Using IBM Event Streams Version 10

You can use IBM® Event Streams Version 10 with SCRAM authentication or TLS authentication.

Procedure

Use one of the following procedures:
  • Setting up Event Streams with SCRAM authentication

    Ask your IBM Event Streams administrator to provide:

    • The bootstrap address of an external Kafka listener.
    • Optional: The schema registry endpoint.
    • The SCRAM user name and password
    • Optional: The Java™ trust store file that contains the CA certificate (es-cert.p12).
    • Optional: The Java trust store file password.
    1. Configure the Kafka producer and consumer properties by opening the kafkaproducer.properties and kafkaconsumer.properties files adding the following lines:
      bootstrap.servers=external_bootstrap_address:port
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-512
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="scram_username" password="scram_password ";

      If your Event Streams instance does not use a certificate that is signed by a public CA, add the following lines to the kafkaproducer.properties and kafkaconsumer.properties files:

      ssl.truststore.location=/path/to/es-cert.p12
ssl.truststore.password=truststore_password
ssl.truststore.type=PKCS12

      For KCOPs that do not connect to the schema registry, no additional steps are needed.

    2. If you want to serialize your messages by using a schema registry, follow these steps:
      1. If your Event Streams instance does not use a certificate that is signed by a public CA, stop the CDC Replication instance and launch the configuration tool. Edit the encryption profile. When asked about a trust store, provide the path to the es-cert.p12 file, the trust store password, and the key store format PKCS12.
      2. Create a properties file with the following lines:
        schema.registry.url=https://schema_registry_endpoint 
serializer.property.basic.auth.credentials.source=USER_INFO
serializer.property.schema.registry.basic.auth.user.info=scram_username:scram_password
      3. When an endpoint is configured for SCRAM authentication, then clients are required to use basic authentication when connecting to a schema registry. All KCOPs that are shipped with CDC Replication support basic authentication. The list of KCOPs can be found in Kafka custom operation processor (KCOP) for the CDC Replication Engine for Kafka.

        You need to select a KCOP from the list or create your own. Otherwise a subscription will fail when it serializes a message. If you want the default behavior, use this KCOP.

      4. Create the new subscription in Management Console and map your tables.
      5. Right click on the subscription and click Kafka Properties.
      6. Specify the following values in the Communication Details section:
        • Host Name: localhost
        • Port: 2181

        The values are not used when connecting to IBM Event Streams but still are required by the UI.

      7. Configure a KCOP.
        1. Right click on a subscription and click User Exits.
        2. In the Class Name field, specify canonical name of your chosen KCOP (package plus class name).
        3. In the Parameter field, specify the path to the KCOP.properties file, for example -file:/path/to/KCOP.properties.
          Note: The CDC Replication Engine for Kafka can only replicate to IBM Event Stream with a KCOP. Familiarize yourself with available KCOPs and decide which one to use.
  • Setting up Event Streams with TLS authentication

    Ask your IBM Event Streams administrator to provide:

    • The bootstrap address of an external Kafka listener.
    • Optional: The schema registry endpoint.
    • The Java key store file (user.p12).
    • The Java key store file password.
    • Optional: The Java trust store file that contains the CA certificate (es-cert.p12).
    • Optional: The Java trust store file password.
    1. Configure the Kafka producer and consumer properties by opening the kafkaproducer.properties and kafkaconsumer.properties files adding the following lines:
      bootstrap.servers= external_bootstrap_address:port
security.protocol= SSL
ssl.keystore.location=/path/to/user.p12
ssl.keystore.password=keystore_password
ssl.keystore.type=PKCS12

      If your Event Streams instance does not use a certificate that is signed by a public CA, add the following lines to the kafkaproducer.properties and kafkaconsumer.properties files:

      ssl.truststore.location=/path/to/es-cert.p12
ssl.truststore.password=truststore_password
ssl.truststore.type=PKCS12

      For KCOPs that do not connect to the schema registry, no additional steps are needed.

    2. If you want to serialize your messages by using a schema registry, follow these steps:
      1. Stop the CDC Replication instance and launch the configuration tool. Edit the encryption profile. When asked about a trust store, provide the path to the user.p12 file, the key store password, and the key store format PKCS12.
      2. : If your Event Streams instance does not use a certificate signed by a public CA, then edit the encryption profile again. When asked about a trust store, provide the path to the es-cert.p12 file, the trust store password, and the key store format PKCS12.
      3. Create the new subscription in Management Console and map your tables.
      4. Right click on the subscription and click Kafka Properties.
      5. Specify the following values in the Communication Details section:
        • Host Name: localhost
        • Port: 2181

        The values are not used when connecting to IBM Event Streams but still are required by the UI.

      6. Specify the following values in the Schema Registry section:
        • Host Name: The schema registry endpoint
        • Port: 443
        • Check Encrypted