Integration Server 10.3 | Integration Server Administrator's Guide | Configuring webMethods Enterprise Gateway | Connecting Your Internal Server to an Enterprise Gateway Server
 
Connecting Your Internal Server to an Enterprise Gateway Server
This procedure describes how to connect your Internal Server to an Enterprise Gateway Server.
*To connect the Internal Server to the Enterprise Gateway Server
1. Open the Integration Server Administrator on the Integration Server acting as the Internal Server.
2. In the Navigation panel of the screen, on the Security menu, click Ports.
3. On the Security > Ports screen, click Add Port.
4. Under Type of Port to Configure, select Internal Server.
5. Click Submit.
6. On the Edit Internal Server Configuration screen, under Internal Server, enter the following information:
For this parameter...
Specify...
Enable
Whether to enable or disable this port. If you choose to disable the port, you can enable it later on the Ports screen.
Protocol
The protocol to use for this port (HTTP or HTTPS). If you select HTTPS, additional security and credential boxes will be displayed at the bottom of the screen.
Package Name
The package to associate with the port. Typically, you will not need to work with packages on an Internal Server. Therefore, you can leave the default setting.
Alias
An alias for the port. An alias must be between 1 and 255 characters in length and include one or more of the following: letters (a -z, A-Z), numbers (0-9), underscore (_), period (.), and hyphen (-).
Description
A description of the port.
Max Connections
The number of connections maintained between Enterprise Gateway Server and the Internal Server. The default is 5.
Note:
For best performance, set the Max Connections setting on the listener to be slightly less than the Maximum Threads of the Server Threadpool setting on the Settings > Resources page. If you have more than one listener defined on the Internal Server, the sum of their Max Connection settings should be slightly less than the Maximum Threads of the Server Threadpool setting. Do not set Max Connections to be equal to the Internal Server’s threadpool. Instead, reserve enough threads to handle the execution of scheduled services, triggers, and users that connect directly to the Internal Server.
Threadpool
Whether to create a private thread pool for this port or use the common thread pool.
*To have the server use the common server thread pool for this port, select Disable.
*To have the server create a private thread pool for this port so that it does not need to compete with other server functions for threads, select Enable.
If Threadpool is enabled, specify these additional parameters:
Threadpool Min
Minimum number of threads the server maintains in this thread pool. When the server starts, the thread pool initially contains this minimum number of threads. The server adds threads to the pool as needed until it reaches the maximum allowed. The default is 1.
Threadpool Max
Maximum number of threads the server maintains in this thread pool. If this maximum number is reached, the server waits until services complete and return threads to the pool before running more services. The default is 5.
Threadpool Priority
Priority with which the JVM treats threads from this thread pool. The larger the number, the higher the priority. The default is 5.
Important:
Use caution when setting the thread pool priority, as this setting can affect server performance and throughput.
When you view details for the port later, the server displays the total number of private threadpool threads currently in use for the port.
7. Under Enterprise Gateway Server, enter the following information:
For this parameter...
Specify...
Host
The host name or IP address of the machine on which Enterprise Gateway Server is running.
Port
The port number of the registration port on Enterprise Gateway Server.
8. If you selected HTTPS in the Protocol box, optionally enter the following information under Registration Credentials. Note that the registration credentials specified here must match the settings on the Enterprise Gateway registration port:
For this parameter...
Specify...
User Name
The name of the user on Enterprise Gateway Server that the Internal Server should connect as.
Password
The password of the user on Enterprise Gateway Server that the Internal Server should connect as.
Use JSSE
If this port should support TLS 1.1 or TLS 1.2, click Yes to create the port using the Java Secure Socket Extension (JSSE) socket factory. If you set this value to No, the port supports only SSL 3.0 and TLS 1.0. The default is Yes.
Note:
This field is available only if you selected HTTPS in the Protocol field.
Keystore Alias
The keystore alias created for the keystore containing the certificate that the Internal Server sends to Enterprise Gateway Server for client authentication. The Internal Server sends this certificate when it makes its initial registration connection to Enterprise Gateway Server. The Internal Server sends this certificate only if asked to by Enterprise Gateway Server.
Specify a value here only if you want to present a different server certificate from the one specified on the Certificates screen.
Key Alias
The key alias created for the key pair and associated certificate, in the previously specified keystore.
Truststore Alias
The alias for the truststore file that contains the trusted root certificates associated with the CA signing authority.
9. Under External Client Security, in the Client Authentication list, specify the type of client authentication the Internal Server performs against external clients. External clients pass their authentication information to Enterprise Gateway Server, which in turn passes it to the Internal Server.
Option
Description
Username/Password
The Internal Server will not request client certificates from external clients. Instead it will look for user and password information in the request header.
Digest
The Internal Server will look for password digest information in the request header.
Request Client Certificates
The Internal Server will request client certificates for requests from external clients. If the external client does not present a certificate, the request proceeds using the user and password information contained in the request header.
Require Client Certificates
The Internal Server requires client certificates for requests from external clients. If the external client does not supply a certificate, the request fails.
Request Kerberos Ticket
The Internal Server requires client certificates for requests from external clients. If the external client does not supply a certificate, the request fails.
Require Kerberos Ticket
The Internal Server looks for a Kerberos ticket from external clients. If the external client does not present a ticket, the request proceeds using the user and password information contained in the request header.
Important:
Use the same authentication mode here as you use for the Enterprise Gateway external port. For example, specifying Require Client Certificates for both the Internal Server and the Enterprise Gateway external port ensures that the request passed to the Internal Server includes a certificate.
For more information about processing client certificates, see Authenticating Clients.
10. Click Save Changes.