The integrations that you create in IBM® Integration Bus on Cloud might contain message flows that need to interact with your on-premises applications. Your flows can communicate securely with your on-premises applications by using a Switch server and a connectivity agent. The Switch server is a special kind of integration server that routes data. You cannot deploy anything to the Switch server. The connectivity agent contains the certificates that your flows require to communicate securely with the Switch server. By synchronizing connection details in IBM Integration Bus on Cloud and the on-premises agent, your integrations can interact securely with your on-premises applications. Data that is transferred between the on-premises agent and the cloud is encrypted by using a mutually authenticated TLS connection. The following high-level diagram illustrates how integrations connect to those applications.
Endpoint configuration
A private endpoint is an enterprise application that is running in your on-premises network, such as DB2 or IBM MQ. You provide connection details in IBM Integration Bus on Cloud for each of your private endpoints. You can create configurations for multiple instances of the same endpoint type. The connection details that you specify in the cloud are collated and used to create a Switch server and configure an agent on premises. The agent creates a secure connection between your on-premises applications and your integrations in the cloud.
After you synchronize your endpoint configurations with the IBM Integration Bus agent, all the integrations in IBM Integration Bus on Cloud can connect to all of the on-premises endpoints that are configured.
The on-premises agent
The agent is a component of IBM Integration Bus version 10.0.0.2 or later on Windows and Linux. When you click Download configuration, the endpoint configurations that you created in the cloud are collated into an agent configuration file. The configuration file is a JavaScript Object Notation (JSON) file that is called agentp.json. That configuration file also contains information that is required to create the Switch server and the agent. Because the agent is a component of IBM Integration Bus, you must download the agent configuration file to the same location as IBM Integration Bus.
The first time that you download the agent configuration file, it is used to create the Switch server and agent, and synchronize the agent with the endpoint configurations in the cloud. If you then create extra endpoint configurations, change the host name and port in an existing configuration, or delete an endpoint configuration, you must download the updated agent configuration for the on-premises agent to use. In this case, because the Switch server and agent are already created and running, the agent and endpoint configurations are synchronized only.
The iibswitch command
After you download the agent configuration file to the same location as IBM Integration Bus, you run the iibswitch command. On Windows, you run this command from the IBM Integration Console, which is a component of IBM Integration Bus. On Linux, you run the mqsiprofile.sh script to start a command environment.
If you are downloading the configuration for the first time, you run the iibswitch create command to enable network connectivity. The command uses the agent configuration file to create the Switch server and configure the agent with the correct configured endpoints. If you are downloading an updated agent configuration file, you run the iibswitch update command to synchronize the agent with the configured endpoints in the cloud. The command makes the agent use the updated configuration file.
The following video demonstrates how to connect securely to private endpoints: 
IBM Integration Bus on Cloud
- Secure connectivity to on-premises systems demo.
For detailed information about how to enable network connectivity, see Connecting securely to private endpoints.
Last updated 2018-12-15 07:47:00
