Friday, June 25, 2010

Customer engagement template

Regardless whether the customer engagement is one week or one year, I always organise the my files in the following hierarchy. Firstly, it helps you focus on the purpose and customer expectation. Secondly, some customers are difficult being organised allows you to backtrack all your work for justification.
01 Statement of work
02 Research and Analyse
03 Architecture and Design
05 Project Management
06 Project Deliverables
07 Administration
09 Tools
10 References
11 Working
I find one of the most useful tool to keep my notes is Tiddylywiki (www.tiddlywiki.com). It is extremely easy to use and no setup required.
Posted by Scott Nguyen at 5:32 PM
Labels: ,

Wednesday, June 16, 2010

SSL certificate in webMethods Software

Generating a SSL Private Key
  1. Install webMethods Certificate Toolkit which can be found in version 6.5 image.
  2. Run webMethods Certificate Toolkit
  3. Use default keysize of 1024 bits
  4. Label filename as MyEnterprise_PrivateKey.der
Generating the SSL Certificate Signing Request (CSR)
  1. Run webMethods Certificate Toolkit
  2. Select the private key generated above
  3. Label the CSR filename as MyEnterprise_CSR.pem
  4. Fill in the Server Information as required
  5. Send the Certificate Signing Request (CSR) to an authorised person who deal commercially with VeriSign.
Extracting SSL certificates from VeriSign's response
  1. Once the purchase of SSL Certificate is complete VeriSign will response with an email
  2. The cert.p7b attachment received from verisign is a PKCS#7 file which contains the CA certificate and the signed/public key, you will need to extract them.
  3. Save this attachment as MyEnterprise.p7b
  4. Double-click on the MyEnterprise.p7b to inspect the certificates, note the expiration date
  5. Double-click CA cetrificate (Issued To=www.verisign.com...)
  6. Navigate to the Details tab
  7. Click on the Copy to File button
  8. Export file as DER encoded binary X.509 format, label filename as MyEnterprise_CA.cer
  9. Rename MyEnterprise_CA.cer to MyEnterprise_CA.der
  10. Double-click CA cetrificate (Issued To=b2b.jemena.com.au...)
  11. Navigate to the Details tab
  12. Click on the Copy to File button
  13. Export file as DER encoded binary X.509 format, label filename as MyEnterprise_Signed.cer
  14. Rename MyEnterprise_Signed.cer to MyEnterprise_Signed.der
Configure SSL certificate support for incoming transactions
  1. Request MyEnterprise's private key, signed/public key and CA certificates from Security Team
  2. Send MyEnterprise's signed/public key and CA certificates to CompanyA
  3. Request CompanyA's signed/public key and CA certificates from CompanyA
  4. Navigate to Reverse Invoke Server > IS Adminstration > Security > Ports > Gateway External
  5. Upload MyEnterprise_PrivateKey.der and MyEnterprise_Signed.der onto Reverse Invoke Server under /IntegrationServer/config/cert/myent directory
  6. Upload MyEnterprise_CA.der onto Reverse Invoke Server under /IntegrationServer/config/cert/cas directory
  7. Under Listener Specific Credentials, select Protocol as HTTPS
  8. Set Server's Certificate as config/cert/myent/MyEnterprise_Signed.der
  9. Set Authority's Certificate as config/cert/cas/MyEnterprise_CA.der
  10. Set Private Key as config/cert/myent/MyEnterprise_PrivateKey.der
  11. Set Trusted Authority Directory as config/cert/cas
  12. Navigate to Internal Server > IS Adminstration > Security > Certificates > Configure Client Certificates
  13. Upload MyEnterprise_Sign.der onto Internal Server under /IntegrationServer/config/cert/com_a directory
  14. Under Import Certificate, set Certificate Path as /IntegrationServer/config/cert/com_a/CompanyA_Signed.der
  15. Set User as Administrator (recommend you create unique user on IS for easy supportability)
  16. Set Usage as SSL Authentication
  17. Click on Import Certificate
Configure SSL certificate support for outcoming transactions
  1. Request v's private key, signed/public key and CA certificates from Security Team
  2. Send MyEnterprise's signed/public key and CA certificates to CompanyA
  3. Request CompanyA's signed/public key and CA certificates from CompanyA
  4. Run webMethods Trading Networks Console, logon to Internal Server
  5. Navigate Enterprise profile > Security > SSL Client
  6. Under Certificate Chain, add MyEnterprise_Signed.der and MyEnterprise_CA.der
  7. Set Private Key as MyEnterprise_PrivateKey.der
  8. Save Enterprise profile
  9. Upload MyEnterprise_CA.der and CompanyA_CA.der onto Internal Server under /IntegrationServer/config/cert/cas directory
  10. Navigate to Internal Server > IS Adminstration > Security > Certificates > Edit Certificates Settings
  11. Under Trusted Certificates, set CA Certificate Directory as config/cert/cas
  12. Save changes
You might have notices the Outbound SSL Certificates section, why is that there? That's only required if you use pub.client:http service to invoke HTTPS URL, the IntegrationServer will act as a client.
Posted by Scott Nguyen at 2:03 PM
Labels: ,

Monday, June 14, 2010

Roles and responsibilities

A good Consultant is a subject matter expert (SME) in his role.

So what makes a great Consultant? He who have two or more core competencies and is capable of performing different roles in appropriate situations.
RoleResponsibility
Solution & Enterprise ArchitectsEnterprise and business process architects responsible for defining and maintaining business solution design, enterprise architecture standards and principles
Project/Integration LeadIntegration lead (or the Integration Release and Resource Lead) manages the integration deliverables, resources and planning.
Integration COEConsists of Integration Architects responsible for integration solution consulting and process governance assurance.
Design OwnerDesign owner reports to Integration Release and Resource Lead and responsible for defining integration design as per requirements.
Development OwnerDevelopment owner reports to Integration Release and Resource Lead and responsible for development of solution as per design requirements.
Environment Management & Integration SupportEnvironment management and integration support team is responsible for supporting the integration solution and environment (inc. production). This team also provides feedback in design processes.
Posted by Scott Nguyen at 8:10 PM
Labels: ,

Configuring sticky session in CISCO Content Services Switch (CSS) load-balancer

One of the best thing in delivery is engaging in a greenfield project. You discover so much more about the limitation about the product stack.

In this scenario, we are configuring hardware load balancing (CISCO CSS) for the webMethods Integration Server.

Problem: When accessing the instance via the Virtual Internet Protocol (VIP), user is continuously being prompted for credentials.

Facts: This is caused by the TCP three-way handshake and cookie in the webMethods Integration Server.
    • The user browse to the VIP
    • CSS forward the request to Node 1
    • Node 1 send authentication request to the user with a random hex number ssnid=29c4f640596011de9579da14127f22f1 in the HTTP header
    • The user enter his/her credential and submit
    • The browser send the response the CSS
    • CSS forward the response to Node 2
    • Node 2 rejected the response because of unrecognised SSNID
    • Node 2 send authentication request to the user with a random hex number ssnid=b9066b60559411de9034cfa576455f64 in the HTTP header
    • The user enter his/her credential and submit
    • This goes around in an infinite loop.
Unfortunately the CSS cannot load-balance on dynamic cookies.

The customer has configured the CSS to look for a cookie called ‘ssnid=’ 
owner WMQA-VIP 
  content WMQA-HTTP-N 
    vip address 146.195.84.125 
    add service WMQA-1-HTTP-N 
    port 8080 
    protocol tcp 
    add service WMQA-2-HTTP-N 
    string range 208 to 528 
    string prefix "ssnid=" 
    advanced-balance cookies

and then told the service to look for the following string; 
service WMQA-1-HTTP-N 
  string WMQA-1

This will not work because the string doesn’t exist in the cookie.

Resolution: The only workaround is to configure the arrowpoint-cookie. This is a cookie generated by the CSS itself and inserted into the TCP stream.

For example the owner and content should look something like this (remove all redundant commands) 

service WMQA-1-HTTP-N 
   no  string 
  
owner STICKY-VIP 
  
  content STICKY-WMQA-HTTP-N 
    vip address 146.195.84.125 
    add service WMQA-1-HTTP-N 
    add service WMQA-2-HTTP-N 
    advanced-balance arrowpoint-cookie 
    sticky-mask 255.255.240.0 
    protocol tcp 
    port 8080 
    url "/*" 
    active
Posted by Scott Nguyen at 6:43 PM
Labels: , ,

Saturday, June 12, 2010

Right angle bracket (>) in XML Specification

I like to close the discussion about the use of the right angle bracket (>) in XML document. Despite what the the claim "the greater than character is legal, but it is a good habit to replace it" by the w3schools, usage of the right angle bracket must be escaped! It clearly mentioned in the XML 1.0 Specifications:
The ampersand character (&) and the left angle bracket (<) must not appear in their literal form, except when used as markup delimiters, or within a comment, a processing instruction, or a CDATA section. If they are needed elsewhere, they must be escaped using either numeric character references or the strings " & " and " < " respectively. The right angle bracket (>) may be represented using the string " > ", and must, for compatibility, be escaped using either " > " or a character reference when it appears in the string " ]]> " in content, when that string is not marking the end of a CDATA section.

In the content of elements, character data is any string of characters which does not contain the start-delimiter of any markup and does not include the CDATA-section-close delimiter, " ]]> ". In a CDATA section, character data is any string of characters not including the CDATA-section-close delimiter, " ]]> ".
W3C Recommendation, Extensible Markup Language (XML) 1.0 (Fifth Edition), 26 November 2008
Posted by Scott Nguyen at 10:48 PM
Labels: ,

Wednesday, June 09, 2010

How to create rule to forward meeting requests?

As a Consultant I often engaged to many customers, I have a hard time keeping track of my meetings. So I'm using my consulting company's exchange server to centralise all my appointments.

I do not believe there is a template for this one. You might have to start with a blank rule. Here is what I did:
  1. Start Microsoft Outlook
  2. Click "Tools", "Rules and Alerts", "New Rule", Start with a blank rule "Check Messages When They Arrive"
  3. Check the box that says "which is a meeting invitation or update"
  4. Click Next
  5. Check the box that says "move it to the specified folder"
  6. Ensure you click on "specified" and choose the correct folder
Posted by Scott Nguyen at 12:32 AM
Labels: ,

Tuesday, June 08, 2010

OASIS ebXML version 2.0 implementation

The Advanced Metering Infrastructure (AMI) project in Victoria, Australia is the world first (definitely the first in Asia Pacific) production implementation of OASIS ebXML v2.0. At the time of the post there is one one other client in Europe trialing this standard in pre-production status.

For those who worked in the VicGas market currently supporting ebMS v1.0, don't underestimate ebMS v2.0, because it has significant differences. Before you get started, I advise you to read the following documents:

ebXML Message Service Specification v2.0 - describes the concept, background, objective and core functionality. Two sections in particular are worth noting. First, ebXML with SOAP, this should give you the technical understanding the transport protocol of messages. Second, Reliable Messaging Module, these optional attributes provide guarantee delivery of messages.

ebXML Collaborative Partner Profile Agreement (CPPA) v2.0 - in ebXML v2.0, CPPA is mandatory, so here is one I prepared earlier.





There are currently two commercial adapters available in the market that supported ebXML v2.0:
The logical architecture of your implementation should follow this pattern.


If you have further questions, please don't hesitate to contact me.

www.ebxml.org
Posted by Scott Nguyen at 11:10 PM
Labels: , , ,

Cloning webMethods Integration server

This approach is not supported by Software AG, but its a quick way to replicate another Integration Server instance for testing or proof-of-concept.
  1. Shutdown the source IS
  2. Copy the entire directory across
  3. Delete the folowing directories on the new instance, they will regenerate on first startup
    • Audit/data
    • Logs
    • Datastore
    • Documentstore
    • Replicate (keep directories)
    • Wmrepository2
    • Wmrepository4
    • The lockfile
    • /config/dispatch.cnf & /config/backup/dispatch.cnf
  4. Update the following files to reflect new target IS location and desired port number. The following files need to be modified
    • /IntegrationServer/bin/ini.cnf
    • /IntegrationServer/bin/jcode.sh
    • /IntegrationServer/bin/server.sh
    • /IntegrationServer/config/port.cnf
    • /IntegrationServer/config/server.cnf
    • /IntegrationServer/packages/WmRoot/config/listeners.cnf
  5. That's it!
Posted by Scott Nguyen at 10:33 PM
Labels: ,

Configuring webMethods Broker 7.1.2 as a JMS Provider

Increasingly, customers are aware of the value in adopting open standards within their IT infrastructure. 

In middleware Java Message Service (JMS) is the most widely standard used for sending and receiving messages.  It allows components based on Java 2 Platform, Enterprise Edition (J2EE) to create, send, receive, and read messages.

Instructions below is a guide for installing and configuring webMethods Software for JMS compatible.


  1.  Install Integration Server 7.1.2 (localhost:5555) and Broker Server (localhost:6849)
    • Remove all unused packages
    • Add developer account
    • Set Outbound Passwords to 0
    • Set Broker Configuration to Not Configured (restart required)
    • Install WmBrokerAdmin_6_5.zip package
  2. Remove default broker and create ESB JMS broker
    3. MSDOS> cd C:\webMethods712\Broker\bin
MSDOS> .\broker_delete.exe "Broker #1@localhost:6849"
MSDOS> .\broker_create.exe ESB@localhost:6849 -default -description "Enterprise Service Bus JMS Broker"
  3. Create JMS Connection Alias to ESB@localhost:6849
  4. Modify JNDI properties file (C:\webMethods712\Broker\bin\jndi.properties) to refers to the ESB JMS Broker
    5. java.naming.factory.initial=com.webmethods.jms.naming.WmJmsNamingCtxFactory
java.naming.provider.url=wmjmsnaming://ESB@localhost:6849
com.webmethods.jms.naming.clientgroup=admin
  5. Create JMS Connection Alias
    6. Connection Alias Name: ESB_JMS
Enabled: Yes
Description: Enterprise Service Bus JMS Broker
Transaction Type: NO_TRANSACTION
Connection Client ID: HOST_IS
Create Connection Using: NATIVE WEBMETHODS API
Broker Host: localhost:6849
Broker Name: ESB
Client Group: admin
  6. Bind JMS topics to JNDI (so that it can be visible to 3rd JMS)
    7. MSDOS> cd C:\webMethods712\Broker\bin\
MSDOS> .\jmsadmin.exe -p jndi.properties
/ > conn broker ESB server localhost:6849
Connected to ESB on localhost:6849
/ > list
/ > create topic testTopic
/ > permit group admin to publish testTopic
/ > permit group admin to subscribe testTopic
/ > bind topic testTopic with tn=testTopic
/ > bind tcf topicFactory with brokerHost=localhost:6849 group=admin brokerName=ESB
/ > list
[1]: testTopic ==> com.webmethods.jms.impl.WmTopicImpl
/ > quit
  7. Create JNDI Provider Alias
    8. JNDI Alias Name: JNDI_ESB
Description: JNDI for ESB JMS Broker
Initial Context Factory: com.webmethods.jms.naming.WmJmsNamingCtxFactory
Provider URL: wmjmsnaming://ESB@localhost:6849
Other Properties: com.webmethods.jms.naming.clientgroup=admin
Posted by Scott Nguyen at 10:19 PM
Labels: ,

Macquarie Professional Assessments

While ago I attempted the Macquarie Professional Assessments. Attach is my solution to the Practice Leaflet.

Posted by Scott Nguyen at 4:12 PM
Labels: ,

Drive: The surprising truth about what motivates us

Anyone who employs or manages staff in a creative enterprise would be mad to dismiss the ideas in this video.

Posted by Scott Nguyen at 12:14 AM
Labels: ,
Subscribe to: Posts (Atom)