I have an activeMQ network with 2 instances. Those 2 instances are running 5.5 version of activeMQ. I want to add a new server in 5.9 version. Is this feasible? What should I have in mind? Any gotchas?
Thanks.
We don't test the network of brokers between versions. It may work but we encourage users to upgrade all their brokers to the latest release once the messages contained in those broker's stores have been migrated to a new broker. You can do this by networking an older broker to a newer one and then creating a subscription on any destination that has messages on the old broker on the new one and letting the demand drain the old broker.
Related
I inherited a web app that acts as a corporate dashboard. It's an ASP.NET app. .NET version = 4.7.2
It's running on two Windows 2016 Standard servers running IIS 10. Been in operation for many years.
One of the things the app does is make an HTTP request to a particular https:// URL, grab the data, parse out the JSON, and cache the list of objects. This has been working for many, many months. (Note: the "remote" server we're calling is still "in-house". Another person within my team basically "owns" that.)
Well, on Thanksgiving Weekend, it looks like the Prod App Pool cycled. And immediately that query started erroring with "System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel."
Myself and a few other folks were paged. At the time, we didn't notice (in Event Viewer) that the App Pool had cycled. After a few hours of investigating (and rebooting the app servers), the fellow who "owns" the server we are querying quickly set up a new end point for that same resource...setting it to allow HTTP connections / not require the use of HTTPS. The intention was that this would be a work-around until we could investigate the problem later.
Well, it's now "later".
The remote server that we are calling appears to require the use of TLS 1.3. I confirmed this by using both Firefox and Chrome on my own laptop to pull up a couple of https: urls on that server.
So, Ah-ha, I thought to myself, I had found information earlier this afternoon suggesting that Windows Server 2016 Standard didn't support the use of TLS 1.3! (https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-#tls-protocol-version-support)
But then I remembered: Earlier, I had been able to pull up those https: URLs in Chrome while logged onto my app's webservers! Sure enough, I went over there and retested with Firefox and Chrome. Both said the connections they'd made were using TLS version 1.3 !!
So, what the ???? That makes it seem like Windows Server 2016 Standard DOES support TLS 1.3 !??
And, from everything I've read, since my app is using .NET version 4.7.2, it should default to using whatever the default protocol for the OS is. So, shouldn't it too be using TLS 1.3 ? Why the heck can't it make a connection?
I'm certainly needing some direction on what to do next.
Thanks!
Background
Many statements from your question body above are true, but you need to put the contents into contexts so as to get the whole picture.
First, Chrome/Firefox supports TLS 1.3, but that support comes from the crypto libraries (many options out there, Mozilla NSS, OpenSSL and so on) they ship with themselves, not from Windows native crypto API.
Second, like you found out, Windows Server 2016 does not support TLS 1.3 natively because its underlying crypto API lacks of TLS 1.3 support. TLS 1.3 support is only included in Windows Server 2022 at this moment (and whether it will be back ported to previous Windows versions is unknown).
Third, when you try to analyze Windows components (like .NET Framework) or products, you need to identify what they rely on to perform TLS, Windows native crypto API or their own dependencies (like Chrome/Firefox does).
Answer to your specific ASP.NET question
Sadly it is well known that BCL classes in .NET Framework rely on Windows native crypto API, so on Windows Server 2016 you can go with TLS 1.2 at most.
If your application needs TLS 1.3 badly, you need to upgrade to Windows Server 2022, or switch to a third party crypto API.
Reference
https://www.quora.com/How-does-one-decide-between-OpenSSL-GnuTLS-and-Mozillas-NSS
TLS 1.2 on Windows Server 2003 and XP
My department is coming from a .NET 4.8 wcf/wpf client/server architecture world. But times change and there a new requirements on connecting .NET back-ends to web applications, mobile apps and (also) desktop applications. We have experience on how to transfer messages from back-end to clients, as we implemented our own net. TCP message broker.
And here comes the first main topic of my question:
#1 Is the usage of a google protobuf/amqp event broker the right way to connect micro-services with all kind of clients (web, mobile, desktop), as well as with other back-end components?
My current investigation led me to 3 products:
RabbitMQ with its amqp
NATS/STAN with a google protobuf message protocol including event storage in MySQL/Postegres
Eventstore with google protobuf message protocol including event storave in an own database system
Which leads me to my second question:
#2 What experience did you make with any of these products? Any pros, cons or snares?
We don't need any clustered systems or highly scalable solutions, as every customer has its own encapsulated system with < 40 clients. But we want a reliable message/event transmission (which should be achieved by any of the 3 mentioned brokers).
BR Christian
I constructed a spring boot application to produce data in a Kafka, but now I need to connect this application to an old Kafka (0.11v). I tried just changing the bootstrap-server, but I receive connection errors.
I doubled checked if this Kafka instance is working, and other applications are connecting.
My question is if a new version of spring-Kafka like v2.5.4.RELEASE can connect to an old version of Kafka. Is there any configuration I can add to use legacy Kafka instances? I constructed a spring boot application to produce data in a Kafka, but now I need to connect this application to an old Kafka (0.11v). I tried just changing the bootstrap-server, but I receive connection errors.
I doubled checked if this Kafka instance is working, and other applications are connecting.
My question is if a new version of spring-Kafka like v2.5.4.RELEASE can connect to an old version of Kafka. Is there any configuration I can add to use legacy Kafka instances?
In general, yes, as long as you don't use features provided by the newer brokers.
Backwards compatibility for the Java clients has been pretty good since 0.10.2.x.
There is a compatibility matrix here but it hasn't been updated since the 1.0.0 clients.
SK v2.5.4 uses the 2.5.0 clients (2.5.5 uses 2.5.1). I haven't tried connecting to such an old broker lately, what is the nature of the connection errors?
EDIT
I just ran a Boot app using Spring Kafka 2.5.5 against an 0.11.0.3 broker with no problems.
I recently entered into some API management tools. I could see these API management tools can do whatever Data-power is doing and these are also placed in front of back-end services to protect the back-end servers.
So,what makes Data-power unique?Or is it fair to compare Data-power with API management tools as its competitors?If yes, why IBM itself brought in a tool named IBM API management?
Ok, so the API solution from IBM, now called IBM API Connect (APIc) is more or less just the GUI to handle, set or view your APIS and statistics about them.
The actual HTTP requests (or IBM MQ requests) when using one of your API's goes through the API run-time.
IBM offers two different run-times today, MicroGateway (former StrongLoop) or IBM DataPower. DataPower comes as either hardware appliance, a virtual appliance or as a Docker container.
If you select to run APIc on DataPower you will be able to use all of the other features of Datapower as well (and there is a ton of them!).
MicroGateway is a Node.js runtime so it requires its own server and cluster obviously.
DataPower has built in cluster support and of course a DataPower appliance is built to sit Internet facing in the DMZ so all security is covered!
You will also have a few more functions/features in APIc using DataPower as the runtime.
So, to answer your question; No, it is not fair to compare APIc on DataPower with the competitors of "just" API solutions as DataPower brings in so much more to the deal. DataPower is a full grown gateway solutions for all your integration needs and it comes with FTP, sFTP, IBM MQ, Node.js runtime, HTTP server, SOAP WS-I, AS1-4, EDI (X12 and EDIFACT), etc.
If you want to compare to other API vendors you should really compare APIc on MicroGateway in my opinion...
You can test both APIc and DataPower (Docker) for free in "non-production" use:
https://developer.ibm.com/apiconnect/getting-started/
https://hub.docker.com/r/ibmcom/datapower/
Is it possible to scale out SignalR using Windows Server Service Bus?
I found sample of doing it with Redis, and I know there are libraries in GitHub for SQL Server (although I couldn't find a working sample for that), but I would like to implement it using the new on-premises Service Bus.
Any ideas / references?
Thanks!
In theory yes. The current stable versions support the Azure Service Bus, the latest source includes a rework of the scaleout providers such that even if it doesn't work out of the box (as the two service bus solutions are designed to have API parity) it should be straightforward to implement.
The service bus scaleout is enabled using its DependencyResolverExtensions class.