TCP
TCP
The TCP Transport is based on the WCF NetTcp binding and is often used by the Parties hosted in Client Connectors and Service Connectors. It offers ordering, session reliability, batching and large message optimization as options. It is not a durable transport so message loss can occur if no subscribers are online when a message is published.
Parties communicate over TCP configured Topics by establishing a connection to a Service Port. Topics then communicate back to Parties through a Client Port. The Service Port and range of Client Ports to be used for all Party communication can be manually configured with additional TCP specific properties.
Using the TCP Transport has the following system requirements:
- No additional requirements
Transactional considerations:
- TCP Transport does not support transactions
Firewall considerations:
- Ports must be open for the Client Port Range and the Service Port configured in the TCP Transport Property Page
Security
The TCP Transport provides an extra level of security represented by the Secure property. If Secure is set to True, Windows Message level security will be applied to all communication flowing over the Topic. This is a highly secure form of communication that uses Windows credentials to encrypt and sign each individual message that is published to a Topic.
Configuration Constraints
- Kerberos must be properly configured in the Active Directory domain.
- Large Message Optimization must be set to False.
- Performance will be significantly impacted.
Running Neuron ESB Service using domain level account
- The account must be trusted for delegation.
- Publishers and Subscribers can successfully connect locally (on the same machine that the Neuron ESB service is running on) or from remote machines
- A UPN is used by the Publishers and Subscribers to connect to a secure Topic.
- The esbServiceIdentity attribute in the client configuration file MUST be set to use the UPN of the account that the Neuron ESB Service is running under. For example, if the Neuron ESB Service was running under the context of the “CORP\DomainUser” account, then the esbServiceIdentity attribute must be set as follows:
<?xmlversion="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="esbZone" value="Enterprise"/>
<add key="esbServiceAddress" value="net.tcp://localhost:50000/ESBBootstrapService/"/>
<add key="esbServiceIdentity" value="upn:CORP\DomainUser"/>
</appSettings>
</configuration>
Running Neuron ESB Service using Local System account
- The HOST SPNs must be properly set. If necessary use setSPN to either reset the HOST SPNs or add a new one (https://technet.microsoft.com/en-us/library/cc773257(WS.10).aspx ).
- Publishers and Subscribers can ONLY connect locally (on the same machine that the Neuron ESB service is running on). Remote connections are not supported.
- A SPN is used by the Publishers and Subscribers to connect to a secure Topic.
- The esbServiceIdentity attribute in the client configuration file does not need to be set. A Publisher and Subscriber will use the following default SPN to connect to the Topic
Spn:host/machinename
Where machinename is the name of the local server that the Neuron ESB Party is hosted on. the esbServiceIdenity attribute can be overridden by setting its value in the client configuration file. For example, if the Neuron ESB Service was running under the context of the “Local System” account and the local machine name was “Machine1”, then the esbServiceIdentity attribute can be set as follows:<?xmlversion="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="esbZone" value="Enterprise"/>
<add key="esbServiceAddress" value="net.tcp://localhost:50000/ESBBootstrapService/"/>
<add key="esbServiceIdentity" value="spn:host/Machine1"/>
</appSettings>
</configuration>
All configurable properties for the TCP Transport are located on the Transport Property page of the Details Pane.
TCP Transport Property Table
| Property Name | Required | Description |
| Allow Output Batching | Yes | Default is False. Uses WCF output batching. If configuring a Topic for request/response traffic, this should be set to False to reduce latency. |
| Client Base Port | Yes | Defaults to 61007. This is the beginning port for the port range that the Neuron ESB Service uses to communicate with connected Parties. |
| Client Port Range | Yes | Defaults to 1000. This is the range of client ports, starting from the Client Base Port, that can are assigned to connected Parties by the Neuron ESB Service. Each Party is assigned one client port dynamically. This port is used by the Neuron ESB publishing service to communicate to the Party. |
| Large Message Optimization | Yes | Default is False. If True, enables streaming on the internal NetTcp binding. |
| Ordered | Yes | Default is False. Provides Ordered delivery of messages when used with Reliable property. Must be set to False if Secure is set to True |
| Reliable | Yes | Default is False. Provides WCF Reliable Sessions |
| Secure | Yes | Default is False. Provides Message level encryption and signing using Windows security. This requires Kerberos to be setup appropriately for Neuron ESB Service in the environment. |
| Service Port | Yes | Default is 500XX. This is the port that Parties use to communicate with the Neuron ESB publishing service. This must be unique for each Topic. When a new Topic is created, the port selected will fall within the range specified by the TCP Service property, located on the Ports tab of the Zone’s Detail Pane. |