Configuring Log Server, Dgraph, and Forge for SSL

To enable SSL communication for the LogServer, Dgraph, and Forge, you must edit the appropriate configuration files items to reference the following items:

To enable SSL communication for LogServer, Dgraph, and Forge, follow these steps:

  1. Configure the sslConfig Java bean with global SSL configuration parameters. The sslConfig java bean should be created for each host separately if any of the components (Dgraph, Forge, or Log Server) are hosted on another machine.

  2. Pass SSL configuration parameters to the Log Server, Dgraph, and Forge by editing their respective configuration files to reference the sslConfig Java bean, or to specify the global SSL configuration parameters individually.

The following sections explain these steps in detail.

Configure the sslConfig Java Bean with Global SSL Configuration Parameters

To enable LogServer, Dgraph, and Forge for SSL communication, you must supply appropriate values for the properties of the <ssl-config> element in the AppConfig.xml file. Supplying properties values for <ssl-config> configures the Java bean sslConfig, which is the source of SSL configuration data for the LogServer, Dgraph, and Forge.

In the <ssl-config> element, specify the global SSL configuration parameters by supplying values for the following element properties:

The following example illustrates how to specify global SSL configuration parameters in the <ssl-config> element of the AppConfig.xml file: 

<!--
		######################################################################
		# Configure the Java bean sslConfig with values that you can then pass 
		# to Forge, Dgraph, LogServer, and custom components.
		#
-->
		<ssl-config id="globalSslConfig">
		  <property name="certFile"
		    value="/localdisk/endeca/ToolsAndFrameworks/11.1.0/deployment_template/ssl_certs_utility/bin/ssl/slcw5dd.us.example.com.pem"/>
	  	<property name="caFile"
		    value="/localdisk/endeca/ToolsAndFrameworks/11.1.0/deployment_template/ssl_certs_utility/bin/ssl/ca-cert.pem"/>
		  <property name="cipher" value="AES128-SHA"/>
		 </ssl-config>

Passing SSL Configuration Parameters to the Log Server

To enable SSL communication for the Log Server, you must edit the <logserver> element of the ReportGeneration.xml file to reference the Java bean (sslConfig) that contains the global SSL configuration parameters. In the <logserver> element, you must specify appropriate values for the properties of the <ssl-config> subelement, as follows:

The following example illustrates how to reference the Java bean that contains the global SSL communication parameters: 

<logserver id="LogServer" host-id="ReportGenerationHost" port="15010"> 
		. . . .  
		<gzip>false</gzip> 
		<ssl-config bean="sslConfig" ref="globalSslConfig"/>
</logserver>

Passing SSL Configuration Parameters to Dgraph

To enable SSL communication for the Dgraph, you can modify the <Dgraph> element of the AuthoringDgraph.xml configuration file in either of two ways:

The following example illustrates how to edit the <ssl-config> element to reference the sslConfig Java bean. Note that the ref property of <ssl-config> must be set to the value of the id property in the <ssl-config> element of the AppConfig.xml file: 

<dgraph id="AuthoringDgraph" host-id="AuthoringMDEXHost" port="15002" 
  post-startup-script="AuthoringDgraphPostStartup"> 
		 . . . . 
		 <input-dir>./data/dgraphs/AuthoringDgraph/dgraph_input</input-dir> 
		 <update-dir>./data/dgraphs/AuthoringDgraph/dgraph_input/updates</update-dir> 
		 <ssl-config bean="sslConfig" ref="globalSslConfig"/> 
</dgraph>

The following example illustrates how to edit the <dgraph> element to specify the sslConfig parameters individually, without referencing sslConfig itself: 

<dgraph id="AuthoringDgraph" host-id="AuthoringMDEXHost"
		 port="15002" post-startup-script="AuthoringDgraphPostStartup"> 
   . . . 		 		
		 <input-dir>./data/dgraphs/AuthoringDgraph/dgraph_input</input-dir> 
		 <update-dir>./data/dgraphs/AuthoringDgraph/dgraph_input/updates</update-dir>  
		 <cert-file>/localdisk/endeca/ToolsAndFrameworks/11.1.0/deployment_template/ssl_certs_utility/bin/ssl
     /slcw5dd.us.example.com.pem</cert-file> 
		 <ca-file>/localdisk/endeca/ToolsAndFrameworks/11.1.0/deployment_template/ssl_certs_utility/bin/ssl
     /ca-cert.pem</ca-file> 
		 <cipher>AES128-SHA</cipher> 
</dgraph>

Passing SSL Configuration to Forge

In the same way, you can pass SSL configuration parameters to Forge by editing the <forge> element of the DataIngest.xml configuration file either to reference the Java bean sslConfig or to specify the sslConfig parameters individually, without referencing sslConfig itself.

The following example illustrates how to edit the <ssl-config> subelement of the <forge> element to reference the sslConfig Java bean. Note that the ref property of the <ssl-config> element must be set to the value of the id property in the <ssl-config> element of the AppConfig.xml file: 

<forge id="Forge" host-id="ITLHost"> 
		 . . .  	
		 <pipeline-file>./data/processing/pipeline.epx</pipeline-file> 
		 <ssl-config bean="sslConfig" ref="globalSslConfig"/> 
</forge>

The following example illustrates how to edit the <forge> element to specify the sslConfig parameters individually, without referencing sslConfig itself: 

<forge id="Forge" host-id="ITLHost"> 
		. . . . 
		<pipeline-file>./data/processing/pipeline.epx</pipeline-file> 
		<cert-file>/localdisk/endeca/ToolsAndFrameworks/11.1.0/deployment_template/ssl_certs_utility/bin/ssl/slcw5dd.us.example.com.pem</cert-file> 
		<ca-file>/localdisk/endeca/ToolsAndFrameworks/11.1.0/deployment_template/ssl_certs_utility/bin/ssl/ca-cert.pem</ca-file> 
		<cipher>AES128-SHA</cipher> 
</forge>

Running Parallel Forge Processes in SSL and non-SSL Modes

To increase the efficiency with which your application processes source data, you can create groups of separate Forge processes that run in parallel with each other. Parallel Forge processing can increase processing efficiency when there is a large amount of source data to process or when the source data comes from multiple sources.

You can enable SSL communication for parallel Forge processes by specifying values for the following flags in the Forge commands that start the Forge server and each of the Forge clients:

Only certificates generated by the generateSSLCertificates utility can be used for sslcertfile and sslcafile. For information about how to use the generateSSLCertificates utility, see Creating SSL Certificates.

The following examples illustrate Forge commands that start a Forge server and two Forge clients in SSL mode. For information about Forge command flags, refer to the Oracle Commerce Forge Guide.

Command to run Forge server 

forge -vi -o out.log_server --dtdInHeader false -c "client_val=server"
		  --usingManager --javaArgument -Xmx256m --logLevel DEBUG --server
		  <server-port> --numClients 2 
    --sslcertfile 
                  <server host cert>
		                --sslcafile <root ca cert>
                  
    --outputDir <output directory location>
		  --stateDir <state directory location> pipeline.epx

Command to run first Forge client 

forge -vi -o out.log_0 --dtdInHeader false --usingManager
		  --javaArgument -Xmx256m --logLevel DEBUG -c "client_val=instance0" --client
		  10.152.105.73:1234 --clientNum 0 
    --sslcertfile <client host cert>
		                --sslcafile <root ca cert> 
    --outputDir <output directory location>
		  --stateDir <state directory location> pipeline.epx

Command to run second Forge client 

forge -vi -o out.log_1 --dtdInHeader false --usingManager
		  --javaArgument -Xmx256m --logLevel DEBUG -c "client_val=instance1" --client
		  10.152.105.73:1234 --clientNum 1 
    --sslcertfile <client host cert>
		  --sslcafile <root ca cert> 
    --outputDir <output directory location>
		  --stateDir <state directory location> pipeline.epx

Copyright © Legal Notices