Overview
|
|
The purpose of this tutorial is to show how to configure a Process,
which represents a running instance of the Enterprise Gateway. You can configure
the following options at the Process level:
-
Add HTTP Interfaces:
This option enables you to add a container for HTTP-related services,
including HTTP and HTTPS Interfaces, Directory Scanners, Static
Content Providers, Servlet Applications, and Packet Sniffers.
-
Messaging System:
The Enterprise Gateway can read JMS messages from a JMS queue or topic,
run them through a policy, and then route onwards to a Web Service
or JMS queue or topic.
-
Directory Scanner:
The Directory Scanner is used to read XML files from a specified
directory and dispatch them to a selected policy.
-
POP Client:
The POP Client can poll a POP mail server and read messages from
it. Messages can then be passed into a policy for processing.
-
Remote Host:
Remote Host settings are used to "tweak" the way in which the
Enterprise Gateway routes to another host machine.
-
Settings:
This option allows you to configure various global properties for
the Process.
-
Logging:
A Process can be configured to log messages to a database, the file
system, or UNIX syslog. A Log Viewer for examining log entries is
also available.
-
Real-time monitoring
The Enterprise Gateway can store certain statistics, called Message Metrics,
about each message it processes in a database, which can
be used by Service Monitor to produce HTML-based reports and charts.
-
Crypto Acceleration:
The Enterprise Gateway can leverage OpenSSL's Engine API to offload complex
cryptographic operations (for example, RSA and DSA) to a hardware-based
cryptographic accelerator and also as an extra layer of security
when storing private keys on a Hardware Security Module (HSM).
The remainder of this tutorial discusses each of these configuration
steps in turn.
|
Add HTTP Services
|
|
HTTP Services act as a container for all HTTP-related interfaces to the
Enterprise Gateway's core messaging pipeline. HTTP and HTTPS interfaces can be
configured to accept plain HTTP and SSL messages respectively. A
Relative Path interface is available in order to map requests received
on a particular URI (or path) to a specific policy. The Static Content
Provider interface can retrieve static files from a specified directory,
while the Servlet Application allows you to deploy servlets beneath the
service. And finally, the Packet Sniffer interface can read packets
directly of the network interface, assemble them into HTTP messages, and
dispatch them to a particular policy. The
HTTP Services help page
contains information on how to configure the available HTTP Interfaces.
|
Messaging System
|
|
The Enterprise Gateway can consume a JMS queue or topic as a means of passing XML
messages to its core message processing pipeline. Once the message has
entered the pipeline it can be validated against all authentication,
authorization, and content-based message filters. Having passed all
configured message filters, it can be routed to a destination Web Service
over HTTP or it can be dropped back on to a JMS queue or topic using the
Messaging System Connection filter. For more information
on configuring the Enterprise Gateway to read messages from a JMS queue or topic,
take a look at the
Messaging System help
page.
|
Directory Scanner
|
|
The Directory Scanner allows you to search a local
directory for XML files, which can then be fed into a security policy for
validation. Typically, XML files are FTP-ed or saved to the file system
by another application. The Enterprise Gateway can then pick these files up,
run the full array of authentication, authorization, and content-based
filters on the messages, and then route them over HTTP or JMS to a
back-end system. For more information on the
Directory Scanner please refer to the
Directory Scanner
help page.
|
POP Client
|
|
The POP Client allows you to poll a POP mail server in
order to read email messages from it and pass them into a policy for
processing.
For more information on the
POP Client please refer to the
POP Client
help page.
|
Remote Hosts
|
|
In cases where a destination server may not fully support HTTP 1.1,
Remote Host settings can be configured for the server to
"tweak" the way in which the Enterprise Gateway sends messages to it. Similarly,
if the server requires an exceptionally long timeout, this can be
configured in the Remote Host settings. For more
information on how to configure Remote Hosts, take a
look at the
Remote Hosts
help page.
|
Process Settings
|
|
Per-process settings are configured by right-clicking on the Process
in the tree view of the Policy Studio and selecting the
Settings option. For more information on configuring
Process settings, take a look at the
General
Settings help page.
|
Process Logging
|
|
It is possible to configure a Process to log messages to a database,
GUI Console, log files, or UNIX syslog. Take a look at the
Logging Configuration
help page for more information on how to do this.
|
Reporting Metrics
|
|
The Enterprise Gateway can store useful statistics about the messages that it
processes in a database. It is then possible for the Service Monitor
monitoring tool to poll this database and produce charts and graphs
detailing how the Enterprise Gateway is performing. For more information on
configuring reporting metrics, take a look at the
Service Monitor Index Page.
|
Cryptographic Acceleration
|
|
The Enterprise Gateway uses OpenSSL to perform cryptographic operations, such as
encryption and decryption, signature generation and validation, and SSL
tunneling. OpenSSL exposes an Engine API, which
makes it possible to plug in alternative implementations of some or all
of the cryptographic operations implemented by OpenSSL. OpenSSL will,
if configured appropriately, call the engine's implementation of these
operations instead of its own. For more information on configuring the
Enterprise Gateway to use an OpenSSL engine, please refer to the
Cryptographic Acceleration
help page.
|
|