System architecture

Edit online

IBM® Cognos® Command Center has a distributed system architecture. You can design your system with the components that best fulfill your requirements.

You can access Cognos Command Center through clients and web clients. The software connects to on-premise, hosted, and cloud system applications through agents. The central automation repository supports compliance and audit. Through web services, alerts, and events, Cognos Command Center can connect to third party schedulers, SMTP email, external applications, and SOA (service-oriented architecture) platforms.

The Cognos Command Center components as described in the components topic. — Figure 1. Cognos Command Center system architecture

Communication between Cognos Command Center clients and the server, uses Windows Communication Foundation (WCF). WCF can be configured to TCP or SOAP 1.2 Web HTTP or HTTPS. Communication between the Cognos Command Center server and the agents, uses HTTPS.

When you install the Cognos Command Center components, you have the option of selecting the appropriate network protocol for your environment: TCP, HTTP, or HTTPS.

Regardless of which network protocol you choose, all communication is secure and encrypted. Cognos Command Center also integrates with external authentication servers, and SMTP servers to enable email alert integration and event-based processing of automation requests.

Communication between Cognos Command Center clients and the server, uses Windows Communication Foundation (WCF). WCF can be configured to TCP or SOAP 1.2 Web HTTP or HTTPS. Communication between the Cognos Command Center server and the agents, uses HTTPS. — Figure 2. Cognos Command Center system communication

Changing the Agent's SSL certificate

The Server to Agent communication uses HTTPS, and by default is secured using a self-signed certificate stored in a Java keystore. The keystore location and password is stored in the <INSTALLDIR>/Agent/config/CccAgent.config configuration file. To change the configuration to use a custom SSL certificate, change the <keystore> and <keystorepassword> configuration settings to point to a custom keystore containing the custom certificate.

Changing the Queue's SSL certificate

The Server and Agent to Queue communication uses SSL, and by default is secured using a self-signed certificate stored in a Java keystore. The keystore location and password is stored in the <INSTALLDIR>/Common/apache-activemq-5.8.0/conf/activemq.xml configuration file. To change the configuration to use a custom SSL certificate, change the <keyStore> and <keyStorePassword> attributes in the <sslContext> element to point to a custom keystore containing the custom certificate.