OHI Agent Overview and High Level Prerequisites

The OHI Agent is a component that complements an OHI Gateway instance that runs in the Oracle Cloud by providing access to on-premises resources that are not available to the OHI Gateway. This section of the guide describes the prerequisites for installing and running the OHI Agent. It also describes agent configuration.

Environment Overview

The following picture provides a high-level overview of the operating context for the OHI Agent:

OHI-agent-prerequisites

It shows the following prerequisites for using the OHI Agent:

  • An OAuth2 Authorization Server: the OHI Agent retrieves tokens from the OAuth2 Authorization Server that it uses to access the OHI Gateway. It does so using the OAuth2 client_credentials grant type. The OHI Gateway inspects the token and for this to work the OAuth2 Authorization Server must support the OAuth 2.0 Token Introspection standard (RFC 7662). Alternatively, the OHI Agent can also be configured to access the OHI Gateway using Basic Authentication.

  • Secret Store: The OHI Agent requires access to a secret store for retrieving secrets. An example of such a secret is the username/password credential that the OHI Agent uses to retrieve the OAuth2 token. Either configure a Java KeyStore or HashiCorp Vault as secret store. Details on the secret store configuration for use with the OHI Agent are listed elsewhere in this guide.

  • Secure connections: the OHI Agent requires connections to the OAuth2 Authorization Server, Vault (optional) and the OHI Gateway to be secured by using certificates. Details on setting up secured connections with the other components mentioned here are listed elsewhere in this guide.

  • If a load balancer is used for connecting to the Oracle Insurance Gateway make sure that it supports setting up secure connections for both the HTTP and WebSocket protocols.

Resource Authorizations in the OHI Gateway required for the OHI Agent

The OHI Agent connects to OHI Gateway resources. In order to do that, the following needs be configured:

  • A user needs to be provisioned in the OHI Gateway that matches the credential that is registered for the OHI Agent to connect to the OHI Gateway.

  • Moreover, that user account needs to be authorized to access the "/generic/agentconfigurations" endpoint.

Required Software for Installing and Running the OHI Agent

The ohi-agent.jar needs to be downloaded from the OHI Gateway by executing a GET request to the OHI Gateway’s "/agent" HTTP API resource. Note that authentication and authorization are required for accessing HTTP API resources.

The OHI Agent only requires a Java 11 runtime environment. Apart from parameters that must be passed at startup, the OHI Agent is configured through the OHI Gateway: it collects its configuration from the OHI Gateway at startup.

The OHI Agent does not store state on the machine it runs on.