Topologies and Network flows
Overview
The information presented here details possible server topologies for PMF components, as well as available network flows.
The components are deployed according to the server topology that you use. The network flows explain to you how the components communicate with one another and with the end-user devices.
Jump to
- Network flows between the PMF components
- Constraints on the PMF components and Persistent Mobile Foundation Analytics
- Multiple PMF runtimes
- Multiple instances of PMF on the same server
Network flows between the PMF components
The PMF components can communicate with each other over JMX or HTTP. You need to configure certain JNDI properties to enable the communications.
The network flows between the components and the device can be illustrated by the following image:
The flows between the various PMF components, Persistent Mobile Foundation Analytics, the mobile devices, and the application server are explained in the following sections:
- PMF runtime to PMF administration service
- PMF administration service to PMF runtime in other servers
- PMF push service and PMF runtime to Persistent Mobile Foundation Analytics
- PMF administration service to PMF live update service
- PMF Operations Console to PMF administration service
- PMF administration service to PMF push service, and to the authorization server
- PMF push service to an external push notification service (outbound)
- Mobile devices to PMF runtime
PMF runtime to PMF administration service
The runtime and the administration service can communicate with each other through JMX and HTTP. This communication occurs during the initialization phase of the runtime. The runtime contacts the administration service local to its application server to get the list of the adapters and applications that it needs to serve. The communication also happens when some administration operations are run from PMF Operations Console or the administration service. On application servers Apache Tomcat, or WebSphere Application Server Liberty, the administration service must be running on the same server as the runtime.
The protocols for JMX depend on the application server:
- Apache Tomcat - RMI
- WebSphere Application Server Liberty - HTTPS (with the REST connector)
For the communication via JMX, it is required that these protocols are available on the application server. For more information about the requirements, see Application server prerequisites.
The JMX beans of the runtime and the administration service are obtained from the application server.For more information, see Constraints on PMF administration service, PMF live update service and PMF runtime.
To distinguish different installation of PMF on the same application server, you can use an environment ID, which is a JNDI variable. By default, this variable has an empty value. A runtime with a given environment ID communicates only with an administration service that has the same environment ID. For example, the administration service has an environment ID set to X, and the runtime has a different environment ID (for example, Y), then the two components do not see each other. The PMF Operations Console shows no runtime available.
An administration service must be able to communicate with all the PMF runtime components of a cluster. When an administration operation is run, such as uploading a new version of an adapter, or changing the active status of an application, all runtime components of the cluster must be notified about the change. For more information, see Constraints on PMF administration service, PMF live update service and PMF runtime.
The runtime also communicates with the administration service through HTTP or HTTPS to download large artifacts such as the adapters. A URL is generated by the administration service and the runtime opens and outbound HTTP or HTTPS connection to request an artifact from this URL. It is possible to override the default URL generation by defining the JNDI properties (mfp.admin.proxy.port, mfp.admin.proxy.protocol, and mfp.admin.proxy.host) in the administration service. The administration service might also need to communicate with the runtime through HTTP or HTTPS to get the OAuth tokens that are used to run the push operations. For more information, see PMF administration service to PMF push service, and to the authorization server.
The JNDI properties that are used for the communication between the runtime and the administration service are as follows:
PMF administration service
- JNDI properties for administration services: JMX
- JNDI properties for administration services: proxies
- JNDI properties for administration services: topologies
PMF runtime
PMF administration service to PMF runtime in other servers
As described in PMF runtime to PMF administration service, it is required to have the communication between an administration service and all the runtime components of a cluster. When an administration operation is run, all the runtime components of a cluster can then be notified about this modification. The communication is through JMX.
For a WebSphere Application Server Liberty profile, or Apache Tomcat, the communication can happen only if a farm is configured. For more information, see Installing a server farm.
PMF push service and PMF runtime to Persistent Mobile Foundation Analytics
The runtime sends data to Persistent Mobile Foundation Analytics through HTTP or HTTPS. The JNDI properties of the runtime that are used to define this communication are:
-
mfp.analytics.url - the URL that is exposed by Persistent Mobile Foundation Analytics service to receive incoming analytics data from the runtime. Example:
http://<hostname>:<port>/analytics-service/restWhen Persistent Mobile Foundation Analytics is installed as a cluster, the data can be sent to any member of the cluster.
- mfp.analytics.username - the user name that is used to access Persistent Mobile Foundation Analytics service. The analytics service is protected by a security role.
- mfp.analytics.password - the password to access the analytics service.
-
mfp.analytics.console.url - the URL that is passed to PMF Operations Console to display a link to PMF Analytics Console. Example:
http://<hostname>:<port>/analytics/consoleThe JNDI properties of the push service that are used to define this communication are:
-
mfp.push.analytics.endpoint - the URL that is exposed by Persistent Mobile Foundation Analytics service to receive incoming analytics data from the push service. Example:
http://<hostname>:<port>/analytics-service/restWhen Persistent Mobile Foundation Analytics is installed as a cluster, the data can be sent to any member of the cluster.
- mfp.push.analytics.username - the user name that is used to access Persistent Mobile Foundation Analytics service. The analytics service is protected a security role.
- mfp.push.analytics.password - the password to access the analytics service.
PMF administration service to PMF live update service
The administration service communicates with the live update service to store and retrieve configuration information about the PMF artifacts. The communication is performed through HTTP or HTTPS.
The URL to contact the live update service is automatically generated by the administration service. Both services must be on the same application server. The context root of the live update service must define in this way: <adminContextRoot>config. For example, if the context root of the administration service is mfpadmin, then the context root of the live update service must be mfpadminconfig. It is possible to override the default URL generation by defining the JNDI properties (mfp.admin.proxy.port, mfp.admin.proxy.protocol, and mfp.admin.proxy.host) in the administration service.
The JNDI properties to configure this communication between the two services are:
- mfp.config.service.user
- mfp.config.service.password
- And those properties in JNDI properties for administration services: proxies.
PMF Operations Console to PMF administration service
PMF Operations Console is a web user interface and acts as the front end to the administration service. It communicates with the REST services of the administration service through HTTP or HTTPS. The users who are allowed to use the console, must also be allowed to use the administration service. Each user that is mapped to a certain security role of the console must also be mapped to the same security role of the service. With this setup, the requests from the console can thus be accepted by the service.
The JNDI properties to configure this communication are in JNDI properties for the PMF Operations Console.
Note: The mfp.admin.endpoint property enables the console to locate the administration service. You can use the asterisk character “*” as wildcard for specifying that the URL, generated by the console to contact the administration services, use the same value as the incoming HTTP request to the console. For example:
*://*:*/mfpadminmeans use the same protocol, host, and port as the console, but use mfpadmin as context root. This property is specified for the console application.
PMF administration service to PMF push service, and to the authorization server
The administration service communicates with the push service to request various push operations. This communication is secured through the OAuth protocol. Both services need to be registered as confidential clients. An initial registration can be performed at installation time. In this process, both services need to contact an authorization server. This authorization server can be PMF runtime.
The JNDI properties of the administration service to configure this communication are:
- mfp.admin.push.url - the URL of the push service.
- mfp.admin.authorization.server.url - the URL of the PMF authorization server.
- mfp.admin.authorization.client.id - the client ID of the administration service, as an OAuth confidential client.
- mfp.admin.authorization.client.secret - the secret code that is used to get the OAuth-based tokens.
Note: The mfp.push.authorization.client.id and mfp.push.authorization.client.secret properties of the administration service can be used to register the push service automatically as a confidential client when the administration service starts. The push service must be configured with the same values.
The JNDI properties of the push service to configure this communication are:
- mfp.push.authorization.server.url - the URL of the PMF authorization server. Same as the property mfp.admin.authorization.server.url.
- mfp.push.authorization.client.id - the client ID of the push service to contact the authorization server.
- mfp.push.authorization.client.secret - the secret code that is used to contact the authorization server.
PMF push service to an external push notification service (outbound)
The push service generates outbound traffic to the external notification service such as Apple Push Notification Service (APNS) or Google Cloud Messaging (GCM). This communication can also be done through a proxy. Depending on the notification service, the following JNDI properties must be set:
- push.apns.proxy
- push.gcm.proxy
For more information, see List of JNDI properties for PMF push service.
Mobile devices to PMF runtime
The mobile devices contact the runtime. The security of this communication is determined by the configuration of the application and the adapters that are requested. For more information, see PMF security framework.
Constraints on the PMF components and Persistent Mobile Foundation Analytics
Understand the constraints on the various PMF components and Persistent Mobile Foundation Analytics before you decide your server topology.
- Constraints on PMF administration service, PMF live update service and PMF runtime
- Constraints on PMF push service
Constraints on PMF administration service, PMF live update service and PMF runtime
Find out the constraints and the deployment mode of the administration service, live update service, and the runtime per server topology.
The live update service must be always installed with the administration service on the same application server as explained in PMF administration service to PMF live update service. The context root of the live update service must define in this way: /<adminContextRoot>config. For example, if the context root of the administration service is /mfpadmin, then the context root of the live update service must be /mfpadminconfig.
You can use the following topologies of application servers:
- Stand-alone server: WebSphere Application Server Liberty profile, or Apache Tomcat
- Server farm: WebSphere Application Server Liberty profile, or Apache Tomcat
- Liberty collective
Modes of deployment
Depending on the application server topology that you use, you have two modes of deployment choice for deploying the administration service, the live update service and the runtime in the application server infrastructure. In asymmetric deployment, you can install the runtimes on different application servers from the administration and the live update services.
Symmetric deployment
In symmetrical deployment, you must install the PMF administration components (PMF Operations Console, the administration service, and the live update service applications) and the runtime on the same application server.
Asymmetric deployment
In asymmetric deployment, you can install the runtimes on different application servers from the PMF administration components.
Asymmetric deployment is only supported for Liberty collective topology.
Select a topology
Stand-alone server topology
You can configure a stand-alone topology for WebSphere Application Server Liberty profile, and Apache Tomcat. In this topology, all the administration components and the runtimes are deployed in a single Java Virtual Machine (JVM).
With one JVM, only symmetric deployment is possible with the following characteristics:
- One or several administration components can be deployed. Each PMF Operations Console communicates with one administration service and one live update service.
- One or several runtimes can be deployed.
- One PMF Operations Console can manage several runtimes.
- One runtime is managed by only one PMF Operations Console.
- Each administration service uses its own administration database schema.
- Each live update service uses its own live update database schema.
- Each runtime uses its own runtime database schema.
Configuration of JNDI properties
Some JNDI properties are required to enable Java Management Extensions (JMX) communication between the administration service and the runtime, and to define the administration service that manages a runtime. For details about these properties, see List of JNDI properties for PMF administration service and List of JNDI properties for PMF runtime.
Stand-alone WebSphere Application Server Liberty profile server
The following global JNDI properties are required for the administration services and the runtimes.
| JNDI properties | Values |
|---|---|
| mfp.topology.platform | Liberty |
| mfp.topology.clustermode | Standalone |
| mfp.admin.jmx.host | The host name of the WebSphere Application Server Liberty profile server. |
| mfp.admin.jmx.port | The port of the REST connector that is the port of the httpsPort attribute declared in the <httpEndpoint> element of the server.xml file of WebSphere Application Server Liberty profile server. This property has no default value. |
| mfp.admin.jmx.user | The user name of the WebSphere Application Server Liberty administrator, which must be identical to the name defined in the <administrator-role> element of the server.xml file of the WebSphere Application Server Liberty profile server. |
| mfp.admin.jmx.pwd | The password of the WebSphere Application Server Liberty administrator user. |
Several administration components can be deployed to enable the same JVM to run on separate administration components that manage different runtimes.
When you deploy several administration components, you must specify:
- On each administration service, a unique value for the local mfp.admin.environmentid JNDI property.
- On each runtime, the same value for the local mfp.admin.environmentid JNDI property as the value defined for the administration service that manages the runtime.
Stand-alone Apache Tomcat server The following local JNDI properties are required for the administration services and the runtimes.
| JNDI properties | Values |
|---|---|
| mfp.topology.platform | Tomcat |
| mfp.topology.clustermode | Standalone |
JVM properties are also required to define Java Management Extensions (JMX) Remote Method Invocation (RMI). For more information, see Configuring JMX connection for Apache Tomcat.
If the Apache Tomcat server is running behind a firewall, the mfp.admin.rmi.registryPort and mfp.admin.rmi.serverPort JNDI properties are required for the administration service. See Configuring JMX connection for Apache Tomcat.
Several administration components can be deployed to enable the same JVM to run on separate administration components that manage different runtimes.
When you deploy several administration components, you must specify:
- On each administration service, a unique value for the local mfp.admin.environmentid JNDI property.
- On each runtime, the same value for the local mfp.admin.environmentid JNDI property as the value defined for the administration service that manages the runtime.
Several administration components can be deployed to enable the same JVM to run on separate administration components that manage different runtimes.
When you deploy several administration components, you must specify:
- On each administration service, a unique value for the local mfp.admin.environmentid JNDI property.
- On each runtime, the same value for the local mfp.admin.environmentid JNDI property as the value defined for the administration service that manages the runtime.
Server farm topology
You can configure a farm of WebSphere Application Server Liberty profile, or Apache Tomcat application servers.
A farm is a set of individual servers where the same components are deployed and where the same administration service database and runtime database are shared between the servers. The farm topology enables the load of PMF applications to be distributed across several servers. Each server in the farm must be a Java virtual machine (JVM) of the same type of application server; that is, a homogeneous server farm. For example, a set of several Liberty servers can be configured as a server farm. Conversely, a mix of Liberty server, or Tomcat server cannot be configured as a server farm.
In this topology, all the administration components (PMF Operations Console, the administration service, and the live update service) and the runtimes are deployed on every server in the farm.
This topology supports only symmetric deployment. The runtimes and the administration components must be deployed on every server in the farm. The deployment of this topology has the following characteristics:
- One or several administration components can be deployed. Each instance of PMF Operations Console communicates with one administration service and one live update service.
- The administration components must be deployed on all servers in the farm.
- One or several runtimes can be deployed.
- The runtimes must be deployed on all servers in the farm.
- One PMF Operations Console can manage several runtimes.
- One runtime is managed by only one PMF Operations Console.
- Each administration service uses its own administration database schema. All deployed instances of the same administration service share the same administration database schema.
- Each live update service uses its own live update database schema. All deployed instances of the same live update service share the same live update database schema.
- Each runtime uses its own runtime database schema. All deployed instances of the same runtime share the same runtime database schema.
Configuration of JNDI properties
Some JNDI properties are required to enable JMX communication between the administration service and the runtime of the same server, and to define the administration service that manages a runtime. For convenience, the following tables list these properties. For instructions about how to install a server farm, see Installing a server farm. For more information about the JNDI properties, see List of JNDI properties for PMF administration service and List of JNDI properties for PMF runtime.
WebSphere Application Server Liberty profile server farm
The following global JNDI properties are required in each server of the farm for the administration services and the runtimes.
| JNDI properties | Values |
|---|---|
| mfp.topology.platform | Liberty |
| mfp.topology.clustermode | Farm |
| mfp.admin.jmx.host | The host name of the WebSphere Application Server Liberty profile server |
| mfp.admin.jmx.port |
The port of the REST connector that must be identical to the value of the httpsPort attribute declared in the httpEndpoint element of the server.xml file of the WebSphere Application Server Liberty profile server.
|
| mfp.admin.jmx.user |
The user name of the WebSphere Application Server Liberty administrator that is defined in the administrator-role element of the server.xml file of the WebSphere Application Server Liberty profile server.
|
| mfp.admin.jmx.pwd | The password of the WebSphere Application Server Liberty administrator user. |
The mfp.admin.serverid JNDI property is required for the administration service to manage the server farm configuration. Its value is the server identifier, which must be different for each server in the farm.
Several administration components can be deployed to enable the same JVM to run on separate administration components that manage different runtimes.
When you deploy several administration components, you must specify:
- On each administration service, a unique value for the local mfp.admin.environmentid JNDI property.
- On each runtime, the same value for the local mfp.admin.environmentid JNDI property as the value defined for the administration service that manages the runtime.
Apache Tomcat server farm
The following global JNDI properties are required in each server of the farm for the administration services and the runtimes.
| JNDI properties | Values |
|---|---|
| mfp.topology.platform | Tomcat |
| mfp.topology.clustermode | Farm |
JVM properties are also required to define Java Management Extensions (JMX) Remote Method Invocation (RMI). For more information, see Configuring JMX connection for Apache Tomcat.
The mfp.admin.serverid JNDI property is required for the administration service to manage the server farm configuration. Its value is the server identifier, which must be different for each server in the farm.
Several administration components can be deployed to enable the same JVM to run on separate administration components that manage different runtimes.
When you deploy several administration components, you must specify:
- On each administration service, a unique value for the local mfp.admin.environmentid JNDI property.
- On each runtime, the same value for the local mfp.admin.environmentid JNDI property as the value defined for the administration service that manages the runtime.
Several administration components can be deployed to enable the same JVM to run on separate administration components that manage different runtimes.
When you deploy several administration components, you must specify the following values:
- On each administration service, a unique value for the local mfp.admin.environmentid JNDI property.
- On each runtime, the same value for the local mfp.admin.environmentid JNDI property as the value defined for the administration service that manages the runtime.
Liberty collective topology
You can deploy the PMF components in a Liberty collective topology.
In the Liberty collective topology, the PMF administration components (PMF Operations Console, the administration service, and the live update service) are deployed in a collective controller and the PMF runtimes in collective member. This topology supports only asymmetric deployment, the runtimes cannot be deployed in a collective controller.
The deployment of this topology has the following characteristics:
- One or several administration components can be deployed in one or several controllers of the collective. Each instance of * * PMF Operations Console communicates with one administration service and one live update service.
- One or several runtimes can be deployed in the cluster members of the collective.
- One PMF Operations Console manages several runtimes that are deployed in the cluster members of the collective.
- One runtime is managed by only one PMF Operations Console.
- Each administration service uses its own administration database schema.
- Each live update service uses its own live update database schema.
- Each runtime uses its own runtime database schema.
Configuration of JNDI properties
The following tables list the JNDI properties are required to enable JMX communication between the administration service and the runtime, and to define the administration service that manages a runtime. For more information about these properties, see List of JNDI properties for PMF administration service and List of JNDI properties for PMF runtime. For instructions about how to install a Liberty collective manually, see Manual installation on WebSphere Application Server Liberty collective.
The following global JNDI properties are required for the administration services:
| JNDI properties | Values |
|---|---|
| mfp.topology.platform | Liberty |
| mfp.topology.clustermode | Cluster |
| mfp.admin.serverid | controller |
| mfp.admin.jmx.host | The host name of the Liberty controller. |
| mfp.admin.jmx.port | The port of the REST connector that must be identical to the value of the httpsPort attribute declared in the httpEndpoint element of the server.xml file of the Liberty controller.
|
| mfp.admin.jmx.user | The user name of the controller administrator that is defined in the administrator-role element of the server.xml file of the Liberty controller.
|
| mfp.admin.jmx.pwd | The password of the Liberty controller administrator user. |
Several administration components can be deployed to enable the controller to run separate administration components that manage different runtimes.
When you deploy several administration components, you must specify on each administration service, a unique value for the local mfp.admin.environmentid JNDI property.
The following global JNDI properties are required for the runtimes:
| JNDI properties | Values |
|---|---|
| mfp.topology.platform | Liberty |
| mfp.topology.clustermode | Cluster |
| mfp.admin.serverid | A value that identifies uniquely the collective member. It must be different for each member in the collective. The value controller cannot be used as it is reserved for the collective controller. |
| mfp.admin.jmx.host | The host name of the Liberty controller. |
| mfp.admin.jmx.port | The port of the REST connector that must be identical to the value of the httpsPort attribute declared in the httpEndpoint element of the server.xml file of the Liberty controller.
|
| mfp.admin.jmx.user | The user name of the controller administrator that is defined in the administrator-role element of the server.xml file of the Liberty controller.
|
| mfp.admin.jmx.pwd | The password of the Liberty controller administrator user. |
The following JNDI property is required for the runtime when several controllers (replicas) using the same administration components are used:
| JNDI properties | Values |
|---|---|
| mfp.admin.jmx.replica | Endpoint list of the different controller replicas with the following syntax: replica-1 hostname:replica-1 port, replica-2 hostname:replica-2 port,..., replica-n hostname:replica-n port |
When several administration components are deployed in the controller, each runtime must have the same value for the local mfp.admin.environmentid JNDI property as the value that is defined for the administration service that manages the runtime.
Constraints on PMF push service
The push service can be on the same application server as the administration service or the runtime, or can be on a different application server. The URL used by the client apps to contact the push service is the same as the URL used by the client apps to contact the runtime, excepted that the context root of the runtime is replaced by imfpush. If you install the push service on a different server than the runtime, your HTTP server must direct the traffic to the /imfpush context root to a server where the push service runs.
For more information about the JNDI properties that are needed to adapt the installation to a topology, see PMF administration service to PMF push service, and to the authorization server. The push service must be installed with the context root /imfpush.
Multiple PMF runtimes
You can install multiple runtimes. Each runtime must have its own context root, and all of these runtimes are managed by the same PMF administration service and PMF Operations Console.
The constraints as described in Constraints on PMF administration service, PMF live update service and PMF runtime applies. Each runtime (with its context root) must have its own database tables.
For instructions, see Configuring multiple runtimes.
Multiple instances of PMF on the same server
By defining a common environment ID, multiple instances of PMF are possible to be installed on the same server.
You can install multiple instances of PMF administration service, PMF live update service, and PMF runtime on the same application server. However, you must distinguish their installations with the JNDI variable: mfp.admin.environmentid, which is a variable of the administration service and of the runtime. The administration service manages only the runtimes that have the same environment identifier. As such, only the runtime components and the administration service that have the same value for mfp.admin.environmentid are considered as part of the same installation.
▲