Connecting App Connect to TCP/IP-based applications

An application that uses TCP/IP protocols can connect securely to a message flow in webMethods Hybrid Integration that contains TCP/IP nodes.

About this task

You might need to integrate with applications that use TCP/IP protocols instead of HTTP, JMS, or IBM® MQ. You can use TCP/IP nodes in IBM App Connect Enterprise on premises to connect to applications that use raw TCP/IP sockets to transfer data. (For more information, see Processing TCP/IP messages in the App Connect Enterprise documentation.)

To avoid the need to install integration software on premises, an on-premises TCP/IP-based application can securely access integration logic that is running in the App Connect capability of webMethods Hybrid Integration. Connectivity between the on-premises application and the flow in webMethods Hybrid Integration uses a switch server.

The following steps describe how to configure a message flow that is running in webMethods Hybrid Integration so that a simple on-premises TCP/IP application can connect to it.

Procedure

Create a message flow in the App Connect Enterprise Toolkit that uses TCP/IP Server nodes.
For example, your flow might include a TCPIP Server Input node that listens for incoming client data and a Compute node that completes some processing. A TCPIP Server Output node then sends the response.
Package your flow as a BAR file.
For more information, see Packaging integration solutions in the App Connect Enterprise documentation.
To configure secure connectivity between webMethods Hybrid Integration and the on-premises system, create two private network connections.
You set up this connectivity by creating a connection file for the integration that is running in webMethods Hybrid Integration and configuring a secure agent on premises.
1. In the App Connect capability of webMethods Hybrid Integration, expand Connect in the navigation pane, then click Private networks.
2. Click Create to create a private network agent.
  Provide a name for the agent that identifies it as the connection information for the integration that is running in webMethods Hybrid Integration (such as tcpip-endpoints). Make a note of the Configuration name for the new agent (which begins pnagent-).
3. Click Create again to create a second private network agent.
  Provide a name for the agent that identifies it as the secure agent configuration (such as tcpip-listeners). Make a note of the Configuration name for the new agent (which begins pnagent-).
Configure the ports that are running on premises that the on-premises application can connect to.
(This configuration uses the private network agent with the name tcpip-listeners in the previous step.)
1. Go to the Configurations tab of the Manage page and find the configuration with the name that you noted in the previous step.
2. Open the Options menu for the configuration and click Update.
3. In the Private Network Agent editor, replace the id, admin, callableflows, and endpoints content with the following listeners stanza so that the file contains listeners details and switch details.
  The port number must match the port that is set on the TCPIP Server node and can be any unused port from 10001 or higher. The port number is set by the Connection details field of the TCPIP Server node.
```
"listeners": [
    {
      "name": "tcpip sever",
      "localPort": 10001,
      "remoteHostname": "localhost",
      "remotePort": 10001
    }
  ],
```
  When you click Update, the file is validated and if the syntax is correct, you see a success notification.
  The following example shows what the private network agent configuration looks like.
```
{
  "listeners": [
    {
      "name": "tcpip sever",
      "localPort": 10001,
      "remoteHostname": "localhost",
      "remotePort": 10001
    }
  ],
  "switch": {
    "url": "wss://default-switch-server-switch-acdev1234567.switch.a-vir-s1.appconnect.ipaas.ibmappdomain.cloud:443",
    "certs": {
      "ca": [
        "-----BEGIN CERTIFICATE-----\123abc456def\n-----END CERTIFICATE-----\n"
      ],
      "cert": "-----BEGIN CERTIFICATE-----\123456abcdef\n-----END CERTIFICATE-----\n",
      "key": "-----BEGIN PRIVATE KEY-----\1234abc56def\n-----END PRIVATE KEY-----\n",
      "rejectUnauthorized": true
    }
  },
  "displayName": "tcpip-listeners"
}
```
Configure the endpoints that are used by the on-premises application to connect to the webMethods Hybrid Integration integration ports.
(This configuration uses the private network agent with the name tcpip-endpoints that you created in step 3.)
1. On the Configurations tab of the Manage page, open the Options menu for the appropriate configuration, and click Update.
2. In the Private Network Agent editor, replace the id, admin, callableflows, and endpoints content with the following endpoints stanza so that the file contains endpoints details and switch details.
```
"endpoints": [
    {
      "name": "tcpip-server",
      "hostname": "localhost",
      "port": 10001
    }
  ],
```
  These endpoints are used by the on-premises application to connect to the webMethods Hybrid Integration integration ports. When you click Update, the file is validated and if the syntax is correct, you see a success notification.
  The following example shows what the private network agent configuration looks like.
```
{
  "endpoints": [
    {
      "name": "tcpip-server",
      "hostname": "localhost",
      "port": 10001
    }
  ],
  "switch": {
    "url": "wss://default-switch-server-switch-acdev1234567.switch.a-vir-s1.appconnect.ipaas.ibmappdomain.cloud:443",
    "certs": {
      "ca": [
        "-----BEGIN CERTIFICATE-----\123abc456def\n-----END CERTIFICATE-----\n"
      ],
      "cert": "-----BEGIN CERTIFICATE-----\123456abcdef\n-----END CERTIFICATE-----\n",
      "key": "-----BEGIN PRIVATE KEY-----\1234abc56def\n-----END PRIVATE KEY-----\n",
      "rejectUnauthorized": true
    }
  },
  "displayName": "tcpip-endpoints"
}
```
Configure the on-premises secure agent.
1. On the Private networks page, open the Actions menu for the listeners private network agent and click View setup instructions.
2. Follow steps 1 and 2 of the on-screen instructions to download the secure agent and the secure agent configuration.
3. Do not complete step 3 of the on-screen instructions to configure endpoints.
  Instead, you can use the configuration that you created previously with the correct endpoints when you deploy your BAR file.
4. Complete step 4 of the on-screen instructions to start the on-premises secure agent.
  When you complete these steps, messages confirm that AgentC started and connected successfully to the switch server. The on-premises secure agent is now running and ready to forward TCP/IP traffic to webMethods Hybrid Integration.
Deploy your BAR file to the App Connect capability in webMethods Hybrid Integration.
1. Go to the Runtimes tab of the Manage page and click Create to create an integration runtime in the default deployment location.
2. To upload your BAR file, click Add integration, then Add file, then select your BAR file and click Add.
3. Click Add configurations and select the configuration for your TCP/IP endpoints that you configured in step 5.
4. Complete any other required options, then click Create.
For more information, see Deploying integrations.

Results

Notifications confirm that the runtime is being created. To update the status, refresh your browser. When the status changes to Ready, the runtime is running and the integration is ready to be called.

To send or receive data, the TCP/IP application completes the following steps.

The TCP/IP application connects to the 10001 local port that is available through the on-premises secure agent.
The secure agent uses the switch server over an encrypted tunnel to send the request to the remote agent that is running in the App Connect capability.
The remote agent calls the TCPIP Server Input node of the integration over a local connection in the App Connect capability.