Setting up watsonx Code Assistant for Z service
Z Understand Web UI uses Generative AI to assist architects and developers with their application analysis. In order to use Generative AI the watsonx Code Assistant™ for Z service must be configured.
You can buy a monthly subscription through the IBM Cloud® catalog directly, or through your IBM® account team. watsonx Code Assistant for Z supports multiple use cases and has different plans, you must select the Z plan to get access to the correct service.
After you purchase a subscription, you can provision an instance of the service by using a guided walk through. For detailed steps on how to get started, see Set up watsonx Code Assistant for Z in IBM Cloud.
An administrator who is responsible for the service must add developers to the watsonx Code Assistant for Z service so that they can request for an API Key to access the AI.
Configuring Satellite Connector in IBM Cloud
A Satellite Connector provides secure TLS tunneling between applications and service that requires to communicate in hybrid and multi-cloud environments. A Satellite Connector is a deployment model that enables only the secure communications from IBM Cloud to on-prem resources with a light-weight container that is deployed on-prem through container platform hosts, such as Podman.
Z Understand Web UI requires a secure TLS tunneling between IBM Cloud and on-prem application resources such as project database, vector database, and authentication service in order to provide a context-based assistance by using Generative AI.
Create a Satellite Connector in an IBM Cloud account (https://cloud.ibm.com/satellite/connectors). For more information, see Satellite Connector overview.
Setting up user endpoints in Satellite Connector
-
DEX
- Name - DEX
- Destination FQDN or IP - Z Understand Linux conatiner FQDN or IP
- Destination port - 7600
- Source protocol - HTTPS
- Server name indication - Z Understand Linux conatiner FQDN or IP
- Check Verify destination certificate
- Upload Z Understand TLS certificate
-
FILESYSTEM
- Name - FILESYSTEM
- Destination FQDN or IP - Z Understand Linux conatiner FQDN or IP
- Destination port - 7700
- Source protocol - HTTPS
- Server name indication - Z Understand Linux conatiner FQDN or IP
- Check Verify destination certificate
- Upload Z Understand TLS certificate
-
GRAPHQL
- Name - GRAPHQL
- Destination FQDN or IP - Z Understand Linux conatiner FQDN or IP
- Destination port - 9443
- Source protocol - HTTPS
- Server name indication - Z Understand Linux conatiner FQDN or IP
- Check Verify destination certificate
- Upload Z Understand TLS certificate
-
REFACTOR
- Name - REFACTOR
- Destination FQDN or IP - Z Refactor Linux server FQDN or IP
- Destination port - 9444
- Source protocol - HTTPS
- Server name indication - Z Refactor Linux server FQDN or IP
- Check Verify destination certificate
- Upload Z Refactor TLS certificate
-
VECTORDB
- Name - VECTORDB
- Destination FQDN or IP - Vector DB (Milvus) server FQDN or IP
- Destination port - 19530
- Source protocol - TCP
This procedure is applicable to all five user endpoints.
- Click User endpoints tab and click Create endpoint.
- In the Destination resource section, Select Agent location option, then click Next.
- In the Resource details section, enter Endpoint name, Destination FQDN or IP, and Destination port, then click Next.
- In the Protocol section, select HTTPS from the
Source protocol drop-down menu.Note: HTTPS can change based on which endpoint is being configured.
- Enter Server name indication that is part of the TLS certificate.
- Select Verify destination certificate and upload the TLS certificate from
Z Understand
Linux® container, then click
Next.Note: You can find the TLS certificate within security folder in your Z Understand Linux container /opt/wca4z-understand/security.
- In the Access control list section, click Create
rule. Enter the rule name, and IBM Cloud private IP addresses of the clients that
connects to the endpoint. Enable ACL rules for all endpoints with following private IP addresses:
- 10.38.218.0/25
- 10.93.43.64/26
- 10.74.40.0/26
- 10.241.100.128/25
- 10.73.71.0/26
- Click Create to create an ACL rule.
- Click Next and customize the connection timeout settings.
- Click Create endpoint to create the Satellite user endpoint.
Add the Satellite Connector endpoints to your deployment space
Create these five Assets in the deployment space to connect watsonx Code Assistant for Z server with your Satellite Connector instance.
-
DEX
- Name - DEX
- Description - ENDPOINT_TYPE=<DEX>
- Connection details - Copy the Endpoint address from the corresponding user endpoint created in the Satellite Connector. To proceed, navigate your Satellite Connector instance and click on the name of the corresponding user point to view the details.
-
FILESYSTEM
- Name - FILESYSTEM
- Description - ENDPOINT_TYPE=<FILESYSTEM>
- Connection details - Copy the Endpoint address from the corresponding user endpoint created in the Satellite Connector. To proceed, navigate your Satellite Connector instance and click the name of the corresponding user point to view the details.
-
GRAPHQL
- Name - GRAPHQL
- Description - ENDPOINT_TYPE=<GRAPHQL>
- Connection details - Copy the Endpoint address from the corresponding user endpoint created in the Satellite Connector. To proceed, navigate your Satellite Connector instance and click the name of the corresponding user point to view the details.
-
REFACTOR
- Name - REFACTOR
- Description - ENDPOINT_TYPE=<REFACTOR>
- Connection details - Copy the Endpoint address from the corresponding user endpoint created in the Satellite Connector. To proceed, navigate your Satellite Connector instance and click the name of the corresponding user point to view the details.
-
VECTORDB
- Name - VECTORDB
- Description - ENDPOINT_TYPE=<VECTORDB>
- Connection details - Copy the Endpoint address from the corresponding user endpoint created in the Satellite Connector. To proceed, navigate your Satellite Connector instance and click the name of the corresponding user point to view the details.
Procedure
- Use the following link https://dataplatform.cloud.ibm.com/ml-runtime/dashboard?context=wca to access your deployment spaces. Go to the Spaces tab,
and select the default space.Note: Location changes according to the use case.
- In the Assets tab, click New asset.
- In the New asset page, select Connect to a data source.
- In the Add connection page, select Generic protocols and APIs from the left pane and select HTTP, then click Next.
- In the Create connection: HTTP page, select Connection overview from the left pane.
- Enter the Name and use the
ENDPOINT_TYPE=<endpoint Type>format in the Description field. The list of values for endpoint types is VectorDB, GraphQL, FileSystem, Dex, and Refactor. - Add the Connection details that must be copied from the corresponding user endpoint that is created in the Satellite Connector.
- Click Create.
Configure Satellite agents
Each satellite connector requires an agent running on-prem to establish the connection. You must configure the satellite agent on both the Z Understand Linux container and the server that has VectorDB installed and configured.
- To create and run the Satellite agent on-prem, see Running a Connector agent.
- When you are following the referenced steps for configuring Satellite agent, modify the
SATELLITE_CONNECTOR_IDenvironment variable with correct ID of your Satellite Connector instance. - You can also modify the SATELLITE_CONNECTOR_TAGS environment variable to distinctly identify
your agent that is connected to your Satellite Connector instance. Here are the recommended tags:
- For the Z Understand Linux container machine, you can configure the Satellite agent with graphql tag name.
- For the Vector DB server, you can configure the Satellite agent with vectordb tag name.
- To run the Satellite agent after the Satellite agent environment variables are configured and API key is set, run the Satellite agent. For more information, see Running a Connector agent.