Net Areas in the Automation Engine

Communication processes (CPs) or Java communication processes (JCPs) are used to connect components such as Agents and the Automic Web Interface with the work processes (WPs) and to handle the communication. For more information, see Types of Server Processes.

The communication process selection for the individual components takes place automatically. When an Automation Engine system uses several communication processes, you can distribute them over several areas to manipulate their selection. Ideally, each area represents a specific network.

This page includes the following:

Overview

As of this version, the communication between the Automation Engine and the Java components as well as the Windows, UNIX and Java Agents and the TLS Gateway uses TLS/SSL through a secure WebSocket (WSS). These components establish a connection with the Java communication process (JCP), which uses trusted certificates to prove its identity to other communication partners. All other Agents and the CallAPIs establish a connection with a communication process (CP). For more information, see Securing Connections to the AE (TLS/SSL).

The communication process selection can be restricted to certain processes by grouping them into network areas. To do so, use the NetArea= parameter in the [TCP/IP] section of the relevant INI file. The values for net area parameters have to be alphanumerical and have to start with a letter. If the parameter is not defined, the name of the Automation Engine system or of the TLS Gateway is used instead.

Important! The communication process selection itself within a net area does not differ from the communication process selection if you do not use net areas. The communication process sends the client a list of all processes that are located in its net area. The client then selects from the communication processes that are available. For more information, see Connecting to a Communication Process.

You may use any number of net areas. To ensure stability, it is recommended to use at least two communication processes in each net area.

Only communication processes (CPs or JCPs) can be grouped in net areas. The work processes (WPs) of an Automation Engine system must use the same net area. Any attempt to start a work process (WP) in a different net area than the one of the active work processes (WPs) results in the work process (WP) ending itself immediately.

It is recommended to run communication processes (CPs or JCPs) and work processes (WPs) in the same secure network zone. If the communication processes is located in different network zones, separated by a firewall, please observe and configure the necessary firewall exceptions. Upon connecting to the Automation Engine, the Agents get a complete list of communication processes to enable their selection. In case the communication processes are behind a firewall (from the Agent's point of view), the connections of the Agents to the communication processes have to be configured in the firewall itself.

When a TLS Gateway acts as a communication process (CP) and has its own net area defined in the configuration (INI) file, the net area is displayed on the Agents page of the Administration perspective in Client 0 and in the clients to which the TLS Gateway has been assigned. Agents connected through the CP port of such a TLS Gateway are then assigned to the net area of the TLS Gateway.

More information:

Using Net Areas

You can use net areas for different purposes:

Use separate communication processes for the Automic Web Interface and Agents

Define two net areas, assign them communication processes and enter the process in the INI file of the client (Automic Web Interface or Agent) respectively, depending on the process of the desired net area to be contacted on first start.
Use communication processes in separate network zones

Select a net area for each network zone. Use the net area to assign the communication processes to the network zones they are located in. If an Automic Web Interface, CallAPI or Agent connect to a communication process within its own network zone, the AWI, CallAPI or Agent will choose only from the processes available in this net.

Important! If you change the assignment of the communication processes to the different net areas, you have to delete the CP_LIST or JCPLIST parameter in the INI file of the Agent.

Configuration Examples

The following scenario represents a situation where it is useful to limit the communication processes for their selection by the Agent.

An Automation Engine system is divided into two different networks. Both networks use Agents. Network 1 contains server processes, communications processes CP or JCP 001, 002 and 003, and the database. In Network 2, the communication processes CP or JCP 004 and 005 are being used. These communication processes serve to connect the Agents of Network 2 with the server processes (CPs/JCPs and WPs) in Network 1. The two network areas are separated by a firewall that is configured statically and should only accept known connections.

Note: For the sake of simplicity, the diagram below shows only CPs. The behavior is the same for JCPs.

The following diagram shows the net area InnerNet and its assignment to the communication processes CP or JCP 001, 002 and 003 whereas net area OuterNet is assigned to 004 and 005.

It also shows the connections between components and their directions, indicated by arrows. The Agents of Network 1 connect exclusively to communication processes (CPs or JCPs) of the InnerNet net area, the Agents of Network 2 connect exclusively to communication processes (CPs or JCPs) of the OuterNet net area. In this case, the Agents' connections do not have to be configured in the firewall. The diagram also shows the necessary connections for communication process operation in other network zones. For Network 1, only database connections by communication processes drawn in red are known. Please note that connections between communication processes (CP - CP or JCP-JCP) only occur in special cases or are necessary if an Agent's registered output file should be displayed by way of the Automic Web Interface, where Agent and Automic Web Interface are connected to different communication processes. These connections are denoted by red dotted lines.

Notes:

In the firewall, you only have to configure connections that are known to CP or JCP 004 and 005, regardless of the number of Agents that are used in Network 2. Connections that must be configured statically are shown as red dots along the firewall line.
If the name of the InnerNet host does not match the one of the OuterNet host, make sure that the certificate required for the OuterNet host points to the correct host. You can define it in the hostName= parameter of the [TCP/IP] section of the INI file (see Automation Engine) of the relevant Java communication process (JCP).

To ensure that the Agents only connect to CP or JCP 004 and 005 the following steps are required:

For CP or JCP 001, 002 and 003:
- the communication processes CP or JCP 001, 002 and 003 have to be combined in one net area
  
  Set the NetArea= parameter in the [TCP/IP] section of the INI file of the Automation Engine (see Automation Engine). You can specify any name for the network area as the value (InnerNet).
- In the connection= parameter in the [TCP/IP] section of the INI file of the Agents of Network 1, you can use the connection data of either CP or JCP 001, 002 or 003
For CP or JCP 004 and 005:
- the communication processes CP or JCP 004 and 005 have to be combined in one net area
  
  Set the NetArea= parameter in the [TCP/IP] section of the INI file of the Automation Engine (see Automation Engine) of these communication processes. Make sure that you use a different value from the one defined for the communication processes in Network 1 (OuterNet).
- In the connection= parameter in the [TCP/IP] section of the INI file of the Agents of Network 2, you can use the connection data of either CP or JCP 004 or 005

You have to define the following parameters in the INI file of the Automation Engine:

In the [GLOBAL] section, define the system= parameter
In the [TCP/IP] section, define the netarea= and pwpPort= parameters
In the [PORTS] section, define the CP.PORTS= parameter for CPs or the WS.PORT= parameter for JCPs

Example

Net area definition using communication processes (CPs).

Network 1

[GLOBAL]

system=UC4

[TCP/IP]

netarea=InnerNet

pwpPort=2270

[PORTS]

CP.PORTS=2217-2219
Network 2

[GLOBAL]

system=UC4

[TCP/IP]

netarea=OuterNet

pwpPort=2270

[PORTS]

CP.PORTS=2220-2221

ServiceManager

When you start server processes or Agents from the Administration perspective in the Automic Web Interface or by using the script element MODIFY_SYSTEM, the work process (WP) selects a communication process (CP or JCP), and the communication process contacts the responsible ServiceManager (see ServiceManager). If the communication processes are located in different net areas within the Automation Engine system, it is considered for the process selection.

The following behavior applies:

Start an Agent, communication process (CP or JCP) or work process (WP) by using the script element MODIFY_SYSTEM or via the Administration perspective.

Note: On startup via the Administration perspective, the communication process to which the Automic Web Interface is connected passes the request on to a work process (WP).
The work process (WP) responsible contacts the communication process that is located in the same net area as the Agent, communication process or work process (WP) that should be started.
If the work process (WP) does not find a communication process, it will search for a one in its net area.
If it still cannot find a communication process, the work process (WP) contacts any communication process of the Automation Engine system.
The selected communication process contacts the related ServiceManager which starts the Agent, communication process or work process (WP).