For applications that look up or call remote EJB beans, consider how to maintain access to remote EJB beans from the cloud or consider migrating all related EJB beans to the cloud.

In Java code, javax.ejb.EJB annotations with a lookup element that uses the java:global or corbaname: namespace indicates that a remote EJB might be used. If the EJB that is specified in the lookup is in a different application, then consider migrating that application to the cloud with this application.

  @EJB(lookup="java:global/myApp/myModule/MyBeanComponent")
		

For deployment descriptors, an <ejb-ref> element in an application.xml, ejb-jar.xml, or web.xml file with a <home> or <remote> element also indicates the use of a remote EJB.

  <ejb-ref>
	<ejb-ref-name>CartHomeRemote</ejb-ref-name>
	<ejb-ref-type>Session</ejb-ref-type>
	<home>com.ibm.ejbs.CartHomeRemote</home>
	<remote>com.ibm.ejbs.CartRemote</remote>
  </ejb-ref>

This rule is flagged once per Eclipse project or Java archive.

How to Resolve

If your application is able to directly access the EJB remote provider, no further action is required.

Otherwise, one option is to also move the applications that contain the remote EJB beans to the cloud when you migrate this application. Analyze those applications for connectivity issues as well. Alternatively, you can use a VPN tunnel, such as the IBM Cloud Secure Gateway, to create a secure connection to look up your existing on-premises EJB remote provider. For more information about configuring a secure connection, see Configuring a VPN. For EJB lookups, configure the destination in the secure client to the on-premises JNDI tree. Use the host and port that are returned from that configuration for your cloud secure connection in one of the following formats:

• corbaloc::<cloud host>:<cloud port>
• corbaname:iiop:<cloud host>:<cloud port>/NameServiceServerRoot
• iiop://<cloud host>:<cloud port>

Change the provider URL in the InitialContext properties or in the JNDI properties to use the cloud host and port.

When you configure a secure connection for calls to remote on-premises EJB beans, create and install an HTTP tunneling servlet on the on-premises application server, and enable tunneling in the client side ORB. For more information, see Enabling HTTP tunneling. Configure the secure client to point to the HTTP tunneling servlet, and use the host and port that are returned from the configuration for your cloud secure connection in the following format:

• http://<cloud host>:<cloud port>/IIOPTunnel/IIOPTunnelServlet

You can use this technique both when the EJB client is moved to the cloud and the EJB bean is on-premises, and vice versa.

Note: Liberty for Java applications that use remote EJB beans can be deployed to an IBM Cloud instant runtime; however, the remote EJB beans are not remotely accessible with the CORBA/IIOP protocol because of port restrictions in the IBM Cloud environment. For more information about Liberty for Java on IBM Cloud, see Liberty features supported in IBM Cloud.