Creating Interfaces

Edit online

About this task

The default Universal Messaging interface is nhp. The nhp interface enables clients to connect to it using not only the nhp protocol, but also the nsp protocol. If you do not specify a port for the default interface when you install or create a Universal Messaging server instance, the default port is 9000. The default interface binds to 0.0.0.0, or to all known interfaces.

If you plan to add an SSL-enabled interface, either nsps or nhps, you must perform additional steps. For more information, see Creating an SSL-Enabled Interface.

To add a new interface in the Enterprise Manager

Procedure

  1. Expand the Realms node and select the realm on which you want to create the interface.
  2. Go to the Comms > Interfaces tab and click Add Interface.
  3. Specify values for the following interface attributes:
    Attribute Value
    Interface Protocol The protocol of the interface. Values are:
    • NSP (Socket Protocol)
    • NHP (HTTP Protocol)
    • NSPS (Secure Socket Protocol)
    • NHPS (Secure HTTP Protocol)
    • RDMA Protocol (Deprecated). Requires network adapters that support remote direct memory access (RDMA).
    Interface Port The port on which the interface binds.
    Interface Adapter The physical network to which to bind, expressed either as an IP address or a hostname. The default is 0.0.0.0, or all known interfaces. You can use the hostname if you want the interface to be independent of the underlying IP address. For details about using the 0.0.0.0 IP address, see Usage of 0.0.0.0 When Defining Interfaces.
    Auto Start Whether the interface starts automatically after it is created, and after the server is restarted.
  4. Click OK.

    The Enterprise Manager adds the new interface to the interfaces table. The interfaces table shows the following attributes for an interface:

    • Name - Defined as protocol + n, where n is a unique sequence number for the interfaces for that protocol.
    • Status - Shows whether the interface is in status 'Running', 'Stopped', or 'Error'. The error status indicates that the interface did not start due to an error.
    • Adapter - The interface adapter.
    • Port - The interface port.
    • Threads - An indicator for the number of threads that the interface has free to accept connections. A full green bar denotes all threads are free.
  5. Define basic attributes for the interface.

    Various default attributes for the interface are displayed in the Comms > Interfaces > Basic panel. You may wish to modify these default values to suit your requirements. The attributes are described in the section Basic Attributes for an Interface.

Usage of 0.0.0.0 When Defining Interfaces

Edit online

When a client connects to a server, the server will deliver all interfaces that are marked as "advertised" (this is, set using the check box Advertise Interface on the Comms > Interfaces > Basic tab). If you have interfaces bound to 0.0.0.0 (that is all known interfaces), then this will include both 127.0.0.1 (localhost) and any IP address that the server node has. This means that the client will receive at least two interfaces that it will use to reconnect to the realm.

If the client connection is restarted, the client will attempt to iterate through this list of interfaces until it is successful on reconnection. However, the order of iterating through this list is not deterministic.

On a successful connection, the Universal Messaging realm server will construct a client principal name in the format <userName>@<IP-Address> used to check permissions on realm resources, such as channels or queues, where <IP-Address> is the IP address of the machine where the client is running. The IP address of the client in turn depends on the network interface the client used to connect to the server. In the example with a server adapter bound on all network interfaces (0.0.0.0), a local client (on the same machine as the server) may connect over the loopback interface to the server (localhost) so the connection will come from 127.0.0.1, but that same client may also connect over the real network interface, in which case the IP address will be the address of this network interface. Thus one and the same client may end up with different principal names when reconnecting to the realm server. This may lead to permission issues if a resource's default ACL has been established using one principal name, and is subsequently accessed with a different principal name after a reconnection.

To avoid this, you should either create the interface for an external IP address, not localhost, or ensure that required ACLs are configured.