Using IBM App Connect Enterprise on IBM Cloud with MQTT

Learn how to use IBM® App Connect Enterprise on IBM Cloud® to directly access your secure MQTT for processing, enabling flows in the cloud to connect to applications and devices that send and receive messages by using the MQ Telemetry Transport (MQTT) messaging protocol.

Scenario:

You want an enterprise message flow to directly access your secure MQTT for processing, and want the message flow to run in App Connect on IBM Cloud. You can deploy message flows that use MQTT to run in App Connect on IBM Cloud plans that provide enterprise capabilities.

First, find or create everything you need:

  • An IBM Cloud account with an IBM App Connect service that provides enterprise integration capabilities; for example, the Lite or Custom Enterprise plans.

Procedure

  1. Import the BAR file from the archive file mqtt.zip into your instance of App Connect on IBM Cloud. This creates an integration server, which is displayed as a tile on the dashboard.
  2. To open the Policies view, click the Policies icon .
  3. Select the Truststore Certificate policy type and then give the policy a name. This name can be anything and is only used as a way of identifying the policy in the UI.
  4. Upload the certificate (PEM format) provided in the archive file above by dragging it into the policy window.
  5. Input the alias to be used in the truststore for this certificate and click Add to add the certificate and alias to the policy.
  6. To save the values for the Policy properties, click Save. You are returned to the Policies view.
  7. To attach the policy to the integration server for the uploaded bar file, complete the following steps:
    1. Click the 'Used by' cell of the row for the policy that you want to attach.
    2. In the Apply policy dialog, select the integration servers that you want to attch the policy to, and then click Apply.
  8. Return to the dashboard and then start the integration server.

    When the integration server shows Running, it is ready to use.

  9. After the integration server has started, click its tile to get the basic authentication settings of the integration server (for use when testing the integration).

Finally, test your integration:

Open a terminal window and then run the following command: 

curl -X POST URL -u iib:PASSWORD -d "<test><message>ACE is Awesome</message></test>" --insecure

... substituting the values of URL and PASSWORD from the basic authentication settings of the integration server.

This command will return something similar to the following example (with a different header): 

<test><message>ACE is Awesome</message><header>455648540000000004000000ffd14dadd502000000000000</header></test>

Troubleshooting

If the certificate is invalid it can be downloaded from test.mosquitto.org as mosquitto.org.der (der format) and will need to be converted to PEM format.

MQTT Brokers with basic authentication

  1. Open up the attached Project Interchange (PI) file MQTT-Basic-Auth.zip in the App Connect Enterprise toolkit and open the mqtt message flow.
  2. Double-click the MQTT Publish node and in the Basic tab of the Properties window input your host name and port.
  3. Do the same for the MQTT Subscribe node, double click it and in the Basic tab of the Properties window input your host name and port.
  4. Save and compile the project into a BAR file by right-clicking the project, selecting New > BAR file and then give the BAR file a name.
  5. Import the BAR file into your instance of App Connect on IBM Cloud. This creates an Integration server.
  6. Create a new policy, select the MQTT policy type, and then give the policy a name. This name can be anything and is only used as a way of identifying the policy in the UI.
  7. Input the Security Identity which should match what is set on the node in the toolkit. In the PI provided it is si1.
  8. Enter the username and password of your MQTT server into the policy and then click Create.
  9. Return to the dashboard
  10. Start the integration server by opening it's options menu (⋮), and then clicking Start.
  11. After the integration server has started, click its tile to get the basic authentication settings of the integration server.
  12. Open a terminal window and then run the following command: 
    curl -X POST URL -u iib:PASSWORD -d "<test><message>ACE is Awesome</message></test>" --insecure

    ... substituting the values of URL and PASSWORD from the credentials of the integration.

    This command will return something similar to the following example (with a different header): 
    <test><message>ACE is Awesome</message><header>455648540000000004000000ffd14dadd502000000000000</header></test>