Client Connections
After your servers are up and running, you are ready to connect client applications. How your clients connect depends on where they are hosted. Clients running in pods within the same Kubernetes cluster are known as in-cluster clients. They use a Kubernetes native service infrastructure to connect to EMS. Clients hosted elsewhere, for example, on-premises or different region, need additional setup.
In general, to connect your clients to EMS, you need an EMS server URL, an EMS username, password, and possibly a client certificate. You can refer to the following details for finding your EMS server URL. Any username, password, or certificate information that are required are provided by your EMS administrator.
In-cluster Client Access
For client applications in the same Kubernetes cluster, the connection URL is EMS_TCP_URL as displayed on the capabilities details card. This applies to TIBCO BusinessWorks™ Container Edition or TIBCO Flogo® applications deployed in the same or other data planes inside the same Kubernetes cluster.
You can connect the EMS capability with TIBCO BusinessWorks Container Edition or TIBCO Flogo®. For more information, see Connecting Enterprise Messaging Service capability in TIBCO BusinessWorks Container Edition and Connecting Enterprise Messaging Service capability in TIBCO Flogo.
EMS_TCP_URL is a comma-separated list of two URLs
i.e: tcp://host1-emsactive.dp.svc:port1,tcp://host1-ems.dp.svc:port1
.
This connection URL format is required to enable connection retry mechanisms in the EMS client library. The actual URLs map to a Kubernetes services, which abstracts access to the EMS server pods. This service provides the active-standby load balancing required for high availability.
Off-cluster Client Access
Enabling EMS access for clients running outside the Kubernetes cluster requires setting up a TCP load-balancer (or TCP enabled ingress controller). Vendor instructions are required for this setup, as each vendor and load-balancer option requires different setup details. For more details, see the Microsoft Azure documentation and the AWS documentation.
The preferred setup uses TLS termination at the load-balancer, and connects to the EMS TCP service port. You can use this setup to manage vendors, publicly rooted certificates that do not require distribution of client certificates.
The other option is to set up a TCP load-balancer configured for TLS pass-through, connecting to the EMS TLS service port. The EMS server is preconfigured with the EMS sample server certificate. For more details, see File Names for Certificates and Keys section in the TIBCO Enterprise Message Service™ User Guide. To update the EMS server-group with a customer-generated certificate, see Changing the EMS Server SSL Certificate.