The Token Proxy Exchange Service web portal deploys either on Oracle WebLogic server or Tomcat. The Token Proxy Exchange Service is a standalone application that can be run as a Windows service. The database server runs on Oracle 12c database or My SQL 8.0 or above.
The Token Proxy Exchange Service listener manages its own use of the certificates provided by the datacenter using TLS1.2, so a firewall or load balancer (if present) must not offer any form of HTTPS to HTTP bridging functionality, and instead the connection must be passed directly to the Token Proxy Exchange Service.
The certificates provided must be installed on all servers running the Token Proxy Exchange Service in the event the service is installed on multiple machines for load balance or fail over. In case if the certificate has to be deployed at load balancer, then a certificate should also be deployed at TPS app server to establish HTTPS connection from load balancer to TPS server. It is highly recommended to use CA signed certificates.
The service will also make outgoing connections to the Payment Service Provider. This outgoing connection will be to a URL specified by the payment service provider and the host or port will be specified by the PSP. Port 443 is the requested and recommended standard.
This outgoing connection can be over the internet or over VPN, but must be using HTTPS with TLS1.2 or greater. HTTPS over a VPN connection is recommended for security reason.
Parent topic: Token Proxy Service Security Overview