Using SSL for event-driven workload automation (EDWA) behind firewalls
This feature allows a domain manager to be run as a reverse proxy for HyperText Transfer Protocol (HTTP) and Event Integration Facility (EIF) protocols, forwarding traffic to the Event Processor. An option, enabled using the optman command-line program, allows you to choose if workstations that are behind a firewall must connect to the domain manager instead of to the event processor, causing the new proxy on the domain manager to forward its traffic to the event processor.
Restriction: This configuration is not supported
if the agent workstation is a dynamic agent.
The incoming traffic is rerouted as follows:
- If an agent is behind a firewall, the traffic is routed to the domain manager on the agent. If an agent is not behind a firewall, the traffic is sent directly to the event processor.
- If domain managers have child nodes behind a firewall, the traffic is rerouted to the event processor.
- Primary domain managers always reroute traffic to the current event processor.
- Lower level domain managers reroute traffic to upper level domain managers if they are behind a firewall, or to the event processor if they are not behind a firewall.
To use this feature, perform the following steps:
- Enable the feature by setting the optman option to
yes
. The default value isno
:enEventDrivenWorkloadAutomationProxy | pr = {yes|no}
- In the workstation definition in the database for the agent, set the
behindfirewall
attribute to ON. - Configure OpenSSL or GSKit on the domain manager.
behindfirewall
attribute, see Workstation definition.