IBM ACE Security Statistics Test
When a message flow is configured with a security profile, requests are typically made to a security provider or security token server (STS) to process and approve authentication, mapping, or authorization. Use the IBM ACE Security statistics test to review the number of requests that are made, how many of those requests are successful, and how many are being serviced from the security cache.
Target of the test : An IBM App Connect Enterprise
Agent deploying the test : An internal/remote agent.
Outputs of the test : One set of results for each Execution group:security provider of the App Connect Enterprise that is to be monitored
| Parameters | Description |
|---|---|
|
Test period |
How often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
|
Port |
The port on which the specified host listens. The default is 2414. |
|
QM Host |
By default, the eG agent collects the performance metrics from the target IBM App Connect Enterprise and stores the metrics in the queue manager of the IBM WebSphere MQ server that is loosely coupled with the target IBM App Connect Enterprise. To store the performance metrics, the eG agent should be aware of the host name or IP address of the queue manager. For this, specify the host name or the IP address of the queue manager in the QM Host text box. |
|
QM Port |
Specify the port number on which the queue manager is listening for client connections. The default is 2414. |
|
QM User |
If you want to login as a specific MQ user to execute this test, then specify a valid user name in the User text box. The test will fail if an invalid user name is specified here. If no such authentication is required, then this parameter can be set to 'none'. If the user belongs to an Active Directory group, then, specify the user name in the following format: <username>@<domain name>. For example, if the user belongs to eginnovations/john, then, your specification should be: john@eginnovations.com. |
|
QM Password |
If a specific User is entered, then the password of that user has to be specified in the Password text box. |
|
Confirm Password |
Confirm the password by retyping it in the Confirm Password text box. |
|
SERVERCONNCHANNEL |
The name of the server connection channel for the WebSphere MQ server. The default value is "SYSTEM.DEF.SVRCONN". If you prefer not to use this default server connection channel for monitoring purposes, then you can create a custom channel in the WebSphere MQ server and use it for monitoring. The steps for achieving this have been detailed in Creating a Custom Channel |
|
SSL Cipher Spec |
This parameter is applicable only if SSL-enabled channel is used for communication to the target IBM App Connect Enterprise, if not, set this parameter to none. A cipher suite is a set of cryptographic algorithms that are used before a client application and server exchange information over an SSL/TLS connection. It consist of sets of instructions on how to secure a network through SSL (Secure Sockets Layer) or TLS (Transport Layer Security). In this text box, provide the cipher suite that is allowed for SSL/TLS connection to the target server. By default, this parameter is set to none. To know if SSL-enabled channel is used for communication, refer to Enabling One-Way SSL Communication on the Channel |
|
Two Way SSL |
This parameter is applicable only if SSL-enabled channel is used for communication to the target IBM App Connect Enterprise, if not, set this flag to No. If two-way SSL authentication is used then set this flag to Yes. Set this flag to No if one-way SSL communication is used. |
|
Truststore |
This parameter is applicable only if SSL-enabled channel is used for communication to the target IBM App Connect Enterprise, if not, set this parameter to none. Truststore is used to store certificates from Certified Authorities (CA) that verify and authenticate the certificate presented by the server in an SSL connection. Therefore, the eG agent should have access to the truststore where the certificates are stored to authenticate and connect with the target server and collect metrics. For this, first extract the certificates from the server into the following default location /opt/egurkha/jre/lib/security/egmqsslstore.jks. To know how to create and extract the certificate into the truststore, refer to Configuring the eG Agent to Monitor the Queue Manager. Then, provide the truststore file name in this text box. For example: egmqsslstore.jks. However, if you are using a different location to store the certificate then, provide the full path to this file in this text box. By default, none is specified against this text box. |
|
Truststore Password |
This parameter is applicable only if SSL-enabled channel is used for communication to the target IBM App Connect Enterprise, if not, set this parameter to none. If a Truststore File name or file path is provided, then, in this text box, provide the password that is used to obtain the associated certificate details from the Truststore File. |
|
Confirm Password |
This parameter is applicable only if SSL-enabled channel is used for communication to the target IBM App Connect Enterprise, if not, set this parameter to none. Confirm the password by retyping it in this text box. |
|
Keystore |
This parameter is applicable only if two-way SSL authentication is used, if not, set this parameter to none. Keystore contains the private keys for the certificates that the client can provide to the server upon request. eG agent requires access to the keystore where client certificate is stored to send that to the server so that the server validates the certificate against the one contained in its trustore. For this purpose, first create the client certificate in the following default location /opt/egurkha/jre/lib/security/egmqsslstore.jks. To know how to create the certificate, refer to Configuring the eG Agent to Monitor the Queue Manager. Then, provide the keystore file name in this text box. For example:egmqsslstore.jks. However, if you are using a different location to store the certificate then, provide the full path to this file in this text box. By default, none is specified against this text box. If you are using one-way SSL authentication, this parameter is set to none. |
|
Keystore Password |
This parameter is applicable only if two-way SSL authentication is used, if not, set this parameter to none. If a Keystore File name or file path is provided, then, in this text box, provide the password that is used to obtain the associated certificate details from the Keystore File. |
|
Confirm Password |
This parameter is applicable only if two-way SSL authentication is used, if not, set this parameter to none. Confirm the password by retyping it in this text box. |
|
Queue Resource Stats |
Specify the name of the local queue that you have created for storing the Resource statistics. To know more about how to create a local queue, refer to Creating a Local Queue. |
|
Queue Flow Stats |
Specify the name of the local queue that you have created for storing the Message flow statistics. To know more about how to create a local queue, refer to Creating a Local Queue. |
|
Timeout |
Specify the duration (in seconds) within which the query executed by this test should Timeout in this text box. The default is 120 seconds. |
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Total cache entries |
Indicates the total number of security operation result entries in the security cache of this security provider. |
Number |
A security operation is defined in the security profile as authentication, mapping, or authorization. A cache entry might include a returned security token. |
|
Total security operations |
Indicates the total number of security operations during the last measurement period. |
Number |
A security operation is defined in the security profile as authentication, mapping, or authorization. A security profile with both authentication and authorization counts as two operations. |
|
Successful security operations |
Indicates the number of security operations that were approved during the last measurement period. |
Number |
|
|
Operations serviced by cache |
Indicates the number of security operations that were serviced from the security cache during the last measurement period. |
Number |
A high value is desired for this measure. |
|
Unsuccessful security operations |
Indicates the number of security operations that failed to be approved during the last measurement period. |
Number |
Ideally, the value of this measure should be zero. |