Environment requirements

Hardware

A physical or virtual server with:

2 core CPU
2Gb RAM
40G storage

Software

FIXICC H2 machine:
1. RHEL 7 / RHEL 8
2. OpenJDK 1.8
3. (Optional since FIXICC H2 23Q1 release) Consul agent in client mode
FIXEdge Cpp/Java machine:
1. (Optional since FIXICC H2 23Q1 release) Consul agent in client mode
On the network:
1. PostgreSQL Database or HSQL Database (since FIXICC H2 23Q1 release):
  1. 1 user with DDL privileges to run the database migration or run normal FIXICC H2 operation
  2. 1 user without DDL privileges to run normal FIXICC H2 operation
2. (Optional since FIXICC H2 23Q1 release) Consul cluster - can be deployed on the same machines as FIXEdge Cpp/Java or FIXICC H2
Client workstations:
1. Chrome browser

Pre-configuration

Before you start working with the FIXICC H2, install and configure the FIX Engine and Consul application.

Consul configuration

To find the Consul installation instructions, please follow the link.

For non-production use, you can run the Consul in developer mode with the command:

consul agent -dev

For production use - please follow the link.

To configure the encrypted connection from FIXICC H2 to the Consul on the Consul side, please follow the link.

FIXICC H2 without Consul

The ability to use FIXICC H2 without Consul is available since FIXICC H2 23Q1 release.

FIXICC H2 configuration

The fixicch2.consulEnabled property must be set to 'false' in the local.app.properties configuration file.

Example:

local.app.properties

###############################################################################
#                                  Other                                      #
###############################################################################
 
cuba.rest.anonymousEnabled=true
cuba.anonymousLogin=anonymous
 
cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = cuba
cuba.dataSource.password = cuba
cuba.dataSource.dbName = fixicch2
cuba.dataSource.host = localhost
cuba.dataSource.port = 5432
 
fixicch2.fixServerType = all
 
fixicch2.prometheus.host = localhost
 
fixicch2.consulEnabled=false

The following actions must be performed to connect to FIXEdge Java or FIXEdge C++ and FIXEye-Agent:
- Run FIXICC H2 and log in.
- Navigate to the Configuration → Show all servers in the left navigation menu. The Servers page will be opened.
- Click the Add button. The Server editor page will be opened.
- Enter Server Name, Type, IP, Admin Port and FIX Port for the Server and IP and Port for FIXEye Agent. Click the OK button.

Admin Port for FIXEdge Java server is set to '9010', and FIX Port is set to '8911' by default.

Admin Port for FIXEdge C++ server is set to '8903', and FIX Port is set to '8901' by default.

Port for FIXEye Agent is usually set to '8882'.

FIXEdge Java configuration

The following properties must be defined in the fixedge.properties file:

fixedge.properties

service.discovery.enabled=false
 
server.useFixicch2ConfigManager=true
 
fixicch2.enable=true
 
# Fixicch2 REST API to load fix session and schedules configs and to subscribe on session and schedules changes
fixicch2.url=<fixicc_h2_url>

FIXEdge C++ configuration

The following properties must be defined in the FIXEdge.properties file:

FIXEdge.properties

Components.Service.FIXICCH2 = configuration-service
Components.Service.FIXICCH2.Host = <host>
Components.Service.FIXICCH2.Port = 8080
Components.Service.FIXICCH2.ReconnectInterval = <some_interval>
 
Components.Component.Configuration = FIXICCH2

FIXEye Agent configuration

The Consul.Enabled property must be set to 'false' in the fixeye-agent.properties file:

Consul.Enabled = false

FIXICC H2 settings

You should choose a directory on your workstation for FIXICC H2 files.

The FIXICC H2 instance is in the app.jar file. To complete the configuration, please create a local.app.properties file.

You can place the app.jar file for the FIXICC H2 application and local.app.properties (FIXICC H2 properties file) in the same directory, or store them separately.

Before you start your work, please set the database type for data storage.

The FIXICC H2 is compatible with PostgreSQL databases.

Please configure the FIXICC H2 according to the instance of the local.app.properties in your FIXICC H2 package, and set the following properties:

Name	Mandatory	Example value	Default Value	Description
cuba.dbmsType	Y	postgres	-	The property defines the type of the RDBMS.
cuba.dataSourceProvider	Y	application	-	The property defines the data source.
cuba.dataSource.username	Y	CUBA	-	The property defines the username for the database. Possible values: string
cuba.dataSource.password	Y	cuba	-	The property defines the password for the database. Possible values: string
cuba.dataSource.dbName	Y	PTGSDB	-	The property defines the name of the database. Possible values: string
cuba.dataSource.host	Y	10.68.21.182	-	The property defines the host for the database. Possible values: string
cuba.dataSource.port	Y	1521	-	The property defines the port for the database. Possible values: string
fixicch2.consul.encrypted_connection	N	true	false	The property defines whether HTTPS will be used or not. Possible values: true \| false
fixicch2.consul.port	N	8501	8500	The property defines the port for Consul. Possible values: string
fixicch2.fixServerType	N	FIXEdge CPP	all	The property defines the type of server to work with. Possible values: FIXEdge CPP \| FIXEdge Java \| any other value means both types of the server
fixicch2.consulEnabled	N	true	true	The property is available since FIXICC H2 23Q1 release. The property defines whether FIXICC H2 connection to Consul will be enabled or not. Possible values: true \| false
fixicch2.prometheus.host	N	localhost	-	The property defines the host for Prometheus. Possible values: string
fixicch2.prometheus.port	N	9090	9090	The property defines the port for Prometheus. Possible values: string
fixicch2.prometheus.pollInterval	N	5	5	The property defines the time interval between requests to Prometheus. Possible values: int
fixicch2.metrics.support.fe	N	false	false	The property defines whether live counters for the FIXEdge C++ server will be shown or not. Possible values: true \| false
fixicch2.metrics.support.fej	N	true	true	The property defines whether live counters for the FIXEdge Java server will be shown or not. Possible values: true \| false
fixicch2.unknownServer.autoRegistration	N	true	true	The property defines whether auto-adding of the server configuration will be enabled. Possible values: true \| false

Configuration example:

local.app.properties

cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = C##CUBA
cuba.dataSource.password =cuba
cuba.dataSource.dbName = PTGSDB 
cuba.dataSource.host = 10.68.21.182
cuba.dataSource.port =1521
fixicch2.consul.encrypted_connection =true
fixicch2.consul.port =8501
fixicch2.consul.insecure_connection_enabled =false
fixicch2.fixServerType = FIXEdge CPP
fixicch2.prometheus.port = localhost
fixicch2.prometheus.port = 9090
fixicch2.prometheus.pollInterval = 5
fixicch2.metrics.support.fe = false
fixicch2.metrics.support.fej = true
fixicch2.unknownServer.autoRegistration = true

The following optional properties can also be configurated on the Application Properties page via FIXICC H2:

Name	Example value	Default Value	Description
fixicch2.fixServerType	FIXEdge CPP	all	The property defines the type of server to work with. Possible values: FIXEdge CPP \| FIXEdge Java \| any other value means both types of the server
fixicch2.maxTimeToWaitServerStatusUpdate	8	10	The property defines the max time slot in minutes to update the server status from the Consul. If there were no events during the specified period, the Consul sends the response. Possible values: int < 10
fixicch2.metricsUpdatePeriod	4	1	The property defines the period of time in seconds for requesting metrics from the FIXEdge server. Possible values: int
fixicch2.mode	production	production	The property defines the instance of FIXICC H2. Possible values: string
fixicch2.notificationTimeZone	UTC	UTC	The property defines the time zone to display the correct time of notifications. Possible values: string
fixicch2.pauseToReconnect	2000	2000	The property defines the pause between reconnection attempts. Possible values: int
fixicch2.prometheus.host	localhost	-	The property defines the host for Prometheus. Possible values: string
fixicch2.prometheus.port	9090	9090	The property defines the port for Prometheus. Possible values: string
fixicch2.prometheus.pollInterval	5	5	The property defines the time interval between requests to Prometheus. Possible values: int
fixicch2.metrics.support.fe	false	false	The property defines whether live counters for the FIXEdge C++ server will be shown or not. Possible values: true \| false
fixicch2.metrics.support.fej	true	true	The property defines whether live counters for the FIXEdge Java server will be shown or not. Possible values: true \| false
fixicch2.unknownServer.autoRegistration	true	true	The property defines whether auto-adding of the server configuration will be enabled. Possible values: true \| false

If parameters from the table above were configured in the local.app.properties file, values from the file would be applied despite values being changed through the Application Properties page.

Logging configuration

To configure the logging level for the FIXICC H2 application, please create the logback.xml file and put it in the directory where the local.app.properties file is stored.

The logback.xml file is not mandatory.

For additional information please refer to the link.

Example:

logback.xml

<?xml version="1.0" encoding="UTF-8"?>

<configuration debug="false" packagingData="true">

    <property name="logDir" value="${app.home}/logs"/>

    <appender name="File" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/app.log</file>

        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
            <level>INFO</level>
        </filter>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <!-- daily rollover -->
            <fileNamePattern>${logDir}/app.%d{yyyy-MM-dd}.log</fileNamePattern>
            <!-- keep 30 days' worth of history -->
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} %-5level [%thread%X{cubaApp}%X{cubaUser}] %logger - %msg%n</pattern>
        </encoder>
    </appender>

    <root>
        <appender-ref ref="File"/>
    </root>
	
    <!-- Begin CUBA -->
    <logger name="com.haulmont.cuba" level="INFO"/>
    <logger name="com.haulmont.cuba.core.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.core.sys.CubaDefaultListableBeanFactory" level="WARN"/>
    <logger name="com.haulmont.cuba.core.app.scheduling" level="INFO"/>
    <logger name="com.haulmont.cuba.web.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.portal" level="INFO"/>
    <logger name="com.haulmont.restapi.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.core.app.LockManager" level="INFO"/>
    <!-- End CUBA -->

    <logger name="eclipselink" level="WARN"/>
    <logger name="eclipselink.sql" level="INFO"/>
    <logger name="org.springframework" level="WARN"/>
    <logger name="com.vaadin" level="WARN"/>
    <logger name="org.atmosphere" level="WARN"/>
    <logger name="org.activiti" level="INFO"/>
    <logger name="org.jgroups" level="INFO"/>
    <logger name="freemarker" level="INFO"/>
    <logger name="org.thymeleaf.TemplateEngine" level="INFO"/>
    <logger name="com.zaxxer.hikari" level="INFO"/>
    <logger name="org.docx4j" level="WARN"/>
	<logger name="org.xlsx4j" level="WARN"/>
    <logger name="org.apache.fop.apps.FOUserAgent" level="WARN"/>
    <logger name="org.hibernate" level="WARN"/>
    <logger name="sun" level="INFO"/>
    <logger name="com.sun" level="INFO"/>
    <logger name="javax" level="INFO"/>
    <logger name="org.apache" level="INFO"/>
    <logger name="org.eclipse.jetty" level="INFO"/>
    <logger name="org.docx4j.utils.ResourceUtils" level="ERROR"/>
    <logger name="org.docx4j.Docx4jProperties" level="ERROR"/>
    <logger name="org.xlsx4j.jaxb.Context" level="ERROR"/>
    <logger name="org.docx4j.utils.XSLTUtils" level="ERROR"/>
    <logger name="org.docx4j.jaxb.JaxbValidationEventHandler" level="ERROR"/>
    <logger name="org.docx4j.TraversalUtil" level="ERROR"/>
    <logger name="org.docx4j.fonts" level="ERROR"/>

    <!-- Begin Perf4J  -->
    <appender name="PerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/perfstat.log</file>
        <append>true</append>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${logDir}/perfstat.%d{yyyy-MM-dd}.log</fileNamePattern>
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%msg%n</pattern>
        </encoder>
    </appender>

    <appender name="CoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender">
        <param name="TimeSlice" value="60000"/>
        <appender-ref ref="PerfStatFile"/>
    </appender>

    <appender name="UIPerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/perfstat-ui.log</file>
        <append>true</append>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${logDir}/perfstat-ui.%d{yyyy-MM-dd}.log</fileNamePattern>
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%msg%n</pattern>
        </encoder>
    </appender>

    <appender name="UICoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender">
        <param name="TimeSlice" value="120000"/>
        <appender-ref ref="UIPerfStatFile"/>
    </appender>

    <logger name="org.perf4j.TimingLogger" additivity="false" level="INFO">
        <appender-ref ref="CoalescingStatistics"/>
    </logger>

    <logger name="com.haulmont.cuba.gui.logging.UIPerformanceLogger" additivity="false" level="INFO">
        <appender-ref ref="UICoalescingStatistics"/>
    </logger>
    <!-- End Perf4J  -->

</configuration>

HTTPS support

To run FIXICC H2 with HTTPS support you need to provide it with a key store and trust store in JKS format. For production installations, you need to create JKS from the certificate and private key provided by a trusted certificate authority.

For testing purposes, you can generate a self-signed certificate by yourself.

keytool -genkey                                                                     
    -noprompt                                                                       
    -alias jetty                                                                    
    -keyalg RSA                                                                     
    -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' 
    -keystore keystore.jks                                                          
    -storepass fixicch2                                                             
    -keypass fixicch2

Note here the name of the file (keystore.jks) and passwords (fixicch2).

To run FIXICC H2 with HTTPS enabled, you need to provide the following parameters:

Name	Example value	Where	Description
fixicch2.secure_http_port	8443	Java system property	The property defines the HTTPS port to listen. Possible values: string
fixicch2.key_store_path	keystore.jks	Java system property	The property defines the path to the key store (.jks file). Possible values: string
fixicch2.trust_store_path	keystore.jks	Java system property	The property defines the path to the trust store (.jks file). This value is used during the validation of client certificates and is typically set to the same value as the fixicch2.key_store_path property. Possible values: string
FIXICC_H2_KEY_STORE_PASSWORD	fixicch2	Environment variable	The property defines the key store password in plain text. Possible values: string
FIXICC_H2_KEY_MANAGER_PASSWORD	fixicch2	Environment variable	The property defines the key manager password in plain text. Possible values: string
FIXICC_H2_TRUST_STORE_PASSWORD	fixicch2	Environment variable	The property defines the trust store password in plain text. Possible values: string

For more information please refer to the Jetty 9 Documentation page (keyStorePath , keyStorePassword , keyManagerPassword , trustStorePath , and trustStorePassword properties).

For example, to start FIXICC H2 with the keys generated as above run the following command:

export FIXICC_H2_KEY_STORE_PASSWORD=fixicch2
export FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2
export FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2
java -Dapp.home=/opt/fixicch2-home              
    -Dfixicch2.secure_http_port=8433            
    -Dfixicch2.key_store_path=keystore.jks      
    -Dfixicch2.trust_store_path=keystore.jks    
    -jar /opt/fixicch2/app.jar

We strongly recommend configuring all connections (FIXICC H2 ↔ Engine, FIXICC H2 ↔ Consul, FIXICC H2 ↔ FIXEye Agent) via HTTPS.

Start application

Start the FIXICC H2 from the command line with the following command:

java -Dapp.home=/opt/fixicch2-home -jar /opt/fixicch2/app.jar

This will start FIXICC H2 on port 8080, you can access it by browsing http://fixicc-h2-machine:8080/app.

Where:

"/opt/fixicch2-home" is the directory with the local.app.properties file, you should type the full path for the file.
"/opt/fixicch2/" is the directory with the app.jar file, you should type the full path for the file.

Changing FIXICC H2 port

To run FIXICC H2 on another HTTP port you need to specify the fixicch2.http_port Java system property, e.g. to run FIXICC H2 on port 9090, you should start the FIXICC H2 from the command line with the following command:

java -Dapp.home=/opt/fixicch2-home -Dfixicch2.http_port=9090 -jar /opt/fixicch2/app.jar

FIX Log Viewer Settings

To configure the search in the FIX logs:

Deploy FIXEye Agent (version 2.3.0 or higher) by following instruction.

LDAP authentication

To configure the FIXICC H2 authentication via LDAP you can follow the following instruction:

Deploy the LDAP server.

Set the following properties in the local.app.properties file:

Name	Example value	Default value	Description
ldap.contextSourceUrl	ldap://localhost:389	ldap://localhost:10389	The property defines a URL for reaching the LDAP server. Possible values: string
ldap.contextSourceUserName	cn=admin,dc=epm-bfix,dc=local	uid=admin,ou=system	The property defines the username (principal) used for authentication. This is normally the distinguished name of the admin user. Possible values: string
ldap.contextSourceBase	dc=epm-bfix,dc=local	dc=springframework,dc=org	The property defines a base DN. If configured, all operations on contexts retrieved from ContextSource will be relative to this DN. By default, an empty name is set (i.e. all operations are related to the directory root). Possible values: string
ldap.contextSourcePassword	ADMIN_PASSWORD	secret	The property defines a password used for authentication. Login with default parameters for the first time. Then you can change the password in env docker-compose. Possible values: string
ldap.referral	follow	follow	The property defines the strategy to handle referrals, as described in the documentation. Possible values: string
ldap.sessionExpiringPeriodSec	120	30	The property defines a period of time in seconds after which the system terminates a session if the user was deactivated or a new access group/matching rules were assigned to them. Possible values: int
ldap.userSynchronizationBatchSize	100	100	The property defines the number of users that can be synchronized during the execution of the synchronizeUsersFromLdap() scheduled task. Possible values: int
ldap.userSynchronizationOnlyActiveProperty	true	true	The property defines whether the synchronizeUsersFromLdap() scheduled task will update only the value of the Active attributes or all user details. If set to 'true', the synchronizeUsersFromLdap() scheduled task updates only the value of the Active attribute. Otherwise, the system updates all user details. Possible values: true \| false
ldap.cubaGroupForSynchronization	Company	Company	The property defines access groups that will be checked when the system executes the synchronizeUsersFromLdap() scheduled task. Possible values: string
ldap.cubaGroupForSynchronizationInverse	false	false	The property defines whether the system will check all groups when executing the synchronizeUsersFromLdap() scheduled task (except for the ones specified in the ldap.cubaGroupForSynchronization property). If set to 'true', the system checks all groups when executing the synchronizeUsersFromLdap() scheduled task. Possible values: true \| false
ldap.synchronizeCommonInfoFromLdap	true	true	The property defines whether the synchronizeUsersFromLdap() scheduled task will update the values of the following user attributes in accordance with their state on the LDAP server side: Email, Name, First name, Last name, Middle name, Position, and Language. If set to 'true', the synchronizeUsersFromLdap() scheduled task will update the values of these user attributes in accordance with their state on the LDAP server side. Possible values: true \| false
cuba.web.standardAuthenticationUsers	admin, anonymous	admin, anonymous	The property defines users that can log in to the system using standard CUBA credentials. Possible values: string
ldap.expiringSessionNotificationCron	/10 * * * *	/10 * * * *	The property defines the CRON expression for retrieving expired sessions from the middleware layer. Possible values: CRON
ldap.addonEnabled	true	false	The property defines whether the LDAP add-on will be enabled. Possible values: true \| false
ldap.expiringSessionsEnable	true	true	The property defines whether the system will send notifications to inform the user that their session is about to expire. Possible values: true \| false

If the group and user weren't set earlier you should create a POSIX group and a user in LDAP.
Start the FIXICC H2.
Select Administration -> LDAP -> LDAP Config in the menu on the left side (items 1→2→3 in the figure below).
Check the connection by clicking Test Connection (item 4 in the figure below).
Figure. The "Test Connection" button.
If the connection is successful, the FIXICC H2 will show the following message:
Go to the LDAP Matching Rules page by clicking LDAP Matching Rules.
Select the default rule in the table and click Edit or press Enter on your keyboard to edit the default rule.
Figure. The "LDAP Matching Rules" page.
Add the Role - system-full-access or your own role (in this case, the role's permissions must provide access to Allow all screens):
Click Add.
Figure. The "Add" button for adding the permissions.
Select the Role in the table (item 1 in the figure above).
Confirm your choice by clicking Select (item 2 in the figure above).
Log out by clicking the arrow at the bottom of the left-side menu.

Figure. The "Logout" button.
Log in with the user's data whose role was added to the LDAP Matching Rules.

EPAM-B2BITS products for Capital Markets

FIXICC H2: Deployment Guide