Enabling SSL Acceleration for Application Interface/Enabling HTTP

This topic describes how to configure SSL acceleration for communications between application interface traffic. The instructions in this topic apply to all channels (UI and EAI).

This task is a step in Process of Configuring Secure Communications.

If you are using a third party HTTP-based load balancer for Siebel Application Interface load balancing and you want to off-load the processing of SSL encryption and decryption algorithms to the hardware accelerator on your load balancer, then you must enable the EnforceSSL parameter. Doing so improves application performance and ensures that SSL is used to encrypt URLs. EnforceSSL is False by default. To enforce the use of SSL acceleration, you change the EnforceSSL parameter for an Application Object Manager to True.

To enable SSL acceleration for application interface/enable HTTP

1. Enable HTTP for Object Manager-based applications:

   1. Set the Application Object Manager parameter, EnforceSSL, to TRUE as follows:

      • Navigate to the Administration - Server Configuration screen, then the Servers view.

      • In the Siebel Servers list, select the Siebel Server of interest.

      • Click the Components view tab.

      • In the Components list, select the Application Object Manager of interest such as Call Center Object Manager (ENU).

      • Click the Parameters subview tab.

      • In the Parameter field, perform a case-sensitive query on EnforceSSL.

      • Click the Value in the Restart field and type TRUE.

   2. Set the SecureLogin and SecureBrowse server parameters to FALSE for the Application Object Manager (see Step 1.1 for details).

   3. Set the <transport-guarantee> value to NONE (instead of CONFIDENTIAL) in the web.xml file located in the following directory:

      <Siebel Home Directory of Application Interface>\applicationcontainer_external\webapps\siebel\WEB-INF
      <security-constraint>
         <web-resource-collection>
            <web-resource-name>securedapp</web-resource-name>
            <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
      </security-constraint>
      

2. Enable HTTP for the Siebel Management Console Application and Siebel Migration Application.

   To do this, set the <transport-guarantee> value to NONE (instead of CONFIDENTIAL) in the web.xml file located in the following directories:

   // Siebel Management Console Application:
   <Siebel Home Directory of Application Interface>\applicationcontainer_external\siebelwebroot\smc\WEB-INF
   
   // Siebel Migration Application:                                                                                     
   <Siebel Home Directory of Application Interface>\applicationcontainer_external\siebelwebroot\migration\WEB-INF
   

   Note: When enabling HTTP for the application interface, the implementer must take full responsibility for ensuring overall security of the deployment. When enabling HTTP, protecting intranet ports preservation of secure function involves the following:

   • A reverse proxy must always be implemented in front of all application interfaces in the DMZ to secure the intranet ports behind the DMZ.

   • Adjustments to HTTP in linked Web applications to avoid mixed content errors may be needed (if supported). This may require reverse proxies and/or a new security design for any impacted UI based integrations.

3. Restart Siebel Application Interface and Siebel Servers.