Frequently Asked Questions about Enterprise Gateway
This section provides answers to some frequently asked questions about Enterprise Gateway.
If I define the Enterprise Gateway external port to use HTTPS, do I need to define the Enterprise Gateway registration port to be an HTTPS port too?
No. The external port and the registration port operate independently.
How many connections should I register between Enterprise Gateway Server and the Internal Server?
That depends on the expected load and the size of the transactions. A connection between Enterprise Gateway Server and the Internal Server is available except when a request is being written to the Internal Server or a response is being returned from the Internal Server. In other words, Enterprise Gateway connection utilization is I/O bound. Therefore, if you expect large, simultaneous transactions, increase the number of registered connections accordingly.
If the Internal Server runs out of registration connections, it will issue the following error message:
number requests waiting for a registration connection.
Each connection consumes a thread, either from the Internal Server’s common thread pool or from the internal listener’s private thread pool, if one is defined. The consumed thread can only be used to process requests from Enterprise Gateway Server.
If you have defined a private thread pool for the internal registration listener, the number of connections you can specify in the Max Connections box is limited to the maximum number of threads allowed in the private thread pool for this listener.
If you have multiple internal registration listeners, each with its own private thread pool, the same rule applies for each internal registration listener.
If you have not defined a private thread pool for an internal registration listener, a reasonable limit for the Max Connections box is 75% of the number of server threads specified in Server Thread Pool Max Threads box on the Settings > Resources page. If you have multiple internal registration listeners and none of them have private thread pools, the sum of all connections specified in the Max Connections boxes for these listeners should not exceed 75% of the number of server threads specified in Server Thread Pool Max Threads.
A thread will remain open unless it is closed by a firewall, a network glitch, or an exception.
Is there persistence with Enterprise Gateway Server?
No. Enterprise Gateway Server is just a network hop for the incoming request.
I want to authenticate the SSL credentials of external clients. Where do I set up certificates?
The following table shows where to set up certificates for the default
Enterprise Gateway configuration, in which the Internal Server performs client authentication. If you want to perform client authentication on
Enterprise Gateway Server as well, see
Performing Client Authentication on
Enterprise Gateway Server .
Enterprise Gateway Server | Internal Server |
Enterprise Gateway External Port Set up a keystore that contains the server certificate and private key for Enterprise Gateway Server. | |
Set up a truststore that contains the certificates of certificate authorities trusted by Enterprise Gateway Server. Enterprise Gateway Server will make sure that certificates sent by external clients are signed by CAs in this truststore. This truststore must be the same as the truststore on the Internal Server. | Set up a truststore that contains the certificates of certificate authorities trusted by the Internal Server. The Internal Server will make sure that certificates sent by external clients (through Enterprise Gateway Server) are signed by CAs in this truststore. This truststore must be the same as the truststore for the Enterprise Gateway external port. |
(Optional) Import public certificates of external users and map them to users on Enterprise Gateway Server. Do this only if you want to perform client authentication on Enterprise Gateway Server in addition to the Internal Server. If you choose to perform client authentication on both Enterprise Gateway Server and the Internal Server, make sure the certificate mappings are the same on both servers. | Import public certificates of external users and map them to users on the Internal Server. If you choose to perform client authentication on both Enterprise Gateway Server and the Internal Server, make sure the certificate mappings are the same on both servers. |
Enterprise Gateway Registration Port (HTTPS) | |
Import the Internal Server’s public certificate and map it to a user that has administrator privileges. | Set up a keystore that contains the Internal Server’s certificate and private key. |
Make sure the Internal Server’s CA certificate is present in the truststore of the registration port | Make sure the registration port’s CA certificate is present in the Internal Server’s truststore. |
Can I use Enterprise Gateway Server as my outbound proxy server as well?
No. The only requests that go through Enterprise Gateway Server are inbound requests from the external client destined for the Internal Server and responses to those requests from the Internal Server back to the external client. Any unsolicited requests from the Internal Server go directly to the external client.
What authentication mode should I use for Enterprise Gateway Server and the Internal Server?
Authentication mode is the method a server uses to authenticate client requests. In a default Enterprise Gateway configuration, Enterprise Gateway Server receives authentication information from the external client and passes it to the Internal Server, which performs the authentication.
Be sure to specify the same authentication mode for the Internal Server and for the Enterprise Gateway external port. For example, if the Internal Server’s authentication mode is Required, the external port must also be Required so that Enterprise Gateway Server always passes the external client’s certificate to the Internal Server.
In contrast, the authentication mode of the Enterprise Gateway registration port does not need to match the authentication mode of the Internal Server or the Enterprise Gateway external port.
Does Enterprise Gateway support the FTP protocol?
No, support is limited to HTTP and HTTPS only.
Are the SOCK and SSLSOCK protocols supported?
No, these were proprietary protocols used in older releases. Starting with the 7.1 release, SOCK and SSLSOCK have been replaced by HTTP and HTTPS.
Is it possible to filter requests on Enterprise Gateway Server?
Yes. You can use Enterprise Gateway rules to filter requests based on a number of factors, including request size, request type, and the name of the resource being invoked.
After an interruption in the network connection between Enterprise Gateway Server and the Internal Server, the ports on the Internal Server must be re-enabled. How can this be prevented?
On the Internal Server, change the value of the watt.server.rg.internalregistration.timeout to be something other than the default value of 0, which means that the Internal Server never closes an unresponsive connection to the Enterprise Gateway Server. Additionally, make sure the value of watt.server.rg.internalregistration.timeout on the Internal Server is greater than the value of watt.net.socketpool.sweeperInterval on the Enterprise Gateway Server.
How can a client request on the Enterprise Gateway Server be prevented from waiting indefinitely for a connection to the Internal Server?
Enterprise Gateway Server can pass a client request to an Internal Server only when a connection to the Internal Server is available. If there are no connections to the Internal Server or if all of the Internal Server connections are busy handling other requests, a client request received through the external port of the Enterprise Gateway Server is placed in a waiting state. It is possible that several minutes could elapse before a connection becomes available which makes it possible that the client times out the request. Because the client does not receive any feedback from the Enterprise Gateway Server during this waiting period, a retry mechanism on the client side could resend the client request, resulting in duplicate transactions.
Integration Server includes a server configuration property watt.server.rg.internalsocket.timeout that controls how long the Enterprise Gateway Server waits for a connection to the Internal Server and returns a HTTP 500-Internal Server Error to the requesting client. If a connection to the Internal Server becomes available within the specified timeout period, Enterprise Gateway Server forwards the request to the Internal Server. If a connection does not become available before the timeout elapses, Enterprise Gateway Server returns a HTTP 500-Internal Server Error to the requesting client.