Jump to: navigation, search

List of connections and known limitations

The table below lists all iWD component connections and their types.

Connections

iWD Component Connection Type Role Connections TLS Mode Comments
iWD Manager PSDK Client Configuration Server mutual The Configuration Server auto-upgrade port should be used for TLS.
PSDK Client Interaction Server mutual  
PSDK Client UCS mutual  
PSDK Client Message Server mutual  
REST Client History Node mutual
REST Server Web browser or custom desktops mutual
iWD Data Mart
PSDK Client Configuration Server mutual The Configuration Server auto-upgrade port should be used for TLS.
JDBC Client iWD Data Mart database tls Configured via URL or JVM options or combination depending on database JDBC driver.
JDBC Client ConfigServer database tls Configured via URL or JVM options or combination depending on database JDBC driver.
REST Client iWD History Node mutual
REST Server iWD Plug-in for GAX mutual
LCA no LCA and product should be located on the same host, so TLS is not required.
PSDK Server Message Server mutual Introduced in 9.0.005.
iWD History Node PSDK Client Configuration Server mutual The Configuration Server auto-upgrade port should be used for TLS.
JMS Client Interaction Server Event Log mutual
JDBC Client History Node database tls Configured via URL or JVM options or combination depending on database JDBC driver.
REST Server iWD Data Mart and iWD Manager mutual
PSDK Server Message Server mutual Introduced in 9.0.005.
Stat Server Extensions JDBC Client iWD Data Mart database tls Configured via URL or JVM options or combination depending on database JDBC driver.
iWD GAX Plugin JDBC Client Interaction Server DB tls Configured via URL or JVM options or combination depending on database JDBC driver.
REST Client iWD Data Mart mutual
iWD Web REST Server Web browser mutual
PSDK Client Configuration Server mutual The Configuration Server auto-upgrade port should be used for TLS.
PSDK Client Interaction Server mutual
PSDK Client Message Server mutual
REST Client WSCP mutual

Limitations

PEM and Windows (MSCAPI) certificates

iWD Manager, iWD Web, iWD Data Mart and iWD History Node REST APIs do not support PEM and Windows (MSCAPI) certificates. Data Mart and History Node are based on Dropwizard, which is Jetty-based. Dropwizard documentation refers to Jetty documentation which you can find at http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html.

Jetty does not support PEM files directly, so when you get PEM certificates, you need to pack them into a keystore/truststore. There's more information at http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#loading-keys-and-certificates

The iWD Manager and iWD Web REST server is based on Tomcat, which does not support PEM directly. There's more information at https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html

Tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores.

iWD Stat Extensions shares database settings with Data Mart

iWD Stat Extensions has a limitation regarding TLS settings for JDBC connection. iWD Stat Extensions shares database settings with Data Mart. The Data Mart Stat Adapter job copies the JDBC URL from the Data Mart DAP to Stat Server options. So Stat Server must be configured in the same way as Data Mart.

  • If Data Mart is set to use a TLS connection to the database via JVM arguments (the recommended way), then Stat Server must be provided with the corresponding JVM options and certificates.
  • If Data Mart is set to use a TLS connection to the database via a JDBC URL which contains certificates and/or passwords, then Stat Server should be installed to the same host as Data Mart or use the same certificate paths and passwords.

iWD Manager and iWD Web client applications cannot be configured on HOST level

Client applications do not have a linked host value, so iWD cannot read host parameters while configuring such application connections. There are two client applications in iWD—iWD Manager and iWD Web— with connections to Configuration Server. These connections through the auto-upgrade port can be configured ONLY on the connection or the application level.

Mutual TLS for databases

Mutual TLS for databases is not supported.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on August 16, 2018, at 08:17.