Enabling Server Level Security
Secure communication between Enterprise server and Peer server can be established by configuring the Protocol parameter in the server profiles.
Communication between Enterprise server and Peer server
To enable secure communication between Enterprise Server and Peer Server, configuration of Enterprise Server and Peer Server has to be changed in their respective profiles. Following sections describe how to configure the server profiles to enable SSL.
Configuration changes in Enterprise Server
Follow the steps given below to enable SSL in FES server.
- Open eStudio and load the Enterprise Server profile using Profile Management tool.
Figure 1: Loading Profile
- Go to Fiorano > Esb > Transport > FESTransportManager and select the EnableSSL checkbox.
Figure 2: Enabling SSL in FESTransportManager
- Go to Fiorano > etc > FMQConfigLoader and select the SSLEnabled checkbox.
Figure 3: Enabling SSL in FMQConfigLoader
- Go to Fiorano > socketAcceptors > port-1 > ConnectionManager and change Protocol value to 'SUN_SSL'.
Figure 4: Setting Protocol in ConnectionManager
- Right-click the FES node and click Save or click the Save button to save the profile.
Figure 5: Saving Profile
Configuration changes in Peer Server
Follow the steps given below to make peer server communicate with Enterprise server for which SSL is enabled.
- Open eStudio and load Peer server profile using Profile Management tool (the first step in Configuration changes in Enterprise Server section).
- Go to Fiorano > Esb > Peer > Transport > FPSTransportManager > EnterpriseServer
- Change TransportProtocol value to 'TCP' and SecurityProtocol to 'SUN_SSL'.
Figure 6: Setting Transport Protocol and Security Protocol on FPSTransportManager
- Save the profile (last step in the Configuration changes in Enterprise Server section).
Communication between peer server and components
Secure communication between Peer server and components can be established by enabling the SSL in peer server. The following section explains how to configure peer server profile to enable SSL.
Configuration Changes in Peer server
Follow the steps given below to enable SSL in peer server to have secure communication between Peer Server and components.
- Open eStudio and load profile using Profile Management tool (the first step in Configuration changes in Enterprise Server section).
- Go to Fiorano > etc > FMQConfigLoader and select the SSLEnabled checkbox.
Figure 7: Enabling SSL in FMQConfigLoader
- Go to Fiorano > socketAcceptors > port-1 > ConnectionManager and change protocol value to 'SUN_SSL'.
Figure 8: Setting Protocol on ConnectionManager
- Save the profile (last step in the Configuration changes in Enterprise Server section).
Certificates Location
When SSL is enabled, the certificates required for the communication must be placed in the location FIORANO_HOME\esb\server\profiles\certs
Protocol Values
The default value set for the Protocol parameter is' TCP', while the possible values are:
Possible Values | Description |
---|---|
TCP | Accepts connections based on the TCP Protocol |
HTTP | Accepts Connections based on the HTTP Protocol |
SUN_SSL | Accepts Secured Connections based on the TCP Protocol |
HTTPS_SUN | Accepts Secured Connections based on the HTTP Protocol |
Dependencies: If Protocol is set to either 'SUN_SSL' or 'HTTPS_SUN', SSLEnabled option must be selected.