DevPortal

How do I Configure Pramati Server for Firewalls?

In typical deployment scenarios, servers are located behind firewalls and any RMI transport layer that attempts to open direct sockets to hosts on the Internet will not be allowed to do so. The default RMI transport provides two alternate HTTP-based mechanisms that enable a client to invoke a method on a remote object residing across the firewall. These are:

Administrators must consider the following points while using Server with firewalls:

To configure Pramati Server or a Cluster node to run behind a firewall:

  1. Open the HTTP port. In a typical firewall configuration, this is the default port that is open.
  2. Open the Naming service port. This is mandatory if Naming service lookups have to occur from the client-side. If HTTP Tunneling is used, no other ports need to be open.
  3. Open the port on which remote objects are to be exported if HTTP Tunneling is not used. This port is already configured as part of Server. See the <export-port> tag under <server-nodes> in server-config.xml. The value is zero by default, when it exports remote objects on random ports. Specifying an unused port here exports all remote objects onto this port. Hence, this port must be open to enable the client to talk to remote objects behind a firewall.
  4. Open the class file server port (this must be done) to enable dynamic downloading of stubs to clients across firewalls. This port can be specified in server-config.xml under <class-file-server-port>. By default it is 5020. If dynamic downloading of the EJB stubs is not required, then there is no need to open this port across the firewall.
  5. Confirm that the configuration file of Server has the global IP of the node specified in the <host-ip> tag. When starting the Server, provide the following command line argument to the JVM: java -Djava.rmi.server.hostname = <GLOBALIP> com.pramati.Server.

Related Topics:

© Pramati Technologies 2007 Runs on Pramati Server | Feedback | Legal