Connection Manager


I’'ve never used the connection manager before, so apologise if this is a really dumb question…

I’'ve got the Wildfire server running on one machine and a second machine with the connection manager running, it connects, etc.

But, I’'ve a few questions…

  1. Is the connection encrypted between the two servers? The main server is set for secure connections only, but couldn’‘t find an option for that in the connection manager, or on the Wildfire server to say encrypted or not. I’'m assuming its encrypted?

  2. Do I need to do anything else, or will the Wildfire server sort it all out? i.e. now its connected it looks after itself or do I need to send users to it manually somehow? I’‘m assuming I just leave it and it sorts itself - on the basis that if you have multiple connection managers you’'ll need to have different domains for each which seems a bit of a weird way to do it!

  3. Is there any GUI for it? Theres nothing on the screen and apart from a java process running in task manager theres nothing!

  4. Can users register etc. etc. and know no difference or are some things limited? e.g. the gateways plugin?

  5. What ports does it need? apart from 5262, does it just run off the usual wildfire ports for everything, or do they not need opening?

  6. Sorry if all the above are a bit dumb, but I know nothing about them apart from they let you have more users on one server!!!




  1. I don’'t think connection is encrypted between CMs and WF server, but experts could probably answer. In fact CMs and WF server can be installed inside a local private network so I am not sure you need encryption on such a domain to communicate between CMs and servers. It has a process cost and it can probably be interesting to avoid some encryption if not necessary.

  2. I am not sure to understand your question. CM can be seen as front end machines that manage connections but redirect traffic to the WF server that does the XMPP process. The idea is to use something like DNS round robin mechanism to let clients be connected to one CM or another one while all CM are connected to the WF server. On WF side, you just define the port and the password CM will use to connect. On CM side, you define the name of the server and the password (you can probably also define the port I don’'t remember). You can also configure XMPP connection ports 5222 and 5223 by default.

There is no notion of domain for CM. They are connected to a WF that has a domain. They just multiplex connection and route traffic to the server.

  1. I don’'t think there is a GUI for CM.

  2. Once again I am not sure to understand the question. You must see CMs as multiplexer, any XMPP stanza is forwarded and processed by the WF server. They just reduce the load and the thread numbers caused by all the clients connections. Anyway new NIO solution integrating MINA should reduce such a load.

  3. CM connects to the port 5262 on WF server but if I am right it doesn’'t use it on its own machine. It is only bound to 5222 and 5223 ports if I am right. Perhaps HTTP ports also, but I am not aware of that.

  4. No problem. Hope that it helps. If you have any other question or need additionnal details, do not hesitate to post it in the thread.




Thanks for your reply!

  1. These are running over the web so secure is better!

  2. Thats what I thought, I was just wondering if users logged on to the server and then it threw them off onto a Connection manager or if they went in via CM direct.

  3. So, will having one CM and one WF server actually enable more users - i.e. you could let some on direct and some on via the CM or should all go on via the CM as it takes to load off the WF server? i.e. I’'ve got 2 servers I can use, one as WF and one as a CM - is that going to improve anything or do I need two CMs to make a difference?

  4. Thanks!

Thanks for ya help!


  1. I suppose that server hosting WF and server hosting CM will be on the same network or at least not too far. So traffic between them should not be broadcasted everywhere. Let’'s wait for the expert advices

  2. Evrything is routed through CM,

  3. Perhaps there is something but I don’'t know at all if this is the case.

  4. You can do whatever you want. But it makes more sense in my opinion having either everybody directly connected to the WF server or through CMs. I was able to reach 15000 users connected with test tools on a single CM. and reached 45K users with 3 CMs and a single WF server. In fact your architecture choice depends mainly on some questions like:

  • how many users connected simultaneously ?

  • size of their rosters ?

  • communication “intensity”: frequency/size of messages, frequency of presence updates ?


Yeah, traffic between the two shouldn’'t be a problem - 100Mb duplex connection.

It was more a case of grabbing hardware while it was around if you know what I mean! Now pondering wether its worth it and just have a WF server…

The problem is that these servers do all sorts wanted to rpead the load a bit as there not just dedicated, just currently under-utilised so time to stick another service on them!

Thanks for all ya help


Hey guys,

Connections between Connection Managers and Wildfire can use encryption (TLS) and also compression. As Pascal mentioned for performance reasons and since both services may be hosted inside a secure LAN we decided to disable them out of the box.

If you want to enable them then you will have to do it by setting some system properties. Set the xmpp.multiplex.tls.policy system property to required or optional to offer TLS. For compression you should set the xmpp.multiplex.compression.policy system property to optional. You will have to restart Wildfire after making your changes.


– Gato

Hi Gato,

Magic, thanks!