Chapter 11 Security Configuration Tasks


Configuring listeners

A listener is an EAServer port that communicates to clients using various protocols. For protocols that use SSL security features (HTTPS and IIOPS), you assign a security profile to the listener. The profile defines security characteristics of the listener. For protocols that do not use SSL (HTTP, IIOP, and TDS), no security profile is required.

This section describes the tasks required to configure listeners. You can:

Preconfigured listeners

EAServer comes with preconfigured listeners for all protocols. Secure protocols are assigned a predefined security profile.

The default settings for the preconfigured listeners are described in Table 11-4. Only secure listeners use security profiles.

Table 11-4: Default listener settings
Listener name Port Security profile
http 8080
https1 8081 sample1
https2 8082 sample2
iiop 9000
iiops1 9001 sample1
iiops2 9002 sample2
tds 7878
OpenServer 7979

The default host for these listeners is "localhost." Sybase recommends that after you install EAServer, you log in to Jaguar Manager and change the default host setting to the actual host name or IP address of your machine. If you do not, only connection requests originating from the EAServer host machine are accepted. This means that, until you modify your settings, Jaguar Manager must also be on the same machine as the server. You can also modify port number settings for the preconfigured listeners. For more information, see "Configuring listeners".

The OpenServer listener is intended for migrating existing Open Server applications to EAServer. See the EAServer Programmer's Guide for more information.

Note   You must restart EAServer for your changes to take effect. If you have changed the server's host name and port number, you must also restart Jaguar Manager and reconnect to the server using the new host name and port number.

Listener failover

If a server cannot retrieve listener information from the repository for an IIOP listener or if an IIOP listener has not been configured, the server attempts to open a listener at this address:

IIOP: localhost, 9000

Listener start-up can fail if a port is already in use. You can verify the listener addresses in use by viewing the initial log entries in the srv.log file. If the log messages indicate a listener configuration problem, use Jaguar Manager to connect to the indicated IIOP address and reconfigure the server's listener properties.

Configuring listener properties

This section describes how to create, modify, and delete a listener. All of the configuration tasks require you to first access the Listeners folder from Jaguar Manager:

  1. Double-click the Servers folder.
  2. Double-click the server for which you want to create, modify, or delete a listener.
  3. Click the Listeners folder on the left side of the window.

Steps Creating a new listener

  1. Select File | New Listener.
  2. Enter the name of the new listener, then click Create New Listener.
  3. Complete the information in the Listener Info window. See Table 11-5.

The new listener appears on the right side of the window when you highlight the Listeners folder.


Steps Modifying an existing listener

  1. Highlight the listener you want to modify.
  2. Select File | Listener Properties.
  3. Make your modifications and click Save. Listener properties are described in Table 11-5.

Steps Deleting a listener

  1. Highlight the listener you want to delete.
  2. Select File | Delete Listener Profile.

Table 11-5: Listener profile properties
Property Description Comments/example
Protocol Select the protocol from the drop-down list:
  • HTTP
  • IIOP
  • TDS
  • HTTPS
  • IIOPS
HTTPS and IIOPS are secure protocols that provide all of the security features made available by SSL, including authentication and encryption.

TDS, IIOP, and HTTP do not provide encryption. TDS and IIOP provide user name and password-based authentication.
Host The name or IP address of the EAServer host to which the listener is being assigned. For predefined listeners, change the initial setting from "localhost" to the actual machine name or IP address. This allows clients from other machines access to EAServer.

Note   Sybase recommends that you provide the IP address of the host instead of the host name. In certain cases, a client may not be able to resolve a host name; for example, the client's DNS server or hosts file may not have an entry for the specified host.
Port The port number on the host to which the listener is assigned. Make sure that the port is not in use by any other service.
Jaguar Security Profile Select one of the preconfigured security profiles from the drop-down list. This field is enabled for only the secure protocols (HTTPS or IIOPS). You can create new security profiles that can be assigned to a listener. See "Configuring security profiles" for information on security profiles.
Enable Open Server Events When selected, the TDS port accepts open server client connections, if not, only MASP requests are accepted. You must use TDS as the protocol for Open Server events.

 


Copyright © 2002 Sybase, Inc. All rights reserved.