Configuring Agentry Client-Server Communications

Prerequisites
Ensure the following requirements needed for configuration of the ANGEL secure communications are met prior to modifying the configuration files for the Agentry Server:
  • SSL authentication, including whether or not a different authentication certificate is needed for the Server. By default, a certificate is provided named AgentryServer.pfx.
  • Determine if the Client requires authentication through SSL. If so, trusted root certificates are needed on the Server with matching entries for the authentication certificates installed on the Clients.
  • Determine if the default time-out of 300 seconds and keep-alive duration of 60 seconds are adequate. If not, determine the proper values for these items as they are configured in this procedure.
  • Retrieve and record the proper domain/IP address(es) and port number(s) from which the Agentry Server receives requests from Clients.
Task

This procedure describes the steps necessary to configure the Client-Server communications for the mobile application. Configuration of the ANGEL communications section is required for any deployment of an application. Many of the necessary settings for this connection type are implementation-specific. This process involves the modification of the [ANGEL Front End] and [ANGEL Front End Ports] sections of the Agentry.ini file. Always make changes to these sections using the SAP Control Center.

  1. Start the SAP Control Center. Connect to the system where the SAP Mobile Platform with the running Agentry Server is installed.
  2. In the navigation pane of SAP Control Center, expand the Applications node and select the Agentry application.
  3. In the administration pane, click the Configurations tab.
  4. Select the check box for ANGEL Front End and click the Properties button. Edit the settings on this screen to allow the Agentry Server to support the client-server communications for the implementation environment.
    Following are the settings that are configurable for these options:
    • trustedCertificateStore: Specifies the trusted certificate store containing the trusted certificate(s) used when client authentication is enabled (authenticateClient=true). This can be specified as a Certificate File (.CER) or Certificate Store File (.SST).
    • authenticationCertificateStore: Specifies the location of the Server’s authentication certificate. This can be a Certificate File (.CET), Certificate Store File (.SST), or a Personal Information Exchange File (.PFX). The certificate identified here must be a trusted root certificate for the Agentry Clients.
    • authenticationCertificateStorePassword, authenticationCertificateStorePasswordEncoded: Password to access the authentication certificate identified in authenticationCertificateStore. Password encoded indicates whether or not the password listed here is encoded. This password is only encoded if authenticationCertificateStore is set to a value other than the default AgentryServer.pfx.
    • authenticateClient: Specifies whether or not the Agentry Client must provide an authentication certificate. This certificate must be traceable to a trusted root certificate, though intermediary authorities can exist.
    • timeout: Duration of time, in seconds, that the Agentry Server keeps a socket open between the Server and the Agentry Client without any activity. Once this limit is reached, the socket is closed.
    • keepAliveTime: Duration of time between keep-alive messages sent from the Server to the Client, preventing the time-out value from closing the socket. This keepAliveTime is used only when background sending or push functionality is enabled for the application.
    • minimum-, maximumCipherStrength: These two settings specify, in bits, the cipher strength of the data encryption used by this connection type. Leaving these items commented out (as shown above) or omitting them results in Windows determining the cipher strength.
  5. Click [OK] to close the screen.

    The changes are saved and if necessary, the Agentry Server is restarted.

  6. Open the agentry.ini file for the Agentry Server and search for the section [ANGEL Front End Ports]. You must initially manually edit this section. You cannot add new port options to this file through the SAP Control Center, though you can modify the settings using the SAP Control Center once they are added to the file. You can configure the Server to listen on one or more ports and network adapters. If multiple Agentry Servers are deployed for the same application, separate configurations are needed for each Server instance. These settings cannot be configured using the SAP Control Center for Agentry Servers within a cluster unless all Servers have the same port settings, which is typically not the case.

    [ANGEL Front End Ports] port1=7003 port2=127.0.0.1:7013 port3=localhost:7080 port4=MyHostSystem:7020

    These ports must be free and can be specified by their port name. Whichever port is listed first in this section is used as the default port. All entries must include a port number and may include the host name or IP address. Finally, any IP addresses or host names listed here must have corresponding network adapters configured on the host system.

  7. Review the modifications made to this file. When satisfied of their accuracy, save and close the Agentry.ini file.
  8. Restart the Agentry Server in order for the modifications to take effect.

When this is complete, the communications between the Agentry Clients and Agentry Server are configured.

Next

After changing any communications settings, you must test the communications between the Client and Server. If multiple communications methods are employed, i.e., if there are multiple ports configured in the [ANGEL Front End Ports] section, test the connections from the Agentry Clients using each of the possible network addresses and/or port numbers.

Parent topic: Configuring Client-Server Communications