Configuring Client Profiles

Client profiles are associated with client username accounts so that an administrator can easily apply common configurations to groups of clients.

To create a client profile, enter the following command:

solace(configure)# create client-profile <name> message-vpn <vpn‑name>

To edit an existing client profile, enter the following command:

solace(configure)# client-profile <name> message-vpn <vpn-name>

Where:

<name> is the name of the client profile. A client profile name can contain up to 32 alphanumeric characters (case-sensitive). The “_” character is also permitted.

<vpn-name> is the name of an existing Message VPN that the client profile is in.

The no version of this command, no client-profile, deletes the specified client profile, and client username that were associated with this profile are associated with the profile named default. The profile named default cannot be deleted.

Deleting a client profile results in changing the profiles of potentially many client username accounts back to the profile named default. This can cause unforeseen disruptions to customer service. To list all the clients using a particular client profile, enter the show client-profile <name> detail User EXEC command for the given client profile.

In this section we'll show you the various configuration tasks that can be performed on a client profile. Note that the parameters that are configured are applied to the client username accounts that are assigned the client profile.

Allowing Bridge Connections

The Message VPN bridge feature allows for inter-connection between Message VPNs on Solace PubSub+ event brokers. By default, the Message VPN bridge feature is not available to clients—it must first be configured in the client’s profile on the event broker.

To permit clients using this client profile to use Message VPN bridging, enter the following command:

solace(configure/client-profile)# allow-bridge-connections

The no version of this command, no allow-bridge-connections, removes the permission to use Message VPN bridging from the client profile. Changing this permission during event broker operation does not affect existing sessions. It is only validated when client sessions are established.

Allowing Shared Subscriptions

Because allowing indiscriminate access to MQTT and SMF shared subscriptions is a potential security issue (where a client could join a shared subscription and siphon off a portion of the traffic), you can configure whether or not specific clients can use shared subscriptions. By default, clients are not permitted to use shared subscriptions.

To permit clients using this profile to use shared subscriptions, enter the following command:

solace(configure/client-profile)# allow-shared-subscriptions

The no version of this command, no allow-shared-subscriptions, removes the permission to use shared subscriptions from the client profile.

  • Allowing shared subscriptions is an all or nothing setting. This means that clients permitted to use shared subscriptions are allowed to subscribe to all shared subscriptions in the Message VPN. If you want to control access to specific shared subscriptions, you can use an ACL to configure a list of share names that are permitted (or denied) and then associate it with a client profile. For more information, see Configuring Share Name Subscribe Permissions.
  • Web messaging clients do not support shared subscriptions.

Allowing Client Connects to Replication Standby VPNs

To allow clients using the given client profile to connect to a Message VPN with a standby Replication state, enter the following commands for the client profile on the Message VPN that has an active Replication state:

solace(configure/client-profile)# replication
solace(configure/client-profile/replication)# allow-clients-when-standby

The no version of this command, no allow-clients-when-standby, disallows clients from connecting to the Message VPN when it has a standby Replication state. By default, clients are not allowed to connect a Message VPN with a standby Replication state.

Also, to allow clients to consume messages from an endpoint in a Message VPN with a standby Replication state, you must also disable the propagation of acknowledgments (ack-propagation) for all endpoints from which the client will consume messages. For queues, see Enabling / Disabling Propagating Consumer Acks to Replicated VPNs; for topic endpoints, see Enabling/Disabling Propagating Consumer Acks to Replicated VPNs).

  • When a Message VPN’s Replication state changes from active to standby, clients will not be disconnected if they are using a client profile that allows them to connect to a Message VPN with a standby Replication state. However, clients will be unbound from any endpoints that have the ack‑propagation feature enabled if the Replication state of Message VPN the endpoints are in changes to Replication standby. Also, when the Message VPN they are in changes to Replication standby, clients will be unbound from any endpoint if ack-propagation is enabled.
  • Clients connected to a Message VPN with a standby Replication state will get disconnected if the allow‑clients-when-standby option for client profile they are using is disabled.

Configuring Client Events Generation

To configure the conditions that cause client-related events to be generated for the given client profile, enter the following command:

solace(configure/client-profile)# event

The CLI moves to a level from which you can configure the set and clear thresholds at which client-related events are generated for clients using the given client profile. For information on how to set the high and low thresholds for generating the events, see Configuring Events and Thresholds.

Configuring Max Connections Per Username

For a given client profile you can configure the maximum permitted number of simultaneous client connections to the event broker that can be made using the same client username. This limit applies to client connections using any supported service type. That is, this limit applies to all client connections regardless of whether they use Solace Message Format (SMF), Web transport, REST, MQTT, and/or AMQP service.

To configure for the given client profile the maximum number of simultaneous client connections that can be made using the same client username account, enter the following command:

solace(configure/client-profile)# max-connections-per-client-username <value>

Where:

<value> is an integer value specifying the maximum number of simultaneous client connections that are permitted. Note that this value is not enforced, so it is possible for you to set a value that exceeds the maximum number of simultaneous connections supported by the type of event broker used. To view the supported limits for the event broker, enter the show service command.

The no version of this command, no max-connections-per-client-username, resets the maximum number of client connections back to the default value.

You can also specifically limit the simultaneous client connections to the event broker that can be made using the same client username account according to whether they are SMF or Web clients. For more information, see the max-connections-per-client-username property for Configuring Max SMF Connections and Configuring Max Web Transport Connections Per Username, respectively.

Configuring Max Permitted Subscriptions

When specifying the maximum number of subscriptions for a single client in the client profile, you should consider the total maximum number of permitted topic subscriptions and the total maximum number of client connections for the type of event broker that is used. That is, to ensure reliable system performance, you must find the right balance for your network, while staying within the system limits mentioned, between allowing the creation of many clients and allowing each client to add a large number of topic subscriptions.

To configure the maximum number of subscriptions permitted for a single client for the given client profile, enter the following command:

solace(configure/client-profile)# max-subscriptions <value>

Where:

<value> is an integer value specifying the maximum number of subscriptions. The valid range and default value depends on the type of event broker used.

The no version of this command, no max-subscriptions, resets the maximum number of subscriptions back to the default value.

Configuring Guaranteed Messaging Parameters

A Solace event broker provides a Guaranteed Messaging facility whereby the delivery of a message between two applications is guaranteed by the network even in cases where the receiving application is offline, or there is a failure of a piece of network equipment.

  • On Solace PuSub+ appliances, Guaranteed Messaging is not available by default for clients—it must be configured in the client profile applied to the client username that the client uses.
  • On Solace PubSub+ software event brokers, Guaranteed Messaging is enabled by default for clients.

Allowing Clients to Create Guaranteed Endpoints

To permit clients assigned to a client profile to create queues or topic endpoints, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# allow-guaranteed-endpoint-create

The no version of this command, no allow-guaranteed-endpoint-create, removes the permission to create queues or topic endpoints from the client profile. Changing this permission during event broker operation does not affect existing sessions. It is only validated at session establishment time.

On a Solace PubSub+ appliance, by default, a client profile does not permit clients to dynamically create endpoints. On a Solace PubSub+ software event broker, the default setting, on the default client profile for the default message VPN, is to permit clients to dynamically create endpoints.

Specifying the Allowed Durability for Created Endpoints

By default, if a client profile allows clients to create endpoints, they can create both durable and non-durable endpoints. For more information about endpoint durability, refer to Endpoint Durability.

To specify the durability of endpoints that clients assigned to a client profile can create, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# allow-guaranteed-endpoint-create-durability {all | durable | non-durable}

Where:

all specifies that a client associated with this client profile can create any type of endpoint. This is the default value.

durable specifies that a client associated with this client profile can create only durable endpoints.

non-durable specifies that a client associated with this client profile can create only non-durable endpoints.

The no version of this command no allow-guaranteed-endpoint-create-durability, returns this setting to the default value.

Changing this permission during event broker operation does not affect existing sessions. It is only validated at session establishment time.

Allowing Clients to Receive Guaranteed Messages

To permit clients assigned to a client profile to bind to topic endpoints or queues, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# allow-guaranteed-message-receive

The no version of this command, no allow-guaranteed-message-receive, removes the permission to receive Guaranteed messages from the client profile. Changing this permission during event broker operation does not affect existing sessions. It is only validated at session establishment time.

On a Solace PubSub+ appliance, by default, a client profile does not permit clients to bind to topic endpoints or queues and consume Guaranteed messages from those endpoints. On a Solace PubSub+ software event broker, the default setting, on the default client profile for the default message VPN, is to permit clients to bind to topic endpoints or queues and consume Guaranteed messages from those endpoints.

Allowing Clients to Send Guaranteed Messages

By default, client profiles do not permit clients to publish non-persistent or persistent messages (that is, Guaranteed messages).

To permit clients assigned to a client profile to send non-persistent or persistent messages, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# allow-guaranteed-message-send

The no version of this command, no allow-guaranteed-message-send, removes the permission to send Guaranteed messages from the client profile. Changing this permission during event broker operation does not affect existing sessions. It is only validated at session establishment time.

  • On PubSub+ appliances, client profiles by default do not permit publishing Guaranteed messages.
  • On PubSub+ software event brokers, the default setting on the default client profile for the default message VPN permits clients to publish Guaranteed messages.

For clients whose profiles allow guaranteed message sends, client connections count against the ingress flow threshold, and therefore may cause events such as SYSTEM_AD_MAX_INGRESS_FLOWS_EXCEEDED to be generated.

For direct messaging clients, we recommend creating a separate client profile with allow-guaranteed-message-send disabled.

Allowing Transacted Sessions

Transacted sessions (that is, local transacted sessions and/or XA Sessions) are supported by the Solace JMS, JCSMP, Java RTO, C, and .NET APIs messaging APIs. XA Sessions are only supported by the Solace JMS messaging API.

To permit clients assigned to a client profile to use transacted sessions, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# allow-transacted-sessions

The no version of this command, no allow-transacted-sessions, removes the permission to use transacted sessions from the client profile.

  • Changing this value during operation does not affect transacted sessions currently in progress.
  • On a Solace PubSub+ appliance, by default, a client profile does not permit clients to use transacted sessions. On a Solace PubSub+ software event broker, the default setting, on the default client profile for the default message VPN, is to permit clients to use transacted sessions.

Configuring Initial Values for Client-Created Endpoints

When a client using a Solace messaging API dynamically creates an endpoint on an event broker, its configuration is determined first by those endpoint properties and provision flags that the client may provide with a queue or topic endpoint create API function or method (refer to Receiving Guaranteed Messages for Solace enterprise messaging APIs). Any remaining endpoint parameters to be configured are then filled by the values used for queues or topic endpoints that an administrator can provide through the Solace CLI.

Endpoint Templates can be used to specify custom attributes for client created endpoints based upon the endpoint name. Any configurable values associated with the endpoint template will be applied to client created endpoints. Administrators can choose which client created queues use specific endpoint templates through two mechanisms:

  • Endpoint Templates have a name-filter that allows them to match an endpoint name to an endpoint template. This allows client created queues or topic endpoints the ability to dynamically copy attributes from the specified endpoint template. Refer to Setting Name Filters to Match Queue Names or Setting Name Filters to Match Topic Endpoint Names for more information.
  • Client Profiles have an optional copy-from-template-on-create command that can be used to copy custom values from endpoint templates to client created endpoints. However, if no customized endpoint template to be copied is explicitly set, the system defaults for CLI‑provisioned endpoints are used. To set initial values for client-created endpoints, see Configuring Initial Values for Client-Created Queues or Configuring Initial Values for Client-Created Topic Endpoints.
    For event brokers before the 9.4.0 release, use the copy-from-on-create command to specify a CLI‑provisioned queue or topic endpoint with custom values, and those values will be applied to any new client‑created endpoints.

A client application may only dynamically create durable and non-durable/temporary queues or topic endpoints on the event broker if it uses a client profile that has the allow-guaranteed-endpoint-create parameter enabled (refer to Allowing Clients to Create Guaranteed Endpoints).

Configuring Initial Values for Client-Created Queues

To set a CLI-provisioned queue template that all new client‑created queues will copy their configuration parameter values from, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# api-queue-management
solace(...le/message-spool/api-queue-management)# copy-from-template-on-create <queue-template-name>

Where:

<queue-template-name> is the name of a queue template provisioned on the given Message VPN whose parameter values will be used for any new client-created queues.

The no version of this command, no copy-from-template-on-create, resets the default setting, which is that the default event broker queue parameter values will be used for any new client-created queues.

Configuring Initial Values for Client-Created Topic Endpoints

To set a CLI-provisioned topic endpoint template that all new client‑created topic endpoints will copy their configuration parameter values from, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# api-topic-endpoint-management
solace(...e-spool/api-topic-endpoint-management)# copy-from-template-on-create <topic-endpoint-template-name>

Where:

<topic-endpoint-template-name> is the name of a topic endpoint template provisioned on the given Message VPN whose parameter values will be used for any new client-created topic endpoints.

The no version of this command, no copy-from-template-on-create, resets the default setting, which is that the default event broker topic endpoint parameter values will be used for any new client-created topic endpoints.

Configuring the Max Egress Flows Permitted

To configure the maximum number of egress flows (that is, Guaranteed message client receive flows or consumer flows) that can be created by a single client associated with this client profile, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# max-egress-flows <value>

Where:

<value> specifies the maximum number of egress flows that a client associated with the client profile can create. The valid range and default value depends on the type of Solace PubSub+ event broker used.

The no version of this command, no max-egress-flows, resets the maximum number of egress flows allowed for a client back to the default value.

Configuring the Max Endpoints Permitted Per Client Username

There is a maximum number of durable and non-durable queues and topic endpoints that can be owned by the clients using the same client username within a client profile. A client username is the owner of an endpoint when a client with that username dynamically creates an endpoint through an API call. You can also assign an owner to a durable endpoint through the Solace CLI (refer to Configuring Queue Owners or Configuring Topic Endpoint Owners).

To configure the maximum number of durable and non-durable queues and topic endpoints that can be owned by clients using the same client username associated with a client profile, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# max-endpoints-per-client-username <value>

Where:

<value> specifies the maximum number of queues and topic endpoints that a client username associated with the given client profile can be the owner of. The valid range and default value depends on the type of Solace PubSub+ event broker used.

The no version of this command, no max-endpoints-per-client-username, resets the maximum number of endpoints per client username value back to the default.

Configuring the Max Ingress Flows Permitted

To configure the maximum number of ingress flows (that is, Guaranteed message client publish flows) that can be created by a single client associated with this client profile, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# max-ingress-flows <value>

Where:

<value> specifies the maximum number of ingress flows that a client associated with the client profile can create. The valid range and default value depends on the type of Solace PubSub+ event broker used.

The no version of this command, no max-ingress-flows, resets the maximum number of ingress flows allowed for a client back to the default value.

Configuring the Max Number of Transactions

To configure the total maximum number of simultaneous transactions (both local transactions and transactions within XA transaction branches) allowed for a single client associated with this client profile, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# max-transactions <value>

Where:

<value> is an integer value specifying the maximum number of transactions allowed per client associated with the given client profile. The valid range and default value depends on the type of Solace PubSub+ event broker used.

The no version of this command, no max-transactions, resets the total maximum number of simultaneous transactions back to the default value.

Configuring the Max Number of Messages Per Transaction

By default, a client can publish and/or consume up to a combined maximum of 256 Guaranteed messages in a single transaction. Exceeding this limit will result in a transaction prepare or commit failure. To configure how many messages a client can use in a transaction, enter the following commands:

Changing the maximum number of messages per transaction is a Controlled Availability (CA) feature and should only be used under the supervision of Solace support.

Currently, this configuration option is not available for use in PubSub+ Cloud.

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# max-messages-per-transaction <value>

Where:

<value> is an integer value specifying the maximum number of messages per transaction allowed per client associated with the given client profile. The valid range is 1 to 20000. The default is 256. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time.

The no version of this command, no max-messages-per-transaction, resets the maximum number of messages per transaction allowed per client by the client profile back to the default value (256).

Large transactions consume additional resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved this way. Do not use excessively large transactions needlessly to avoid exceeding resource limits and reducing the overall broker performance.

Use of large transactions makes the PubSub+ broker more susceptible to transaction resource exhaustion. You can use the following Syslog events to monitor whether the resources needed to track messages that are part of uncompleted transactions are at a healthy level:

  • SYSTEM_AD_TRANSACTED_SESSION_RESOURCE_UTILIZATION_EXCEEDED

  • SYSTEM_AD_TRANSACTED_SESSION_RESOURCE_UTILIZATION_HIGH

  • SYSTEM_AD_TRANSACTED_SESSION_RESOURCE_UTILIZATION_HIGH_CLEAR

For more information about these events, see Solace PubSub+ Syslog Events.

To view the percentage of such resources available, see the Transacted Session Resource Utilization field in the output of the show message-spool command. For more information about the show message-spool output fields, see Viewing Guaranteed Messaging Information.

Configuring the Max Number of Transacted Sessions

To configure the maximum number of simultaneous transacted sessions and/or XA Sessions allowed for a single client associated with this client profile, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# max-transacted-sessions <value>

Where:

<value> is the integer value specifying the maximum number of transacted sessions allowed per client. The valid range and default value depends on the type of Solace PubSub+ event broker used.

The no version of this command, no max-transacted-sessions, resets the maximum number of transacted sessions allowed per client by the client profile back to the default value.

Handling Guaranteed Messages with No Matches

When Guaranteed messages are published, and there are no Guaranteed subscriptions on the event broker that match the messages’ topics, the event broker can either:

  • Return negative acknowledgments (that is, “Nacks”) to the publishers to indicate that there are no matching Guaranteed subscriptions for the messages. Messages published to unknown queue names are always Nacked.
  • Silently discard the messages (that is, no Nacks are returned to the publishers). This is the default action.

To configure that Nacks should be returned for published Guaranteed messages that do not have Guaranteed message subscription matches, enter the following commands:

solace(configure/client-profile)# message-spool
solace(configure/client-profile/message-spool)# reject-msg-to-sender-on-no-subscription-match

Even if a NACK is returned to the publisher, it will still be delivered to any clients that have Direct subscriptions to the topic.

To restore the default action, that published Guaranteed messages should be silently discarded when there are no Guaranteed subscription matches, enter the no version of the command:

solace(configure/client-profile/message-spool)# no reject-msg-to-sender-on-no-subscription-match

Configuring Egress Priority Queues

Refer to Message Delivery Resources for details on the queue Client Profile CONFIG command and general information on how to configure and monitor egress per-client priority queues.

Configuring Services

To set the configuration parameters for the given Message VPN for the types of services offered to clients using the given client profile, enter the following commands:

solace(configure/client-profile)# service

The CLI is now at a level where you can configure service settings for the given client profile for the following service types:

Once you have configured appropriate services, you can view the maximum number of client connections that the Solace event broker can supported, enter the show service User EXEC command.

Configuring a Minimum Keepalive Timeout

Solace PubSub+ supports keepalives for SMF and MQTT clients. Clients of this type declare a keepalive interval during login that defines an upper limit for allowed periods of inactivity on the connection to the broker. The broker uses this interval to derive a timeout value (in seconds) that defines the longest acceptable period of inactivity on a client connection before the broker disconnects.

The keepalive timeout value is calculated based on the client provided timeout interval (3 x the keepalive interval for SMF, 1.5 x the keepalive interval for MQTT). For the given client profile, you can choose to impose a minimum timeout value in seconds. The effective timeout value for a client then becomes the greater value between the client derived timeout value, and the one you configure.

Clients that explicitly disable keepalives during login are not subject to this minimum, and will never be disconnected by the broker due to inactivity.

To configure the minimum keepalive value, enter the following commands:

solace(configure/client-profile/service)# min-keepalive-timeout <seconds>

Where:

<seconds> is the minimum period of time (in seconds) that the PubSub+ broker will tolerate inactivity on a client connection. The valid range is from 3 to 3600. The default is 30.

We recommend that you set the minimum keepalive timeout to at least 10 seconds. This is to prevent applications being disconnected from the broker because of events outside of the broker's control, such as a brief loss of network connectivity, or a Solace API not getting sufficient CPU time due to load on the server hosting the application (for example, while garbage collection is occurring in a JVM).

Configuring Max SMF Connections

Solace PubSub+ uses the Solace Message Format (SMF) as its underlying messaging transport protocol.

For the given client profile, you can configure the maximum permitted number of simultaneous SMF client connections to the event broker that can be made using the same client username account.

To configure the maximum number of simultaneous SMF client connections, enter the following commands:

solace(configure/client-profile/service)# smf
solace(configure/client-profile/service/smf)# max-connections-per-client-username <value>

Where:

<value> is the maximum number of simultaneous SMF client connections permitted. To view the maximum total number of SMF client connections that the Solace PubSub+ event broker can support, enter the show service User EXEC command. The valid range depends on the type of Solace PubSub+ event broker used.

The no version of the command, no max-connections-per-client-username, resets the max-connections-per-client-username value to the default value, which is the maximum total number of SMF client connections that the event broker can support.

Enabling a Minimum Keepalive Timeout for SMF Connections

To enforce a minimum keepalive timeout for SMF clients, enter the following command:

solace(configure/client-profile/service/smf)# min-keepalive-enabled

The no version of this command, no min-keepalive-enabled, prevents the broker from enforcing a minimum keepalive timeout on SMF connections.

Configuring Web Transport Services

To configure specific Web transport service settings for the given client profile, enter the following commands:

solace(configure/client-profile)# service web-transport

The CLI is now at a configuration mode that allows you to specify the following Web transport service parameters:

Configuring Inactivity Timeouts

To configure the number of seconds a Web client has to send a request before its session will timeout (that is, will be terminated) for being inactive, enter the following command:

solace(.../client-profile/web-transport)# inactive-timeout <seconds>

Where:

<seconds> is the number of seconds a Web client has to send a request or have its session timeout for being inactive. The valid range is 1 to 4294967295. The default value is 30.

The no version of this command, no inactive-timeout, resets the duration back to the default value.

Configuring Max Web Transport Connections Per Username

To configure for the given client profile the maximum permitted number of simultaneous Web transport client connections to the event broker that can be made using the same client username account, enter the following command:

solace(.../client-profile/web-transport)# max-connections-per-client-username <value>

Where:

<value> is the maximum number of simultaneous Web transport client connections permitted. The valid range depends on the type of Solace PubSub+ event broker used. To view the maximum total number of Web client connections that the event broker can support, as determined by the type of event broker used, enter the show service User EXEC command.

The no version of the command, no max-connections-per-client-username, resets the max connections per client username value to the default value, which is the maximum total number of Web client connections that the event broker can support.

Configuring Max Web Payloads

SMF messages that are sent to a consuming Web client are contained within a Web transport message that the event broker sends in its HTTP response to that client. Each Web transport message that is sent can contain multiple SMF messages or partial SMF messages.

The maximum Web payload value sets the maximum number of bytes allowed in a single Web transport message (not including the header). This value determines the number of SMF messages that can be sent in a single HTTP response and the size of the Web transport message sent in the HTTP response.

Large SMF messages can be fragmented across Web transport messages to respect the value set for the maximum possible Web payload.

To configure the maximum number of bytes allowed in a single Web transport message, enter the following command:

solace(.../client-profile/web-transport)# max-web-payload <bytes>

Where:

<bytes> is the maximum number of bytes allowed in each Web transport message payload. The valid range is 300 to 10000000. The default value is 1000000.

The no version of this command, no max-web-payload, resets the maximum back to default.

Configuring Client TCP Settings

To configure the TCP settings for the given client profile, enter the following command:

solace(configure/client-profile)# tcp

The CLI is now at a level from which you can configure the following client-to-event broker TCP settings:

  • TCP Initial Congestion Window Sizes
  • TCP Keepalives
  • TCP Maximum Segment Sizes
  • TCP Maximum Window Sizes

For details on how to set these client-to-event broker TCP settings, see TCP Settings

Configuring Message Eliding

Eliding allows you to define a custom per-topic rate for client applications so they can effectively consume relevant messages, rather than queuing up outdated messages. For example, when eliding is configured, clients could receive Direct messages for their topic subscriptions at a rate of at most 5 per second per topic even though the source is publishing updates at much higher rates.

Message eliding is not supported on Solace PubSub+ appliances that use a Network Acceleration Blade-0401EM (NAB-0401EM). This NAB model does not support message eliding.

To configure the given client profile to use message eliding, enter the following command:

solace(configure/client-profile)# eliding

The CLI is now at a level from you can configure message eliding parameters and start or stop message eliding for the client profile:

Configuring Message Delay Intervals

To configure the amount of time to delay the delivery of messages to a client after the initial message has been delivered, enter the following command:

solace(configure/client-profile/eliding)# delay <milliseconds>

Where:

<milliseconds> is a delay time interval in milliseconds. This delay interval controls the rate of message updates sent to a client on a topic-by-topic basis. The valid range is 0 to 60000. Setting milliseconds to 0 allows the client to receive every message, or if your consumer application cannot keep up with message ingress, it only receives the latest message for each topic. At 200 milliseconds, the client receives up to five messages per second per topic, with the broker managing the rate. For more information, see Message Eliding Use Cases

The no version of this command, no delay, resets the delay back to default value.

Configuring the Maximum Number of Topics to Elide

To configure the maximum number of topics the event broker can track for performing the eliding function on each client connection, enter the following command:

solace(configure/client-profile/eliding)# max-topics <num>

Where:

<num> is the maximum number of topics that can be tracked for eliding. Once this maximum number is reached, the event broker clears the elided topics for the client to prevent consuming more eliding resources than have been allocated for the connection, and a one-time Syslog event is generated on a per-client basis. The topics of any subsequent messages that are received are then tracked for eliding again. The valid range is 1 to 32000. The default is 256.

The no version of this command, no max-topics, resets the maximum number of topics to default.

Any messages that are received on a topic that was tracked before exceeding the maximum is regarded as a message published to a new topic. The “new” topic is tracked again, and a message for that topic is sent immediately. The result is that two messages may be sent for an elided topic: one message is sent before the eliding maximum is reached, another is sent after the eliding maximum is reached and a new eliding topic tracking period begins.

Starting/Stopping Message Eliding

By default message eliding is disabled on client profiles.

  • To start message eliding for clients using the given client profile, enter the following command:
    solace(configure/client-profile/eliding)# no shutdown
  • To stop messaging eliding for clients using the given client profile, enter the following command:
    solace(configure/client-profile/eliding)# shutdown

Configuring Downgrade to Plain-Text

To allow clients which support the option to downgrade their connections to plain-text, enter the following commands:

solace(configure/client-profile)# ssl
solace(configure/client-profile/ssl)# allow-downgrade-to-plain-text

The command allows downgrading to both {plaintext, compressed} and {plain-text, uncompressed}.

By default, clients are allowed to downgrade their connections to plain-text.

The no version of this command, no allow-downgrade-to-plain-text, prevents clients from downgrading their connections to plain-text.

Disabling Compression

By default, clients are allowed to transfer data using compression. To disable this ability, enter the following commands:

solace(configure/client-profile)# compression
solace(configure/client-profile/compression)# shutdown

Disabling compression means:

  • Not allowing plain-text compressed SMF connections.
  • No SSL client negotiation to {secure, compressed}.
  • No SSL client negotiation to {plain-text, compressed}.
  • No bridging with compressed traffic.

The no version of this command, no shutdown, restores data transfer with compression.

Configuring Client Username Accounts Example

This example shows how to:

  • Create client username accounts (pascal) in separate Message VPNs (blue and red)
  • Create client profiles (Sales_Access) in both Message VPNs
  • Assign those client profiles to the client username accounts
  • Activate the client username accounts for service
  1. Create the Message VPN blue:
    solace> enable
    solace# configure
    solace(configure)# create message-vpn blue
    solace(configure/message-vpn)# exit
  2. Create the Message VPN red:
    solace(configure)# create message-vpn red
    solace(configure/message-vpn)# exit
  3. Create the client username account pascal in Message VPN blue:
    solace(configure)# create client-username pascal message-vpn blue
    solace(configure/client-username)# exit
  4. Create the client username account pascal in Message VPN red:
    solace(configure)# create client-username pascal message-vpn red
    solace(configure/client-username)# exit
  5. Enter the following show command on the client username accounts pascal to confirm their creation:
    solace(configure)# show client-username pascal message-vpn *
  6. Create the client profile Sales_Access in Message VPN blue:
    solace(configure)# create client-profile Sales_Access message-vpn blue
    solace(configure/client-profile)# exit
  7. Create the client profile Sales_Access in Message VPN red:
    solace(configure)# create client-profile Sales_Access message-vpn red
    solace(configure/client-profile)# exit
  8. Enter the following show command on the client profile Sales_Access to confirm its creation and configuration.
    solace(configure)# show client-profile Sales_Access detail
  9. Assign client profile Sales_Access to the client username account pascal in Message VPN blue:
    solace(configure)# client-username pascal message-vpn blue
    solace(configure/client-username)# client-profile Sales_Access
    solace(configure/client-username)# exit
  10. Assign client profile Sales_Access to the client username account pascal in Message VPN red:
    solace(configure)# client-username pascal message-vpn red
    solace(configure/client-username)# client-profile Sales_Access
    solace(configure/client-username)# exit
  11. Enter the following show command to confirm the client username accounts have been assigned to client profile Sales_Access:
    solace(configure)# show client-username pascal detail
  12. Activate the client username account pascal in Message VPN blue for service:
    solace(configure)# client-username pascal message-vpn blue
    solace(configure/client-username)# no shutdown
    solace(configure/client-username)# exit
  13. Activate the client username account pascal in Message VPN red for service:
    solace(configure)# client-username pascal message-vpn red
    solace(configure/client-username)# no shutdown
    solace(configure/client-username)# exit
  14. Enter the following show command to confirm the client username accounts’ activation:
    solace(configure)# show client-username pascal message-vpn *
    Username                        Message VPN                 Enabled # Clients
    ------------------------------- --------------------------- -------  --------
    pascal                          blue                            Yes         0
    pascal                          red                             Yes         0
  15. To activate the Message VPNs blue, red, and default for service, go to CLI Steps to Set Up VPNs With Client Profiles.