Additional System Requirements for a Distributed BPM System

A distributed TIBCO BPM Enterprise system has additional architectural requirements.

The requirements for a distributed BPM system are shown in the following table.

Requirement Description
Load Balancer Manages HTTPS requests from TIBCO BPM Enterprise clients across the nodes hosting BPM pods.
Note: The load balancer, the database server, the LDAP server, and the SMTP server (if used) must each be available to each pod that is part of the BPM system.

For a high availability configuration, each of them must also be configured to provide high availability and fault tolerance.

Load Balancer

The load balancer must be configured as follows:

  • TIBCO BPM Enterprise HTTP port (Default: 8181) used for communication between TIBCO BPM Enterprise and external clients must be configured for load balancing across the relevant pods.
  • Sticky connections should be used so that client session context is maintained. (If the server hosting this session dies, the client is logged out and you need to log in again.)

Kubernetes Service

apiVersion: v1
kind: Service
metadata:
  name: bpm-service
  namespace: ${K8SNAMESPACE}
  annotations: {}
spec:
  type: NodePort
  selector:
    app: bpm
    tier: backend
  ports:
  - protocol: TCP
    port: 8181
    targetPort: 8181

Kubernetes Ingress YAML Configuration

Note: This configuration is applicable for AWS application load balancer.

The following configuration is for illustration purposes only.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "bpm-alb-ingress"
  namespace: ${K8SNAMESPACE}
  annotations:
	kubernetes.io/ingress.class: alb
	alb.ingress.kubernetes.io/scheme: internet-facing
	alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN}
	# Sticky session duration is 7 days 604800 seconds
	alb.ingress.kubernetes.io/target-group-attributes:
	stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=604800

	alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80,"HTTPS":443}]'
	alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type":"redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443",
	"StatusCode": "HTTP_301"}}'
	alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
	alb.ingress.kubernetes.io/target-type: ip
	alb.ingress.kubernetes.io/healthcheck-port: traffic-port
	alb.ingress.kubernetes.io/healthcheck-path:/bpm/adapter/v1/liveness
spec:
 rules:
 - host: ${DNS_ALIAS_FQ_DOMAIN_NAME}
	     http:
		    paths:
			    - path: /*
					backend:
						serviceName: ssl-redirect
						servicePort: use-annotation
					- path: /*
					backend:
						serviceName: bpm-service
						servicePort: 8181