Upgrading a ThingWorx eMessage Connector to Version 2.1.0
This topic explains how to upgrade a ThingWorx eMessage Connector from version 2.0.x to version 2.1.0 when using the Connector in a ThingWorx Single-Server Environment and when using it in a ThingWorx High Availability Clustering environment. Before you begin, read the section,
Best Practices for
Upgrading.
Best Practices for Upgrading
For best security practices and because Java 8 is moving to End of Life in December 2020, you should first upgrade to Oracle JDK 11 or Amazon Corretto Java 11 (Open JDK) on the machine that will run the eMessage Connector.
Before you begin the upgrade, here are some best practices to follow:
• Before you upgrade the ThingWorx Platform, export any entities you want to preserve.
• Upgrade your ThingWorx Platform computer to Java 11 and then upgrade your ThingWorx Platform to v.9.1.0 before you begin the upgrade for the Axeda Compatibility Package. You will import the extensions provided in the Axeda Compatibility Package into the upgraded platform instance.
• Similarly, upgrade the computer that will run the eMessaage Connector v.2.1.0 to use Java 11.
• After upgrading to Java 11, make sure that you set the JAVA_HOME environment variable to point to the Java 11 JDK.
• Copy any site-specific configuration values from the existing installation configuration to the new installation configuration file. Do not just copy the existing emessage-ha-sample.conf file to the new installation.
• When the upgrade is complete, import the exported entities into the new ThingWorx Platform v.9.1.0. You must re-run the permissions services, as explained in
Setting Up Permissions and Visibility for the eMessage Connector. The required permissions are not automatically re-applied when importing the entities because the entities are installed as new entities, not as upgraded entities.
Steps Overview
Upgrading to version 2.1.0 of the Axeda Compatibility Package differs from previous upgrade procedures, as follows:
1. Before upgrading ThingWorx Platform, export any entities that you have created using the entities in the Axeda Compatibility Extension (ACE) or Remote Access Extension (RAE).
2. After exporting your entities, shut down the ThingWorx Platform instances, and upgrade them to run Oracle JDK 11 or Amazon Corretto Java 11 (Open JDK).
3. Upgrade your ThingWorx Platform instances to version 9.1.x. For instructions on upgrading ThingWorx Platform, refer to the instructions for upgrading in the
ThingWorx Platform 9 Help Center.
6. Upgrade the machine running the eMessage Connector to run Java 11, either Oracle JDK 11 or Amazon Corretto 11 (OpenJDK).
8. From ThingWorx Composer, you must run the permissions services for the eMessage Connector, as explained in
Setting Up Permissions and Visibility for the eMessage Connector. The services provided in v.2.1.0 have changed in this release and the eMessage Connector will not work as expected if you do not run the updated permissions services.
Downloading the Distribution Bundle
To download the distribution bundle for your operating system, follow these steps:
2. Select the Product Family, THINGWORX CONNECTION SERVICES.
3. On the download page for the ThingWorx Connection Services Product Family, the releases are numbered by the related release of ThingWorx Platform. To upgrade, expand the Release 9.1 node.
4. Expand the node, ThingWorx Axeda Compatibility Package, and then the node, Most Recent Datecode.
5. Click HTTPS to download the distribution bundle.
6. Extract the downloaded file to an appropriate location.
Upgrading the Extensions
All of the extensions in the ThingWorx Axeda Compatibility Package have been upgraded to be compatible with Java 11. This includes the Axeda Compatibility Extension (ACE), Connection Services Extension (CSE), Remote Access Extension (RAE), ThingWorx Utilities Core Extension, and ThingWorx Utilities Software Content Management (SCM) Extension.
To upgrade the extensions provided in the Axeda Compatibility Package, v.2.1.0, involves these steps:
|
When installing ACE, the following error will appear: If you click the more link to see the ApplicationLog, the following additional information appears: You can ignore the error and install the rest of the extensions: • thingworx_utilities_core-9.1.0-78.zip • thingworx_utilities_scm-9.1.0-78.zip |
2. Restart the ThingWorx Platform.
3. Import your entities back into the platform.
4. After the upgrade is complete, you must
run the permissions services provided in the eMessageServices Thing. Running these scripts is required to grant runtime permissions to new services provided in this release. For example, the
GetThingNameAndIdentifierByModelAndSerial services was updated to call the
QueryImplementingThingsWithData service. The eMessage Connector does not have Execute permissions on this service until the upgraded permissions services are run.
Upgrading from v.2.0.x to 2.1.0 in a ThingWorx Single-Server Environment
These are the instructions for upgrading the ThingWorx eMessage Connector from v.2.0.x to v.2.1.0 when the eMessage Connector connects to a ThingWorx Platform single-server environment.
|
Make sure you set the JAVA_HOME environment variable to point to the new JDK installation.
|
2. Navigate to the <emessage_connector_install>/conf directory of the new installation, and make a backup copy of the emessage-ha-sample.conf configuration file. Then open the emessage-ha-sample.conf file in a text editor.
3. If the currently installed eMessage Connector is using an encrypted configuration file and you want to copy settings from it into the new configuration file, decrypt the existing configuration file, following the decrypting instruction in
Step 5 of the procedure in Encrypting the Configuration File.
4. To copy settings from the decrypted configuration file, open it in a text editor.
5. If TLS is used for connections between the eMessage Agent devices and the eMessage Connector, convert the JKS keystore to a PKCS#12 keystore, following the instructions in
Converting JKS Keystores to PKCS Keystores.
|
If you must continue using a JKS keystore, set the cx-server.protocol.ssl.key-store.type property to jks in the configuration file and skip the rest of this step. Using a JKS keystore is discouraged because it is less secure format than PKCS#12.
|
6. In the new configuration file, update the cx-server.protocol.ssl.key-store.file property in the configuration file to point to the PKCS#12 keystore.
7. If the password has changed, update the cx-server.protocol.ssl.key-store.password property in the configuration file.
8. Copy any site-specific settings from your existing emessage-ha-sample.conf file. If you have been using the file transfer capabilities, you must specify the location for file downloads. The following table lists additional settings that you may want to migrate and the help topic that explains them:
Settings
|
Help Topic
|
Location for file downloads REQUIRED
|
|
Location for file uploads REQUIRED
|
|
Any additional configuration for file transfers
|
|
Property settings for Remote Access
|
|
Property settings for metrics reporting
|
|
9. Save the configuration file.
14. Assuming that the Axeda Compatibility Extension (ACE) v.4.2.2 has been imported, log in to ThingWorx Composer on the ThingWorx Platform instance where you imported the extension. You need to verify the
TokenPropertyAuthenticator settings on the platform. For instructions, refer to
Configuring the TokenPropertyAuthenticator (eMessage Connector). For additional information, refer to
15. If you have not already, shut down the v.2.0.x eMessage Connector.
17. Verify that the eMessage Connector successfully connected to ThingWorx by confirming it appears in the ThingWorx Composer list of Connection Servers. In ThingWorx Composer, click the
icon (Monitoring menu) and then select
Connection Servers to display the page.
18. After the upgrade is complete, you must run the permissions and visibility scripts for the Connector. Refer to
Setting Up Permissions and Visibility for the eMessage Connector. Running these scripts is required to grant runtime permissions to new services provided in this release and to re-apply permissions not preserved upon export/import for an upgrade.
Upgrading from 2.0.x to 2.1.0 in a ThingWorx High Availability Clustering Environment
These instructions explain how to upgrade the eMessage Connector from version 2.0.x in a ThingWorx single-server environment to version 2.1.0 in a ThingWorx High Availability Clustering environment.
| Make sure you set the JAVA_HOME environment variable to point to the new JDK installation. |
2. Navigate to the conf subdirectory of the new eMessage Connector installation, and make a copy of the emessage-ha-sample.conf file and rename it to emessage-ha-sample.conf. Then open it in a text editor.
3. If the currently installed eMessage Connector is using an encrypted configuration file, decrypt it following the decrypting instruction in
Encrypting the Configuration
File, and open the decrypted file in a text editor. You can use it to copy settings into the new configuration file.
4. If TLS is used for HTTP connections between the Axeda Agent devices and the eMessage Connector, convert the JKS keystore to a PKCS#12 keystore, following the instructions in
Converting JKS Keystores to PKCS Keystores.
| If you must continue using a JKS keystore, set the cx-server.protocol.ssl.key-store.type property to jks in the configuration file and skip the rest of this step. Using a JKS keystore is discouraged because it is less secure format than PKCS#12. |
5. In the new configuration file, update the cx-server.protocol.ssl.key-store.file property in the configuration file to point to the PKCS#12 keystore.
6. If the password has changed, update the cx-server.protocol.ssl.key-store.password property in the configuration file.
7. Set the following properties to enable service discovery:
cx-server {
. . .
platform.transport = "websockets_active_active"
transport.websockets.service-discovery.enabled = true
. . .
}
8. Add the hosts and ports of the ZooKeeper instances to which the eMessage Connector should connect as a comma-separated list of {host}:{port}, as shown in the following example:
cx-server {
discovery {
connectionString = "zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181"
}
}
9. If ZooKeeper is configured to use SSL/TLS, enable the eMessage Connector to connect to ZooKeeper securely by following the instructions in the section, "Configuring the Connection Server," in the topic,
Configuring SSL/TLS for ZooKeeper in the ThingWorx Platform 9 Help Center. The instructions for the ThingWorx Connection Server apply to the eMessage Connector.
10. If Zookeeper is configured to use Simple Authentication and Security Layer (SASL), enable the SASL support in the eMessage Connector by uncommenting and setting the following properties:
cx-server {
. . .
#transport.websockets.discovery {
# sasl-enabled = true
# sasl-krb5-conf-file = /path/to/kerberos-conf
# sasl-jaas-file = /path/to/jaas-conf
#}
}
11. The eMessage Connector needs to be configured with the service name used to look up the ThingWorx Platform instances in ZooKeeper and to determine whether to connect securely to the registered ThingWorx Platform instances.
◦ To connect securely with SSL/TLS to the ThingWorx Platform instances, uncomment and set the following properties:
cx-server {
#transport.websockets.service-discovery.tls-enabled = true
#transport.websockets.service-discovery.service-name = "thingworx-https"
}
◦ To connect without SSL/TLS to the ThingWorx Platform instances, uncomment and set the following properties:
cx-server {
# transport.websockets.service-discovery.tls-enabled = false
# transport.websockets.service-discovery.service-name = "thingworx-http"
}
| By default the ThingWorx Platform uses the thingworx-http service name when registering its HTTP endpoint information in ZooKeeper and the thingworx-https service name when registering its HTTPS endpoint information. If the ThingWorx Platform is configured to use different service names, be sure to use the correct service name for the eMessage Connector service-discovery.service-name value. |
| For best security practices, always use SSL/TLS to connect securely to the ThingWorx Platform instances. |
If SSL/TLS is used to connect securely to the ThingWorx Platform instances and the SSL/TLS certificates presented by the ThingWorx Platform instances do not contain the instance’s IP address that is registered in ZooKeeper, you must disable host name verification by uncommenting and setting the following property to false, as shown here:
cx-server {
. . .
transport.websockets.connections.verifyHostName = false
. . .
}
| The IP address of a ThingWorx Platform instance can be set in the instance’s SSL/TLS certificate either in Subject Common Name (CN) field or in the Subject Alternative Name field. The IP address that the ThingWorx Platform registers in ZooKeeper is either the first site-local IP address, if found, or the first non-loopback IP address found on the available network interfaces. |
13. Copy any site-specific settings from your existing emessage-ha-sample.conf file. If you have been using the file transfer capabilities, you must specify the location for file downloads and file uploads. The following table lists additional settings that you may want to migrate and the help topic that explains them:
Settings | Help Topic |
---|
Location for file downloads | |
Location for file uploads | |
Any additional configuration for file transfers | |
Property settings for Remote Access | |
Property settings for metrics reporting | |
14. After setting the properties, save and close the configuration file.
16. If a new configuration file was created, be sure to update the environment variables to point to the new configuration file location. For assistance with this step, refer to .
18. If you have not already, shut down the v.2.0.x eMessage Connector.
20. When you are upgrading the Axeda Compatibility Extension (ACE), an error will appear. You can ignore it and continue to upgrading the Utilities Core and SCM extensions. However, make sure that after upgrading the extensions you
run the permissions services provided in the eMessageServices Thing. Running these scripts is required to grant runtime permissions to new services provided in this release. For example, the
GetThingNameAndIdentifierByModelAndSerial services was updated to call the
QueryImplementingThingsWithData service. The eMessage Connector does not have Execute permissions on this service until the upgraded permissions services are run.
21. Assuming that the Axeda Compatibility Extension (ACE) v.4.2.2 has been imported and that you have run the permissions scripts for the eMessage Connector, log in to ThingWorx Composer on the ThingWorx Platform instance where you upgraded the extensions. You need to verify the
TokenPropertyAuthenticator settings on the platform. For instructions, refer to
Configuring the TokenPropertyAuthenticator (eMessage Connector).
23. Verify that the eMessage Connector successfully connected to ThingWorx by confirming it appears in the ThingWorx Composer list of Connection Servers. In ThingWorx Composer, click the
icon (Monitoring menu) and then select
Connection Servers to display the page.
24. After the upgrade is complete, you must run the permissions and visibility scripts for the Connector. Refer to
Setting Up Permissions and Visibility for the eMessage Connector. Running these scripts is required to grant runtime permissions to new services provided in this release and to re-apply permissions not preserved upon export/import for an upgrade.