Configuring Agentry Client-Server Communications

Configure the Client-Server communications for the mobile application.

Prerequisites
Ensure the following requirements needed for configuration of the ANGEL secure communications are met prior to modifying the configuration files for the Agentry Server:
  • SSL authentication, including whether or not an authentication certificate is needed for the Server. You must obtain a certificate from a trusted certificate authority (CA) or create your own self-signed certificate, for example by using OpenSSL, and install it to the Server and/or Client for Server authentication and/or Client authentication. These certificates are then stored on the Client devices or host system for the Server, with the corresponding trusted certificate entries placed on the counterpart system. See the topic Authentication Certificates in the Security collection for information about creating and installing certificates.
  • Determine if the Client requires authentication through SSL. If so, trusted root certificates are needed on the Server with matching entries for the authentication certificates installed on the Clients.
  • Determine if the default time-out of 300 seconds and keep-alive duration of 60 seconds are adequate. If not, determine the proper values for these items as they are configured in this procedure.
  • Identify the port on which you want the server to listen for ANGEL connections; further, if you want to restrict the Agentry server to only listening on specific network interfaces, you need to know the IP addresses of those interfaces.
Task

Configuration of the ANGEL communications section is required for any deployment of an application. Many of the necessary settings for this connection type are implementation-specific. This process involves the modification of the [ANGEL Front End] and [ANGEL Front End Ports] sections of the Agentry.ini file. Always make changes to these sections using the SAP Control Center.

  1. Start the SAP Control Center. Connect to the system where the SAP Mobile Platform with the running Agentry Server is installed.
  2. In the navigation pane of SAP Control Center, expand the Applications node and select the Agentry application.
  3. In the administration pane, click the Configurations tab.
  4. Select the check box for ANGEL Front End and click the Properties button. Edit the settings on this screen to allow the Agentry Server to support the client-server communications for the implementation environment.
    Following are the settings that are configurable for these options:
    • trustedCertificateStore: Specifies the trusted certificate store containing the trusted certificate(s) used when client authentication is enabled (authenticateClient=true). This can be specified as a Certificate File (.CER) or Certificate Store File (.SST).
    • authenticationCertificateStore: Specifies the location of the Server’s authentication certificate. This can be a Certificate File (.CET), Certificate Store File (.SST), or a Personal Information Exchange File (.PFX). The certificates identified here are from a trusted source (The CA certificate itself is kept in the client).
    • authenticationCertificateStorePassword, authenticationCertificateStorePasswordEncoded: Password to access the authentication certificate identified in authenticationCertificateStore. Password encoded indicates whether or not the password listed here is encoded.
    • authenticateClient: Specifies whether or not the Agentry Client must provide an authentication certificate. This certificate must be traceable to a trusted root certificate, though intermediary authorities can exist.
    • timeout: Duration of time, in seconds, that the Agentry Server keeps a socket open between the Server and the Agentry Client without any activity. Once this limit is reached, the socket is closed.
    • keepAliveTime: Duration of time between keep-alive messages sent from the Server to the Client, preventing the time-out value from closing the socket. This keepAliveTime is used only when background sending or push functionality is enabled for the application.
  5. Click [OK] to close the screen.

    The changes are saved and if necessary, the Agentry Server is restarted.

  6. Open the agentry.ini file and search for the Agentry Server and search for the section [ANGEL Front End Ports]. You must initially manually edit this section. You cannot add new port options to this file through the SAP Control Center, though you can modify the settings using the SAP Control Center once they are added to the file. You can configure the Server to listen on one or more ports and network adapters. If multiple Agentry Servers are deployed for the same application, separate configurations are needed for each Server instance. These settings cannot be configured using the SAP Control Center for Agentry Servers within a cluster unless all Servers have the same port settings, which is typically not the case.
    The format of each line in the "ANGEL Front End Ports" section is:
    <index>=[<interface address>:]<port>
    where <index> is an arbitrary index value (it is ignored), <interface address> is the optional address of a network interface (to limit listening to just that interface), and <port> is the port to listen on (typically 7003).
    [ANGEL Front End Ports] 
port1=7003 
port2=127.0.0.1:7013 
port3=localhost:7080 
port4=MyHostSystem:7020

    These ports must be free and can be specified by their port name. Whichever port is listed first in this section is used as the default port. All entries must include a port number and may include the host name or IP address. Finally, any IP addresses or host names listed here must have corresponding network adapters configured on the host system.

  7. (Optional) If FIPS 140-2 support allowing use of only FIPS compliant ciphers and key strengths is required, add the following to the [Server Administration] section of the agentry.ini file:
    [Server Administration]
fipsMode=true

    When used, an entry is written to the events.log and startup.log indicating that FIPS compliant mode is enabled.

  8. Review the modifications made to this file. When satisfied of their accuracy, save and close the Agentry.ini file.
  9. Restart the Agentry Server in order for the modifications to take effect.

When this is complete, the communications between the Agentry Clients and Agentry Server are configured.

Next

After changing any communications settings, you must test the communications between the Client and Server. If multiple communications methods are employed, i.e., if there are multiple ports configured in the [ANGEL Front End Ports] section, test the connections from the Agentry Clients using each of the possible network addresses and/or port numbers.

Parent topic: Configuring Client-Server Communications