MettleCI - Component Connections

Component Connections

The following table describes the MettleCI-related interactions between the software components shown in the wiring diagram on this page. Note that if a component or protocol isn't specified then it is either

irrelevant to MettleCI; or
MettleCI can re-use whatever is required by your organisational standards and infrastructure.

Connection	First Host - Application	Second Host - Application	Protocol(s)	Port(s)	Authentication	Related MettleCI Function(s)	Comments

Connection	First Host - Application	Second Host - Application	Protocol(s)	Port(s)	Authentication	Related MettleCI Function(s)	Comments
1	DataStage Development Engine Tier - MettleCI Workbench Service	Git Host - Git management system	SSH (default) or HTTPS	As defined by your organisation.	User: SSH: MettleCI-specific account (AKA a robot account or service account. e.g. ‘mciworkb’). HTTPS: Individual developers' user accounts Credentials: SSH: Service account-specific SSH key pair. HTTPS: End-users' username & password. See relevant build tool pages here.	ETL asset and Unit Test commits	The choice of SSH or HTTPS will be defined by your organisation’s standards and the configuration of your Git management system. Refer to Configuring MettleCI Workbench to communicate with Git over HTTPS Credential management: SSH: The private key is stored on the filesystem. Systems administrators should apply their organisation’s standard filesystem security measures. HTTPS: MettleCI Workbench places these credentials in an encrypted key store that is only accessible via combination of an encrypted password and access-time user-specific credentials (never stored).
2	DataStage Development Engine Tier - MettleCI Workbench service	Work item Management Host - Work Item Management (WIM) system	This depends on your WIM system’s requirements.	As defined by your organisation.	User: Depending on your organisation’s WIM system and its configuration, it will be individual end user accounts; or a MettleCI-specific service account (not recommended) Credentials: Initial login: Username and password. Subsequent interactions: Theses use an OAuth browser token. HTTPS API calls on behalf of the end user are via OAuth 1.1a or OAuth 2.0 (as required by the particular WIM system) See relevant pages here.	Dynamic Work item lookup during Commit	'Work Item Management service' means Jira, Service Now, etc. MettleCI doesn't affect your choice of ports or protocols for this connection. Refer to these pages for more details. Credential management: Individual user accounts: Workbench uses a private key or client secret (depending on the OAuth protocol) to communicate with the WIM so it know that the communication is trusted. Client secret is stored in MettleCI’s WIM configuration file. MettleCI-specific service account: Credentials are stored in the MettleCI’s WIM configuration file.
3	Developer Workstation - Web browser	Git Host - Git management system	HTTP(S)	As defined by your organisation.	Individual user’s Git credentials	Git tasks	No MettleCI components are involved in this connection.
	Developer Workstation - Web browser	Work item Management Host - Work Item Management service	HTTP(S)	As defined by your organisation.	Individual user’s Work Item Management credentials	Work Item Management tasks	No MettleCI components are involved in this connection.
	Developer Workstation - Web browser	Build Host - Build Tool controller	HTTP(S)	As defined by your organisation.	Individual user’s build tool credentials	Build tasks	No MettleCI components are involved in this connection.
4	Developer Workstation - Web browser	DataStage Development Engine Tier - MettleCI Workbench Service	HTTP(S)	As defined by your organisation.	Individual user’s DataStage user credentials	All MettleCI Workbench functionality Compliance Test Commit	Your organisation’s choice of HTTP or HTTPS protocol are specified within the MettleCI configuration file.
5	Removed	Removed	Removed	Removed	Removed	Removed	Removed
6	Built Host - Build Tool Controller	MettleCI Agent Host - Built Tool Agent	Build tool dependent	As defined by your organisation.	Build tool dependent	Build Controller can execute pipelines requiring a ‘MettleCI Command Line Interface’ capability	MettleCI doesn't affect your choice of ports or protocols for this connection. Refer to the documentation of your chosen build tool.
7	MettleCI Agent Host - MettleCI CLI (file transfer and remote execution actions)	DataStage Development Engine Tier - Operating System SSH tools	SFTP, SSH	As defined by your organisationfor SSL connections.	User: Mettle CI service account Credentials: Username and password; or SSH key See this page for details on each MettleCI CLI command.	MettleCI Deployment (via SFTP) Script Execution (via SSH) Filesystem asset version control Non Information Server (ISX) asset version control	Credential management: This connection is initiated by a build pipeline. Therefore, use the secret management features of your build tool to store credentials. Ensure your build tool pipeline configuration uses secret management references to retrieve credentials.
7	MettleCI Agent Host - MettleCI CLI (DataStage Client actions)	DataStage Development Services and Engine Tiers	Multiple, as defined by IBM for DataStage client-server connections	Multiple, as defined by IBM and your organisation for DataStage client-server connections	User: MettleCI service account Credentials: Username and password.	Normal DataStage Client operations covering: ETL asset retrieval ETL asset import Job compilation	This connection will use the same ports and protocols that your organisation uses for its standard installation of the DataStage Client on end-user hardware. Credential management: This connection is initiated by a build pipeline. Therefore, use the secret management features of your build tool to store credentials. Ensure your build tool pipeline configuration uses secret management references to retrieve credentials.
8	MettleCI Agent Host - MettleCI CLI (All actions)	DataStage Testing (and potentially Production) Services and Engine Tiers	Refer to connection #7	Refer to connection #7	Refer to connection #7	Refer to connection #7	Refer to connection #7