Configure the Client-Server communications for the mobile application.
Prerequisites
Ensure the following
requirements needed for configuration of the ANGEL secure communications are met prior to
modifying the configuration files for the
Agentry
Server:
- SSL authentication, including whether or not an authentication
certificate is needed for the Server. You must obtain a certificate from a trusted
certificate authority (CA) or create your own self-signed certificate, for example by
using OpenSSL, and install it to the Server and/or Client for Server authentication
and/or Client authentication. These certificates are then stored on the Client devices
or host system for the Server, with the corresponding trusted certificate entries placed
on the counterpart system. See the topic Authentication Certificates in the
Security collection for information about creating and installing
certificates.
- Determine if the Client requires authentication through SSL. If so,
trusted root certificates are needed on the Server with matching entries for the
authentication certificates installed on the Clients.
- Determine if the default time-out of 300 seconds and keep-alive
duration of 60 seconds are adequate. If not, determine the proper values for these items
as they are configured in this procedure.
- Identify the port on which you want the server to listen for ANGEL
connections; further, if you want to restrict the Agentry server to only listening on
specific network interfaces, you need to know the IP addresses of those interfaces.
Task
Configuration of the ANGEL communications section is required for any deployment of an
application. Many of the necessary settings for this
connection type are implementation-specific. This
process involves the modification of the
[ANGEL Front End] and
[ANGEL Front End Ports] sections
of the Agentry.ini file. Always
make changes to these sections using the SAP
Control Center.
- Start the SAP
Control Center.
Connect to the system where the SAP Mobile Platform with the running Agentry
Server is
installed.
- In the navigation pane of SAP
Control Center,
expand the Applications node and select the Agentry application.
- In the administration pane, click the Configurations
tab.
- Select the check box for ANGEL Front End and click
the Properties button. Edit the settings on this screen to allow
the Agentry
Server to
support the client-server communications for the implementation
environment.
Following are the settings that are configurable
for these options:
- trustedCertificateStore: Specifies
the trusted certificate store containing the trusted certificate(s)
used when client authentication is enabled (authenticateClient=true). This
can be specified as a Certificate File (.CER) or
Certificate Store File (.SST).
- authenticationCertificateStore: Specifies the location of the
Server’s authentication certificate. This can be a Certificate File (.CET), Certificate Store File (.SST), or a Personal Information Exchange File (.PFX). The certificates identified here are from a trusted source (The
CA certificate itself is kept in the client).
- authenticationCertificateStorePassword, authenticationCertificateStorePasswordEncoded: Password to access
the authentication certificate identified in authenticationCertificateStore. Password encoded indicates whether or
not the password listed here is encoded.
- authenticateClient: Specifies whether
or not the Agentry
Client must
provide an authentication certificate. This certificate must be
traceable to a trusted root certificate, though intermediary authorities
can exist.
- timeout: Duration of time, in seconds,
that the Agentry
Server keeps
a socket open between the Server and the Agentry
Client without
any activity. Once this limit is reached, the socket is closed.
- keepAliveTime: Duration of time between
keep-alive messages sent from the Server to the Client, preventing
the time-out value from closing the socket. This keepAliveTime is used
only when background sending or push functionality is enabled for
the application.
- Click [OK] to close the screen.
The changes are saved and if necessary, the Agentry
Server is
restarted.
- Open the agentry.ini file and search for the
Agentry
Server and search for the section [ANGEL Front End
Ports]. You must initially manually edit this section. You cannot add new
port options to this file through the SAP
Control Center, though you can modify the settings using the SAP
Control Center once they are added to the file. You can configure the Server to
listen on one or more ports and network adapters. If multiple Agentry
Servers are deployed for the same application, separate configurations are
needed for each Server instance. These settings cannot be configured using the SAP
Control Center for Agentry
Servers within a cluster unless all Servers have the same port settings,
which is typically not the case.
The format of each line in the "ANGEL Front End Ports" section
is:
<index>=[<interface address>:]<port>
where
<index> is an arbitrary index value (it is ignored), <interface address> is
the optional address of a network interface (to limit listening to just that interface),
and <port> is the port to listen on (typically 7003).
[ANGEL Front End Ports]
port1=7003
port2=127.0.0.1:7013
port3=localhost:7080
port4=MyHostSystem:7020
These ports must be free
and can be specified by their port name. Whichever port is listed
first in this section is used as the default port. All entries must
include a port number and may include the host name or IP address.
Finally, any IP addresses or host names listed here must have corresponding network
adapters configured on the host system.
- (Optional) If FIPS 140-2 support allowing use of only FIPS compliant
ciphers and key strengths is required, add the following to the [Server Administration]
section of the agentry.ini file:
[Server Administration]
fipsMode=true
When used, an entry is written to the events.log and
startup.log indicating that FIPS compliant mode is enabled.
- Review the modifications made to this file. When satisfied of their accuracy, save and close
the Agentry.ini file.
- Restart the Agentry
Server in
order for the modifications to take effect.
When this is complete, the communications between the Agentry
Clients
and Agentry
Server are configured.
Next
After changing any communications settings, you must
test the communications between the Client and Server. If multiple
communications methods are employed, i.e., if there are multiple
ports configured in the [ANGEL Front End Ports] section,
test the connections from the Agentry
Clients
using each of the possible network addresses and/or port numbers.