Chapter 1: Introducing EAServer
EAServer supports the following protocols:
Internet Inter-ORB Protocol (IIOP) IIOP is the standard protocol for communication between CORBA ORBs over TCP/IP networks. All EAServer client models except MASP use IIOP or IIOP tunnelled inside of SSL (referred to as IIOPS). IIOP connections can also be tunnelled inside of HTTP to allow connections through firewalls that do not allow passage of IIOP traffic, as discussed in “HTTP tunnelling support”.
Sybase Tabular Data Stream™ (TDS) TDS is a proprietary protocol used in two-tier database applications that connect to Sybase database servers or gateways. Two types of clients connect to EAServer using TDS:
To separate MASP and Open Server requests, EAServer requires different listener ports for each type of client. To support MASP clients, your server must have at least one TDS listener installed. You must define an Open Server listener to support legacy Open Server clients.
Secure Sockets Layer (SSL) The SSL protocol allows connections to be secured using public-key encryption and authentication algorithms. “SSL support” describes EAServer’s SSL support.
To enable support for each protocol, you must define a listener in EAServer Manager. The listener configuration specifies a server address (host name and port number) as well as the network protocol and security settings to be used by clients that connect to that listener. SSL support requires installation of a server certificate. See the EAServer Security Administration and Programming Guide.
EAServer supports HTTP/1.1, and complies with the features required for origin server and client in the W3C spec for HTTP/1.1. See the HTTP/1.1 specification.
Almost all network firewalls allow HTTP traffic to pass, but some reject IIOP packets. When IIOP traffic is tunnelled inside of HTTP, your clients can connect to EAServer through a firewall that does not allow IIOP traffic to pass.
The EAServer Java client ORB performs HTTP tunnelling automatically using the designated IIOP port. No additional configuration or proxies are required. When connecting, the EAServer client-side ORB first tries to open an IIOP connection to the specified address and port. If the IIOP connection fails, the ORB tries an HTTP-tunnelled connection to the same address and port. The default behavior is appropriate when some users connect through firewalls that require tunnelling and others do not; the same application can serve both types. If you know HTTP tunnelling is always required for a Java client, you can set the ORBHttp property to cause the ORB to use HTTP tunnelling without trying plain IIOP connections first.
The C++ client ORB supports tunnelling when clients explicitly request it by setting the ORBHttp property.
The SSL protocol allows connections to be secured using public-key encryption and authentication algorithms that are based on digital certificates. SSL is a wrapper protocol: packets for another protocol are secured by embedding them inside of SSL packets. For example, HTTPS is HTTP-secured by embedding each HTTP packet within an SSL packet. Likewise, IIOPS is IIOP embedded within SSL. HTTPS and IIOPS are also commonly called secure HTTP and secure IIOP, respectively.
EAServer provides native SSL protocol support. Specifically, the EAServer built-in SSL driver supports dynamic negotiation, cached and shared sessions, and authorization for client and server using X.509 Digital Certificate Support.
In EAServer Manager, you can configure a secure IIOP or HTTP port by defining an IIOP or HTTP listener, then associating a security profile with the listener. The security profile designates a server certificate that is sent to clients to verify that the connection ends at the intended server. The security profile also specifies the connection’s required security settings, such as:
Whether a client certificate is required to open connections. The client certificate serves as proof of the client user’s identity.
What data security options, such as the encryption algorithm, are used to secure data transmitted over the connection.
For detailed instructions on configuring secure ports, see the EAServer Security Administration and Programming Guide.
On the client-side, the following types of clients can open SSL connections to EAServer:
Java applets hosted by SSL-capable Web browsers.
|Copyright © 2005. Sybase Inc. All rights reserved.|