B.31. The --security-gateway Attribute

Description

You use the --security-gateway attribute to enable SGD Gateway usage for the SGD array. The attribute defines the following:

Note

The --security-gateway attribute is used for AIP connections only. Routing of HTTP connections is handled by the HTTP load balancing service on the Apache reverse proxy component of the Gateway.

Changes to the --security-gateway attribute apply to all SGD servers in the array.

Syntax

The syntax for the --security-gateway attribute is as follows:

--security-gateway filter-spec...

Replace filter-spec with a filter specification of the type:

client-ip-address|*:gateway protocol:gateway-address:gateway-port

Separate multiple filter-spec entries with a comma and enclose the entire string in double quotation marks (" "). See Section B.31, “ Using Multiple Filters ”.

Examples

The following example enables all SGD Clients to connect using TCP port 443 of the SGD Gateway gateway1.example.com.

$ tarantella config edit --security-gateway "*:sgdg:gateway1.example.com:443"

The following example enables all SGD Clients to connect using an external load balancer, lb.example.com.

$ tarantella config edit --security-gateway "*:sgdg:lb.example.com:443"

The following example enables all SGD Clients to connect directly to an SGD array, without going through the SGD Gateway. The primary server in the array is sgd1.example.com.

$ tarantella config edit --security-gateway "*:direct:sgd1.example.com:443"

Using Multiple Filters

You can use multiple filter specifications, as shown in the following example.

Consider a basic deployment, as shown in Figure B.1, “Using Multiple Filter Specifications”. The deployment uses a single SGD Gateway, gateway1.example.com, with an SGD array that contains two SGD servers, sgd1.example.com and sgd2.example.com. The primary server in the array is sgd1.example.com.

The address of the SGD Gateway on the internal network is 192.168.0.250.

Figure B.1. Using Multiple Filter Specifications

Network Diagram Showing a Deployment Scenario That Uses Multiple Filters

The following filter specification might be used for this example:

"192.168.0.250:sgdg:gateway1.example.com:443,*:direct:sgd1.example.com:80"

With this configuration, the following applies: