Integrating IBM Cloud Private Path services

Edit online

Use IBM Cloud® Private Path service to enable an application that is running in IBM® Enterprise Application Service for Java® (EASeJ) to access your systems that are running on premises. To integrate a third-party private path service, specify a unique Cloud Resource Name (CRN) for your Private Path service.

An IBM Cloud Private Path service allows connection between an EASeJ instance and your Virtual Private Cloud (VPC) without compromising security or putting your VPC at risk. Additionally, you can combine Private Path service and Application Load Balancer (ALB) to establish connections to workloads hosted on premises or other locations that are accessible from your VPC.

You might use a Private Path service to enable a connection to, for example, an on-prem Maven repository, IBM MQ queue manager, or Db2 database.

Before you begin

Set up your on-prem private path service.

  1. Read About Private Path service in the IBM Cloud VPC documentation.

  2. Check the following Private Path considerations.
    Security
    • Private Path service and EASeJ must be provisioned in the same IBM Cloud account.
    • Private Path service integration provides a way to connect to load balancer hosted in your VPC. It is your responsibility to ensure that the connection target is configured with credentials and encrypted with TLS.
    Limitations
    • EASeJ requires that the fully qualified domain name (FQDN) that is used for Private Path service endpoints be a publicly registered domain.
    • Private Path service endpoints that use domains such as .intranet, .internal, .private, .corp, .home, or .lan are not supported
    • If a Private Path service is registered with multiple EASeJ instances, the connection request is sent only once.

  3. Create and configure Private Path service in your VPC.

  4. Verify connectivity to your Private Path service.

Get the CRN for your Private Path service. If you do not know the CRN, ask the administrator of the private path service.

Registering the connection on EASeJ

  1. Go to the Private Path Services page on EASeJ.
    • Before instance configuration, click Connect on-premises services on the EASeJ Home page.
    • After instance configuration, click Open menu icon > Integrations from the EASeJ menu, and then click the View details link on the Private Path Services tile.

  2. Click Connect a new service.

  3. In the Connect a new service dialog, type the CRN number for your Private Path service and then click Connect.

  4. Get the Private Path service administrator to approve the pending connection request.

    After EASeJ connects to the Private Path service, your Private Path service displays a connection request. Review and permit the request. After the connection request is permitted, the connection is established.

The service is listed on the Private Path Services page with a succeeded status.

Connecting your application to a Private Path service

After you register the connection on EASeJ, you can connect your application to the Private Path service. To do so, add a binding for the Private Path service to the EASeJ environment.yaml file for the staging or production environment, or for both environments.

Add the binding to the app: services: array of the YAML file. For the binding, specify the Cloud Resource Name (CRN) for the Private Path service.

app:
  services:
    - crn: '<Private_Path_service_instance_CRN>'

Connecting an artifact repository to a Private Path service

After you register the connection on EASeJ, you can connect an artifact repository for a Deploy and run your application option to the Private Path service. You connect the artifact repository when you configure your instance with the Deploy and run your application option.

  1. On the EASeJ Home page, click Install and configure.

  2. On the Install and configure GitHub page, select Deploy and run your application, then click Next.

  3. On the Connect artifact repo tab, connect your artifact repository to EASeJ using HTTPS. Ensure that the repository is a Maven repository that contains enterprise archive (EAR), web archive (WAR), or ZIP files, such as Sonatype Nexus or JFrog Artifactory.

    1. For Repository URL, specify a URL to the Maven repo that has the EAR, WAR, or ZIP file. Specify the base Maven repo URL, not the full path to the application.
    2. If the Maven repo requires credentials, specify a user name and password for the repo.
    3. Click Test connection.
    4. Click Next.

  4. Continue following the steps in Configuring artifact and GitHub repositories.

What to do next

After you complete the steps and your private path service is integrated with EASeJ, you can use the on-prem service with your application on the cloud.