, use the create
command to create a new queue named myQueue:
queue
For more information on the create queue command, refer to create queue on
page 134. For more information on the commit command, see commit on page 131
and autocommit on page 131.
The messages placed on the queue are displayed in the receivers window.
Messages placed on a queue by the sender are persistent until read by the
receiver, so you can start the sender and receiver clients in any order.
Create a Topic
In the publish/subscribe model, you publish and subscribe to topics.
To create a new topic in the administration tool, use the create
to create a new topic named myTopic:
topic
command
For more information on the create topic command, refer to create topic on
page 135. For more information on the commit command, see commit on page 131
and autocommit on page 131.
100
| Chapter 4
Getting Started
The command windows do not return to the prompt when the subscribers are
running.
The command line window will display a message stating that both messages
have been published:
Publishing on topic 'myTopic'
Published message: hello
Published message: user2
After the messages are published, the command window for the publisher returns
to the prompt for further message publishing.
Note that if you attempt to use the form:
java tibjmsMsgProducer -topic myTopic -user user1
without adding the messages, you will see an error message, reminding you that
you must have at least one message text.
The first and second command line windows containing the subscribers will
show that each subscriber received the two messages:
Subscribing to topic: myTopic
Received message: TextMessage={ Header={
JMSMessageID={ID:EMS-SERVER.97C44203CDF A:1}
JMSDestination={Topic[myTopic]} JMSReplyTo={null}
JMSDeliveryMode={PERSISTENT} JMSRedelivered={false}
JMSCorrelationID={null} JMSType={null} JMSTimestamp={Tue Mar 21
12:04:56 PST 2006} JMSExpiration={0} JMSPriority={4} }
Properties={} Text={hello} }
Received message: TextMessage={ Header={
JMSMessageID={ID:EMS-SERVER.97C44203CDFA:2}
JMSDestination={Topic[myTopic]} JMSReplyTo={null}
JMSDeliveryMode={PERSISTENT} JMSRedelivered={false}
JMSCorrelationID={null} JMSType={null} JMSTimestamp={Tue Mar 21
12:04:56 PST 2006} JMSExpiration={0} JMSPriority={4} }
Properties={} Text={user2} }
102
| Chapter 4
Getting Started
To enable server authorization and add the secure property to a topic, do the
following steps:
1. In each subscriber window, enter Control-C to stop each subscriber.
2. In the administration tool, use the set
authorization property:
server
For more information on the set server command, refer to set server on
page 145. For more information on the addprop topic command, refer to
addprop topic on page 131.
Grant Topic Access Permissions to Users
To see how permissions affect the ability to publish and receive messages, grant
publish permission to user1 and subscribe permission to the user2.
Use the grant
myTopic.
topic
topic
topic
on
You can now start user1 as the publisher and send messages to user2, as
described in Start the Publisher Client and Send Messages on page 100.
4. In the administration tool, use the show durables command to confirm that
user2 is a durable subscriber to myTopic:
tcp://localhost:7222> show durables
Topic Name
Durable
User
* myTopic
subscriber
user2
Msgs
0
Size
0.0 Kb
104
| Chapter 4
Getting Started
You will be asked to restart the server once it has been configured for multicast.
Subs
0
Durs
0
Msgs
0
Size
0.0 Kb
106
| Chapter 4
Getting Started
4. In the administration tool, use the show consumers command to confirm that
user1 is a multicast subscriber to multicastTopic as indicated by a + in the
M column:
tcp://optimist:7222> show consumers topic=multicastTopic
Pend Pend
Id Conn User
T Topic
SASNM Msgs Size Uptime
2
user1
multicastTopic +N--+
0:03:17
| 107
Chapter 5
To use TIBCO Enterprise Message Service with your applications, the TIBCO
Enterprise Message Service Server must be running. The server and the clients
work together to implement TIBCO Enterprise Message Service. The server
implements all types of message persistence and no messages are stored on the
client side.
Topics
108
| Chapter 5
tibemsd.sh
tibemsd.bat
Running the script starts the EMS server using the configuration files in the
default location, config-file-directory\cfmgmt\ems\data directory, where the
config-file-directory corresponds to the Configuration Directory specified during
installation.
tibemsd -config
json-file-path
where json-file-path is the path to your JSON configuration file. For example:
tibemsd -config /tibemsconfig/tibemsd.json
When started using the JSON configuration, the tibemsd silently ignores any
unknown parameters. For example, no configuration errors are thrown if the
tibemsd.json file contains an obsolete parameter.
For information on converting .conf configuration files to JSON configuration
files, see Converting Server Configuration Files to JSON in the TIBCO Enterprise
Message Service Central Administration guide.
Starting Fault Tolerant Server Pairs
In Central Administration, fault tolerant pairs share a single JSON configuration
file. Primary and secondary server roles are determined when the servers are
started.
Start the primary EMS server as usual. Start the secondary server using the
flag. For example, where the JSON configuration file is
tibemsd.json:
-secondary
On Windows
110
| Chapter 5
[options]
where options are described in Table 15. The command options to tibemsd are
similar to the parameters you specify in tibemsd.conf, and the command
options override any value specified in the parameters. See tibemsd.conf on
page 189 for more information about configuration parameters.
Table 15 tibemsd Options
Option
-config
Description
config file name
config file name is the name of the main configuration file for tibemsd
Specifies the trace items. These items are not stored in the
configuration file. The value has the same format as the value of
log_trace parameter specified with set server command of the
administration tool; see Tracing on the Server on page 483.
items
-secondary
-ssl_password
string
-ssl_trace
-ssl_debug_trace
-ft_active
active_url
URL of the active server. If this server can connect to the active
server, it will act as a standby server. If this server cannot connect to
the active server, it will become the active server.
Description
seconds
seconds
-forceStart
112
| Chapter 5
emsntsrg
The emsntsrg utility registers or unregisters the EMS server daemon or the EMS
multicast daemon as a Windows service.
Syntax
Remarks
Restrictions
Location
service_directory [arguments]
Some situations require the EMS server processes to start automatically. You can
satisfy this requirement by registering these with the Windows service manager.
This utility facilitates registry.
You must have administrator privileges to change the Windows registry.
Locate this utility program as an executable file in the EMS bin directory.
Parameter
Description
/i
Insert a new service in the registry (that is, register a new service).
/a
/?
Display usage.
service_name
Parameter
Description
emsntsct_directory
service_directory
Use this directory pathname to locate the service executable, either tibemsd or
tibemsmcd. Required.
arguments
suffix
When registering more than one instance of a service, you can use this suffix to
distinguish between them in the Windows services applet. Optional.
/r
To register tibemsd as a Windows service, run the utility with this command line:
emsntsrg /i [/a] tibemsd
[suffix]
To register tibemsmcd as a Windows service, run the utility with this command
line:
emsntsrg /i [/a] tibemsmcd
[suffix]
Example 1
Example 2
Example 3
This pair of example commands registers two tibemsd services with different
configuration files. In this example, the numerical suffix and the configuration
directory both reflect the port number that the service uses.
emsntsrg /i tibemsd C:\tibco\ems\8.1\bin C:\tibco\ems\8.1\bin
"-config C:\tibco\ems\8.1\7222\tibemsd.conf" 7222
emsntsrg /i tibemsd C:\tibco\ems\8.1\bin C:\tibco\ems\8.1\bin
"-config C:\tibco\ems\8.1\7223\tibemsd.conf" 7223
114
| Chapter 5
Example 4
When you register several EMS services, you must avoid configuration
conflicts. For example, two instances of tibemsd cannot listen on the same
port.
Example 5
Note that specifying a log file can help identify conflicts that might prevent the
multicast daemon service from starting.
Example 6
This pair of example commands registers two multicast daemon services with
different ports. In this example, the numerical suffix reflects the port number that
the service uses.
emsntsrg /i tibemsmcd C:\tibco\ems\8.1\bin C:\tibco\ems\8.1\bin
"-listen 7345" 7345
emsntsrg /i tibemsmcd C:\tibco\ems\8.1\bin C:\tibco\ems\8.1\bin
"-listen 7346" 7346
Remove
To view a command line summary, run the utility with this command line:
emsntsrg
The Windows services applet displays the name of each registered service. For
EMS services, it also displays this additional information:
When the EMS server encounters one of these errors during startup, the recovery
policy is:
By default, the server exits startup completely when a corrupt disk record
error is detected. Because the state can not be safely restored, the server can
not proceed with the rest of the recovery. You can then examine your
configuration settings for errors. If necessary, you can then copy the store and
configuration files for examination by TIBCO Support.
You can direct the server to delete bad records by including the -forceStart
command line option. This prevents corruption of the server runtime state.
It is important to backup the store files before restarting the server with the
option, because data will be lost when the problematic records are
deleted.
-forceStart
Keep in mind that different type of records are stored in the store files. The most
obvious are the persistent JMS Messages that your applications have sent.
However, other internal records are also stored. If a consumer record used to
persist durable subscriber state information were to be corrupted and later
deleted with the -forceStart option, all JMS messages that were persisted (and
valid in the sense that they were not corrupted) would also be lost because the
durable subscription itself would not be recovered.
When running in this mode, the server still reports any errors found during the
recovery, but problematic records are deleted and the recovery proceeds. This
mode may report more issues than are reported without the -forceStart option,
because without that flag the server stops with the very first error.
We strongly recommended that you make a backup of all store files before
restarting the server with the -forceStart option. The backup is useful when
doing a postmortem analysis to find out what records were deleted with the
-forceStart option.
116
| Chapter 5
Security Considerations
This section highlights information relevant to secure deployment. We
recommend that all administrators read this section.
Secure Environment
To ensure secure deployment, EMS administration must meet the following
criteria:
Physical Controls The computers where EMS is installed are located in areas
Domain Control The operating system, file system and network protocols
ensure domain separation for EMS, to prevent unauthorized access to the
server, its configuration files, LDAP servers, etc.
Destination Security
Three interacting factors affect the security of destinations (that is, topics and
queues). In a secure deployment, you must properly configure all three of these
items:
Authorization Parameter
The servers authorization parameter acts as a master switch for checking
permissions for connection requests and operations on secure destinations. The
default value of this parameter is disabledthe server does not check any
permissions, and allows all operations. For secure deployment, you must enable
this parameter.
Admin Password
For ease in installation and initial testing, the default setting for the admin
password is no password at all. Until you set an actual password, the user admin
can connect without a password. Once the administrator password has been set,
the server always requires it.
To configure a secure deployment, the administrator must change the admin
password immediately after installation; see Assign a Password to the
Administrator on page 128.
Connection Security
When authorization is enabled, the server requires a name and password
before users can connect. Only authenticated users can connect to the server. The
form of authentication can be either an X.509 certificate or a username and
password (or both).
When authorization is disabled, the server does not check user authentication;
all user connections are allowed. However, even when authorization is
disabled, the user admin must still supply the correct password to connect to the
server.
Even when authorization is enabled, the administrator (admin) may explicitly
allow anonymous user connections, which do not require password
authorization. To allow these connections, create a user with the name anonymous
and no password.
Creating the user anonymous does not mean that anonymous has all permissions.
Individual topics and queues can still be secure, and the ability to use these
destinations (either sending or receiving) is controlled by the access control list of
permissions for those destinations. The user anonymous can access only
non-secure destinations.
Nonetheless, this feature (anonymous user connections) is outside the tested
configuration of EMS security certification.
For more information on destination security, refer to the destination property
secure on page 71, and Create Users on page 97.
118
| Chapter 5
Communication Security
For communication security between servers and clients, and between servers
and other servers, you must explicitly configure SSL within EMS; see Using the
SSL Protocol on page 501.
SSL communication requires software to implement SSL on both server and
client. The EMS server includes the OpenSSL implementation. Java client
programs must use either JSSE (part of the Java environment) or separately
purchased SSL software from Entrust; neither of these are part of the EMS
product. C client programs can use the OpenSSL library shipped with EMS.
You must safeguard the security of EMS configuration files and LDAP servers.
Timestamp
The administration tool can either include or omit a timestamp associated with
the output of each command. To ensure a secure deployment, you must explicitly
enable the timestamp feature. Use the following administration tool command:
time on
Passwords
Passwords are a significant point of vulnerability for any enterprise. We
recommend enforcing strong standards for passwords.
For security equivalent to single DES (an industry minimum), security experts
recommend passwords that contain 814 characters, with at least one upper case
character, at least one numeric character, and at least one punctuation character.
EMS software does not automatically enforce such standards for passwords. You
must enforce such policies within your organization.
120
| Chapter 5
UNIX
Performance Tuning
By default, the TIBCO Enterprise Message Service server has the following
general thread architecture:
122
| Chapter 5
Other Considerations
When assigning cores for EMS use, ensure that the Operating System does not
schedule those cores for other processes.
Assign cores on the same die if possible. This reduces cache sharing between
dies. High levels of cache sharing between dies reduces memory performance.
124
| Chapter 5
| 125
Chapter 6
This chapter gives an overview of commands and use in the administration tool
for TIBCO Enterprise Message Service.
Topics
126
| Chapter 6
Description
or -h
-script
script-file
Description
-server
-user
server-url
user-name
-password
password
-ignore
-mangle [password]
server password
database password
-ssl_identity
-ssl_issuer
filename
filename
filename
-ssl_password
password
-ssl_noverifyhostname
-ssl_hostname
-ssl_trace
name
128
| Chapter 6
Description
-ssl_debug_trace
When a command specifies -user and -password, that information is not stored
for later use. It is only used to connect to the server specified in the same
command line. The user name and password entered on one command line are
not reused with subsequent connect commands entered in the script file or
interactively.
Examples
tibemsadmin -server "tcp://host:7222"
tibemsadmin -server "tcp://host:7222" -user admin -password secret
Some options are needed when you choose to make a SSL connection. For more
information on SSL connections, refer to Chapter 19, Using the SSL Protocol,
page 501.
password
When you restart the administration tool and type connect, the administration
tool now requires your password before connecting to the server.
For further information about setting and resetting passwords, refer to set
on page 144.
password
Naming Conventions
These rules apply when naming users, groups, topics or queues:
Both * and > are wildcards, and cannot be used in names except as wildcards.
130
| Chapter 6
Command Listing
The command line interface of the administration tool allows you to perform a
variety of functions. Note that when a system uses shared configuration files, the
actions performed using the administration tool take effect only when connected
to the active server.
Many of the commands listed below accept arguments that specify the names of
users, groups, topics or queues. For information about the syntax and that apply
to these names, see Naming Conventions on page 129.
Note that SSL commands are not listed in this table. SSL commands are listed in
several tables in Chapter 19, Using the SSL Protocol, on page 501.
The following is an alphabetical listing of the commands including command
syntax and a description of each command.
add member
add member
Add one or more users to the group. User names that are not already defined are
added to the group as external users; see Administration Commands and
External Users and Groups on page 288.
addprop factory
addprop factory
addprop queue
addprop queue
queue-name properties,...
addprop route
addprop route
addprop topic
addprop topic
topic_name properties,...
autocommit
autocommit [on|off]
When autocommit is set to on, the changes made to the configuration files are
automatically saved to disk after each command. When autocommit is set to off,
you must manually use the commit command to save configuration changes to
the disk.
By default, autocommit is set to on when interactively issuing commands.
Entering autocommit without parameters displays the current setting of
autocommit (on or off).
Regardless of the autocommit setting, the EMS server acts on each admin
command immediately making it part of the configuration. The autocommit
feature only determines when the configuration is written to the files.
commit
commit
132
| Chapter 6
compact
compact
store_name max_time
Compacts the store files for the specified store. Compaction is not available for
stores of type mstore.
Since compaction can be a lengthy operation, and it blocks other database
operations, max_time specifies a time limit (in seconds) for the operation. Note that
max_time must be a number greater than zero.
If truncation is not enabled for the store file, the compact command will not
reduce the file size. Truncation is enabled using the file_truncate parameter in
the stores.conf file. See stores.conf on page 262 for more information.
We recommend compacting the store files only when the Used
30% or less (see show store on page 171).
Space
usage is
connect
connect [server-url {admin|user_name}
password]
Connects the administration tool to the server. Any administrator can connect. An
administrator is either the admin user, any user in the $admin group, or any user
that has administrator permissions enabled. See Administrator Permissions on
page 275 for more information about administrator permissions.
server-url is usually in the form:
protocol://host-name:port-number
for example:
tcp://myhost:7222
create bridge
create bridge source=type:dest_name target=type:dest_name
[selector=selector]
create durable
create durable
create factory
create factory
factory_name factory_parameters
create group
create group
group_name "description"
member
create jndiname
create jndiname
Creates a JNDI name for a topic or queue, or creates an alternate JNDI name for a
topic that already has a JNDI name.
For example:
create jndiname FOO jndiname BAR
will create new JNDI name FOO referring the same object referred by JNDI name
BAR
134
| Chapter 6
create queue
create queue
queue_name [properties]
Creates a queue with the specified name and properties. The possible queue
properties are described in Destination Properties on page 58. Properties are listed
in a comma-separated list, as described in queues.conf on page 259.
create route
create route
Creates a route.
The name must be the name of the other server to which the route connects.
The local server connects to the destination server at the specified URL. If you
have configured fault-tolerant servers, you may specify the URL as a
comma-separated list of URLs.
The route properties are listed in routes.conf on page 260 and are specified as a
space-separated list of parameter name and value pairs.
You can set the zone_name and zone_type parameters when creating a route, but
you cannot subsequently change them.
If a passive route with the specified name already exists, this command promotes
it to an active-active route; see Active and Passive Routes on page 555.
For additional information on route parameters, see Configuring Routes and
Zones on page 556.
create rvcmlistener
create rvcmlistener
Registers an RVCM listener with the server so that any messages exported to a
tibrvcm transport (including the first message sent) are guaranteed for the
specified listener. This causes the server to perform the TIBCO Rendezvous call
tibrvcmTransport_AddListener.
The parameters are:
applies.
cm_name the name of the RVCM listener to which topic messages are to be
exported.
subject the RVCM subject name that messages are published to. This should
be the same name as the topic names that specify the export property.
For more information, see tibrvcm.conf on page 266 and Rendezvous Certified
Messaging (RVCM) Parameters on page 442.
create topic
create topic
topic_name [properties]
Creates a topic with specified name and properties. See Destination Properties on
page 58 for the list of properties. Properties are listed in a comma-separated list,
as described in topics.conf on page 266.
create user
create user
Creates a new user. Following the user name, you can add an optional description
of the user in quotes. The password is optional and can be added later using the
set password command.
User names cannot contain colon (:) characters.
delete all
delete all users|groups|topics|queues|durables
[topic-name-pattern|queue-name-pattern]
topic-name-pattern|queue-name-pattern
the command deletes all topics and queues that match the topic or queue name
pattern.
delete bridge
delete bridge source=type:dest_name target=type:dest_name
Delete the bridge between the specified source and target destinations.
type is either topic or queue.
136
| Chapter 6
delete connection
delete connection
connection-id
Delete the named connection for the client. The connection ID is shown in the first
column of the connection description printed by show connection.
delete durable
delete durable
durable-name clientID
delete factory
delete factory
factory-name
delete group
delete group
group-name
delete jndiname
delete jndiname
jndiname
Delete the named JNDI name. Notice that deleting the last JNDI name of a
connection factory object will remove the connection factory object as well.
See Chapter 13, Using the EMS Implementation of JNDI, on page 395 for more
information.
delete message
delete message
messageID
delete queue
delete queue
queue-name
delete route
delete route
route-name
delete rvcmlistener
delete rvcmlistener
Unregister an RVCM listener with the server so that any messages being held for
the specified listener in the RVCM ledger are released. This causes the server to
perform the TIBCO Rendezvous call tibrvcmTransport_RemoveListener.
The parameters are:
applies.
cm_name the name of the RVCM listener to which topic messages are
exported.
subject the RVCM subject name that messages are published to. This should
be the same name as the topic names that specify the export property.
For more information, see tibrvcm.conf on page 266 and Rendezvous Certified
Messaging (RVCM) Parameters on page 442.
delete topic
delete topic
topic-name
delete user
delete user
user-name
138
| Chapter 6
disconnect
disconnect
echo
echo [on|off]
Echo controls the reports that are printed into the standard output. When echo is
off the administrative tool only prints errors and the output of queries. When
echo is on, the administrative tool report also contains a record of successful
command execution.
Choosing the parameter on or off in this command controls echo. If echo is
entered in the command line without a parameter, it displays the current echo
setting (on or off). This command is used primarily for scripts.
The default setting for echo is on.
exit
exit
grant queue
grant queue
receive
send
browse
view
create
delete
modify
purge
grant topic
grant topic
subscribe
publish
durable
use_durable
view
create
delete
140
| Chapter 6
modify
purge
grant admin
grant admin user=name | group=name
admin_permissions
Grant the named global administrator permissions to the named user or group.
For a complete listing of global administrator permissions, see Global
Administrator Permissions on page 277.
help
help (aliases: h, ?)
commands
info
info (alias: i)
jaci clear
jaci clear
jaci resetstats
jaci resetstats
jaci showstats
jaci showstats
purge durable
purge durable
durable-name
Purge all messages in the topic for the named durable subscriber
purge queue
purge queue
queue-name
purge topic
purge topic
topic-name
remove member
remove member
group-name user-name[,user2,user3,...]
142
| Chapter 6
removeprop factory
removeprop factory
factory-name properties
Remove the named properties from the named factory. See Connection Factory
Parameters on page 250 for a list of properties.
removeprop queue
removeprop queue
queue-name properties
removeprop route
removeprop route
route-name properties
removeprop topic
removeprop topic
topic-name properties
resume route
resume route
route-name
revoke admin
revoke admin user=name | group=name
permissions
Revoke the specified global administrator permissions from the named user or
group. See Chapter 8, Authentication and Permissions, on page 273 for more
information about administrator permissions.
revoke queue
revoke queue
revoke queue
Revoke the specified permissions from a user or group for the named queue.
User and group permissions for queues are receive, send, browse, and all.
Administrator permissions for queues are view, create, delete, modify, and
purge.
If you specify an asterisk (*), all user-level permissions on this queue are removed.
You can use the optional admin parameter to revoke all administrative
permissions, or the both parameter to revoke all user-level and administrative
permissions on the queue.
For more information, see Chapter 8, Authentication and Permissions, on
page 273.
revoke topic
revoke topic
revoke topic
Revoke the specified permissions from a user or group for the named topic.
User and group permissions for topics are subscribe, publish, durable,
use_durable, and all. Administrator permissions for topics are view, create,
delete, modify, and purge.
If you specify an asterisk (*), all user-level permissions on this topic are removed.
You can use the optional admin parameter to revoke all administrative
permissions, or the both parameter to revoke all user-level and administrative
permissions on the topic.
For more information, see Chapter 8, Authentication and Permissions, on
page 273.
144
| Chapter 6
rotatelog
rotatelog
Force the current log file to be backed up and truncated. The server starts writing
entries to the newly empty log file.
The backup file name is the same as the current log file name with a sequence
number appended to the filename. The server queries the current log file
directory and determines what the highest sequence number is, then chooses the
next highest sequence number for the new backup name. For example, if the log
file name is tibems.log and there is already a tibems.log.1 and tibems.log.2,
the server names the next backup tibems.log.3.
set password
set password
user-name [password]
user-name
set server
set server
The set server command can control many parameters. Multiple parameters
are separated by spaces. Table 17 describes the parameters you can set with this
command.
Table 17 set server parameters (Sheet 1 of 6)
Parameter
password [=
Description
string]
authorization=enabled|disabled
146
| Chapter 6
Description
log_trace=trace-items
Examples
The following example sets the trace log to
only show messages about access control
violations.
log_trace=ACL
Description
console_trace=console-trace-items
148
| Chapter 6
Description
max_msg_memory=value
msg_swapping=enabled|disabled
track_message_ids=enabled|disabled
track_correlation_ids=enabled|disabled
ssl_password[=string]
ft_ssl_password[=string]
Description
server_rate_interval=num
statistics=enabled|disabled
rate_interval=num
detailed_statistics=NONE |
PRODUCERS,CONSUMERS,ROUTES,CHANNELS
150
| Chapter 6
Description
statistics_cleanup_interval=num
max_stat_memory=num
setprop factory
setprop factory
Set the properties for a connection factory, overriding any existing properties.
Multiple properties are separated by spaces. See Connection Factory Parameters
on page 250 for the list of the properties that can be set for a connection factory.
setprop queue
setprop queue
Set the properties for a queue, overriding any existing properties. Any properties
on a queue that are not explicitly specified by this command are removed.
Multiple properties are separated by commas. See Destination Properties on
page 58 for the list of the properties that can be set for a queue.
setprop route
setprop route
Set the properties for a route, overriding any existing properties. Any properties
on a route that are not explicitly specified by this command are removed.
You can set the zone_name and zone_type parameters when creating a route, but
you cannot subsequently change them.
Multiple properties are separated by spaces. For route parameters, see
on page 260 and Configuring Routes and Zones on page 556.
routes.conf
setprop topic
setprop topic
topic-name properties
Set topic properties, overriding any existing properties. Any properties on a topic
that are not explicitly specified by this command are removed.
Multiple properties are separated by commas. See Destination Properties on
page 58 for the list of the properties that can be set for a topic.
show bridge
show bridge topic|queue
bridge_source
Display information about the configured bridges for the named topic or queue.
The bridge_source is the name of the topic or queue established as the source of the
bridge.
The following is example output for this command:
Target Name
queue.dest
topic.dest.1
topic.dest.2
Type Selector
Q
T "urgency in ('high', 'medium')"
T
The names of the destinations to which the specified destination has configured
bridges are listed in the Target Name column. The type and the message selector
(if one is defined) for the bridge are listed in the Type and Selector column.
152
| Chapter 6
show bridges
show bridges [type=topic|queue] [pattern]
Shows a summary of the destination bridges that are currently configured. The
type option specifies the type of destination established as the bridge source. For
example, show bridges topic shows a summary of configured bridges for all
topics that are established as a bridge source. The pattern specifies a pattern to
match for source destination names. For example show bridges foo.* returns a
summary of configured bridges for all source destinations that match the name
foo.*. The type and pattern are optional.
The following is example output for this command:
Source Name
Q queue.source
T topic.source
Queue Targets
1
1
Topic Targets
1
2
Destinations that match the specified pattern and/or type are listed in the Source
Name column. The number of bridges to queues for each destination is listed in
the Queue Targets column. The number of bridges to topics for each destination is
listed in the Topic Targets column.
show channel
show channel
channel-name
Show the details of a specific multicast channel. The channel-name must be the exact
name of a specific channel. Wildcards and partial names are invalid.
This command prints a table of information described in Table 18.
Table 18 show channel description of output fields
Heading
Description
Channel
Address
TTL
Priority
Description
Max Rate
Max Time
Interface
Status
Server Backlog
Transmitted
Retransmitted
Retransmission
Buffer
show channels
show channels
154
| Chapter 6
show config
show config
Shows the configuration parameters for the connected server. The output
includes:
configuration files
server database
server JVM
listen ports
configuration settings
message tracking
statistics settings
fault-tolerant setup
show consumer
show consumer
consumerID
Shows details about a specific consumer. The consumerID can be obtained from the
show consumers output.
show consumers
show consumers [topic=name | queue=name] [durable] [user=name]
[connection=id] [sort=conn|user|dest|msgs] [full]
The durable parameter shows only durable topic subscribers and queue
receivers, but it does not prevent queue consumers to be shown. To see only
durable topic consumers, use:
show consumers topic=> durable
The sort parameter sorts the consumers by either connection ID, user name,
destination name, or number of pending messages. The full parameter shows all
columns listed below and can be as wide as 120-140 characters or wider. Both
topic and queue consumers are shown in separate tables, first the topic consumers
and then the queue consumers.
When connected to an EMS 8.0 server, this command no longer displays offline
durable subscribers. In order to see offline durables, use the command show
durables or show subscriptions.
Description
Id
Consumer ID.
Conn
Sess
156
| Chapter 6
Description
Topic/Queue
Name
(Topics Only.) Durable or shared subscription name. This column is shown for
topic consumers if at least one consumer is a durable or shared consumer.
Description
SAS[NMBS]
Description of columns:
Pre
Pre Dlv
Msgs Sent
Current number of messages sent to consumer which are not yet acknowledged
by consumer's session.
Size Sent
Pend Msgs
(Topics Only.) Total number of messages pending for the topic consumer.
Pend Size
(Topics Only.) Combined size of messages pending for the topic consumer.
Value is rounded and shown in bytes, (K)ilobytes, (M)egabytes or (G)igabytes.
Uptime
Last Sent
Approximate time elapsed since last message was sent by the server to the
consumer. Value is approximate with precision of 1 second.
158
| Chapter 6
Description
Last Ackd
Approximate time elapsed since last time a message sent to the consumer was
acknowledged by consumer's session. Value is approximate with precision of 1
second.
Total Sent
Total number of messages sent to consumer since it was created. This includes
resends due to session recover or rollback.
Total Acked
show connections
show connections [type=q|t|s] [host=hostname] [user=username]
[version] [address] [counts] [full]
Show connections between clients and server. Table 21 on page 159 describes the
output.
The type parameter selects the subset of connections to display as shown in
Table 20. The host and user parameters can further narrow the output to only
those connections involving a specific host or user. When the version flag is
present, the display includes the clients version number.
If the address parameter is specified, then the IP address is printed in the output
table. If the counts parameter is specified, then number of producers, consumers
and temporary destinations are printed. Specifying the full parameter prints all
of the available information.
Table 20 show connections type parameter
Type
Description
type=q
type=t
type=s
absent
Description
Java client
C client
C# client
Version
ID
FSXT
connection is SSL
user TopicConnection
user QueueConnection
administrative connection
160
| Chapter 6
Description
IP Address
Host
Address
Connection's IP address.
If you supply the keyword address, then the table includes this
column.
User
ClientID
Sess
Prod
Cons
TmpT
TmpQ
Description
Uncomm
UncommSize
Uptime
show db
show db
Print a summary of the servers databases. Databases are also printed by show
stores, the preferred command.
See the show
store
show durable
show durable
durable-name
Description
Durable
Subscriber
Subscription
name
Shared
yes
Client ID
162
| Chapter 6
Description
Topic
Type
dynamiccreated
by a client
staticconfigured
Status
by an administrator
online
offline
Username
Consumer ID
No Local
enabledthe
Selector
Pending Msgs
Delivered
Msgs
Pending Msgs
Size
show durables
show durables [pattern]
If a pattern is not entered, this command shows a list of all durable subscribers on
all topics.
If a pattern is entered (for example foo.*) this command shows a list of durable
subscribers on topics that match that pattern.
This command prints a table of information described in Table 23.
Table 23 show durables table Information
Heading
Description
Topic Name
Durable
Shared
User
Msgs
Size
show factory
show factory
factory-name
show factories
show factories [generic|topic|queue]
Shows all factories. You can refine the listed output by specifying only generic,
topic, or queue factories be listed.
164
| Chapter 6
show jndiname
show jndiname
jndi-name
Shows the object that the specified name is bound to by the JNDI server.
show jndinames
show jndinames [type]
destination
topic
queue
factory
topicConnectionFactory
queueConnectionFactory
When type is specified only JNDI names bound to objects of the specified type are
shown. When type is not specified, all JNDI names are shown.
show group
show group
group-name
show groups
show groups
show members
show members
group-name
show message
show message
messageID
show messages
show messages
correlationID
Shows the message IDs of all messages with the specified correlation ID set as
JMSCorrelationID message header field. You can display the message for each
ID returned by this command by using the show message messageID command.
This command requires that tracking by correlation ID be turned on using the
track_correlation_ids configuration parameter.
show parents
show parents
user-name
Shows the users parent groups. This command can help you to understand the
users permissions.
166
| Chapter 6
show queue
show queue
queue-name
Description
Queue
Type
dynamiccreated
by a client
staticconfigured
by an administrator
Properties
A list of property names that are set on the queue, and their
values. For an index list of property names, see Destination
Properties on page 58.
JNDI Names
Bridges
Receivers
Pending Msgs
Delivered
Msgs
Pending Msgs
Size
show queues
show queues [pattern-name [notemp|static|dynamic]
[first=n|next=n|last=n]]
notemp
static
dynamic
When a pattern-name is entered, you can also cursor through the list of queues
using one of the following commands, where n is whole number:
first=n
next=n
last=n
The cursor examines n queues and displays queues that match the pattern-name.
Because it does not traverse the full list of queues, the cursor may return zero or
fewer than n queues. To find all matching queues, continue to use next until you
receive a Cursor complete message.
The show queues command prints a table of information described in Table 25. A
* appearing before the queue name indicates a dynamic queue.
Table 25 show queues table Information
Heading
Description
Queue Name
168
| Chapter 6
Description
SNFGXIBCT
Pre
Rcvrs
All Msgs
Msgs
Size
Persistent Msgs
Msgs
Size
show route
show route
route-name
show routes
show routes
Shows the properties (URL and SSL properties) of all created routes.
These commands print the information described in Table 26.
Table 26 show routes table Information
Heading
Description
Route
Type of route:
ConnID
URL
ZoneName
ZoneType
show rvcmtransportledger
show rvcmtransportledger
transport_name [subject-or-wildcard]
Displays the TIBCO Rendezvous certified messaging (RVCM) ledger file entries
for the specified transport and the specified subject. You can specify a subject
name, use wildcards to retrieve all matching subjects, or omit the subject name to
retrieve all ledger file entries.
For more information about ledger files and the format of ledger file entries, see
TIBCO Rendezvous documentation.
170
| Chapter 6
show rvcmlisteners
show rvcmlisteners
Shows all RVCM listeners that have been created using the create
command or by editing the tibrvcm.conf file.
rvcmlistener
show server
show server (aliases: info, i)
show stat
show stat channel
name [topic=name]
Displays statistics for the specified item. You can display statistics for consumers,
producers, routes, destinations, or channels. Statistic gathering must be enabled
for statistics to be displayed. Also, detailed statistics for each item can be
displayed if detailed statistic tracking is enabled. Averages for
inbound/outbound messages and message size are available if an interval is
specified in the rate_interval configuration parameter.
The total keyword specifies that only total number of messages and total
message size for the item should be displayed. The wide keyword displays
inbound and outbound message statistics on the same line.
See Working with Server Statistics on page 496 for a complete description of
statistics and how to enable/disable statistic gathering options.
When connected to an EMS 8.0 server, this command does not return statistics for
offline durable subscribers.
show state
show state
Shows the state and a minimal subset of the information about the connected
EMS server.
show store
show store
store-name
Show the details of a specific store. This command can be used to get details about
either a file-based store or a database store.
The store-name must be the exact name of a specific store.
This command prints a table of information described in Table 27.
Table 27 show store table Information
Heading
Description
Store
Type
Type of store:
file
dbstore
mstore
indicates an mstore.
Message Count
Swapped Count
Write Usage
The ratio between time spent within write calls and the
time specified by the server_rate_interval. (Not
available for asynchronous file stores.)
172
| Chapter 6
Description
Access Mode
Pre-allocation
Minimum
CRC
enabledthe
Periodic Truncation
enabledthe
Destination Defrag
Batch Size
File Size
Free Space
Fragmentation
Used Space
Message Size
Swapped Size
Description
Discard Scan
Interval Bytes
JDBC URL
Username
Dialect
show stores
show stores
174
| Chapter 6
show topic
show topic
topic-name
Description
Topic
Type
dynamiccreated
by a client
staticconfigured
by an administrator
Properties
JNDI Names
Bridges
Subscriptions
Durable
Subscriptions
Consumers
Durable Consumers
Description
Pending Msgs
The server accumulates the following statistics only when the administrator
has enabled statistics. Otherwise these items are zero.
Total Inbound Msgs
show topics
show topics [pattern-name [notemp|static|dynamic]
[first=n|next=n|last=n]]
176
| Chapter 6
You can further refine the list of topics that match the pattern by using one of the
following parameters:
notemp
static
dynamic
When a pattern-name is entered, you can also cursor through the list of topics using
one of the following commands, where n is whole number:
first=n
next=n
last=n
The cursor examines n topics and displays topics that match the pattern-name.
Because it does not traverse the full list of topics, the cursor may return zero or
fewer than n topics. To find all matching topics, continue to use next until you
receive a Cursor complete message.
The show
topics
Description
Topic Name
SNFGEIBCTM
Description
Subs
Durs
All Msgs
Msgs
Size
Persistent Msgs
Msgs
Size
show subscriptions
show subscriptions [topic=name] [name=sub-name] [shared=only|none]
[durable=only|none] [sort=msgs|topic|name|cons|id]
178
| Chapter 6
subscriptions
Description
Id
non-durable subscription
durable subscription
Topic
Name
SS
Cons Count
Description of columns:
Description
Pend Msgs
Pend Size
Uptime
show transaction
show transaction
XID
Shows a list of messages that were sent or received within the specified
transaction. This command returns information on transactions in prepared,
ended, and roll back states only. Transactions in a suspended or active state are
not included.
Table 31 describes the information shown in each column.
Table 31 show transactions table information (Sheet 1 of 2)
Heading
Description
State
Transaction state:
A active
E ended
R rollback only
P prepared
S suspended
ENDSUCCESS
180
| Chapter 6
Description
Messages to be consumed
Message ID
Type
Q queue
T topic
Destination
Consumer ID
Messages to be produced
Message ID
Type
Q queue
T topic
Destination
JMSTimestamp
show transactions
show transactions
Shows the XID for all client transactions that were created using the XA or MS
DTC interfaces. Each row presents information about one transaction. The XID is
the concatenation of the Format ID, GTrid Len, Bqual Len, and Data fields for a
transaction. For example, if show transactions returns the row:
State
E
Format ID
0
GTrid Len
6
Bqual Len
2
Data
branchid
branchid. Note
Description
State
Transaction state:
A active
E ended
R rollback only
P prepared
S suspended
GTrid Len
Bqual Len
Data
182
| Chapter 6
show transport
show transport
transport
show transports
show transports
show user
show user
user-name
Shows user name and description. If no user name is specified, this command
displays the currently logged in user.
For users defined externally, there is an asterisk in front of the user name.
show users
show users
showacl admin
showacl admin
Shows all administrative permissions for all users and groups, but does not
include administrative permissions on destinations.
showacl group
showacl group
group-name [admin]
Shows all permissions set for a given group. Shows the group and the set of
permissions. You can optionally specify admin to show only the administrative
permissions for destinations or principals. Specifying showacl admin shows all
administrative permissions for all users and groups (not including administrative
permissions on destinations).
showacl queue
showacl queue
queue-name [admin]
Shows all permissions set for a queue. Lists all entries from the acl file. Each
entry shows the grantee (user or group) and the set of permissions. You can
optionally specify admin to show only the administrative permissions for
destinations or principals. Specifying showacl admin shows all administrative
permissions for all users and groups (not including administrative permissions
on destinations).
showacl topic
showacl topic
topic-name [admin]
Shows all permissions set for a topic. Lists all entries from the acl file. Each entry
shows the grantee (user or group) and the set of permissions. You can
optionally specify admin to show only the administrative permissions for
destinations or principals. Specifying showacl admin shows all administrative
permissions for all users and groups (not including administrative permissions
on destinations).
showacl user
showacl user
Shows the user and the set of permissions granted to the user for destinations and
principals.
username displays permissions granted directly to the user. (An
administrator can use this form of the command to view own permissions, even
without permissions to view any other user permissions.)
showacl user
showacl user
showacl user
184
| Chapter 6
showacl user
shutdown
shutdown
suspend route
suspend route
route-name
route.
time
time [on | off]
timeout
timeout [seconds]
Show or change the current command timeout value. The timeout value is the
number of seconds the Administration Tool will wait for a response from the
server after sending a command.
By default, the timeout is 30 seconds. When timeout is entered with the optional
seconds parameter, the timeout value is reset to the specified number of seconds.
When entered without parameter, the current timeout value is returned.
transaction commit
transaction commit
XID
Commits the transaction identified by the transaction ID. The transaction must be
in the ended or prepared state. To obtain a transaction ID, issue the show
transactions command, and cut and paste the XID into this command.
transaction rollback
transaction rollback
XID
Rolls back the transaction identified by the transaction ID. The transaction must
be in the ended, rollback only, or the prepared state. To obtain a transaction ID,
issue the show transactions command, and cut and paste the XID into this
command.
Messages sent to a queue with prefetch=none and maxRedelivery=number
properties are not received number times by an EMS application that receives in a
loop and does an XA rollback after the XA prepare phase.
updatecrl
updatecrl
whoami
whoami
Alias for the show user command to display the currently logged in user.
186
| Chapter 6
| 187
Chapter 7
Topics
188
| Chapter 7
Mechanics of Configuration
Configuration
Files
The EMS server reads configuration files only once, when the server starts. It
ignores subsequent changes to the configuration files. If you change a
configuration file, use the shutdown command from the EMS Administration Tool
to shutdown the server and then restart the server as described in Running the
EMS Server on page 107.
Administrative
Requests
You can also change the server configuration with administrative requests, using
either tibemsadmin (a command line tool), the Java or .NET administrative APIs,
or TIBCO Administrator (a separate TIBCO product).
When the server validates and accepts an administrative request, it writes the
change to the appropriate configuration file as well (overwriting any manual
changes to that file). This policy keeps configuration files current in case the
server restarts (for example, in a fault-tolerant situation, or after a hardware
failure).
Re-installing or updating EMS overwrites the files in the bin/ and
directories. Do not use these directories to configure your
deployment.
samples/config/
tibemsd.conf 189
tibemsd.conf
The main configuration file controls the characteristics of the EMS server. This file
is usually named tibemsd.conf, but you can specify another file name when
starting the server. You can find more information about starting the server in
Running the EMS Server on page 107.
An example of the tibemsd.conf file is included in the
config-file-directory/cfmgmt/ems/data/ directory, where config-file-directory is
specified during TIBCO Enterprise Message Service installation. You can edit this
configuration file with a text editor. There are a few configuration items in this file
that can be altered using the administration tool, but most configuration
parameters must be set by editing the file (that is, the server does not accept
changes to those parameters). See Chapter 6, Using the EMS Administration Tool,
on page 125 for more information about using the administration tool.
Several parameters accept boolean values. In the description of the parameter, one
specific set of values is given (for example, enable and disable), but all
parameters that accept booleans can have the following values:
Parameters that take multiple elements cannot contain spaces between the
elements, unless the elements are enclosed in starting and ending double quotes.
Parameters are limited to line lengths no greater than 256,000 characters in length.
The following table summarizes the parameters in tibemsd.conf according to
category. The sections that follow provide more detail on each parameter.
Table 33 tibemsd.conf Parameters
Parameter
Description
See Page
authorization
201
compliant_queue_ack
201
disconnect_non_acking_consumers
201
190
| Chapter 7
Description
See Page
flow_control
202
listen
203
max_msg_field_print_size
203
max_msg_print_size
203
network_thread_count
204
npsend_check_mode
204
password
205
processor_ids
205
routing
207
selector_logical_operator_limit
207
server
Name of server.
207
startup_abort_list
208
user_auth
209
tibemsd.conf 191
Description
See Page
xa_default_timeout
209
209
destination_backlog_swapout
210
handshake_timeout
210
max_client_msg_size
210
max_connections
210
max_msg_memory
211
msg_pool_block_size
211
msg_swapping
212
reserve_memory
212
socket_send_buffer_size
213
socket_receive_buffer_size
213
192
| Chapter 7
Description
See Page
214
clock_sync_interval
214
server_timeout_client_connection
214
server_heartbeat_server
215
server_timeout_server_connection
215
server_heartbeat_client
215
client_timeout_server_connection
216
ft_active
216
ft_heartbeat
216
ft_activation
217
tibemsd.conf 193
Description
See Page
ft_reconnect_timeout
217
ft_ssl_auth_only
217
ft_ssl_identity
217
ft_ssl_issuer
218
ft_ssl_private_key
218
ft_ssl_password
218
ft_ssl_trusted
218
ft_ssl_rand_egd
219
ft_ssl_verify_host
219
ft_ssl_verify_hostname
219
ft_ssl_expected_hostname
219
ft_ssl_ciphers
220
220
194
| Chapter 7
Description
See Page
track_correlation_ids
220
multicast
220
multicast_channels
221
multicast_daemon_default
221
multicast_statistics_interval
221
222
module_path
222
tibss_transports
222
tibss_config_dir
222
223
Multicast Parameters
tibemsd.conf 195
Description
See Page
console_trace
224
logfile
224
log_trace
224
logfile_max_count
225
logfile_max_size
225
secondary_logfile
225
trace_client_host
226
server_rate_interval
226
statistics
226
rate_interval
226
detailed_statistics
227
statistics_cleanup_interval
227
196
| Chapter 7
Description
See Page
max_stat_memory
227
ssl_dh_size
228
ssl_server_ciphers
228
ssl_require_client_cert
228
ssl_use_cert_username
228
ssl_cert_user_specname
229
ssl_server_identity
229
ssl_server_key
230
ssl_password
230
ssl_server_issuer
230
ssl_server_trusted
231
ssl_rand_egd
231
ssl_crl_path
231
tibemsd.conf 197
Description
See Page
ssl_crl_update_interval
231
ssl_auth_only
232
fips140-2
232
ldap_url
232
ldap_principal
232
ldap_credential
233
ldap_cache_enabled
233
ldap_cache_ttl
233
ldap_conn_type
233
ldap_tls_cacert_file
233
ldap_tls_cacert_dir
234
ldap_tls_cipher_suite
234
LDAP Parameters
198
| Chapter 7
Description
See Page
ldap_tls_rand_file
234
ldap_tls_cert_file
234
ldap_tls_key_file
235
ldap_user_class
235
ldap_user_attribute
235
ldap_user_base_dn
235
ldap_user_scope
235
ldap_user_filter
236
ldap_all_users_filter
236
ldap_group_base_dn
236
ldap_group_scope
236
ldap_group_filter
237
ldap_all_groups_filter
237
tibemsd.conf 199
Description
See Page
ldap_static_group_class
237
ldap_static_group_attribute
237
ldap_static_group_member_filter
238
ldap_static_member_attribute
238
ldap_dynamic_group_class
238
ldap_dynamic_group_attribute
238
ldap_dynamic_member_url_attribute
239
jaas_config_file
239
jaas_login_timeout
240
jaci_class
240
200
| Chapter 7
Description
See Page
jaci_timeout
241
security_classpath
241
jre_library
241
jre_option
242
JVM Parameters
tibemsd.conf 201
See Chapter 8, Authentication and Permissions, on page 273 for more information
about these parameters.
compliant_queue_ack
compliant_queue_ack = enable | disable
This parameter works in conjunction with the maxbytes and maxmsgs destination
properties. In situations where consumers consume messages but do not
acknowledge them, the messages are held in the server until they are confirmed.
This can push the server above the set limits.
202
| Chapter 7
tibemsd.conf 203
listen
listen=protocol://servername:port
Specifies the port on which the server is to listen for connections from clients.
For example:
listen=tcp://localhost:7222
You can use multiple listen entries if you have computers with multiple
interfaces. For example:
listen=tcp://localhost:7222
listen=tcp://localhost:7224
If localhost is specified, or if the servername is not present, then the server uses
every available interface. For example:
listen=tcp://7222
listen=ssl://7243
When specifying an IPv6 address, use square brackets around the address
specification. For example:
listen=tcp://[2001:cafe::107]:7222
max_msg_field_print_size
max_msg_field_print_size =
size [KB|MB|GB]
Limits the size of string fields in tracing messages. If a string field is larger than
size, the field is truncated in the tracing message.
Specify signed 32-bit integer values as KB, MB or GB. The minimum permitted size
is 1 KB. By default, the field limit is 1 KB.
max_msg_print_size
max_msg_print_size =
size [KB|MB|GB]
Limits the size of the printed message of traced messages. If the message is larger
than size, the message is truncated.
Specify signed 32-bit integer values as KB, MB or GB. The minimum permitted size
is 8 KB. By default, the field limit is 8 KB.
204
| Chapter 7
network_thread_count
network_thread_count
threads
The server is out of memory or has encountered some other severe error.
default (no mode specified) - same behavior as in EMS 4.3 and prior. This
means the server only provides confirmation of a NON_PERSISTENT message if
authorization is enabled.
always
tibemsd.conf 205
never
auth
authorization
password
password =
password
Setting this parameter causes the EMS Server to start as many network I/O
threads as there are processor IDs specified in the list. Each network I/O thread is
bound to the given processor ID, which means that the thread can execute only on
that processor.
Do not use this parameter if the default behavior provides sufficient throughput.
206
| Chapter 7
processor_id.
tibemsd.conf 207
routing
routing = enabled | disable
See Chapter 21, Working With Routes, on page 547 for more information about
routing.
selector_logical_operator_limit
selector_logical_operator_limit =
number
Limit the number of operators that the server reviews during selector evaluation.
The server evaluates operators until reaching the specified number of false
conditions. The server then stops evaluating further to protect itself from too
many recursive evaluations. A very long selector clause, such as one including
many OR conditions, can cause recursive selector evaluation and lead to a stack
overflow in the EMS server.
number may be any positive integer. The default value is 5000. Zero is a special
value, indicating no limit.
= 10
a=1 or b=2 or c=3 or d=4 or e=5 or f=6 or g=7 or h=8 or i=9 or j=10
or k=11 or l=12 or m=13 or n=14 or o=15 or p=16 or q=17 or r=18 or
s=19 or t=20 or u=21 or v=22 or w=23 or x=24 or y=25 or z=26
if the first 10 conditions are false, the server stops further evaluation.
server
server =
serverName
Name of server.
Server names are limited to at most 64 characters, and may not include the dot
character (.).
208
| Chapter 7
startup_abort_list
startup_abort_list=[SSL,TRANSPORTS,CONFIG_FILES,CONFIG_ERRORS,
DB_FILES,MULTICAST]
Specifies conditions that cause the server to exit during its initialization sequence.
You may specify any subset of the conditions in a comma-separated list. The list
cannot contain spaces between the elements, unless the elements are enclosed in
starting and ending double quotes. If a space is included but not enclosed in
quotation marks, the server ignores any conditions following the space.
Conditions that do not appear in the list are ignored by the server. The default is
an empty list.
The conditions are:
SSLIf
CONFIG_ERRORSIf the server detects any errors while reading the config
files, then it exits.
Note that the tibemsd silently ignores any unknown parameters when it is
started using the JSON configuration. For example, no configuration errors
are thrown if the tibemsd.json file contains an obsolete parameter.
DB_FILESIf the server cannot find one or more of its stores, then it exits.
Stores include the default store files as well as any file or database stores
configured in the stores.conf configuration file.
MULTICASTIf
it exits.
Note that if MULTICAST is not in the startup_abort_list and multicast
initialization fails, applications creating consumers on multicast-enabled
topics will receive messages over TCP. This is important to consider if your
network cannot handle the bandwidth allocated for multicast when it is sent
over a TCP connection.
tibemsd.conf 209
user_auth
user_auth = [local, ldap, jaas]
seconds
directory
210
| Chapter 7
number
Specifies the number of messages that may be stored in the server's memory
before message swapping is enabled. The limit given is for each destination. For
example, if the limit is 10,000 and you have three queues, the server can store up
to 30,000 unswapped messages in memory.
The specified number may be any positive value. When
destination_backlog_swapout is 0, the server attempts to immediately swap
out the message.
By default, the limit for each destination is 1024 messages.
handshake_timeout
handshake_timeout = seconds
The amount of time (in seconds) that the EMS server waits for an SSL connection
to complete. seconds may be any positive integer. The default value is 3 seconds.
When the timeout is reached, the EMS server closes the SSL connection and
continues servicing other clients.
max_client_msg_size
max_client_msg_size =
size [KB|MB|GB]
number
tibemsd.conf 211
max_msg_memory
max_msg_memory =
size [KB|MB|GB]
msg_pool_block_size
msg_pool_block_size
size
Consult with your TIBCO support representative before using this parameter.
To lessen the overhead costs associated with malloc and free, the server
pre-allocates pools of storage for messages. This parameter determines the
behavior of these pools. Performance varies depending on operating system
platform and usage patterns.
The size argument determines the approximate number of internal message
structs that a block or pool can accommodate (not the number of bytes).
instructs the server to allocate an expandable pool. Each
time the server exhausts the pool, the server increases the pool by this size, as
long as additional storage is available. The value may be in the range 32 to 65536.
msg_pool_block_size
128.
212
| Chapter 7
msg_swapping
msg_swapping = enable | disable
This parameter enables and disables the message swapping feature (described
above for max_msg_memory).
The default value is enabled, unless you explicitly set it to disabled.
reserve_memory
reserve_memory =
size
tibemsd.conf 213
socket_send_buffer_size
socket_send_buffer_size =
size [KB|MB|GB]
Sets the size (in bytes) of the send buffer used by clients when connecting to the
EMS server.
The specified size may be:
-1
Optionally, specify units of KB, MB, or GB for units. If no units are specified, the
file size is assumed to be in bytes.
size [KB|MB|GB]
Sets the size (in bytes) of the receive buffer used by clients when connecting to the
EMS server.
The specified size may be:
-1
Optionally, specify units of KB, MB, or GB for units. If no units are specified, the
file size is assumed to be in bytes.
214
| Chapter 7
interval
seconds
Periodically send the EMS servers Coordinated Universal Time (UTC) time to
clients. This allows EMS clients to update their offset.
The time specified, in seconds, determines the interval at which clock sync
commands are sent from the server to its clients.
When omitted or zero, the EMS server sends the offset time only when the EMS
client connects to the server. If clock_sync_interval is -1, the offset is never
sent, not even on connect. Clients do not adjust their time values to match the
server time.
server_timeout_client_connection
server_timeout_client_connection =
limit
tibemsd.conf 215
as it is specified in client_heartbeat_server.
If you do not set the client_heartbeat_server parameter when a
server_timeout_client_connection is specified, a configuration error is
generated during startup. If CONFIG_ERRORS is part of the startup_abort_list,
the server will not start. If not, the error is printed but the server starts, and clients
will be disconnected after server_timeout_client_connection seconds.
Zero is a special value, which disables heartbeat detection in the server (although
clients still send heartbeats).
server_heartbeat_server
server_heartbeat_server =
interval
limit
interval
216
| Chapter 7
client_timeout_server_connection
client_timeout_server_connection =
limit
URL
Specifies the URL of the active server. If this server can connect to the active
server, it will act as a standby server. If this server cannot connect to the active
server, it will become the active server.
ft_heartbeat
ft_heartbeat = seconds
Specifies the interval (in seconds) the active server is to send a heartbeat signal to
the standby server to indicate that it is still operating. Default is 3 seconds.
tibemsd.conf 217
ft_activation
ft_activation =
seconds
seconds
The amount of time (in seconds) that a standby server waits for clients to
reconnect (after it becomes the active server in a failover situation). If a client does
not reconnect within this time period, the server removes its state from the shared
state files. The ft_reconnect_timeout time starts once the server has fully
recovered the shared state, so this value does not account for the time it takes to
recover the store files.
The default value of this parameter is 60.
ft_ssl_auth_only
ft_ssl_auth_only = enable | disable
When enabled, the server allows a fault tolerant server to request the use of SSL
only for authentication (to protect user passwords). For an overview of this
feature, see SSL Authentication Only on page 518.
When disabled, the server ignores requests for this feature. When absent, the
default value is disabled.
ft_ssl_identity
ft_ssl_identity =
pathname
The path to a file that contains the certificate in one of the supported formats. The
supported formats are PEM, DER, or PKCS#12.
See File Names for Certificates and Keys on page 505 for more information on file
types for digital certificates.
218
| Chapter 7
ft_ssl_issuer
ft_ssl_issuer =
chain_member
Certificate chain member for the server. Supply the entire chain, including the CA
root certificate. The server reads the certificates in the chain in the order they are
presented in this parameter.
The certificates must be in PEM, DER, PKCS#7, or PKCS#12 format. See File
Names for Certificates and Keys on page 505 for more information on file types
for digital certificates.
ft_ssl_private_key
ft_ssl_private_key =
key
password
trusted_certificates
List of trusted certificates. This sets which Certificate Authority certificates should
be trusted as issuers of the client certificates.
The certificates must be in PEM, DER, or PKCS#7 format. You can either provide
the actual certificates, or you can specify a path to a file containing the certificate
chain.
See File Names for Certificates and Keys on page 505 for more information on file
types for digital certificates.
tibemsd.conf 219
ft_ssl_rand_egd
ft_ssl_rand_egd =
pathname
The path for the installed entropy gathering daemon (EGD), if one is installed.
This daemon is used to generate random numbers for the EMS server.
ft_ssl_verify_host
ft_ssl_verify_host = enabled | disabled
Specifies whether the fault-tolerant server should verify the other servers
certificate. The values for this parameter are enabled or disabled. By default,
this parameter is enabled, signifying the server should verify the other servers
certificate.
When this parameter is set to disabled, the server establishes secure
communication with the other fault-tolerant server, but does not verify the
servers identity.
ft_ssl_verify_hostname
ft_ssl_verify_hostname = enabled | disabled
Specifies whether the fault-tolerant server should verify the name in the CN field
of the other servers certificate. The values for this parameter are enabled and
disabled. By default, this parameter is enabled, signifying the fault-tolerant
server should verify the name of the connected host or the name specified in the
ft_ssl_expected_hostname parameter against the value in the servers
certificate. If the names do not match, the connection is rejected.
When this parameter is set to disabled, the fault-tolerant server establishes
secure communication with the other server, but does not verify the servers
name.
ft_ssl_expected_hostname
ft_ssl_expected_hostname =
serverName
Specifies the name the server is expected to have in the CN field of the
fault-tolerant servers certificate. If this parameter is not set, the expected name is
the hostname of the server.
This parameter is used when the ft_ssl_verify_hostname parameter is set to
enabled.
220
| Chapter 7
ft_ssl_ciphers
ft_ssl_ciphers =
cipherSuite
Specifies the cipher suites used by the server; each suite in the list is separated by
a colon (:). This parameter can use the OpenSSL name for cipher suites or the
longer, more descriptive names.
See Specifying Cipher Suites on page 512 for more information about the cipher
suites available in EMS and the OpenSSL names and longer names for the cipher
suites.
message
track_correlation_ids
track_correlation_ids = enabled | disabled
Multicast Parameters
See Chapter 14, Using Multicast, on page 405, for more information about
multicast.
multicast
multicast = enabled | disabled
tibemsd.conf 221
multicast_channels
multicast_channels =
file
When this parameter is not included, the EMS server looks for channel definitions
in the channels.conf file.
multicast_daemon_default
multicast_daemon_default =
tcp-port
Specifies the TCP port on which the EMS client will attempt to connect to the
multicast daemon. For example:
multicast_daemon_default = 9999
This parameter determines the TCP port that EMS clients use to connect to the
multicast daemon, and is provided in the server to centrally configure all clients.
It determines the behavior of the EMS client but does not affect the multicast
daemon. The multicast daemon must listen for the client on the same port that the
client uses to connect. If the multicast daemon is not listening on the same port
that is specified by multicast_daemon_default, the client will be unable to
connect to the daemon and an error will occur.
To change the TCP port that the multicast daemon listens on, use the -listen
command line argument in the daemon. See Command Line Options on page 412
for more information.
When this parameter is not included, the default port is 7444.
multicast_statistics_interval
multicast_statistics_interval =
seconds
222
| Chapter 7
shared-library-directory
The module_path parameter is also used on AIX platform installations to load the
IBM JVM. Specify the directory containing the libjvm.so and its dependent
libraries.
tibrv_transports
tibrv_transports = enabled | disabled
tibss_config_dir
tibss_config_dir =
pathname
tibemsd.conf 223
Specifies the directory for SmartSockets configuration files and message files:
tal_ss.cat
tibems_ss.cm
options.
When this parameter is absent, tibemsd searches for these files in its current
working directory.
For more information about these files, see TIBCO SmartSockets Users Guide.
connid
Setting this parameter using the administration tool does not change its value in
the configuration file tibemsd.conf; that is, the value does not persist across
server restarts unless you set it in the configuration file.
224
| Chapter 7
console_trace
console_trace =
traceOptions
Sets trace options for output to stderr. The possible values are the same as for
log_trace. However, console tracing is independent of log file tracing.
If logfile is defined, you can stop console output by specifying:
console_trace=-DEFAULT
Note that important error messages (and some other messages) are always
output, overriding the trace settings.
This example sends a trace message to the console when a TIBCO Rendezvous
advisory message arrives.
console_trace=RVADV
logfile
logfile =
pathname
traceOptions
Sets the trace preference on the file defined by the logfile parameter. If logfile
is not set, the values have no effect.
The value of this parameter is a comma-separated list of trace options. For a list of
trace options and their meanings, see Table 78, Server Tracing Options, on
page 484.
You may specify trace options in three forms:
plain A trace option without a prefix character replaces any existing trace
options.
A trace option preceded by + adds the option to the current set of trace
options.
A trace option preceded by - removes the option from the current set of
trace options.
tibemsd.conf 225
The following example sets the trace log to only show messages about access
control violations.
log_trace=ACL
The next example sets the trace log to show all default trace messages, in addition
to SSL messages, but ADMIN messages are not shown.
log_trace=DEFAULT,-ADMIN,+SSL
logfile_max_count
logfile_max_count =
integer
Specifies the maximum number of log files to be kept. Specify any number greater
than 2.
When 0 or not specified, there is no limit to the number of log files kept.
logfile_max_size
logfile_max_size =
size [KB|MB|GB]
Specifies the recommended maximum log file size before the log file is rotated. Set
to 0 to specify no limit. Use KB, MB, or GB for units (if no units are specified, the
file size is assumed to be in bytes).
The server periodically checks the size of the current log file. If it is greater than
the specified size, the file is copied to a backup and then emptied. The server then
begins writing to the empty log file until it reaches the specified size again.
Backup log files are named sequentially and stored in the same directory as the
current log.
secondary_logfile
secondary_logfile =
pathname
Name and location of the server log file used by the secondary EMS server in a
fault tolerant pair. The EMS server designated as primary in the pair writes to the
file specified by the logfile parameter.
If the secondary_logfile parameter is not set, the secondary server assumes the
value of logfile.
If the pathname contains spaces, it must be enclosed in double quotes.
This parameter is available only for JSON-configured EMS servers.
226
| Chapter 7
trace_client_host
trace_client_host = [hostname|address|both|both_with_port]
Trace statements related to connections can identify the host by its hostname, its
IP address, or both. When absent, the default is hostname. The both_with_port
option displays the ephemeral port used on the host as well as the IP address and
hostname.
seconds
Sets the interval (in seconds) over which overall server statistics are averaged.
This parameter can be set to any positive integer greater than zero.
Overall server statistics are always gathered, so this parameter cannot be set to
zero. By default, this parameter is set to 1.
Setting this parameter allows you to average message rates and message size over
the specified interval.
statistics
statistics = enabled | disabled
seconds
Sets the interval (in seconds) over which statistics for routes, destinations,
producers, and consumers are averaged. By default, this parameter is set to 3
seconds. Setting this parameter to zero disables the average calculation.
tibemsd.conf 227
detailed_statistics
detailed_statistics = NONE | [PRODUCERS,CONSUMERS,ROUTES,CHANNELS]
Specifies which objects should have detailed statistic tracking. Detailed statistic
tracking is only appropriate for routes, channels, producers that specify no
destination, or consumers that specify wildcard destinations. When detailed
tracking is enabled, statistics for each destination are kept for the object.
Setting this parameter to NONE disabled detailed statistic tracking. You can
specify any combination of PRODUCERS, CONSUMERS, ROUTES, or
CHANNELS to enable tracking for each object. If you specify more than one type
of detailed tracking, separate each item with a comma.
For example:
detailed_statistics = NONE
seconds
Specifies how long (in seconds) the server should keep detailed statistics if the
destination has no activity. This is useful for controlling the amount of memory
used by detailed statistic tracking. When the specified interval is reached,
statistics for destinations with no activity are deleted.
max_stat_memory
max_stat_memory =
size [KB|MB|GB]
Specifies the maximum amount of memory to use for detailed statistic gathering.
If no units are specified, the amount is in bytes, otherwise you can specify the
amount using KB, MB, or GB as the units.
Once the maximum memory limit is reached, the server stops collecting detailed
statistics. If statistics are deleted and memory becomes available, the server
resumes detailed statistic gathering.
228
| Chapter 7
Size of the Diffie-Hellman key. Can be 512, 768, 1024, or 2048 bits. The default
value is 1024.
This key is not used for cipher suites available for export.
ssl_server_ciphers
ssl_server_ciphers =
cipherSuites
Specifies the cipher suites used by the server; each suite in the list is separated by
a colon (:). This parameter must follow the OpenSSL cipher string syntax.
For example, you can enable two cipher suites with the following setting:
ssl_server_ciphers = RC4-MD5:RC4-SHA
See Specifying Cipher Suites on page 512 for more information about the cipher
suites available in EMS and the syntax for specifying them in this parameter.
ssl_require_client_cert
ssl_require_client_cert = enable | disable
If this parameter is set to enable, the server only accepts SSL connections from
clients that have digital certificates. Connections from clients without certificates
are denied.
If this parameter is set to disable, then connections are accepted from clients that
do not have a digital certificate.
Whether this parameter is set to enable or disable, clients that do have digital
certificates are always authenticated against the certificates supplied to the
ssl_server_trusted parameter.
ssl_use_cert_username
ssl_use_cert_username = enable | disable
If this parameter is set to enable, a clients user name is always extracted from the
CN field of the clients digital certificate, if the digital certificate is specified. If a
different username is provided through the connection factory or API calls, then
that username is discarded. Only the username from the CN is used.
tibemsd.conf 229
username
This parameter is useful if clients are required to supply a username, but you
wish to designate a special username to use when the clients username should be
taken from the clients digital certificate.
For example, you may wish all clients to specify their username when logging in.
This means the ssl_use_cert_username parameter would be set to disable.
The username is supplied by the user, and not taken from the digital certificate.
However, you may wish one username to signify that the client logging in with
that name should have the name taken from the certificate. A good example of
this username would be anonymous. All clients logging in as anonymous will have
their user names taken from their digital certificates.
The value specified by this parameter is the username that clients will use to log
in when the username should be taken from their digital certificate. A good
example of the value of this parameter would be anonymous.
Also, the value of this parameter is ignored if ssl_use_cert_username is set to
in which case all client usernames are taken from their certificates. This
parameter has no effect for users that have no certificate.
enable,
ssl_server_identity
ssl_server_identity =
certificate
The servers digital certificate in PEM, DER, or PKCS#12 format. You can specify
the path to a file that contains the certificate in one of the supported formats.
This parameter must be specified if any SSL ports are listed in the listen
parameter.
PEM and PKCS#12 formats allow the digital certificate to include the private key.
If these formats are used and the private key is part of the digital certificate, then
setting ssl_server_key is optional.
For example:
ssl_server_identity = certs/server.cert.pem
230
| Chapter 7
ssl_server_key
ssl_server_key =
private_key
password
chain_member
Certificate chain member for the server. The server reads the certificates in the
chain in the order they are presented in this parameter.
The same certificate can appear in multiple places in the certificate chain.
The certificates must be in PEM, DER, PKCS#7, or PKCS#12 format.
See File Names for Certificates and Keys on page 505 for more information on file
types for digital certificates.
tibemsd.conf 231
ssl_server_trusted
ssl_server_trusted =
certificates
See File Names for Certificates and Keys on page 505 for more information on file
types for digital certificates.
ssl_rand_egd
ssl_rand_egd =
pathname
The path for the installed entropy gathering daemon (EGD), if one is installed.
This daemon is used to generate random numbers for C clients and the EMS
server. Java clients do not use this parameter.
ssl_crl_path
ssl_crl_path =
pathname
A non-null value for this parameter activates the servers certificate revocation list
(CRL) feature.
The server reads CRL files from this directory. The directory should contain only
CRL files. If other files are located in the pathname directory, SSL initialization will
fail.
ssl_crl_update_interval
ssl_crl_update_interval =
hours
The server automatically updates its CRLs at this interval (in hours).
When this parameter is absent, the default is 24 hours.
232
| Chapter 7
ssl_auth_only
ssl_auth_only = enable | disable
When enabled, the server allows clients to request the use of SSL only for
authentication (to protect user passwords). For an overview of this feature, see
SSL Authentication Only on page 518.
When disabled, the server ignores client requests for this feature. When absent,
the default value is disabled.
fips140-2
fips140-2 = true | false
When true, the EMS server is enabled to run in FIPS 140-2 compliant mode.
When false or excluded, the server is not FIPS compliant. For more information,
see Enabling FIPS Compliance on page 519.
LDAP Parameters
See Chapter 8, Authentication and Permissions, on page 273 for more information
about these parameters.
ldap_url
URL of the external directory server. This can take the following forms:
LDAP://host:tcp_port
or
LDAPS://host:ssl_port
For example:
LDAP://myLdapServer:1855
ldap_principal
ldap_principal =
DN
The distinguished name (DN) of the LDAP user that the EMS sever uses to bind
to the LDAP server. This user must have privileges that allow it to bind and
browse group users, but does not necessarily need to have administrative
privileges.
For example:
ldap_principal = "cn=Manager"
tibemsd.conf 233
ldap_credential
ldap_credential =
password
The password associated with the user defined in the ldap_principal property.
This value must be specified and cannot be an empty string.
ldap_cache_enabled
ldap_cache_enabled = enable | disable
seconds
Specifies the maximum time (in seconds) that cached LDAP data is retained
before it is refreshed.
ldap_conn_type
ldap_conn_type = [ldaps | startTLS]
Specifies the type of connection that the server uses to get LDAP information.
When this parameter is absent, LDAP connections use TCP (non-secure). For
backward compatibility, this is the default setting.
ldapsUse
startTLSUse
(secure).
ldap_tls_cacert_file
ldap_tls_cacert_file =
pathname
This file contains the CA certificate that the EMS server trusts to sign the LDAP
servers certificate.
You must provide ldap_tls_cacert_file in order to create secure connections.
Optionally, ldap_tls_cacert_dir can be used in addition to
ldap_tls_cacert_file in order to specify a directory with additional individual
CA certificates.
234
| Chapter 7
ldap_tls_cacert_dir
ldap_tls_cacert_dir =
pathname
When there are two or more CA certificates in the verify chain, the server scans
this directory for CA certificates.
You must also provide ldap_tls_cacert_file in order to create secure connections.
ldap_tls_cacert_dir is an optional parameter that can be used in addition to
ldap_tls_cacert_file in order to specify a directory with additional individual
CA certificates.
ldap_tls_cipher_suite
ldap_tls_cipher_suite =
cipher_suite
Optional. You can specify the cipher suite to use for encryption on secure LDAP
connections.
This parameter must follow the OpenSSL cipher string syntax; see Specifying
Cipher Suites on page 512. You must use short names when specifying the suite.
For example, use DES-CBC-SHA rather than SSL_RSA_WITH_DES_CBC_SHA. Using
long names results in an authorization error when connecting to a client.
In addition to the actual cipher names, you may specify cipher quality; for
example:
HIGH
HIGH:MEDIUM
ldap_tls_rand_file
ldap_tls_rand_file =
pathname
When the operating system does not include a random data feature, this file is the
source of random data for encryption.
ldap_tls_cert_file
ldap_tls_cert_file =
pathname
When the LDAP server requires client authentication, use the certificate in this file
to identify the EMS server.
tibemsd.conf 235
ldap_tls_key_file
ldap_tls_key_file =
pathname
When the LDAP server requires client authentication, use the private key in this
file.
When you plan to start the server remotely, we recommend that you do not
password-encrypt the key file.
See Chapter 8, Authentication and Permissions, on page 273 for more information
about these parameters.
ldap_user_class
ldap_user_class =
class_name
ldap_user_attribute
ldap_user_attribute =
attribute
Name of the attribute on the user object class that holds the name of the user.
For example:
ldap_user_attribute = uid
ldap_user_base_dn
ldap_user_base_dn =
DN
Base distinguished name (DN) of the LDAP tree that contains the users.
For example:
ldap_user_base_dn = "ou=People,dc=Corp"
ldap_user_scope
ldap_user_scope = onelevel | subtree
Specifies how deeply under the base DN to search for users. You can specify
onelevel and subtree for this parameter. onelevel specifies to search only one
level below the DN, subtree specifies to search all sub-trees.
For example:
ldap_user_scope = subtree
236
| Chapter 7
ldap_user_filter
ldap_user_filter =
filter
Optional LDAP search filter for finding a given user name. Use %s as the
placeholder for the user name in the filter. For example:
uid=%s
The full LDAP search grammar is specified in RFC 2254 and RFC 2251.
If unspecified, then a default search filter is generated based on the user object
class and user name attribute.
ldap_all_users_filter
ldap_all_users_filter =
filter
An optional LDAP search filter for finding all users beneath the user base DN.
If not specified, then a default search filter is generated based on the user object
class and user name attribute.
See Chapter 8, Authentication and Permissions, on page 273 for more information
about these parameters.
ldap_group_base_dn
ldap_group_base_dn =
DN
Base distinguished name (DN) of the LDAP tree that contains groups.
For example:
ldap_group_base_dn = "ou=Groups,dc=Corp"
ldap_group_scope
ldap_group_scope = onelevel | subtree
Specifies how deeply under the base DN to search for groups. You can specify
onelevel and subtree for this parameter. onelevel specifies to search only one
level below the DN, subtree specifies to search all sub-trees.
For example:
ldap_group_scope = subtree
tibemsd.conf 237
ldap_group_filter
ldap_group_filter =
filter
Optional LDAP search filter for finding a group with a given group name. Use %s
as the placeholder for the group name in the filter.
The full LDAP search grammar is specified in RFC 2254 and RFC 2251.
If unspecified, then a default search filter is generated based on the group object
class and group attribute.
For example:
ldap_group_filter =
"(|(&(cn=%s)(objectClass=groupofUniqueNames))(&(cn=%s)
(objectClass=groupOfURLs)))"
ldap_all_groups_filter
ldap_all_groups_filter =
filter
Optional LDAP search filter for finding all groups beneath the group base DN.
If unspecified, then a default search filter is generated based on the group object
class and group attribute.
ldap_static_group_class
ldap_static_group_class =
name
ldap_static_group_attribute
ldap_static_group_attribute =
class
Name of the attribute on the static group object class that holds the name of the
group.
For example:
ldap_static_group_attribute = cn
238
| Chapter 7
ldap_static_group_member_filter
ldap_static_group_member_filter =
filter
Optional LDAP search filter for finding all static members of a group. Use %s as
the placeholder for the group name in the filter.
The full LDAP search grammar is specified in RFC 2254 and RFC 2251.
If unspecified, then the following default search filter is generated based on the
group object class and group attribute:
ldap_static_group_member_filter =
"(&(<ldap_static_member_attribute>=<user
DN>)(objectClass=<ldap_static_group_class))"
ldap_static_member_attribute
ldap_static_member_attribute =
attribute
Attribute of an LDAP static group object that specifies the distinguished names
(DNs) of the members of the group.
For example:
ldap_static_member_attribute = uniquemember
ldap_dynamic_group_class
ldap_dynamic_group_class =
class
ldap_dynamic_group_attribute
ldap_dynamic_group_attribute =
attribute
Name of the attribute on the dynamic group object class that holds the name of
the group. For example:
ldap_dynamic_group_attribute = cn
tibemsd.conf 239
ldap_dynamic_member_url_attribute
ldap_dynamic_member_url_attribute =
attribute
Attribute of the dynamic LDAP group object that specifies the URLs of the
members of the dynamic group.
For example:
ldap_dynamic_member_url_attribute = memberURL
classpath
Includes the JAR files and dependent classes used by the JAAS LoginModule.
This parameter is required to enable the extensible security feature for
authentication.
For example:
jaas_classpath = .:/usr/local/custom/user_jaas_plugin.jar
jaas_config_file
jaas_config_file =
file-name
Specifies the location of the JAAS configuration file used by the EMS server to run
a custom authentication LoginModule. For more information, see Loading the
LoginModule in the EMS Server on page 302.
This parameter is required to enable the extensible security feature for
authentication.
For example:
jaas_config_file = jaas.conf
240
| Chapter 7
jaas_login_timeout
jaas_login_timeout =
milliseconds
Specifies the length of time, in milliseconds, that the EMS server will wait for the
JAAS authentication module to execute and respond. This timeout is used each
time the server passes a username and password to the LoginModule. If the
module does not return a response, the server denies authentication.
This parameter is optional. If it is not included, the default timeout is 500
milliseconds.
For example:
jaas_login_timeout = 250
jaci_classpath
This parameter is deprecated as of Software Release 8.1.0, and support will be
removed in a future release. This functionality is now supported by the
security_classpath parameter.
jaci_classpath =
classpath
Includes the JAR files and dependent classes used by the JACI custom
permissions module. This parameter is required to enable the extensible security
feature for granting permissions.
For example:
jaci_classpath = .:/usr/local/custom/user_jaci_plugin.jar
jaci_class
jaci_class =
class-name
Specifies the name of the class that implements the extensible permissions
interface. The class must be written using the Java Access Control Interface
(JACI). For more information about writing a custom application using JACI to
grant permissions, see Writing a Permissions Module on page 308.
For example:
jaci_class = com.userco.auth.CustomAuthorizer
tibemsd.conf 241
jaci_timeout
jaci_timeout =
milliseconds
Specifies the length of time, in milliseconds, that the EMS server will wait for the
JACI permissions module to execute and respond. This timeout is used each time
the server passes a destination, username, and action to the permissions module.
If the module does not return a response, the server denies authorization.
This parameter is optional. If it is not included, the default timeout is 500
milliseconds.
For example:
jaci_timeout = 250
security_classpath
security_classpath =
classpath
Includes the JAR files and dependent classes used by the JAAS LoginModules
and JACI modules. This parameter is required to enable the extensible security
feature for authentication and the extensible security feature for granting
permissions.
For example:
security_classpath = .:/usr/local/custom/user_jaci_plugin.jar
JVM Parameters
These parameters enable and configure the Java virtual machine (JVM) in the
EMS server. For more information on how JVM work in EMS, see Enabling the
JVM on page 310.
jre_library
jre_library =
path
Enables the JVM in the EMS server, where path is the absolute path to the JRE
shared library file that is installed with the JRE. Depending on your platform, this
could be jvm.dll, libjvm.so, JavaVM, and so forth. Note that a 32-bit tibemsd
must point to a 32-bit JVM, and a 64-bit tibemsd must to point to a 64-bit JVM.
If this parameter is not included, the JVM is disabled by default.
If the path contains any spaces, the path must be enclosed in quotation marks.
For example:
jre_library = "C:\Program Files\Java\jdk1.6.0_04\jre\bin\server\jvm.dll"
242
| Chapter 7
jre_option
jre_option =
JVMoption
Passes command line options to the JVM at start-up. The jre_option parameter
can be used to define Java system properties, which are used by applications
running in the JVM, such as extensible security modules.
You can use multiple jre_option entries in order to pass more than one options to
the JVM. Permitted values for JVMoption include most JVM options that are
defined by Sun Microsystems.
For example, this restricts the maximum heap size of the JVM to 256 megabytes:
jre_option = -Xmx256m
Description
See
Page
acl.conf
244
bridges.conf
245
channels.conf
246
durables.conf
249
factories.conf
250
groups.conf
258
jaas.conf
259
queues.conf
259
routes.conf
260
stores.conf
262
tibrvcm.conf
266
topics.conf
266
transports.conf
267
users.conf
271
These configuration files can be edited by hand, but you can also use the
244
| Chapter 7
administration tool or the administration APIs to modify some of these files. See
Chapter 6, Using the EMS Administration Tool, on page 125 for more information
about using the administration tool.
The following sections describe the configuration files.
acl.conf
This file defines all permissions on topics and queues for all users and groups.
The format of the file is:
TOPIC=topic USER=user PERM=permissions
TOPIC=topic GROUP=group PERM=permissions
QUEUE=queue USER=user PERM=permissions
QUEUE=queue GROUP=group PERM=permissions
ADMIN USER=user PERM=permissions
ADMIN GROUP=group PERM=permissions
Description
TOPIC
QUEUE
ADMIN
USER
GROUP
PERM
Permissions to add.
The permissions which can be assigned to queues are
send, receive and browse. The permissions which can be
assigned to topics are publish, subscribe and durable
and use_durable. The designation all specifies all
possible permissions. For information about these
permissions, refer to When Permissions Are Checked on
page 294 and Inheritance of Permissions on page 81.
Administration permissions are granted to users to
perform administration activities. See Administrator
Permissions on page 275 for more information about
administration permissions.
Example
ADMIN USER=sys-admins PERM=all
TOPIC=foo USER=user2 PERM=publish,subscribe
TOPIC=foo GROUP=group1 PERM=subscribe
bridges.conf
This file defines bridges between destinations. See Destination Bridges on page 82
for more information about destination bridges.
The format of the file is:
[destinationType:destinationName] # mandatory -- include brackets
destinationType=destinationToBridgeTo1 [selector="msg-selector"]
destinationType=destinationToBridgeTo2 [selector="msg-selector"]
...
Description
destinationType
destinationName
destinationToBridgeTo
selector
Example
[topic:myTopic1]
topic=myTopic2
queue=myQueue1
246
| Chapter 7
channels.conf
This file defines the multicast channels over which messages published to
multicast-enabled topics are broadcast. Each channel defined in this file has a
unique name, and can have a different multicast address, multicast port, and
property values.
The format of the file is:
[multicast-channel-name]
address = multicast-group-address:multicast-port
[ttl = hops]
[priority = priority]
[maxrate = size [KB|MB|GB]]
[maxtime = seconds]
[interface = ip-address]
Description
[multicast-channel-name]
multicast channel.
Note that the square brackets [ ] DO NOT indicate
that the multicast-channel-name is an option; they must
be included around the name.
address
Description
ttl
priority
maxrate
248
| Chapter 7
Description
maxtime
interface
Example
[channel-1]
address=234.5.6.7:99
maxrate=10MB
maxtime=10
ttl=4
[channel-2]
address=234.5.3.9:99
maxrate=15MB
maxtime=10
ttl=3
durables.conf
This file defines static durable subscribers.
The file consists of lines with either of these formats:
topic-name durable-name
[route]
[clientid=id]
[nolocal]
[selector="msg-selector"]
Description
topic-name
durable-name
route
clientid=id
nolocal
selector="string"
Example
topic1
topic2
topic3
topic4
Conflicting
Specifications
dName1
dName2 clientid=myId,nolocal
dName3 selector="urgency in (high,medium)"
Paris route
When the server detects an conflict between durable subscribers, it maintains the
earliest specification, and outputs a warning. Consider these examples:
250
| Chapter 7
Conflict can also arise because of wildcards. For example, if a client dynamically
creates a durable subscriber for topic foo.*, and an administrator later attempts
to define a static durable for topic foo.1, then the server detects this conflict and
warns the administrator.
Configuration
durable
factories.conf
This file defines the connection factories for the internal JNDI names.
The file consists of factory definitions with this format:
[factory-name] # mandatory -- square brackets included
type = generic|xageneric|topic|queue|xatopic|xaqueue|
url = url-string
metric = connections | byte_rate
clientID = client-id
[connect_attempt_count|connect_attempt_delay|
connect_attempt_timeout|reconnect_attempt_count|
reconnect_attempt_delay|reconnect_attempt_timeout = value]
[ssl-prop = value]*
Description
Mandatory Parameters
These parameters are required. Values given to these parameters cannot be overridden using API
calls.
[factory-name]
[factory-name]
Description
type
url
generic:
xageneric:
topic:
Topic connection
queue:
Queue connection
xatopic:
XA topic connection
xaqueue:
XA queue connection
Generic connection
Generic XA connection
This example defines two servers (a and b), each of which has
a fault-tolerant backup. The client program checks the load on
the active a server and the active b server, and connects to the
one that has the smaller load. If it cannot connect to one of the
active servers, the client attempts to connect to the standby
server. For example, if it cannot connect to b1, it connects to
b2.
The connection URL cannot exceed 1000 characters.
For cautionary information, see Load Balancing on page 258.
252
| Chapter 7
Description
Optional Parameters
These parameters are optional. The values of these parameters can be overridden using API calls.
metric
The factory uses this metric to balance the load among a group of
servers:
connectionsConnect
connections.
connect_attempt_count
connect_attempt_delay
connect_attempt_timeout
When attempting to connect to the EMS server, you can set this
connection timeout period to abort the connection attempt after a
specified period of time (in milliseconds).
reconnect_attempt_count
Description
type
url
generic:
xageneric:
topic:
Topic connection
queue:
Queue connection
xatopic:
XA topic connection
xaqueue:
XA queue connection
Generic connection
Generic XA connection
This example defines two servers (a and b), each of which has
a fault-tolerant backup. The client program checks the load on
the active a server and the active b server, and connects to the
one that has the smaller load. If it cannot connect to one of the
active servers, the client attempts to connect to the standby
server. For example, if it cannot connect to b1, it connects to
b2.
The connection URL cannot exceed 1000 characters.
For cautionary information, see Load Balancing on page 258.
254
| Chapter 7
Description
Optional Parameters
These parameters are optional. The values of these parameters can be overridden using API calls.
metric
The factory uses this metric to balance the load among a group of
servers:
connectionsConnect
connections.
connect_attempt_count
connect_attempt_delay
connect_attempt_timeout
When attempting to connect to the EMS server, you can set this
connection timeout period to abort the connection attempt after a
specified period of time (in milliseconds).
reconnect_attempt_count
Description
type
url
generic:
xageneric:
topic:
Topic connection
queue:
Queue connection
xatopic:
XA topic connection
xaqueue:
XA queue connection
Generic connection
Generic XA connection
This example defines two servers (a and b), each of which has
a fault-tolerant backup. The client program checks the load on
the active a server and the active b server, and connects to the
one that has the smaller load. If it cannot connect to one of the
active servers, the client attempts to connect to the standby
server. For example, if it cannot connect to b1, it connects to
b2.
The connection URL cannot exceed 1000 characters.
For cautionary information, see Load Balancing on page 258.
256
| Chapter 7
Description
Optional Parameters
These parameters are optional. The values of these parameters can be overridden using API calls.
metric
The factory uses this metric to balance the load among a group of
servers:
connectionsConnect
connections.
connect_attempt_count
connect_attempt_delay
connect_attempt_timeout
When attempting to connect to the EMS server, you can set this
connection timeout period to abort the connection attempt after a
specified period of time (in milliseconds).
reconnect_attempt_count
Description
reconnect_attempt_delay
reconnect_attempt_timeout
When attempting to reconnect to the EMS server, you can set this
connection timeout period to abort the connection attempt after a
specified period of time (in milliseconds).
multicast_daemon
Use the parameter to specify the TCP port that the client will use
when establishing a connection to the multicast daemon.
This parameter determines the behavior of the EMS client but
does not affect the multicast daemon. The multicast daemon must
listen for the client on the same port that the client uses to
connect. To change the TCP port that the multicast daemon listens
on, use the -listen command line argument in the daemon. See
Command Line Options on page 412 for more information.
See Chapter 14, Using Multicast for information on multicast.
multicast_enabled
enabledmulticast
disabledmulticast
258
| Chapter 7
Example
[north_america]
type = topic
url = tcp://localhost:7222,tcp://server2:7222
clientID = "Sample Client ID"
ssl_verify_host = disabled
Configuration
Load Balancing
groups.conf
This file defines all groups. The format of the file is:
group-name1:"description"
user-name1
user-name2
group-name2:"description"
user-name1
user-name2
Description
group-name
description
user-name
Example
administrators: "TIBCO Enterprise Message Service administrators"
admin
Bob
jaas.conf
This file directs the TIBCO Enterprise Message Service server to the JAAS
LoginModule. See Loading the LoginModule in the EMS Server on page 302 for
more information about the jaas.conf file.
queues.conf
This file defines all queues. The format of the file is:
[jndi-name1,
Note that, while including JNDI names is optional, the square brackets [ ] must
be included around JNDI names if they are included. For more information about
setting JNDI names, see create jndiname on page 133.
For example, you might enter:
test store=mystore,secure,prefetch=2
Only queues listed in this file or queues with names that match the queues listed
in this file can be created by the applications (unless otherwise permitted by an
entry in acl.conf). For example, if queue foo.* is listed in this file, queues
foo.bar and foo.baz can be created by the application.
Properties of the queue are inherited by all static and dynamic queues with
matching names. For example, if test.* has the property secure, then test.1
and test.foo are also secure. For information on properties that can be assigned
to queues, see Destination Properties on page 58.
For further information on the inheritance of queue properties, refer to Wildcards
* and > on page 77 and Inheritance of Properties on page 80.
In the sample file, a > wildcard at the beginning of the file allows the applications
to create valid queues with any name. A > at the beginning of the queue
configuration file means that name-matching is not required for creation of
queues.
Restrictions and rules on queue names are described in Destination Name Syntax
on page 56.
260
| Chapter 7
routes.conf
This file defines routes between this TIBCO Enterprise Message Service server
and other TIBCO Enterprise Message Service servers.
Routes may only be configured administratively, using the administration tool
(see Chapter 6 on page 125), or the administration APIs (see
com.tibco.tibjms.admin.RouteInfo in the online documentation). Directly
editing the routes.conf file causes errors.
The format of the file is:
[route-name] # mandatory -- square brackets included.
url=url-string
zone_name=zone_name
zone_type=zone_type
topic_prefetch=value
[selector]*
[ssl-prop = value]*
Description
[route-name]
url
zone_name
Description
zone_type
topic_prefetch
selector
ssl-prop
Example
[test_route_2]
url = tcp://server2:7222
ssl_verify_host = disabled
262
| Chapter 7
stores.conf
This file defines the locations, either store files, mstore, or a database, where the
EMS server will store messages or metadata (if the default $sys.meta definition
is overridden). You can configure one or many stores in the stores.conf file.
Each store configured is either a file-based store, mstore, or a database store.
File-based store and mstore parameters are described here. Database store
parameters are described in Chapter 11, Using Database Stores.
The format of the file is:
[store_name] # mandatory -- square brackets included
type=file
file=name
file_destination_defrag=size
[file_crc=true|false]
[file_minimum=value]
[file_truncate=value]
[mode=async|sync]
[processor_id = processor id]
[store_name]
type=mstore
file=name
[processor_id = processor-id]
[scan_iter_interval=time msec|sec|min|hour|day]
[scan_target_interval=time msec|sec|min|hour|day]
Description
[store_name]
[store_name]
Identifies the store type. This parameter is required for all store
types. The type can be:
file
mstore
dbstore
Description
file
The filename that will be used when creating this store file. This
parameter is required for both file and mstore types. For
example, mystore.db.
The location for this file can be specified using absolute or relative
path names. If no path separators are present, the file will be saved
in the location specified by the store parameter in the
tibemsd.conf file, if any is specified there.
processor_id
When specified, the EMS Server binds the storage thread of this
store to the specified processor.
Do not use this parameter if the default behavior provides
sufficient throughput. If no processor ID is specified for a store, the
store is not bound to a specific processor.
Specify the processor-id as an integer. The processor ID is numbered
starting at 0 and continuing to the number of processors available,
minus 1. For example, if you have four processors, the available
processor IDs are 0, 1, 2, and 3.
This parameter has similar requirements, limitations, and benefits
as the processor_ids parameter in tibemsd.conf. For use
guidelines, see Performance Tuning on page 121.
264
| Chapter 7
Description
file_crc
file_minimum
mode
Description
mstore Parameters
scan_iter_interval
Example
[my_sync]
type = file
file = /var/local/tibems/my_sync.db
file_destination_defrag=2MB
file_crc = true
file_minimum = 10MB
file_truncate = true
mode = sync
Example
[mstore1]
type = mstore
file = /var/local/tibems/mstore1.db
scan_iter_interval=100msec
scan_target_interval=12hour
266
| Chapter 7
tibrvcm.conf
This file defines the TIBCO Rendezvous certified messaging (RVCM) listeners for
use by topics that export messages to a tibrvcm transport. The server preregisters
these listeners when the server starts up so that all messages (including the first
message published) sent by way of the tibrvcm transport are guaranteed. If the
server does not preregister the RVCM listeners before exporting messages, the
listeners are created when the first message is published, but the first message is
not guaranteed.
The format of this file is
transport listenerName subjectName
Description
transport
listenerName
subjectName
Example
RVCM01 listener1 foo.bar
RVCM01 listener2 foo.bar.bar
topics.conf
This file defines all topics. The format of the file is:
[jndi-name1,
Note that, while including JNDI names is optional, the square brackets [ ] must
be included around JNDI names if they are included. For more information about
setting JNDI names, see create jndiname on page 133.
For example, you might enter:
business.inventory global, import="RV01,RV02", export="RV03",
maxbytes=1MB
Only topics listed in this file or topics with names that match the topics listed in
this file can be created by the applications (unless otherwise permitted by an
entry in acl.conf). For example, if topic foo.* is listed in this file, topics
foo.bar and foo.baz can be created by the application.
Properties of the topic are inherited by all static and dynamic topics with
matching names. For example, if test.* has the property secure, then test.1
and test.foo are also secure. For information on properties that can be assigned
to topics, see Destination Properties on page 58.
For further information on the inheritance of topic properties, refer to Wildcards *
and > on page 77 and Inheritance of Properties on page 80.
Restrictions and rules on topic names are described in Destination Name Syntax
on page 56.
transports.conf
This file defines transports for importing messages from or exporting messages to
external message services, such as TIBCO Rendezvous and TIBCO SmartSockets.
The format of the file is:
[transport_name] # mandatory -- square brackets included
type = tibrv | tibrvcm | tibss # mandatory
[topic_import_dm = TIBEMS_PERSISTENT |
TIBEMS_NON_PERSISTENT |
TIBEMS_RELIABLE]
[queue_import_dm = TIBEMS_PERSISTENT |
TIBEMS_NON_PERSISTENT |
TIBEMS_RELIABLE]
[export_headers = true | false]
[export_properties = true | false]
transport-specific-parameters
Description
[transport_name]
268
| Chapter 7
Description
type
Transport type.
tibrv
tibrvcm
tibss
export_properties
transport-specificparameters
= tibrv,
[service = service]
[network = network]
[daemon = daemon]
[temp_destination_timeout = seconds]
[rv_queue_policy = [TIBRVQUEUE_DISCARD_NONE |
TIBRVQUEUE_DISCARD_FIRST |
TIBRVQUEUE_DISCARD_LAST]:max_msgs:qty_discard]
= tibrvcm,
= tibss,
[username = name]
[password = password]
[server_names = single_or_list_of_servers]
[project = name]
[delivery_mode = best_effort | gmd_all | gmd_some | ordered]
[lb_mode = none | round_robin | weighted | sorted]
[override_lb_mode = enable | disable]
[gmd_file_delete = enable | disable]
[import_ss_headers = none | type_num | all]
[preserve_gmd = always | receivers | never]
270
| Chapter 7
type = tibrv
topic_import_dm = TIBEMS_RELIABLE
queue_import_dm = TIBEMS_PERSISTENT
service = 7780
network = lan0
daemon = tcp:host5:7885
[RVCM01]
type = tibrvcm
export_headers = true
export_properties = true
rv_tport = RV02
cm_name = RVCMTrans1
ledger_file = ledgerFile.store
sync_ledger = true
request_old = true
default_ttl = 600
[SS01]
type = tibss
server_names = tcp:rtHost2A:5555, ssl:rtHost2B:5571
username = emsServer6
password = myPasswd
project = mfg_process_control
override_lb_mode = enable
delivery_mode = gmd_some
[RV02]
type = tibrv
topic_import_dm = TIBEMS_PERSISTENT
queue_import_dm = TIBEMS_PERSISTENT
service = 7780
network = lan0
daemon = tcp:host5:7885
rv_queue_policy = TIBRVQUEUE_DISCARD_LAST:10000:100
users.conf
This file defines all users. The format of the file is:
username:password:"description"
Description
username
272
| Chapter 7
Description
password
Example
admin::"Administrator"
Bob::"Bob Smith"
Bill::"Bill Jones"
After the server has started and passwords have been assigned, the file will look
like this:
admin:$1$urmKVgq78:"Administrator"
Bob:$2$sldfkj;lsafd:"Bob Smith"
Bill:$3$tyavmwq92:"Bill Jones"
| 273
Chapter 8
You can create users and assign passwords to the users to control access to the
EMS server. EMS can also be configured to use an external directory (such as an
LDAP server) to control access to the server.
You can also assign permissions to users and groups to control actions that can be
performed on destinations.
This chapter describes authentication and permissions in EMS.
Topics
274
| Chapter 8
Administrator Permissions
Administrators are a special class of users that can manage the EMS server.
Administrators create, modify, and delete users, destinations, routes, factories,
and other items. In general, administrators must be granted permission to
perform administration activities when using the administration tool or API.
Administrators can be granted global permissions (for example, permission to
create users or to view all queues), and administrators can be granted permissions
to perform operations on specific destinations (for example, purging a queue, or
viewing properties for a particular topic).
Administrator permissions control what administrators can view and change in
the server only when using the administration tool or API. Administrator
commands create entries in each of the configuration files (for example,
tibemsd.conf, acl.conf, routes.conf, and so on).
You should control access to the configuration files so that only certain system
administrators can view or modify the configuration files. If a user can view or
modify the configuration files, setting permissions to control which destination
that user can manage would not be enforced when the user manually edits the
files.
Use the facilities provided by your Operating System to control access to the
servers configuration files.
Administrators must be created using the administration tool, the administration
APIs, or in the configuration files.
276
| Chapter 8
username
all
view-all
278
| Chapter 8
change-acl
change-admin-acl
change-bridge
change-connection
Delete connections.
create-destination
modify-destination
delete-destination
change-durable
change-factory
change-group
change-message
change-route
change-server
change-user
purge-destination
Purge destinations.
purge-durable
shutdown
view-acl
view-admin-acl
view-connection
view-bridge
view-destination
view-durable
view-factory
View factories.
view-group
view-message
view-route
View routes.
view-server
view-user
Any type of modification to an item requires that the user can view that item.
Therefore, granting any create, modify, delete, change, or purge permission
implicitly grants the permission to view the associated item.
Granting the view permissions is useful when you want specific users to only be
able to view items. It is not necessary to grant the view permission if a user
already has a permission that allows the user to modify the item.
Global permissions are stored in the acl.conf file, along with all other
permissions. Global permissions in this file have the following syntax:
ADMIN USER=<username> PERM=<permission>
or
ADMIN GROUP=<groupname> PERM=<permission>
280
| Chapter 8
For example, if a user named BOB is granted the view-user global administration
permission and the group sys-admins is granted the change-acl permission, the
following entries are added to the acl.conf file:
ADMIN USER=BOB PERM=view-user
ADMIN GROUP=sys-admins PERM=change-acl
Destination-Level Permissions
Administrators can be granted permissions on each destination. Destination-level
permissions control the administration functions a user can perform on a specific
destination. Global permissions granted to a user override any destination-level
permissions.
The typical use of destination-level administration permissions is to specify
permissions on wildcard destinations for different groups of users. This allows
you to specify particular destinations over which a group of users has
administrative control. For example, you may allow one group to control all
ACCOUNTING.* topics, and another group to control all PAYROLL.* queues.
Table 47 describes the destination-level administration permissions.
Table 47 Destination-level administration permissions
Permission
view
create
delete
modify
purge
Any type of modification to an item requires that the user can view that item.
Therefore, granting create, modify, delete, change, or purge implicitly grants the
permission to view the associated item.
Granting the view permissions is useful when you want specific users to only be
able to view items. It is not necessary to grant the view permission if a user
already has a permission that allows the user to modify the item.
Administration permissions for a destination are stored alongside all other
permissions for the destination in the acl.conf file. For example, if user BOB has
publish and subscribe permissions on topic foo, and then BOB is granted view
permission, the acl listing would look like the following:
TOPIC=foo USER=BOB PERM=publish,subscribe,view
Both user and administrator permissions for a destination are stored in the same
entry in the acl.conf file. This is for convenience rather than for clarity. User
permissions specify the actions a client application can perform on a destination
(publish, subscribe, send, receive, and so on). Administrator permissions specify
what administrative commands the user can perform on the destination when
using the administration tool or API.
Protection Permissions
Protection permissions allow you to group users into administrative domains so
that administrators can only perform actions within their domain. An
administrator can only perform administrative operations on a user that has the
same protection permission as the user. There are four protection permissions
(protect1, protect2, protect3, and protect4) that allow you to create four
groups of administrators. Protection permissions do not apply to the admin user
or users in the $admin group these users can perform any action on any user
regardless of protection permissions.
To use protection permissions, grant one of the protection permissions to a set of
users (either individually, or to a defined group(s)). Then, grant the same
protection permission to the administrator that can perform actions on those
users.
For example, there are four departments in a company: sales, finance,
manufacturing, and system administrators. Each of these departments has a
defined group and a set of users assigned to the group. Within the system
administrators, there is one manager and three other administrators, each
282
| Chapter 8
You can grant a protection permission, in addition to the all permission. This
signifies that the user has all administrator privileges for anyone who also has the
same protection permission. However, if you revoke the all permission from a
user, all permissions, including any protection permissions are removed from the
access control list for the user.
An administrator is able to view users that have a different protection permission
set, but the administrator can only perform actions on users with the same
protection permission.
For example, admin1 can perform any action on any user in the sales group, and
can view any users in the manufacturing or finance groups. However, admin1
is not able to grant permissions, change passwords, delete users from, or perform
any other administrative action on users of the manufacturing or finance
groups. The mgr user is able to perform any action on any user, regardless of their
protection permission because mgr is a member of the $admin group.
Server Control
The property in the main configuration file enables or disables the checking of
permissions for all destinations managed by the server. The authorization
property also enables or disables verification of user names and passwords.
The default setting is disabled. For secure deployments, the administrator must
explicitly set authorization to enabled.
When authorization is disabled, the server grants any connection request, and
does not check permissions when a client accesses a destination (for example,
publishing a message to a topic).
When authorization is enabled, the server grants connections only from valid
authenticated users. The server checks permissions for client operations involving
secure destinations.
To enable authorization, either edit tibemsd.conf (set the authorization
property to enabled, and restart the server). Or you can use the tibemsadmin tool
to dynamically enable authorization with the following set server command:
set server authorization=enabled
284
| Chapter 8
Destination Control
When server authorization is enabled, the server checks user names and
password of all connections without exceptions. However, operations on
destinations, such as sending a message or receiving a message, are not verified
unless the destination has enabled the secure property on the destination. All
operations by applications on the destination with secure enabled are verified by
the server according to the permissions listed in acl.conf. Destinations with
secure disabled continue to operate without any restrictions.
The secure property is independent of SSL-level security. The secure property
controls only basic authentication and permission verification. It does not affect
the security of communication between clients and server.
When a destination does not have the secure property set, any authenticated
user can perform any actions on that topic or queue.
See Destination Properties on page 58 for more information about destination
properties.
Destinations
Topics:
check.request
purchase.order
External Directory
Users
gale
jean
perry
Groups
Employees:
gale
jean
perry
286
| Chapter 8
Externally-configured users and groups are defined and managed using the
external directory. Locally-configured users and groups, as well as the access
control list, are configured using any of the administration interfaces (editing
configuration files, using the administration tool, or the administration APIs).
Access control and Secure Sockets Layer (SSL) have some similar characteristics.
SSL allows for servers to require user authentication by way of the users digital
certificate. SSL does not, however, specify any access control at the destination
level. SSL and the access control features described in this chapter can be used
together or separately to ensure secure access to your system. See Chapter 19,
Using the SSL Protocol, on page 501 for more information about SSL.
The following sections describe users and groups in EMS.
Users
Users are specific, named IDs that allow you to identify yourself to the server.
When a client logs in, the connect request should be accompanied by a username
and the password associated with the username.
In special cases, you may wish to allow anonymous access to the server. In this
case, a connect request does not have to supply a username or password. To
configure the server to allow anonymous logins, you must create a user named
anonymous and specify no password. Anonymous logins are not permitted unless
the anonymous user exists.
Clients logging in anonymously are only able to perform the actions that the
anonymous user has permission to perform.
There is one predefined user, admin, that performs administrative tasks, such as
creating other users.
You can create and remove users and change passwords by specifying the users in
the users.conf configuration file, using the tibemsadmin tool, or by using the
administration APIs. For more information about specifying users in the
configuration file, see users.conf on page 271. For more information about
specifying users using the tibemsadmin tool, see Chapter 6, Using the EMS
Administration Tool, on page 125. For more information on the administration
APIs, see the online documentation.
Groups
Groups allow you to create classes of users. Groups make access control
administration significantly simpler because you can grant and revoke
permissions to large numbers of users with a single operation on the group. Each
user can belong to as many groups as necessary. A users permissions are the
union of the permissions of the groups the user belongs to, in addition to any
permissions granted to the user directly.
You can create, remove, or add users to groups by specifying the groups in
groups.conf, using the tibemsadmin tool, or by using the administration APIs.
For more information about specifying groups in the configuration file, see
groups.conf on page 258. For more information about specifying groups using
the tibemsadmin tool, see Chapter 6, Using the EMS Administration Tool, on
page 125. For more information on the administration APIs, see the online
documentation.
288
| Chapter 8
Group Information
Group information stored in an external directory can also be retrieved by the
EMS server. Static and dynamic groups are supported and you can configure the
EMS server to retrieve either or both.
Administration Commands and External Users and Groups
You can perform administrative commands on users and groups defined either
locally (in the EMS servers local configuration files) or in an external LDAP.
Furthermore, you can combine users and groups that are defined in different
locations (for example, you can grant and revoke permissions for users and
groups defined in an LDAP, or add LDAP-defined users to locally-defined
groups).
Combining authentication sources requires that the configuration parameter
user_auth includes both ldap and local.
When you attempt to view users and groups using the show user/s or show
group/s commands, any users and groups that exist in external directories have
an asterisk next to their names. Users and groups from external directories will
only appear in the output of these commands in the following situations:
Therefore, not all users and groups defined in the external directory may appear
when the show user/s or show group/s commands are executed. Only the users
and groups that meet the above criteria at the time the command is issued will
appear.
You can create users and groups with the same names as externally-defined users
and groups. If a user or group exists in the servers configuration and is also
defined externally, the local definition of the user takes precedence.
Locally-defined users and groups will not have an asterisk by their names in the
show user/s or show group/s commands.
You can also issue the delete user or delete group command to delete users
and groups from the local servers configuration. The permissions assigned to the
user or group are also deleted when the user or group is deleted. If you delete a
user or group that is defined externally, this deletes the user or group from the
servers memory and deletes any permissions assigned in the access control list,
but it has no effect on the external directory. The externally-defined user can once
again log in, and the user is created in the servers memory and any groups to
which the user belongs are also created. However, any permissions for the user or
group have been deleted and therefore must be re-granted.
Using LDAP Directory Servers
EMS has been tested with the following external directory servers:
However, you should be able to use any external directory server that is
compliant with LDAP V2.
The description for tibemsd.conf on page 189 provides the complete list of
configuration parameters for configuring an external directory server. Table 48
describes parameter settings for default configurations of popular LDAP servers.
Table 48 Default configuration for popular LDAP servers (Sheet 1 of 2)
External
Directory Server
Parameter Configuration
iPlanet
290
| Chapter 8
Parameter Configuration
Active Directory
Open LDAP
ldap_user_class = person
ldap_user_attribute = cn
ldap_user_base_dn = ou=people,
dc=<your_domain_component>, dc=<your_domain_component>
ldap_user_filter = (&(cn=%s)(objectclass=user))
ldap_group_base_dn = ou=groups,
dc=<your_domain_component>, dc=<your_domain_component>
ldap_group_filter =
(&(cn=%s)(objectclass=groupofnames))
ldap_static_group_class = groupofnames
ldap_static_group_attribute = cn
ldap_static_member_attribute = member
ldap_static_group_member_filter =
(&(member=%s)(objectclass=groupofnames))
Novell
ldap_user_class = person
ldap_user_attribute = cn
ldap_user_base_dn = ou=people,
o=<your_organization>
ldap_user_filter =
(&(cn=%s)(objectclass=person))
ldap_group_base_dn = ou=groups,
o=<your_organization>
ldap_group_filter =
(&(cn=%s)(objectclass=groupofnames))
ldap_static_group_class = grouponames
ldap_static_group_attribute = cn
ldap_static_member_attribute = uniquemember
ldap_static_group_member_filter =
(&(uniquemember=%s)(objectclass=groupofnames))
User Permissions
User permissions are stored in the access control list and determine the actions a
user can perform on a destination. A users permissions are the union of the
permissions granted explicitly to that user along with any permissions the user
receives by belonging to a group.
When granting user permissions, you specify the user or group to whom you
wish to grant the permission, the name of the destination, and the permission(s)
to grant. Granting permissions is an action that is independent from both the
authorization server parameter, and the secure property of the relevant
destinations. The currently granted permissions are stored in the access control
file, however, the server enforces them only if the authorization is enabled, and
only for secure destinations.
When setting permissions for users and groups defined externally, user and
group names are case-sensitive. Make sure you use the correct case for the name
when setting the permissions.
User permissions can only be granted by an administrator with the appropriate
permissions described in Administrator Permissions on page 275.
You assign permissions either by specifying them in the acl.conf file, using the
tool, or by using the administration APIs. When setting user
permissions, you can specify either explicit destination names or wildcard
destination names. See Inheritance of User Permissions on page 292 for more
information on wildcard destination names and permissions.
tibemsadmin
The permissions that can be granted to users to access queues are listed in
Table 49; the permissions to access topics are listed in Table 50 on page 292.
Table 49 Queue Permission
Name
Description
receive
send
browse
292
| Chapter 8
Description
subscribe
publish
durable
use_durable
This set of permissions means that bob can subscribe to topic foo and publish
messages to it, but bob cannot create durable subscribers to foo.
If bob is a member of group engineering and the group has the following entry
in the acl file:
GROUP=engineering TOPIC=bar PERM=subscribe,publish
then bob can publish and subscribe to topics foo and bar.
If both the user bob and the group engineering have entries in the acl.conf file,
then bob has permissions that are a union of all permissions set for bob directly
and the permissions of the group engineering.
294
| Chapter 8
A user cannot create or send a message to a destination for which he or she has
not explicitly been granted the appropriate permission. So, before creating or
sending messages to the destination, a user must be granted permissions on the
destination.
However, for wildcard topic names (queue consumers cannot specify wildcards),
permissions are not checked when users create non-durable subscriptions.
Therefore, a user can create a subscription to topic foo.* without having explicit
permission to create subscriptions to foo.* or any child topics. This allows
administrators to grant users the desired permissions after the users application
creates the subscriptions. You may wish to allow users to subscribe to unspecific
wildcard topics, then grant permission to specific topics at a later time. Users are
not able to receive messages based on their wildcard subscriptions until
permissions for the wildcard topic or one or more child topics are granted.
When creating a durable subscriber, users must have the durable permission
explicitly set for the topic they are subscribing to. For example, to create a durable
subscriber to topic foo.*, the user must have been granted the durable
permission to create durable subscriptions for topic foo.*. To subscribe an
existing durable subscriber to a topic, you must have either durable or
use_durable permission set on that topic.
296
| Chapter 8
| 297
Chapter 9
Extensible Security
This chapter outlines how to develop and implement custom authentication and
permissions modules.
Topics
298
| Chapter 9
Extensible Security
Extensible security works by allowing you to write your own authentication and
permissions modules, which run in a Java virtual machine (JVM) in the EMS
server. The modules connect to the server using the Java Authentication and
Authorization Service (JAAS) for authentication modules, and the Java Access
Control Interface (JACI) for permissions modules.
If the extensible security features are enabled when the EMS server starts, the
server checks each user as it connects for authentication, and checks user
permissions when they attempt to perform actions that require authorization.
Permission results are cached in the server for specified timeouts, and the
permissions module is re-invoked when a cached permission expires. The server
then replaces the old permission data with new data.
Extensible authentication and extensible permissions are enabled in the
tibemsd.conf configuration file. Extensible security modules can connect to
external security services, such as single sign on (SSO) servers or LDAP
directories, which operate outside of the TIBCO Enterprise Message Service
framework. Extensible security modules can work in tandem with other
authorization and permissions methods, such as LDAP or the EMS acl.conf
configuration file. Figure 16 on page 299 shows the different security methods
available in the server.
users.conf
LDAP
acl.conf
JVM
External Security
Services
JAAS
LoginModule
JACI
Authorization
Module
External Security
Services
300
| Chapter 9
Extensible Security
Extensible Authentication
The extensible authentication feature uses the Java virtual machine (JVM) and the
Java Authentication and Authorization Service (JAAS) to allow you to run your
own Java-based authentication module in the EMS server.
Your authentication module, or LoginModule, runs in the JVM within the EMS
server, and is accessed by tibemsd using the JAAS interface. This is a flexible way
to extend the security of your EMS application. The LoginModule can be used to
augment existing authentication processes, or can be the sole method of
authentication used by the EMS server. The user_auth parameter in the main
configuration file determines when the LoginModule is used.
Each time an EMS client attempts to create a connection to the server, the server
will authenticate the client before accepting the connection. When extensible
authentication is enabled, tibemsd passes user information to the LoginModule,
which returns an allow or deny response.
If more than one authentication mechanism is enabled, its important to note the
order that the authentication processes are employed, as determined by their
order in the user_auth parameter. The server will search each authentication
source in order, and if the user does not exist there, tibemsd passes the username
and password to the next source.
For example, if local authentication appears before JAAS authentication, the
server will search for the provided username and password first in the
users.conf file. If the user does not exist there, tibemsd passes the username
and password to the LoginModule, which allows or denies the connection
attempt.
Consider a connection request from a client with the username avogus. If avogus
exists in the users.conf, the EMS server will either authenticate or deny access to
avogus based on the username and password located there. Only if avogus does
not exist in the users.conf does the server pass the username and password to
the LoginModule.
security_classpathspecifies
the LoginModule.
Because the LoginModule runs in the Java virtual machine, you must also enable
the JVM in the EMS server. See Enabling the JVM on page 310 for more
information.
The LoginModule must accept the username and password from the EMS
server by way of the NameCallback and PasswordCallback callbacks. The
EMS server passes the username and password to the LoginModule using
these callbacks, ignoring the prompt argument.
The LoginModule must be thread-safe. That is, the LoginModule must be able
to function both in a multi-threaded environment and in a single-threaded
environment.
302
| Chapter 9
Extensible Security
The LoginModule, like the Permissions Module, should not perform long
operations, and should return values quickly. As these modules become part
of the EMS servers message handling process, slow operations can have a
severe effect on performance.
The EMS server locates and loads the LoginModule based on the contents of the
configuration file specified by the jaas_config_file parameter in the
tibemsd.conf file. Usually, the JAAS configuration file is named jaas.conf. This
file contains the configuration information used to invoke the LoginModule.
The contents of the jaas.conf file should follow the JAAS configuration syntax,
as documented at:
http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html
The LoginModule in the JAAS configuration file must have the name
EMSUserAuthentication.
Example jaas.conf Configuration File
EMSUserAuthentication {
com.tibco.tibems.tibemsd.security.example.FlatFileUserAuthLoginMod
ule required debug=true filename=jaas_users.txt;
};
Extensible Permissions
The extensible permissions feature uses the Java virtual machine (JVM) and the
Java Access Control Interface (JACI) to allow you to run your own Java-based
permissions module in the EMS server.
Your Permissions Module runs in the JVM within the EMS server, and connects to
tibemsd using the JACI interface. Like the LoginModule, the Permissions Module
provides an extra layer of security to your EMS application. It does not supersede
standard EMS procedures for granting permissions. Instead, the module
augments the existing process.
When a user attempts to perform an action, such as subscribing to a topic or
publishing a message, the EMS server checks the acl.conf file, the Permissions
Module, and cached results from previous Permissions Module queries, for
authorization. This process is described in detail in How Permissions are Granted
on page 304.
Cached Permissions
In order to speed the authorization process, the EMS server caches responses
received from the Permissions Module in two pools, the allow cache and the deny
cache. Before invoking the Permissions Module, the server first checks these
caches for a cache entry matching the users request.
What is Cached
Each cache entry consists of a username and action, and the authorization result
response from the Permissions Module:
The username is specific; the cached permission applies only to this user.
The action is also specific. Only one action is included in each cache entry.
Actions that require authorization are the same as those listed in the acl.conf
file.
The destination can include wildcards. That is, a single cache entry can
determine the users authorization to perform the action on multiple
destinations.
If the response from the Permissions Module authorized the action, the
permission is cached in the allow cache. If the action was denied, it is cached in
the deny cache.
304
| Chapter 9
Extensible Security
How Long
Permissions are
Cached
Permissions Module results also include timeouts, which determine how long the
cache entry is kept in the cache before it expires. When a timeout has expired, the
entry is removed from the cache. Because these timeouts are assigned by the
Permissions Module, you can control how often the Permissions Module is called,
and therefore how much load it puts on the EMS server.
Long timeouts on permissions cache entries can increase performance, but they
also lower the systems responsiveness to changes in permissions. Consider
timeout lengths carefully when writing your Permissions Module.
Administering the
Cache
You can view and reset cache statistics, as well as clear all cache entries. These
commands are available in the administration tool:
jaci showstats
jaci resetstats
jaci clear
on page 140
on page 140
on page 140
If the Permissions Module does not respond to the request within the timeout
specified by the jaci_timeout parameter in the tibemsd.conf file, the server
denies authorization by default.
Actions that require permissions are the same as those listed in the acl.conf file,
and include operations such as subscribe to a topic and publishing to a queue.
Permissions are described in acl.conf on page 244. Figure 17 shows the decision
tree the server follows when granting or denying permissions.
Figure 17 The Permissions Decision Tree
Yes
No
Yes
No
Yes
No
Allow
Allow
Timeout
reached
Deny
Deny
306
| Chapter 9
Extensible Security
Durable
Subscribers
When a durable subscriber is disconnected from the EMS server, the server
continues to accumulate messages for the client. However, while the client is
disconnected, there is no user associated with the durable subscriber. Because of
this, the server cannot immediately check permissions for a message that is
received when the client is not connected.
When a user later reconnects to the server and resubscribes to the durable
subscription, the server checks permissions for the subscribe operation itself, but
all messages in the backlog are delivered to the consumer without additional
permission checks.
Special
Circumstances
There are some special circumstances under which the request, although it is not
exactly matched in the acl.conf file, will be denied without reference to either
the permissions cache or the Permissions Module. Any request will be denied if,
in the acl.conf
The username exists and is associated with destinations, but not with the
specific destination in the request.
The username is part of a group, but the group is not associated with any
destinations.
The username is part of a group and the group is associated with destinations,
but not with the specific destination in the request.
for permissions before checking the deny cache and before sending an uncached
permission request to the Permissions Module. In other words, the authorization
status cannot be changed until the timeout on the cache entry expires and it is
removed from the cache.
Similarly, an entry in the deny cache remains there until the timeout has expired
and the entry is removed. Only then does the EMS server send the request to the
Permissions Module, so that a change in status can take effect.
Overlapping wildcards can make this situation even more complex. For example,
consider these three destinations:
foo.*.baz
foo.bar.*
foo.>
It might seem that, if foo.*.baz were in a cache, then foo.bar.* would match it
and permissions for that destination would come from the cache. In fact, however,
permissions could not be determined by the cache entry, because foo.bar.*
intersects but is not a subset of foo.*.baz. That is, not every destination that
matches foo.bar.* will also match foo.*.baz. The destination foo.bar.boo, for
example, would be granted permissions by foo.bar.*, but not by foo.*.baz.
Since not all destinations that foo.bar.* matches will also match foo.*.baz, we
say that foo.*.baz intersects foo.bar.*. The cache entry can determine a
permission if the requested destination is a subset of the cache entry, but not if it is
merely an intersection. In this case, permissions cannot be determined by the
cache.
The destination foo.>, on the other hand, contains as subsets both foo.bar.*
and foo.*.baz, because any destination name that matches either foo.bar.* or
foo.*.baz will also match foo.>. If foo.> is in the cache, permissions will be
determined by the cache.
authorizationenables
jaci_classspecifies
authorization.
308
| Chapter 9
Extensible Security
AuthorizationResult
An allowed parameter, where true means that the request is allowed and
false means the request is denied.
A timeout, which determines how long the permission result will be
cached. Results can be cached for a time of up to 24 hours, or not at all.
The destination on which the user is authorized to perform the action. The
destination returned can be more inclusive than the request. For example,
if the user requested to subscribe to the topic foo.bar, the permission
result can allow the user to subscribe to foo.*. If a destination is not
included in the permission result, then the allow or deny response is
limited to the originally requested destination.
The action type that the permission result replies to. For example,
authorization to publish to the destination, or authorization to receive
messages from a queue. Permissions can be granted to multiple action
types, for example permission to publish and subscribe on foo.>. Note that
the EMS server creates one cache entry for each action specified in the
result.
TIBCO Enterprise Message Service Users Guide
The Permissions Module must be thread-safe. That is, the Permissions Module
must be able to function both in a multi-threaded environment and in a
single-threaded environment.
The Permissions Module, like the LoginModule, should not employ long
operations, and should return values quickly. As these modules become part
of the EMS servers message handling process, slow operations can have a
severe effect on performance.
310
| Chapter 9
Extensible Security
jre_libraryenables
the JVM.
For more information about these parameters, see JVM Parameters on page 241.
On Mac OS X platforms, you must use the 64-bit EMS server. Because Java 1.7
does not support 32-bit libraries on Mac OS X, the 32-bit EMS server cannot load
the JVM.
| 311
Chapter 10
TIBCO provides several compiled and fully functional JAAS modules that can be
used to enable LDAP and host-based authentication in the EMS server.
Topics
312
| Chapter 10
314
| Chapter 10
EMS_HOME/bin/tibemsd_jaas.jar
EMS_HOME/lib/tibjmsadmin.jar
EMS_HOME/lib/tibjms.jar
EMS_HOME/lib/jms-2.0.jar
For example:
security_classpath =
c:\tibco\ems\8.1\bin\tibemsd_jaas.jar;c:\tibco\ems\8.1\lib\tibj
316
| Chapter 10
msadmin.jar;c:\tibco\ems\8.1\lib\tibjms.jar;c:\tibco\ems\8.1\li
b\jms-2.0.jar
4. Set the user_auth parameter to enable JAAS for LDAP authentication. The
parameter should specify jaas, and should not include ldap. For example:
user_auth=jaas
The JAAS configuration file entry for this login module should have a section
similar to the following:
EMSUserAuthentication {
com.tibco.tibems.tibemsd.security.jaas.LDAPSimpleAuthentication required
tibems.ldap.url="ldap://ldapserver:389"
tibems.ldap.user_pattern="CN=%u" ;
};
318
| Chapter 10
Parameters
Table 51 JAAS Module Parameters LDAP Simple Authentication Module
Parameter
Description
debug
When set to true, enables debug output for the module. Enabling
this parameter may aid in diagnosing configuration problems.
Warning: Enabling the debug flag may create security
vulnerabilities by revealing information in the log file.
The default setting is false.
tibems.ldap.truststore
tibems.ldap.url
The servers are attempted in the order listed. Should the first
server in the list be unavailable or fail, the next URL is tried. Any
number of backup servers may be specified.
The default is ldap://localhost:389.
tibems.ldap.user_pattern
LDAP Authentication
The LDAP Authentication login module is a more fully featured LDAP
authentication module. This module validates all connections (users, routes, and
so on) by authenticating to the LDAP server using the supplied credentials.
This EMS JAAS module keeps one lookup context open using a manager context,
and then uses copies of that context to search for users. This allows the LDAP
implementation to reuse the connection for subsequent searches, improving
performance.
Authentication Process
This implementation queries LDAP, and optionally a user cache, to authenticate a
user. A context with LDAP manager credentials is first used to look up a user and
retrieve the complete distinguished name of the user's entry. If the user exists, a
separate LDAP context is then created to authenticate the user. For performance
reasons, the manager context, once created, exists for the lifetime of the module.
Should connectivity with the LDAP server break, multiple reconnection attempts
may be made based on the parameters.
To increase performance, you can enable user caching. When enabled, a user is
added to the user cache after being authenticated though LDAP. This allows for
faster authentication on subsequent logins. If the user cache entry is found to be
expired, the user is authenticated with LDAP again and the cache is updated.
Implementation
The LDAP Authentication module name is:
com.tibco.tibems.tibemsd.security.jaas.LDAPAuthentication
The JAAS configuration file entry for this login module should have a section
similar to the following:
EMSUserAuthentication {
com.tibco.tibems.tibemsd.security.jaas.LDAPAuthentication required
tibems.ldap.url="ldaps://ldapserver:391"
tibems.ldap.truststore="/certificates/cacerts"
tibems.ldap.user_base_dn="ou=Marketing,dc=company,dc=com"
tibems.ldap.user_attribute="uid"
tibems.ldap.scope="subtree"
tibems.cache.enabled=true
tibems.cache.user_ttl=600
tibems.ldap.manager="CN=Manager"
tibems.ldap.manager_password="password" ;
};
320
| Chapter 10
Parameters
Table 52 JAAS Module Parameters LDAP Authentication Module
Parameter
Description
debug
tibems.ldap.truststore
tibems.ldap.url
The servers are attempted in the order listed. Should the first
server in the list be unavailable or fail, the next URL is tried.
Any number of backup servers may be specified.
The default is ldap://localhost:389.
tibems.ldap.user_base_dn
tibems.cache.enabled
Description
tibems.cache.instance
tibems.cache.user_ttl
tibems.ldap.user_filter
tibems.ldap.manager
tibems.ldap.manager_password
tibems.ldap.retries
322
| Chapter 10
Description
tibems.ldap.retry_delay
tibems.ldap.scope
onelevel
subtree
object
The attribute that is compared to the user name for the search.
The default is uid.
Implementation
The LDAP Group User Authentication module name is:
com.tibco.tibems.tibemsd.security.jaas.LDAPGroupUserAuthentication
The JAAS configuration file entry for this module should have an entry similar to:
EMSUserAuthentication {
com.tibco.tibems.tibemsd.security.jaas.LDAPGroupUserAuthentication required
tibems.ldap.url="ldap://ldapserver:389"
tibems.ldap.user_base_dn="ou=Marketing,dc=company,dc=com"
tibems.ldap.user_attribute="uid"
tibems.ldap.scope="subtree"
tibems.ldap.group_base_dn="ou=Groups,dc=company"
tibems.ldap.group_member_attribute="uniqueMember"
tibems.ldap.dynamic_group_base_dn="ou=Groups,dc=company"
tibems.ldap.dynamic_group_class="groupOfURLs"
tibems.ldap.dynamic_group_member_attribute="uid"
tibems.ldap.dynamic_group_filter="(objectClass=GroupOfURLs)"
tibems.cache.enabled=true
tibems.cache.user_ttl=600
tibems.ldap.manager="CN=Manager"
tibems.ldap.manager_password="password" ;
};
Parameters
In addition to all parameters available for the LDAP Authentication module,
which are described in Table 52, the following parameters are supported:
Table 53 JAAS Module Parameters LDAP Group User Authentication Module
Parameter
Description
tibems.ldap.group_attribute
tibems.ldap.group_base_dn
324
| Chapter 10
Description
tibems.ldap.group_filter
tibems.ldap.group_scope
tibems.ldap.dynamic_group_base_dn
tibems.ldap.dynamic_group_class
tibems.ldap.dynamic_group_attribute
Description
tibems.ldap.group_filter
tibems.ldap.group_scope
tibems.ldap.dynamic_group_base_dn
tibems.ldap.dynamic_group_class
tibems.ldap.dynamic_group_attribute
326
| Chapter 10
Description
tibems.ldap.dynamic_group_filter
When using
tibems.ldap.dynamic_group_search_dir
ect,
tibems.ldap.dynamic_group_member_url
tibems.ldap.dynamic_group_scope
Description
tibems.ldap.dynamic_group_search_direct
tibems.ldap.backlink_group_base_dn
tibems.ldap.backlink_group_attribute
328
| Chapter 10
Description
tibems.ldap.backlink_group_rdn
tibems.ldap.backlink_group_filter
tibems.ldap.backlink_group_scope
Authentication Process
When a client connects to the EMS server, this module compares the IP address
with the specified IP net/prefix list, if configured. If that is not successful, then the
hostname is compared with the list of hostnames or domain names. Should none
of the above succeed, authentication fails.
If hostname verification is configured, the module may do a DNS lookup. This
could impact performance.
Implementation
The Host Based Authentication module name is:
com.tibco.tibems.tibemsd.security.jaas.HostBasedAuthentication
The JAAS configuration file entry for this login module should have a section
similar to the following:
EMSUserAuthentication {
com.tibco.tibems.tibemsd.security.jaas.HostBasedAuthentication required
tibems.hostbased.accepted_hostnames="'production.*','.tibco.com"
tibems.hostbased.accepted_addresses"10.1.2.23, 10.100.0.0/16, 0:0:0:0:0:0:0:1"
};
330
| Chapter 10
Parameters
Table 54 JAAS Module Parameters Host Based Authentication Module
Parameter
Description
debug
When set to true, enables debug output for the module. Enabling this
parameter may aid in diagnosing configuration problems.
Warning: Enabling the debug flag may create security vulnerabilities
by revealing information in the log file.
The default setting is false.
tibems.hostbased.
accepted_hostnames
tibems.hostbased.
accepted_addresses
332
| Chapter 10
Notes
ldap_url
tibems.ldap.url
Exact
ldap_principal
tibems.ldap.manager
Exact
ldap_credential
tibems.ldap.manager_password
Exact
ldap_cache_enabled
tibems.cache.enabled
Exact
ldap_cache_ttl
tibems.cache.user_ttl
Exact
ldap_conn_type
tibems.ldap.url
See ldap_conn_type
below.
ldap_tls_cacert_file
tibems.ldap.truststore
ldap_tls_cacert_dir
tibems.ldap.truststore
ldap_tls_cipher_suite
N/A
ldap_tls_rand_file
N/A
ldap_tls_cert_file
tibems.ldap.truststore
ldap_tls_key_file
tibems.ldap.truststore
ldap_user_class
tibems.ldap.user_filter
334
| Chapter 10
Notes
ldap_user_attribute
tibems.ldap.user_attribute
Exact
ldap_user_base_dn
tibems.ldap.user_base_dn
Exact
ldap_user_scope
tibems.ldap.scope
Exact
ldap_user_filter
tibems.ldap.user_filter
See Filters.
ldap_group_base_dn
tibems.ldap.group_base_dn
Exact
ldap_group_scope
tibems.ldap.group_scope
Exact
ldap_group_filter
tibems.ldap.group_filter
See Filters.
ldap_all_groups_filter
N/A
See Filters.
ldap_static_group_class
tibems.ldap.group_filter
ldap_static_group_attribute
tibems.ldap.group_attribute
Exact
ldap_static_group_member_fil
tibems.ldap.group_filter
See Filters.
ldap_static_member_attribute
tibems.ldap.group_member_att
ribute
Exact
ldap_dynamic_group_class
tibems.ldap.dynamic_group_cl
ass
Exact
ldap_dynamic_group_attribute
tibems.ldap.dynamic_group_at
tribute
Exact
ldap_dynamic_member_url_attr
tibems.ldap.dynamic_group_me
mber_url
Exact
ter
ibute
ldap://
ldaps://
and
tibems.ldap.group_filter="(&({0}={1})(objectClass=groupofUniqueNam
es))"
Please refer to the filter documentation to map various identifiers. For example, in
converting the user filter, the EMS server LDAP parameter, %s maps to {1} in the
JAAS filter. Many group searches should work with a filter similar to:
(&{0}={1})(objectClass=<group class>)
However, dynamic groups do allow you to specify the class in order to mirror the
search algorithm used by the EMS server native LDAP functionality.
336
| Chapter 10
Dynamic Groups
Dynamic groups in LDAP should normally behave similarly to static groups in
LDAP. However, some LDAP implementations require a modified search
algorithm.
In order to perform this type of search with the JAAS modules, set the parameter:
tibems.ldap.dynamic_group_search_direct="true"
Example
This section provides a walkthrough converting an existing set of LDAP
parameters in the EMS server using the LDAP Group User Authentication login
module.
1. Set the jre_library parameter to enable the JVM.
For more information, see The JVM in the EMS Server on page 310.
2. Set the security_classpath.
For example:
security_classpath =
c:\tibco\ems\8.1\bin\tibemsd_jaas.jar;c:\tibco\ems\8.1\lib\tibj
msadmin.jar;c:\tibco\ems\8.1\lib\tibjms.jar;c:\tibco\ems\8.1\li
b\jms-2.0.jar
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
ldap://ldaphost:389
cn=Manager
$man$fPSdYgyVTQloUv36Km36AEOrARW
person
uid
"ou=People,dc=TIBCO"
subtree
"(&(uid=%s)(objectclass=person))"
"ou=Groups,dc=TIBCO"
subtree
"(&(cn=%s)(objectclass=groupOfUniqueNames))"
groupOfUniqueNames
cn
uniqueMember
FALSE
338
| Chapter 10
2. Enable debugging in the JAAS module itself, by setting the debug parameter
to true:
EMSUserAuthentication {
com.tibco.tibems.tibemsd.security.jaas.LDAPSimpleAuthentication required
debug="true"
tibems.ldap.url="ldap://ldapserver:389"
tibems.ldap.user_pattern="CN=%u"
};
Note that enabling the debug flag may create security vulnerabilities by revealing
information in the log file. This parameter should be enabled only for
troubleshooting purposes.
This will provide a list of parameters passed into LDAP, which is useful in
identifying any mistyped parameters or default values that need to be changed.
Verbose output is provided to help identify the problem.
When developing a custom JAAS module, it is possible for a runtime exception
inside a JAAS method to cause the JAAS module to fail. In those cases, catching
and printing exceptions to the default output stream provides valuable
information.
| 339
Chapter 11
This chapter describes how to configure the TIBCO Enterprise Message Service
server to store messages in a database. This chapter discusses only database
stores. For more information about file-based stores, see Store Messages in
Multiple Stores on page 31.
The optional database store feature requires the installation and use of Hibernate
Core for Java and associated jar files.
Topics
340
| Chapter 11
dbstore_classpath
dbstore_driver_name
dbstore_driver_dialect
jre_library
in stores.conf
342
| Chapter 11
Configuration in tibemsd.conf
These parameters are set in the tibemsd.conf configuration file.
dbstore_classpath
dbstore_classpath =
pathname
Includes all the JAR files required by the EMS server when employing the
database store feature. This parameter must be set when a store of type dbstore
has been created in the stores.conf file.
Required JAR files are determined by the installed Hibernate release, and are
documented in the _README.txt file that is located in the lib/ directory of the
Hibernate distribution. Many of these JAR files are version-specific, and the
required versions may change with new Hibernate releases. You should verify the
required version and modify the dbstore_classpath variable accordingly.
If you are using Hibernate release 3.2.5, for example, the dbstore_classpath
should include paths to the following JAR files:
hibernate3.jar
dom4j-1.6.1.jar
commons-collections-2.1.1.jar
commons-logging-1.0.4.jar
ehcache-1.2.3.jar
jta.jar
cglib-2.1.3.jar
antlr-2.7.6.jar
c3p0-0.9.1.jar
asm.jar
asm-attrs.jar
Database-specific driver JAR file. Supported jar files are listed in Database
Servers and Drivers in TIBCO Enterprise Message Service Installation.
name
dbstore_driver_dialect
dbstore_driver_dialect =
dialect
The SQL dialect is defined by Hibernate. For a list of databases and the associated
dialects, see the readme.txt file located in the Hibernate install directory archive.
Configuration in stores.conf
This section describes parameters configured for each database store in the
stores.conf file. The stores.conf includes definitions for both database and
file-based stores. For information about configuring file-based stores, see
stores.conf on page 262.
The format of the file is:
[store_name] # mandatory -- square brackets included.
type = dbstore
dbstore_driver_url = JDBCURL
dbstore_driver_username = username
dbstore_driver_password = password
[processor_id = processor-id]
344
| Chapter 11
Description
[store_name]
configuration.
Note that the square brackets [ ] DO NOT
indicate that the store_name is an option; they
must be included around the name.
type=dbstore
file
mstore
dbstore
dbstore_driver_username
Description
dbstore_driver_password
processor_id
346
| Chapter 11
For more information, see Configuration for the Oracle RAC Database below.
Example Using IBM DB2 Server
[$sys.meta]
type=dbstore
dbstore_driver_url=jdbc:db2://db2srv_1:50000/SYSMETA
dbstore_driver_username=admin
dbstore_driver_password=admin123
[$sys.failsafe]
type=dbstore
dbstore_driver_url=jdbc:db2://db2srv_1:50000/SYSFS
dbstore_driver_username=admin
dbstore_driver_password=admin123
348
| Chapter 11
Configure the global database store parameters for the EMS server. The
parameters that configure the global database store settings begin with
dbstore_. See Configuration in tibemsd.conf on page 342 for details about
these parameters.
Running the
Schema Export
Tool
The Schema Export Tool is invoked from the command line. The tool can be
invoked from its directory, or by giving the absolute path to the
tibems_util.jar file. For example:
On Windows
> java -jar
EMS_HOME\bin\tibemsd_util.jar options
Or
> java -jar c:\tibco\ems\8.1\bin\tibemsd_util.jar
options
On Unix
> java -jar
EMS_HOME/bin/tibemsd_util.jar options
Or
$ java -jar /opt/tibco/ems/8.1/bin/tibemsd_util.jar
options
This table shows the options that are used with the Schema Export Tool:
Table 57 EMS Schema Export Tool options
Option
-tibemsdconf
Description
pathname
350
| Chapter 11
Description
-export
-store
storename=create|update|drop
-createall
-dropall
-updateall
-help
Examples
The following examples show how the Schema Export Tool can be used to create
database schemas in various configurations.
Example 1
This example shows how the Schema Export Tool can be invoked from any
directory by giving the absolute path to the tibemsd_util.jar:
$ java -jar /opt/tibco/ems/8.1/bin/tibemsd_util.jar -help
Example 2
In this example, the Schema Export Tool creates and exports database schemas for
all the stores found in the stores.conf that is set in the specified
tibemsd-mssqlserver.conf file:
java -jar /opt/tibco/ems/8.1/bin/tibemsd_util.jar -tibemsdconf
/opt/tibco/ems/8.1/samples/config/tibemsd.conf -createall -export
Example 3
In this example, the Schema Export Tool exports the database schema for the
$sys.failsafe store to the database:
jar -jar /opt/tibco/ems/8.1/bin/tibemsd_util.jar -tibemsdconf
/opt/tibco/ems/8.1/samples/config/tibemsd.conf export store
\$sys.failsafe=create
Example 3
In this example, the Schema Export Tool writes the database schema for the
$sys.failsafe store to the file $sys.failsafe.ddl.log:
$ jaav -jar /opt/tibco/ems/8.1/bin/tibemsd_util.jar -tibemsdconf
/opt/tibco/ems/8.1/samples/config/tibemsd.conf exporttofile
store \$sys.failsafe=create
Example 4
In this example the Schema Export Tool creates and exports the database schema
for the store mystore1, but drops the schema associated with mystore2 and
exports the change:
java jar /opt/tibco/ems/8.1/bin/tibemsd_util.jar tibemsdconf
/opt/tibco/ems/8.1/samples/config/tibemsd.conf -store
mystore1=create -store mystore2=drop -export
352
| Chapter 11
| 353
Chapter 12
This chapter outlines how to develop EMS client applications in Java, C and C#.
Topics
354
| Chapter 12
JMS Specification
EMS implements the JMS 2.0 specification, which is backward compatible with
earlier versions of the specification.
While the old JMS 1.0.2b interfaces are still supported, newly developed
applications should use the JMS 2.0 or 1.1 interfaces instead. It is recommended to
avoid using 1.0.2b interfaces, in particular due to their lack of flexibility. With
these, an application initially written to work with topics has to be reworked if it
needs to use queues, whereas an application based on the 1.1 or 2.0 APIs relies on
a generic destination infrastructure that would not need to be altered
significantly.
To get a better understanding and illustration of how the various JMS objects
relate to each other, refer to the JMS Specification and to the samples client
applications provided with EMS.
The code examples in this chapter illustrate the use of the JMS 2.0 interface.
The JMS 2.0 specification introduces several new features, including delivery
delay, shared subscriptions, asynchronous sending and the Simplified API.
The Simplified API is offered in addition to the API originally provided with JMS
1.1, which is now called the Classic API. The Simplified API is less verbose than
the Classic API, and introduces several important new objects:
Methods in the Simplified API throw unchecked exceptions rather than checked
exceptions. For a sample showing the Simplified API in use, see the new Java
sample file called tibjmsJMSContextSendRecv.java. This sample file
demonstrates the Simplified API in the simplest possible way; for greater detail,
refer to the Java API Reference Pages.
356
| Chapter 12
Sample Clients
TIBCO Enterprise Message Service includes several sample client applications
that illustrate various features of EMS. You may wish to view these sample clients
when reading about the corresponding features in this manual.
The samples are included in the EMS_HOME/samples/java,
EMS_HOME/samples/c, and EMS_HOME/samples/cs subdirectories of the EMS
installation directory. Each subdirectory includes a README file that describes
how to compile and run the sample clients.
Chapter 4, Getting Started, on page 93 walks through the procedures for setting
up your EMS environment and running some of the sample clients.
Programmer Checklists
This section provides a checklist that outlines the steps for creating an EMS
application in each language:
Install the EMS software release, which automatically includes the EMS jar
files in the EMS_HOME/lib subdirectory.
Add the full pathnames for the following jar files to your CLASSPATH:
jms-2.0.jar
tibjms.jar
If SSL is used for communication, add the following file to the CLASSPATH:
tibcrypt.jar
Programs that use the unshared state failover API must add the following file
to the CLASSPATH:
tibjmsufo.jar
All jar files listed in this section are located in the lib subdirectory of the TIBCO
Enterprise Message Service installation directory.
To use Entrust with an EMS client, you must separately purchase and install the
Entrust libraries. If you use the Entrust libraries, you must include them in the
CLASSPATH before the JSSE JAR files. To use Entrust with JDK, you must
download the unlimited strength policy JAR files from Sun's website and install
them in your local installation of JDK. For installation and configuration details,
see Entrust documentation.
See Security Considerations on page 116 for a complete discussion of what is
needed for a secure deployment.
358
| Chapter 12
Code
Import the following packages into your EMS application:
import javax.jms.*;
import javax.naming.*;
Compile
Compile your EMS application with the javac compiler to generate a .class file.
For example:
javac MyApp.java
C Programmers Checklist
Developers of EMS C programs can use this checklist during the five phases of the
development cycle.
Install
Install the EMS software release, which automatically includes the EMS client
libraries, binaries, and header files in the EMS_HOME/lib subdirectory.
Code
Application programs must:
Programs that use the C administration API must also include the
emsadmin.h header file:
#include <tibems/emsadmin.h>
Programs that use the unshared state failover API must also include the
tibufo.h header file:
#include <tibems/tibufo.h>
Link with the appropriate EMS C library files; see Link These Library Files on
page 359.
UNIX If you use dynamic EMS libraries on a UNIX platform, the environment
variable $LD_LIBARY_PATH must include the EMS_HOME/lib directory
(which contains the shared library files). (On some UNIX platforms, this
variable is called $SHLIB_PATH or $SYLIB_LIBRARY_PATH).
All Platforms The application must be able to connect to a EMS server process
(tibemsd).
Link These Library Files
EMS C programs must link the appropriate library files. The following sections
describe which files to link for your operating system platform:
360
| Chapter 12
32-Bit UNIX
In 32-bit UNIX environments, both shared and static libraries are available. We
recommend shared libraries to ease forward migration.
Table 58 Linker Flags for 32-Bit UNIX
Linker Flag
Description
-ltibems
-lssl
-lcrypto
-lz
-ltibemslookup
-lldap
-lxml2
-llber
-ltibemsadmin
-ltibemsufo
64-Bit UNIX
In 64-bit UNIX environments, both shared and static libraries are available. We
recommend shared libraries to ease forward migration. In this release, 64-bit
libraries are available on HP-UX, Solaris, AIX and Linux (2.4 glibc 2.3) platforms.
To use 64-bit libraries, you must include TIBCO_HOME/ems/8.1/lib/64 in your
library path, and it must precede any other EMS directory in the library path.
Table 59 Linker Flags for 64-Bit UNIX (Sheet 1 of 2)
Linker Flag
Description
-ltibems64
-lssl
-lcrypto
-lz
Description
-ltibemslookup64
-lldap
-lxml2
-llber
-ltibemsadmin64
-ltibemsufo64
Microsoft Windows
For a list of Windows platforms that Release 8.1 supports, see the file readme.txt
in the installation directory. Both DLLs and static libraries are available. We
recommend DLLs to ease forward migration.
Table 60 Dynamic Library Files for Microsoft Windows
Library File
Description
tibemslookup.lib
libxml2.lib
liboldap32.lib
olber32.lib
libldap32_d.lib
liblber32_d.lib
tibemsadmin.lib
tibemsufo.lib
362
| Chapter 12
Description
libtibemslookup.lib
libxml2.lib
liboldap32.lib
olber32.lib
libldap32_d.lib
liblber32_d.lib
libtibemsadmin.lib
libtibemsufo.lib
OpenVMS
In OpenVMS environments, both shared and static libraries are available. We
recommend shared libraries to ease forward migration.
Table 62 Shareable Image Library Files for OpenVMS
Library File
Description
LIBTIBEMSSHR.EXE
LIBCRYPTOSHR.EXE
LIBSSLSHR.EXE
LIBZSHR.EXE
LIBTIBEMSADMINSHR.EXE
Description
LIBTIBEMS.OLB
LIBCRYPTO.OLB
LIBSSL.OLB
LIBZ.OLB
LIBTIBEMSADMIN.OLB
C# Programmers Checklist
Developers of EMS C# programs can use this checklist during the four phases of
the development cycle.
Install
Install the EMS software release, which automatically includes the EMS
assembly DLLs in the EMS_HOME\bin subdirectory.
364
| Chapter 12
Code
DLL
.NET API
TIBCO.EMS.dll
TIBCO.EMS.ADMIN.dll
TIBCO.EMS.UFO.dll
Compile
Run
The EMS assembly must be in the global assembly cache (this location is
preferred), or in the system path, or in the same directory as your program
executable.
Assembly Versioning
TIBCO Enterprise Message Service assembly DLLs are versioned using the format
1.0.release.version, where release is the EMS release number and version is an
arbitrary value. For example, the assembly version number for software release
8.0.0 is similar to 1.0.800.8.
Applications that use a release of EMS earlier than 6.0 do not use standard .NET
versioning. Prior to TIBCO Enterprise Message Service release 6.0.0, all EMS .NET
assemblies showed an assembly version number 1.0.0.0, which allowed client
applications to upgrade to the latest version of EMS without rebuilding.
This functionality is now available through the policy DLL files.
Table 65 shows the policy and configuration files for each EMS assembly.
Table 65 EMS Policy Files
Version
Files
.NET API
policy.1.0.TIBCO.EMS.dll
TIBCO.EMS.dll.config
policy.1.0.TIBCO.EMS.ADMIN.dll
TIBCO.EMS.ADMIN.dll.config
policy.1.0.TIBCO.EMS.UFO.dll
TIBCO.EMS.UFO.dll.config
Enabling Updates
To enable automatic updates for a library, add the appropriate policy file to the
global cache. Note that the related configuration file must be located in the
directory with the policy file in order to add the policy file to the global cache.
Disabling Automatic Upgrades
If you do not want your older applications to automatically move to the newer
version, do not include the policy DLL in the global cache. When the
policy.1.0.assembly file is absent, the client application is not upgraded.
Running Multiple Clients from Different EMS Releases
To deploy two or more applications that are built with different TIBCO Enterprise
Message Service releases:
1. Build clients using the different .NET client assemblies.
2. Include all desired versions of the .NET client assemblies in the global cache.
3. Do not include the policy DLL in the global cache.
TIBCO Enterprise Message Service Users Guide
366
| Chapter 12
.NET
Compression
Yes
SSL
Yes
Yes
and
Tibems.SetSocketSendBufferSize in the HTML reference)
Tibems.SetSocketReceiveBufferSize
Yes
Character Encoding
.NET programs represent strings within messages as byte arrays. Before sending
an outbound message, EMS programs translate strings to their byte
representation using an encoding, which the program specifies. Conversely, when
EMS programs receive inbound messages, they reconstruct strings from byte
arrays using the same encoding.
When a program specifies an encoding, it applies to all strings in message bodies
(names and values), and properties (names and values). It does not apply to
header names nor values. The method BytesMessage.WriteUTF always uses
UTF-8 as its encoding.
Outbound
Messages
Inbound
Messages
An inbound message from another EMS client explicitly announces its encoding.
A receiving client decodes the message using the proper encoding.
For more information about character encoding, see Character Encoding in
Messages on page 37.
368
| Chapter 12
Connection Factories
A client must connect to a running instance of the EMS server to perform any JMS
operations. A connection factory is an object that encapsulates the data used to
define a client connection to an EMS server. The minimum factory parameters are
the type of connection and the URL for the client connection to the EMS server.
A connection factory is either dynamically created by the application or obtained
from a data store by means of a naming service, such as a Java Naming and
Directory Interface (JNDI) server or a Lightweight Directory Access Protocol
(LDAP) server.
protocol://host:port
For a fault-tolerant connection, you can specify two or more URLs. For example:
serverUrl = tcp://server0:7222,tcp://server1:7344
See Configuring Clients for Shared State Failover Connections on page 541 for
more information. For details on using SSL for creating secure connections to the
server, see Configuring SSL in EMS Clients on page 508 and Creating Connection
Factories for Secure Connections on page 396.
Java
To dynamically create a TibjmsConnectionFactory object in a Java client:
ConnectionFactory factory = new
com.tibco.tibjms.TibjmsConnectionFactory(serverUrl);
370
| Chapter 12
The following examples establish a connection count of 10, a delay of 1000 ms and
a timeout of 1000 ms.
Java
Use the TibjmsConnectionFactory objects setConnAttemptCount(),
setConnAttemptDelay(), and setConnAttemptTimeout() methods to establish
new connection failure parameters:
factory.setConnAttemptCount(10);
factory.setConnAttemptDelay(1000);
factory.setConnAttemptTimeout(1000);
C
Use the tibemsConnectionFactory_SetConnectAttemptCount and
tibemsConnectionFactory_SetConnectAttemptDelay functions to establish
new connection failure parameters:
status = tibemsConnectionFactory_SetConnectAttemptCount(
factory, 10);
status = tibemsConnectionFactory_SetConnectAttemptDelay(
factory, 1000);
status = tibemsConnectionFactory_SetConnectAttemptTimeout(
factory, 1000);
C#
Use the ConnectionFactory.SetConnAttemptCount,
ConnectionFactory.SetConnAttemptDelay, and
ConnectionFactory.SetConnAttemptTimeout methods to establish new
connection failure parameters:
factory.setConnAttemptCount(10);
factory.setConnAttemptDelay(1000);
factory.setConnAttemptTimeout(1000);
372
| Chapter 12
C#
Use the ConnectionFactory.CreateConnection method to create a Connection
object:
Connection connection =
factory.CreateConnection(userName, password);
Creating a Session
A Session is a single-threaded context for producing or consuming messages. You
create Message Producers or Message Consumers using Session objects. A Session
can be transactional to enable a group of messages to be sent and received in a
single transaction. A non-transactional Session can define the acknowledge mode
of message objects received by the session. See Message Acknowledgement on
page 40 for details.
Java
Use the Connection objects createSession() method to create a Session
object.
For example, to create a Session that uses the default AUTO_ACKNOWLEDGE session
mode:
Session session = connection.createSession();
The EMS extended session modes, such as NO_ACKNOWLEDGE, require that you
include the com.tibco.tibjms.Tibjms constant when you specify the EMS
session mode. For example, to create a Session that uses the NO_ACKNOWLEDGE
session mode:
Session session = connection.createSession(
com.tibco.tibjms.Tibjms.NO_ACKNOWLEDGE);
374
| Chapter 12
C
Define an onException function to handle exceptions, use the
tibemsConnection_SetExceptionListener function to call onException when
an error is encountered, and call tibems_setExceptionOnFTSwitch to call the
exception handler after a fault-tolerant failover:
void onException(
tibemsConnection
conn,
tibems_status
reason,
void*
closure)
{
/* Handle exception */
}
.....
status = tibemsConnection_SetExceptionListener(
connection,
onException,
NULL);
tibems_setExceptionOnFTSwitch(TIBEMS_TRUE);
See the tibemsMsgConsumer.c sample client for a working example (without the
setExceptionOnFTSwitch call).
C#
Implement an IExceptionListener.OnException method, set the Connection
objects ExceptionListener property to register the exception listener, and call
Tibems.SetExceptionOnFTSwitch to call the exception handler after a
fault-tolerant failover:
public class csMsgConsumer : IExceptionListener
{
.....
public void OnException(EMSException e)
{
/* Handle exception */
}
.....
connection.ExceptionListener = this;
TIBCO.EMS.Tibems.SetExceptionOnFTSwitch(true);
.....
}
See the csMsgConsumer.cs sample client for a working example (without the
setExceptionOnFTSwitch call).
376
| Chapter 12
378
| Chapter 12
MessageProducer
Set the default length of time that a produced message should be retained by
the message system.
For example, as described in the Message Delivery Modes on page 26, you can set
the message deliver mode to either PERSISTENT, NON_PERSISTENT, or
RELIABLE_DELIVERY.
Java
Use the MessageProducer objects setDeliveryMode() method to configure
your Message Producer with a default delivery mode of RELIABLE_DELIVERY:
QueueSender.setDeliveryMode(
com.tibco.tibjms.Tibjms.RELIABLE_DELIVERY);
380
| Chapter 12
C#
Set the DeliveryMode on the MessageProducer object to RELIABLE_DELIVERY:
QueueSender.DeliveryMode = DeliveryMode.RELIABLE_DELIVERY;
382
| Chapter 12
{
/* Handle the send failure case for the message */
}
}
384
| Chapter 12
and cons2 are two shared consumers on the same subscription called
If a message is published to the topic, then one of those two
consumers will receive it. Note that shared consumers on a given subscription do
not have to use the same session/connection.
cons1
mySharedSub.
C
Use the tibemsSession_CreateConsumer function to create a message consumer
of type tibemsMsgConsumer:
tibemsMsgConsumer QueueReceiver = NULL;
status = tibemsSession_CreateConsumer(session,
&QueueReceiver, queue, NULL, TIBEMS_FALSE);
386
| Chapter 12
Java
Create an implementation of the MessageListener interface, create a
MessageConsumer, and use the MessageConsumer objects
setMessageListener() method to register the Message Listener with the
Message Consumer:
public class tibjmsAsyncMsgConsumer implements MessageListener
{
/* Create a connection, session and consumer */
...
MessageConsumer QueueReceiver =
session.createConsumer(queue);
QueueReceiver.setMessageListener(this);
connection.start();
}
status = tibemsSession_CreateConsumer(session,
&QueueReceiver, queue, NULL, TIBEMS_FALSE);
status = tibemsMsgConsumer_SetMsgListener(QueueReceiver,
onMessage, NULL);
status = tibemsConnection_Start(connection);
}
388
| Chapter 12
Creating Messages
As described in JMS Message Bodies on page 23, EMS works with the following
types of messages:
Text Messages
Map Messages
Bytes Messages
Stream Messages
Object Messages
390
| Chapter 12
C#
Use the Session.CreateTextMessage method to create text message of type
TextMessage:
TextMessage message = session.CreateTextMessage("Hello");
C
Use the tibemsMsg_SetBooleanProperty function to set the
JMS_TIBCO_PRESERVE_UNDELIVERED property to true:
status = tibemsMsg_SetBooleanProperty(message,
"JMS_TIBCO_PRESERVE_UNDELIVERED", true);
C#
Use the Message.SetBooleanProperty method to set the
JMS_TIBCO_PRESERVE_UNDELIVERED property to true:
message.SetBooleanProperty("JMS_TIBCO_PRESERVE_UNDELIVERED",
true);
Sending Messages
You can use the Message Producer client, described in Creating a Message
Producer on page 378, to send messages to a destination. You can either send a
message to the destination specified by the Message Producer or, if the Message
Producer specifies NULL as the destination, you can send a message to a specific
destination. In either case, you can optionally set the JMSDeliveryMode,
JMSExpiration, and JMSPriority message header fields described in JMS
Message Header Fields on page 19 when sending each message.
The following examples show different ways to send a text message in each
language:
Use a Message Producer with a NULL destination that sends the message to
the topic created in Dynamically Creating Topics and Queues on page 376.
send()
Use the form of the send() method with a completion listener argument to send a
message asynchronously:
QueueSender.send(message, completionListener);
392
| Chapter 12
C
Use the tibemsMsgProducer_Send function to send a message to the destination
specified by the tibemsMsgProducer:
status = tibemsMsgProducer_Send(QueueSender, message);
Receiving Messages
The Message Consumer created in Creating a Message Consumer on page 383
receives messages from a destination and acknowledges the receipt of messages
using the mode established for the session, as described in Creating a Session on
page 373.
Before receiving messages, the Message Consumer must start the connection to
the EMS server. Before exiting, the Message Consumer must close the connection.
The following examples start the connection created in Connecting to the EMS
Server on page 371; synchronously receive messages from the queue created in
Dynamically Creating Topics and Queues on page 376, and then close the
connection.
You can also implement a Message Listener for your Message Consumer to
asynchronously receive messages, as described in Creating a Message Listener for
Asynchronous Message Consumption on page 385.
Java
Use the Connection objects start() method to start the connection:
connection.start();
When the client has finished receiving messages, it uses the Close() method to
close the connection:
connection.close();
394
| Chapter 12
When the client has finished receiving messages, use the Connection.Close
function to close the connection:
connection.Close();
| 395
Chapter 13
The EMS server provides a implementation of JNDI that enables you to lookup
connection factories, topics and queues, which are collectively referred to as
administered objects. Java clients can look up administered objects stored in EMS
using standard JNDI calls. The C and C# APIs provide similar calls to look up
object data in the EMS server.
How to create topics and queues is described in Creating and Modifying
Destinations on page 75.
Topics
396
| Chapter 13
The connection factory data stored on the EMS server is located in the
factories.conf file. You can use the show factories command to list all of the
connection factories on your EMS server and the show factory command to
show the configuration details of a specific connection factory.
A connection factory may include optional properties for balancing server load
and establishing thresholds for attempted connections, as described in
Connection Factory Parameters on page 250. These properties can be specified
when creating the factory or modified for an existing factory using the addprop
factory, setprop factory, and removeprop factory commands.
For example, to set the maximum number of connection attempts for the
connection factory, myFactory, from the default value of 2 to 5, start the EMS
Administration Tool and enter:
addprop factory myFactory connect_attempt_count=5
To create a factory to set up a generic connection and check the server's certificate
to confirm the name of the server is myServer, enter (all one line):
create factory MySSLFactory generic url=ssl://7243
ssl_verify_host=enabled ssl_expected_hostname=myServer
ssl_trusted=certs/server_root.cert.pem
To create a factory to set up a topic connection, check the server's certificate (but
not the name inside the certificate), and to set the ssl_auth_only parameter so
that SSL is only used by the client when creating the connection, enter (all one
line):
create factory AnotherSSLFactory topic url=ssl://7243
ssl_verify_host=enabled ssl_verify_hostname=disabled
ssl_trusted=certs/server_root.cert.pem ssl_auth_only=enabled
Should server0 become unavailable, the client will connect to server1. See
Chapter 20, Fault Tolerance, on page 521 for details.
398
| Chapter 13
C
Create a tibemsLookupContext object for the initial context, which consists of the
JNDI provider URL and the username and password to authenticate the client to
the EMS server:
tibemsLookupContext* contextstatus = NULL;
status = tibemsLookupContext_Create(
&context,
"tibjmsnaming://localhost:7222",
"userName",
"password");
C#
Create a ILookupContext object for the initial context, which consists of the JNDI
provider URL and the username and password to authenticate the client to the
EMS server:
Hashtable env = new Hashtable();
env.Add(LookupContext.PROVIDER_URL,
"tibjmsnaming://localhost:7222");
env.Add(LookupContext.SECURITY_PRINCIPAL", "myUserName");
env.Add(LookupContext.SECURITY_CREDENTIALS", "myPassword");
LookupContextFactory factory = new LookupContextFactory();
400
| Chapter 13
When using full URL names, you can look up objects like the following example:
Topic sampleTopic = (javax.jms.Topic)jndiContext.lookup(
"tibjmsnaming://jmshost:7222/topic.sample");
Queue sampleQueue = (javax.jms.Queue)jndiContext.lookup(
"tibjmsnaming://jmshost:7222/queue.sample");
For further information on how to use full URL names, refer to the
tibjmsJNDIRead.java example located in the EMS_HOME/samples/java/JNDI
directory.
C
Create a tibemsSSLParams object and use the
tibemsSSLParams_SetIdentityFile function to establish the client identity by
means of a pkcs12 file. Use the tibemsLookupContext_CreateSSL function to
create a tibemsLookupContext object that uses an SSL connection for the initial
context.
tibemsLookupContext*
tibemsConnection_Factory
tibemsSSLParams
tibems_status
context
factory
sslParams
status
=
=
=
=
NULL;
NULL;
NULL;
TIBEMS_OK;
sslParams = tibemsSSLParams_Create();
402
| Chapter 13
status = tibemsSSLParams_SetIdentityFile(
ssl_params,
"client_identity.p12",
TIBEMS_SSL_ENCODING_AUTO);
status = tibemsLookupContext_CreateSSL(
&context,
"tibjmsnaming://localhost:7222",
"userName",
"password",
sslParams,
"pk_password");
C#
Create a ILookupContext object for the initial context over an SSL connection.
The SSL Store Info consists of a pkcs12 file that identifies the client and the clients
password, which are stored in an EMSSSLFileStoreInfo object.
string ssl_identity = client_identity.p12;
string ssl_target_hostname = "server";
string ssl_password = "password";
EMSSSLFileStoreInfo StoreInfo = new EMSSSLFileStoreInfo();
info.SetSSLClientIdentity(ssl_identity);
info.SetSSLPassword(ssl_password.ToCharArray());
Hashtable env = new Hashtable();
env.Add(LookupContext.PROVIDER_URL, "adc1.na.tibco.com:10636");
env.Add(LookupContext.SECURITY_PRINCIPAL", "myUserName");
env.Add(LookupContext.SECURITY_CREDENTIALS", "myPassword");
env.Add(LookupContext.SECURITY_PROTOCOL, "ssl");
env.Add(LookupContext.SSL_TARGET_HOST_NAME,
ssl_target_hostname);
env.Add(LookupContext.SSL_STORE_TYPE,
EMSSSLStoreType.EMSSSL_STORE_TYPE_FILE);
env.Add(LookupContext.SSL_STORE_INFO, StoreInfo);
Example
The following illustrates setting up the Context.PROVIDER_URL property with
the URLs of a primary EMS server on the machine named emshost and a
secondary EMS server on the machine named backuphost.
env.put(Context.PROVIDER_URL, "tibjmsnaming://jmshost:7222,
tibjmsnaming://backuphost:7222");
Assuming emshost starts out as active, if at any time it fails the JNDI provider
automatically switches to the EMS server on the host backuphost for JNDI
lookups. If emshost is repaired and restarted, it then becomes the standby EMS
server.
Limitations of Fault-Tolerant JNDI Lookups
Fault-tolerant JNDI lookups do not occur in the following scenarios:
404
| Chapter 13
| 405
Chapter 14
Using Multicast
Multicast is a messaging model that allows the EMS server to send messages to
multiple consumers simultaneously by broadcasting them over an existing
network. This chapter describes how to use and configure multicast in TIBCO
Enterprise Message Service.
Topics
406
| Chapter 14
Using Multicast
Overview of Multicast
Multicast is a messaging model that broadcasts messages to many consumers at
once, as opposed to sending copies of a message to each subscribing consumer
individually. TIBCO Enterprise Message Service uses Pragmatic General
Multicast (PGM) to broadcast messages published to multicast-enabled topics
over an existing network. Messages sent to topics that are not multicast-enabled
are delivered to the message consumer using TCP.
The server sends multicast messages over a multicast channel. Each
multicast-enabled topic is associated with a channel. The channel determines the
multicast port and multicast group address to which the server sends messages.
The multicast message is received by a multicast daemon running on the same
computer with the message consumer. When an EMS client subscribes to a
multicast-enabled topic, it automatically connects to the multicast daemon. The
multicast daemon begins listening on the channel associated with that topic,
receives any broadcast messages, and delivers them to subscribed clients.
Figure 18 shows the communication flow between a multicast message consumer,
EMS server, and multicast daemon.
Figure 18 Multicast message consumer creation
1
EMS Client
TIBCO EMS
Server
Message
Consumer
Multicast
Daemon
tibemsmcd
5
Legend
TCP Connection
Multicast Broadcast
Multicast Messages
408
| Chapter 14
Using Multicast
Point-to-Point Messaging
Multicast Messaging
Message Producer
Message Producer
EMS Server
EMS Server
Client A
tibemsmcd
Clients A, B, C
Client C
Client B
Network Resources
Client A
30%
Client B
30%
Client C
30%
Network Resources
All Clients
A, B, C
30%
70% unused
10% unused
Although multicast can reduce the network resources used by the server, it is not
the best messaging model for every system. Multicast offers last-hop delivery
only; it cannot be used to send messages between servers. However, messages
sent to multicast-enabled topics are still delivered to other subscribed servers
using the standard TCP connection.
Multicast does not guarantee message delivery. Messages requiring a high degree
of reliability should not use multicast.
The multicast daemon and message consumer always reside on the same
machine, and PGM is used to deliver the broadcast message from EMS server to
the daemon. Because there is no security on PGM, multicast should not be used in
applications where security is a priority.
Requirements
In order to use multicast in your EMS messaging application, the following
requirements must be met:
Backwards Compatibility
Multicast is backwards compatible, and can be used in applications where not all
EMS clients are using the same version of TIBCO Enterprise Message Service. The
EMS sever and any clients that wish to receive messages over multicast must be
Software Release 5.0 or later.
Multicast is configured primarily in the EMS server, and is largely invisible to
EMS clients. Message producers do not need to be enabled for multicast in order
to send multicast messages, because topics are multicast-enabled in the server.
However, clients are multicast-enabled by default.
Clients that are not multicast-enabled, either because multicast has been disabled
or because the client uses a release of EMS earlier than 5.0, will receive messages
from the server over the TCP connection, even if the message topic is
multicast-enabled.
410
| Chapter 14
Using Multicast
Configuring Multicast
Multicast is configured in the EMS server configuration files. Configuration is a
simple three-step process:
1. Enable multicast in the EMS server.
Enable the multicast parameter in the tibemsd.conf file. Optional multicast
parameters allow you to control other settings, such as the default multicast
daemon port and the maximum amount of multicast traffic allowed. See
Multicast Parameters on page 220 for more information.
2. Create multicast channels.
Create named channels in the channels.conf file. See channels.conf on
page 246 for more information about the channels configuration file.
3. Associate topics with channels.
In the topics.conf configuration file, add the channel property to the
definitions of those topics you wish to be multicast. See channel on page 59
for more information about the channel property. Note that a topic can be
associated with only one multicast channel.
addprop topic adds the channel property to a topic. For example, this sets
the channel property for the topic foo.bar to mychannel:
addprop topic foo.bar channel=mychannel
However, although this enables the topic foo.bar for multicast, current
subscribers to the topic will continue to receive messages over TCP. An
existing message consumer will not receive messages sent to foo.bar over
multicast until the consumer has been stopped and restarted.
setprop topic
This command also enables the topic for multicast, but does not cause existing
topic subscribers to receive messages over multicast. Only messages
consumers that are created after the channel property is set will receive
multicast messages.
removeprop topic removes the channel property from the topic. Current
multicast subscribers will begin to receive messages sent to the topic over
TCP.
topic
topic,
or setprop
topic.
If the channel assigned to a topic changes, current subscribers to the topic will not
receive messages until they have resubscribed to the topic. The server will not
send messages to the client over TCP if there is another channel assigned to the
topic.
In general, we recommend changing channels only when subscribers are stopped.
412
| Chapter 14
Using Multicast
Description
interface
-help
or -h
-logfile
file
-logfile-max-size
Specify the maximum size that the trace message log file
may reach before rotation. By default, log files have no
size limit and so do not rotate.
Zero is a special value, which specifies no maximum size.
Otherwise, the value you specify must be greater than or
equal to 64KB.
Description
-listen [ip-address:]tcp-port
Note that if the default TCP port that the daemon listens
on is changed, then the client must be directed to attempt
a connection to the daemon on the same TCP port. To
change the port that the client uses, set the
multicast_daemon_default parameter in the
tibemsd.conf file.
-trace
-max-msg-memory
-max-loss-rate
size[MB|KB]
percentage
-no-console-trace
414
| Chapter 14
Using Multicast
Running Multicast
For an example of multicast messaging, see Multicast Messaging Example on
page 104
416
| Chapter 14
Using Multicast
Monitoring
The server publishes messages to two monitoring topics specifically related to
multicast. These topics are $sys.monitor.multicast.status and
$sys.monitor.multicast.stats.
The server publishes monitoring messages to the topic
These messages contain information about
the status of a multicast consumer and the multicast daemon to which it is
connected. This information includes when a consumer has successfully joined a
multicast group and when a consumer experiences an error, such as
unrecoverable loss in its multicast daemon. By monitoring multicast errors you
can detect which consumers are experiencing problems, allowing you to take
corrective action.
$sys.monitor.multicast.status.
Statistics
The servers multicast channel statistics can be viewed using the administration
API or the administration command line tool. Multicast channel statistics include:
See Working with Server Statistics on page 496 for more information on statistics.
TIBCO Enterprise Message Service Users Guide
| 417
Chapter 15
Topics
418
| Chapter 15
Deployment Considerations
Ensuring a proper multicast deployment takes some forethought, more than a
traditional unicast deployment. This section discusses some subjects to consider
before deploying TIBCO Enterprise Message Service with multicast.
Issues in multicast deployment can be separated into three areas: ensuring
multicast connectivity, restricting multicast traffic, and managing bandwidth.
These can be represented with three basic questions:
1. Can multicast traffic go to all hosts where it is wanted? See Connectivity on
page 418.
2. Will multicast traffic go to any hosts where it is unwanted? See Restricting
Multicast Traffic on page 420.
3. How will unicast and multicast traffic share the available network
bandwidth? See Managing Bandwidth on page 420.
Connectivity
Like unicast applications, multicast applications require that the network layer
provide a path for multicast data to flow from senders to receivers. However,
routers and switches may require additional configuration for multicast use and
tuning. The first step in ensuring and limiting connectivity is defining channels,
and assigning multicast group addresses these channels.
Multicast Addresses
Each multicast channel, defined in the channels.conf configuration file, is
assigned a multicast address. TIBCO Enterprise Message Service allows you to
assign any valid multicast address, in the class D address range, 224.0.0.0 through
239.255.255.255. However, in order to avoid a conflict, please refer to the Internet
Assigned Numbers Authority (IANA) list of reserved addresses to avoid a
conflict:
http://www.iana.org/assignments/multicast-addresses
When assigning addresses to your channels, keep these additional considerations
in mind:
Multicast addresses 224.0.1.78 and 224.0.1.79 are reserved by TIBCO EMS for
internal use. These addresses should not be used, as TIBCO multicast traffic
may be encountered there.
block, and IANA will never reserve these. They can be freely used within your
enterprise without worry of any external conflict.
Defining Channels
TIBCO Enterprise Message Service does not restrict the number of channels that
you can configure and use in the EMS server or the multicast daemon. However,
the number of IP multicast group addresses that can be joined by any one host at
one time may be constrained by outside factors. Often, the number is limited by
the NIC, and typically this limitation is not specified in the NIC documentation.
Experimentation is often the only way to determine what the limit is for a specific
NIC and OS. With some NICs, joining too many groups will set the card to
"promiscuous mode" which will adversely affect performance.
It is also important to note that, because a channel represents both an IP multicast
group address and a destination port, there is not necessarily a one-to-one
correlation between a channel and multicast group.
A group is joined when a multicast daemon listens to an IP multicast group
address. Because a channel represents both an IP multicast group address and a
destination port, there is not necessarily a one-to-one correlation between a
channel and multicast group. For example, if you have 10 multicast channels all
using the same multicast group address but different ports, then a multicast
daemon will join at most one group. However, if the 10 multicast channels are all
using different multicast group addresses, then a multicast daemon may join up
to 10 groups.
The multicast IP address and port combinations that you choose should only be
used with TIBCO EMS. While the TIBCO Multicast Daemon can filter out corrupt
network data, receiving data packets that are not specific to EMS can yield
unpredictable results, which could destabilize your network.
420
| Chapter 15
Managing Bandwidth
This section discusses bandwidth considerations that are specific to multicast
deployments. There are three main aspects to bandwidth:
422
| Chapter 15
You can think of the bandwidth rate specified for a channel as a delivery promise
that the network layer makes to EMS. If the network layer breaks that promise,
EMS multicast throughput falls to a rate substantially below what the network
can actually deliver.
Dividing Bandwidth Among Channels
Ideally, a deployment within a set of routed subnets, or VLAN, should have hosts
with heterogeneous interfaces of homogeneous speed. Deployments that do not
adhere to this are not recommended, because loss can be introduced if the
receiving interfaces are slower than the link and sending interface. This happens
because the slower interfaces cannot handle bursts of data on a faster network.
Also, we do not recommend that you use EMS multicast over WAN links.
Following these recommendations will help minimize data loss due to bandwidth
inconsistencies:
For example, if you have a number of clients with 100Mb NIC cards and others
with 1Gb NIC cards, the recommended architecture is to send from a 100Mb NIC
to the slower receivers and a 1Gb NIC to the faster receivers. You can accomplish
this by configuring two multicast channels, one for the faster-speed senders and
receivers, and one for the slower senders and receivers.
Alternatively, you can configure one channel and limit the bandwidth to the
slowest receiver, or 100Mb. However, the best solution is to use a multi-homed
machine, separate the applications by defining different channels for two
interfaces, then allowing each channel to operate at its optimum speed.
For example, these two channel configurations are optimized for 100Mb NIC card
and a 1Gb NIC card:
--- channels.conf ---[channel_100mb]
address = 239.1.1.1:10
maxrate = 7MB
interface=10.99.99.99
[channel_1Gb]
Address = 239.1.1.2:10
maxrate = 95MB
interface=10.99.99.100
424
| Chapter 15
This example assumes that multicast connectivity exists and available bandwidth
on the network is known. While not every aspect of a multicast deployment is
covered in this example, it does illustrate the general thought process applied to
multicast deployment.
High Speed
Publisher
Low Speed
Publisher
PGM 1Gb
PGM 100Mb
Note that two separate channels using different interfaces are to be configured at
the server, allowing the server to simultaneously multicast on a high speed
Gigabit network and a slower 100Mb network.
426
| Chapter 15
When you have completed your channel configuration, the channels.conf file
should contain the following lines:
[mcast-1Gb]
address=239.1.1.1:10
interface=10.99.99.99
maxrate=112MB
[mcast-100Mb]
address=239.1.1.2:10
interface=10.99.99.100
maxrate=8MB
428
| Chapter 15
Estimating the
Maxrate
In this example, we have set the maxrate properties using arbitrary network
usage numbers to arrive at an estimate of network capacity. The process used to
estimate the maxrate can be described as follows:
First find your average network usage, not including expected multicast data.
This assumes metric data rate measurement.
For the 1Gb network, let us assume about 10% usage, so 900Mb is available.
From here, calculate the available bytes per second for your network:
70Mb
These initial rates are for testing purposes, and these will be modified later to
maximize performance. Remember the cardinal rule with multicast performance
is that sometimes you have to slow down to speed up. A rate that is too high will
induce loss, which in turn causes messages to be resent, slowing the actual rate to
something far below what your network is capable of.
This example uses only one channel per network. If your architecture has
multiple multicast groups (channels with different address properties), remember
to include all channels on the network in your maximum bandwidth calculations.
This may require some balancing of data rates across channels.
Configure Multicast Topics
After the channels are defined, you must set the channel properties for topics so
the server will send messages using multicast to multicast-enabled consumers
subscribed to the topics. The channel property is set in the topics.conf
configuration file.
In this example, we use two topics, feed-1Gb and feed-100Mb. These topic names
are arbitrary; the key is assigning the correct channels to the topics.
Sample
topics.conf
feed-1Gb channel=mcast-1Gb
feed-100Mb channel=mcast-100Mb
A multicast daemon must be running on the same computer as the client. See
Starting the Multicast Daemon on page 415.
TIBCO Software also highly suggests that applications take advantage of the
multicast exception listener to be notified of multicast related events, errors, and
warnings. This is accomplished in two simple steps, illustrated in java code
below:
1. First, create a class that implements TibjmsMulticastExceptionListener.
class MulticastExceptionHandler implements
com.tibco.tibjms.TibjmsMulticastExceptionListener
{
public void onMulticastException(Connection connection,
Session session,
MessageConsumer consumer,
JMSException e)
{
System.out.println(e.getMessage());
}
}
2. Next, set the multicast exception listener. Ideally, this will be done before you
create a consumer of a multicast enabled topic.
com.tibco.tibjms.Tibjms.setMulticastExceptionListener(new
MulticastExceptionHandler());
To set up a multicast exception listener using the C API, see the TIBCO Enterprise
Message Service C & COBOL API Reference.
To set up a multicast exception listener using the .NET API, see the TIBCO
Enterprise Message Service .NET API Reference, available through the HTML
documentation interface.
430
| Chapter 15
serverURL
or
> java tibjmsPerfMaster -topic feed-100Mb -channel mcast-100Mb
-ackmode NO -time 30 -size 100
If flow control is and FLOW tracing are enabled, you should see the following
as well:
2008-11-13 17:11:57.781 Flow control engaged on topic
'feed-100Mb'
....
When flow control is enabled, this simply means that the server is pushing
back on the publisher to slow down to the rate defined by the multicast
channel.
When the trace messages indicate that multicast channels have exceeded their
bandwidth, this indicates that the channel maxrate is too lowyour publisher is
publishing faster than the channels maxrate allows. On the other hand, when the
maxrate is too high, you will see errors indicating that loss is detected.
Depending on what the trace messages show, try adjusting the maximum rate of
the channel (the maxrate property) up or down, and repeat this test.
Evaluate Multicast Receiver Applications
One key to a successful multicast deployment is ensuring that the EMS server
does not overrun your applications with data. This frequently this means setting
the delivery rates (the channel's maxrate property) to a rate below what your
network and EMS alone can handle.
The channels maximum delivery rate, or maxrate, should not exceed the rate at
which the slowest message consumer can consume incoming messages.
Determining the maximum message rate that your slowest application can handle
reduces the time spent during trial and error testing. If your applications can
process data faster than the network can deliver it, you will have already
determined the maximum rate from determining your network capabilities.
Largely, determining the maximum speed at which the slowest application can
process incoming data is a trial and error process. It is often useful to
programmatically determine an application's maximum rate of consumption. The
multicast daemon buffers messages for slower applications, but this increases the
latency of data and memory usage of the multicast daemon, and is not considered
a sustainable condition.
If a multicast-enabled consumer is expected to fall behind at times and can sustain
loss, you can account for this using the maxbytes and maxmsgs properties for
topics. See Destination Properties on page 58 for details about these properties.
432
| Chapter 15
However, operating system tuning for multicast falls outside of the scope of this
document. The TIBCO Professional Services Group can provide assistance with
advanced tuning specific for TIBCO Enterprise Message Service, and there are
many resources on the internet for general tuning of operating systems
concerning network performance.
Development and Production Environments
Configuring multicast is specific to a particular network, and your configuration
must account for traffic patterns and characteristics of nodes that are unique to
your network. Consequently, the tuning parameters applied to a development
environment may not be optimum in a production environment, and the reverse
is also true. When migrating from one environment to another, it is important to
remember that although the application and EMS architecture pattern may be
identical, the network and application capabilities will need to be reevaluated
through the repetition of the steps described in this section. Topic and channel
definition names should remain the same, but rate, interface, and timeout
parameters for multicast must be reevaluated.
The channel properties that should be reevaluated upon deployment include:
maxrate
ttl
interface
on page 247
on page 247
on page 248
Different equipment may solve the same problem in different ways. For
example, some switches use IGMP snooping while others use CGMP.
Troubleshooting Tips
This section give some troubleshooting tips to help you respond to difficulties
you may experience with your multicast deployment.
General Tips
If you are experiencing problems with your deployment, begin with these
practices:
The "bottom-up" approach generally seems best. That is, get the lowest layers
of the network stack working first.
Begin with the EMS server and trace your way through each switch and
router to all receivers. Try moving your receiving application to the same hub
as the server (not a switch or a router), and confirm that you have multicast
connectivity. Once that works, move on to more complicated multicast
networks.
434
| Chapter 15
Connectivity
EMS will detect multicast connectivity issues; it may take up to 64 seconds to
detect a connectivity problem. These suggestions can help resolve issues with
connectivity:
Verify that the network has good unicast connectivity between the sender and
all receivers before tackling multicast connectivity problems.
Verify that address scoping at the router is not preventing multicast packets
from being forwarded.
Test your multicast application without enabling multicast in the EMS server
to determine if a more general topic or application configuration issue is
preventing message reception. For example, a consumer that is consuming on
the wrong topic.
Ensure that you are using the proper interface(s) in the server and the
multicast daemon. On a multi-homed host, it is possible that the default
interface cannot receive multicast data from the server.
Ensure that the channel's ttl is large enough for data to cross all of your
switches and routers.
Data Loss
These suggestions can help if you are experiencing data loss:
Enable and check statistics to see if data is being delivered and whether
excessive loss is encountered. If loss is detected, decreasing the multicast
channel's maxrate property may alleviate the situation.
Make sure that multicast streams are being generated with a time to live that
is long enough for messages to reach their destination using the
longest-possible path through the network.
If you see increased loss as multicast rates go up, look for routers or switches
that might be configured to limit the broadcast rate. These generally limit the
multicast rate too. For example, Cisco Catalyst 5000 series switches can be
configured to limit the packet per second or percentage of
broadcast/multicast traffic with the set port broadcast command.
When the multicast daemon detects excessive loss, the multicast connection
exception IO Failed is generated in the application. Usually, this means that
the server is sending too fast, and maxrate for the channel needs to be
decreased. The multicast daemon will report an error, similar to the following:
2007-10-02 16:45:09.551 Multicast error: channel='mcast', Loss
Detected, status=IO failed
You will also notice in the multicast statistics that the particular channel's
rcv_losses are growing.
436
| Chapter 15
Server Errors
In General, server errors are self-descriptive. It is important to note that client
errors may be returned to the server to be logged, providing a centralized place to
look for multicast errors. However, these errors do not include minor loss on a
particular client, or loss of messages from a client failover.
| 437
Chapter 16
Topics
| Chapter 16
Overview
TIBCO Enterprise Message Service (release 4 and later) can exchange messages
with TIBCO Rendezvous (release 6.9 and later).
Scope
EMS can import and export messages to an external system through an EMS
topic.
EMS can import messages from an external system to an EMS queue (but
queues cannot export).
EMS Topic
EMS Destination
(Topic or Queue)
Translation
tibrv
Transport
Translation
tibrv
Transport
Export
Import
TIBCO Rendezvous
438
Message Translation
EMS and Rendezvous use different formats for messages and their data. When
tibemsd imports or exports a messages, it translates the message and its data to
the appropriate format; for details, see Message Translation on page 453.
Configuration
uses definitions and parameters in four configuration files to guide the
exchange of messages with Rendezvous.
tibemsd
Enabling
Overview 439
Transports
Destinations
export instructs tibemsd to take messages that arrive on the EMS destination,
440
| Chapter 16
How Rendezvous
Messages are
Imported
The EMS server connects to the Rendezvous daemon as any other Rendezvous
client would. Messages received from the Rendezvous daemon are stored in
Rendezvous queues, then are dispatched to callbacks. The EMS server creates JMS
message copies of the Rendezvous messages, and begins processing them as EMS
messages. Transports determine how messages are imported.
Rendezvous messages that are imported through a transport are held in queues
specific to that transport. Each transports is associated with a different
Rendezvous queue, which holds as many Rendezvous messages as necessary. The
number of pending messages in the queue will grow if the rate of incoming
Rendezvous messages is greater than the rate at which the EMS server is able to
process the corresponding EMS messages.
Depending on the import delivery mode defined for the transport, the EMS
messages will be persisted on disk, which increases the likelihood of backlog in
the Rendezvous queues, and which in turn results in a EMS process memory
growth. This memory growth is not accounted for in any of the EMS server
statistics.
Queue Limit
Policies
Rendezvous certified messages are not lost, but the message flow is interrupted.
The redelivery of the missed messages is handled automatically by the
Rendezvous libraries, and can not be controlled by the EMS server.
Reaching a queue limit also generates a Rendezvous advisory that is logged (see
RVADV log and console trace in the TIBCO Rendezvous documentation),
indicating which transport reached its queue limit. This advisory goes into an
independent, non limited, Rendezvous queue. If lots of advisories are generated,
this internal queue may also grow, signalling that the limit policy is not
appropriate for your environment.
Take care when setting a queue limit policy. In a controlled environment where
the risk of Rendezvous producers overwhelming the EMS server is low, there is
no need to set a queue limit policy.
Transport Definitions
contains zero or more transport definitions. Each definition
begins with the name of a transport, surrounded by square brackets. Subsequent
lines set the parameters of the transport.
transports.conf
Description
type
Rendezvous Parameters
Use these properties for either tibrv or tibrvcm transports.
The syntax and semantics of these parameters are identical to the corresponding parameters in
Rendezvous clients. For full details, see the Rendezvous documentation set.
service
network
442
| Chapter 16
Description
daemon
rv_tport
ledger_file
sync_ledger
request_old
default_ttl
This parameter sets default CM time limit (in seconds) for all
CM messages exported on this transport.
explicit_config_only
Description
EMS Parameters
Use these properties for either tibrv or tibrvcm transports.
topic_import_dm
queue_import_dm
export_properties
444
| Chapter 16
Description
rv_queue_policy
Set the queue limit policy for the Rendezvous queue used by
the transport to hold incoming Rendezvous messages. This
parameter has three parts:
policy:max_msgs:qty_discard
TIBRVQUEUE_DISCARD_NONE
TIBRVQUEUE_DISCARD_FIRST
TIBRVQUEUE_DISCARD_LAST
Example
These examples from transports.conf illustrate the syntax of transport
definitions.
[RV01]
type = tibrv
topic_import_dm = TIBEMS_RELIABLE
queue_import_dm = TIBEMS_PERSISTENT
service = 7780
network = lan0
daemon = tcp:host5:7885
[RV02]
type = tibrv
service = 7890
network = lan0
daemon = tcp:host5:7995
temp_destination_timeout = 60
[RVCM01]
type = tibrvcm
export_headers = true
export_properties = true
rv_tport = RV02
cm_name = RVCMTrans1
ledger_file = ledgerFile.store
sync_ledger = true
request_old = true
default_ttl = 600
In the following two examples, RVCM03 is an RVCM transport which does not
define a queue limit policy, but references the RV transport RV03, which does have
a queue limit policy. If Rendezvous messages are published to a subject that in
EMS has the destination property import=RVCM03, no Rendezvous message will
ever be discarded because each transport uses its own queue. Only messages that
are imported directly through the RV03 transport will potentially be discarded,
should the queue limit of 10000 messages be reached.
[RV03]
type = tibrv
service = 7890
network = lan0
daemon = tcp:host5:7995
rv_queue_policy = TIBRVQUEUE_DISCARD_LAST:10000:100
[RVCM03]
type = tibrvcm
rv_tport = RV03
cm_name = RVCMTrans2
ledger_file = ledgerFile2.store
sync_ledger = true
request_old = true
default_ttl = 600
446
| Chapter 16
Topics
Topics can both export and import messages. Accordingly, you can configure
topic definitions (in the configuration file topics.conf) with import and export
properties that specify one or more external transports:
import
export
export instructs tibemsd to take messages that arrive on the EMS destination,
topics.conf
Example
Wildcards
Wildcards in the import and export properties obey EMS syntax and semantics
(which is identical to Rendezvous syntax and semantics); see Destination Name
Syntax and Semantics on page 468.
TIBCO Enterprise Message Service Users Guide
Topics 447
Certified Messages
You can import and export TIBCO Rendezvous certified messages (tibrvcm
transport) to EMS topics. Rendezvous certified transports guarantee message
delivery.
RVCM Ledger
tibrvcm transports can store information about subjects in a ledger file. You can
review the ledger file using an administration tool command; see show
rvcmtransportledger on page 169).
For more information about ledger files, see TIBCO Rendezvous documentation.
Subject Collisions
Subscribers to destinations that import from RVCM transports are subject to the
same restrictions that direct RVCM listeners. These restrictions are described in
the TIBCO Rendezvous documentation, and include subject collisions.
When importing messages from RV, the EMS server creates RVCM listeners using
a single name for each transport. This can result in subject collisions if the
corresponding EMS subscribers have overlapping topics.
448
| Chapter 16
Queues
Queues can import messages, but cannot export them.
Configuration
You can configure queue definitions (in the configuration file queues.conf) with
the import property that specify one or more external transports.
Wildcards
Wildcards in the import property obey EMS syntax and semantics (not
Rendezvous syntax and semantics); see Destination NameSyntax and
Semantics on page 468.
EMS clients cannot subscribe to wildcard queueshowever, you can define
wildcards queues in the EMS server for the purpose of property inheritance. That
is, you can configure a static queue named foo.* and set properties on it, so that
child queues named foo.bar and foo.baz will both inherit those properties.
Queues 449
If you define a queue that imports foo.*, tibemsd begins importing all matching
messages from Rendezvous. As messages arrive, tibemsd creates dynamic child
queues (for example, foo.bar and foo.baz) and delivers the messages to them.
Notices that tibemsd delivers messages to these dynamic child queues even
when no consumers exist to drain them.
450
| Chapter 16
Import Issues
This section presents issues associated with importing messages to EMS from
Rendezvouswhether on a topic or a queue.
Field Identifiers
When importing and translating Rendezvous messages, tibemsd is only able to
process standard message field types that are identified by name in the
Rendezvous program application. Custom fields and fields identified using a
field identifier cannot be imported to EMS.
JMSDestination
When tibemsd imports and translates a Rendezvous message, it sets the
JMSDestination field of the EMS message to the value of the Rendezvous
subject. Therefore, imported destination names must be unique. When a topic and
a queue share the same name, at most one of them may set the import property.
For example, if a topic foo.bar and a queue foo.bar are both defined, only one
may specify the import property.
JMSReplyTo
When tibemsd imports and translates a Rendezvous message, it sets the
JMSReplyTo field of the EMS message to the value of the Rendezvous reply
subject, so that EMS clients can reply to the message.
Usually this value represents a Rendezvous subject. You must explicitly configure
tibemsd to create a topic with a corresponding name, which exports messages to
Rendezvous.
JMSExpiration
When tibemsd imports and translates a Rendezvous certified message, it sets the
JMSExpiration field of the EMS message to the time limit of the certified
message.
If the message time limited is exceeded, the sender program no longer certifies
delivery.
Note that if the expiration property is set for a destination, it will override the
JMSExpiration value set by the message producer.
Guaranteed Delivery
For full end-to-end certified delivery from Rendezvous to EMS, all three of these
conditions must be true:
Either a durable queue or a subscriber for the EMS topic must exist.
452
| Chapter 16
Export Issues
This section presents issues associated with exporting messages from EMS to
Rendezvous.
JMSReplyTo
Topics
Temporary Topics
Consider an EMS message in which the field JMSReplyTo contains a topic. When
exporting such a message to Rendezvous, you must explicitly configure tibemsd
to import replies from Rendezvous to that reply topic.
Consider an EMS message in which the field JMSReplyTo contains a temporary
topic. When tibemsd exports such a message to Rendezvous, it automatically
arranges to import replies to that temporary topic from Rendezvous; you do not
need to configure it explicitly.
Certified Messages
RVCM
Registration
When an RVCM listener receives its first labeled message, it registers to receive
subsequent messages as certified messages. Until the registration is complete, it
receives labeled messages as reliable messages. When exporting messages on a
tibrvcm transport, we recommend either of two actions to ensure certified
delivery for all exported messages:
Create the RVCM listener before sending any messages from EMS clients.
Pre-register an RVCM listener, either with the administration tool (see create
on page 134), or in the configuration file tibrvcm.conf (see
tibrvcm.conf on page 266).
rvcmlistener
Guaranteed Delivery
For full end-to-end certified delivery to Rendezvous from EMS, the following
condition must be true:
Message Translation
JMS header JMSTimestamp corresponds to the time when the message was
created. If this header field is not present, when the tibemsd receives the
message it sets theJMSTimestamp to the current time.
Import
Export
You can instruct tibemsd to suppress the entire header submessage in all
exported messages by setting the transport property export_headers =
false.
Table 69 presents the mapping of JMS header fields to Rendezvous data types
(that is, the type of the corresponding field in the exported message).
Table 69 Rendezvous: Mapping JMS Header Fields to RV Datatypes (Sheet 1 of 2)
JMS Header Name
Rendezvous Type
JMSDeliveryMode
TIBRVMSG_U8
JMSDeliveryTime
TIBRVMSG_U64
JMSPriority
TIBRVMSG_U8
454
| Chapter 16
Rendezvous Type
JMSTimestamp
TIBRVMSG_U64
JMSExpiration
TIBRVMSG_U64
JMSType
TIBRVMSG_STRING
JMSMessageID
TIBRVMSG_STRING
JMSCorrelationID
TIBRVMSG_STRING
JMSRedelivered
TIBRVMSG_BOOL
JMSDestination
send
JMSReplyTo
reply
Import RVCM
JMS_TIBCO_IMPORTED gets the value true, to indicate that the message did
not originate from an EMS client.
JMS_TIBCO_MSG_EXT gets the value true, to indicate that the message might
contain submessage fields or array fields.
In addition to the two fields described above, when tibemsd imports a certified
message on a tibrvcm transport, it can also set these properties (if the
corresponding information is set in the Rendezvous message):
Table 70 Rendezvous Mapping Message Properties
Property
Description
JMS_TIBCO_CM_PUBLISHER
JMS_TIBCO_CM_SEQUENCE
Export
Message Body
can export messages with any JMS message body type to TIBCO
Rendezvous. Conversely, tibemsd can import messages with any message type
from TIBCO Rendezvous.
tibemsd
For information about JMS body types, see JMS Message Bodies on page 23.
For information about the structure of messages, see JMS Message Structure on
page 19.
Import
JMSBytes
JMSBytesMessage
JMSObject
JMSObjectMessage
JMSStream
JMSStreamMessage
JMSText
JMSTextMessage
JMSMapMessage
The field names DATA and _data_ are reserved. We strongly discourage you from
using these field names in either EMS and Rendezvous applications, and
especially when these two message transport mechanisms interoperate.
Only standard Rendezvous fields identified by name can be imported into EMS.
Custom fields and fields identified in the Rendezvous application by field
identifiers cannot be imported.
456
| Chapter 16
Export
When translating the data fields of an EMS message, the results depend on the
JMS body type. Table 72 specifies the mapping.
Export Translation
BytesMessage
ObjectMessage
StreamMessage
TextMessage
MapMessage
Data Types
Table 73 presents the mapping between EMS datatypes and Rendezvous
datatypes. The mapping is bidirectional, except for the Rendezvous types that
have no corresponding EMS type (for these types the mapping is marked as
unidirectional in the middle column of Table 73).
Table 73 Rendezvous: Mapping Data Types (Sheet 1 of 2)
EMS
Map
Rendezvous
Boolean
TIBRVMSG_BOOL
Byte
TIBRVMSG_I8
Short
<
Short
Integer
TIBRVMSG_I16
<
Integer
Long
TIBRVMSG_U16
TIBRVMSG_I32
<
Long
Long
TIBRVMSG_U8
TIBRVMSG_U32
TIBRVMSG_I64
<
TIBRVMSG_U64
Float
TIBRVMSG_F32
Double
TIBRVMSG_F64
Short
<
TIBRVMSG_IPPORT16
Integer
<
TIBRVMSG_IPADDR32
TIBRVMSG_MSG
MapMessage
Long
<
TIBRVMSG_DATETIME
byte[]
TIBRVMSG_OPAQUE
java.lang.String
TIBRVMSG_STRING
byte[]
<
TIBRVMSG_XML
byte[]
<
TIBRVMSG_I8ARRAY
458
| Chapter 16
Map
Rendezvous
short[]
<
TIBRVMSG_U8ARRAY
short[]
int[]
TIBRVMSG_I16ARRAY
<
int[]
long[]
TIBRVMSG_I32ARRAY
<
long[]
long[]
TIBRVMSG_U16ARRAY
TIBRVMSG_U32ARRAY
TIBRVMSG_I64ARRAY
<
TIBRVMSG_U64ARRAY
float[]
TIBRVMSG_F32ARRAY
double[]
TIBRVMSG_F64ARRAY
460
| Chapter 16
| 461
Chapter 17
Topics
| Chapter 17
Overview
TIBCO Enterprise Message Service can exchange messages with TIBCO
SmartSockets.
Scope
EMS can import and export messages to an external system through an EMS
topic.
EMS can import messages from an external system to an EMS queue (but
queues cannot export).
EMS Topic
EMS Destination
(Topic or Queue)
Translation
tibss
Transport
Translation
tibss
Transport
Export
Import
TIBCO SmartSockets
462
Message Translation
EMS and SmartSockets use different formats for messages and their data. When
tibemsd imports or exports a messages, it translates the message and its data to
the appropriate format; for details, see Message Translation on page 474.
Configuration
uses definitions and parameters in three configuration files to guide the
exchange of messages with SmartSockets.
tibemsd
Enabling
Destinations
export instructs tibemsd to take messages that arrive on the EMS destination,
464
| Chapter 17
Transport Definitions
contains zero or more transport definitions. Each definition
begins with the name of a transport, surrounded by square brackets. Subsequent
lines set the parameters of the transport.
transports.conf
Description
type
SmartSockets Parameters
The syntax and semantics of these parameters are identical to the corresponding parameters in
SmartSockets clients. For full details, see the SmartSockets documentation set.
server_names
username
password
project
timemsd
Description
lb_mode
informs the RTserver that this client (that is, the EMS server)
participates in load balancing (for example, sharing the load with other
EMS servers).
disable
instructs tibemsd to delete the GMD store file and create a new one
when creating this transport.
enable
466
| Chapter 17
Description
preserve_gmd
This parameter determines the behavior of the EMS server when it has
exported a GMD message to SmartSockets, and SmartSockets cannot
deliver that message. When SmartSockets returns the undelivered message,
EMS can either preserve it in the EMS undelivered message queue, or
discard it.
Description
EMS Parameters
topic_import_dm
EMS sending clients can set the JMSDeliveryMode header field for each
message. However, SmartSockets clients cannot set this header. Instead,
these two parameters determine the delivery modes for all topic messages
and queue messages that tibemsd imports on this transport.
queue_import_dm
export_properties
Example
These examples from transports.conf illustrate the syntax of transport
definitions.
[SS01]
type = tibss
server_names = rtHost1
username = emsServer6
password = myPasswd
project = sales_order_entry
[SS02]
type = tibss
server_names = tcp:rtHost2A:5555, ssl:rtHost2B:5571
username = emsServer6
password = myPasswd
project = mfg_process_control
override_lb_mode = enable
delivery_mode = gmd_some
468
| Chapter 17
This aspect of the mapping between EMS destination names and SmartSockets
subjects is straightforward, one-to-one, and bidirectional.
EMS destination names consist of tokens separated by the dot (.) character.
SmartSockets subjects consists of tokens preceded by the slash (/) character (like
UNIX directory pathnames).
For example, the EMS name foo.bar.baz corresponds to the SmartSockets name
/foo/bar/baz. (Remember that SmartSockets names must begin with a leading
slash, but EMS names need not begin with a leading dot. A leading dot indicates
an empty element preceding it.)
The slash and dot characters have complementary roles in EMS and
SmartSockets. In EMS slash is an ordinary character, while dot is a separator. In
SmartSockets slash is a separator, while dot is an ordinary character. To translate
names between EMS and SmartSockets, substitute these characters one for
another. For example, the EMS name foo/bar.baz corresponds to the
SmartSockets name /foo.bar/baz. However, to avoid confusion, we discourage
using either slash or dot as ordinary characters.
Wildcard Star
Although both EMS and SmartSockets both interpret the star (*) character as a
wildcard, they differ in its semantics. In this aspect, the mapping is not
one-to-one.
In EMS, star can match any whole token of a name, but not part of a token. In
SmartSockets, star can match part of an tokenfor example, /foo/b*/baz
matches /foo/bar/baz and /foo/box/baz.
If you are familiar with SmartSockets wildcards but not EMS wildcards, see
Wildcards on page 77.
Trailing Wildcard
In EMS the greater-than (>) character is a wildcard that matches any number of
trailing tokens. In SmartSockets a string of three dots (...) signifies identical
semantics.
Topics 469
Topics
Topics can both export and import messages. Accordingly, you can configure
topic definitions (in the configuration file topics.conf) with import and export
properties that specify one or more external transports:
import
export
export instructs tibemsd to take messages that arrive on the EMS destination,
topics.conf
Example
For example, the following tibemsadmin commands configure the topic
myTopics.news to import and export messages on three transports.
addprop topic myTopics.news import="SS01,SS02"
addprop topic myTopics.news export="SS01,SS02,SS03"
470
| Chapter 17
Wildcards
Wildcards in the import and export properties obey EMS syntax and semantics
(not SmartSockets syntax and semantics); see Destination NameSyntax and
Semantics on page 468.
Queues
Queues can import messages, but cannot export them.
Configuration
You can configure queue definitions (in the configuration file queues.conf) with
the import property that specify one or more external transports.
Queues 471
Wildcards
Wildcards in the import property obey EMS syntax and semantics (not
SmartSockets syntax and semantics); see Destination NameSyntax and
Semantics on page 468.
EMS clients cannot subscribe to wildcard queueshowever, you can define
wildcards queues in the EMS server for the purpose of property inheritance. That
is, you can configure a static queue named foo.* and set properties on it, so that
child queues named foo.bar and foo.baz will both inherit those properties.
If you define a queue that imports foo.*, tibemsd begins importing all matching
messages from SmartSockets. As messages arrive, tibemsd creates dynamic child
queues (for example, foo.bar and foo.baz) and delivers the messages to them.
Notices that tibemsd delivers messages to these dynamic child queues even
when no subscribers exist to drain them.
472
| Chapter 17
Import Issues
This section presents issues associated with importing messages to EMS from
SmartSocketswhether on a topic or a queue.
JMSReplyTo
When tibemsd imports and translates a SmartSockets message, it sets the
JMSReplyTo field of the EMS message to the value of the SmartSockets reply_to
header, so that EMS clients can reply to the message.
Usually this value represents a SmartSockets subject. You must explicitly
configure tibemsd to create a topic with a corresponding name, which exports
messages to SmartSockets.
Guaranteed Delivery
For full end-to-end guaranteed delivery from SmartSockets to EMS, all three of
these conditions must be true:
Export Issues
This section presents issues associated with exporting messages from EMS to
SmartSockets.
JMSReplyTo
Topics
Consider an EMS message in which the field JMSReplyTo contains a topic. When
exporting such a message to SmartSockets, you must explicitly configure tibemsd
to import replies from SmartSockets to that reply topic.
Temporary Topics
Wildcard Subscriptions
Star Wildcard
Both EMS and SmartSockets interpret the star character (*) as a wildcardbut
with different semantics. EMS accepts star only as a whole element, which
matches a whole element. In contrast, SmartSockets accepts star as part of an
element, matching a substring within the element.
When a SmartSockets client subscribes to foo.bar*, then configure tibemsd to
export the superset foo.*; RTserver narrows the set by delivering only messages
that match subscribers. For a full discussion of the differences between EMS and
SmartSockets wildcards, see Destination NameSyntax and Semantics on
page 468.
Guaranteed Delivery
For full end-to-end guaranteed delivery to SmartSockets from EMS, both of these
conditions must be true:
474
| Chapter 17
Message Translation
Import
Export
You can instruct tibemsd to suppress the entire header submessage in all
exported messages by setting the transport property export_headers =
false.
JMS_TIBCO_IMPORTED gets the value true, indicating that the message did
not originate from an EMS client.
JMS_TIBCO_MSG_EXT gets the value true, indicating that the message might
contain submessage fields or array fields.
Export
tibemsd
You can instruct tibemsd to suppress the entire properties submessage in the
exported message by setting the transport property
export_properties = false.
Export
EMS client programs may modify the values of these properties within imported
messages for re-export to SmartSockets. (However, exporting a native EMS
message does not carry these properties to SmartSockets.)
Export of these properties depends on the value of the transport parameter
export_properties on page 467.
When exporting an EMS message to SmartSockets, tibemsd maps these
properties in reverse. In most cases, the mapping is symmetricexport maps
them back to the same SmartSockets header. However, three exceptions
(JMS_TIBCO_SS_SENDER, JMS_TIBCO_SS_MESSAGE_ID and
JMS_TIBCO_SS_SEQ_NUM) are asymmetricexport maps them to subfields of the
field JMSProperties within the SmartSockets message. The fourth column of
Table 75 indicates this asymmetry.
SmartSockets Method
Import
JMS_TIBCO_SS_SENDER
TipcMsgGetSender
none
type_num
all
Export
Asymmetr.
Asymmetr.
476
| Chapter 17
EMS Property
SmartSockets Method
Import
JMS_TIBCO_SS_TYPE_NUM
TipcMsgGetType
type_num
all
JMS_TIBCO_SS_DELIVERY_MODE
TipcMsgGetDeliveryMode
all
JMS_TIBCO_SS_LB_MODE
TipcMsgGetLbMode
all
JMS_TIBCO_SS_EXPIRATION
TipcMsgGetExpiration
all
JMS_TIBCO_SS_PRIORITY
TipcMsgGetPriority
all
JMS_TIBCO_SS_SENDER_TIMESTAMP
TipcMsgGetSenderTimestamp
all
JMS_TIBCO_SS_CORRELATION_ID
TipcMsgGetCorrelationId
all
JMS_TIBCO_SS_USER_PROP
TipcMsgGetUserProp
all
JMS_TIBCO_SS_MESSAGE_ID
TipcMsgGetMessageId
all
Asymmetr.
JMS_TIBCO_SS_SEQ_NUM
TipcMsgGetSeqNum
all
Asymmetr.
Message Body
can export messages with any JMS message body type to TIBCO
SmartSockets. Conversely, tibemsd can import messages with any message type
from TIBCO SmartSockets.
tibemsd
For information about JMS body types, see JMS Message Bodies on page 23.
For information about the structure of messages, see JMS Message Structure on
page 19.
Import
Export
The named field JMSHeaders is the first field (omitted when the transport
parameter export_headers is false). It contains a submessage; see JMS
Header Fields on page 474.
The named field JMSProperties is the next field (omitted when the transport
parameter export_properties is false). It contains a submessage; see JMS
Property Fields on page 474.
The data fields follow the JMS headers and properties (when present). For
details about field names and types, see the third column of Table 76.
SmartSockets
Message Type
Data Fields
JMSBytesMessage
T_MT_JMS_BYTES
JMSMapMessage
T_MT_JMS_MAP
JMSObjectMessage
T_MT_JMS_OBJECT
JMSStreamMessage
T_MT_JMS_STREAM
JMSTextMessage
T_MT_JMS_TEXT
T_MT_INFO
No data fields
478
| Chapter 17
Data Types
Table 77 presents the mapping between EMS datatypes and SmartSockets
datatypes. The mapping is bidirectional, except for a few SmartSockets types that
have no corresponding EMS type (for these types the mapping is marked as
unidirectional in the middle column of Table 77).
Table 77 SmartSockets: Mapping Data Types (Sheet 1 of 2)
EMS
Map
SmartSockets
Boolean
T_MSG_FT_BOOL
Byte
T_MSG_FT_BYTE
Character
T_MSG_FT_CHAR
Short
T_MSG_FT_INT2
Integer
T_MSG_FT_INT4
Long
T_MSG_FT_INT8
Float
T_MSG_FT_REAL4
Double
T_MSG_FT_REAL8
Double
<
String
T_MSG_FT_TIMESTAMP
T_MSG_FT_STR
String
<
T_MSG_FT_XML
String
<
T_MSG_FT_UTF8
Byte Array
Short Array
T_MSG_FT_BINARY
<
T_MSG_FT_BOOL_ARRAY
Short Array
T_MSG_FT_INT2_ARRAY
Integer Array
T_MSG_FT_INT4_ARRAY
Long Array
T_MSG_FT_INT8_ARRAY
Float Array
T_MSG_FT_REAL4_ARRAY
Double Array
T_MSG_FT_REAL8_ARRAY
Map
SmartSockets
Double Array
<
T_MSG_FT_TIMESTAMP_ARRAY
Stream Message
T_MSG_FT_MSG
Map Message
Destination Names
tibemsd automatically translates destination names when importing or exporting
480
| Chapter 17
| 481
Chapter 18
System administrators must monitor and manage the TIBCO Enterprise Message
Service server. The logging, monitoring, and statistics facilities provided by the
server allow system administrators to effectively view system activity and track
system performance.
Topics
482
| Chapter 18
For other configuration parameters that affect the log file, see Tracing and Log File
Parameters on page 223.
tibemsd.conf
server
When you want trace messages to be sent to a log file, you must also configure the
logfile configuration parameter. If you specify log_trace, and the logfile
configuration parameter is not set to a valid file, the tracing options are stored,
but they are not used until the server is started with a valid log file.
When configuring log or console tracing, you have a variety of options for the
types of trace messages that can be generated. Table 78 on page 484 describes the
available tracing options.
484
| Chapter 18
Description
DEFAULT
INFO
WARNING
ACL
LIMITS
ROUTE
ADMIN
RVADV
CONNECT_ERROR
CONFIG
MSG
ACL
ADMIN
AUTH
CONFIG
CONNECT
CONNECT_ERROR
DBSTORE
DEST
Description
FLOW
INFO
JAAS
JVM
JVMERR
LDAP_DEBUG
LIMITS
LOAD
MEMORY
486
| Chapter 18
Description
MSG
MULTICAST
PRODCONS
ROUTE
ROUTE_DEBUG
RVADV
SS
SSL
SSL_DEBUG
TX
WARNING
Specify tracing with a comma-separated list of trace options. You may specify
trace options in three forms:
plain A trace option without a prefix character replaces any existing trace
options.
A trace option preceded by + adds the option to the current set of trace
options.
A trace option preceded by - removes the option from the current set of
trace options.
Examples
The following example sets the trace log to only show messages about access
control violations.
log_trace=ACL
The next example sets the trace log to show all default trace messages, in addition
to SSL messages, but ADMIN messages are not shown.
log_trace=DEFAULT,-ADMIN,+SSL
The next example sends a trace message to the console when a TIBCO
Rendezvous advisory message arrives.
console_trace=RVADV
488
| Chapter 18
Message Tracing
In addition to other server activity, you can trace messages as they are processed.
Trace entries for messages are only generated for destinations or messages that
specify tracing should be performed. For destinations, you specify the trace
property to enable the generation of trace messages. For individual messages, the
JMS_TIBCO_MSG_TRACE property specifies that tracing should be performed for
this message, regardless of the destination settings. The sections below describe
the tracing properties for destinations and messages.
Message trace entries can be output to either the console or the log. The MSG trace
option specifies that message trace entries should be displayed, and the DEFAULT
trace option includes the MSG option. See Tracing on the Server on page 483 for
more information about specifying trace options.
You must set the tracing property on either destinations or messages and also set
the MSG or DEFAULT trace option on the console or the log before you can view
trace entries for messages.
EMS tracing features do not filter unprintable characters from trace output. If
your application uses unprintable characters within messages (whether in data or
headers), the results of message tracing are unpredictable.
Setting trace without the body option specifies that only the message sequence
and message ID are included in the trace message.
When message tracing is enabled for a destination, a trace entry is output for each
of the following events that occur in message processing:
Replies to request messages are traced only when the reply destination has the
trace property. Similarly, replies to exported messages are only traced when the
trace property is set.
490
| Chapter 18
Monitoring Messages
You can monitor messages processed by a destination as they are sent, received,
or acknowledged. You can also monitor messages that have prematurely exited
due to expiration, being discarded, or a maxRedelivery failure.
The $sys.monitor topic for monitoring messages has the following format:
$sys.monitor.D.E.destinationName
Where D is the type of destination, E is the event you wish to monitor, and
destinationName is the name of the destination whose messages you wish to
monitor. Table 79 describes the possible values of D and E in message monitoring
topics.
Table 79 Message monitoring qualifiers (Sheet 1 of 2)
Qualifier
Value
Description
492
| Chapter 18
Value
Description
a consumer
a route
Sent by a producer
Sent by a route
You must explicitly subscribe to a message monitoring topic. That is, subscribing
to $sys.monitor.> will subscribe to all topics beginning with $sys.monitor, but
it does not subscribe you to any specific message monitoring topic such as
$sys.monitor.T.*.foo.bar. However, if another subscriber generates interest
in the message monitor topics, this subscriber will also receive those messages.
You can specify wildcards in the destinationName portion of the message monitoring
topic to subscribe to the message monitoring topic for all matching destinations.
For example, you can subscribe to $sys.monitor.T.r.> to monitor all messages
received by all topics. For performance reasons, you may want to avoid
subscribing to too many message monitoring topics. See Performance
Implications of Monitor Topics on page 494 for more information.
494
| Chapter 18
You can have any number of applications that subscribe to monitor messages. You
can create different applications that subscribe to different monitor topics, or you
can create one application that subscribes to all desired monitor topics. Your topic
subscribers can also use message selectors to filter the monitor messages so your
application receives only the messages it is interested in.
496
| Chapter 18
Message producers that do not specify a destination when they are created.
These message producers can produce messages for any destination, and the
destination name is specified when a message is sent.
Routes can have incoming and outgoing messages on many different topics.
498
| Chapter 18
NONE
ROUTES
CHANNELS
Collecting detailed statistics does consume memory, and can adversely affect
performance when gathering a high volume of statistics. There are two
parameters that allow you to control resource consumption when collecting
detailed statistics. First, you can control the amount of time statistics are kept, and
second you can set a maximum amount of memory for detailed statistic
gathering. When application programs create many dynamic destinations, we
recommend against gathering detailed statistics.
The statistics_cleanup_interval parameter controls how long detailed
statistics are kept. This parameter can be set either in the configuration file or
dynamically with the set server command. By default, statistics are kept for 15
seconds. For example, if there is a topic subscriber for the topic foo.*, and the
subscriber receives a message on topic foo.bar, if no new messages arrive for
topic foo.bar within 15 seconds, statistics for topic foo.bar are deleted for that
consumer. You can set this parameter to 0 to signify that all detailed statistics are
to be kept indefinitely. Of course, statistics for an object only exist as long as the
object itself exists. That is, if a message consumer terminates, all detailed statistics
for that consumer are deleted from memory.
The max_stat_memory parameter controls the amount of memory used by
detailed statistics. This parameter can be set either in the configuration file or
dynamically with the set server command. By default, this parameter is set to 0
which signifies that detailed statistics have no memory limit. If no units are
specified, the value of this parameter is in bytes. Optionally, you can specify units
as KB, MB, or GB. When the specified limit is reached, the server stops collecting
new statistics. The server will only resume collecting statistics if the amount of
memory used decreases (for example, if the statistics_cleanup_interval is
set and old statistics are removed).
Displaying Statistics
When statistic collecting is enabled, you can view statistics for producers,
consumers, routes, and destinations using the show stat command in the
administration tool.
The show stat command allows you to filter the statistics based on destination
name, user name, connection ID, or any combination of criteria. You can
optionally specify the total keyword to retrieve only the total statistics (this
suppresses the detailed output). You can also optionally specify the "wide"
keyword when displaying statistics for destinations or routes. This specifies that
inbound and outbound message statistics should be displayed on the same line
(the line can be 100 characters or more).
The following illustrates displaying statistics for a route where detailed statistic
tracking is enabled.
tcp://server1:7322> show stat route B
Inbound statistics for route 'B':
Total Count
Destination
Msgs
Size
<total>
189
37.9 Kb
Topic: dynamic.0
38
7.6 Kb
Topic: dynamic.1
38
7.6 Kb
Topic: dynamic.2
38
7.6 Kb
Topic: dynamic.3
38
7.6 Kb
Topic: dynamic.4
37
7.4 Kb
Outbound statistics for route 'B':
Total Count
Destination
Msgs
Size
<total>
9538
1.9 MB
Topic: dynamic.0
1909 394.9 Kb
Topic: dynamic.1
1908 394.7 Kb
Topic: dynamic.2
1907 394.5 Kb
Topic: dynamic.3
1907 394.5 Kb
Topic: dynamic.4
1907 394.5 Kb
Rate/Second
Msgs
Size
10
2.0
2
0.4
2
0.4
2
0.4
2
0.4
2
0.4
Kb
Kb
Kb
Kb
Kb
Kb
Rate/Second
Msgs
Size
10
2.1
2
0.4
2
0.4
2
0.4
2
0.4
2
0.5
Kb
Kb
Kb
Kb
Kb
Kb
See show stat on page 170 for more information and detailed syntax of the show
stat command.
500
| Chapter 18
| 501
Chapter 19
Secure Sockets Layer (SSL) is a protocol that provides secure authentication and
transmits encrypted data over the Internet or an internal network. Most web
browsers support SSL, and many Web sites and Java applications use it to obtain
confidential user information, such as credit card numbers.
The SSL protocol is complex, and this chapter is not a complete description of
SSL. Instead, this chapter describes how to configure SSL in the TIBCO Enterprise
Message Service server and in client applications that communicate with the
server. For a more complete description of SSL, see the SSL specification at
http://www.mozilla.org/projects/security/pki/nss/ssl/.
Topics
502
| Chapter 19
SSL provides secure communication that works with other mechanisms for
authentication available in the EMS server. When authorization is enabled in
the server, the connection undergoes a two-phase authentication process. First, an
SSL hand-shake between client and server initializes a secure connection. Second,
the EMS server checks the credentials of the client using the supplied username
and password. If the connecting client does not supply a valid username and
password combination, the connection fails, even if the SSL 67 succeeded.
When authorization is enabled, usernames and passwords are always checked,
even on SSL secured connections.
Implementations
The TIBCO Enterprise Message Service server and the C client libraries use
OpenSSL for SSL support. For more information, see www.openssl.org.
EMS Java clients can use either JSSE (from Sun JavaSoft) or the SSL
implementation from Entrust. The EMS Java installation includes JSSE; if you
prefer to use Entrust, you must purchase and install the Entrust SSL
implementation separately.
EMS .NET 2.0 clients use the Microsoft implementation of SSL. The Microsoft
implementation of SSL is compatible with OpenSSL. Certificates required by the
client can either be stored in files or the Microsoft certificate store. However,
Microsoft requires that the root certificate be installed in the Microsoft Certificate
Store, even when certificate files are in use.
EMS distributions usually build and include the latest versions of OpenSSL and
OpenLDAP publicly available at the time of release. For exact version numbers
see the Third Party Software License Agreements documented in the TIBCO
Software Inc. End User License Agreement for TIBCO Enterprise Message
Service.
Digital Certificates
Digital certificates are data structures that represent identities. EMS uses
certificates to verify the identities of servers and clients. Though it is not necessary
to validate either the server or the client for them to exchange data over SSL,
certificates provide an additional level of security.
A digital certificate is issued either by a trusted third-party certificate authority, or
by a security officer within your enterprise. Usually, each user and server on the
network requires a unique digital certificate, to ensure that data is sent from and
received by the correct party.
In order to support SSL, the EMS server must have a digital certificate. Optionally,
EMS clients may also be issued certificates. If the server is configured to verify
client certificates, a client must have a certificate and have it verified by the server.
Similarly, an EMS client can be configured to verify the servers certificate. Once
the identity of the server and/or client has been verified, encrypted data can be
transferred over SSL between the clients and server.
A digital certificate has two partsa public part, which identifies its owner (a
user or server); and a private key, which the owner keeps confidential.
The public part of a digital certificate includes a variety of information, such as
the following:
The name of the owner, and other information required to confirm the unique
identity of the subject. This information can include the URL of the web server
using the digital certificate, or an email address.
The name of the certificate authority (CA) that issued the digital certificate.
A serial number.
The length of time the certificate will remain validdefined by a start date
and an end date.
The most widely-used standard for digital certificates is ITU-T X.509. TIBCO
Enterprise Message Service supports digital certificates that comply with X.509
version 3 (X.509v3); most certificate authorities, such as Verisign and Entrust,
comply with this standard.
504
| Chapter 19
PKCS#7
PKCS#12
PKCS#8
PKCS#12
The EMS server uses OpenSSL to read private keys. It supports PEM, DER,
PKCS8 and PKCS12 formats; it does not read Java KeyStore or Entrust Store files.
Description
.pem
.der
.p8
PKCS#8 file
.p7b
PKCS#7 file
.p12
.jks
.epf
506
| Chapter 19
SSL Parameters
Several SSL parameters can be set in tibemsd.conf. The minimum configuration
is only one required parameterssl_server_identity. However, if the servers
certificate file does not contain its private key, then you must specify it in
ssl_server_key.
SSL Server Parameters on page 228 provides a complete description of the SSL
parameters that can be set in tibemsd.conf.
-ssl_traceenables
508
| Chapter 19
tibcrypt.jar
slf4j-api-1.4.2.jar
slf4j-simple-1.4.2.jar
These JARs are included with the TIBCO Enterprise Message Service installation,
and are located in the EMS_HOME\lib directory.
Entrust
To use Entrust with an EMS client, you must separately purchase and install the
Entrust libraries. If you use the Entrust libraries, you must include them in the
CLASSPATH before the tibcrypt JAR file. To use Entrust with JDK, you must
download the unlimited strength policy JAR files from Sun's website and install
them in your local installation of JDK. For installation and configuration details,
see Entrust documentation.
PKCS#12
Java KeyStore
Entrust Store
You can also store the private key file separately from the client certificate file. If
this is the case, the certificate and private key must be stored in one of the
following formats:
PEM
PKCS#8
The format of the client digital certificate and private key file depends on the SSL
vendor used by the client. JSSE and Entrust support different formats and
combinations of formats. For more information about formats, see your SSL
vendors documentation.
Configuring SSL
A client connecting to an EMS server can configure SSL characteristics in the
following ways:
Create a connection factory that specifies the appropriate SSL parameters and
use JNDI to lookup the connection factory. The server URL in the connection
factory must specify the SSL protocol, and the factory must specify
appropriate SSL parameters.
A preconfigured connection factory is the preferred mechanism in many
situations. See Creating Connection Factories for Secure Connections and
Performing Secure Lookups for details on how to create a connection factory
with SSL parameters in EMS.
Specifying any SSL parameters within a connection factory causes all global SSL
parameters set with the TibjmsSSL class to be ignored.
Configuring a Connection Factory
You can configure a connection factory using the administration tool or the EMS
Administration APIs. See Chapter 6, Using the EMS Administration Tool.
When configuring a connection factory, you can specify several SSL parameters,
similar to the server parameters that you can configure in tibemsd.conf.
When configuring a connection factory, EMS does not verify any file names
specified in the SSL parameters. At the time the factory is retrieved using JNDI,
the EMS server attempts to resolve any file references. If the files do not match the
supported types or the files are not found, the JNDI lookup fails with a
ConfigurationException.
510
| Chapter 19
Description
ssl_vendor
The vendor name of the SSL implementation that the client uses.
ssl_identity
ssl_issuer
Issuers certificate chain for the clients certificate. Supply the entire
chain, including the CA root certificate. The client reads the
certificates in the chain in the order they are presented in this
parameter.
Example
ssl_issuer = certs\CA_root.pem
ssl_issuer = certs\CA_child1.pem
ssl_issuer = certs\CA_child2.pem
For more information on file types for digital certificates, see File
Names for Certificates and Keys on page 505.
ssl_private_key
The clients private key. If the key is included in the digital certificate
in ssl_identity, then you may omit this parameter.
For more information on file types for digital certificates, see File
Names for Certificates and Keys on page 505.
ssl_trusted
ssl_verify_host
Specifies whether the client should verify the servers certificate. The
values for this parameter are enabled or disabled. By default, this
parameter is enabled, signifying the client should verify the servers
certificate.
When disabled, the client establishes secure communication with
the server, but does not verify the servers identity.
Description
ssl_verify_hostname
Specifies whether the client should verify the name in the CN field of
the servers certificate. The values for this parameter are enabled and
disabled. By default, this parameter is enabled, signifying the client
should verify the name of the connected host or the name specified in
the ssl_expected_hostname parameter against the value in the
servers certificate. If the names do not match, the client rejects the
connection.
When disabled, the client establishes secure communication with
the server, but does not verify the servers name.
ssl_expected_hostname
The name the client expects in the CN field of the servers certificate.
If this parameter is not set, the expected name is the hostname of the
server.
The value of this parameter is used when the ssl_verify_hostname
parameter is enabled.
ssl_ciphers
ssl_auth_only
ssl_rand_egd
The path for the entropy gathering daemon (EGD), if one is installed.
This daemon generates random data for the client.
512
| Chapter 19
Description
>
<
ALL
All ciphers from the list (except null ciphers). You can use this keyword to add or
remove all ciphers.
At least one cipher suite must be present, otherwise the SSL connection fails to
initialize. So, if you use -ALL, you must subsequently add the desired ciphers to the list.
Description
When entered as the first item in the list, this option causes EMS
to begin with an empty list, and add the ciphers that follow the
slash.
If the / does not prefix the cipher list, then EMS prefixes the
cipher list with the OpenSSL cipher string DEFAULT.
This modifier can only be used at the beginning of the list. If the
/ appears elsewhere, the syntax of the cipher suite list will be
incorrect and cause an error.
Remove the cipher from the list of ciphers. When this option is
used, the cipher can be added later on in the list of ciphers.
514
| Chapter 19
Description
ALL
All ciphers from the list (except null ciphers). You can use this
keyword to add or remove all ciphers.
At least one cipher suite must be present or the SSL connection
fails to initialize. So, after using -ALL, you should add at least
one cipher to the list.
@STRENGTH
This example illustrates disables RC4-MD5, then adds all other ciphers:
ssl_server_ciphers = !RC4-MD5:ALL
Default Cipher
List
The EMS server and C client library hard-code a default cipher list, which is
equivalent to ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH.
Export
Key
Exch
Auth
Encrypt
Key
Size
MAC
RSA
RSA
RC4
128
MD5
SSL_RSA_WITH_RC4_128_MD5
(RC4-MD5)
Export
Key
Exch
Auth
Encrypt
Key
Size
MAC
RSA
RSA
RC4
128
SHA1
RSA
RSA
DES
56
SHA1
RSA
RSA
3-DES
168
SHA1
RSA(512)
RSA
RC4
40
MD5
RSA(512)
RSA
DES
40
SHA1
DH
DSS
3-DES
168
SHA1
DH
RSA
3-DES
168
SHA1
DH
DSS
DES
56
SHA1
SSL_RSA_WITH_RC4_128_SHA
(RC4-SHA)
SSL_RSA_WITH_DES_CBC_SHA
(DES-CBC-SHA)
SSL_RSA_WITH_3DES_EDE_CBC_SHA
(DES-CBC3-SHA)
SSL_RSA_EXPORT_WITH_RC4_40_MD5
(EXP-RC4-MD5)
Yes
SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA
(EXP-DES-CBC-SHA)
Yes
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
(EDH-DSS-DES-CBC3-SHA)
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
(EDH-RSA-DES-CBC3-SHA)
SSL_DHE_DSS_WITH_DES_CBC_SHA
(EDH-DSS-DES-CBC-SHA)
516
| Chapter 19
Export
Key
Exch
Auth
Encrypt
Key
Size
MAC
DH
RSA
DES
56
SHA1
DSS
DES
40
SHA1
DH(512)
RSA
DES
40
SHA1
RSA
RSA
AES
128
SHA1
RSA
RSA
AES
256
SHA1
DH
DSS
AES
128
SHA1
DH
DSS
AES
256
SHA1
DH
RSA
AES
128
SHA1
SSL_DHE_RSA_WITH_DES_CBC_SHA
(EDH-RSA-DES-CBC-SHA)
SSL_DHE_DSS_EXPORT_WITH_DES_40_CBC_SHA
(EXP-EDH-DSS-DES-CBC-SHA)
Yes
DH(512)
SSL_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA
(EXP-EDH-RSA-DES-CBC-SHA)
Yes
TLS_RSA_WITH_AES_128_CBC_SHA
(AES128-SHA)
TLS_RSA_WITH_AES_256_CBC_SHA
(AES256-SHA)
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
(DHE-DSS-AES128-SHA)
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
(DHE-DSS-AES256-SHA)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
(DHE-RSA-AES128-SHA)
Export
Key
Exch
Auth
Encrypt
Key
Size
MAC
DH
RSA
AES
256
SHA1
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
(DHE-RSA-AES256-SHA)
SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_NULL_MD5
Although they are not supported, they are included in the interface definition
only to allow old programs to compile correctly. Use the SSL authentication only
feature in place of these cipher suites. See SSL Authentication Only below for
more information.
Supported Cipher Suites for .NET Clients
.NET client support only the following cipher suites:
RC4-MD5
RC4-SHA
DES-CBC3-SHA
DES-CBC-SHA
EXP-RC2-CBC-MD5
EDH-DSS-DES-CBC3-SHA
EDH-DSS-DES-SHA
EXP-RC4-MD5
AES128-SHA
Some newer Windows platforms, such as Windows Server 2008 and Windows 7,
don't support weaker ciphers (like EXP-RC4-MD5). These platforms support the
stronger ciphers (like AES128-SHA). Refer to your MSDN documentation or
contact Microsoft support for complete details on supported ciphers on specific
Windows platforms.
518
| Chapter 19
Preconditions
All three of these preconditions must be satisfied to use SSL only for
authentication:
The server and clients must both be release 4.2 or later. (If not, EMS behavior
reverts to using SSL for all communications throughout the life of the
connection.)
The client program must request a connection that uses SSL for authentication
only. Clients can specify this request in factories by enabling the
ssl_auth_only parameter, or by calling:
Java: TibjmsSSL.setAuthOnly
C: tibemsSSLParams_SetAuthOnly
C#: EMSSSL.SetAuthOnly
See Also
Ensure that incompatible parameters, listed below, are not included in the
server configuration files.
ssl_dh_size
ssl_server_ciphers
ldap_tls_rand_file
ldap_tls_cipher_suite
ft_ssl_ciphers
ssl_ciphers
520
| Chapter 19
Java Clients Java clients that use the Entrust implementation of SSL, rather
than the JSSE that is included with EMS, can operate in FIPS 140-2 complaint
mode.
C Clients C clients that link to the dynamic EMS libraries can operate in FIPS
140-2 compliant mode. FIPS compliance is not available with static libraries.
To enable FIPS 140-2 operations in the C client, use compliant OpenSSL
libraries, and initialize the libraries to enable FIPS 140-2 operations before
calling any EMS functions.
C libraries support FIPS compliance only on Windows, Linux, and Solaris 10 (x86)
platforms. On UNIX, only the 64-bit C libraries are supported. No 32-bit support
is provided.
| 521
Chapter 20
Fault Tolerance
This chapter describes the fault tolerance features of TIBCO Enterprise Message
Service.
Topics
522
| Chapter 20
Fault Tolerance
Shared State
A pair of fault-tolerant servers can have access to shared state, which consists of
information about clients and persistent messages. This information enables the
standby server to properly assume responsibility for those clients and messages.
Figure 23 illustrates a fault-tolerant configuration of EMS.
Figure 23 Active and Standby Servers with Shared State
Fault-Tolerant
Clients
Active
Server
ck
lo
Shared
State
Standby
Server
Locking
To prevent the standby server from assuming the role of the active server, the
active server locks the shared state during normal operation. If the active server
fails, the lock is released, and the standby server can obtain the lock and become
active.
Current
Server
Additional
Server
| Chapter 20
Fault Tolerance
Detection
A standby server detects a failure of the active server in either of two ways:
Connection FailureThe standby server can detect the failure of its TCP
connection with the active server. When the active server process terminates
unexpectedly, the standby server detects the broken connection.
Response
When a standby server (B) detects the failure of the active server (A), then B
attempts to assume the role of active server. First, B obtains the lock on the current
shared state. When B can access this information, it becomes the new active
server.
Figure 25 Failed Active Server
Fault-Tolerant
Clients
Failed
Server
Shared
State
B
lo
ck
524
Active
Server
Lock Unavailable
If B cannot obtain the lock immediately, it alternates between attempting to obtain
the lock (and become the active server), and attempting to reconnect to A (and
resume as a standby server)until one of these attempts succeeds.
TIBCO Enterprise Message Service Users Guide
Role Reversal
When B becomes the new active server, A can restart as a standby server, so that
the two servers exchange roles.
Figure 26 Recovered Server Becomes Standby
Fault-Tolerant
Clients
Standby
Server
loc
k
Shared
State
Active
Server
Client Transfer
Clients of A that are configured to failover to standby server B automatically
transfer to B when it becomes the new active server. B reads the clients current
state from the shared storage to deliver any persistent messages to the client.
Client Notification
Client applications can receive notification when shared state failover occurs.
Java
To receive notification, Java client programs set the system property
tibco.tibjms.ft.switch.exception to any value, and define an
ExceptionListener to handle failover notification; see the class
com.tibco.tibjms.Tibjms in TIBCO Enterprise Message Service Java API
Reference.
C
To receive notification, C client programs call
and register the exception
callback in order to receive the notification that the reconnection was successful.
tibems_setExceptionOnFTSwitch(TIBEMS_TRUE)
526
| Chapter 20
Fault Tolerance
C#
To receive notification, .NET client programs call
Tibems.SetExceptionOnFTSwitch(true), and define an exception listener to
handle failover notification; see the method Tibems.SetExceptionOnFTSwitch
on page 294 in TIBCO Enterprise Message Service .NET API Reference.
Message Redelivery
Persistent
Synchronous
Mode
Delivery
Succeeded
Topics
When a failure occurs, messages with delivery mode PERSISTENT, that were not
successfully acknowledged before the failure, are redelivered.
When using durable subscribers, EMS guarantees that a message with
PERSISTENT delivery mode and written to a store with the property mode=sync,
will not be lost during a failure.
Any messages that have been successfully acknowledged or committed are not
redelivered, in compliance with the JMS specification.
All topic subscribers continue normal operation after a failover.
Transactions
A (non-XA) transaction is considered active when at least one message has been
sent or received by the session, and the transaction has not been successfully
committed. An XA transaction is considered active when the XA start method is
called.
After a failover, attempting to commit the active transaction results in a
javax.jms.TransactionRolledBackException. Clients that use transactions
must handle this exception, and resend any messages sent during the transaction.
The standby server, upon becoming active, automatically redelivers any messages
that were delivered to the session during the transaction that rolled back.
Queues
For queue receivers, any messages that have been sent to receivers, but have not
been acknowledged before the failover, may be sent to other receivers
immediately after the failover.
Heartbeat Parameters
When the active server heartbeat stops, the standby server waits for its activation
interval (elapsed time since it detected the most recent heartbeat); then the
standby server retrieves information from shared storage and assumes the role of
active server.
The default heartbeat interval is 3 seconds, and the default activation interval is
10 seconds. The activation interval must be at least twice the heartbeat interval.
Both intervals are specified in seconds. You can set these intervals in the server
configuration files. See Fault Tolerance Parameters on page 216 for details.
Configuration Files
When an active server fails, its standby server assumes the status of the active
server and resumes operation. Before becoming the active server, the standby
server re-reads its configuration files. If the two servers share configuration files,
then the administrative changes to an active server carry over to its standby once
the latter becomes active.
528
| Chapter 20
Fault Tolerance
When fault-tolerant servers share configuration files, you must limit configuration
changes to the active server only. Separately reconfiguring the standby server can
cause it to overwrite the shared configuration files; unintended misconfiguration
can result.
Additionally, when a server that is a member of a fault-tolerant pair requires a
restart, both servers must be restarted to activate the change. When the active
server is shut down, the standby server does not reinitialize its properties (such as
listens, heartbeats, timeouts, and so on) or stores during activation. It does
reinitialize objects such as queues, topics, factories, routes, and so on.
Unshared state failover is initiated by the EMS client. When a client setup for
unshared state detects a lost connection to server (A), it attempts to connect to
server (B), as defined in the connection factory.
Figure 27 Unshared State Failover
A
Clients
Failed
Server
Current
Server
Unshared state is not limited to two servers. Unlike shared state failover,
unshared state is controlled by the EMS client. The client can include more than
two URLs in its list of additional servers.
Response
Message Loss
Because B does not have access to persistent messages that were not delivered or
acknowledged prior to the failover, some messages may be lost or delivered out of
order across the failover process. To prevent message loss, use shared state
failover.
530
| Chapter 20
Fault Tolerance
Unsupported
Features
These features and Java classes are not supported with unshared state
connections:
XA transactions
Multicast
ConnectionConsumer
ServerSession
ServerSessionPool
QueueRequestor
TopicRequestor
A1
A2
B1
Legend
EMS Server
Shared State Storage
Device
B2
EMS Client
Current Server Connection
Failed Server Connection
In this example, servers A1 and A2 share state. Servers B1 and B2 also share state.
However, A1 and A2 do not share state with B1 and B2.
The EMS clients created connections using a connection factory with A1, A2 + B1,
B2. The initial server connections were with server A1. When the connection to A1
failed, the failover process proceeded as described in Shared State Failover
Process on page 524, and the clients connect to A2.
A2 then failed, before A1 restarted. The clients next created connections to B1,
recreating all runtime objects from the connection (as described above in
Unshared State Failover Process). B1 is now the active server. Because B1 and B2
share state, If B1 fails, B2 becomes the active server.
532
| Chapter 20
Fault Tolerance
Shared State
For the most robust failover protection, the active server and standby server must
share the same state. Shared state includes three categories of information:
During a failover, the standby server re-reads all shared state information.
Description
Write Order
Description
The EMS server process that has the file lock must be the only
server process that can write to the file. Once the system
transfers the lock to another server, pending writes queued by
the previous owner must fail.
Hardware Options
Consider these examples of commonly-sold hardware options for shared storage:
NAS
Dual-port SCSI and SAN solutions generally satisfy the Write Order and
Synchronous Write Persistence criteria. (The clustering software must satisfy the
remaining two criteria.) As always, you must confirm all four requirements with
your vendors.
NAS solutions require a CS (rather than a CFS) to satisfy the Distributed File
Locking criterion (see below).
Some NAS solutions satisfy the criteria, and some do not; you must confirm all
four requirements with your vendors.
When NAS hardware uses NFS as its file system, it is particularly difficult to
determine whether the solution meets the criteria. Our research indicates the
following conclusions:
NFS v4 with TCP might satisfy the criteria. Consult with the NAS vendor to
verify that the NFS server (in the NAS) satisfies the criteria. Consult with the
operating system vendor to verify that the NFS client (in the OS on the server
host computer) satisfies the criteria. When both vendors certify that their
components cooperate to guarantee the criteria, then the shared storage
solution supports EMS.
TIBCO Enterprise Message Service Users Guide
534
| Chapter 20
Fault Tolerance
For more information on how the EMS locks shared store files, see How EMS
Manages Access to Shared Store Files on page 120.
Software Options
Consider these examples of commonly-sold software options:
With dual-port SCSI or SAN hardware, either a CS or a CFS might satisfy the
Distributed File Locking criterion. With NAS hardware, only a CS can satisfy this
criterion (CFS software generally does not). Of course, you must confirm all four
requirements with your vendors.
Storage Files
By default, the tibemsd server creates three file-based stores to store shared state:
$sys.failsafeThis
I/O calls.
$sys.nonfailsafeThis
Storage Parameters
Several configuration parameters apply to EMS storage files (even when
fault-tolerant operation is not configured); see Storage File Parameters on
page 209.
536
| Chapter 20
Fault Tolerance
Shared State
To configure an EMS server as a fault-tolerant secondary, set these parameters in
its main configuration file (or on the server command line):
server
Set this parameter to the same server name in the configuration
files of both the primary server and the secondary server.
ft_active
In the configuration file of the primary server, set this
parameter to the URL of the secondary server. In the configuration file of the
secondary server, set this parameter to the URL of the active server.
When a server configured for fault tolerance starts, it attempts to connect to its
peer server. If it establishes a connection to its peer, then it enters the standby
state. If it cannot establish a connection to its peer, then it becomes the active
server.
While a server is in the standby state, it does not accept connections from clients.
To administer the standby server, the admin user can connect to it using the
administration tool. Standby servers started with a JSON configuration file cannot
be administered.
Authorization and Fault-Tolerant Servers
EMS authorization interacts with fault tolerance. If authorization is enabled
and the two EMS Servers are configured for fault tolerance, then both servers in a
fault-tolerant pair must be configured as follows:
The tibemsd.conf file for each server must have the same server name and
password (the server and password parameters must be the same on each
server).
The user name and password in the users.conf file for each server must
match the values of the server and password parameters in the
tibemsd.conf file.
If the two EMS Servers are not sharing a users.conf file, make sure that you
create a user with the same name as the EMS Server, and set the user's password
with the value of the "server" password.
For example, you have two EMS Servers (Server 1 and Server 2) that are named
"EMS-SERVER" and are to use a password of "mySecret", but which do not share a
users.conf file. To set the user names and passwords, start the EMS
Administration Tool on each server, as described in Using the EMS
Administration Tool on page 125, and do the following.
From the active (Server 1), enter:
set server password=mySecret
create user EMS-SERVER password=mySecret
SSL
You can use SSL to secure communication between a pair of fault-tolerant servers.
Parameters in the main configuration file (tibemsd.conf) affect this behavior.
The relevant parameters all begin with the prefix ft_ssl.
The server initializing a secure connection to another server uses the ft_ssl
parameters to determine the properties of its secure connection to the other
server. The receiving server validates the incoming connection against its own
ssl_ parameters. For more information about ft_ssl parameters, see Fault
Tolerance Parameters on page 216. For more information about ssl_ parameters,
see SSL Server Parameters on page 228.
See Also
Reconnect Timeout
When a standby server assumes the role of the active server during failover,
clients attempt to reconnect to the standby server (that is, the new active) and
continue processing their current message state. Before accepting reconnects from
the clients, the new active server reads its message state from the shared state
files.
538
| Chapter 20
Fault Tolerance
You can instruct the server to clean up state information for clients that do not
reconnect before the time limit specified by the ft_reconnect_timeout
configuration parameter. The ft_reconnect_timeout time starts once the server
has fully recovered the shared state, so this value does not account for the time it
takes to recover the store files. See ft_reconnect_timeout on page 217 for
details.
Unshared State
When configuring a fault tolerant pair that does not share state, you must ensure
that both servers use identical configurations. This is especially important for
these configuration settings:
SSL When SSL is deployed, both servers must use the same certificate(s).
The primary server, if elected active, listens for client connection on ports
defined in the main Server Properties page, in the Primary Listens section. If
elected standby, it listens for the secondary server on the Secondary Listens
URL that is flagged using the FT Active radio button on the Fault Tolerance
properties page.
Conversely, the secondary server, if elected standby, listens for the primary
server using the Primary Listens URL that is flagged with the FT Active radio
button on the main Server Properties page. If elected active, it listens for client
connections using the Secondary Listen URLs defined on the Fault Tolerance
page.
540
| Chapter 20
Fault Tolerance
Configuration
Errors
When an EMS server is started, the fault tolerance mechanism is triggered by the
presence of a URL in the Secondary Listens list of a primary tibemsd, or by that of
a URL in the Primary Listens list of a secondary tibemsd.
Once fault tolerance is triggered, the EMS server generates an error if it finds that
the "FT Active" switch was not assigned to any URL in its peers list. If
CONFIG_ERRORS is present in the startup_abort_list parameter, the tibemsd
aborts startup. Otherwise, the tibemsd cancels fault tolerance and starts without
checking its peer. This results in a file lock error for the EMS server that is started
second.
The client attempts to connect to each URL in the order listed. If a connection to
one URL fails, the client tries the next URL in the list. The client tries the URLs in
sequence until all URLs have been tried. If the first failed connection was not the
first URL in the list, the attempts wrap to the start of the list (so each URL is tried).
For information on how to lookup a fault-tolerance URL in the EMS naming
service, see Performing Fault-Tolerant Lookups on page 402.
The reconnection logic in the client is triggered by the specifying multiple URLs
when connecting to a server. If no secondary server is present, the client must still
provide at least two URLs (typically pointing to the same server) in order for it to
automatically reconnect to the server when it becomes available after a failure.
When messages are sent in non-persistent or reliable modes, the consumer does
not normally wait for a server reply to its acknowledgements. However, a fault
tolerant consumer does wait for a server reply (when using an session mode other
than DUPS_OK_ACKNOWLEDGE or EXPLICIT_CLIENT_DUPS_OK_ACKNOWLEDGE). This
is true for shared state configurations. Unshared state configurations, which
tolerate lost, duplicated, and out-of-order messages during a failover, do not wait
for server acknowledgements.
542
| Chapter 20
Fault Tolerance
C
Use the tibemsConnectionFactory_SetReconnectAttemptCount,
tibemsConnectionFactory_SetReconnectAttemptDelay, and
tibemsConnectionFactory_SetReconnectAttemptTimeout functions to
establish new reconnection failure parameters:
status = tibemsConnectionFactory_SetReconnectAttemptCount(
factory, 10);
status = tibemsConnectionFactory_SetReconnectAttemptDelay(
factory, 1000);
status = tibemsConnectionFactory_SetReconnectAttemptTimeout(
factory, 1000);
C#
Use the ConnectionFactory.SetReconnAttemptCount,
ConnectionFactory.SetReconnAttemptDelay, and
ConnectionFactory.SetReconnAttemptTimeout methods to establish new
reconnection failure parameters:
factory.setReconnAttemptCount(10);
factory.setReconnAttemptDelay(1000);
factory.setReconnAttemptTimeout(1000);
544
| Chapter 20
Fault Tolerance
For C applications, a header file must be included and clients must link using
the unshared state library.
Before creating the connection factory, ensure that the CLASSPATH includes the
JAR file:
tibjmsufo.jar
C Applications
C# Applications
java com.tibco.tibems.ufo
tibemsufo
package.
TIBCO.EMS.UFO
package.
Connection Recovery
When an unshared state connection fails, the connections ExceptionListener
callback is invoked. To recover the connectionrepair it so that it is connected to
an active serverthe client application calls the connection factorys
recoverConnection method or
tibemsUFOConnectionFactory_RecoverConnection function. This must be
performed in the ExceptionListener callback. The recover connection method
blocks until the connection (and its related objects, including sessions, producers,
and consumers) are fully recreated, or until it has failed in all its attempts to
recreate these objects.
As long as the unshared state client has a valid connection, the API behaves the
same as the standard EMS client. However, when the unshared state clients
connection is broken, the API performs as follows:
1. Methods called inside a MessageListener callback immediately return a Java
exception ConnectionFailureException or C status of
TIBEMS_SERVER_NOT_CONNECTED.
2. Methods called elsewhere block until the connection is valid again.
Note that the connection is considered broken from the point where the
underlying TCP/SSL connection fails, and until recoverConnection or
tibemsConnectionFactory_RecoverConnection successfully returns.
Dual State To combine shared state server pairs with unshared state servers,
use commas to separate the servers that share state, and plus (+) signs to
separate servers that do not share state. For example, this line specifies server
a1 and a2 as a fault-tolerant pair that share state, and servers b1 and b2 as a
second pair with shared state:
serverUrl=tcp://a1:8222,tcp://a2:8222+tcp://b1:8222,tcp://b2:8222
546
| Chapter 20
Fault Tolerance
The client attempts to connect to each URL in the order listed. If a connection to
one URL fails, the client tries the next URL in the list. The client tries the URLs in
sequence until all URLs have been tried. If the first failed connection was not the
first URL in the list, the attempts wrap to the start of the list (so each URL is tried).
If none of the attempts succeed, the connection fails.
Server lookup functions do not permit unshared state syntax. That is, you cannot
separate server URLs using the plus (+) symbol during a server lookup.
| 547
Chapter 21
Topics
548
| Chapter 21
Overview of Routing
TIBCO Enterprise Message Service servers can route messages to other servers.
Topic messages can travel one hop or multiple hops (from the first server).
Queue messages can travel only one hop to the home queue, and one hop from
the home queue.
You can define routes using an administrative interface (that is, configuration
files, tibemsadmin, or administration APIs).
Route 549
Route
Basic Operation
Routes are bidirectional; that is, each server in the pair forwards messages
along the route to the other server.
For example, the compact view at the top of Figure 29 denotes a route between
two servers, A and B. The exploded view beneath it illustrates the behavior of the
route. Each server has a global topic named T1, and a routed queue Q1; these
destinations correspond, so the route forwards messages between them. In
addition, server A has a global topic T2, which does not correspond to any topic
on server B. The route does not forward messages from T2.
Figure 29 Routes: bidirectionality and corresponding destinations
Server: A
Server: A
Route
Server: B
Server: B
Queue: Q1
Queue:
Q1@A
Topic: T1
Topic: T1
Topic: T2
550
| Chapter 21
Global Destinations
Routes forward messages only between global destinationsthat is, for topics the
global property must be set on both servers (for queues, see Routed Queues on
page 566). (For more information about destination properties, See Destination
Properties on page 58.)
Figure 30 illustrates a route between two servers, C and D, with corresponding
destinations T1 and T2. Notice that T1 is global on both C and D, so both servers
forward messages across the route to the corresponding destination. However, T2
is not global on C, neither C nor D forward T2 messages to one another.
Figure 30 Routes: global destinations
Server: C
Server: D
T1
global=true
T1
global=true
T2
T2
global=true
Route 551
552
| Chapter 21
Zone
Zones restrict the behavior of routes, so you can configure complex routing paths.
Zones affect topic messages, but not queue messages.
Basic Operation
A zone is a named set of routes. Every route belongs to a zone. A zone affects the
forwarding behavior of its routes:
In a multi-hop (mhop) zone, topic messages travel along all applicable routes
to all servers connected by routes within the zone.
In a one-hop (1hop) zone, topic messages travel only one hop (from the first
server).
Queue messages travel only one hop, even within multi-hop zones.
Zone: Z1
mhop
D
M serves consumers at the main office, which process the messages from the
branches.
R serves consumers that record messages for archiving, auditing, and backup.
Zone 553
The goal is to forward messages from B1 and B2 to both M and R. The routing
graph seems to contain a cyclethe path from B1 to M to B2 to R duplicates the
route from B1 to R. However, since these routes belong to the one-hop zone Z2, it
is impossible for messages to travel the longer path. Instead, this limitation results
in the desired resultforwarding from B1 to M and R, and from B2 to M and R.
Figure 33 Zones: one-hop
B1
B2
Zone: Z2
1hop
Overlapping Zones
A server can have routes that belong to several zones. When zones overlap at a
server, the routing behavior within each zone does not limit routing in other
zones. That is, when a forwarded message reaches a server with routes in several
zones, the message crosses zone boundaries, and its hop count is reset to zero.
Figure 34 on page 554 illustrates an enterprise with one-hop zones connecting all
the servers in each of several cities in a fully-connected graph. Zone TK connects
all the servers in Tokyo; zone NY connects all the servers in New York; zone PA
connects all the servers in Paris. In addition, the multi-hop zone WO connects one
server in each city.
When a client of server TK3 produces a message, it travels one hop to each of the
other Tokyo servers. When the message reaches TK1, it crosses into zone WO. TK1
forwards the message to NY1, which in turn forwards it to PA1. When the
message reaches NY1, it crosses into zone NY (with hop count reset to zero); NY1
forwards it one hop to each of the other New York servers. Similarly, when the
message reaches PA1, it crosses into zone PA (with hop count reset to zero); PA1
forwards it one hop to each of the other Paris servers.
554
| Chapter 21
TK4
TK2
Zone: TK
1hop
Zone: WO
mhop
TK1
NY1
NY4
NY2
Zone: NY
1hop
NY3
PA2
PA3
PA1
Zone: PA
PA4
1hop
When you configure a route at only one server, this asymmetry results in two
perspectives on the route:
A route is active from the perspective of the server where it is configured. This
server actively initiates the connection to the other server, so we refer to it as
the active server, or initiating server.
A route is passive from the perspective of the other server. This server
passively accepts connection requests from the active server, so we refer to it
as the passive server.
A server can have both active and passive routes. That is, you can configure
server S to initiate routes, and also configure other servers to initiate routes to S.
You can specify and modify the properties of an active route, but not those of a
passive route. That is, properties of routes are associated with the server where
the route is configured, and which initiates the connection.
Note that defining a route specifies a zone as well (either implicitly or explicitly).
The first route in the zone defines the type of the route; subsequent routes in the
same zone must have the same zone type (otherwise, the server reports an error).
Active-Active
Routes
Two servers can both configure an active route one to the other. This arrangement
is called an active-active configuration. For example, server A specifies a route to
server B, and B specifies a route to A. Either server can attempt to initiate the
connection. This configuration results in only one connection; it does not result in
redundant routes.
You can promote an active-passive route to an active-active route. To promote a
route, use this command on the passive server:
create route
name url=url
The url argument is required, so that the server (where the route is being
promoted) can connect to the other server if the route becomes disconnected.
See also create route on page 134.
The promoted route behaves as a statically configured routethat is, it persists
messages for durable subscribers, and stores its configuration in routes.conf,
and administrators can modify its properties.
556
| Chapter 21
To create a route using the administration tool, first connect to one of the servers,
then use the create route command with the following syntax:
name is the name of the server at the other end of the route; it also becomes the
URL specifies the other server by its URLincluding protocol and port.
zone_name specifies that the route belongs to the routing zone with this name.
The zone type is either 1hop or mhop. When omitted, the default value is mhop.
properties is a space-separated list of properties for the route. Each property has
the syntax:
prop_name=value
For gating properties that control the flow of topics along the route, see
Selectors for Routing Topic Messages on page 563.
For properties that configure the Secure Sockets Layer (SSL) protocol for the
route, see Routing and SSL on page 557.
Example
For example, these commands on server A would create routes to servers B and C.
The route to B belongs to the one-hop zone Z1. The route to C belongs to the
multi-hop zone ZM.
create route B url=tcp://B:7454 zone_name=Z1 zone_type=1hop
create route C url=tcp://C:7455 zone_name=ZM zone_type=mhop
Show Routes
routes
T
ConnID
A
3
A
-
routes
URL
tcp://B:7454
tcp://C:7455
command in the
Zone
Z1
ZM
T
1
m
The T column indicates whether the route is active (A) or passive (P), from the
perspective of server A.
The ConnID column contains either an integer connection ID (if the route is
currently connected, or a dash (-) if the route is not connected.
The passive server must specify SSL parameters in its main configuration file,
tibemsd.conf.
When a server initiates an SSL connection, it sends the routes SSL parameters
to identify and authenticate itself to the passive server. You can specify these
parameters when creating the route, or you can specify them in the route
configuration file, routes.conf.
558
| Chapter 21
Table 86 lists the parameters that you can specify in the routes.conf
configuration file, or on the command line when creating a route. The parameters
for configuring SSL between routed servers are similar to the parameters used to
configure SSL between server and clients; see Chapter 19, Using the SSL Protocol,
on page 501.
Table 86 SSL Parameters for Routes (Sheet 1 of 3)
Parameter
Description
ssl_identity
ssl_issuer
Description
ssl_password
ssl_trusted
ssl_verify_host
560
| Chapter 21
Description
ssl_verify_hostname
ssl_expected_hostname
ssl_ciphers
ssl_rand_egd
Server: A
Zone: Z
mhop
Server: M
Server: B
Topic: T1
global
Topic: T1
global
Topic: T1
global
Subscriber
T1
Subscriber
T1
Subscriber
T1
Client
Producer
T1
Client
Subscriber
T1
562
| Chapter 21
If the client of server B creates a non-durable subscriber to T1, then if the client
process exits, the servers delete the entire sequence of internal subscribers. When
the client restarts, it generates a new sequence of subscribers; meanwhile, the
client might have missed messages.
If the client of server B creates a durable subscriber to T1, then if the client process
exits, the entire sequence of internal subscribers remains intact; messages
continue to flow through the servers in store-and-forward fashion. When the
client restarts, it can consume all the messages that B has stored in the interim.
Server Failure
Network Failure
maxbytes
A server forwards a global topic message along routes to all servers with
subscribers for that topic. When each of those other servers requires only a small
subset of the messages, this policy could potentially result in a high volume of
unwanted network traffic. You can specify message selectors on routes to narrow
the subset of topic messages that traverse each route.
Message selectors on routes are different from message selectors on individual
subscribers, which narrow the subset of messages that the server delivers to the
subscriber client.
Example
Figure 36 on page 563 illustrates an enterprise with a central server for processing
customer orders, and separate regional servers for billing those orders. For
optimal use of network capacity, we configure topic selectors so that each regional
server gets only those orders related to customers within its region.
564
| Chapter 21
Incoming Orders
USA Orders
USA
Order Processing
Specifying
Selectors
Canada Orders
Canada
Order Processing
Mexico Orders
Mexico
Order Processing
Specify message selectors for global topics as properties of routes. You can define
these properties in two ways:
Define selectors when creating the route (either in routes.conf, or with the
administrator command create route).
Manipulate selectors on an existing route (using the addprop, setprop, or
administrator commands).
removeprop
If you change the message selectors on a route, only incoming messages are
evaluated against the new selectors. Messages pending in the server are
re-evaluated only if the server is restarted.
Syntax
The message selector properties have the same syntax whether they appear in a
command or in a configuration file:
incoming_topic=topicName selector="msg-selector"
outgoing_topic=topicName selector="msg-selector"
The terms incoming and outgoing refer to the perspective of the active server
where the route is defined.
topicName is the name of a global topic.
msg-selector is a message selector string. For detailed information about message
selector syntax, see the documentation for class Message in TIBCO Enterprise
Message Service Java API Reference.
TIBCO Enterprise Message Service Users Guide
Example Syntax
In the example of Figure 36, an administrator might configure these routes on the
central order server:
Symmetry
Active-Active
Configuration
Wildcards
You can specify wildcards in topic names. For each actual topic, the server uses
logical AND to combine all the selectors that match the topic.
However, routing of topic messages is only reliably supported when the
subscriber's topic is a subset (or equal) of the configured global topic. Similarly,
intersections are not supported. For example, if topics.conf contains foo.* and
foo.a*, the following subscriptions are correct:
foo.*
foo.1
bar.a.b
566
| Chapter 21
Routed Queues
With respect to routing, queues differ from topics in several respects:
Servers route queue messages between the queue owner and adjacent servers.
The concept of zones and hops does not apply to queue messages (only to
topic messages).
The left side of Figure 37 depicts an enterprise with three serversP, R and S
connected by routes. The remainder of Figure 37 illustrates the mechanisms that
routes queue messages among servers (center) and their clients (right side).
Figure 37 Routing: Queues
Server: P
Q1@R
- store and fwd to R
- proxy rcvr
Server: R
Q1 global
- home queue
Producer
Q1
K Consumer
Q1
Producer
Q1
M Consumer
Q1
Server: S
Q1@R
- proxy rcvr
N Consumer
Q1
Example
When J sends a message to Q1, server P forwards the message to the home
queueQ1 on server R.
Now the message is available to receivers on all three servers, P, R and S
although only one client can consume the message. Either Q1 on P receives it on
behalf of K; or Q1 on S receives it on behalf of N; or M receives it directly from the
home queue.
Producers
From the perspective of producer clients, a routed queue stores messages and
forwards them to the home queue. For example, when J sends a message to Q1 on
server P, P forwards it to the queue owner, R, which delivers it to Q1 (the home
queue).
The message is not available for consumers until it reaches the home queue. That
is, client K cannot consume the message directly from server P.
If server R fails, or the route connection from P to R fails, P continues to store
messages from K in its queue. When P and R resume communication, P delivers
the stored messages to Q1 on R.
Similarly, routed queues do not generate an exception when the maxbytes and
maxmsgs limits are exceeded in the routed server. Clients can continue to send
messages to the queue after the limit is reached, and the messages will be stored
in the routed server until the error condition is cleared.
Consumers
From the perspective of consumer clients, a routed queue acts as a proxy receiver.
For example, when L sends a message to Q1 on server R, Q1 on P can receive it
from R on behalf of K, and immediately gives it to K.
If server P fails, or the route connection from P to R fails, K cannot receive
messages from Q1 until the servers resume communication. Meanwhile, M and N
continue to receive messages from Q1. When P and R resume communication, K
can again receive messages through Q1 on P.
Receiving messages from a routed queue using either a small timeout (less than
one second) or no wait can cause unexpected behavior. A small timeout value
increases the chances that protocol messages may not be processed correctly
between the routed servers. For example, queue receivers may not be correctly
destroyed.
Configuration
568
| Chapter 21
You may use the administration tool or API to configure routed queues; see
addprop queue on page 130 and create queue on page 134.
To configure a routed queue, specify the queue name and the server name of the
queue owner; for example, on server P, configure:
Q1@R
It is legal to use this notation even for the home queue. The queue owner
recognizes its own name, and ignores the location designation (@R).
It is illegal to configure a routed queue as exclusive.
Browsing
Transactions
Queue browsers cannot examine routed queues. That is, you can create a browser
only on the server that owns the home queue.
TIBCO Enterprise Message Service does not support transactional consumers on
routed queues (through the use of XA or local transacted sessions).
authorization=enabled
Q2@B
authorization=disabled
Q2
In Figure 38, servers A and B both configure active routes to one another.
ACL
When routing a secure topic or queue, servers consult the ACL specification
before forwarding each message. The servers must grant one another appropriate
permissions to send, receive, publish or subscribe.
For example, in Figure 38, you dont need an ACL for messages to flow from A
(where a producer is sending to) to B (where a consumer is consuming from)
because B has authorization turned off and messages are being sent to and
consumed from queues. However, if messages were to flow from B to A (producer
connects to B and consumer connects to A), then server A's ACL should grant
user B send permission on the queue Q2.
If we were to use topics in this example, then for messages to flow from A to B,
you would need A to grant B the subscribe and durable permission on the topic
(global on both servers). And for messages to flow from B to A, you would have
to grant topic B publish permission on the topic.
See Also
570
| Chapter 21
| 571
Appendix A
Monitor Messages
This appendix lists all topics on which the server publishes messages for system
events. The message properties for messages published on each topic are also
described. See Monitoring Server Events on page 490 for more information about
monitor topics and messages.
Topics
572
| Appendix A
Monitor Messages
$sys.monitor.admin.change
$sys.monitor.connection.connect
$sys.monitor.connection.disconnect
$sys.monitor.connection.error
$sys.monitor.consumer.create
A consumer is created.
$sys.monitor.consumer.destroy
A consumer is destroyed.
$sys.monitor.flow.engaged
$sys.monitor.flow.disengaged
$sys.monitor.limits.connection
$sys.monitor.limits.queue
$sys.monitor.limits.server
$sys.monitor.limits.topic
$sys.monitor.multicast.stats
$sys.monitor.multicast.status
$sys.monitor.producer.create
A producer is created.
$sys.monitor.producer.destroy
A producer is destroyed.
$sys.monitor.queue.create
$sys.monitor.route.connect
$sys.monitor.route.disconnect
$sys.monitor.route.error
$sys.monitor.route.interest
$sys.monitor.server.info
$sys.monitor.server.warning
$sys.monitor.topic.create
$sys.monitor.tx.action
$sys.monitor.xa.action
574
| Appendix A
Monitor Messages
$sys.monitor.D.E.destination
for receive
for send
for acknowledge
Contents
conn_connid
conn_ft
conn_hostname
conn_ssl
conn_type
Admin
Topic
Queue
Generic
Route
FT
Unknown
conn_username
conn_xa
event_action
The action that caused the event. This property can have the values
listed in Table 89 on page 580.
event_class
The type of monitoring event (that is, the last part of the topic
name without the $sys.monitor).
For message monitoring, the value of this property is always set to
message.
event_description
576
| Appendix A
Monitor Messages
Contents
event_reason
The reason the event occurred (usually an error). The values this
property can have are described in Table 90 on page 582.
event_route
message_bytes
mode
persistent
non_persistent
reliable
msg_id
Message ID.
msg_seq
msg_size
msg_timestamp
Message timestamp.
msg_expiration
Message expiration.
replyTo
Message JMSReplyTo.
rv_reply
source_id
Contents
source_name
Name of the source object involved with the event. This property
can have the following values:
source_object
XID
message_id
connections
unknown
(number of connections)
(unknown name)
Source object that was involved with the event. This property can
have the following values:
producer
consumer
topic
queue
permissions
durable
server
transaction
user
group
connection
message
jndiname
factory
file
limits
route
transport
578
| Appendix A
Monitor Messages
Contents
source_value
stat_msgs
stat_size
target_admin
target_created
Time that the consumer was created (in milliseconds since the
epoch).
target_dest_name
target_dest_type
target_durable
target_group
target_hostname
target_id
target_channel
target_name
Name of the object that was the target of the event. This property
can have the following values:
target_nolocal
XID
message_id
connections
unknown
channel
(number of connections)
(unknown name)
(multicast channel)
Contents
target_object
The general object that was the target of the event. This property
can have the following values:
producer
consumer
topic
queue
durable
server
transaction
user
group
connection
message
jndiname
factory
file
limits
route
transport
target_selector
target_subscription
target_url
target_username
target_value
Value of the object that was the target of the event, such as the
name of a topic, queue, and so on.
580
| Appendix A
Monitor Messages
Description
accept
connection accepted
acknowledge
message is acknowledged
add
admin_commit
admin_rollback
commit
transaction committed
connect
connection attempted
create
something created
delete
something deleted
disconnect
connection disconnected
flow_engaged
flow_disengaged
interest
modify
something changed
grant
permission granted
premature_exit
purge
receive
remove
resume
Description
revoke
permission revoked
rollback
rotate_log
send
subscribe
subscription request
suspend
txcommit
txrollback
xacommit
xacommit_1phase
xastart
xastart_join
xastart_resume
xaend_fail
xaend_success
xaend_suspend
xaprepare
xarecover
582
| Appendix A
Monitor Messages
Description
xarollback
Description
backup_connected
backup_disconnected
bridge
closed
consumer
cycle
disabled
discarded
duplicate
error
exceeded
Limit exceeded.
expired
export
Description
import
invalid_name
invalid_password
maxredelivery_exceeded
new_connection
not_authorized
not_connected
not_found
producer
reconnect_active
Connection active.
reconnected_connection
reconnect_unknown
Connection unknown.
rotatelog
route
shutdown
standby
subscribed
terminated
584
| Appendix A
Monitor Messages
| 585
Appendix B
This appendix lists all possible error messages that the server can output,
alphabetized by category.
Description
Resolution
Errors
These strings represent all instances of the error, as they appear in EMS server
code. Some categories have many error instances; others have only one. These
strings can include formatting characters.
586
| Appendix B
A durable consumer was found in the store file for a route that does not exist
Description
On server startup a durable consumer was found in the store file for a route that is
not listed in the routes.conf file. This happens if the routes.conf file is manually
edited.
Resolution
Errors
Category
Discarding durable '%s' for route '%s' because the route does not exist.
Description
An admin tool or program using the admin API attempted an operation that
failed for the given reason.
Resolution
The admin tool or admin API provides the failure reason. The user of the tool or
API should examine the error and correct the syntax, parameter or configuration
that is causing the failure.
Errors
%s: create %s failed: conflicting zone: existing consumer has a different zone
%s: create %s failed: detected duplicate durable subscription [%s] for topic [%s].
%s: create %s failed: illegal to use wildcard %s [%s].
%s: create %s failed: invalid %s [%s].
%s: create %s failed: invalid session id=%d.
%s: create %s failed: invalid syntax of %s [%s].
%s: create %s failed: invalid temporary %s [%s].
%s: create %s failed: not allowed to create dynamic %s [%s].
Invalid consumer in recover one msg request.
Invalid sequence number in recover one msg request.
Category
Description
Resolution
Errors
Category
Authentication error
Description
Resolution
Ensure the user is defined to EMS by one of the methods allowed by the
user_auth parameter in the main configuration file. The user is either specified by
the application or in the SSL certificate. If the user is defined, reset the password
and try again.
Errors
Category
Description
Resolution
Change the value of the named parameter to an acceptable value; for information
about tibemsd command line parameters, see EMS documentation.
Errors
Category
Description
Resolution
Not applicable
588
| Appendix B
Errors
590
| Appendix B
592
| Appendix B
594
| Appendix B
596
| Appendix B
598
| Appendix B
Routing is disabled.
%s: %s factory '%s'
INIT-EXPIRE: exp=%d mexp=% PRINTF_LLFMT d oldt=% PRINTF_LLFMT d
interval=%d
Error in ldap_initialize(%s)
Created dynamic %s '%s'
%s: Compacting %s with time limit %PRINTF_LLFMTd seconds
Error sending route query to '%s'.
%s: updated queue '%s': %s
Server name: '%s'.
Route configuration error: global queue '%s' from route '%s' collides, global
queues must be unique.
Route configuration error: routed queue '%s' from route '%s' is not global in '%s'.
Server shutting down.
Server preparing to restart.
Route configuration warning: global queue '%s' from route '%s' not configured on
local server
Flow stall recovery request received, recover consumer of id % PRINTF_LLFMT d
Flow Control is enabled.
%s: deleted JNDI name '%s'
Clear (IO) flow stalled on dest %s:%s from route of %s
Removing route '%s', URL='%s': this route is duplicate, creates a loop or has
configuration errors
EXPIRE: giving up amid lock
Done opening async db
Error, invalid search scope: %s
Error in ldap_url_parse, returned: %d
%s: create %s failed: durable recreation access denied for %s [%s].
Ignoring inbound routed queue '%s', illegal queue.
key: '%s' value: '%s'
Connection to active server '%s' has been lost.
600
| Appendix B
602
| Appendix B
Detected unsupported password hash for user \q%s\q. The user's password may
need to be reset.
Ignoring request to remove an administrative user.
Ignoring request to remove the administrative group.
%s will not occur until fault tolerant failover or restart.
Ignoring unknown property %s.
Configuration error: file=%s, line=%d: ignoring rvcmlistener
Illegal configuration namespace set, %s=%s Expecting %s.
Failed to write file %s: (%s)
Error loading configuration: %s
Applying configuration changes.
Configuration update status: %s
Rollback unable to load file %s.
Initialized queue browser on '%s'%s%s%s
Closed queue browser on '%s'
Creating store '%s' file '%s' ...
Converting %s format from %s to %s
First scan on '%s' is finished
Destination cursor id % PRINTF_LLFMT d %s slot %d
Client browsing mstore-based queue %s needs to be upgraded for optimum
performance.
Warning: file=%s, line=%d: multicast_udp_encapsulation is no longer a
supported parameter.
Network IO thread: %d bound to Processor id: %d
Storage thread for store '%s' bound to Processor id: %d
Disconnecting connection connID=% PRINTF_LLFMT d, because %s (consid=%
PRINTF_LLFMT d) has reached the limit of non-acknowledged messages
%s: Returned full configuration to Central Administrator
%s: Overriding local configuration change due to forced deployment
%s: Rejecting deployment due to local changes
604
| Appendix B
Category
Description
Resolution
Errors
Category
Description
Resolution
Errors
Category
Compaction failed
Description
Resolution
The most likely cause of this error is running out of memory. Shut down tibemsd
and see remedies for Out of memory.
Errors
Compaction failed on file '%s': %d (%s). Please shutdown and restart tibemsd.
Compaction failed on file '%s': %d (%s).
Initialization of file_destination_defrag feature failed for queue '%s' (store '%s')
due to an out of memory condition. Feature is disabled.
file_destination_defrag of queue '%s' (store '%s') failed: %d (%s).
606
| Appendix B
Category
Description
The durables configuration file specifies a durable with a given name and client
identifier with attributes that are different from the identically named durable
found in the meta.db file.
Resolution
Correct the durables configuration file to match the durable defined in the
meta.db file or administratively delete the durable and re-define it.
Errors
Category
Configured durable '%s' differs from durable in storage, storage version used.
Create of global routed topic failed: not allowed to create dynamic topic
Description
A server received an interest notification from another server that does not match
the allowed topics in its configuration.
Resolution
This only is printed when the trace includes ROUTE_DEBUG. If the server's topic
definitions are as expected, this statement can be ignored or remove the
ROUTE_DEBUG trace specification to prevent printing.
Errors
Category
Create of global routed topic failed: not allowed to create dynamic topic [%s].
Description
A warning indicating that a tibemsd with a route to this daemon has a queue
configured to be global but this daemon does not permit the creation of that
queue dynamically.
Resolution
Add the specified queue or a pattern that includes it to this daemon if you want
the queue to be accessible from this daemon, otherwise the warning can be
ignored.
Errors
Category
Create of routed queue failed: not allowed to create dynamic queue [%s].
Description
Resolution
Send details of the error and the situation in which it occurred to TIBCO Support.
Errors
Category
Description
Resolution
Errors
Category
Description
Resolution
Module loading is affected by the presence of shared libraries in the module path.
Use the +load tracing flag to get more information about how the server is
loading modules. See the section on Starting the EMS Server for more details.
Errors
Category
Description
Resolution
Examine the appropriate configuration file and correct the syntax error.
Errors
Configuration warning: file=%s, line=%d: route '%s' does not have a user
configured for authorization.
608
| Appendix B
SSL Configuration error: file=%s, line=%d: invalid certificate file name, unknown
extension or invalid encoding specification
Configuration error: file=%s, line=%d: illegal to specify %s for routed queue
Configuration error: file=%s, line=%d: bad destination specification: %s
Configuration warning: file=%s, line=%d: illegal to specify prefetch=none for
global or routed queue. Prefetch reset to default.
Configuration warning: file=%s, line=%d: illegal to specify prefetch=none for
topic. Prefetch reset to default.
Configuration error: file=%s, line=%d: ignored alias '%s' for %s '%s' because such
alias already exists
Configuration error: The specified file '%s' is empty or does not exist
Configuration error: file=%s, line=%d: both tibrv_export and tibrvcm_export are
specified, ignoring tibrv_export
Configuration error: file=%s, line=%d: ignoring transport '%s' in %s list, transport
not found
Configuration error: file=%s, line=%d: multiple bridge entries for the same
destination '%s' are not allowed.
Configuration error: file=%s, line=%d: Ignoring durable, name cannot start with
$sys.route, use route property instead.
Configuration error: file=%s, line=%d: Rendezvous transport not specified for
Rendezvous CM transport '%s'
Configuration error: file=%s, line=%d: ignoring invalid max connections in the
line, reset to unlimited
Configuration error: file=%s, line=%d: ignoring invalid max_client_msg_size in
the line, reset to unlimited
Configuration error: file=%s, line=%d: value of %s out of range, reset to default
Configuration error: max_msg_field_print_size >= max_msg_print_size, resetting
both to default
Configuration error: file=%s, line=%d: unable to create %s '%s': invalid
destination name, invalid parameters or out of memory
Configuration error: file=%s, line=%d: value of db_pool_size too big or less than
allowed minimum, reset to default value of %d bytes
Configuration error: file=%s, line=%d: Ignoring durable, route does not allow
clientid, selector or nolocal.
Configuration error: file=%s, line=%d: Route '%s' does not exist for configured
durable.
Configuration error: file=%s, line=%d: unable to process selector in route
parameters, error=%s
Configuration error: file=%s, line=%d: both tibrv_import and tibrvcm_import are
specified, ignoring tibrv_import
Configuration error: file=%s, line=%d: ignored route '%s' because route represents
route to this server.
Configuration error: file=%s, line=%d: ignoring invalid topic selector
specifications in route parameters
Configuration error: file=%s, line=%d: value of max_msg_memory less than
allowed, reset to %dMB
Configuration error: file=%s, line=%d: ignored alias '%s' for factory because such
alias already exists
Configuration error: file=%s, line=%d: invalid certificate file name, unknown
extension or invalid encoding specification
Configuration error: file=%s, line=%d: ignored route '%s' because route has
invalid zone information.
Configuration error: file=%s, line=%d: ignored route '%s' because route with such
name or URL already exists.
Configuration error: file=%s, line=%d: value of msg_pool_size invalid or too big
or less than allowed minimum of %d, reset to default value of %d
SSL Configuration error: file=%s, line=%d: invalid private key file name,
unknown extension or invalid encoding specification
Configuration conflict: file=%s, line=%d: value of msg_pool_block_size already
set at line=%d. Ignoring msg_pool_size.
Configuration error: file=%s, line=%d: bridge has no targets, unable to process
Configuration error: file=%s, line=%d: Illegal to specify routed queue as a bridge
source
Configuration error: file=%s, line=%d: client_trace error: %s
Configuration error: file=%s, line=%d: %s
Configuration error: file=%s, line=%d: duplicate specification of transport type
Configuration error: file=%s, line=%d: duplicate value
Configuration error: file=%s, line=%d: Ignoring durable, duplicate of earlier
entry.
610
| Appendix B
612
| Appendix B
614
| Appendix B
Configuration error: file=%s, line=%d: channel '%s', invalid address syntax: port
not specified.
Configuration error: file=%s, line=%d: channel '%s', invalid address: group must
be in the range 224.0.0.0 to 239.255.255.255
Configuration error: file=%s, line=%d: channel '%s', interface must address a
valid multicast-capable network interface.
Configuration error: file=%s, line=%d: channel '%s', invalid address: port must be
in the range 1 to 65535
Configuration error: file=%s, line=%d: channel '%s', ttl must be in the range 1 to
255
Configuration error: file=%s, line=%d: channel '%s', priority must be in the range
-5 to 5
Configuration error: file=%s, line=%d: channel '%s', maxrate must be less than
512MB
Configuration error: file=%s, line=%d: channel '%s', maxtime must be greater
than 0
Configuration error: file=%s, line=%d: cannot store messages in: %s
Configuration error: file=%s, line=%d: cannot find store: %s
Required store param 'type' not specified for store '%s'
Configuration error: file=%s, line=%d: parameter does not match another
parameter that defined store '%s' as 'file' type%s.
Configuration error: file=%s, line=%d: parameter does not match another
parameter that defined store '%s' as 'dbstore' type%s.
Configuration error: file=%s, line=%d: parameter does not match another
parameter that defined store '%s' as 'mstore' type%s.
Store '%s' already defined
Configuration error: Store with similar dbstore_driver_url exists, file=%s,
line=%d
Configuration error: duplicate file name %s for stores %s and %s
Configuration warning: file=%s, line=%d: the discardAmount is too small for the
selected RV Queue Limit Policy. It is recommended to have at least 10%% of the
maxEvents
Configuration error: file=%s, line=%d: the discardAmount is too big compared to
the maxEvents value. Defaulting to TIBRVQUEUE_DISCARD_NONE policy
616
| Appendix B
Category
Description
Resolution
Examine previous error statements to determine the cause of the operation failure
and correct that before attempting the transaction again.
Errors
Category
Description
Resolution
Check that the user that started the tibemsd has permission to change the
configuration files and that there is sufficient disk space on the device.
Errors
Category
Description
Resolution
Ensure that the directory containing the store files is mounted and accessible to
the tibemsd, and that there is free space available on the device
Errors
618
| Appendix B
Category
Description
Resolution
Check your database server vendor and database administrator for failures
occuring during writes,deletes,reads of different records, for failures occuring
during database store open check with the database administrator for
permissions and the existence of the database. For failures occuring during a FT
setup where all the stores are database stores, please check with the database
server vendor or database administrator. In the case where both are active, we
recommend shutting down both the servers and investigating the problem.
Errors
Category
Description
The system resources are inadequate for timely processing of server activities.
Resolution
Errors
Slow clock tick %d, delayed messaging and timeouts may occur.
620
| Appendix B
Category
Description
Resolution
Shutdown process that is using the port or change the value of the 'listen'
parameter in the server's tibemsd.conf file to a port that is not in use.
Errors
Category
Description
Resolution
Check that the path name is correct and the directory exists, the user that started
tibemsd has permission to read the specified directory and path, the file exists if it
isn't one that the tibemsd can create, the file is not being used by another tibemsd
or some other process.
Errors
Error upon accessing FT State Replication determination file '%s', invalid header
CRC.
Unable to write to FT State Replication determination file '%s', error '%s'.
Exiting due to error while accessing the FT State Replication determination file.
Category
Description
An error occurred while starting or running the server in FIPS 140-2 compliant
mode.
Resolution
Errors
Category
Description
General multicast errors that can occur in the Server and Multicast Daemon.
Resolution
Check the configuration of the Multicast Daemon and Server, as well as the health
of the network.
Errors
622
| Appendix B
Category
Description
Resolution
Send the error statement and a description of the environment to TIBCO Support.
Errors
624
| Appendix B
Category
Description
Invalid connection
Warning indicating that tibemsd was attempting to reestablish delivery of
messages across a route to another tibemsd but was unable to find the connection
for that route.
Resolution
Errors
Category
Invalid destination
Description
Resolution
Errors
Category
Description
The server could not parse the listen parameter in the tibemsd.conf file
Resolution
Errors
Category
Invalid session
Description
tibemsd received a request that referred to a session that doesn't currently exist.
Resolution
Send details of the error and the situation in which it occurred to TIBCO Support.
Errors
626
| Appendix B
Category
Description
Resolution
Examine the error code printed by the messaging server and consult the manual
for the external LDAP server.
Errors
Filter '%s' contains an illegal type substitution character, only %%s is allowed
Filter '%s' contains too many occurrences of %%s, max allowed is: %d
Filter '%s' too long, max length is %d characters
Invalid search scope: %s
LDAP Configuration error: file=%s, line=%d: invalid property value
LDAP is not present
LDAP search resulted %d hits.
ldap_url_parse failed, returned: %d
Lookup of group '%s' produced incorrect or no results
Missing LDAP URL
Missing %s parameter
Zero entries returned from getting attributes for group '%s':
Failed adding user '%s' into LDAP user cache
Category
LICENSE WARNING
Description
Resolution
This error only occurs with the evaluation version of the server or in an
embedded form. To correct this error either replace your evaluation version with
a production version or contact the vendor who supplied the embedded version.
Errors
Category
Missing configuration
Description
Resolution
Change the tibemsd.conf file so that a value for the attribute is provided.
Errors
Category
Missing transaction
Description
Resolution
Check tibemsd trace logs to see if the transaction had been committed or rolled
back by an administrator, if not then check the client code to see if it or its
transaction manager are calling the transaction operations in the correct order.
Errors
628
| Appendix B
Category
Description
Errors
Mstore errrors
An error occurred using an Mstore database file.
Unable to open store %s: %s: %d (%s).
Wrong schema version. Found %d, expected %d.
Schema creation failed: '%s' error: %d %s
Unable to reset a statement (%s): %s.
Unable to step a statement (%s): %s: %d.
Store %s: %s: bind fail: %d.
Store %s: Fail retrieving consumer interest: %d.
Store %s: Fail retrieving msg interest info: %s.
Store %s: Fail writing transaction record: %s.
Store %s: Fail reading data: %s.
Store %s: Fail reading topic message: %s.
Store %s: Fail marking topic message non-pending: %s.
Store %s: Fail reading next topic message: %s.
Store %s: Fail reading queue message: %s.
Store %s: Fail getting next queue message: %s.
Store %s: Fail marking queue message non-pending: %s.
Store %s: Fail writing transaction info: %s.
Store %s: Fail deleting transaction acks: %s.
Store %s: Fail recording transaction msg: %s.
Store %s: Fail recording transaction acks: %s.
Store %s: Fail deleting ack: %s.
Category
Description
Resolution
Either slow down the publisher(s), enable flow control, or increase the multicast
channel's allotted bandwidth by increasing the channel's maxrate property or
increasing the server's multicast_reserved_rate property.
Errors
Category
Description
Resolution
Check the configuration of the Multicast Daemon and Server, as well as the health
of the network.
Errors
Interface IP address: %s
[%s] Connection created, connid=% PRINTF_LLFMT d
Error: Unable to set channel property \q%s\q=% PRINTF_LLFMT d
[%s] Created consumer consid=%PRINTF_LLFMTd connid=%PRINTF_LLFMTd
topic=\q%s\q
Multicast Daemon Id=%s
Statistics enabled on a %d second interval.
TIBCO Enterprise Message Service Users Guide
630
| Appendix B
Statistics disabled.
Rotating log from %s to %s
Memory allocation error, possible data loss.
Unrecoverable PGM error rc=%d, reason=%s
Could not parse configuration file \q%s\q
Interface IP address: %s
Tracing enabled.
Tracing disabled.
refused new connection with existing ID % PRINTF_LLFMT d
[%s] Connection destroyed, connid=%PRINTF_LLFMTd
Error sending to consid=%PRINTF_LLFMTd connid=%PRINTF_LLFMTd from
channel \q%s\q: %s
%s, status=%s
Attached channel \q%s\q to consumer consid=%PRINTF_LLFMTd
connid=%PRINTF_LLFMTd
Error attaching channel \q%s\q to consumer consid=%PRINTF_LLFMTd
connid=%PRINTF_LLFMTd
Detaching channel \q%s\q from consumer consid=%PRINTF_LLFMTd
connid=%PRINTF_LLFMTd
Destroying consumer consid=%PRINTF_LLFMTd connid=%PRINTF_LLFMTd
Channel configuration from server does not match existing channel \q%s\q
Ignoring additional PGM receiver created on group \q%s\q, dport=%d,
sport=%d, channel=%s
Created channel: \q%s\q
Error: %s is not a valid multicast-capable IP address. Use the -ifc command line
parameter to specify a valid interface.
Category
Description
Out of memory
The server failed to allocate memory as it was attempting to perform an
operation.
Resolution
Errors
Check how much memory the server process is using according to the operating
system. Compare this with how much memory and swap space the host actually
has. If there are sufficient memory and swap space, check the operating system
limits on the server process to determine if this is the cause. If the limits are set to
their maximum and this error occurs, reduce the load on this server by moving
some topics and queues to another server.
%s trying to recreate persistent message.
Error during routed queue configuration, can not create routed queue consumer
Could not initialize monitor
Error: out of memory processing admin request
Error during route configuration, can not create routed queue consumer, err=%s
Configuration error - duplicate group: file=%s, line=%d: ignoring line
Unable to create admin group: out of memory during initialization
Error: unable to create alias for %s '%s': no memory
Error: unable to create alias: out of memory
Unable to create import event for %s '%s' on transport '%s'
Unable to create internal connection, error=(%d) %s
Unable to create internal connection: out of memory during initialization
Error: unable to create %s '%s': no memory
Error: unable to create route while parsing file=%s, line=%d.
Unable to create SmartSockets subscriber on transport '%s', %s '%s': out of
memory
Unable to create temporary destination, out of memory
Failed to create reserve memory. Exiting.
Failed writing message to '%s': No memory for operation.
Unable to process message imported on transport '%s'.
Fault Tolerant configuration, no memory!
Fault Tolerant error, no memory.
LDAP initialization failed.
No memory.
No memory authenticating user '%s'
No memory authenticating via LDAP
TIBCO Enterprise Message Service Users Guide
632
| Appendix B
634
| Appendix B
636
| Appendix B
Category
Description
The tibemsd received an XA End instruction from the third party Transaction
Manager which referred to a different transaction from the one currently in use by
the session.
Resolution
Errors
Category
Description
Resolution
This error is most likely caused by an external transaction manager that allowed
two separate client applications to use the same XA transaction identifier (XID).
Consult the manual for the transaction manager or report this to the transaction
manager vendor.
Errors
Cannot process xa start for a session when another transaction is already active on
that session. connID=% PRINTF_LLFMT d sessID=% PRINTF_LLFMT d %s
Cannot process xa start with TMNOFLAGS when the transaction is already
active. connID=% PRINTF_LLFMT d sessID=% PRINTF_LLFMT d %s
All clients participating in the same global transaction must use the same
protocol, connID=% PRINTF_LLFMT d
Invalid xa start (resume) request: the session was not previously suspended.
connID=% PRINTF_LLFMT d sessID=% PRINTF_LLFMT d %s
Error processing xa start - transaction marked ROLLBACKONLY. connID=%
PRINTF_LLFMT d sessID=% PRINTF_LLFMT d %s
Error processing xa start request, %s. connID=% PRINTF_LLFMT d sessID=%
PRINTF_LLFMT d %s
Invalid xa end (suspend) request: session already suspended or not started.
connID=% PRINTF_LLFMT d sessID=% PRINTF_LLFMT d %s
Invalid xa end request: the session was neither associated with a transaction nor
suspended. connID=% PRINTF_LLFMT d sessID=% PRINTF_LLFMT d %s
638
| Appendix B
Category
Description
Resolution
Send details of the error and the situation in which it occurred to TIBCO Support.
Errors
Category
Description
Resolution
Errors
Category
Description
Recovery errors
An error occurred during the recovery process.
TIBCO Enterprise Message Service Users Guide
640
| Appendix B
Resolution
Errors
If you are not able to fix the problem and need to restart the system, make a
backup of the store files and restart the server with the '-forceStart' command line
parameter. The server will then attempt to start regardless of errors (expect
out-of-memory errors). In this mode, application messages and/or internal
records causing problems (due to file corruption or other) will be deleted.
Therefore, dataloss is likely to occur, so this command line parameter should be
used with extreme caution and only after understanding the consequences. A
copy of the store files can be sent to TIBCO Support for post-mortem analysis.
The recovery process stopped while processing a '%s' record (id=%
PRINTF_LLFMT d), error: %d - %s. Check the section 'Error Recovery Policy'
from chapter 'Running the EMS Server' in the User's Guide before attempting to
restart the server
The recovery process stopped while processing a '%s' record (id=%
PRINTF_LLFMT d) due to an out-of-memory condition. Ensure that the system
can allocate sufficient memory to the EMS Server process before restarting it
Unable to get the session's context handle for %s record: %d - %s
Unable to get the list iterator for %s record
Unable to get next element from list for %s record
Unable to create %s object, no memory
Error occured while processing %s record id=% PRINTF_LLFMT d (%s) - Unable
to reconstruct message: %d - %s
Unable to recreate zone '%s': %d - %s
Unable to add zone '%s' to the system: %d - %s
Zone '%s' is defined as type '%s' in configuration but also is defined as type '%s' in
meta.db
Unable to recreate connection id=% PRINTF_LLFMT d: %d - %s
Discarding session id=% PRINTF_LLFMT d because the connection id=%
PRINTF_LLFMT d was not recovered. Recovery continues
Unable to recreate session id=% PRINTF_LLFMT d with connection id=%
PRINTF_LLFMT d: %d - %s
Unable to recreate consumer id=% PRINTF_LLFMT d with connection id=%
PRINTF_LLFMT d and session id=% PRINTF_LLFMT d: invalid destination: %s
No memory to create destination for consumer id=% PRINTF_LLFMT d
Discarding consumer id=% PRINTF_LLFMT d on destination '%s' because
connection id=% PRINTF_LLFMT d was not restored. Recovery continues
642
| Appendix B
Category
Description
A client application attempted to connect to the server's TCP port using the SSL
protocol.
Resolution
Change the client application's URL from ssl to tcp or change the server's listen
parameter from tcp to ssl. To activate a change of the server listen parameter
requires a restart of the server.
Errors
Category
Description
A client application attempted to connect to the server's SSL port using the TCP
protocol.
Resolution
Change the client application's URL from tcp to ssl or change the server's listen
parameter from ssl to tcp. To activate a change of the server listen parameter
requires a restart of the server.
Errors
Category
Description
The multi-hop route support of the server does not support configuring a cycle.
However, it detected a configuration that would create a cycle.
Resolution
Errors
Category
Description
Resolution
See Rendezvous documentation for details of what the error means and how to
remedy it.
Errors
Unable to create dispatcher for import event for %s '%s' on transport '%s', error is
%s
Unable to create inbox for import event for %s '%s' on transport '%s'
Unable to create Rendezvous Certified transport '%s': %s
Unable to create Rendezvous Certified transport '%s' because unable to create
Rendezvous transport '%s'
Unable to create Rendezvous transport '%s': %s
Unable to create TIBCO Rendezvous Certified Listener for %s '%s' on transport
'%s': %s
Failed to confirm RVCM message: %d (%s)
Failed to confirm RVCM message sequence % PRINTF_LLFMT u from cm sender
'%s'. Error: %d (%s)
Unable to store trackId % PRINTF_LLFMT d for RVCM message sequence %
PRINTF_LLFMTu from cm sender '%s'. Error: %d (%s)
Unable to retrieve trackId % PRINTF_LLFMT d. Error: %d (%s)
A problem occurred while importing RVCM message sequence %
PRINTF_LLFMT u from cm sender '%s'. Expecting a redelivery
Unable to queue the request type: %d. Transport '%s', destination '%s', CM Sender
'%s', CM Sequence % PRINTF_LLFMT u . Error: %d (%s)
Unable to queue the request type: %d. Transport '%s', destination '%s'. Error: %d
(%s)
Failed to disallow Rendezvous Certified Message listener '%s': %s
Unable to export topic message, error=%s.
Unable to pre-register certified listener '%s' on transport '%s': %s
Rendezvous send failed on transport '%s', error='%s'
Unable to restart the CM Listener for %s '%s' (RVCM Transport '%s'). Error code:
%d '%s'
Unable to create the timer for the restart of the CM Listener for %s '%s' (RVCM
Transport '%s'). Error code: %d '%s'
644
| Appendix B
Unable to stop the CM Listener for %s '%s' (RVCM Transport '%s'). Error code: %d
'%s'
Category
Description
Seen when tibemsd starts up and detects that the zone for a route as specified in
routes.conf has been changed.
Resolution
Either delete the route or change its zone back and restart the tibemsd.
Errors
Category
Restoring consumer failed: Conflicting zone for route to [%s]: The route was
initially zone %s type %s, but now %s type %s. Zone change not allowed while
there are durable subscribers. Please delete the route first and create new one.
Description
Warnings indicating that the tibemsd has run out of memory and is now using its
reserve memory
Resolution
Errors
Category
Description
Resolution
Check the status of both servers (primary, secondary). In case of both active, the
file store data may be corrupted already and we recommend shutting down both
servers and investigating the situation.
Errors
The active EMS server name is %s while the standby EMS server name is %s. The
names must be the same
A standby EMS server (%s) is already connected to the active EMS server
Fault Tolerant error (%s), can't create connection to '%s'.
Cannot determine which server should be active because both servers have been
forced to start separately. Please force one of them to start (forcestart tibemsadmin
command). The other server will discard its data.
This standby server is joining an active server and both have previously been
forced to start. This server is discarding its data.
Erasing content of store %s
Internal error: Identical non-0 FT determination counters
Category
Description
Resolution
See SmartSockets documentation for details of what the error means and how to
remedy it.
Errors
646
| Appendix B
Category
Description
Resolution
Examine the OpenSSL error and the EMS User's Guide chapter describing the use
of SSL.
Errors
648
| Appendix B
Category
Description
Resolution
Errors
Category
Description
The store files specified were created from a different version of EMS that is not
supported by this version.
Resolution
Revert to use the version of EMS that created the store file or locate the store file
conversion tool and use it to convert the store file to this version.
Errors
Category
Description
Resolution
Report the error to your system administrator and ask them to remedy the
problem.
Errors
Accept() failed: too many open files. Please check per-process and system-wide
limits on the number of open files.
Accept() failed: %d (%s)
Select() failed: %d (%s)
Epoll_wait() failed: %d (%s)
Epoll_ctl() %s on fd %d failed: %d (%s)
ioctl() on /dev/poll failed: %d (%s)
write() %s update /dev/poll on fd %d failed: %d (%s)
Cannot retrieve user name of the current process.
Client connection not created, %s.
Could not obtain hostname
Could not resolve hostname '%s'. Possibly default hostname is not configured
properly while multiple network interfaces are present.
Unable to listen for connections: %d (%s).
Unable to open socket for listening: %d (%s).
Closing SSL connection from %s due to timeout, exceeded handshake_timeout of
%d.
Could not %s sequential file optimization: %d.
Category
Description
Resolution
Send details of the error and the situation in which it occurred to TIBCO Support.
Errors
Cannot request second state change for transaction while the first request is in
progress (%d, %d) %s.
Unexpected request to roll xa txn forward with previous operation (%d)
incomplete: %s.
Unexpected request to roll xa txn back with previous operation (%d) incomplete:
%s.
Unexpected request to prepare xa txn with previous operation (%d) incomplete:
%s.
Unexpected request to commit xa txn with previous operation (%d) incomplete:
%s.
Unexpected request to commit session with previous operation (%d) incomplete.
Category
Transaction timeout.
Description
Resolution
Errors
650
| Appendix B
Category
Description
Resolution
Send details of the error and the situation in which it occurred to TIBCO Support.
Errors
Category
Unrecognized option
Description
Resolution
Run the server with the -help option and compare it with the command line
containing the unrecognized option.
Errors
| 651
Index
Symbols
.NET
assembly version 364
programmers checklist 363
$sys.redelivery.delay 70
bridges 82
bridges.conf file 245
C
C
programmers checklist 358
A
acknowledgement 40
acl.conf file 244
add member command 130
addprop factory command 130
addprop queue command 130
addprop route command 131
addprop topic command 131
admin
connect 132
password 117
user 128
admin user 117
administrator
assign password 128
anonymous
user and security 117
architecture
multicast 424
authorization parameter 201
AUTO_ACKNOWLEDGE mode 40, 373
autocommit command 131
c#
assembly version 364
programmers checklist 363
certificates
file names 505
changes from the previous release xxvi
channel property 59
channels
detailed statistics 497
channels.conf file 246
cipher suites
.NET clients 517
Java clients 514
client tracing 223
CLIENT_ACKNOWLEDGE mode 40, 41
client_heartbeat_server parameter 214
client_timeout_server_connection parameter 216
client_trace parameter 223
clock_sync_interval parameter 214
cm_name parameter 442
command line options
multicast 412
commit command 131
compact command 132
compiling samples 95
compliant_queue_ack parameter 201
compression, message 39
Configuration 108
bandwidth
managing multicast 420
TIBCO Enterprise Message Service Users Guide
652
| Index
configuring
external directory for authentication 287
LDAP 287
connect
admin 132
connect command 132
connection factories 368
parameters 250
connections
network I/O 122
connectivity
multicast 418
console_trace parameter 224
consumers
detailed statistics 497
conventions
naming 129
conversion, data type 46
cores
allocation 122
create bridge command 133
create durable command 133
create factory command 133
create group command 133
create jndiname command 133
create queue command 134
create route command 134
create rvcmlistener command 134
create topic command 135
create user command 135
customer support xxxii
D
daemon parameter 442
data type conversion 46
database store files
Schema Export Tool 348
database stores 340
configuring 341
in stores.conf 343
in tibemsd.conf 342
dbstore_classpath parameter 342
TIBCO Enterprise Message Service Users Guide
Index 653
E
echo command 138
EMS server
starting 108
stopping 111
emsntsrg 112
error recovery policy 115
exception listener 374
exclusive property 59
exit command 138
expiration property 60
EXPLICIT_CLIENT_ACKNOWLEDGE mode 41, 41,
42, 42
EXPLICIT_CLIENT_DUPS_OK_ACKNOWLEDGE
mode 42, 42
explicit_config_only parameter 442
export
topic property 60
export property 60
export_headers parameter 443
export_properties parameter 443
extensible security
parameters 239
file names
certificates and keys 505
file-based stores 31
files, sample 94
FIPS
fips140-2 parameter 232
FIPS 140-2 519
flow control 87
enforcing 87, 87
threads and deadlock 89
with destination bridges 89
with multicast 88
with routes 88
flow_control parameter 202
flowControl property 61, 87
ft_activation parameter 217
ft_active parameter 216
ft_heartbeat parameter 216
ft_reconnect_timeout parameter 217
ft_ssl_auth_only parameter 217
ft_ssl_ciphers parameter 220
ft_ssl_expected_hostname parameter 219
ft_ssl_identity parameter 217
ft_ssl_issuer parameter 218
ft_ssl_password parameter 218
ft_ssl_private_key parameter 218
ft_ssl_rand_egd parameter 219
ft_ssl_trusted parameter 218
ft_ssl_verify_host parameter 219
ft_ssl_verify_hostname parameter 219
F
G
factories.conf file 250
failover
dual state 530
non-shared state 523
shared state 532
shared state overview 522
unshared state 529
fault tolerance 15, 521
fault-tolerant failover 29, 542, 557
fault-tolerant URL 251, 253, 255
global property 62
grant admin command 140
grant queue command 138
grant topic command 139
group 287
groups.conf file 258
654
| Index
H
handshake_timeout parameter 210
help command 140
I
ibrvcm.conf file 266
import
queue property 62
topic property 62
import property 62
info command 140
inheritance 80
property 80
inheritance of property 54
intervals
mstore 34
J
jaas_classpath parameter 239
jaas_config_file parameter 239
jaas_login_timeout parameter 240
jaas.conf file 259
jaci_class parameter 240
jaci_classpath parameter 240
jaci_timeout parameter 241
Java
programmers checklist 357
JMS specification
1.1 355
2.0 354
JMS_TIBCO_SS_CORRELATION_ID property 476
JMS_TIBCO_SS_DELIVERY_MODE property 476
JMS_TIBCO_SS_EXPIRATION property 476
JMS_TIBCO_SS_LB_MODE property 476
JMS_TIBCO_SS_MESSAGE_ID property 476
JMS_TIBCO_SS_PRIORITY property 476
JMS_TIBCO_SS_SENDER property 475
JMS_TIBCO_SS_SENDER_TIMESTAMP property 476
TIBCO Enterprise Message Service Users Guide
K
key
file names 505
L
LDAP 287
ldap_all_groups_filter parameter 237
ldap_all_users_filter parameter 236
ldap_cache_enabled parameter 233
ldap_cache_ttl parameter 233
ldap_conn_type parameter 233
ldap_credential parameter 233
ldap_dynamic_group_attribute parameter 238
ldap_dynamic_group_class parameter 238
ldap_dynamic_member_url_attribute parameter 239
ldap_group_base_dn parameter 236
ldap_group_filter parameter 237
ldap_group_scope parameter 236
ldap_principal parameter 232
ldap_static_group_attribute parameter 237
ldap_static_group_class parameter 237
ldap_static_group_member_filter parameter 238
ldap_static_member_attribute parameter 238
ldap_tls_cacert_dir parameter 234
ldap_tls_cacert_file parameter 233
ldap_tls_cert_file parameter 234
ldap_tls_cipher_suite parameter 234
ldap_tls_key_file parameter 235
ldap_tls_rand_file parameter 234
ldap_url parameter 232
Index 655
M
MapMessage 24, 389
definition 24, 389
max_client_msg_size parameter 210
max_connections parameter 210
max_msg_field_print_size parameter 203
max_msg_memory parameter 211
max_msg_print_size parameter 203
max_stat_memory parameter 227
maxbytes property 63
maxmsgs property 64
maxRedelivery property 64
message
acknowledgement 40
compression 39
maximum size 24
selectors 43
tracing 488
message listener 49
message pool 211
messaging model
multicast 6
point-to-point 3
publish and subscribe 4
MS DTC 16
msg_pool_block_size parameter 211
N
name length limitations 129
naming conventions 129
network I/O connections
tuning 122
network parameter 441
network_thread_count parameter 204
NO_ACKNOWLEDGE mode 41, 41, 41
No-Acknowledgement Receipt Mode 41
656
| Index
non-shared state 523
implementing 544
npsend_check_mode parameter 204
O
options
tibemsadmin 126
overflowPolicy property 65
P
password
admin 117
setting 128, 144
password parameter 205
performance tuning 121
permission
protection 281
secure property and 71
persistent messages 28
in queues 28
in topics 28
synchronous fle storage 29
PGM 6
point-to-point
example 98
messaging model 3
policy.1.0 364
prefetch property 68
processor_ids parameter 205
producers
detailed statistics 497
programmer checklists 357
C 358
C# 363
Java 357
properties
channel 59
definitions 58
exclusive 59
expiration 60
export 60
flowControl 61
global 62
import 62
maxbytes 63
maxmsgs 64
maxRedelivery 64
overflowPolicy 65
prefetch 68
queue 58
redeliveryDelay 70
secure 71
sender_name 72
sender_name_enforced 72
store 73
topic 58
trace 74
property 18, 18, 18, 18
export 60
import 62
inheritance 54, 80
protection permissions 281
publish and subscribe
example 99
messaging model 4
purge all queues command 141
purge all topics command 141
purge durable command 141
purge queue command 141
purge topic command 141
Q
queue import property 62
queue limit policy 440
queue properties 58
queue property list 58
queue_import_dm parameter 443
Index 657
queues
delayed message redelivery 70
dynamic 54
routed 566
static 54
temporary 54
undelivered messages 22
queues.conf file 259
R
rate_interval parameter 226
redeliveryDelay property 70
remove member command 141
removeprop factory command 142
removeprop queue command 142
removeprop route command 142
removeprop topic command 142
request_old parameter 442
reserve memory 212
reserve_memory parameter 212
restricting multicast traffic 420
resume route command 142
revoke admin command 142
revoke queue command 143
revoke topic command 143
rotatelog command 144
round-robin queue (non-exclusive) 60
routes
detailed statistics 497
flow control 88
zone 552
routes.conf file 260
rv_tport parameter 442
RVCM parameters 442
S
sample files 94
samples
compiling 95
658
| Index
show members command 164
show message command 165
show messages command 165
show parents command 165
show queue command 166
show queues command 167
show route command 168
show routes command 169
show rvcmlisteners command 170
show rvcmtransportledger command 169
show server command 170
show stat command 170
show state command 171
show store command 171
show stores command 173
show subscriptions command 177
show topic command 174
show topics command 175
show transaction command 179
show transactions command 181
show transport command 182
show transports command 182
show user command 182
show users command 182
showacl admin command 182
showacl group command 183
showacl queue command 183
showacl topic command 183
showacl user command 183
shutdown command 184
socket_receive_buffer_size parameter 213
socket_send_buffer_size parameter 213
SSL
server parameters 228
ssl_auth_only parameter 232
ssl_cert_user_specname parameter 229
ssl_crl_path parameter 231
ssl_crl_update_interval parameter 231
ssl_dh_size parameter 228
ssl_password parameter 230
ssl_rand_egd parameter 231
ssl_require_client_cert parameter 228
ssl_server_ciphers parameter 228
ssl_server_identity parameter 229
ssl_server_issuer parameter 230
TIBCO Enterprise Message Service Users Guide
T
tcp 96, 132, 368
Index 659
tuning
performance 121
type conversion 46
type parameter 441
U
undelivered message queue 22
UNIX system
using for user authentication 287
unshared state
configuring clients 544
configuring servers 538
process 529
specifying URLs 545
updatecrl command 185
url formats 251, 253, 255
user 286
admin 117
externally authenticated 287
user admin 128
user_auth parameter 209
users.conf file 271
W
whoami command 185
wildcards 77
in dynamically created destinations 79
in queues 78
in topics 78
X
xa_default_timeout parameter 209
660
| Index
Z
zones 552