Try OpenEdge Now
skip to main content
Administration
Messaging and ESB Administration : Configuring and Managing the OpenEdge Adapter for Sonic ESB : Security considerations for OpenEdge Adapter for Sonic ESB
 

Security considerations for OpenEdge Adapter for Sonic ESB

The security of communications between services deployed to the OpenEdge Adapter for Sonic ESB and the clients of those services is a function of two distinct connections, each of which is configured separately with respect to security.
The first connection, that between the OpenEdge Adapter for Sonic ESB and the client, is secured by the facilities of Sonic ESB and thus is outside the scope of OpenEdge administration. See the Sonic ESB documentation for information about making this connection secure.
The second connection is via AppServer protocol between the deployed service and the AppServer. It is recommended that you run your AppServer and Sonic container hosting the service on the same machine to ensure that the AppServer protocol is secure without using single sign-on (SSO).
Otherwise, for this connection to be secure, the following conditions must be met:
*You must obtain and install public key certificates for the OpenEdge Adapter for Sonic ESB host machine.
*The service must send SSL requests to the AppServer that is to process the client requests. To configure the service to send SSL requests, you set the value of the appServiceProtocol property to AppServerS or AppServerDCS. You set this property, either for a specific service (see Editing an instance of an OpenEdge service) or as the default for services deployed to a given adapter instance (see Editing the default service properties). Note that this property applies to deployed services, not to the WSA itself.
*The AppServer must be SSL-enabled, meaning that it accepts SSL requests from the OpenEdge Adapter for Sonic ESB (or other clients). You set the property sslEnable=1 by checking the Enable SSL client connections box in the SSL General properties category in OpenEdge Management/OpenEdge Explorer, or by manually editing the ubroker.properties file. You must also obtain and install a server private key and public key certificate and set additional SSL server properties. See SSL-enabled AppServer operation for more information.
Note: You can use the mergeprop utility installed with OpenEdge to manually edit the ubroker.properties file. For information on using mergeprop, see OpenEdge Getting Started: Installation and Configuration.
For more information on SSL support in OpenEdge, including configuring and operating a Sonic ESB service as a client of an SSL-enabled AppServer, see OpenEdge Getting Started: Core Business Services - Security and Auditing.
* SSL-related service properties