Installing the TLS Gateway

As a system administrator, you install the TLS Gateway to facilitate the file transfer between TLS/SSL and non-TLS/SSL Agents and/or provide a communication process (CP) port, if needed.

Important! Check Broadcom's Enterprise Software Academy. There is a course available for this topic. For more information, see the Education section at the end of this topic.

This page includes the following:

Overview

The TLS Gateway and the Automation Engine communicate using TLS/SSL and establish a connection with the Java communication process (JCP), which uses trusted certificates to prove their identity to other communication partners.

You can use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters in the [AUTHORIZATION] section of the INI file (uctlsgtw.ini) of the TLS Gateway to point to the relevant certificates. If the trustedCertFolder= parameter is not set, the certificates should be installed in the Java trust store. For more information, see Securing Connections to the AE (TLS/SSL).

Installing the TLS Gateway

The TLS Gateway is an Agent (HOST) object. The installation process is the same as for any other Agent (HOST) object.

You can create and download the TLS Gateway in the Administration perspective in any Client in the system. However, the Agent object is always also available in Client 0.

In Client 0, you can also create and download the TLS Gateway from the Process Assembly perspective. Any changes to the TLS Gateway definition must be done in Client 0.

Java Cryptography Extension (JCE)

To ensure that the TLS Gateway can handle non-TLS/SSL connections, the JCP must have the Java Cryptography Extension installed.

Important! JDK requires these policy files only if you work with Java 8. Java 9 and later versions include and use these files by default.

  1. Install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy.

    The JCE Unlimited Strength Jurisdiction Policy has to be installed on the machines where:

    • The Automic Web Interface runs.
    • The Automation Engine (JWP/JCP) runs.

    Download at Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy

    For IBM Java, you must use the policy files of IBM. The unlimited jurisdiction policy files are located in directory SDK /demo/jce/policy-files/unrestricted/. For more information, see https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/sdkpolicyfiles.html.

    The Readme file contains the installation instructions on how to copy the .jar files to appropriate location (e.g. <java-home>\lib\security). If there are multiple Java installations on the same computer, setting up a policy file for all installations is recommended.

For more information, see Installing the JCP .

Adding a TLS Gateway from the Process Assembly in Client 0

  1. In the Process Assembly perspective, you have two options:

    • Right-click anywhere on the list and select Add > Add Object.
    • Click the Add Object button on the toolbar
  2. On the Add Object dialog, click the Agent (AGENT) object type to access the list of available agent objects.

  3. Select the TLS-GATEWAY Agent and click the Add button. The Object Name dialog is displayed.

  4. Enter a descriptive Name.

  5. Optionally, enter a short and descriptive Title that helps you recognize the purpose of the object.

  6. Click OK. A new page opens where you can start with the object definitions. For more information, see Agents (HOST).

The new TLS Gateway is available in the Agents list.

Adding a TLS Gateway from the Administration Perspective

Prerequisite! The Packs required for a Centralized Agent Upgrade (CAU) must be installed before you can download an Agent from the Administration perspective. You can download the CAU packs from https://marketplace.automic.com/. Once you have downloaded them, you have to install them in Client 0. You can do so from the Packs page in the Administration perspective. For more information, see Centralized Agent Upgrade (CAU).

  1. Open the Administration perspective and select Agents & Groups > Agents from the navigation pane on the left.

  2. You have two options:

    • Right-click anywhere on the list and select Add > Add Agent

    • Click the Add Agent button on the toolbar

  3. Select the TLS Gateway Agent type from the list and click the Add button. The Object Name dialog is displayed.

  4. Enter a descriptive Name.

  5. Optionally, enter a short and descriptive Title that helps you recognize the TLS Gateway.

  6. Click OK.

The new TLS Gateway is available in the Agents list.

Downloading a TLS Gateway

  1. You can download the TLS Gateway either from the Administration or the Process Assembly perspective:

    • In the Administration perspective, add a TLS Gateway as described before. On the Agents list you have two options:

      • select the TLS Gateway and click the Download Agent button on the toolbar

      • right-click the TLS Gateway and select Download Agent

    • In the Process Assembly perspective, right-click the TLS Gateway and select Download Agent.

    The Download Agent dialog is displayed. The Name field is populated automatically.

  2. Define the corresponding Operating System and Architecture.

  3. Once you have defined all parameters, click Download. Your browser notification shows the TLS Gateway.zip file is being downloaded.

  4. Unpack the .zip file on the same machine on which the TLS Gateway runs.

  5. Once the file is unpacked, you can define the relevant ports in the [TCP/IP] section of the INI file of the TLS Gateway:

    • tls_port= and gss_port=

      Source and destination Agent ports used for the file transfer between TLS/SSL and non-TLS/SSL Agents.

    • cp_port=

      Communication process (CP) port used by non-TLS/SSL Agents if this option has been activated in the TLS_GATEWAY_CP variable.

    Optionally, if you are using Net Areas, you can define them using the NetArea= parameter in the [TCP/IP] section of the INI file of the TLS Gateway.

    More information:

  6. Run the *.jar binary file to start the TLS Gateway.

    The downloaded TLS Gateway is ready to work.

Renaming/Deleting a TLS Gateway

You can rename and/or delete a TLS Gateway from the Agents list in any Client that you have access to, given the following applies:

  • You have write (W) permissions on the TLS Gateway
  • The TLS Gateway is inactive
  • The TLS Gateway is not used in multiple Clients

Note: If you try to rename or delete a TLS Gateway that is used in multiple Clients, an error message is displayed.

To rename and/or delete a TLS Gateway, right-click it and select Rename/Delete.

Using Scripts

You can use scripts to easily create, download and extract TLS Gateway packs, as well as start them.

We have gathered a number of deployment script examples for the TLS Gateway. They allow you to deploy and start the TLS Gateway without having to create your own script. You can also merge separate scripts used in the examples into one large script.

More information:

Upgrading a TLS Gateway

You can use the Centralized Agent Upgrade (CAU) to upgrade your TLS Gateway instances to a different version. However, because of the high availability required for file transfers, it is not recommended to upgrade them all at the same time. For more information, see Centralized Agent Upgrade (CAU).

Education

The Enterprise Software Academy provides a wide range of free online trainings. If you have not already done so, register at Enterprise Software Academy to start profiting from our education offer.

The following course(s) are associated with this topic:

TLS Gateway

See also: