We've been migrating IBM App Connect Enterprise (ACE) workloads from VM-based deployments to OpenShift, and one pattern keeps repeating:

In multiple environments (banking and industrial), flows deployed successfully, pods were healthy, logs looked fine…
but messages stopped moving.

The root causes were almost never in BAR files or YAML.

They showed up in places like:

• Runtime state carried over from VM assumptions

• Network behavior changing under Kubernetes

• Security and credential translation gaps

• Resource limits throttling flows silently

• Lack of message-level visibility

A few concrete traps we hit

Credential Translation Trap

Symptom

• Secure connections failing after migration:

  • MQ channels

  • Databases (DB2 / Oracle)

  • External secured endpoints

Cause

• Credentials that worked on VMs didn't automatically work in containers

• Kubernetes Secrets ≠ ACE credential aliases by default

Fix

• Explicit mapping:

  • Kubernetes Secrets → ACE credential aliases

  • TLS certs → ACE / DataPower truststores

Security migration is not lift-and-shift.

Blind Operations Trap

Symptom

• Transactions slow or stalled

• No clear errors, only downstream impact

Cause

• Missing observability:

  • No message-level tracing

  • No correlation across systems

  • Limited runtime metrics

Fix

• Enable and integrate:

  • ACE statistics

  • OpenShift logging

  • Correlation with AIOps-style tooling

If you can't trace the message, you can't govern it.

Key takeaway

When transactions stop flowing:

I'm curious to hear from others in the community:

• What silent failures have you seen with ACE on OpenShift?

• How are you handling credential migration and observability?

• Any best practices you've adopted that saved you later?

• What's the one migration check you now treat as non-negotiable before promoting ACE flows to prod?

------------------------------
[Karthik kumar] [T] [SVP Technology]
[Cannyfore Technology]
[+91 9600929239]
[karthik.kumar@cannyfore.com]
------------------------------

Hiya

I'm afraid this is an APIC community, I think you might have more luck posting in the App Connect community?

------------------------------
Chris Dudley
------------------------------

Original Message:
Sent: Thu December 18, 2025 02:07 AM
From: karthik kumar
Subject: When IBM App Connect on OpenShift Goes Quiet: Lessons from Real Migrations

We've been migrating IBM App Connect Enterprise (ACE) workloads from VM-based deployments to OpenShift, and one pattern keeps repeating:

ACE rarely fails loudly in containers.
It fails quietly - and that's where the real risk is.

In multiple environments (banking and industrial), flows deployed successfully, pods were healthy, logs looked fine…
but messages stopped moving.

The root causes were almost never in BAR files or YAML.

They showed up in places like:

• Runtime state carried over from VM assumptions

• Network behavior changing under Kubernetes

• Security and credential translation gaps

• Resource limits throttling flows silently

• Lack of message-level visibility

A few concrete traps we hit

Credential Translation Trap

Symptom

• Secure connections failing after migration:

  • MQ channels

  • Databases (DB2 / Oracle)

  • External secured endpoints

Cause

• Credentials that worked on VMs didn't automatically work in containers

• Kubernetes Secrets ≠ ACE credential aliases by default

Fix

• Explicit mapping:

  • Kubernetes Secrets → ACE credential aliases

  • TLS certs → ACE / DataPower truststores

Security migration is not lift-and-shift.

Blind Operations Trap

Symptom

• Transactions slow or stalled

• No clear errors, only downstream impact

Cause

• Missing observability:

  • No message-level tracing

  • No correlation across systems

  • Limited runtime metrics

Fix

• Enable and integrate:

  • ACE statistics

  • OpenShift logging

  • Correlation with AIOps-style tooling

If you can't trace the message, you can't govern it.

Key takeaway

When transactions stop flowing:

Stop checking pods.
Start chasing the message.

I'm curious to hear from others in the community:

• What silent failures have you seen with ACE on OpenShift?

• How are you handling credential migration and observability?

• Any best practices you've adopted that saved you later?

• What's the one migration check you now treat as non-negotiable before promoting ACE flows to prod?

------------------------------
[Karthik kumar] [T] [SVP Technology]
[Cannyfore Technology]
[+91 9600929239]
[karthik.kumar@cannyfore.com]
------------------------------