Done? | Task | Notes |
Install an Integration Server in your DMZ to be your Enterprise Gateway Server | When you identify an Integration Server to be an Enterprise Gateway Server, keep in mind that any external client on the Internet can access this server. Therefore, be very security conscious about the services you make available and the users you define. Do not perform development work on this server and do not set up users or groups on it. Important: Do not configure a single Integration Server to be both an Enterprise Gateway Server and an Internal Server. This configuration is not supported, and unpredictable results will occur. | |
Disable the Developer and Replicator users | You will not need these users on an Enterprise Gateway Server. Disabling these users prevents someone from gaining access to your Enterprise Gateway Server through them. For more information, see Disabling and Enabling User Accounts. | |
Configure the Enterprise Gateway external port | For instructions, see Configuring the Enterprise Gateway Ports. Note: If you plan to use an HTTPS port, you must store a server certificate, a server private key, and a CA certificate on this server. For instructions, see Configuring Integration Server for Secure Communication. | |
Configure the Enterprise Gateway registration port | For instructions, see Configuring the Enterprise Gateway Ports. If you are going to set up an encrypted connection between the Internal Server and Enterprise Gateway Server, you can optionally store a certificate for the Internal Server’s administrator user on Enterprise Gateway Server. For more information, see Importing a Certificate (Client
or CA Signing Certificate) and Mapping It to a User. Optional (but strongly recommended). Set up IP address filtering on the registration port so that only the Internal Server can connect to Enterprise Gateway Server. This step provides an additional layer of protection to supplement the IP address filtering performed by your firewall and the user authentication. Note: Even if your external firewall filters out connections to the Enterprise Gateway registration port, IP address filtering is a good idea because it will stop insiders from connecting to Enterprise Gateway Server. For more information, see Restricting IP Addresses that Can Connect
to a Port. | |
Connect your Internal Server to Enterprise Gateway Server | For instructions, see Connecting Your Internal Server
to an Enterprise Gateway Server
. | |
Set values for the server configuration properties for Enterprise Gateway and Internal Server | Set values for or verify that the defaults for the following server configuration properties are suitable for your situation: watt.server.rg.internalresistration.timeout watt.server.rg.internalsocket.timeout watt.net.socketpool.sweeperInterval |