Configuring the Enterprise Gateway Ports
The Enterprise Gateway external and registration ports work as a pair. One port is not functional without the other. Use this procedure to configure these ports on an Enterprise Gateway Server.
To configure the Enterprise Gateway ports
1. Open the Integration Server Administrator on the Integration Server acting as the Enterprise Gateway Server.
2. In the Navigation panel, on the Security menu, click Ports.
3. On the Security > Ports screen, click Add Port.
4. Under Type of Port to Configure, select Enterprise Gateway Server.
5. Click Submit.
6. On the Edit Enterprise Gateway Server Configuration screen, under Enterprise Gateway External Port, enter the following information:
For this parameter... | Specify... |
Enable | Whether to enable or disable this port. If you choose to disable the port, you can enable it later on the Ports screen. |
Protocol | The protocol to use for this port (HTTP or HTTPS). If you select HTTPS, additional security and credential boxes will be displayed at the bottom of the screen. |
Port | The number you want to use for the external port. Use a number that is not already in use. This is the port that clients will connect to through your outer firewall. |
Alias | An alias for the port. An alias must be between 1 and 255 characters in length and include one or more of the following: letters (a -z, A-Z), numbers (0-9), underscore (_), period (.), and hyphen (-). |
Description | A description of the port. |
Package Name | The package to associate with this port. You must specify the same package name for both external and registration ports. Typically, you will not need to work with packages on an Enterprise Gateway Server. Therefore, you can leave the default setting. |
Bind Address (optional) | The IP address to which to bind this port. Specify a bind address if your machine has multiple IP addresses and you want the port to use this specific address. If you do not specify a bind address, the server picks one for you. |
Backlog | The number of requests that can remain in the queue for an enabled port before Enterprise Gateway Server begins rejecting requests. The default is 200. The maximum value is 65535. Note: | This parameter does not apply to disabled ports. Enterprise Gateway Server refuses requests sent to disabled ports. |
|
Keep Alive Timeout | How long to wait before closing an idle connection to a client. The default is 20000 ms. |
Threadpool | Whether to create a private thread pool for this port or use the common thread pool.  To have the server use the common server thread pool for this port, select Disable. To have the server create a private thread pool for this port so that it does not need to compete with other server functions for threads, select Enable. If Threadpool is enabled, specify these additional parameters: Threadpool Min Minimum number of threads Enterprise Gateway Server maintains in this thread pool. When the server starts, the thread pool initially contains this minimum number of threads. The server adds threads to the pool as needed until it reaches the maximum allowed. The default is 1. Threadpool Max Maximum number of threads the server maintains in this thread pool. If this maximum number is reached, the server waits until services complete and return threads to the pool before running more services. The default is 5. Threadpool Priority Priority with which the JVM treats threads from this thread pool. The larger the number, the higher the priority. The default is 5. Important: | Use caution when setting the thread pool priority, as this setting can affect server performance and throughput. |
When you view details for the port later, the server displays the total number of private threadpool threads currently in use for the port. |
7. Under Enterprise Gateway Registration Port, enter the following information:
For this parameter... | Specify... |
Enable | Whether to enable or disable this port. If you choose to disable the port, you can enable it later on the Ports screen. |
Protocol | The protocol to use for this port (HTTP or HTTPS). If you select HTTPS, additional security and credential boxes will be displayed at the bottom of the screen. |
Port | The number you want to use for the registration port. Use a number that is not already in use. It is best not to use a standard port such as 80 (the standard port for HTTP) or 443 (the standard port for HTTPS) because the external firewall will allow access to those ports from the outside world. |
Alias | An alias for the port. An alias must be between 1 and 255 characters in length and include one or more of the following: letters (a -z, A-Z), numbers (0-9), underscore (_), period (.), and hyphen (-). |
Description | A description of the port. |
Package Name | The package to associate with this port. You must specify the same package name for both external and registration ports. Typically, you will not need to work with packages on an Enterprise Gateway Server. Therefore, you can leave the default setting. |
Bind Address (optional) | The IP address to which to bind this port. Specify a bind address if your machine has multiple IP addresses and you want the port to use this specific address. If you do not specify a bind address, the server picks one for you. |
8. For both external port and registration port, specify the type of client authentication to perform in the Security Configuration panel.
For external ports, this setting determines the type of authentication to perform for requests coming from the external client through the port. For registration ports, this setting determines the type of authentication to perform when the Internal Server establishes a persistent connection to
Enterprise Gateway Server. Settings specified for registration ports control whether
Enterprise Gateway Server will ask the Internal Server to present a certificate. See
Authenticating Clients for more information about how clients are authenticated.
Note: | In a default Enterprise Gateway configuration, Enterprise Gateway Server does not perform client authentication. Rather, the server obtains authentication information (user/password or certificates) from the external client and passes this information to the Internal Server for authentication. However, you can have Enterprise Gateway Server perform client authentication as well. For details, see Performing Client Authentication on
Enterprise Gateway Server . |
Select one of the following options:
Option | Description |
Username/Password | Enterprise Gateway Server will not request client certificates. For external ports, the server looks for user and password information in the header of requests coming from an external client. For registration ports, the server looks for user and password information from the Internal Server. |
Digest | For external ports, Enterprise Gateway Server uses password digest authentication. Enterprise Gateway Server looks for password digest information in the header of requests coming from an external client. |
Request Client Certificates | Enterprise Gateway Server will request client certificates. For external ports, the server requests client certificates for requests that come through this port. If the client does not present a certificate, the request proceeds using the user and password information contained in the request header. For registration ports, the server requests a client certificate from the Internal Server. If the Internal Server does not present a certificate, the request proceeds using the user and password information. |
Require Client Certificates | Enterprise Gateway Server will require client certificates. For external ports, Enterprise Gateway Server requires client certificates for all requests that come through this port. If the client does not supply a certificate, the request fails. Important: | Use the same authentication mode here as you use for the Internal Server. For example, suppose you specify authentication mode Required on the Internal Server. Specifying Required on the Enterprise Gateway external port ensures that the request passed to the Internal Server includes a certificate. |
For registration ports, Enterprise Gateway Server requires a client certificate from the Internal Server. If the Internal Server does not supply a client certificate, the request fails. In addition, if the certificate is not mapped to a user with Administrator privileges on Enterprise Gateway Server, the request fails. |
Request Kerberos Ticket | For external ports, Enterprise Gateway Server requires client certificates for requests from external clients. If the external client does not supply a certificate, the request fails. |
Require Kerberos Ticket | For external ports, Enterprise Gateway Server looks for a Kerberos ticket from external clients. If the external client does not present a ticket, the request proceeds using the user and password information contained in the request header. |
Use JSSE | If this port should support TLS 1.1 or TLS 1.2, click Yes to create the port using the Java Secure Socket Extension (JSSE) socket factory. If you set this value to No, the port supports only SSL 3.0 and TLS 1.0. The default is Yes. Note: | This field is available only if you selected HTTPS in the Protocol field. |
|
9. If you selected HTTPS in the Protocol field for either the external port or the registration port, optionally enter the following information under Listener Specific Credentials:
Note: | Use these settings only if you want to use a different set of credentials from the ones specified on the Certificates screen. |
For this parameter... | Specify... |
Keystore Alias | The keystore alias created for the keystore containing the certificate that Enterprise Gateway Server is to present to requests coming in through this port. |
Key Alias | The alias for a specific key in the specified keystore. |
Truststore Alias | The alias for the truststore file that contains the trusted root certificates associated with the CA signing authority. |
10. Click Save Changes.
