How to setup HTTP & HTTPS Load balancer for Mediator



Similar documents
Installing Apache as an HTTP Proxy to the local port of the Secure Agent s Process Server

User s guide. APACHE SSL Linux. Using non-qualified certificates with APACHE SSL Linux. version 1.3 UNIZETO TECHNOLOGIES S.A.

How-to-Guide: Apache as Reverse Proxy for Fiori Applications

CentraSite SSO with Trusted Reverse Proxy

White Paper DEPLOYING WDK APPLICATIONS ON WEBLOGIC AND APACHE WEBSERVER CLUSTER CONFIGURED FOR HIGH AVAILABILITY AND LOAD BALANCE

C:\www\apache2214\conf\httpd.conf Freitag, 16. Dezember :50

How to: Install an SSL certificate

Setting Up B2B Data Exchange for High Availability in an Active/Active Configuration

esync - Receiving data over HTTPS

xcp Application Deployment On Tomcat Cluster

How-to-Guide: Reverse Proxy and Load Balancing for SAP Mobile Platform 3.X

Example Apache Server Installation for Centricity Electronic Medical Record browser & mobile access

SecuritySpy Setting Up SecuritySpy Over SSL

Usage of Evaluate Client Certificate with SSL support in Mediator and CentraSite

Installing Rails 2.3 Under Windows XP and Apache 2.2

PROXY SETUP WITH IIS USING URL REWRITE, APPLICATION REQUEST ROUTING AND WEB FARM FRAMEWORK OR APACHE HTTP SERVER FOR EMC DOCUMENTUM EROOM

ViMP 3.0. SSL Configuration in Apache 2.2. Author: ViMP GmbH

Securing the OpenAdmin Tool for Informix web server with HTTPS

HP Business Service Management

High Availability Configuration of ActiveVOS Central with Apache Load Balancer

HP ALM. Software Version: External Authentication Configuration Guide

CERTIFICATE-BASED SINGLE SIGN-ON FOR EMC MY DOCUMENTUM FOR MICROSOFT OUTLOOK USING CA SITEMINDER

Enterprise SSL Support

HP Business Service Management

Laboratory Exercises VI: SSL/TLS - Configuring Apache Server

HP Cloud Service Automation Deployment Architectures

Forward proxy server vs reverse proxy server

Apache 2.2 on Windows: A Primer

Spectrum Technology Platform Version Tutorial: Load Balancing Spectrum Spatial Services. Contents:

Configuring Remote HANA System Connection for SAP Cloud for Analytics via Apache HTTP Server as Reverse Proxy

Setting Up SSL From Client to Web Server and Plugin to WAS

Apache SSL Certificate Deployment Guide

Real Vision Software, Inc.

SITEMINDER SSO FOR EMC DOCUMENTUM REST

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.2 Web Applications Deployed on BEA WebLogic Server 9.2

Cookbook Secure Failover for Tomcat Application Server Use Apache, mod_proxy, mod_security, mod_ssl to offer secure application delivery

Installing an SSL certificate on the InfoVaultz Cloud Appliance

Lotus Sametime. FIPS Support for IBM Lotus Sametime 8.0. Version 8.0 SC

SSL Installing your new Certificate

APACHE HTTP SERVER 2.2.8

unigui Developer's Manual 2014 FMSoft Co. Ltd.

Configure Security for SAP Mobile Platform (MP5)

XCP APP FAILOVER CONFIGURATION FOR WEBLOGIC CLUSTER AND APACHE WEBSERVER

NSi Mobile Installation Guide. Version 6.2

Creating X.509 Certificates With OpenSSL

Step-by-Step guide to setup an IBM WebSphere Portal and IBM Web Content Manager V8.5 Cluster From Zero to Hero (Part 2.)

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract

WebBridge LR Integration Guide

Host your websites. The process to host a single website is different from having multiple sites.

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

2013 IBM SINGLE SIGN-ON WITH CA SITEMINDER FOR SAMPLE WEB APPLICATION

MassTransit 6.0 Enterprise Web Configuration for Macintosh OS 10.5 Server

IUCLID 5 Guidance and Support

ShoreTel Advanced Applications Web Utilities

Setting Up SSL on IIS6 for MEGA Advisor

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Lab 3.4.2: Managing a Web Server

Installation valid SSL certificate

This section describes how to use SSL Certificates with SOA Gateway running on Linux.

WHITE PAPER Citrix Secure Gateway Startup Guide

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on Oracle WebLogic Server

CHAPTER 7 SSL CONFIGURATION AND TESTING

CONSOLEWORKS WINDOWS EVENT FORWARDER START-UP GUIDE

Configuring SSL in OBIEE 11g

Apache HTTP Server. Implementation Guide. (Version 5.7) Copyright 2013 Deepnet Security Limited

SSL CONFIGURATION GUIDE

Configuring Secure Socket Layer (SSL) for use with BPM 7.5.x

Configuring TLS Security for Cloudera Manager

Virtual Host (Web Server)

Apache and Apache-ssl Proxy setup to Paradox Web Server OCX for Internet Enabled Databases by Dennis Santoro Getting Started:

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server

Secure Messaging Server Console... 2

Securing Adobe connect Server and CQ Server

Red Hat JBoss Core Services Apache HTTP Server 2.4 Apache HTTP Server Installation Guide

Introduction to Mobile Access Gateway Installation

HTTPS Configuration for SAP Connector

Installing Rails 2.3 Under CentOS/RHEL 5 and Apache 2.2

SIMIAN systems. Setting up a Sitellite development environment on Windows. Sitellite Content Management System

OpenEyes - Windows Server Setup. OpenEyes - Windows Server Setup

Chapter 1: How to Configure Certificate-Based Authentication

1 of 24 7/26/2011 2:48 PM

Setup Guide Access Manager 3.2 SP3

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

Apache and Virtual Hosts Exercises

e-cert (Server) User Guide For Apache Web Server

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

Configuring Content Switching Feature

BlackBerry Enterprise Service 10. Version: Configuration Guide

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Trend Micro Worry- Free Business Security st time setup Tips & Tricks

Install Apache on windows 8 Create your own server

PHP+MYSQL, EASYPHP INSTALLATION GUIDE

1. If there is a temporary SSL certificate in your /ServerRoot/ssl/certs/ directory, move or delete it. 2. Run the following command:

Load Balancing Oracle Application Server (Oracle HTTP Server) Quick Reference Guide

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Setting Up CAS with Ofbiz 5

Using LDAP Authentication in a PowerCenter Domain

Working with Portecle to update / create a Java Keystore.

Transcription:

How to setup HTTP & HTTPS Load balancer for Mediator Setting up the Apache HTTP Load Balancer for Mediator This guide would help you to setup mediator product to run via the Apache Load Balancer in HTTP and HTTPS mode. For Setting up a load balancer we need to have two instances of IS/Mediator running on different machines. 1. 2. Download the Apache Server from the location and install it in the machine where you want to setup the load balancer Go to install location of the Apache Load Balancer and open the file..\apache2.2\conf\httpd.conf a. Provide the Listening port number which we intend to use, be default it would 80. For Example: Listen 8081 b. Provide the server name / ip address of the machine where the load balancer is running, ServerName gives the name and port that the server uses to identify itself. If your host doesn't have a registered DNS name, enter its IP address here. For Example: ServerName VMCHNSMGME08.eur.ad.sag:8081 c. Provide the Document Root information,the directory out of which you will serve your documents. BalancerMember points to IS/Mediator instance which needs to be accessed in this case it is http://vmspar02w.eur.ad.sag:5555 HTTPD.conf DocumentRoot "C:/Apache2.2/htdocs" <VirtualHost *:8081> ServerAdmin admin@eur.ad.sag ServerName VMCHNSMGME08.eur.ad.sag:8081 ServerAlias VMCHNSMGME08.eur.ad.sag ProxyPass / balancer://mediator/ ProxyPassReverse / balancer://mediator/ ProxyTimeout 6000 ErrorLog logs/error.log CustomLog logs/access.log combined </VirtualHost> <Proxy balancer://mediator> BalancerMember http://vmspar02w.eur.ad.sag:5555 </Proxy> <Location /balancer-manager> SetHandler balancer-manager </Location> d. Once done save the httpd.conf file and close it. e. Now verify if all the syntax of the file are correct or not by passing the command "httpd -t" from the..\apache2.2\bin folder. f. If the response says Syntax OK, then go ahead and execute the httpd.exe file 3. Open the mediator administrator screen and go to General screen and modify the parameters as shown in the below screen.

4. Once done save the load balancer settings, Open the web browser and verify by hitting the uri provided in the above screen and it should direct to the server address provided in the httpd.cnf file as shown below.

Setting up the Apache HTTPS Load Balancer for Mediator (SSL) Above mentioned steps are for setting up the HTTP endpoint load balancer and now we would do the same for HTTPS endpoint load balancer. We have used the version Win64 OpenSSL v1.0.1g for demonstration, other flavors of the Open SSL can be downloaded from here To begin with we need to have the OpenSSL installed and generate a self signed certificate and 1024 bit RSA key as shown below, if you don't have one.

1. Make sure that the security configuration is done in Mediator,For further guidance on that how to configure keystore and trust store refer the section below or look for Securing Communications with the Server in the webmethods Integration Server Administrator's Guide. 2. Enable the HTTPS port created in the Integration Server ports settings at the Mediator General page of the Mediator Administration screen. 3. Open the httpd.conf file and uncomment the line "Include conf/extra/httpd-ssl.conf" to include the httpd-ssl.conf file during startup 4. Make sure the following lines are uncommented which acts as supporting modules for SSL, ignore if any of the lines are already un-commented and save it. a.

a. httpd-ssl.conf LoadModule ssl_module modules/mod_ssl.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_scgi_module modules/mod_proxy_scgi.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so LoadModule isapi_module modules/mod_isapi.so LoadModule include_module modules/mod_include.so LoadModule env_module modules/mod_env.so LoadModule dir_module modules/mod_dir.so LoadModule cgi_module modules/mod_cgi.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so LoadModule auth_basic_module modules/mod_auth_basic.so 5. 6. Open httpd-ssl.conf file available in the Aparche Installation direction at..\apache2.2\conf\extra\httpd-ssl.conf in notepad. Provide the Listening port number which we intend to use, be default it would 443 and update the SSL Virtual Context information as provided below. a.

a. httpd-ssl.conf ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> # General setup for the virtual host DocumentRoot "C:/Apache2.2/htdocs" ServerName VMCHNSMGME08.eur.ad.sag:443 ServerAdmin admin@eur.ad.sag ProxyPass / balancer://mediator/ ProxyPassReverse / balancer://mediator/ ProxyTimeout 6000 ErrorLog "C:/Apache2.2/logs/error.log" TransferLog "C:/Apache2.2/logs/access.log" <Proxy balancer://mediator> BalancerMember http://vmspar02w.eur.ad.sag:443 </Proxy> <Location /balancer-manager> SetHandler balancer-manager </Location> 7. 8. Provide the Server private key and the Server certificate path generated via the OpenSSL in the below parameters under the httpd-ssl.conf file a. SSLCertificateFile C:/OpenSSL-Win64/bin/server.crt (or) any location where the certificate is copied to. b. SSLCertificateKeyFile C:/OpenSSL-Win64/bin/server.key (or) any location where the certificate is copied to Provide the HTTPS Load balancer URL in the Mediator Administrator screen under the General section and test if the url works.

9. Now once the virtual service is deployed to the Mediator, we can check in the load balancer uri in the end point during service invocation. Note: If you want to have multiple instances of Mediator to be load balanced then add the following parameter with the desired destination In the httpd.conf file <Proxy balancer://mediator> BalancerMember http://vmspar02w.eur.ad.sag:5555 BalancerMember http://vmspar03w.eur.ad.sag:5555 </Proxy> In the httpd-ssl.conf file <Proxy balancer://mediator> BalancerMember https://vmspar02w.eur.ad.sag:443 BalancerMember http://vmspar03w.eur.ad.sag:443 </Proxy> Once done restart the httpd.conf or httpd-ssl.conf file and provide the load balancer uri in the desired mediator general administration screen. Configure keystore and truststore If we want to deploy virtual services with the security policies apply,we have to first setup the security configuration settings in Mediator.

1. Go to the Mediator and click on Security > Key store, By default you would not find any information related to keystore added out of the box. Click on create keystore alias and and provide the certificate information as given below in the screen shots a. By default, Mediator ship sample JKS keystore under the location: C:\SoftwareAG\IntegrationServer\instances\default\packages\WmMediator\config\resources\security\pgkeystore.jks b. password would be "password"

2. Once the key store alias is configured, you will find that information in the key store list. Now create a trust store alias by pointing to the "cacert" in the same location a. C:\SoftwareAG\IntegrationServer\instances\default\packages\WmMediator\config\resources\security\cacerts b. password would be "changeit" 3. Once the keystore and truststore are configured we should configure the client certificates by specifying the certificate path. a. In Mediator, if user authenticate against X.509 certificate, user has to map with certificate. Below is the configuration step to map the user. b. Go to location to get the certificate available by default C:\SoftwareAG\IntegrationServer\instances\default\packages\WmMediator\config\resources\security\partner1cert.der c. Select the user as "Administrator" or any valid IS user by searching the users in the configuration section by clicking the search icon next to search field. d. Once configured click on "Import Certificate" button and then the certificate would be added to the certificates list.

4. Now configure the security information in Mediator. Open the Mediator console Go to General Configured Keystore and truststore information will be listed here. Choose the appropriate one.