Configuring security profiles  Configuring identities

Chapter 13: Security Configuration Tasks

Configuring listeners

A listener is an EAServer port that communicates to clients using various protocols. For protocols that use SSL security features (HTTPS and IIOPS), you assign a security profile to the listener. The profile defines security characteristics of the listener. For protocols that do not use SSL (HTTP, IIOP, and TDS), no security profile is required.

This section describes the tasks required to configure listeners. You can:


Preconfigured listeners

EAServer comes with preconfigured listeners for all protocols. Secure protocols are assigned a predefined security profile.

The default settings for the preconfigured listeners are described in Table 13-4. Only secure listeners use security profiles.

Table 13-4: Default listener settings

Listener name

Port

Security profile

http

8080

https1

8081

sample1

https2

8082

sample2

iiop

9000

iiops1

9001

sample1

iiops2

9002

sample2

tds

7878

OpenServer

7979

The default host for these listeners is “localhost.” Sybase recommends that after you install EAServer, log in to EAServer Manager and change the default host setting to the actual host name or IP address of your machine. If you do not, only connection requests originating from the EAServer host machine are accepted. This means that, until you modify your settings, EAServer Manager must also be on the same machine as the server. You can also modify port number settings for the preconfigured listeners. For more information, see “Configuring listeners”.

The OpenServer listener is intended for migrating existing Open Server applications to EAServer. See the EAServer Programmer’s Guide for more information.

NoteYou must restart EAServer for your changes to take effect. If you have changed the server’s host name and port number, you must also restart EAServer Manager and reconnect to the server using the new host name and port number.


Listener failover

If a server cannot retrieve listener information from the repository for an IIOP listener or if an IIOP listener has not been configured, the server attempts to open a listener at this address:

IIOP: localhost, 9000

Listener start-up can fail if a port is already in use. You can verify the listener addresses in use by viewing the initial log entries in the srv.log file. If the log messages indicate a listener configuration problem, use EAServer Manager to connect to the indicated IIOP address and reconfigure the server’s listener properties.


Configuring listener properties

This section describes how to create, modify, and delete a listener. All of the configuration tasks require you to first access the Listeners folder from EAServer Manager:

  1. Double-click the Servers folder.

  2. Double-click the server for which you want to create, modify, or delete a listener.

  3. Click the Listeners folder on the left side of the window.

StepsCreating a new listener

  1. Select File | New Listener.

  2. Enter the name of the new listener, then click Create New Listener.

  3. Complete the information in the Listener Info window. See Table 13-5.

The new listener appears on the right side of the window when you highlight the Listeners folder.

StepsModifying an existing listener

  1. Highlight the listener you want to modify.

  2. Select File | Properties.

  3. Make your modifications and click Save. Listener properties are described in Table 13-5.

StepsDeleting a listener

  1. Highlight the listener you want to delete.

  2. Select File | Delete Listener Profile.

Table 13-5: Listener profile properties

Property

Description

Comments/example

Protocol

Select the protocol from the drop-down list:

  • HTTP

  • IIOP

  • TDS

  • HTTPS

  • IIOPS

HTTPS and IIOPS are secure protocols that provide all of the security features made available by SSL, including authentication and encryption.

TDS, IIOP, and HTTP do not provide encryption. TDS and IIOP provide user name and password-based authentication.

Host

The name or IP address of the EAServer host to which the listener is being assigned.

For predefined listeners, change the initial setting from “localhost” to the actual machine name or IP address. This allows clients from other machines access to EAServer.

NoteSybase recommends that you provide the IP address of the host instead of the host name. In certain cases, a client may not be able to resolve a host name; for example, the client’s DNS server or hosts file may not have an entry for the specified host.

Port

The port number on the host to which the listener is assigned.

Make sure that the port is not in use by any other service.

Jaguar Security Profile

Select one of the preconfigured security profiles from the drop-down list. This field is enabled for only the secure protocols (HTTPS or IIOPS).

You can create new security profiles that can be assigned to a listener. See “Configuring security profiles” for information on security profiles.

Enable Open Server Events

When selected, the TDS port accepts open server client connections, if not, only MASP requests are accepted.

You must use TDS as the protocol for Open Server events.





Copyright © 2005. Sybase Inc. All rights reserved. Configuring identities