Enabling the Solace CLI for Event Broker Services in SAP Integration Suite, Advanced Event Mesh

Although SAP recommends performing event broker service configuration using Broker Manager, you can alternatively use the Solace CLI (command-line interface) to configure and manage event broker services. If you are already familiar with the Software Event Broker CLI Commands, you may find it faster, more precise, and more efficient to use CLI commands. Access to the CLI is performed via SSH, ensuring secure access.

CLI access in advanced event mesh has these limitations:

  • CLI access is scoped to the message VPN with permissions limited to the options available in Broker Manager.
  • System-level and system-wide CLI commands aren't available.

Enabling the CLI comes with some security issues you may want to consider. Due to the elevated privileges inherent with the CLI, SAP recommends keeping the CLI port for public internet endpoints disabled. SAP also recommends that if you consider it necessary to manage your event broker service via public internet, that you do so using SEMP. For more information, see SEMP. Furthermore, SAP also recommends leaving CLI access disabled in customer-controlled environments for public endpoints or those that have public connectivity.

If you want to temporarily enable CLI access (especially for public endpoints), we recommend you use these steps:

  1. Enabling CLI Access for an Event Broker Service

  2. Accessing the CLI for Event Broker Services

  3. Disabling CLI Access for an Event Broker Service

Enabling CLI Access for an Event Broker Service

SAP recommends keeping CLI access disabled for public internet endpoints.

You can enable CLI access for both private and public endpoints. To enable access on a specific event broker service, follow these steps:

  1. Log in to the Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your SAP BTP region. For more information, see Logging In to the Cloud Console.
  2. On the navigation bar, select Cluster Manager .
  3. Select the event broker service that you want to enable the CLI for. If the event broker service is not listed, make sure you have the right environment selected. For more information, see Selecting and Changing Environments.
  4. Click Manage then Advanced Options.

  5. On the Port Configuration pane, click the icon in the Manage column for the endpoints for which you want to enable CLI access and then select Edit.

  6. On the Edit Endpoint dialog box, expand the Management section beneath Protocols and Management, and then select the check box for Enable Secured CLI Host (SSH), use port. The default port is 22, but you can set a different port as required.

  7. Click Save

After you are done running commands, SAP recommends that you disable CLI access. For more information, see Disabling CLI Access for an Event Broker Service.

Accessing the CLI for Event Broker Services

After the port is enabled to allow SSH connections, as described in Enabling CLI Access for an Event Broker Service, you can connect using an SSH client like PuTTY. To log in, you require the necessary credentials including the hostname for your service, username, and password for the event broker service.

  1. In the Cloud Console, select Cluster Manager from the navigation bar and then select your service.
  2. On the Status screen, under DMR Cluster, copy the Hostname.
  3. Under Management Access, hover over More Info and copy the following credentials:
    • Management Editor Username
    • Management Editor Password

  4. Using a terminal like PuTTY, enter the hostname and the port number, as defined when you enabled Secure CLI Host Access for the event broker service that you want to connect to via SSH.

  5. Once the connection is established, enter the management username and password to complete the login to the CLI.

After you are done running your commands, SAP recommends that you disable CLI access. For more information, see Disabling CLI Access for an Event Broker Service.

Disabling CLI Access for an Event Broker Service

  1. In the Cloud Console, select Cluster Manager from the navigation bar and then select your service.
  2. Click Manage then Advanced Options.

  3. On the Port Configuration pane, click the icon in the Manage column for the endpoints for which you want to enable CLI access and then select Edit.

  4. On the Edit Endpoint dialog box expand the Management section beneath Protocols and Management, and then deselect the check box for Enable Secured CLI Host (SSH), use port.

  5. Click Save.