Connecting on-premise Decision Center to Bluemix Business Rules Service

Question

I'm trying to configure into my local ODM Decision Center the connection to a Bluemix Business Rules Service (its Rule Execution Server). In the process, I'm getting a generic IO_ERROR while testing the connection on Decision Center console.

Error screenshot:

I can correctly access the RES console in any browser, so i don't think this could be a connectivity issue. Also, I had the public SSL key of Bluemix installed in my ODM trust store. I was getting the following error:

SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=*.ng.bluemix.net, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US" was sent from target host:port "brsv2-c15e1b13.ng.bluemix.net:443". The signer may need to be added to local trust store...

I was wondering if this should be possible or if Decision Center is not supported by Bluemix not even through the use of its APIs by an external Decision Center.

Answer 1

The Business Rules service on Bluemix is different from IBM ODM in many ways: I suggest you to take a look at Understand the differences between IBM ODM and the Business Rules service on Bluemix for more details. Bluemix does not provide rule authoring capabilities in the form of Decision Center, but you can still use Rule Designer for rule development and deployments. The Business Rules service provides also a REST transparent decision service that handles the ruleset execution and management through the HTTPS protocol, and a hosted transparent decision service to handle ruleset execution through SOAP. Take a look at Executing rules by using the REST service.

Actually what you are trying to do should be possible, since you should be able to declare the service in BlueMix as a server in the Decision Center. Please try this solution. If the problem persists (and the APIs described above are not enough in your scenario) since as you said it doesn't seem to be a network/firewall issue, you could open a support request using one of the following methods:

• Use the Support Widget. It is available from the user avatar in the upper right corner of the main Bluemix UI. After opening the support widget panel, select Get Help > Get In Touch , select the type of assistance you need, and then fill out the support form.
• Use the Support Site 'Get Help' form. This form is available on a separate site that is made available for ticket submission when you cannot log into Bluemix and access the Support Widget.  Go to http://ibm.biz/bluemixsupport and fill in the support request form.

In this way you will engage the IBM Business Rules dev team to help you with the problem resolution.

Answer 2

You probably just need to retrieve the SSL certificate from the Bluemix RES. You can do this by using the WebSphere Application Server admin console:

Click Security > SSL certificate and key management > Key stores and certificates > {select a resource} >Signer certificates > Retrieve from port.

Click Retrieve from port.

Type the host name of the machine on which the signer resides.

Type the port location on the host machine on which the signer resides. The port location is not limited to ports on WebSphere Application Server. The ports can include Lightweight Directory Access Protocol (LDAP) ports or ports on any server on which an SSL port is already configured, such as SIB_ENDPOINT_SECURE_ADDRESS.

Select an SSL configuration for the outbound connection from the list.

Type an alias name for the certificate.

Click Retrieve signer information. A message window displays information about the retrieved signer certificate, such as: the serial number, issued-to and issued-by identities, SHA hash, and expiration date. If a chained certificate is on the port, information about the root is displayed.

Click Apply. This action indicates that you accept the credentials of the signer.