overview

Overview

The HYTE Console is an enterprise infrastructure management tool. It provides advanced tools to help your team be more efficient and accurate in a secure manner. With the HYTE Console, your team members are enabled to securely perform their job functions without risk to the business. With the HYTE Console, development efforts are accelerated by simplifying testing and troubleshooting. This is accomplished by presenting information relevant to your application deployment in contextual views and providing links to quickly navigate to related resources.

Developers can quickly take advantage of the messaging platform and the ability to quickly generate test scenarios that ensure their code is working as expected. Test scenarios can be performed in real-time, as well as batches to simulate large data loads.

The HYTE Console provides System Administrators with a lightweight, all-in-one solution to delegate administration of their IBM MQ®, Tibco EMS® and Red Hat® JBoss A-MQ® messaging environments. Consolidated management allows for administration of all instances and versions across your entire network from one central application.

Delegated administration allows the correct amount of privileges to be associated to the level of resource that require them. Administrators can designate specific access for junior and senior level developers, quality assurance resources, data analysts, administrators and more based on their specific needs in specific server environments.

Getting Started

Installation instructions are included in the Upgrade Installation. After the HYTE Console has been installed, further configuration will be required, such as configuring users and servers. Configuration instructions are provided in the Settings Filters Overview.

Troubleshooting information can be found in the Troubleshooting Guide.

Modules

The HYTE Console is modular. The Foundation Module is the first and only required module. All other modules are available to be added on to the Foundation Module. For more information about each module, please visit the HYTE Console webpage.

Module Name

Applicable Products

HYTE Console Features

Foundation Module

ANY

JVM, LDAP, Core Security & Administration

AMQ Module

Red Hat JBoss A-MQ, Apache ActiveMQ

ActiveMQ

ASOA Module

Red Hat JBoss Fuse, Apache ServiceMix, Apache Camel, Apache CXF, Apache Karaf, Talend ESB

Camel, CXF, Karaf

ASOA Tracing Module

HYTE ASOA Tracing

Tracing

Tibco Module

Tibco EMS®

Tibco EMS

WMQ Module

IBM MQ®, IBM WebSphere MQ®

IBM MQ

Encryption Management Module

Any

Encryption

Contact Us

Get in touch with HYTE by emailing us: sales@hyte.io.

Installation

The instructions below will guide Systems Administrators or Middleware Administrators through the HYTE Console Installation and Initial Setup.

Supported Operating Systems and Java Runtime

The HYTE Console is distributed as a self-contained runtime, designed to work in any of the supported Operating Systems with a supported Java JDK runtime.

Supported Operating Systems

Windows Server 2012 R2 (x64)

Red Hat Enterprise Linux 5,6,7 (x64)

Ubuntu 14.04 LTS (x64)

Supported Java Runtime

Oracle JDK 1.7, 1.8

Open JDK 1.7, 1.8

Download Files from the HYTE Portal

Log in to the HYTE Portal with your User ID and download the appropriate files.

The files available for download:

  • hyte.integratedconsole-[version]-unix.tgz - Stand-Alone distribution for UNIX-based systems.

  • hyte.integratedconsole-[version]-win64.zip - Stand-Alone distribution for Windows (64 bit) systems.

  • Registration Key or Demo Key xml file

Installation Preparation

The commands below will allow you to verify the Java version meets the minimum requirements for the HYTE Console (1.7, 1.8). If the results verify that the version of Java is unsupported, please upgrade your Java version before continuing.

Add Java to Path (UNIX command line)

Set environment variables:

bash$ export JAVA_HOME=/opt/jdk1.7.0_71 (Use your Java directory and version)
bash$ export PATH=$JAVA_HOME/bin:$PATH

Validate:

bash$ java -version

Expected Results:

java version "1.7.0_71"
Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
Java HotSpot(TM) 64-Bit Server VM (build 24.71-b01, mixed mode)

Add Java to Path (Windows command line)

Set environment variables:

c:\> set JAVA_HOME=c:\ProgramData\Oracle\Java\javapath
c:\> set PATH=%JAVA_HOME%\bin;%PATH%

Validate:

c:\> java -version

Expected Results:

java version "1.8.0_31" (confirm the java version is supported)
Java(TM) SE Runtime Environment (build 1.8.0_31-b13)
Java HotSpot(TM) Client VM (build 25.31-b07, mixed mode, sharing)

HYTE Console Installation

UNIX Installation

Application User Account

The HYTE Console does not require root privileges to run. By default, the HYTE Console binds to port 8181 and listens on all network interfaces. Changing the listening port to a value lower than 1024 (such as port 80) would require a root or other privileged user access mechanism (such as sudo).

Suggested application account name: hyteconsole

Starting the HYTE Console

  1. Extract the 'hyte.integratedconsole-[version]-unix.tgz' file to the target installation folder

     <<<<<<< .mine
    	For example: /opt/hyte/hyte.ic-3.0.1
    ||||||| .r2782
    	For example: /opt/mediadriver/md.ic-3.0.1
      =======
    	For example: /opt/hyte/md.ic-3.0.1
    >>>>>>> .r2816
  2. Start the runtime as a background process with "bin/start"

  3. Open a web browser to http://localhost:8181/console

  4. If installation succeeded, the Initial Setup screen will be displayed

  5. Proceed to the Initial Setup

Stopping the HYTE Console

  1. Stop the HYTE Console process by running the command: "bin/stop".

Windows Installation

Application User Account

The HYTE Console does not require Administrator privileges to run. By default, the HYTE Console binds to port 8181 and listens on all network interfaces. Changing the listening port to a value lower than 1024 (such as port 80) would require a Administrator or other privileged user access mechanism.

Suggested application account name: hyteconsole

Starting the HYTE Console

  1. Extract the 'hyte.integratedconsole-[version]-win64.tgz' file to the target installation folder

    For example: c:\hyte\hyte.ic-3.0.1
  2. Start the runtime as a background process with "bin\start.bat"

  3. Open a web browser to http://localhost:8181/console

  4. If installation succeeded, the Initial Setup screen will be displayed

  5. Proceed to the Initial Setup

Stopping the HYTE Console

  1. Stop the HYTE Console process by running the command: "bin\stop.bat".

Initial Setup

initial.setup
  1. On the Initial Setup screen, create a password for the HYTE Console admin user.

  2. Upload the registration file. The registration file can be downloaded from the HYTE Portal.

After initial setup is complete, you will be able to log in as the HYTE Console admin to add local users, connect to servers under Settings Guide, enable LDAP Configuration, and manage Security Overview.

The admin user’s password and registration settings can be changed at any time within the application under the Settings menu item.

Troubleshooting Installation

Reset Initial Setup

Initial setup can be reset at any time. For details, please see the Troubleshooting Guide.

Upgrade Installation

Backup the Installation

HYTE recommends testing all upgrade procedures in a non-production environment before performing the upgrade against a production installation.

Creating Backup of the Installation (UNIX command line)

  1. Shutdown the HYTE Console

    "bin\stop"
  2. Create a zip backup of the installation

    zip -r /opt/hyte/hyte.ic-[version]-backup.zip /opt/hyte/hyte.ic-[version]

Creating Backup of the Installation (Windows Explorer)

  1. Shutdown the HYTE Console

    "bin/stop.bat"
  2. Create a zip backup of the installation

    Open Windows Explorer to the c:\hyte folder
    Select the hyte.ic-[version] folder
    Right click -> Send To -> Compressed (zipped) folder"

Install the New Version

The HYTE Console includes a version number in the folder name. This allows multiple instances to be installed on the same system and provides for simple roll-back when necessary.

  1. Follow Step 1 in the HYTE Console Installation Guide to install the new version of the HYTE Console, but stop before starting the HYTE Console.

  2. Copy the "etc/hyte-console" folder from the previous installation into the new folder. All previous configuration files will be automatically upgraded to the new version.

  3. Optionally, copy the "data/log/hyte-console" folder to the new installation to copy previous console.log and audit.log files.

  4. Start the HYTE Console using the steps in the HYTE Console Installation Guide.

Supported Products

The HYTE Console supports multiple versions of related software.

Supported Apache ActiveMQ Releases

Product Name

Product Version

ActiveMQ Version

Apache ActiveMQ

5.7.0, 5.8.0, 5.9.x, 5.10.x, 5.11.x, 5.12.x, 5.13.x, 5.14.x, 5.15.x

N/A

FuseSource MQ

7.1

5.7.0.fuse-71-047

JBoss A-MQ, JBoss Fuse

6.0.0

5.8.0.redhat-60024 …​ 5.8.0.redhat-60065

JBoss A-MQ, JBoss Fuse

6.1.0

5.9.0.redhat-610379 …​ 5.9.0.redhat-611423

JBoss A-MQ, JBoss Fuse

6.2.x

5.11.0.redhat-621084

JBoss A-MQ, JBoss Fuse

6.3.x

5.11.0.redhat-630187 …​ 5.11.0.redhat-630224

Supported Apache Camel Releases

Product Name

Product Version

Camel Version

Apache Camel

2.10.x, 2.11.x, 2.12.x, 2.13.x, 2.14.x, 2.15.x, 2.16.x, 2.17.x

N/A

JBoss A-MQ, JBoss Fuse

6.0.0

2.10.0.redhat-60024 …​ 2.10.0.redhat-60065

JBoss A-MQ, JBoss Fuse

6.1.0

2.12.0.redhat-610379 …​ 2.12.0.redhat-611423

JBoss A-MQ, JBoss Fuse

6.2.x

2.15.1.redhat-621084

JBoss A-MQ, JBoss Fuse

6.3.x

2.17.0.redhat-630187 …​ 2.17.0.redhat-630224

Supported Apache CXF Releases

Product Name

Product Version

CXF Version

Apache CXF

2.7.x, 3.0.x, 3.1.x

N/A

JBoss A-MQ, JBoss Fuse

6.1.0

2.7.0.redhat-610379 …​ 2.7.0.redhat-611423

JBoss A-MQ, JBoss Fuse

6.2.x

3.0.4.redhat-621084

JBoss A-MQ, JBoss Fuse

6.3.x

3.1.5.redhat-630187 …​ 3.1.5.redhat-630224

Supported Apache Karaf Releases

Product Name

Product Version

Karaf Version

Apache Karaf

2.3.x, 2.4.x, 3.0.x, 4.0.x

N/A

JBoss A-MQ, JBoss Fuse

6.1.x

2.3.0.redhat-610379 …​ 2.3.0.redhat-611423

JBoss A-MQ, JBoss Fuse

6.2.x

2.4.0.redhat-621084

JBoss A-MQ, JBoss Fuse

6.3.x

2.4.0.redhat-630187 …​ 2.4.0.redhat-630224

Supported IBM® MQ® Releases

Product Name

Product Version

IBM® MQ® (MQ Series)

6.0.0.x

IBM® MQ® (WebSphere MQ)

7.0.0.x

IBM® MQ® (WebSphere MQ)

7.1.0.x

IBM® MQ® (WebSphere MQ)

7.5.0.x

IBM® MQ®

8.0.0.x

Supported Tibco® EMS® Releases

Product Name

Product Version

Tibco EMS

8.2.x

Tibco EMS

8.3.x

Supported HYTE ASOA Tracing Releases

Product Name

Product Version

Karaf Version

HYTE ASOA Tracing

2.3.11+

N/A

HYTE ASOA Tracing

3.0.x

N/A

HYTE ASOA Tracing

3.2.x

N/A

Unsupported Product

For unsupported releases of supported products, please email support@hyte.io to open a support ticket.

ActiveMQ Feature Reference

The HYTE Console can connect to ActiveMQ-based messaging servers for sending and receiving messages, as well as managing server objects.

Add ActiveMQ or JBoss A-MQ servers by selecting the JMX Connection Type when adding a server, then select the ActiveMQ feature in the feature list.

server.add.jmx

For guidance on configuring and adding servers, view the Settings Guide.

ActiveMQ Server-Side Configuration

The HYTE Console relies on the proper security settings to be correct on the ActiveMQ-based server in order for a user to be able to manage the ActiveMQ server with the Console. ActiveMQ’s server side configuration includes connectivity and authorization configuration.

For correct command syntax and ActiveMQ security best practices, consult the public link Apache ActiveMQ documentation, or contact sales@hyte.io.

JMX Configuration

The HYTE Console relies on JMX connectivity for inspecting and managing ActiveMQ objects such as Queues, Topics, Connections, Consumers, Producers, and more. If your ActiveMQ broker is deployed in a JBoss Fuse or Apache Karaf container, refer to Karaf’s JMX Configuration Guide and Security Configuration Guide.

For stand-alone ActiveMQ JMX configuration, refer to ActiveMQ’s JMX Configuration Guide.

If your ActiveMQ instance has multiple brokers, the Console will only communicate with one of the brokers. In this case, the selected broker will be the broker with a name that matches (case-sensitive) the name provided on the "Add Server" screen. If no broker is found with a matching name, the first broker found will be selected.

JMS Configuration

HYTE Console users will require JMS credentials configured on the ActiveMQ server for sending and browsing messages.

ActiveMQ Authorization Configuration

ActiveMQ pages and actions within the HYTE Console are protected by JMS Filters and ActiveMQ ACIs.

JMS Filters limit the Queues and Topics a HYTE Console user can view or perform actions on. Read more about JMS Filters in the HYTE Console Settings Filters Overview.

filter.jms.add

ActiveMQ ACIs limit HYTE Console access for ActiveMQ related objects and actions. Refer to the HYTE Console Security Overview documentation for more details.

ActiveMQ ACI Reference

ActiveMQ ACI Reference information is available in the ACI Reference document.

Supported Apache ActiveMQ Releases

Supported ActiveMQ product versions are covered in the Supported Products document.

ActiveMQ Configuration

ActiveMQ Configuration Service Installation

The HYTE Console can connect to ActiveMQ-based messaging servers and remotely manage the configuration.

The HYTE ActiveMQ Configuration Service must be installed on the ActiveMQ server in order for the remote configuration to be enabled.

ActiveMQ Server-Side Configuration

Apache ActiveMQ servers

Installation steps:

  1. Copy the activemq.service.config-${version}-shaded.jar to the lib/ folder in the ActiveMQ installation

  2. Copy the registration certificate to the conf/ folder

  3. Copy the md-activemq.service.config.xml file to the conf/ folder

  4. Update the conf/activemq.xml configuration to import the configuration xml

    > &lt;beans&gt;
    > ...
    > &lt;broker...&gt;
    > &lt;/broker&gt;
    > ...
    > &lt;import resource="md-activemq.config.service.xml"/&gt;
    > ...
    > &lt;/beans&gt;
The <import ../> statement should be inside a <beans ../> tag, but not the <broker ../> tag.

JBoss A-MQ servers

Installation steps:

  1. Unzip the activemq.config.service-${version}-repo.zip to the ${jboss-a-mq.base}/local-repo folder

  2. Install the features repository using the Karaf HYTE Console installation

    karaf> features:addurl mvn:com.mediadriver.activemq/activemq.config.features/${version}/xml/features
  3. Install the feature

    karaf> features:install md-activemq.config.service

Camel Feature Reference

The HYTE Console can connect to Apache Camel-based servers for viewing and managing Camel routes, contexts, processors, endpoints, services, error handlers and many other Camel objects.

Add Camel servers by selecting the JMX Connection Type when adding a server, then select the Camel feature in the feature list.

server.add.jmx

For guidance on configuring and adding servers, view the Settings Guide.

Camel Server-Side Configuration

The HYTE Console relies on the proper security settings to be correct on the Camel-based server in order for a user to be able to manage the Camel server with the console. Camel’s server side configuration includes connectivity and authorization configuration.

For correct command syntax and Camel security best practices, consult the Camel Documentation, or contact sales@hyte.io (HYTE Consulting).

The HYTE Console relies on JMX connectivity for inspecting and managing Camel objects such as routes, contexts, processors, and more.

If your Camel Context is deployed in a JBoss Fuse or Apache Karaf container, refer to Karaf’s JMX Configuration Guide and Security Configuration Guide.

Stand-alone Camel JMX Configuration instructions are available in Camel’s JMX Activation Guide.

Camel Authorization Configuration

Camel pages and actions within the HYTE Console are protected by Camel Filters and Camel ACIs.

Camel Filters limit the Contexts and Routes a HYTE Console user can view or perform actions on. Read more about Camel Filters in the Settings Filters Overview documentation.

filter.add.camel

Camel ACIs limit HYTE Console access for Camel related objects and actions. Refer to the Security Overview documentation for more details.

Camel ACI Reference

Camel ACI Reference is available in the ACI Reference document.

Supported Apache Camel Releases

Supported Camel product versions are covered in the Supported Products document.

CXF Reference

CXF Feature Reference

The HYTE Console can connect to Apache CXF-based servers for viewing and managing CXF services, operations, work queues, and buses.

Add CXF servers by selecting the JMX Connection Type when adding a server, then select the CXF feature in the feature list.

server.add.jmx

For guidance on configuring and adding servers, view the Settings Guide.

CXF Server-side Configuration

The HYTE Console relies on the proper security settings to be correct on the CXF-based server in order for a user to be able to manage the CXF server. CXF’s server side configuration includes connectivity and authorization configuration.

The HYTE Console relies on JMX connectivity for inspecting and managing CXF objects such as services and operations.

CXF requires a CounterRepository to be configured for exposing operations and service performance metrics via JMX. Instructions for configuring a CounterRepository are included on the CXF JMX Management Guide under the section "How to get web service performance metrics?".

Example CounterRepository Spring Configuration

<bean id="CounterRepository" class="org.apache.cxf.management.counters.CounterRepository">
    <property name="bus" ref="cxf" />
</bean>

Example CounterRepository Blueprint Configuration

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:camel="http://camel.apache.org/schema/blueprint"
	xmlns:cxf="http://cxf.apache.org/blueprint/core"
	xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"
	xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
		http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
		http://camel.apache.org/schema/blueprint
		http://camel.apache.org/schema/blueprint/camel-blueprint.xsd
		http://cxf.apache.org/blueprint/core
		http://cxf.apache.org/schemas/blueprint/core.xsd
		http://cxf.apache.org/blueprint/jaxws
		http://cxf.apache.org/schemas/blueprint/jaxws.xsd">
<reference id="cxfbus" interface="org.apache.cxf.Bus"/>
<reference id="mbeanServer" interface="javax.management.MBeanServer"/>
<bean id="org.apache.cxf.management.InstrumentationManager"
	class="org.apache.cxf.management.jmx.InstrumentationManagerImpl">
	<property name="bus" ref="cxfbus" />
	<property name="enabled" value="true" />
	<property name="createMBServerConnectorFactory" value="false" />
	<property name="server" ref="mbeanServer" />
</bean>
<bean id="CounterRepository"
	class="org.apache.cxf.management.counters.CounterRepository">
	<property name="bus" ref="cxfbus" />
</bean>
<!-- example service provided by your service implementation -->
<jaxws:endpoint id="myService"
	implementor="com.mycompanyname.services.MyServiceImpl" address="/MyService"/>
</blueprint>

Example CounterRepository Java Configuration

// Imports for class
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.management.jmx.InstrumentationManagerImpl;
import org.apache.cxf.management.counters.CounterRepository;
public void startServer() {
// Note: create CXF HTTP server above here
Bus bus = BusFactory.getDefaultBus(true);
// The Instrumentation Manager exposes a JMX server for your CXF instance
InstrumentationManagerImpl instMgr = new InstrumentationManagerImpl();
instMgr.setBus(bus);
instMgr.setEnabled(true);
instMgr.setDaemon(true);
instMgr.setUsePlatformMBeanServer(true);
instMgr.setJMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:999/jmxrmi");
instMgr.init();
instMgr.register();
// Configure a CounterRepository for your CXF Bus for service metrics and operations
CounterRepository counterRepository = new CounterRepository();
counterRepository.setBus(bus);
	// Note: add my services to the bus
}

If your CXF Context is deployed in a Fuse or Karaf container, refer to Karaf’s JMX Configuration Guide and Security Configuration Guide.

Stand-alone CXF JMX Configuration instructions are available in CXF’s JMX Management Guide.

For correct command syntax and CXF security best practices, consult the CXF Documentation, or contact HYTE Consulting at sales@hyte.io.

CXF Authorization Configuration

CXF pages and actions within the HYTE Console are protected by CXF Filters and CXF ACIs.

CXF Filters limit the Services and Operations a HYTE Console user can view or perform actions on. Read more about CXF Filters in the CXF Filters documentation.

filter.add.cxf

CXF ACIs limit HYTE Console access for CXF related objects and actions. Refer to the Security Overview documentation for more details.

CXF ACI Reference

CXF ACI Reference is available in the CXF Filters document.

Supported Apache CXF Releases

Supported CXF product versions are covered in the CXF Filters document.

Karaf Feature Reference

The HYTE Console can connect to Apache Karaf-based servers for viewing and managing Karaf bundles, features, and feature repositories.

Add Karaf servers by selecting the JMX Connection Type when adding a server, then select the Karaf feature in the feature list.

server.add.jmx

For guidance on configuring and adding servers, view the Settings Guide.

Fuse Medium/Minimal Installations

Fuse medium and minimal installations do not have the management feature installed by default. This feature is required for the HYTE Console to communicate with and manage Karaf via JMX.

Use the following karaf command to determine if the management feature is installed:

JBossFuse:karaf@root> features:list | grep management
[uninstalled] [1.7.1                  ] jclouds-management                      jclouds-1.7.1
[installed  ] [2.3.0.redhat-610379    ] management                              karaf-2.3.0.redhat-610379

In the example above the karaf management feature is installed.

Installing the management feature

Install Option #1: Edit Configuration

# Step #1: Open etc/org.apache.karaf.features.cfg in a text editor.
# Step #2: Edit the "featuresBoot" property, adding "management" to the line, like so:
featuresBoot=jasypt-encryption,config,management,...

Install Option #2: Install the feature from the Karaf console

# Step #1: Connect to the Karaf Console
${FUSE_INSTALL_LOCATION}/bin/client
# Step #2: Install the "management" feature
karaf> features:install management

Karaf Server-Side Configuration

The HYTE Console relies on the proper security settings to be correct on the Karaf-based server in order for a user to be able to manage the Karaf server with the console. Karaf’s server side configuration includes connectivity and authorization configuration.

For correct command syntax and Karaf security best practices, consult the Karaf Documentation, or contact HYTE Consulting at sales@hyte.io.

The HYTE Console relies on JMX connectivity for inspecting and managing Karaf objects.

For configuration instructions, refer to Karaf’s JMX Configuration Guide and Security Configuration Guide.

Karaf Authorization Configuration

Karaf pages and actions within the HYTE Console are protected by Karaf ACIs.

Karaf ACIs limit HYTE Console access for Karaf related objects and actions. Refer to the Security Overview documentation for more details.

Karaf ACI Reference

Karaf ACI Reference is available in the Karaf ACI Reference document.

Supported Apache Karaf Releases

Supported Karaf product versions are covered in Supported Apache Karaf Releases.

Bundle Installation

The HYTE Console’s Bundle installation feature requires either Maven coordinates or a URL to install.

karaf.install.bundle

Example Bundle Installation URIs:

mvn:commons-io/commons-io/2.4
file://some/local/disk/path/commons-io-2.4.jar
wrap:mvn:com.oracle/ojdb7/12.1.0.2

More information about using the wrap: style uri to wrap non-osgi jars is available on Karaf’s Creating Bundles Guide.

Feature Repository Installation

Feature Repository installation requires Maven coordinates or a valid Feature Repository URI.

karaf.install.feature.repo

Example Feature Repository Installation URIs:

mvn:com.company/some.feature.repo/1.0.0/xml/features
file://some/local/disk/path/features.xml

Instructions for creating feature repository files are available in Karaf’s Provisioning Guide.

Tracing Feature Reference

The HYTE Console provides tooling to inspect HYTE’s ASOA Tracing Service data.

Installing the Tracing Client

The HYTE Console requires a Tracing webservice client to inspect Tracing events.

The Tracing webservice client is supported on Apache Karaf / JBoss Fuse installations of the Console. Tomcat installations of the Console do not currently support the Tracing Inspector.

Step #1: Add the Tracing features.xml file to the Fuse or Karaf Instance.

fuse> features:addUrl mvn:com.mediadriver.camel/camel.tracing.features/2.3.11/xml/features

Step #2: If needed, install the camel.tracing.model feature.

The Tracing webservice client needs either the camel.tracing.model or the camel.tracing.model.jpa feature installed to function properly.

Check for one of these features being installed by running the following karaf command:

fuse> features:list | grep -i camel.tracing.model

If one of the model features are installed, you’ll see output such as the following:

fuse> features:list | grep camel.tracing.model
[uninstalled] [2.3.11] camel.tracing.model
[installed  ] [2.3.11] camel.tracing.model.jpa

If neither of the model features are install, install this one:

fuse> features:install camel.tracing.model

Step #3: Install the Tracing client.

fuse> features:install camel.tracing.client.soap.jaxws

Step #4: Confirm the Tracing client feature’s status is installed.

fuse> features:list | grep camel.tracing.client
[installed  ] [2.3.11] camel.tracing.client.soap.jaxws

Using the Tracing Inspector

The Tracing Inspector is accessible from the HYTE Console tools menu.

tracing.menu

The Tracing Inspector provides easy access to search for and inspect Tracing event data.

tracing.inspector

Adding Tracing Servers

Add Tracing servers by selecting the JMX Connection Type when adding a server, then select the Tracing feature in the feature list.

The HYTE Console only connects to servers that host the Tracing Service, there is no need to attempt to connect to the Tracing Agent or Tracing Store clients on other servers.
server.add.jmx

For guidance on configuring and adding servers, view the Settings Guide.

Tracing Server-side Configuration

The HYTE Console relies on the proper security settings to be correct on the Tracing Service server in order for a user to be able to inspect the Tracing Service with the console. The Tracing Service’s server side configuration includes connectivity and authorization configuration.

For connectivity configuration and security best practices for the Tracing Service, consult the Tracing documentation included with the Tracing product download, or contact HYTE Consulting at sales@hyte.io.

Tracing Authorization Configuration

Tracing pages and actions within the HYTE Console are protected by Tracing ACI Reference.

Tracing ACIs limit HYTE Console access to Tracing Service events. Refer to the Security Overview documentation for more details.

aci.group.tracing

Tracing ACI Reference

Tracing ACI Reference is available in the ACI Reference document.

Supported Tracing Releases

Supported Tracing product versions are covered in the Supported Products document.

Debug tracing service call parameters and timings by setting the following logging level to DEBUG:

log4j.logger.com.mediadriver.wicket.data=DEBUG

IBM® Websphere MQ® Feature Reference

Installing Websphere MQ® Feature Support

The HYTE Console requires WebSphere MQ® client jars to connect to and manage WebSphere MQ® servers. The required client jar files are provided with the WebSphere MQ® server or client installation, and are not pre-packaged inside the HYTE Console war file.

We have provided a tool to simplify installing WebSphere MQ® client jars inside the war file, to use that tool please follow these steps:

Step #1: Determine which WebSphere MQ® version client jars you are using.

The HYTE Console supports connectivity to WebSphere MQ® 8.x or 7.x using client jars from 8.x.

Step #1: Find WebSphere MQ® Jars Install Location

On Windows, this is C:\Program Files\IBM\Websphere\MQ\Java\lib
On unix-based machines this is /opt/mqm/java/lib

Step #2: Determine Jar files to copy

MQ 8.x Jars (these will all be in ${MQ_INSTALL_LOCATION}/java/lib/OSGi/)

com.ibm.msg.client.osgi.commonservices.j2se_8.0.0.0.jar
com.ibm.msg.client.osgi.jms_8.0.0.0.jar
com.ibm.msg.client.osgi.nls_8.0.0.0.jar
com.ibm.msg.client.osgi.wmq.nls_8.0.0.0.jar
com.ibm.msg.client.osgi.wmq_8.0.0.0.jar

Step #3: Copy the jar files for your WebSphere MQ® client to a new folder called "mqjars" in the location where you unzipped the HYTE Console zip file.

Step #4: Run the MQ Client Jar Insertion Tool

Running On Unix Machines:

  1. Open a terminal or shell and cd into the directory where you unzipped the HYTE Console zip file.

  2. Run the following command:

    tools/warmqtools.sh mqjars

Running on Windows Machines

  1. Open a command prompt and cd into the directory where you unzipped the HYTE Console zip file.

  2. Run the following command:

    tools/warmqtools.bat mqjars

Step #5: Use the war file with inserted MQ files during installation.

After running the tool, the war file you will use will be this one:

${INTEGRATED_CONSOLE_UNZIP_FOLDER}/console-war-for-mq-8.x/console.war

Configure IBM® Websphere MQ® Server

Add MQ servers by selecting the MQ Connection Type.

server.add.mq

The HYTE Console utilizes WebSphere MQ® API to retrieve information such as the list of queues and topics. Refer to WebSphere MQ® Product Documentation documentation for configuration details.

Server-side Security Settings

The HYTE Console relies on the proper security settings to be correct on the WebSphere MQ® server in order for a user to be able to manage, browse or send messages using the WMQ Feature. If queues do not show up, or there is an error while trying to send or receive messages, double check that the settings are correct on the Queue Manager.

For correct command syntax and IBM® MQ® security best practices, consult the MQ® Product Documentation.

The HYTE Console utilizes WebSphere MQ® API to retrieve information such as the list of queues and topics. Refer to WebSphere MQ Product Documentation documentation for configuration details.

Refer to WebSphere MQ® Product Documentation documentation for JMS configuration instructions.

Reference WebSphere MQ® Administration Commands

The following commands are provided as a starting point.

Sample query command:

> amqoamd -m QM80 -s | grep qm80client

The above command queries a Queue Manager named 'QM80' for a list of access control settings that match the string 'qm80client'.

Sample Queue Manager permissions command:

> setmqaut -m QM80 -t qmgr -g qm80client +connect +inq +setall +dsp

The above command enables users in the group 'qm80client' to be able to query ('inq'), display information ('dsp'), connect ('connect'), and set all options ('setall') against the 'QM80' Queue Manager.

Sample queue permissions command:

> setmqaut -m QM80 -n 'ORDER.NEW' -t queue -g qm80client +inq +dsp +put +get +browse

The above command enables users in the group 'qm80client' to be able to query ('inq'), display information ('dsp'), send messages ('put'), receive messages ('get') and browse messages ('browse') against the ORDER.NEW queue.

Sample topic permissions command:

> setmqaut -m QM80 -g qm80client -t topic -n SYSTEM.** +clr

The above command enables users in the group 'qm80client' to be able to clear ('clr') retained messages on all topics that being with "SYSTEM."

IBM Reference: Setting Permissions

IBM® WebSphere MQ® ACI Reference

MQ ACI Reference is available in the ACI Reference document.

Supported WebSphere MQ® Releases

Supported WebSphere MQ® product versions are covered in the Supported Products document.

Deployment Tool Reference

The Deployment Tool simplifies deploying artifacts across several servers at once.

deployment.overview

Supported Deployable Artifacts:

  • Bundles - Equivalent to the bundle:install command in Karaf.

  • Features - Equivalent to the features:install command in Karaf.

  • Feature Repositories - Equivalent to the features:addUrl command in Karaf.

Deployment Tool Security

Deployment is secured with the Deployment Install ACI. This ACI automatically grants full deployment access to the user, related Karaf-related ACIs such as Bundle Install will not allow or hinder a user from deploying that type of artifact.

Execution Order

The Deployment tool will execute the entire action manifest on each server in the order the servers are listed in the Server list table.

deployment.overview

In the example shown above, the actions will be executed in the following order:

  1. The Feature Repository will be installed on QA Server #1.

  2. The Feature camel.tracing.model will be installed on QA Server #1.

  3. The Feature camel.tracing.client.soap.jaxws will be installed on QA Server #1.

  4. The Feature Repository will be installed on QA Server #2.

  5. The Feature camel.tracing.model will be installed on QA Server #2.

  6. The Feature camel.tracing.client.soap.jaxws will be installed on QA Server #2.

  7. The Feature Repository will be installed on QA Server #3.

  8. The Feature camel.tracing.model will be installed on QA Server #3.

  9. The Feature camel.tracing.client.soap.jaxws will be installed on QA Server #3.

  10. The Feature Repository will be installed on QA Server #4.

  11. The Feature camel.tracing.model will be installed on QA Server #4.

  12. The Feature camel.tracing.client.soap.jaxws will be installed on QA Server #4.

Pay special attention to the Step column on the Server list and Action list, these column dictates the execution order.

deployment.server.list.detail

If item ordering needs to be altered, select the item or items in the Server List or Action List and use the Move buttons.

deployment.action.list.detail

Usage Instructions

The Deployment Tool is located under the Tools menu within the HYTE Console.

deployment.menu

Deployment with the Deployment Tool is a four step process:

  1. Choose target servers or server groups.

  2. Choose actions to perform.

  3. Choose Deployment Error Mode.

  4. Deploy.

Choosing Servers For Deployment

deployment.server.list.detail

Select Servers (or Server Groups) by selecting the Add Servers or Add Server Groups button.

deployment.add.server
Deployment is only supported on servers with the Karaf feature configured.

Pay special attention to the Step column on the Server list, this column dictates the execution order.

deployment.server.list.detail

If item ordering needs to be altered, select the item or items and use the Move buttons.

Choosing Actions For Deployment

deployment.action.list.detail

Add actions to the Deployment manifest by selecting the Add Action button. The following images show various action configuration options:

deployment.add.action.feature.repo
deployment.add.action.feature.available
deployment.add.action.feature.custom
deployment.add.action.bundle

Pay special attention to the Step column on the Action list, this column dictates the execution order.

deployment.action.list.detail

If item ordering needs to be altered, select the item or items and use the Move buttons.

Choosing the Deployment Error Mode

deployment.error.modes

The Deployment Tool supports several error modes.

  • Stop on any error - (Default error mode) Halt deployment execution when any error occurs on any server.

  • Stop for single server for error on that server - Halt further actions from deployment on a specific server if an error occurs on that server, but allow full deployment to continue on other servers.

  • Never stop for any error - Execute full deployment on all servers, and ignore any errors that occur during deployment.

    The following example shows deployment results when an error occurred on the very first action. This example was run with the `Stop on any error` error mode selected:
deployment.error.example

Deploying

When deployment configuration is complete, select the Deploy button to execute the deployment plan.

deployment.overview

An example successful deployment:

deployment.example.success

Settings Guide

Authorized users (such as the default admin users) with permissions to view and edit Settings for the HYTE Console can view the Settings Management Page by clicking on Settings in the top right corner of any HYTE Console page.

settings.menu

Adding Users

Users are managed and linked to User Groups on the Users settings panel:

settings.user

Users are linked to Applications via the User Groups they are a member of.

settings.user.groups

Add a User by selecting the Add action on the Users settings panel. Edit a user by selecting the user and selecting the Edit action.

user.add

LDAP Users and Groups can also be added to the HYTE Console. Once these Users and User Groups are linked to the console, they function identically to non-LDAP Users and User Groups. More information about LDAP integration is covered in the [LDAP Configuration Guide](ldapconfiguration.html).

Best Practice: The HYTE Console ships with several default User Groups with names such as Administrators and Developers. We advise creating more descriptive user groups to fit your needs. For example, consider naming user groups more specifically such as Payment Systems Engineers, or Customer Support JMS Admins.

Adding Servers

settings.servers

Servers can be added to the system on the Servers settings panel, or on the Servers List Page.

JMX Communication for ActiveMQ, Camel, CXF, Karaf

server.add.jmx

Servers hosting ActiveMQ, Camel, CXF, Karaf require JMX for communication.

JMX SSL Configuration

For SSL-protected JMX communication, ensure the SSL TrustStore for the HYTE Console’s container (Fuse, Karaf, or Tomcat) contains relevant certs for your servers.

JMX Server-Side Configuration

If your ActiveMQ broker, Camel Context, CXF Context, Karaf, or Tracing Service is deployed in a Fuse or Karaf container, refer to Karaf’s JMX Configuration Guide and Security Configuration Guide.

For stand-alone ActiveMQ JMX configuration, refer to ActiveMQ’s JMX Configuration Guide.

Stand-alone Camel JMX Configuration instructions are available in Camel’s JMX Activation Guide.

Stand-alone CXF JMX Configuration instructions are available in CXF’s JMX Management Guide.

WebSphere MQ® Communication

Add WebSphere MQ® servers by selecting the MQ Connection Type.

server.add.mq

The HYTE Console utilizes WebSphere MQ®'s API to retrieve information such as the list of queues and topics. Refer to WebSphere MQ® Product Documentation documentation for configuration details.

JMS Communication

The Console uses JMS for messaging communication with ActiveMQ and WebSphere MQ®. Messaging functionality includes sending and browsing messages, as well as related actions such as copying or resending messages.

Refer to WebSphere MQ® Product Documentation documentation for JMS configuration instructions.

Adding ACI Groups

settings.acis

ACI Groups are managed with the ACI Groups settings panel.

ACI Groups are feature-specific, that is, an ActiveMQ ACI Group will only contain ACIs related to the ActiveMQ feature.

aci.group.settings

For information about ACIs and default ACI Groups provided by the HYTE Console, please consult the ACI Reference.

Best Practice: Use special care when combining action and view-limiting permissions. The Console allows fine-grained visibility control, but this can be a source of misinformation when deciding to perform an action. For example, a user who’s only allowed to see Queues but not Topics would not be able to appropriately judge if a broker’s connection could safely be stopped, because they would not be allowed to see Topics related to that connection in the Console.

ACI Group Default Roles

ACI groups can be assigned to Roles within the system. Linking ACI groups to Roles simplifies creating Applications, as these defaults are used to pre-fill the ACI Selection screen during Application creation.

Assigned Default Roles for a given ACI Group can be easily changed by editing the ACI Group and selecting the edit icon beside the Default Roles list box, as shown below:

aci.group.settings

System-wide ACI Group to Role mapping can be easily reviewed or changed by selecting the Defaults button above the ACI Group list table:

aci.defaults

Adding Server Groups

Server groups are managed in the Servers Settings panel:

settings.server.groups

Server groups contain servers, and link those servers to Applications for User action authorization.

When adding or editing a Server Group, selecting the ``* wildcard server for inclusion indicates this server group automatically includes all servers in the system.

server.group.add

Adding Roles

settings.roles

Roles are a unique name that is used to organize Application settings. For example, the HYTE Console ships with several pre-defined Roles such as Administrators or Developers. You can add, edit, or remove Roles in the system using the Roles Settings Panel on the Settings Page.

role.add

Be Careful when Removing Roles

Best Practice: Special care is advised when removing Roles from the system. Roles are the cornerstone to Application Roles in Applications, removing a Role from the system will automatically remove all Application Roles associated with the Role as well.

For example, if the system default Developers role were removed from the system, all Users in the Developers User Group would lose all access in the system granted by the Default App application:

application.role.developer

Applications

For an overview of Applications and authorization, please consult the [Security Guide].

Editing Applications

The HYTE Console automatically creates a Default App Application and associated User Groups, Server Groups, and more for you. Inspecting the Default App is a good way to familiarize yourself with how Applications work in the HYTE Console.

To inspect the Default App, visit the Console’s Settings page by clicking on the Settings link on the top right of the page, then select Applications from the settings panels on the left side of the page.

settings.applications

On the Applications settings panel, select the Default App by clicking on it in the table, then select the Edit Action:

When we edit an app, the first screen of the Application creation flow allows us to specify which Roles and Features the Application should be configured for:

application.edit.1

Roles are a unique name that is used to organize Application settings. For example, the HYTE Console ships with several pre-defined Roles such as Administrators or Developers. You can add, edit, or remove Roles in the system using the Roles Settings Panel on the Settings Page.

Features are the groups of functionality provided by the HYTE Console. These include Features such as ActiveMQ or Settings.

Once we’ve selected our Roles and Features for our Application, we click the Next button on the Application Edit popup window.

The second application editing screen allows to manage fine-grained access control for Application Roles.

application.edit.2

An Application Role is simply a security object that maps a Role such as Administrators along with a feature such as ActiveMQ to security objects that control user access and actions.

An Application Role links Users, Servers, ACIs and Filters together:

securedaccesscontrol

Authorization is granted when an Application Role is found that contains the given User, Server, requested action ACI, and applicable Filters that allow the action on the requested resource.

Authorization is covered in more detail in the [Security Guide].

As we see when editing the Default Application, the first set of Application Roles we manage are for the Administrators role. Here, we are managing the Application Role for Administrators and the feature ActiveMQ:

application.edit.2

On the Application Role screen, we can easily manage which Users (via User Groups) can perform actions on which Servers (in Server Groups), and access and actions are managed by choosing specific Feature Filters (such as JMS filters for ActiveMQ, or Camel filters for Camel) and ACI groups.

Fine-grained access control can be edited for any Application Role from this screen. Simply select the Role and Feature you wish to edit at the top of the screen.

When we’re done editing the application roles, clicking the Next button takes us to the summary screen.

application.edit.3

The summary screen highlights areas of concern in red, such as Application Roles without assigned Users or Servers.

After reviewing the Summary screen, click the Save button to save the Application we’re editing.

Adding Applications

Creating applications is much simpler than editing them. Add an Application by selecting the Add button on top of the Application Settings screen.

application.add.1

The first Application Creation screen allows you to specify the Name, Description, Users and Servers for the Application. You enable a Role on this screen (such as 'Administrators') by specifying assigned User Groups and Server Groups for that Role. Roles without assigned User and Server Groups will not be included in the created Application.

application.add.1a

Note that User Groups and Server Groups selected for a Role on this first application creation screen will be applied to that Role across all features we later choose - this simplifies creating an Application quickly. If finer-grained control is needed, such as assigning one Server Group for Administrators in ActiveMQ and a different Server Group for Camel, the Application Edit Screen can be used after saving the initial application.

application.add.2

The second screen for creating Applications prompts you to select Features. Here, some features (on the left) are enabled by choosing one or more Filters for the Feature; but other Features (on the right) do not have associated Filters - these are enabled/disabled with the click of a button instead.

application.add.2a

Like linking Roles to Users and Servers, this simplified Application creation flow assigns the selected Filters to the given Feature across all Application Roles in the Application. If fine-grained control is needed, such as limiting Developers to seeing only Queues, but allowing Operations to see both Queues And Topics, the Application Edit Screen can be used after saving the initial application.

application.add.3

The third screen displays ACI Group assignments for each Application Role. ACI Groups here are automatically chosen based on Default Roles assigned to ACI Groups in the system. You can edit or change these default assignments on the ACI Group Settings screen. Alternatively, read more about configuring ACI Defaults in the ACI Reference section.

Like other screens, any ACI Group assignments on this screen can be changed by clicking on the edit icon next to the selection.

application.add.3a

The fourth and final screen of the Application Creation flow is the summary screen. This screen displays basic information about the Application you are creating. Rows highlighted in red indicate a potential problem, such as an Application Role without any linked ACI Groups.

application.add.4

When you have reviewed the summary screen. Click Save to finalize and save your application.

Security Overview

The HYTE Console features a robust and flexible security access control framework. The security framework allows administrative users to limit access and features for authenticated users. The framework allows for fine-grained control over features such as:

  • Viewing specific servers, and features such as ActiveMQ or MQ queues.

  • Performing actions such as purging a queue, or sending a message to an ActiveMQ broker.

  • Starting and stopping Camel Routes.

  • Inhibiting 'put' and 'get' on MQ® Queues

  • Managing users and security settings.

Security access control is managed through Security objects called Applications. Applications are simply a collection of Application Roles. Application Roles map users to servers and security permissions.

An Application Role links Users, Servers, ACIs and Filters together:

securedaccesscontrol

Authorization is granted when an Application Role is found that contains the given User, Server, requested action ACI, and applicable Filters that allow the action on the requested resource.

How are actions and access authorized?

The system authorizes actions and access using the following steps:

  1. Check if the user is logged in. If the user is not logged in, fail authorization.

  2. Gather the user’s Application Roles by examining the user groups the user is in and the Application Roles linked to each group.

  3. Examine each of the user’s Application Roles until an Application Roles is found that grants the requested access on the requested server for the requested resource.

  4. If no Application Roles grants access, fail authorization.

How are actions and access controlled for specific resources?

The HYTE Console supports limiting access to the following resources:

  1. Servers - A user can only view and perform actions on a server, if an Application Role associates the user’s User Group with the server’s Server Group.

  2. Messaging Destinations such as Queues and Topics - Queue / Topic access can be controlled with fine-grained JMS Filters associated with an Application Role. When an Action is executed on a given Queue or a list of Topics is viewed, only the Queues and Topics that match the User’s JMS Filters will be shown or actionable. For more information about JMS Filters, please consult the JMS Filters.

  3. Camel Routes and Contexts - Camel Filters provide fine-grained control for access and actions on Camel Routes and Camel Contexts. For more information about Camel Filters, please consult the Camel Filters.

Authorization Example

When a user performs an action or views a page in the HYTE Console, the Console limits the user’s access and actions by inspecting Application Roles associated with the User. For example, when our system administrator with user name admin logs in, the Server List page shows the admin all possible servers, features, and actions - because the admin user is mapped to all possible permissions in the system:

auth.example.admin.login

The admin user can create a new user named owen in the Settings, and link that user to the Developers User Group:

auth.example.user.add

auth.example.user.group.link

The Developers User Group, like the admin’s Administrators User Group, is linked into a limited set of permissions within the Default App Application security object that the HYTE Console creates. So, simply linking owen with the Developers User Group automatically grants owen a wide variety of permissions as defined by Default App:

auth.example.application

Later, when the user owen logs in, he is shown the Servers list page. This page will only show Owen features and actions he’s permitted to see. For example, he is not allowed to Add or Audit servers he selects, nor is he allowed to view or change System Settings:

auth.example.owen.login

System Administrators could further limit owen’s system access by defining narrowly scoped Application security objects that only link certain actions to certain servers, rather than all servers as the Default App does.

Settings Filters Overview

settings.filters

The HYTE Console features a robust fine-grained access control security system.

As detailed in the Security Overview, security access is controlled through ACI permissions and filters.

Most ACIs, such as the ActiveMQ Connection Start / Stop ACI provide simple access control. That is, if the user has this ACI for the server in question, the Connection Start or Stop operations can be performed by that user.

However, some functionality in the HYTE Console requires finer-grained access control than a simple ACI permission system allows. For these scenarios, Filters along with ACIs allow finer-grained control.

An example Filter scenario would be limiting a user to be able to execute the Purge Queue operation on a limited number of ActiveMQ or WebSphere MQ® Queues on a single server. A user from an Orders support team could be limited to being able to view and execute actions on Queues with an "Orders" prefix in the Queue Name, while an admin user could be granted the same operational access to all Queues in the same system.

JMS Filters

filter.jms.add

JMS Filters control the Queues and Topics users can view and/or perform actions on. These apply to ActiveMQ and WebSphere MQ® servers.

JMS Filters have two components: a filter, and a destination type.

The filter is used to match the name of the Queue or Topic. It can be an exact match such as "ORDERS.NEW" or a catch-all such as "ORDERS.*". More details on Filter syntax is covered below in the Filter Matching Reference.

The Destination type limits the JMS Destination type. Options include Queues, Topics or Any (which matches both Topics and Queues).

Camel Filters

filter.add.camel

Camel Roles contain Camel Filters. Camel filters control which Camel Contexts and Routes a given ACI will apply to.

Camel Filters contain two filter components: the context filter, and the route filter.

The context filter specifies which contexts the Camel Role applies to, and the route filter controls the routes the role applies to. More details on Filter syntax is covered below in the Filter Matching Reference.

A Camel Route has an associated Camel Context and a Camel Filter must match both for Route access to be granted. For example, a route named Route1 in Context1 will not match a filter with route filter Route1 and context filter Context2 because the context filter does not match for the route.

CXF Filters

filter.add.cxf

CXF Roles contain CXF Filters. CXF filters control which CXF Services and Operations a given ACI will apply to.

<<<<<<< .mine CXF Services have two identifying components, a namespace and a name. An example CXF service might be named MyService, with a namespace of http://hyte.com/MyService/V1. Namespaces in this context are the same namespaces you might see in a web service’s WSDL document. ||||||| .r2782 CXF Services have two identifying components, a namespace and a name. An example CXF service might be named MyService, with a namespace of http://hyte.com/MyService/V1. Namespaces in this context are the same namespaces you might see in a web service’s WSDL document.

CXF Services have two identifying components, a namespace and a name. An example CXF service might be named MyService, with a namespace of http://hyte.com/MyService/V1. Namespaces in this context are the same namespaces you might see in a web service’s WSDL document. >>>>>>> .r2816

CXF Filters contain two filter components: the namespace filter, and the service filter.

CXF Filter: Namespace Filter

The namespace filter specifies limits which CXF Service namespaces the CXF Role applies to. Service namespaces have two forms, HTTP-style and URN-style.

Namespace filter examples:

<<<<<<< .mine

Filter

Match Description

>

Matches any namespace (both HTTP and URN style).

http://>;

Matches any HTTP style namespace.

urn:>

Matches any URN style namespace.

http://hyte.com/>;

Matches any HTTP style namespace that starts with http://hyte.com/.

urn:hyte.com:>

Matches any URN style namespace that starts with urn:hyte.com:.

http://hyte.com/services/orders/v1

Only matches namespace http://hyte.com/service/orders/v1.

||||||| .r2782 | Filter | Match Description | |---|---| | > | Matches any namespace (both HTTP and URN style). | | http://>; | Matches any HTTP style namespace. | | urn:> | Matches any URN style namespace. | | http://hyte.com/>; | Matches any HTTP style namespace that starts with <strong>`http://hyte.com/</strong>. | | `urn:hyte.com:> | Matches any URN style namespace that starts with <strong>`urn:hyte.com:`</strong>. | | http://hyte.com/services/orders/v1 | Only matches namespace <strong>`http://hyte.com/service/orders/v1`</strong>. |

Filter

Match Description

>

Matches any namespace (both HTTP and URN style).

http://>;

Matches any HTTP style namespace.

urn:>

Matches any URN style namespace.

http://hyte.com/>;

Matches any HTTP style namespace that starts with http://hyte.com/.

urn:hyte.com:>

Matches any URN style namespace that starts with urn:hyte.com:.

http://hyte.com/services/orders/v1

Only matches namespace http://hyte.com/service/orders/v1.

>>>>>>> .r2816

The separator for filter matching differ in CXF namespaces from the traditional dot (.) seen in other filters in the system. For HTTP style namespace filters, the separator is a forward slash (/). For URN style separators the separator is a colon (:).

Separator Examples:

Filter

Separator

Description

a.b.c.d

.

Dot Separator

http://a/b/c/d

/

Forward Slash Separator for HTTP style namespaces.

urn:a:b:c:d

:

Colon separator for URN style namespaces.

Namespace filters in the HYTE Console support the * and > filter matching identifiers seen in other filter types in the system. More details on Filter syntax is covered below in the Filter Matching Reference.

CXF Filter: Service Filter

The service filter specifies which CXF Service names the CXF Role applies to. A value of > will match any possible CXF Service name, while a value of MyService will only match a CXF Service named MyService. For service filters, the traditional dot separator (.), *, and > filter matching identifiers seen in other filter types in the system are supported.

More details on Filter syntax is covered below in the Filter Matching Reference.

Tracing Filters

filter.tracing

Tracing Roles contain Tracing Filters. Tracing filters control which Tracing Events will be shown in the Tracing Inspector.

Tracing Filters contain three filter components: the instance filter, the context filter, and the route filter. Each of these filters apply to their respective fields on a Tracing event.

More details on Filter syntax is covered below in the Filter Matching Reference.

A given Tracing Event will only be shown to a user if all three parts of a single Tracing Filter allow that event to be viewed. For example, an event that matches the context filter and instance filter but not the route filter will not be shown.

Filter Matching Reference

All filters in the HYTE Console use an ActiveMQ Destination Filter matching scheme.

The ActiveMQ project has a great overview of Destination Filters in here.

There are three basic matching components in a Filter:

Component

Example Filter

Example Match

. is used to separate names in a path.

a.b.c

a.b.c

* is used to match any name in a path.

a.*.c

a.b.c

> is used to match any remaining values starting from this section.

a.>

a.b.c

CXF Namespace filters use a different separator than the dot (.), HTTP style CXF namespace filters use a forward slash (/) separator, and URN style CXF namespace filters use a colon (:) separator.

Filter Matching Examples

Some examples of filter matches:

Filter

Match

Reason

a

a

All parts of the filter match exactly.

a.b.c.d

a.b.c.d

All parts of the filter match exactly.

*

a

* matches any value between dots.

a.b.c.*

a.b.c.d

* matches any value between dots.

...

a.b.c.d

* matches any value between dots.

>

a

> at the end of the filter matches any destination that matches until the >.

>

a.b.c.d

> at the end of the filter matches any destination that matches until the >.

a.b.>

a.b.c.d

> at the end of the filter matches any destination that matches until the >.

a.*.c.>

a.beta.c.d.e

* matches any value between the dots, and > at the end of the filter matches any destination that matches until the >.

Some examples of filters that do not match:

Filter

Does Not Match

Reason

a.b.c

d.e.f

Values between the dots do not match

abc

a.b.c

Filter does not have any dots.

a

a.b.c

Filter only has one part, rather than three.

a.b.c

a

Filter requires three parts, not one.

a.b.*

a.b.c.d

* matches c, but the filter only has three parts, not four.

a.b.e.*

a.b.c.d

* matches d, but e in the filter does not match "c".

..*

a.b.c.d

Filter requires three parts, not four.

a.b.>.d

a.b.c.d

Filter is invalid, > is not at the end of the filter.

a.b.c.d.>

a.b.c.d

Filter requires five (or more) parts, match has only four.

a.b.>

b.b.c.d

a that begins filter does not match b.

Registration Keys

Registration keys are issued to align with the Subscription Agreement. Customers are able to access their registration key via the HYTE Portal.

When the registration key expires, users other than the local admin user will no longer be able to log into the HYTE Console. An expired registration can be replaced with an updated registration key on the Registration settings panel only by the local admin user. For an updated subscription and a new registration key, please contact sales@hyte.io.

settings.registration

Server Counts

The server count is determined by the type of server instances that are being managed, and the features enabled for that server.

For example, a JBoss Fuse server may have ActiveMQ and Camel features running. This server instance would account for 1 ActiveMQ server grant and 1 Camel server grant.

Websphere MQ Servers will only count towards MQ grants.

Server

Type

ActiveMQ

Camel

MQ

Tibco EMS

ServerA

JBoss A-MQ

1

ServerB

JBoss Fuse

1

1

ServerC

Websphere MQ 7.5

1

ServerD

Tibco EMS

1

Total

2

1

1

User Counts

The Registration User Count is determined by the total number of users that have an account registered in the HYTE Console. Both local users and LDAP users are counted toward this total.

For more information about adding and removing local console users, please consult the Settings Guide.

For more information about linking and unlinking LDAP users, please consult the [LDAP Configuration Guide].

If more users are needed than your registration key provides, please contact sales@hyte.io for an updated subscription and a new registration key with a higher user limit.

LDAP Configuration

The HYTE Console supports LDAP authentication and authorization.

The HYTE Console features an internal user management system in addition to the LDAP authentication option. You are not required to configure or use LDAP as an authentication mechanism for the HYTE Console. Non-LDAP users and user groups are covered in the <<Settings Guide.

LDAP configuration can be found on the HYTE Console’s Settings page. You can access the settings page by clicking on the Settings link on the top right corner of the page. There are two settings panels available for managing LDAP connectivity and access. LDAP connection information and group/user lookup style configuration is in the LDAP Preferences settings panel, and linked LDAP users and groups are managed on the LDAP Users settings panel.

settings.ldap.preferences

LDAP Preferences: Connection Settings

On the Connection Settings section of the LDAP Preferences you specify the Connection URL, fully qualified DN and password for the LDAP Admin account, and other advanced connection settings.

The LDAP Admin account will be used to search for LDAP User and Group entries. It will not require permission to create or alter any LDAP entries.

Click the Advanced Connection Settings button to configure Connection Pool and SSL details.

settings.ldap.connections

Connection Pool default settings rarely need to be changed from their default values. Connection pool reference information is available here.

Three SSL Modes are supported:

  1. Trust Store - SSL connections will only be accepted for servers presenting SSL certificates authorized by the specified trust store file.

  2. Accept All - SSL connections will be made to any server, with any SSL certificate automatically accepted.

  3. Off - LDAP connections will not be made with SSL, data transmitted to and from the LDAP server will not be encrypted.

Additional advanced LDAP tuning settings are available on the Advanced Connection Settings, such as LDAP version, search limits, sorting options, and paging options. These options rarely need to be changed from their default values.

LDAP Preferences: User / Group Lookup Settings

ldap.group.settings

The User Group Lookup Settings section of the LDAP Preferences panel specifies how the HYTE Console will search for LDAP Group entries.

ldap.group.style

There are several User Group Lookup Styles. In most cases, the Active Directory Group Style will fit your needs. If you’re not on Active Directory, the LDAP authentication feature supports a number of less common LDAP configurations as well. Our LDAP authorization feature does not yet support Groups of Groups style lookup, if you need this feature for your LDAP system, please contact support@hyte.io.

Group Style: Active Directory

Use this configuration if your LDAP provider is Active Directory.

Group Style: LDAP objectClass groupOfUniqueNames

Use this LDAP group lookup style if your LDAP Group objects are objectClass groupOfUniqueNames.

Example LDAP Group Entry:

dn: cn=developers,ou=groups,dc=company,dc=com
objectClass: groupOfUniqueNames
cn: developers
membervalue: john
membervalue: jane

Example LDAP User Entry:

dn: cn=john,ou=users,dc=company,dc=com
objectClass: person
cn: john

Use groupofUniqueNames (DN) if your LDAP Groups refer to users by DN, use the groupOfUniqueNames (RDN) if your Group refers to users by RDN, and use the groupOfUniqueNames (Name) if your LDAP Group refers to LDAP Users by name (such as the user’s cn or mail attribute value).

Group Style: LDAP objectClass groupOfNames

Use this LDAP group lookup style if your LDAP Group objects are objectClass groupOfNames.

Example LDAP Group Entry:

dn: cn=developers,ou=groups,dc=company,dc=com
objectClass: groupOfNames
cn: developers
member: cn=john
member: cn=jane

Example LDAP User Entry:

dn: cn=john,ou=users,dc=company,dc=com
objectClass: person
cn: john

Use groupOfNames (DN) if your LDAP Groups refer to users by DN, use the groupOfNames (RDN) if your Group refers to users by RDN, and use the groupOfNames (Name) if your LDAP Group refers to LDAP Users by name (such as the user’s cn or mail attribute value).

Group Style: LDAP objectClass group

Use this LDAP group lookup style if your LDAP Group objects are objectClass group. This style differs from other group styles we support - with this style, the LDAP users have attributes that reference their LDAP groups, while other styles have Groups referencing the Users.

Example LDAP Group Entry:

dn: cn=developers,ou=groups,dc=company,dc=com
objectClass: group
cn: developers

Example LDAP User Entry:

dn: cn=john,ou=users,dc=company,dc=com
objectClass: user
cn: john
memberof: cn=developers,ou=groups,dc=company,dc=com

Use group (DN) if your LDAP Users refer to LDAP Groups by DN, use the groupOfNames (RDN) if your Users refers to Groups by RDN, and use the groupOfNames (Name) if your LDAP Users refers to LDAP Groups by name (such as the groups’s cn attribute value).

Additional User Group Lookup Configuration Parameters

When a LDAP Group Style is selected, the HYTE Console will pre-fill most of the remaining Group and User related fields:

ldap.group.settings

You will need to provide values for the remaining fields such as the Group and User search Base DN values.

Adding LDAP Users and LDAP User Groups

After LDAP has been properly configured, you can link LDAP Users and User Groups on the LDAP Users Settings panel:

settings.ldap.users

To add an LDAP User or User Group, select the Add button. To remove a User or User Group, select the User or group in the table, then select the Remove button.

ldap.user.add

When adding Users or User Groups, typing a name or partial match name into the Filter box on the top right of the Add popup window will narrow down search results. A new LDAP search is executed using your given filter when the filter changes, this is helpful when your search results exceed the configured LDAP Search Limit.

How LDAP Authentication Works

LDAP authentication works as follows in the console:

  1. User enters LDAP credentials on console login screen.

  2. Console uses LDAP admin credentials to connect to LDAP and find user’s LDAP entry.

  3. Console ensures LDAP user is linked (approved) in settings.

  4. Console authenticates user to LDAP with user’s LDAP distinguished name (DN), and user-provided password.

  5. Console determines user’s associated LDAP user groups using LDAP admin credentials.

  6. Console checks to ensure at least one of the user’s LDAP user groups is linked (approved) in console.

LDAP Authentication Example

An example walk through of the LDAP authentication steps:

Example Step 1. User enters LDAP credentials on console login screen.

A user enters john as username, and password as password.

Example Step 2. Console uses LDAP admin credentials to connect to LDAP and find user’s LDAP entry.

The Console administrator has previously configured the following information in the Console:

  1. LDAP connection URL: ldap://ldapserver:389

  2. LDAP Admin DN: cn=admin,ou=users,dc=company,dc=com

  3. LDAP Admin Password: adminpassword

  4. LDAP User Lookup Base DN: ou=users,dc=company,dc=com

  5. LDAP User Lookup Search Filter: (cn=${username})

In this step, the console authenticates to LDAP using admin credentials, and utilizes that connection to search for the user’s LDAP entry.

To search for the User’s LDAP Entry, the Console uses the LDAP User Lookup Base DN ou=users,dc=company,dc=com, and the LDAP User Lookup Search Filter (cn=john). Note that the Console replaced the search filter parameter ${username} with the user entered name of john.

The search results in the following LDAP entry:

dn: cn=john,ou=users,dc=company,dc=com
cn: john
sn: smith
mail: john@company.com
memberOf: developers

If the search results contain multiple LDAP entries, or no results, or Admin authentication fails, the user is not allowed to login.

*Example Step 3. Console ensures LDAP user is linked in settings. *

The console determines if the LDAP User is in the list of linked LDAP users that have been configured on the LDAP Users settings panel.

If the LDAP User has not been linked to the Console, the user is not allowed to login.

*Example Step 4. Console authenticates user to LDAP with user’s LDAP distinguished name (DN), and user-provided password. *

The HYTE Console now opens a second LDAP connection to verify the user’s credentials. It authenticates using the user’s LDAP entry’s DN cn=john,ou=users,dc=company,dc=com. and the password the user provided on the login screen: password.

If the user authentication fails, the user is not allowed to login.

*Example Step 5. Console determines user’s associated LDAP user groups using LDAP admin credentials. *

For this example, we will assume the HYTE Console system administrator configured LDAP user group lookup as follows:

  1. Group Lookup Style: objectClass: group (DN)

  2. Group Lookup Base DN: ou=groups,dc=company,dc=com

  3. Group Lookup Search Filter: (cn=${groupname})

  4. Linked LDAP groups: developers

The console will re-use the LDAP admin authenticated connection from Step 2 to execute a search for the User’s LDAP groups.

The search will use the Group Lookup Base DN ou=groups,dc=company,dc=com, and the Group Lookup Search Filter (cn=developers). Note that the Console replaced the search filter parameter ${groupname} with the User’s LDAP Entry’s memberOf attribute value.

The search results in the following LDAP group entry:

dn: cn=developers,ou=groups,dc=company,dc=com
cn: developers

If the group search results in zero LDAP entries, the user is not allowed to login.

Example Step 6. Console checks to ensure at least one of the user’s LDAP groups is linked (approved).

The Console inspects the previously configured list of linked LDAP groups, and discovers that the developers group for this user is approved for usage in the system, so the user is authorized to use the system with permissions configured for that linked LDAP group.

If none of the User’s groups are linked in the Console’s LDAP user groups configuration, the user is not allowed to login.

If none of the User’s groups are linked to an Application security object, the user is not allowed to login. For more information about console authorization and Applications, consult the [Security Guide].

ACI Reference

ActiveMQ ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

ActiveMQ Server

X

View ActiveMQ Servers

Servers

Broker Garbage Collection

Force garbage collection

Servers

Broker Logging Reset

Reset logging

Servers

Broker Memory Configuration

Change memory configuration

Servers

Broker Start & Stop

Start or stop Brokers

Servers

Broker Statistics

X

Enable, disable, or reset stats

Servers

Connection Start & Stop

Start or stop Connections

ActiveMQ Connections

Connection Statistics

Enable, disable, or reset stats

ActiveMQ Connections

Connection View

X

View Page

ActiveMQ Connections

Consumers View

X

View Page

ActiveMQ Consumers

Message Browse

X

Browse messages

Message Browse

Message Copy

Copy messages

Message Browse

Message Move

Move messages

Message Browse

Message Remove

Remove messages

Message Browse

Message Send

Send messages

Send Message

Message Tool URL

View or edit JMS URL

Send Message, and Browse Message

Message Tool Credentials

View or edit JMS Credentials

Send Message, and Browse Message

Network Connector Add & Edit

Add or edit Network Connectors

ActiveMQ Network Connectors

Network Connector Remove

Remove Network Connectors

ActiveMQ Network Connectors

Network Connector Start & Stop

Start or stop Network Connectors and Bridges

ActiveMQ Network Connectors, and ActiveMQ Network Bridges

Network Connector Statistics

Enable, disable, or reset stats

ActiveMQ Network Connectors

Network Connector View

X

View Page

ActiveMQ Network Connectors, and ActiveMQ Network Bridges

Producers View

X

View Page

Producers

Queue Add & Edit

X

Add or edit Queues

ActiveMQ Queues

Queue Purge

Purge Queues

ActiveMQ Queues

Queue Remove

Remove Queues

ActiveMQ Queues

Queue Statistics

Enable, disable, or reset stats

ActiveMQ Queues

Queue View

X

View Page

ActiveMQ Queues

Subscription Add & Edit

Add or edit Subscriptions

ActiveMQ Subscriptions

Subscription Remove

Remove Subscriptions

ActiveMQ Subscriptions

Subscription View

X

View Page

ActiveMQ Subscriptions

Topic Add & Edit

Add or edit Topics

ActiveMQ Topics

Topic Remove

Remove Topics

ActiveMQ Topics

Topic Statistics

Enable, disable, or reset stats

ActiveMQ Topics

Topic View

X

View Page

ActiveMQ Topics

Transport Connector Add & Edit

Add or Edit Transport Connectors

ActiveMQ Transport Connectors

Transport Connector Remove

Remove Transport Connectors

ActiveMQ Transport Connectors

Transport Connector Start & Stop

Start or stop Transport Connectors

ActiveMQ Transport Connectors

Transport Connector Statistics

Enable, disable, or reset stats

ActiveMQ Transport Connectors

Transport Connector View

View Page

ActiveMQ Transport Connectors

Camel ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

Camel Server

X

View Camel servers

Servers

Component View

X

View Page

Camel Components

Consumer Start & Stop

Start, stop, suspend, and resume a Component

Camel Components

Consumer View

X

View Page

Camel Consumers

Context Counters

Reset counters

Camel Contexts

Context Start & Stop

Start, stop, restart, suspend, and resume a Context

Camel Contexts

Context Statistics

Enable, disable, and reset statistics

Camel Contexts

Context Tracing

Enable and disable tracing

Camel Contexts

Context View

X

View Page

Camel Contexts

Context View All Routes as XML

X

View and download a Context’s Routes

Camel Contexts

Endpoint View

X

View Page

Camel Endpoints

Error Handler View

X

View Page

Camel Error Handlers

Event Notifier View

X

View Page

Camel Event Notifiers

Processor Start & Stop

X

Start, stop, and reset a Processor

Camel Processors

Processor Statistics

Enable, disable, and reset statistics

Camel Processors

Processor View

X

View Page

Camel Processors

Route Counters

Reset counters

Camel Routes

Route Descriptor

X

View and download a Route’s XML Descriptor

Camel Routes

Route Remove

Remove a Route

Camel Routes

Route Start & Stop

Start, stop, suspend, and resume a Route

Camel Routes

Route Statistics

Enable, disable, and reset statistics

Camel Routes

Route Tracing

X

Enable and disable messaging exchange tracing

Camel Routes

Route View

X

View Page

Camel Routes

Service Start & Stop

Start, stop, suspend, and resume a Service

Camel Services

Service View

X

View Page

Camel Services

Thread Pool Purge

Purge a thread pool

Camel Thread Pools

Thread Pool View

X

View Page

Camel Thread Pools

Tracer Clear

Clear a Tracer

Camel Tracers

Tracer Counters

Reset counters

Camel Tracers

Tracer View

X

View Page

Camel Tracers

CXF ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

CXF Server

X

View CXF servers

Servers

Bus View

X

View Page

the CXF Buses

Bus Start & Stop

Start and stop Buses

CXF Buses

Operation View

X

View Page

CXF Operations

Operation Statistics

Reset statistics

CXF Operations

Service View

X

View Page

CXF Services

Service Start & Stop

Start and stop services

CXF Services

Service Destroy

Remove a Service

CXF Services

Service Statistics

Reset statistics for Services

CXF Services

Work Queue View

X

View Page

CXF Work Queue

Work Queue Set High/Low Water Marks

Specify maximum and minimum Work Queue sizes

CXF Work Queue

Work Queue Manager View

X

View Page

CXF Work Queue Manager

Work Queue Manager Start & Stop

Start and stop Work Queue Managers

CXF Work Queue Managers

JVM ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

JVM Server View

X

View JVM Servers

Servers, and JVM Information

JVM View Threads

X

View Page

JVM Threads

JVM View VM Args

X

View VM arguments

JVM Information

Karaf ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

Karaf Server View

X

View Karaf servers

Servers

Bundle View

X

View Page

Karaf Bundles

Bundle Start & Stop

Start, stop, restart, resolve, refresh, and set bundle start level

Karaf Bundles

Bundle Install & Update

Install and update bundles

Karaf Bundles

Bundle Uninstall

Uninstall bundles

Karaf Bundles

Feature View

X

View Page

Karaf Features

Feature Install

Install features

Karaf Features

Feature Uninstall

Uninstall features

Karaf Features

Feature Repository View

X

View Page

Karaf Feature Repositories

Feature Repository Install & Update

Install feature repositories

Karaf Feature Repositories

Feature Repository Uninstall

Uninstall feature repositories

Karaf Feature Repositories

Framework Start & Stop

Update, restart, and shutdown the Karaf Framework

Servers

IBM® MQ® ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

MQ Server View

X

View MQ servers

Servers

AuthInfo View

X

View Page

MQ AuthInfos

AuthInfo Add & Edit

Add & Edit AuthInfos

MQ AuthInfos

AuthInfo Remove

Remove AuthInfos

MQ AuthInfos

Channel View

X

View Page

MQ Channels

Channel View Details

X

View Channel Details

MQ Channels

Channel Add & Edit

Add & Edit Channels

MQ Channels

Channel Remove

Remove Channels

MQ Channels

Channel Start & Stop

Start & Stop Channels

MQ Channels

Channel Ping

Ping Channels

MQ Channels

Cluster Queue Manager View

X

View Page

MQ Cluster Queue Managers

Cluster Queue Manager View Details

X

View Cluster Queue Manager Details

MQ Cluster Queue Managers

CommInfo View

X

View Page

MQ CommInfos

CommInfo Add & Edit

Add & Edit CommInfos

MQ CommInfos

CommInfo Remove

Remove CommInfos

MQ CommInfos

Connection View

X

View Page

MQ Connections

Connection Stop

Stop Connections

MQ Connections

Connection Handle View

X

View Page

MQ Connection Handles

Entity Authority View

X

View Page

MQ Entity Authorities

Entity Authority Add & Edit

Add & Edit Entity Authorities

MQ Entity Authorities

Entity Authority Remove

Remove Entity Authorities

MQ Entity Authorities

Entity Authority Refresh

Refresh Entity Authorities

MQ Entity Authorities

Listener View

X

View Page

MQ Listeners

Listener Add & Edit

Add & Edit Listeners

MQ Listeners

Listener Remove

Remove Listeners

MQ Listeners

Listener Start & Stop

Start & Stop Listeners

MQ Listeners

Message Browse

X

Browse messages

Message Browse

Message Copy

Copy messages

Message Browse

Message Move

Move messages

Message Browse

Message Remove

Remove messages

Message Browse

Message Send

Send messages

Send Message

Message Tool URL

View or edit JMS URL

Send Message, and Browse Message

Message Tool Credentials

View or edit JMS Credentials

Send Message, and Browse Message

Namelist View

X

View Page

MQ Namelists

Namelist Add & Edit

Add & Edit Namelists

MQ Namelists

Namelist Remove

Remove Namelists

MQ Namelists

Process View

X

View Page

MQ Processes

Process Add & Edit

Add & Edit Processes

MQ Processes

Process Remove

Remove Processes

MQ Processes

Publisher View

X

View Page

MQ Publishers

Pub Sub Status View

X

View Page

MQ Pub Sub Status

Queue View

X

View Page

MQ Queues

Queue View Details

X

View Queue Details

MQ Queues

Queue Add & Edit

Add & Edit Queues

MQ Queues

Queue Remove

Remove Queues

MQ Queues

Queue Inhibit

Inhibit or enable puts and gets

MQ Queues

Queue Purge

Purge Queues

MQ Queues

Queue Statistics

Reset statistics for Queues

MQ Queues

Queue Manager View Details

X

View Queue Manager Details

Servers

Queue Manager Command

Execute a command on the Queue Manager

Servers

Queue Manager Edit

Edit Queue Manager & Refresh Cluster

Servers

Queue Manager Ping

Ping Queue Manager

Servers

Queue Handle View

X

View Page

MQ Queue Handles

Service View

X

View Page

MQ Services

Service Add & Edit

Add & Edit Services

MQ Services

Service Remove

Remove Services

MQ Services

Service Start & Stop

Start & Stop Service

MQ Services

Subscriber View

X

View Page

MQ Subscriber

Subscription View

X

View Page

MQ Subscriptions

Subscription View Details

X

View Subscription Details

MQ Subscriptions

Subscription Add & Edit

Add & Edit Subscriptions

MQ Subscriptions

Subscription Remove

Remove Subscriptions

MQ Subscriptions

Topic View

X

View Page

MQ Topics

Topic View Details

X

View Topic Details

MQ Topics

Topic Add & Edit

Add & Edit Topics

MQ Topics

Topic Remove

Remove Topics

MQ Topics

Topic Inhibit

Inhibit or enable puts and gets

MQ Topics

Topic String View

X

View Page

MQ Topic Strings

Topic String Clear

Clear Topic String

MQ Topic Strings

Tibco® EMS® ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

Tibco Server View

X

View Tibco servers

Servers

Connection View

X

View Page

Tibco Connections

Connection Add & Edit

Add & Edit Connections

Tibco Connections

Connection Start & Stop

Start & Stop Connections

Tibco Connections

Consumer View

X

View Page

Tibco Consumers

Producer View

X

View Page

Tibco Producers

Queue Add & Edit

Add & Edit Queues

Tibco Queues

Queue Remove

Remove Queues

Tibco Queues

Queue View Details

X

View Queue Details

Tibco Queues

Server Edit

Edit Server

Servers

Server Start & Stop

Start & Stop Server

Servers

Server Statistics

Enable & Disable Server Statistics

Servers

Server View Details

X

View Queue Details

Servers

Subscription View

X

View Page

Tibco Subscriptions

Subscription Add & Edit

Add & Edit Subscriptions

Tibco Subscriptions

Subscription Remove

Remove Subscriptions

Tibco Subscriptions

Topic View

X

View Page

Tibco Topics

Topic View Details

X

View Topic Details

Tibco Topics

Topic Add & Edit

Add & Edit Topics

Tibco Topics

Topic Remove

Remove Topics

Tibco Topics

Transport View

X

View Page

Tibco Transports

Transport Start & Stop

Start & Stop Transport

Tibco Transports

Transport Remove

Remove Transports

Tibco Transports

Settings ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

Security ACIs

View, add, edit, and remove ACI Groups

Settings

Security Applications

View, add, edit, and remove Applications

Settings

Security Audit

X

View Security audit inspection tool, and audit buttons on various Settings panels such as the Users or Servers panels.

Settings

Security Documentation

X

View documentation from within the Console.

Settings, and Help.

Security Filters

View, add, edit, and remove Filters

Settings

Security Preferences

View, add, edit, and remove ACI Groups

Settings

Security Roles

View, add, edit, and remove Roles

Settings

Security Servers

View, add, edit, and remove Servers and Server Groups

Settings, and Server

Security Users

View, add, edit, and remove Users and User Groups

Settings

View System Details

X

View system details on the Help Panel.

All

Tracing ACI Reference

ACI Name

Read Only

Action(s)

Page(s)

Tracing Service Inspect

X

Inspect Tracing Service Events

Tracing Inspector

Security Audit Tooling

Audit Tooling Overview

The HYTE Console provides security audit tooling to aid in debugging complex security configurations. The audit tooling simplifies understanding and debugging user’s permissions on the system through inspection.

Security Audit ACI

Audit tooling is secured with a system wide Settings Audit ACI. Users associated with this ACI will be able to use any audit tooling in the system. Audit tooling will be hidden from users who do not have this ACI.

We recommend special care is given to granting a user Audit permissions, as users with Audit permissions are able to Audit the mapping of all related module objects. For example, a user with only Security Users and Security Audit permissions would be able to click the Audit button on the Users security panel and see details Profiles, User Groups, and Roles that a specific user is assigned - even though the user does not have permission to view or change these settings on the Profiles/User Groups/Roles security panels.

Security Audit Settings Panel

security.audit

The Audit Security Panel aids in debugging complex security configurations for ActiveMQ, Camel, and WebSphereMQ;. An auditor simply selects a user and server to see the items and actions that the given user will be able to view or perform on that server.

Audit data contains links for security objects for further inspection of that specific item.

security.audit.detail

Icons after links can be hovered over for information relating to the chosen user and server.

audit.aci.icon

ACI link icons indicate ACI groups for the selected user that the ACI came from.

audit.server.icon

Server Group link icons indicate Server groups the selected server comes from.

audit.user.icon

User Group link icons indicate groups the User is a member of.

Security Audit for Security Objects

Many of the Security objects such as Users, User Groups, Servers, Filters, and ACI Groups have an Audit button that appears when an item is selected. From here, a system administrator can quickly inspect and remedy access control issues.

security.audit.detail

Troubleshooting Guide

Known Limitations

Known Limitations: Usability and Functionality

  1. Adding authorization entries to the xml config files manually could lead to inconsistent linking of authorization resources and/or internal errors when authorization is being calculated. It is not recommended to make changes by hand and should only be done so by the direction of a HYTE Support Engineer.

  2. When removing a Role, all related Application Roles will be deleted. If the intent is to just add or remove access to a specific feature, Edit the associated Application(s) instead.

Known Limitations: Security

Potential for security information leak with Settings Audit ACI permission.

The Settings Audit ACI grants a user access to view ALL auditable objects, including objects the user may not be able to see or manage otherwise.

For example, a user with both the Settings Audit and Settings User ACI permissions would see the Users settings panel. But, this user would not be able to see the ACI Groups Settings Panel - rendering the ACI groups security information invisible.

However, this Administrator could select a User Group on the Users Setting Panel, then select the Audit action, then click through a series of linked Security Objects, to see ACI Group details:

audit.leak

Known Limitations: ActiveMQ

  1. ActiveMQ’s support for changing memory configuration remotely does not persist after a restart. Changes to memory configuration should only be used for testing scenarios and as a last resort for a distressed server.

  2. ActiveMQ’s support for adding and removing transport connectors and network connectors does not persist after a restart. These features are provided for testing application error handling scenarios and for administrators during maintenance.

  3. There is a bug with ActiveMQ brokers (version 5.8.x-5.9.x) when adding Transport Connectors via JMX. The transport connector is added, starts listening on the port, but is not correctly wired up into the broker. The recommended work around is to upgrade or add transport connectors to the etc/activemq.xml file directly. (ref: IC-1115)

  4. There is a bug with ActiveMQ brokers (version 5.8.x-5.9.x) when adding Network Connectors via JMX. The connector is added, starts listening on the port, but is not correctly wired up into the broker. The recommended work around is to upgrade or add connectors to the etc/activemq.xml file directly. (ref: IC-1134)

  5. Viewing persistence adapters for ActiveMQ brokers version 2.11.x is currently unsupported. (ref: IC-1222)

  6. Queues removed from ActiveMQ with the HYTE Console may re-appear when ActiveMQ is restarted, due to a bug (https://issues.apache.org/jira/browse/AMQ-4970) in ActiveMQ versions before 5.9.1.

  7. If your ActiveMQ instance has multiple brokers, the Console will only communicate with one of the brokers. In this case, the selected broker will be the broker with a name that matches (case-sensitive) the name provided on the "Add Server" screen. If no broker is found with a matching name, the first broker found will be selected.

Known Limitations: Camel

  1. The Context Stop Action is not available until Camel 2.13.0, but the button will appear in the Action drop-down for all versions of Camel. If a user tries to stop the context, there will be no indicator in the UI. This is done in order to protect version information from unintentionally leaking to users that may not have privilege to see version information. Additionally, removal of the Action item would indicate that a permission is not configured, which could cause confusion to administrators who have configured the permission correctly. (ref: IC-922)

  2. Camel does not track Completed Exchange Time or Completed Exchange ID information for exchanges that fail. This is a limitation in the Camel API. Exchanges that result in failure will show up in the Failed count on the Servers page, but the Completed Exchange Time and Completed Exchange ID fields will not reflect the failed exchange’s info. (ref: IC-924)

  3. Retrieving endpoints for a route is unsupported in camel 2.15.x.

Known Limitations: CXF

  1. CXF does not expose service operations or service performance metrics via JMX without a CXF CounterRepository. CXF requires a <strong>CounterRepository</strong> to be configured for exposing operations and service performance metrics via JMX. Instructions for configuring a CounterRepository are included on the CXF [JMX Management Guide](http://cxf.apache.org/docs/jmx-management.html) under the <strong>How to get web service performance metrics?</strong> section.

  2. CXF does not expose service operations to the HYTE Console until the operation has been invoked.

  3. CXF versions 3.0.1 and higher do not expose service operations to the HYTE Console until the operation has been successfully invoked without an exception response.

Known Limitations: Karaf

  1. Fuse Minimal/Medium Installations: The management feature must be installed for the HYTE Console to manage Karaf instances. Installation instructions for the management feature are provided in the [Karaf Feature Reference](karaf.html).

  2. Be careful not to uninstall or stop system features or bundles. Stopping a system level feature or bundle will halt or damage your Fuse installation.

Known Limitations: IBM WebSphere MQ®

  1. IBM® MQ® does not support a query to retrieve the number of messages enqueued and dequeued without resetting the statistics back to zero. MQ® does this in order to support the ability to collect absolute counts over time. The HYTE Console does not support reading those metrics at this time, as doing so would interfere with monitoring and statistics collecting efforts.

  2. IBM’s MQMD header only allows for the correlationId to be 24 characters in length. If a user sends a JMS message with targetClient=0, the correlationId will be truncated to 24 characters.

    Work around: If application must send as targetClient=0, be sure that correlationId is less than or equal to 24 characters.
  3. Testing JMS connections for servers in the console with the MQ® feature requires Temp Queue creation permissions for the JMS credentials being tested.

  4. IBM MQ® will not return an error to the HYTE Console when the "Start Listener" command is issued to a Listener configured to run on a privileged TCP/IP port (1 - 1024) when IBM MQ® is running as a non-root user. [IC-1710]

    Work around: configure all Listeners to run on non-privileged TCP/IP port (> 1024)
  5. IBM MQ® will not remove Entity Authorities when the object name is @class. Recommended workaround is to edit the Entity Authority object and change its authority type from Create to None. [IC-1852]

  6. IBM MQ® may return an error if a user attempts to purge a queue with an active consumer connected to the same queue. If the error code returned: 4004 "MQRCCF_OBJECT_OPEN"

    This is due to the queue being configured to have the InputOpenOption set to "Exclusive".
    There are two possible solutions:
    1. Configure the queue InputOpenOption to be "Shared".

      *Note: Setting the option to "Shared" would allow a second consumer to pull messages, and any message ordering expectation would be lost. Consult with application developers to ensure this configuration change will not negatively impact the application.*
      ii. Disconnect the active consumer, then purge the queue.

Known Limitations: JBoss Fuse/A-MQ

  1. There is a known issue where the HYTE Console’s JMS test connection will fail due to a permission issue regarding temp-queue destinations. This is observed on various patch releases in the 6.1.1 series, including: jboss-fuse 6.1.1.redhat-412 and/or jboss-a-mq-6.1.1.redhat-412. The issue is resolved by upgrading JBoss Fuse and/or A-MQ to the 6.1.1 Roll-up 4 Patch 2 update. Patch file: jboss-fuse-6.1.1.redhat-463-r4-p2.zip. [IC-2162, IC-2150]

Example error message:

com.mediadriver.messaging.service.api.v2.MessagingException: javax.jms.JMSException: User admin is not authorized to create: temp-queue:/ID:jbmbpro2014.local-58070-1467232403384-41:1:1
at com.mediadriver.messaging.service.jms11.v2.Jms11MessagingService.wrapException(Jms11MessagingService.java:84)

Known Limitations: Tibco EMS®

  1. There is a bug in various point releases in Tibco® EMS® version 8.2.x that prevent message selectors from taking effect. This prevents the HYTE Console from being able to perform a number of messaging tasks including: Message Browse, Copy, Move and Delete of selected messages. The issue is fixed by version 8.3.0. [IC-2098, IC-2093]

Reset Initial Setup

Initial Setup can be reset at any time:

Step #1: Open the following file in a text editor:

${CONSOLE_CONFIG_HOME}/modules/ConsoleSecurityModule/preferences.xml

Step #2: Change this line:

<installFinished>true</installFinished>
to say:
<installFinished>false</installFinished>

Step #3: Save the configuration file.

Step #4: Restart your web application container (Fuse, Karaf, or Tomcat).

Configuring Logging & Configuration File Locations

Unless configured otherwise (more on that below), the console’s configuration files will be in the following location:

  • JBoss Fuse/Apache Karaf Installations: ${KARAF_INSTALL_LOCATION}/etc/md-console/

  • Tomcat Installations: ${TOMCAT_INSTALL_LOCATION}/etc/md-console/

For the remainder of this document, substitute the directory above for references: ${CONSOLE_CONFIG_HOME}.

Unless configured otherwise (more on that below), Console logs will be in the following location:

  • JBoss Fuse/Apache Karaf Installations: ${KARAF_INSTALL_LOCATION}/data/log/md-console/

  • Tomcat Installations: ${TOMCAT_INSTALL_LOCATION}/logs/md-console/

Overriding Configuration & Log File Locations

The HYTE Console features a robust config/log location lookup scheme that’s easily configurable.

The location lookup logic features a debug mode. When debug mode is enabled, location lookup steps will be printed to the console, here is an example:

[ConfigPathResolver INFO]: Path lookup debug mode is ON, because environment variable or system property is non-empty: md.console.config.debug
[ConfigPathResolver INFO]: Determining console config and logging paths. Working Directory: /Users/jason/Documents/code/md/console/war.parent/war.test/./
[ConfigPathResolver DEBUG]: Determining console config path:
[ConfigPathResolver DEBUG]: Checking for environment variable: md.console.config.directory
[ConfigPathResolver DEBUG]: Checking for system property: md.console.config.directory
[ConfigPathResolver DEBUG]: Checking for property file on classpath: com.mediadriver.console.core.cfg
[ConfigPathResolver DEBUG]: Checking for Karaf etc/com.mediadriver.console.core.cfg file
[ConfigPathResolver DEBUG]: Checking for Karaf installation.
[ConfigPathResolver DEBUG]: Karaf not detected, skipping step.
[ConfigPathResolver DEBUG]: Checking for Tomcat etc/com.mediadriver.console.core.cfg file
[ConfigPathResolver DEBUG]: Checking for Tomcat installation.
[ConfigPathResolver DEBUG]: Tomcat not detected, skipping step.
[ConfigPathResolver DEBUG]: Checking for ${CWD}/etc config file: /Users/jason/etc/com.mediadriver.console.core.cfg
[ConfigPathResolver DEBUG]: Config file not detected, skipping step.
[ConfigPathResolver DEBUG]: Checking for ${CWD} config file: /Users/jason/com.mediadriver.console.core.cfg
[ConfigPathResolver DEBUG]: Config file not detected, skipping step.
[ConfigPathResolver DEBUG]: Checking for Karaf installation.
[ConfigPathResolver DEBUG]: Checking for Tomcat installation.
[ConfigPathResolver DEBUG]: Checking for default directory: /Users/jason/etc/md-console
[ConfigPathResolver INFO]: Using configuration directory: /Users/jason/etc/md-console/
[ConfigPathResolver DEBUG]: Determining console logging path:
[ConfigPathResolver DEBUG]: Checking for Karaf Installation.
[ConfigPathResolver DEBUG]: Checking for environment variable: md.console.logging.directory
[ConfigPathResolver DEBUG]: Checking for system property: md.console.logging.directory
[ConfigPathResolver DEBUG]: Checking for property file on classpath: com.mediadriver.console.core.cfg
[ConfigPathResolver DEBUG]: Checking for Tomcat installation.
[ConfigPathResolver DEBUG]: Checking for default directory: /Users/jason/logs/md-console
[ConfigPathResolver INFO]: Using logging directory: /Users/jason/logs/md-console/
You will see System.out output in the Fuse/Karaf console, or in Tomcat’s ${TOMCAT_INSTALLATION_LOCATION}/logs/catalina.out.

Enable the location debug mode by setting an environment variable or a JVM system property with the name "md_console_path_debug", for example:

# example: set environment variable in a bash shell before starting karaf or tomcat..
> export md.console.config.debug=true
> ${TOMCAT_INSTALL_LOCATION}/bin/startup.sh
# example: set a system property in a java command line
# add this to your systems startup script such as tomcat's startup.sh
JAVA_OPTS="${JAVA_OPTS} -Dmd.console.config.debug=true"

Configuration Location Lookup Steps:

  1. Check for environment variable md.console.config.directory. The variable should specify a directory path, if the variable or path do not exist, skip this step.

  2. Check for JVM system property md.console.config.directory. The property should specify a directory path, if the property or path do not exist, skip this step.

  3. Check for a properties file named com.mediadriver.console.core.cfg on the class path. If that properties file exists, extract the md.console.config.directory property from the file. The property should specify a directory path, if the property or path do not exist, skip this step.

  4. Check for Fuse or Karaf installation. If either is detected, look for the property file ${KARAF_INSTALL_LOCATION}/etc/com.mediadriver.console.core.cfg. If that properties file exists, extract the md.console.config.directory property from the file. The property should specify a directory path, if the property or path do not exist, skip this step.

  5. Check for Tomcat installation. If Tomcat is detected, look for the property file ${TOMCAT_INSTALL_LOCATION}/etc/com.mediadriver.console.core.cfg. If that properties file exists, extract the md.console.config.directory property from the file. The property should specify a directory path, if the property or path do not exist, skip this step.

  6. Check for the property file ${WORKING_DIRECTORY}/etc/com.mediadriver.console.core.cfg, where ${WORKING_DIRECTORY} refers to the JVM’s current working directory (the directory you were in when you started fuse, karaf, or tomcat). If that properties file exists, extract the md.console.config.directory property from the file. The property should specify a directory path, if the property or path do not exist, skip this step.

  7. Check for the property file ${WORKING_DIRECTORY}/com.mediadriver.console.core.cfg, where ${WORKING_DIRECTORY} refers to the JVM’s current working directory (the directory you were in when you started fuse, karaf, or tomcat). If that properties file exists, extract the md.console.config.directory property from the file. The property should specify a directory path, if the property or path do not exist, skip this step.

  8. Check for Fuse or Karaf installation. If either is detected, use the following path: ${KARAF_INSTALL_LOCATION}/etc/md-console

  9. Check for Tomcat installation. If Tomcat is detected, use the following path: ${TOMCAT_INSTALL_LOCATION}/etc/md-console

  10. Check if the fallback default config directory exists. If it does not exist, attempt to create it and use it. The default config directory is ${WORKING_DIRECTORY}/etc/md-console, where ${WORKING_DIRECTORY} refers to the JVM’s current working directory (the directory you were in when you started fuse, karaf, or tomcat).

Fuse / Karaf Logging Location Lookup Steps:

In Fuse/Karaf installations, the logging location lookup does not apply, as logging is controlled by the ${KARAF_INSTALL_LOCATION}/etc/org.ops4j.pax.logging.cfg file. Instructions for modifying this file are included earlier in this document in the Fuse/Karaf installation guide.

Tomcat Logging Location Lookup Steps:

  1. Check for environment variable md.console.logging.directory. The variable should specify a directory path, if the variable or path do not exist, skip this step.

  2. Check for JVM system property md.console.logging.directory. The property should specify a directory path, if the property or path do not exist, skip this step.

  3. Check for a properties file named com.mediadriver.console.core.cfg on the class path. If that properties file exists, extract the md.console.logging.directory property from the file. The property should specify a directory path, if the property or path do not exist, skip this step.

  4. Check for Tomcat installation. If Tomcat is detected, use the following path: ${TOMCAT_INSTALL_LOCATION}/logs/md-console

  5. Check if the fallback default logging directory exists. If it does not exist, attempt to create it and use it. The default logging directory is ${WORKING_DIRECTORY}/logs/md-console, where ${WORKING_DIRECTORY} refers to the JVM’s current working directory (the directory you were in when you started fuse, karaf, or tomcat).

Service Call / LDAP Timing

To monitor service call and LDAP timings in the console.log file, add the following logging configuration to your log configuration file:

# This enables MQ® service call timings.
log4j.logger.com.mediadriver.mq.service.MQProxyService.performance=DEBUG
# This enables Camel service call timings.
log4j.logger.com.mediadriver.camel.service.CamelProxyService.performance=DEBUG
# This enables ActiveMQ service call timings.
log4j.logger.com.mediadriver.activemq.service.ActiveMQProxyService.performance=DEBUG
# This enables CXF service call timings.
log4j.logger.com.mediadriver.cxf.service.CxfProxyService.performance=DEBUG
# This enables Karaf service call timings.
log4j.logger.com.mediadriver.karaf.service.KarafProxyService.performance=DEBUG
# This enabled LDAP authentication call timings.
log4j.logger.com.mediadriver.ldap.security.LdapAuthService.performance=DEBUG
log4j.logger.com.mediadriver.ldap.security.LDAPService.performance=DEBUG

Contact Us

Get in touch with HYTE by emailing us: sales@hyte.io.

Release Notes

Release Notes for version 4.x

  • Renamed product as "HYTE Console"

Release Notes for version 3.0.18

  • Support for Karaf 3.0.0-3.0.8 and 4.0.0-4.0.10 releases

  • Update to Wicket version 6.28.0

Release Notes for version 3.0.16

  • Add additional jump links from MQ objects such as Remote Queue, Remote Queue Manager, and Transmission Queues

Release Notes for version 3.0.15

  • [IC-2554] Support for Scheduling IBM MQ Command tasks

  • [IC-2518] Updates to Camel Tracing to support optimized db structure and 2 search modes

  • Updates to notification services configuration settings

  • 40+ Various fixes and performance improvements

Release Notes for version 3.0.14

  • [IC-2603] Add configuration setting for messaging service thread pool multiplier

Release Notes for version 3.0.13

  • Update the console to use the models from the 3.2.0 Camel Tracing release

  • Various Camel Tracing UX and performance fixes

Release Notes for version 3.0.12

New Features:

  • [IC-2558] Ability to specify number of messages returned in a Messaging Browse Task

  • [IC-2552] Update labels for Camel Tracing Search data ranges to abide by UX

  • [IC-2536] Remove the ActiveMQ Configuration Settings panel from displaying with MQ and EMS servers

  • [IC-2342] Add a progress indicator when executing MQ administration commands

  • [IC-2563] Improve handling of "&" character in transport connector uri by MD ActiveMQ Config Service

  • Support for ActiveMQ 5.14.5 and 5.15.0 releases

  • Various Camel Tracing fixes and UX enhancements

  • 37 total bug fixes and enhancements

Release Notes for version 3.0.3

New Features:

  • MQTT Message Send and Message Consume

  • ActiveMQ Remote Config Support: Ability to remote manage ActiveMQ configuration for Composite Topics and Composite Queues

  • ActiveMQ versions: Update support to include latest 5.13.x and 5.14.x patch release

  • Camel versions: Update support to include latest 2.16.x and 2.17.x patch releases

  • Red Hat Fuse versions: Fuse 6.2.1 Camel 2.15.1.redhat.621084

  • Cxf versions: Update support to include latest 2.7.x and 3.0.x patch releases

Fixed Issues:

  • 90+ various minor fixes and improvements

Release Notes for version 3.0.2

New Features:

  • ActiveMQ Remote Config Support: Ability to remote manage ActiveMQ configuration for Authorization Entries and Virtual Topics

  • Display ISO8601 format for timestamps (used by XML and JSON)

Fixed Issues:

  • 15+ various minor fixes and improvements

Release Notes for version 3.0.1

New Features:

  • ActiveMQ: Add support for ActiveMQ up through 5.12.3 and 5.13.4

  • IBM MQ: Add support for 7.5.0.6 and 8.0.0.5 patches

  • Security: Disabled SSH service by default

  • Performance: Apply best practice Java VM tuning settings to all installations by default

  • Settings: Bundle menu item allows administrators to upload and installation of 3rd party libraries for IBM MQ and Tibco EMS

Fixed Issues:

  • [IC-2231] All HYTE Console created threads should have user-friendly names

  • [IC-2178] Message consume button should flip to "start" when consume task finishes

  • 20+ various minor fixes and improvements

Release Notes for version 3.0.0

New Features:

  • Core: Upgraded UI/UX for 3.0.0

  • Tibco EMS: Support for Tibco EMS 8.x servers

  • ActiveMQ: Support for HYTE ActiveMQ Client Rebalance Plugin

  • Messaging: Support for consuming messages with the Message Browse tool

  • Messaging: Support for Copy All, Move All and Delete All from message queues

  • Messaging: Support for configuring receive timeout during message browse and consume

  • Messaging: Support for setting a maximum execution time for send and receive tasks

  • Messaging: Support for storing message bodies separately from message meta data for performance and efficiency boost when working with large messages

  • Karaf: Support for instance names other than the default "root" instance name

Release Notes for version 2.3.15

New Features:

  • Core: Added ability to configure config file location in a properties file.

  • Core: Audit logs now contain proxy IP address when the console is hosted behind a proxy or load balancer.

  • ActiveMQ: Added support for Active MQ v5.11.0.redhat-621084.

  • IBM MQ: Added Pub Sub Status page.

  • Messaging: Revamped messaging service along with improved UI.

Fixed Issues:

  • IC-2008 Application edit is not reading application roles correctly from console installations before version 2.3.13.

  • IC-1995 Inhibit PUT/GET throws exception on Alias Q on MQ 7.5.

Release Notes for version 2.3.13

New Features:

  • Core: Simplified application creation UI.

  • New stand-alone distribution with Apache Karaf installation in a zip file.

  • Help: More info panel now shows config and logging locations.

  • Documentation is now visible from within the console.

Fixed Issues:

  • IC-1903 List page does not deselect item / hide detail panel after column sort

  • IC-2005 Cannot create user without name in registration allowed with no name required mode

  • IC-1963 ActiveMQ for tracing server on test server is showing unknown version

  • IC-1962 Add audit logging when ACI to role mapping is saved.

  • IC-1957 Bundle view doesn’t filter based on version number

Release Notes for version 2.3.12

New Features:

  • Full Administration Support for IBM MQ

  • Added Support for IBM MQ 6.0 and 7.0 series servers

  • Added Support for scaling IBM MQ environments to 10,000+ queues, channels and servers

Fixed Issues:

  • IC-1861 When LDAP is down, connection exceptions show in user/group link panels as internal error

  • IC-1748 Web framework infinitely tries to reload pages that have exceptions during constructor

  • IC-1718 Remove com.ibm import lines from Apache Karaf war bundle

  • IC-1688 Deployment tools shows servers as 'Offline' when online

  • IC-1495 MQ connection timeout does not seem to be working

  • IC-1158 MQ queue full error message does not bubble up nicely to UI during message send

Release Notes for version 2.3.11

New Features:

  • Added support for Camel tracing to HYTE Analytics

  • Added Deployment Tool to support deploying to Apache Karaf-based containers

  • Improved server connection testing to display more details for each feature

  • IC-786 Messaging: Improve navigation between Message Send and Message Browse

  • IC-1324 Documentation: Add section for Upgrade steps to documentation

  • IC-727 ActiveMQ: Merge Network Bridge page in with Network Connector to provide a single view of metrics

  • IC-1520 Settings: Reorganized application role navigation for building access control definitions

Fixed Issues

  • IC-1473 Application Edit screen allows creation of an ACI list with no name

  • IC-1509 Encryption: Exception with custom password

  • IC-1580 Encryption: Exception when trying to use encryption mode

  • IC-1423 ActiveMQ: Unable to select Queue Consumer

  • IC-1496 MQ: Channel status not showing up on channel list page

  • IC-1526 CXF: Non-impacting tear down exception during HYTE Console shutdown

  • IC-1454 Encryption: Tool will not work without JCE Unlimited extension installed

  • IC-1192 Settings: Null Pointer Exception (NPE) corner case with Application Edit

  • IC-1461 Server: JMX feature clears some JMX fields such as URL when switching between options

  • IC-1474 MQ: Channel Start/Stop not listed in Action drop-down

Release Notes for version 2.3.7

  • Fixed: Camel servers display as offline due to missing context attributes.

Release Notes for version 2.3.5

  • Fixed: Race condition during initial installation that could cause NullPointerException.

  • Fixed: Issue with client-side password encryption for saving servers, ldap, and email settings when JCE Unlimited Encryption Extension is not installed.

Release Notes for version 2.3.4

  • Karaf module added. The HYTE Console can now view and manage Karaf Bundles, Features, and Feature Repositories.

  • Added additional registration inspection features to the Registration Settings Panel. Administrators can now easily determine which servers or users are counting toward a registration limit.

  • Performance improved for security authorization checks. Pages and service operations execution time are significantly improved.

License Agreement

HYTE TECHNOLOGIES, INC - LICENSE AGREEMENT

THIS IS A LEGAL AGREEMENT BETWEEN YOU ACTING INDIVIDUALLY AND ON BEHALF OF YOUR COMPANY (COLLECTIVELY “LICENSEE”) AND HYTE TECHNOLOGIES, INC, A DELAWARE CORPORATION (“HYTE TECHNOLOGIES”). BY CLICKING “I ACCEPT” AT THE END OF THIS AGREEMENT OR BY INSTALLING, ACCESSING, OR USING ANY PART OF THIS SOFTWARE OR ANY RELATED SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, THAT YOU UNDERSTAND IT AND ITS TERMS AND CONDITIONS, AND THAT YOU AND YOUR COMPANY ARE BOUND LEGALLY BY IT AND ITS TERMS AND CONDITIONS.

IF YOU DO NOT AGREE WITH THIS AGREEMENT OR DO NOT HAVE THE AUTHORITY TO BIND YOUR COMPANY, YOU ARE NOT GRANTED PERMISSION TO INSTALL, ACCESS, OR OTHERWISE USE THIS SOFTWARE OR ACCESS ANY RELATED SERVICE. IN SUCH CASE, PLEASE CLICK “I REJECT” AND PROMPTLY RETURN AND/OR DELETE ANY MATERIALS RELATED TO THIS SOFTWARE THAT YOU HAVE RECEIVED OR THAT ARE IN YOUR POSSESSION.

Terms & Conditions

THIS LICENSE AGREEMENT (this “Agreement”) is by and between HYTE Technologies, Inc, a Delaware Corporation (“HYTE Technologies”), having a principal place of business at 3824 Cedar Springs Road, Suite 430, Dallas, TX 75219, and you and your company (collectively “Licensee”). HYTE Technologies and Licensee are each a “Party” and collectively, the “Parties”. The effective date (“Effective Date”) of this agreement shall be the earlier of the date on which Licensee clicks on “I Accept” at the end of this Agreement or installs, accesses, or uses any part of this software or any related service.

  1. HYTE Technologies is engaged in the business of, among other activities, providing business clients with technology and software services and other related services for integrated information technology solutions; and

  2. The parties desire to set forth the terms and conditions whereby HYTE Technologies will provide Licensee with software licenses, software support, and related documentation and materials.

NOW, THEREFORE, on and subject to the terms and conditions hereinafter set forth, the parties agree as follows:

SECTION 1. DEFINITIONS.

Capitalized terms used but not otherwise defined in this Agreement have the following meanings:

1.1 “Documentation” means the standard user and reference manuals for the Licensed Software provided by HYTE Technologies.

1.2 “License Period” means the license period for the Licensed Software that is coterminous with the period for the paid Support Services.

1.3 “Licensed Products” means the Licensed Software and Documentation licensed by Licensee.

1.4 “Licensed Software” means the unmodified, object-code version of the software products, which includes any Updates and Upgrades which HYTE Technologies may provide Licensee from time to time under this Agreement.  1.5 “Licensed Software Warranty Period” means the period of time beginning on the Effective Date of this Agreement and ending 90 days thereafter.

1.6 “Support Services” means Updates and Upgrades to the Licensed Software.

1.7 “Updates” means new versions of Licensed Software that contain bug fixes, error corrections and minor enhancements, but do not contain major enhancements or significant new functionality, as determined in HYTE Technologies’ reasonable discretion.

1.8 “Upgrades” means new releases of the Licensed Software that contain major enhancements or significant new functionality.

SECTION 2. SOFTWARE LICENSE.

2.1 License Grant. In consideration of payment of the Support Services fees set forth by HYTE Technologies in the applicable order documentation and subject to the terms and conditions of this Agreement, HYTE Technologies grants to Licensee a non-exclusive, non-transferable, non-assignable right to use the Licensed Software and the Documentation for the License Period, solely to serve Licensee’s internal business needs and for no other purpose.

2.1.1 Protection of Products. Licensee agrees to take all reasonable steps to protect the Licensed Products from unauthorized copying, possession, access or use. Upon Licensee’s becoming aware of any such unauthorized copying, possession, access or use, Licensee shall promptly notify HYTE Technologies and provide HYTE Technologies with complete details, assist HYTE Technologies in preventing the recurrence thereof, and cooperate with HYTE Technologies in any litigation or proceedings reasonably necessary to protect the rights of HYTE Technologies.

2.1.2 Copies and Adaptations. Licensee may make two copies of the Licensed Software only for archival and internal testing purposes. Licensee may make a reasonable number of copies of the Documentation solely for its own internal business purposes to support Licensee’s use of the Licensed Software. All titles, trademark, copyright and other proprietary rights and restriction notices must be reproduced and included on all such copies. No other uses are granted hereunder.

2.2 Ownership. THE LICENSED SOFTWARE IS LICENSED AND NOT SOLD. HYTE Technologies and its licensors retain sole ownership of, and title to, the Licensed Products (including any corrections, updates, adaptations, enhancements, modifications, derivative works and copies) and Support Services and all copyrights, trade secrets, patents, trademarks, derivative works and any other intellectual and industrial property and proprietary rights related thereto. Licensee does not acquire any rights, express or implied, other than those specified in this Agreement. Copies of Licensed Products are provided to Licensee only to allow Licensee to exercise Licensee’s right under the license granted herein to use the Licensed Products during the License Period. All intellectual property derived from the development of any application is the property of HYTE Technologies. Licensee shall secure and protect the Licensed Products in a manner consistent with maintaining HYTE Technologies’ rights therein. Violation of HYTE Technologies’ intellectual property rights is the basis for immediate termination of this Agreement, which is in addition to and not in lieu of any other remedies available to HYTE Technologies at law or in equity. Licensee agrees that all inventions, improvements, derivative works, and modifications to the Licensed Software or any parts thereof, that are based, either in whole or in part, on Licensee’s ideas, feedback, suggestions, or recommended improvements will be and remain the sole and exclusive property of HYTE Technologies.

2.3 Restrictions. Except as expressly authorized in this Agreement, Licensee shall: (i) not rent, lease, sublicense, distribute, transfer, encumber, copy, reproduce, display, modify or timeshare the Licensed Products or any portion thereof; (ii) not prepare any derivative work based on the Licensed Products; (iii) not remove the patent, copyright, trademark, trade secret or other proprietary protection legends or notices that appear on or in the Licensed Products; (iv) not distribute, sell or otherwise transfer, in whole or in part, the Licensed Products; (v) not allow any third parties to access or use the Licensed Products; (vi) not demonstrate or disclose the Licensed Products or the results of any testing or bench- marking of same to any third parties without HYTE Technologies’ prior written consent; and (vii) except where such restriction is prohibited by applicable law, not reverse engineer, de-compile, modify in any way, or create derivative works from the Licensed Products or any portions thereof. Licensee agrees that all inventions, improvements, derivative works, and modifications to the Licensed Software or any parts thereof made by HYTE Technologies that are based, either in whole or in part, on Licensee’s ideas, feedback, suggestions, or recommended improvements will be and remain the sole and exclusive property of HYTE Technologies. Third party software included as part of Licensed Software may only be used in conjunction with Licensed Software.

2.4 Open Source Software. The Licensed Software may come bundled or distributed with open source software which is subject to the terms and conditions of a specific open source license. THIS OPEN SOURCE SOFTWARE IS PROVIDED BY HYTE TECHNOLOGIES “AS IS” WITHOUT INDEMNITY OR ANY EXPRESS OR IMPLIED WARRANTY, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, AS IT RELATES TO ANY AND ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH OPEN SOURCE SOFTWARE, HYTE TECHNOLOGIES SHALL HAVE NO LIABLITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES.

SECTION 3. SUPPORT SERVICES FOR LICENSED SOFTWARE.

During the period specified by HYTE Technologies, and provided that Licensee has paid for the Support Services and is in compliance with the terms and conditions of this Agreement, HYTE Technologies will provide Licensee with Updates and Upgrades when HYTE Technologies makes such Updates and Upgrades first generally commercially available to its customer base.

SECTION 4. LIMITED WARRANTIES.

4.1 Licensed Software Warranty. During the Licensed Software Warranty Period and subject to Licensee’s payment of the Support Services fees set by HYTE Technologies, HYTE Technologies warrants that the Licensed Software will substantially conform in all material respects to the Documentation. HYTE Technologies further warrants that before it delivers the Licensed Software to Licensee, it has used generally available tools to protect the Licensed Software against any malicious codes, such as viruses, worms, or trojan horses.

4.2 Exclusive Remedies. Licensee shall promptly notify HYTE Technologies in writing of any claimed breach of a warranty contained in Section 4.1. HYTE Technologies is not obligated to correct any such breach if Licensee fails to promptly notify HYTE Technologies in writing within the applicable Licensed Software Warranty Period, which notice must provide a detailed description of the specific existence and nature of the alleged breach upon Licensee’s discovery thereof. Licensee’s sole and exclusive remedy and HYTE Technologies’ entire liability for any such breach of warranty is as follows:

4.2.1 Licensed Software. Provided a breach exists that is covered by the Licensed Software Warranty, HYTE Technologies shall as promptly as practicable, and in any event within 30 days after HYTE Technologies’ receipt of Licensee’s written notice of breach, (a) correct such breach; (b) provide Licensee with a plan reasonably acceptable to Licensee for correcting the breach at HYTE Technologies’ expense and in a reasonably timely fashion; or (c) if neither (a) nor (b) can be accomplished with reasonable commercial efforts from HYTE Technologies, then either HYTE Technologies or Licensee may terminate the license for the affected Licensed Software. If a license is terminated by either party under this subsection, Licensee shall de-install the applicable Licensed Software and return all copies of such Licensed Software and related Documentation to HYTE Technologies. If Licensee elects not to terminate the license for the affected portion of the Licensed Software, Licensee waives all rights for the applicable breach of the warranty set forth in Section 4.1. Upon return of the Licensed Software and related Documentation, then as Licensee’s sole remedy, HYTE Technologies agrees to refund any and all related Support Services fees paid to HYTE Technologies under this Agreement for the affected Licensed Software so returned.

4.3 Disclaimer of Warranty. EXCEPT AS SET FORTH IN THIS SECTION 4, NEITHER HYTE TECHNOLOGIES NOR ITS LICENSORS MAKE ANY WARRANTY, REPRESENTATION, CONDITION OR AGREEMENT WITH RESPECT TO THE LICENSED PRODUCTS. HYTE TECHNOLOGIES AND ITS LICENSORS EXPRESSLY DISCLAIM AND EXCLUDE TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE. FURTHER, HYTE Technologies MAKES NO WARRANTIES, AND IS NOT RESPONSIBLE FOR, ANY THIRD PARTY PRODUCTS AND ANY SERVICES NOT PROVIDED SOLEY BY HYTE TECHNOLOGIES, OR ANY DAMAGES, DEFECTS, OR MALFUNCTIONS OR FAILURES CAUSED BY ANY UNAUTHORIZED MODIFICATION OF THE LICENSED PRODUCTS, DELIVERABLES, OR SERVICES. SECTION

  1. TERM AND TERMINATION.

5.1 Term. Unless earlier terminated as provided herein, the term of this Agreement commences on the Effective Date and continues for 12 months after the Effective Date (the “Initial Term”). Thereafter, this Agreement will automatically renew for successive periods of 12 months each (each, a “Renewal Term” and together with the Initial Term, the “Term”) unless either party provides the other party with written notice of its intent not to renew this Agreement at least 60 days prior to the expiration of the then-current Term.

5.2 Termination; Effect of Termination. HYTE Technologies may terminate this Agreement immediately and without notice for any violation of HYTE Technologies’ intellectual property rights. Either party may terminate this Agreement for cause if the other party has materially breached this Agreement and has not corrected such breach within 30 days (or within five days for any failure to make a required payment) after its receipt of written notice specifying such breach from the non-breaching party. Upon termination for cause or upon expiration, Licensee shall immediately discontinue all use of the Licensed Products and return to HYTE Technologies or destroy all copies of same. Upon the request of HYTE Technologies, Licensee shall deliver a letter signed by a duly authorized officer of Licensee certifying compliance with the requirements set forth herein.

5.2 Survival. The provisions of Sections 2.2, 2.3, 7, 8, 9 and 11, all payment obligations that accrue prior to the expiration or termination hereof, and all others that by their sense and context are intended to survive the expiration or termination of this Agreement survive and continue in effect.

SECTION 6. INVOICING AND PAYMENT.

6.1 Support Services Fees. In consideration of the license granted in Section 2 and the Support Services, Licensee shall pay to HYTE Technologies Support Services fees for the Licensed Software in the amount of set by HYTE Technologies.

6.2 Taxes. All amounts payable pursuant to this Agreement are (i) exclusive of any sales or use taxes, value added tax (VAT), goods and services tax (GST), or any and all similar taxes or legally imposed fees, duties, or contributions based upon such amounts payable, all of which are the sole responsibility of Licensee and (ii) reflect the net cash payable to HYTE Technologies, net of any and all taxes, levies or withholdings of any nature. Income taxes may be withheld from such amounts payable only to the extent legally required under existing tax laws of Licensee’s legal country of domicile and after full consideration of applicable income tax treaty provisions, if any, by and between HYTE Technologies’ and Licensee’s respective legal countries of domicile. In the event such income taxes are withheld, Licensee shall forward such withheld tax to the appropriate tax authorities within the legally required timeframe and shall provide HYTE Technologies with an official receipt evidencing payment of the withheld tax to the proper tax authorities. Such receipt must be provided to HYTE Technologies within 10 days after payment by Licensee of the withheld tax to the tax authorities. If Licensee fails to timely provide HYTE Technologies with such receipt, Licensee shall pay to HYTE Technologies the full amount of taxes withheld for which such receipt was not provided in accordance with this paragraph. Licensee is not responsible for any taxes based upon the net income of HYTE Technologies or its employees.

6.3 Invoices. Licensee shall pay all amounts due under this Agreement upon receipt of each applicable invoice from HYTE Technologies. Any amounts that remain unpaid for 30 days after the date of the applicable invoice will bear interest from the invoice date until the date payment is received by HYTE Technologies at a rate that is the lesser of one and one-half percent (1.5%) per month or the highest rate permitted by applicable law. All payments made under this Agreement are nonrefundable, except as specifically provided to the contrary in this Agreement.

SECTION 7. INDEMNIFICATION BY LICENSEE.

7.1 Indemnity by Licensee. Licensee shall indemnify, defend and hold harmless HYTE Technologies against any third party claims that are based on: (i) Licensee’s use of the Licensed Products in violation of the restrictions in this Agreement; or (ii) Licensee’s violations of applicable state, local, national or other applicable laws, regulations or directives, provided that Licensee is given prompt written notice of such claim. HYTE Technologies shall reasonably cooperate in the defense of such claim, if requested by Licensee and at Licensee’s expense. Licensee has the sole authority to defend or settle the claim, provided such settlement does not involve any payment by HYTE Technologies or admission of wrongdoing by HYTE Technologies.

SECTION 8. CONFIDENTIALITY.

8.1 Definition. As used herein, “Confidential Information” means all confidential or proprietary information belonging to either party hereto and disclosed, made available to or learned by the other party during the Term of this Agreement, including, without limitation, technical, business, financial and marketing information, third party confidential information, the terms and conditions of this Agreement and, with respect to HYTE Technologies, the Licensed Products. Confidential Information does not include any information that (i) is or becomes generally available to the public through no improper action or inaction by the receiving party or any affiliate, agent, consultant or employee of the receiving party; (ii) was properly in the receiving party’s possession or properly known by it, without restriction, prior to receipt from the disclosing party; (iii) was rightfully disclosed to the receiving party by a third party without restriction; or (iv) is independently developed by the receiving party without access to, or use of, the disclosing party’s Confidential Information.  8.2 Confidentiality Obligation. Subject to the terms of this Agreement, each party shall (a) hold in strict confidence all Confidential Information of the other party, (b) use the Confidential Information solely to perform its obligations or exercise its rights under this Agreement, and (c) not transfer, display, convey or otherwise disclose or make available all or any part of such Confidential Information to any person or entity other than to its directors, officers, employees, consultants, auditors, and legal and financial advisors of such party (collectively, “Representatives”) who need to know such Confidential Information and who are under confidentiality obligations at least as restrictive as the terms of this Agreement. Each party is responsible for any breaches of this Agreement by its Representatives. Except as otherwise expressly provided in this Agreement, neither party shall use or disclose the Confidential Information of the other party without the prior written consent of the disclosing party. Each party shall use the same degree of care to protect the disclosing party’s Confidential Information as it uses to protect its own Confidential Information, but in no circumstances less than reasonable care.

8.3 Permitted Disclosures. The receiving party may disclose the Confidential Information of the other party in response to a valid court order, subpoena, civil investigative demand, law, rule, regulation (including, without limitation, any securities exchange regulation), or other governmental action, provided that (a) to the extent permitted by applicable law or regulation, the disclosing party is notified in writing prior to disclosure of the information, (b) the receiving party uses reasonable efforts to obtain a protective order or, in the absence of a protective order, to limit the disclosure of the Confidential Information and to obtain confidential treatment thereof, and (c) the receiving party has allowed the disclosing party to participate in the proceeding that requires the disclosure.

8.4 Remedies Upon Breach. Each party agrees that the other party may have no adequate remedy at law if there is a breach or threatened breach of this Section 8 and, accordingly, that either party is entitled (in addition to any legal or equitable remedies available to such party) to seek injunctive or other equitable relief to prevent or remedy such breach.

8.5 Ownership. As between the parties, the parties agree that the Confidential Information of the other party is, and will remain, the property of such other party. The receiving party obtains no right, title, interest, or license in or to any of the Confidential Information of the disclosing party except for the rights expressly set forth in this Agreement.

SECTION 9. LIMITATIONS OF LIABILITY.

9.1 EXCEPT FOR AMOUNTS PAYABLE BY LICENSEE UNDER THIS AGREEMENT, BREACHES OF SECTION 2 BY LICENSEE, LICENSEE’S INDEMNITY OBLIGATIONS UNDER SECTION 7, OR BREACHES OF SECTION 8 BY EITHER PARTY, THE CUMULATIVE, AGGREGATE LIABILITY OF EITHER PARTY FOR ALL CLAIMS RELATED TO THE LICENSED PRODUCTS, THE SUPPORT SERVICES, AND THIS AGREEMENT WILL NOT IN ANY EVENT EXCEED THE TOTAL AMOUNT OF ALL FEES PAID OR PAYABLE TO HYTE TECHNOLOGIES UNDER THIS AGREEMENT FOR THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE LIABILITY CLAIM. EXCEPT FOR BREACHES OF SECTION 2 BY LICENSEE, LICENSEE’S INDEMNITY OBLIGATIONS UNDER SECTION 7, OR BREACHES OF SECTION 8 BY EITHER PARTY, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR PUNITIVE DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE LICENSED PRODUCTS OR THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOST REVENUE, LOSS OF USE, LOSS OF DATA, COSTS OF RECREATING DATA, THE COST OF ANY SUBSTITUTE EQUIPMENT, PROGRAM, OR DATA, OR CLAIMS BY ANY THIRD PARTY. LICENSEE’S SOLE AND EXCLUSIVE REMEDY IS SET FORTH IN THIS AGREEMENT. THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE OR EXTEND THESE LIMITS.

9.2 THE LIMITATIONS OF LIABILITY SET FORTH IN THIS AGREEMENT ARE FUNDAMENTAL ELEMENTS OF THIS CONTRACT, NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. THIS PARTIES ACKNOWLEDGE AND AGREE THAT THEY WOULD BE UNABLE TO PROVIDE THE LICENSED PRODUCTS OR PERFORM HEREUNDER ON A COMMERCIALLY REASONABLE BASIS WITHOUT SUCH LIMITATIONS. IN JURISDICTIONS THAT PROHIBIT THE EXCLUSION OF LIABILITY OR THE LIMITATION OF IMPLIED WARRANTIES, THE LIMITATIONS AND EXCLUSIONS IN THIS SECTION 9 MAY BE LIMITED IN THEIR APPLICATION TO LICENSEE AND, DEPENDING ON LOCAL LAW, LICENSEE MAY HAVE OTHER SPECIFIC LEGAL RIGHTS.

SECTION 10. FREE TRIAL

10.1 If Licensee registered on HYTE Technologies’ website for a free trial, HYTE Technologies will make the Licensed Software and Documentation available to Licensee on a trial basis free of charge for the first 30 days after the Effective Date of this Agreement. Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

10.2 LICENSEE ACKNOWLEDGES THAT ANY FREE TRIAL VERSION OF THE LICENSED SOFTWARE INCLUDES A DISABLING MECHANISM THAT WILL TERMINATE LICENSEE’S USE OF LICENSED SOFTWARE AT THE END OF THE TRIAL PERIOD UNLESS LICENSEE HAS PURCHASED A LICENSE FOR THE LICENSED SOFTWARE AND SUPPORT SERVICES. ANY DATA LICENSEE ENTER INTO THE LICENSED SOFTWARE, AND ANY CUSTOMIZATIONS MADE TO THE LICENSED SOFTWARE BY OR FOR LICENSEE DURING THE FREE TRIAL, WILL BE PERMANENTLY LOST UNLESS LICENSEE PURCHASES PAID SUPPORT SERVICES OR EXPORTS SUCH DATA, BEFORE THE END OF THE FREE TRIAL PERIOD. NOTWITHSTANDING SECTION 4 (LIMITED WARRANTIES), DURING THE FREE TRIAL THE LICENSED SOFTWARE AND DOCUMENTATION IS PROVIDED “AS-IS” WITHOUT ANY WARRANTY.

SECTION 11. GENERAL PROVISIONS.

11.1 Governing Law This Agreement and the rights and obligations of the parties with respect to their relationship under this Agreement are governed by and must be construed and enforced in accordance with the laws of the State of Texas without reference to its conflicts of law principles, and all claims relating to or arising out of this Agreement, or the breach thereof, whether based in contract, tort or otherwise, must be governed by, construed and enforced in accordance with the laws of the State of Texas, excluding its conflicts of law principles. The parties hereby consent and submit to the exclusive jurisdiction of the federal and state courts sitting in Williamson County, Texas, for the resolution of any claims or disputes arising out of or related to this Agreement.

11.2 Specific Performance; Cumulative Remedies. Each party acknowledges that a breach of this Agreement cannot be adequately compensated for by money damages, and agrees that specific performance is an appropriate remedy for any breach or threatened breach hereof. Each party further acknowledges that any unauthorized use or disclosure to any third party in breach of this Agreement will result in irreparable and continuing damage to the other party. Accordingly, each party hereby: (i) consents to the issuance of any injunctive relief or the enforcement of other equitable remedies against it at the suit of the other party (without bond or other security), to compel performance of any of the terms of this Agreement; and (ii) waives any defenses thereto, including without limitation the defenses of failure of consideration, breach of any other provision of this Agreement, and availability of relief in damages. All remedies, whether under this Agreement, provided by law, or otherwise, are cumulative and not alternative.

11.3 Attorneys’ Fees. The prevailing party in any action or proceeding to enforce this Agreement, including any efforts to collect amounts due under this Agreement by engagement of any attorney, collection agency or otherwise, is entitled to recover from the other party, in addition its damages, its costs and attorneys’ fees.

11.4 Entire Agreement. This Agreement (including any attached exhibits and schedules which are incorporated herein by this reference) and any other documents expressly contemplated hereby constitute the entire agreement between the parties with respect to the subject matter hereof. This Agreement supersedes all prior and contemporaneous written or oral agreements, communications, and understandings between the parties with respect to the subject matter hereof. This Agreement is executed in English and no translation of this Agreement has any effect on the interpretation hereof. In the event of any conflict or inconsistency between this Agreement and any attachment, then this Agreement controls and governs over such attachment.

11.5 Attachments/Exhibits. All attachments and exhibits to this Agreement are incorporated by reference as if fully set forth herein.

11.6 Amendment. This Agreement may not be amended, modified or supplemented orally. This Agreement may only be amended, modified, or supplemented by an instrument in writing specifically mentioning this Agreement and signed by both parties.

11.7 Waiver. No waiver of any provision of this Agreement is effective unless in writing and signed by the party against whom such waiver is sought to be enforced. No failure or delay by either party in exercising any right, power, or remedy under this Agreement operates as a waiver of any such right, power, or remedy. The express waiver of any right or default hereunder is effective only in the instance given and does not operate as or imply a waiver of any similar right or default on any subsequent occasion.

11.8 Severability. If any provision in this Agreement is invalid or unenforceable, that provision will be construed, limited, modified or, if necessary, severed to the extent necessary to eliminate its invalidity or unenforceability, and the other provisions of this Agreement will remain in full force and effect.

11.9 Assignment. This Agreement is binding upon and inures to the benefit of the parties hereto and their respective successors and permitted assigns. Licensee shall not transfer or assign (by operation of law or otherwise) this Agreement or any of its rights or obligations under this Agreement or delegate any of its duties under this Agreement without the prior written consent of HYTE Technologies, which consent will not be unreasonably withheld. Any attempted assignment in violation of this Section 11.9 is null and void and of no force or effect.

11.10 Export. Licensee hereby agrees not to knowingly, directly or indirectly, export or transmit any of the Licensed Products to any country to which such transmission is restricted by applicable regulations or statutes, without the prior written consent, if required, of the Office of Export Administration of the U.S Department of Commerce, Washington D.C. 20230.

11.11 Notice of U.S. Government Restricted Rights. The Licensed Software and Documentation provided under this Agreement are “commercial items” as that term is defined at 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation,” as these terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end-users acquire the Licensed Software and documentation with only those rights set forth herein. Owner and licensor is HYTE Technologies, Inc, 3824 Cedar Springs Road, Suite 430, Dallas, TX 75219.

11.12 Force Majeure. If by reason of labor disputes, strikes, lockouts, riots, war, inability to obtain labor or materials, earthquake, fire or other action of the elements, accidents, governmental restrictions, appropriation or other causes beyond the control of a party hereto, either party is unable to perform in whole or in part its obligations as set forth in this Agreement, excluding any obligations to make payments hereunder, then such party will be relieved of those obligations to the extent it is so unable to perform and such inability to perform will not make such party liable to the other party. Neither party will be liable for any losses, injury, delay or damages suffered or incurred by the other party due to the above causes.

11.13 Notices. Any notice, demand or other communication required or permitted to be given under this Agreement must be in writing, properly addressed to the party to receive notice at the address or addresses for notice as either party may hereafter designate in writing to the other party given in the manner required herein, and will be deemed given and received: (i) upon receipt if delivered personally or by facsimile with confirmed receipt, (ii) on the next business day after delivery to a nationally recognized overnight courier service, and (iii) on the third business day after deposit with the United States Postal Service if sent by registered or certified mail, return receipt requested. Any notice to HYTE Technologies should be sent to HYTE Technologies, Inc, 3824 Cedar Springs Road, Suite 430, Dallas TX 75219, Attention: Founding Partner.

11.14 Audit Rights. Licensee shall keep adequate books and records to demonstrate its compliance with this Agreement. At any time during the term of this Agreement and for a period of three years thereafter, HYTE Technologies or its duly authorized agent, with reasonable prior notice to Licensee, may review the books and records related to verifying Licensee’s compliance with its obligations under this Agreement, including, but not limited to, Licensee’s obligations related to payments and confidentiality. Licensee shall reasonably cooperate with HYTE Technologies in such effort and shall promptly provide the books and records required for such review, together with access to the relevant personnel of Licensee that HYTE Technologies may need to discuss such books and records. Additionally, Licensee agrees to allow HYTE Technologies to electronically access the Licensed Products as installed at Licensee’s location(s) to verify Licensee’s compliance with this Agreement.