On this page:

Related pages:

Your Rating:
Results:
PatheticBadOKGoodOutstanding!
16 rates

This topic describes how to configure and set up federated cross application flow, a mode that enables you to view transaction correlation across business applications in different Controller accounts or even across Controllers. You can also remove federated cross application flow, which deletes the friendship information of federated friendships.

About Federated Friendship 

To enable applications in different Controller accounts to participate in federated cross application flow, you must first establish federated friendship between the accounts. Federated friendship establishes trust between different accounts on one or more controllers. This trust enables AppDynamics to correlate transaction data between the accounts.

Establishing federated friendship relies on two REST APIs, which are used in the following sample workflow:

  • The first call, apikeyforfederation, creates an API key for federation on an account, ACMEOnline in this example:
  • The second call, establishmutualfriendship, provides the API key and other identifying information about the first account to the other account in the federated friendship, such as from ACMEOnline to ACMEEnterprise:


After you run the establishmutualfriendship API, the Controller creates a second API key for the friend account and passes it back to the original account using the connection information provided via the API. This establishes mutual trust between the accounts, as illustrated below between ACMEOnline and ACMEEnterprise:

The following instructions use cURL to illustrate the workflow, but cURL is not required to establish federated friendship. You can use scripts or your preferred client tool to invoke the API calls.

Set up Federated Friendship

Before Starting

Review the following items before you begin to set up a federated friendship:

  • The tier making the outbound call in the upstream application and the tier receiving the inbound call in the downstream application must be either Java or .NET. 
  • The Java and .NET Agent versions must be 4.4 or later. 
  • You must have access to two accounts on one or more Controllers. For each account you need:
    • Account name
    • Account owner user name
    • Account owner password
    • Controller hostname
    • Controller port
  • For each account, you must have app agents installed and reporting to the Controller.
  • You need the URL and port for the Controller for each account.
  • If your accounts are on different Controllers, the two Controllers must be able to communicate with one another over HTTP or HTTPS. In the case of HTTPS, this means that each Controller must trust the SSL certificate of the other.

    • You may need to use keytool to import the root certificate for the CA that signed one Controller certificate into the other trust store. The trust store is located at <Controller Home>/appserver/glassfish/domains/domain1/config/cacerts.jks. See Controller SSL and Certificates.

    • Once that is complete, you must restart your Controller Appserver so that the trust stores can be reread.

Create an API Key for Federation

  1. Choose one of the accounts to create an API key to use for federated friendship. You can do this on either one of the accounts. These instructions refer to this account as account1.

  2. Call the apikeyforfederation REST API to create the API key for account1:

    curl -v -u <account1-admin-user>@<account1-name>:<password> -H "Content-Type: application/json" -d '{}' -X POST http://<account1-controller-url>:<controller-port>/controller/rest/federation/apikeyforfederation

    The account1-admin-user must be an administrator for the account where you are making the API call. See 'Authentication' on Using the Controller APIs.

    For <account1-controller-url> and <controller-port>, provide the Controller connection information for account1.

    Calling the apikeyforfederation REST API twice with the same name results in a 500 internal server error.

    The example below creates a key in an account named ACMEOnline:

    curl -v -u admin@ACMEOnline:mypassword -H "Content-Type: application/json" -d '{}' -X POST http://ACMEEnterprise.example.com:80/controller/rest/federation/apikeyforfederation  

     The API returns the API key and additional identifying information. For example:

    {
    "id": "6e60b0eb-778c-4211-8d46-b557addc44c2",
    "accountId": 2,
    "name": "fed_key_b24ed0e7-a9c6-41ad-9732-82afc097f936",
    "description": "Federation Key for account {ACMEOnline}",
    "key": "NmU2MGIwZWItNzc4Yy00MjExLThkNDYtYjU1N2FkZGM0NGMyOmU4ODVhY2JkMDVjNThiYjk4NWUyZGQ0MGU3N2E4ODVlOGJiMjhmYWU=",
    "expiryDate": -1,
    "canExpire": false,
    "state": "enabled"
    }

    Use the value for "key" in the step to establish federated friendship.

Establish Federated Friendship

To complete the federated friendship, provide identifying information about the first account (account1), including the API key for federation, to the friend account. These instructions refer to the friend account as account2.

  1. Create a text file named friend.json.
  2. Edit friend.json and paste the following JSON template:

    {
    "controllerUrl":"http://<account2-controller-url>:<controller-port>",
    "friendAccountControllerUrl":"http://<account1-controller-url>:<controller-port>",
    "friendAccountName":"<account1-account-name>",
    "friendAccountApiKey":"<account1-key>"
    }
  3. Edit the values as in friend.json as follows:

    • account2-controller-url and controller-port: Controller connection information for account2. This address must be accessible from the account1 Controller.

    • account1-controller-url and controller-port: The Controller connection information for the friend account where you created the API key. The address must be accessible from the account2 Controller. If both accounts are on the same controller, this may be the same value as account1-controller-url and controller-port.

    • account1-account-name: Enter the friend account name the same way you would enter it for the API or on the Controller login screen.
    • account1-key: Enter the value of  key for account1 returned from the apikeyforfederation API call.

      For instance, to pass the friend information about ACMEOnline to the account ACMEEnterprise:

      {
      "controllerUrl":"http://ACMEEnterprise.example.com:80",
      "friendAccountControllerUrl":"http://ACMEOnline.example.com:80",
      "friendAccountName":"ACMEOnline",
      "friendAccountApiKey":"NmU2MGIwZWItNzc4Yy00MjExLThkNDYtYjU1N2FkZGM0NGMyOmU4ODVhY2JkMDVjNThiYjk4NWUyZGQ0MGU3N2E4ODVlOGJiMjhmYWU="
      }
  4. Call the establishmutualfriendship API against the account2 and pass the information about the friend account that you saved in the friend.json file:

    curl -v -u <account2-admin-user@<account2-name>:<password> -H "Content-Type:application/json" -d @friend.json -X POST http://<account2-controller-host>:<controller-port>/controller/rest/federation/establishmutualfriendship

    The account2-admin-user must be an administrator for the account where you are making the API call. See 'Authentication' on Using the Controller APIs.

    For <account2-controller-url> and <controller-port>, provide the Controller connection information for account2.

    If friend.json is not in the same directory where you execute the cURL command, you need to provide the path to the JSON file.
    For example, to finalize the friendship between ACMEOnline and ACMEEnterprises:

    curl -v -u admin@ACMEOnline:mypassword -H "Content-Type:application/json" -d @friend.json -X POST http://ACMEOnline.example.com:80/controller/rest/federation/establishmutualfriendship


    When the API runs successfully, the Controller returns a 200 status. After a few minutes, the Controller begins to correlate the transaction data between the two accounts and the accounts show up in flow maps using Federated Cross Application Flow.

Remove Federated Friendship

Just as you can set up a federated friendship between business applications in different Controller accounts, you can unfriend and delete the federated friendship information. Removing a federated friendship disables federation between the two Controllers and clears all associated metadata and metrics.

After you remove a federated friendship, you can undo your deletion by setting up the same friendship again. Note that you cannot set up a new federated friendship while the existing friendship is pending for deletion.

To remove the federated friendship, you must provide identifying information about the local and friend accounts, including the API keys for federation. These instructions refer to the local account as account1 and the friend account as account2.

  1. Choose the account you would like to initiate the removal of federated friendship. You can do this on either one of the accounts. These instructions refer to this account as account1.

  2. Retrieve the account API keys for both accounts. If you do not already know them, you can use the showfriends REST API to retrieve the keys:

    curl -v -u <account1-admin-user>@<account1-name>:<password> -H "Content-Type: application/json" -d '{}' -X GET http://<account1-controller-url>:<controller-port>/controller/rest/federation/showFriends/account/account1

    The account1-admin-user must be an administrator for the account where you are making the API call. See "Authentication" on Using the Controller APIs.
    For <account1-controller-url> and <controller-port>, provide the Controller connection information for account1.
    The account1 is the AccountKey. It should be the GUID portion of the global account name on the Controller.

  3. Use the mutual unfriend REST API to complete your request. The mutual unfriend request checks if the friendship configuration is consistent and provisioned in the local and friend Controllers before going through with the deletion process. If an error is found during the check, it will return an error without impacting the existing settings.

    curl -v -u <account2-admin-user>@<account2-name>:<password> -X DELETE http://<account2-controller-host>:<controller-port>/controller/rest/federation/mutualfriendship?accountKey={account1}&friendAccountKey={account2}

    For <account2-controller-url> and <controller-port>, provide the Controller connection information for account2.

    For example, to remove the friendship between ACMEOnline and ACMEEnterprises using the mutual unfriend REST API:

    curl -v -u admin@ACMEOnline:mypassword -X DELETE http://ACMEOnline.example.com:80/controller/rest/federation/mutualfriendship?accountKey=fab3653a-75a4-4eaa-a1ac-900d017118ea&friendAccountKey=b2af3573-2aa2-406c-9daf-7948fedaa1fe'

    When the API runs successfully, the Controller returns a 202 status. It may take up to 15 minutes for your request to completely remove the friendship between the two accounts, and the associated metatdata and metrics.

  • No labels