Overview
|
|
This topic shows how to configure a Process, which represents a running instance
of the Enterprise Gateway. You can configure the options described in the following
sections at the Process level.
|
Add HTTP Services
|
|
You can add a container for HTTP-related services, including HTTP and
HTTPS Interfaces, Directory Scanners, Static Content Providers, Servlet
Applications, and Packet Sniffers.
HTTP Services act as a container for all HTTP-related interfaces to the
Enterprise Gateway's core messaging pipeline. You can configure HTTP and HTTPS
interfaces to accept plain HTTP and SSL messages respectively. A Relative
Path interface is available to map requests received on a particular URI
or path to a specific policy. The Static Content Provider interface can
retrieve static files from a specified directory, while the Servlet
Application enables you to deploy servlets under the service. Finally,
the Packet Sniffer interface can read packets directly of the network
interface, assemble them into HTTP messages, and dispatch them to a
particular policy. The Configuring
HTTP Services topic explains how to configure the available HTTP
Interfaces.
|
Add SMTP Services
|
|
Simple Mail Transfer Protocol (SMTP) support enables the Enterprise Gateway
to receive email and to act as a mail relay. The Enterprise Gateway can accept
email messages using the SMTP protocol, and forward them to a mail server.
You can also configure optional policy circuits for specific SMTP commands
(for example, HELO/EHLO and AUTH). The
Configuring SMTP Services
topic explains how to configure SMTP services, interfaces, and handler circuits.
|
Add Policy Execution Scheduler
|
|
Policy Execution Scheduling enables you to schedule the execution of any policy
on a specified date and time in a recurring manner. The Enterprise Gateway provides a
pre-configured library of schedules to select from. You can also add your
own schedules to the library. The
Policy Execution Scheduling topic explains how to add a policy execution
schedule, and how to add schedules.
|
Messaging System
|
|
You can configure the Enterprise Gateway to read JMS messages from a JMS queue or
topic, run them through a policy, and then route onwards to a Web Service
or JMS queue or topic.
The Enterprise Gateway can consume a JMS queue or topic as a means of passing XML
messages to its core message processing pipeline. When the message has
entered the pipeline, it can be validated against all authentication,
authorization, and content-based message filters. Having passed all
configured message filters, it can be routed to a destination Web Service
over HTTP, or it can be dropped back on to a JMS queue or topic using the
Messaging System Connection filter. For more details,
see the Messaging System
topic.
|
Directory Scanner
|
|
The Directory Scanner reads XML files from a specified
directory and dispatches them to a selected policy. This enables you to
search a local directory for XML files, which can then be fed into a
security policy for validation. Typically, XML files are FTP-ed or saved
to the file system by another application. The Enterprise Gateway can then pick
these files up, run the full array of authentication, authorization, and
content-based filters on the messages, and then route them over HTTP or
JMS to a back-end system. For more details, see the
Directory Scanner
topic.
|
POP Client
|
|
The POP Client enables you to poll a POP mail server to
read email messages from it, and pass them into a policy for processing.
For more details, see the POP
Client topic.
|
Add Remote Host
|
|
Remote Host settings configure the way in which the Enterprise Gateway routes to another
host machine. For example, if a destination server may not fully support HTTP 1.1,
you can configure Remote Host settings for the server to optimize
the way in which the Enterprise Gateway sends messages to it. Similarly, if the server
requires an exceptionally long timeout, you can configure this in the Remote
Host settings. For more details, see the
Remote Hosts topic.
|
TIBCO
|
|
You can configure a TIBCO Rendezvous® Listener or
a TIBCO Enterprise Messaging System™ Consumer.
For more details, see the following topics:
|
Process Settings
|
|
You can configure per-process global configuration settings by right-clicking
the Process, and selecting the Settings option. For more details
on configuring Process settings, see the General
Settings topic.
|
Process Logging
|
|
You can configure a Process to log messages to a database, file system,
GUI Console, log files, or UNIX syslog. A Log Viewer for examining log entries
is also available. For more details, see the
Logging Configuration topic.
|
Monitoring
|
|
The Enterprise Gateway can store useful statistics about the messages that it
processes in a database. The Service Monitor monitoring tool can then
poll this database, and produce charts and graphs detailing how the
Enterprise Gateway is performing. For more details, see the
Service Monitor Index Page.
The Enterprise Gateway also provides the Traffic Monitor tool for operational
diagnostics. This is a web-based message log of the HTTP and HTTPS
traffic that it processes. For more details, see the topic on
Monitoring Traffic.
|
Cryptographic Acceleration
|
|
The Enterprise Gateway can leverage the OpenSSL Engine API to offload complex
cryptographic operations (for example, RSA and DSA) to a hardware-based
cryptographic accelerator, and to act as an extra layer of security when
storing private keys on a Hardware Security Module (HSM).
The Enterprise Gateway uses OpenSSL to perform cryptographic operations, such as
encryption and decryption, signature generation and validation, and SSL
tunneling. OpenSSL exposes an Engine API, which
enables you to plug in alternative implementations of some or all
of the cryptographic operations implemented by OpenSSL. OpenSSL can,
when configured appropriately, call the engine's implementation of these
operations instead of its own. For more information on configuring the
Enterprise Gateway to use an OpenSSL engine, see the
Cryptographic Acceleration
topic.
|
Tivoli
|
|
You can configure how a Process connects to an instance of an IBM Tivoli Access
Manager server. Each Process can connect to a single Tivoli server. For more
details, see the Global Configuration section in the
Tivoli Integration
topic.
|
Kerberos
|
|
You can configure Process-wide Kerberos settings such as the Kerberos configuration
file to the Enterprise Gateway, which contains information about the location of the Kerberos
Key Distribution Center (KDC), encryption algorithms and keys, and domain realms. You
can also configure options for APIs used by the Kerberos system, such as the Generic
Security Services (GSS) and Simple and Protected GSSAPI Negotiation (SPNEGO) APIs.
For more details, see the
Kerberos Configuration topic.
|
Oracle Security Service Module Settings
|
|
You can configure the Enterprise Gateway to act as an Oracle Security Service Module
(SSM) to enable integration with Oracle Entitlements Server. The Enterprise Gateway
acts as a Java SSM, which delegates to Oracle Entitlements Server. For example,
you can authenticate and authorize a user for a particular resource against an
Oracle Entitlements Server repository. For more details, see the
Oracle Security Service Module Settings
topic.
|
Audit Trail
|
|
The Enterprise Gateway generates an audit trail for each of the key actions that occurs in the
Policy Studio on configurations, processes, and users (for example, when a user logs in,
or updates configuration). All items are written to a file-based audit trail stored on
the same machine on which the server process is running. For more details, see the
Audit Trail topic.
|
|