If a client firewall blocks direct data exchange between PPM front-end and PPM client server, the native Java RMI protocol automatically uses the http protocol for the data transfer, because http data transfer is usually port-independent and open in firewalls. The JRMP data stream of the RMI protocol is automatically packed (tunneling) in an http data stream and sent to the configured http proxy server via a URL in the form of http:<RMI registry server>:<RMI port>. The proxy server used is derived from the configuration of the Java Runtime Environment.
The firewall between PPM front-end and PPM client server must be open for http data exchange on the RMI registry and client server ports.
Tunneling and routing via the http proxy server cause significant losses in performance when communication takes place between the PPM server and PPM front-end.
When the RMI protocol is blocked by a firewall, automatic usage of the http protocol can only be applied together with the native Java RMI protocol (see chapterRMI Server).
Example
The diagram below illustrates the data flow between the PPM front-end and PPM client server when a firewall separates the PPM front-end from the PPM client server. In this scenario, it is assumed that a firewall blocks the PPM front-end and that all ports (except 80 and 443) are blocked when transitioning into the neighboring net segment. Network segment 2 is not protected by a firewall.
Configuration
To enable the RMI data transfer mode with automatic fallback to the http protocol, you need to assign the value false to the UseSSL key in the global configuration file Registry_settings.properties and no value to the key RMISocketFactory in the client configuration file RMIServer_settings.properties (RMISocketFactory=), or you comment out the corresponding line by prefixing the # sign. This automatically selects the default operation mode used by the native Java RMI protocol.