Skip to content

User Guide

Overview

InfoConnect Hub is a no-code smart IBM i integration solution. The functionality includes API-enabling IBM i business logic, replicating IBM i data in real time, and automating user actions on the green screen. The product can be deployed natively on any Java enabled infrastructure, including on-prem and cloud environments as well as directly on IBM i, either as a stand-alone component or in combination with other Infoview products (such as InfoCDC change data capture solution) and other integration services (API manager, messaging or event streaming platforms etc.) to fit customers' specific infrastructure and functional requirements.

IBM i Prerequisites

  • IBM i OS version:V5R4 and higher
  • The Hub must be able to reach the IBM i servers on ports 446, 449, 8470, 8472,8473,8475 and 8476 for non-SSL communications, and ports 448, 449, 9470, 9472, 9473, 9475 and 9476 accessible for SSL communications.
  • IBM i must have *CENTRAL, *DTAQ, *RMTCMD, *SIGNON and *SRVMAP host servers running in the QSYSWRK subsystem
  • If secure TLS connection is used, the TLS certificate must be applied to Central, Data Queue, Remote Command, File, Signon, and DDM / DRDA services in Digital Certificate Manager
  • IBM i user ID must be authorized to perform the operations on the intended IBM i objects
  • If there is an additional security software that locks down the remote execution functionality, the IBM i user ID defined for connector configuration must be allowed to execute remote calls and access database, IFS and DDM services

Hub Infrastructure Prerequisites

  • Java 17 or higher
  • Moderately sized physical / virtualized / container based environment - the exact server sizing depends on the usage and transaction volumes

Quick Start Guide

  1. Contact Infoview to get the Hub distribution package and a trial license, or launch the Hub from the participating marketplaces such as AWS Marketplace or Azure Marketplace
  2. Download the Hub archive on any Java supported on-prem or cloud infrastructure, including IBM i, and extract into intended product home directory
  3. If necessary, review and adjust Hub startup properties in /info-connect-hub/config/application properties, including logging levels, the location of property database, HTTP listener port, and basic or token based authentication details.
  4. If necessary, update default encryption key in the infoConnectHub.ps1 script (Windows) or infoConnectHub.sh script (other platforms)
  5. Run the Hub using infoConnectHub.sh script for Linux / AIX / IBMi based platforms, or infoConnectHub.bat script for Windows.

Once the Hub instance is running, and security rule allows access to port 8080 of the newly launched instance, use Postman or CURL or any other REST API client to configure and test the IBM i operations, referencing the API documentation below.

Note that the stand-alone binary distribution version of the product will work without a valid license for the first 15 min after the instance startup then any config and API attempts will fail due to no license error. Please reach out to Infoview sales team at sales@infoviewsystems.com or call +1(734)293-2160. When launching the product from AWS Marketplace, Azure Marketplace, or other marketplaces supporting metered service subscription, there is no separate license required.

API Reference

Below is a link to Postman collection that includes step-by-step guide for setting up the connection and creating sample program call definitions and DQ Pollers. In order to use this collection, open Postman and import the collection from the URL below, then set the collection variables to include Hub host, port, IBMi endpoint and credentials, and other variables relevant to each use case.

Postman Collection

The default API authentication is a basic auth. Please use the hardening instructions below to change the defaults shortly after installation, configuration and evaluation of the product.

  1. Verify that the instance is running, using GET http://host:8080/admin/connections (or whatever port you have specified in the Hub configuration). You should receive an empty array of connections (as no connections have been configured yet).
  2. Check the output in the /log folder
  3. Use sample postman collection to walk through the steps of encrypting credentials, creating new connection, defining a program call, testing it, then defining InfoCDC data replication, and screen automation scenarios.

If at any point you get stuck, contact us at sales@infoviewsystems.com or submit your request online at Contact us, we will be happy to help!

Product Setup and Operations

Most of the InfoConnect Hub functionality can be configured via admin APIs, however there are several hardening configuration steps that must be performed directly on Hub instance. Once the InfoConnect Hub is configured, it will interact with external services and IBM i components via separate Functional API endpoints.

License Management

InfoConnect Hub, when provisioned as a stand-alone component, requires a valid license authorized to access specific IBM i servers. The product will work without any license for the first 15 minutes after the launch. Please contact to Infoview Systems Inc. When launching InfoConnect Hub from AWS Marketplace or other supported marketplaces, no separate license is required.

Contact us for connector pricing info, trial license, or support questions.

The product supports several internal or shared locations to place and maintain the license, including the local file system, AWS S3 bucket, HTTP/HTTPS, FTP, SMB, and Azure blob storage. The license location, necessary credentials and other attributes are defined as part of Connection configuration via Admin API. Please refer the API documentation for details. Below is a summary of protocol details required for referencing the license files

# Protocol Name Properties
1 S3 s3Bucket=path-to-bucket
s3Region=us-east-2
s3AccessKey=encrypted-access-key
s3SecretKey=encrypted-secret-key
2 HTTP/HTTPS httpUrl=http-URL
httpDirPath=license-file-path
httpUsername=username
httpPassword=encrypted-pwd
3 FTP ftpHost=ftp-host
ftpDirPath=path
ftpUsername=username
ftpPassword=encrypted-pwd
4 FILE/SMB filePath=path-to-license-file
5 AZURE STORAGE connectionString=encrypted-connection-string
bucketName=bucket-name

The Program Call and DQ Poller components support JSONata-based transformations for both input and output payloads. For detailed configuration instructions, see the API Reference.

Security Hardening

InfoConnect Hub by default is bundled with pre-defined credentials, HTTP listener, and no IBM i connection.

  • The default authentication for Admin APIs is Basic Auth with user ID = Admin and pwd = Password
  • The default authentication for Functional API is Basic Auth with user ID = User and pwd = Password@123

You also can change default authentication system to different OAuth providers using authentication server. Guide: Setting up OAuth authentication

As part of the product evaluation, likely the most basic security settings and non-secure IBM i connection are created. Below is a security hardening checklist to execute early in the trial / evaluation process:

  1. Configure HTTPS protocol for the API / HTTP listener
  2. Configure TLS IBM i connection
  3. Change the encryption key used to encrypt sensitive properties
  4. Encrypt all credentials and other sensitive API properties using Admin encryption API
  5. Change the default Admin and Functional API user ID and password
  6. Restrict access to APIs to specific allowed source IPs only
  7. Add rate limiting and other security policies to protect the functional APIs and

How to set up HTTPS

Create our own self-signed SSL certificate

First, we need to create our own self-signed SSL certificate. It is easy to generate the file with java keytool command.

After typing into the terminal command below, you will be asked a couple of questions. This will generate the ssl-server.jks keystore file containing our certificates in the directory from where keytool command has been executed.

keytool -genkey -alias selfsigned_localhost_sslserver -keyalg RSA -keysize 2048 -validity 700 -keypass changeit -storepass changeit -keystore ssl-server.jks

We can use command below to view what is inside this keystore.

keytool -list -keystore ssl-server.jks

Spring boot SSL Configuration

Secondly, we need to copy the generated keystore file into the [project-folder]/config folder. Next, we should add the below entries to the application.properties file. Note: [project-folder] is /opt/info-connect-hub for AWS Marketplace Hub instance

server.ssl.key-alias=selfsigned_localhost_sslserver
server.ssl.key-store-password=changeit
server.ssl.key-store=../config/ssl-server.jks
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS

If you want to use keystore password in encrypted form then paste encrypted value in ENC() like this:

server.ssl.key-store-password=ENC(encrypted-value)

At the end restart the Hub

How to change encryption key used to encrypt sensitive properties

Before changing the encryption key make sure that you don't have active connections/pollers/properties configured with the legacy key value that is no longer up-to-date

  1. If you run Hub distribution package using shell script, then no addition configuration required. Hub will ask you to set encryption key on start
  2. If you rub Hub distribution package using java command, you will need to set your encryption key in -Djasypt.encryptor.password property
  3. If you run Hub from AWS Marketplace, you will need to go into [project-folder]/executable-jars and edit -Djasypt.encryptor.password property in info_connect_hub-3.0.0.conf file and then restart the Hub (?) Note: [project-folder] is /opt/info-connect-hub for AWS Marketplace Hub instance

How to change the default user ID and password for admin and functional users

  1. To change the default user ID and password we should go to application.properties file which is located in [project-folder]/config directory.
  2. We need to find a section for Basic Authentication.
  3. If you want to change credentials, then use the User section for Functional operations, and the Admin section for Admin operations.
  4. If you want to change user ID then find userUsername or adminUsername field and change the value.
  5. If you want to use userPassword/adminPassword in encrypted format then follow these steps:
    • Firstly, we need to encrypt the password using Admin Encryption API POST http://host:8080/admin/encryption.
    • Secondly, we paste the password which is encrypted in ENC() in the userPassword/adminPassword field.
  6. Restart the Hub

Cluster Configuration

Cluster Configuration

Admin API definitions

The InfoConnect Hub comes with the following admin APIs that can be used to setup the product, either manually (via CURL / Postman / any other API client) or as part of CI / CD flow:

  1. Encryption API - allows encrypting sensitive data like passwords or other secrets
  2. Connections - manages IBM i connection definitions. It is possible to configure a single InfoConnect Hub instance to connect to multiple back-end systems, however in most scenarios dedicated 1 - 1 relationship would work best to ensure the proper segregation of access rules,
  3. Program Calls - manages program call definitions that will be surfaced for the consumers as REST APIs
  4. Data Queue Sources - always-on DQ listeners that are registered to receive new DQ messages immediately after they are placed into IBMi DQ and send to the following systems in real time:
    • Google (GCP Pub Sub)
    • JMS (ActiveMQ, ArtemisMQ, AmazonMQ)
    • Azure (ServiceBus, EventHub, EventGrid)
    • AWS (SQS, SNS)
    • JDBC
  5. Data Queue Sinks - always-on Messaging or Event platform listeners that and send new data to the IBMi Data Queues in real time:
  6. Google (GCP Pub Sub)
  7. JMS (ActiveMQ, ArtemisMQ, AmazonMQ)
  8. Azure (ServiceBus, EventHub)
  9. AWS (SQS)

Below is a link to the Admin API documentation

API Reference

Functional API definitions

The InfoConnect Hub comes with the following functional APIs out of the box:

  1. Execute Command Call API - does not require any admin / configuration
  2. Publish Data To Data Queue API or read Data Queue entry directly - does not require any admin / configuration
  3. Execute Program Call API - requires the program call configuration via Admin API (see above)
  4. Listen for new Data Queue entry with DQ Listener (requires the configuration via Admin API) and send to next systems:
  5. Google (GCP Pub Sub)
  6. JMS (ActiveMQ, ArtemisMQ, AmazonMQ)
  7. Azure (ServiceBus, EventHub, EventGrid)
  8. AWS (SQS, SNS)
  9. JDBC
  10. Execute Screen Automation script

Below is a link to the Admin API documentation

API Reference

Data Replication with InfoConnect Hub and InfoCDC

Hub Direct Database Replication Support

For use cases where messaging or event infrastructure is part of the data replication architecture, please refer to this example of how to set it up

InfoCDC and InfoConnect Hub Data Replication Guide