Overview
|
|
This topic shows how to configure a Process, which represents a running instance
of the Enterprise Gateway. You can configure the options described in the following
sections at the Process level.
|
Add Remote Host
|
|
Remote Host settings configure the way in which the Enterprise Gateway routes to another
host machine. For example, if a destination server may not fully support HTTP 1.1,
you can configure Remote Host settings for the server to optimize
the way in which the Enterprise Gateway sends messages to it. Similarly, if the server
requires an exceptionally long timeout, you can configure this in the Remote
Host settings. For more details, see the
Remote Hosts topic.
|
Add HTTP Services
|
|
You can add a container for HTTP-related services, including HTTP and
HTTPS Interfaces, Directory Scanners, Static Content Providers, Servlet
Applications, and Packet Sniffers.
HTTP Services act as a container for all HTTP-related interfaces to the
Enterprise Gateway's core messaging pipeline. You can configure HTTP and HTTPS
interfaces to accept plain HTTP and SSL messages respectively. A Relative
Path interface is available to map requests received on a particular URI
or path to a specific policy. The Static Content Provider interface can
retrieve static files from a specified directory, while the Servlet
Application enables you to deploy servlets under the service. Finally,
the Packet Sniffer interface can read packets directly of the network
interface, assemble them into HTTP messages, and dispatch them to a
particular policy. The Configuring
HTTP Services topic explains how to configure the available HTTP
Interfaces.
|
Add SMTP Services
|
|
Simple Mail Transfer Protocol (SMTP) support enables the Enterprise Gateway
to receive email and to act as a mail relay. The Enterprise Gateway can accept
email messages using the SMTP protocol, and forward them to a mail server.
You can also configure optional policy circuits for specific SMTP commands
(for example, HELO/EHLO and AUTH). The
Configuring SMTP Services
topic explains how to configure SMTP services, interfaces, and handler circuits.
|
Add File Transfer Services
|
|
You can configure the Enterprise Gateway to listen for remote clients that connect to
it as a file server. This enables the Enterprise Gateway to apply configured policies
on transferred files (for example, for schema validation, threat detection or
prevention, routing, and so on). The Enterprise Gateway supports File Transfer Protocol
(FTP), FTP over SSL (FTPS), and Secure Shell FTP (SFTP). The
File Transfer Service
topic explains how to configure the Enterprise Gateway as a file transfer service.
|
Add Policy Execution Scheduler
|
|
Policy Execution Scheduling enables you to schedule the execution of any policy
on a specified date and time in a recurring manner. The Enterprise Gateway provides a
pre-configured library of schedules to select from. You can also add your
own schedules to the library. The
Policy Execution Scheduling topic explains how to add a policy execution
schedule, and how to add schedules.
|
Messaging System
|
|
You can configure the Enterprise Gateway to read JMS messages from a JMS queue or
topic, run them through a policy, and then route onwards to a Web Service
or JMS queue or topic.
The Enterprise Gateway can consume a JMS queue or topic as a means of passing XML
messages to its core message processing pipeline. When the message has entered
the pipeline, it can be validated against all authentication, authorization,
and content-based message filters. Having passed all configured message filters,
it can be routed to a destination Web Service over HTTP, or it can be dropped
back on to a JMS queue or topic using the Messaging System
Connection filter. For more details, see the
Messaging System topic.
|
FTP Scanner
|
|
The FTP Scanner enables you to query and retrieve files by
polling a remote file server. When files are retrieved, they can be passed into
the Enterprise Gateway core message pipeline for processing. For example, this is useful
in cases where an external application drops files on to a remote file server,
which can then be validated, modified, or routed on over HTTP or JMS by the
Enterprise Gateway. For more details, see the
FTP Scanner topic.
|
Directory Scanner
|
|
The Directory Scanner reads XML files from a specified
directory and dispatches them to a selected policy. This enables you to
search a local directory for XML files, which can then be fed into a
security policy for validation. Typically, XML files are FTP-ed or saved
to the file system by another application. The Enterprise Gateway can then pick
these files up, run the full array of authentication, authorization, and
content-based filters on the messages, and then route them over HTTP or
JMS to a back-end system. For more details, see the
Directory Scanner
topic.
|
POP Client
|
|
The POP Client enables you to poll a POP mail server to
read email messages from it, and pass them into a policy for processing.
For more details, see the POP
Client topic.
|
TIBCO
|
|
You can configure a TIBCO Rendezvous® Listener or
a TIBCO Enterprise Messaging Service™ Consumer.
For more details, see the following topics:
|
Process Settings
|
|
You can configure per-process global configuration settings by clicking the
Settings node in the Policy Studio tree. For more details on
configuring Process settings, see the
Enterprise Gateway Settings topic.
|
Process Logging
|
|
You can configure a Process to log messages to a database, file system,
GUI Console, log files, or UNIX syslog. A Log Viewer for examining log entries
is also available. For more details, see the
Logging Configuration topic.
|
Cryptographic Acceleration
|
|
The Enterprise Gateway can leverage the OpenSSL Engine API to offload complex
cryptographic operations (for example, RSA and DSA) to a hardware-based
cryptographic accelerator, and to act as an extra layer of security when
storing private keys on a Hardware Security Module (HSM).
The Enterprise Gateway uses OpenSSL to perform cryptographic operations, such as
encryption and decryption, signature generation and validation, and SSL
tunneling. OpenSSL exposes an Engine API, which
enables you to plug in alternative implementations of some or all
of the cryptographic operations implemented by OpenSSL. OpenSSL can,
when configured appropriately, call the engine's implementation of these
operations instead of its own. For more information on configuring the
Enterprise Gateway to use an OpenSSL engine, see the
Cryptographic Acceleration
topic.
|
|