In order to communicate with the CoreMedia Server or Workflow Server, two open ports are required:
The HTTP port to fetch the IOR,
the CORBA port for communication.
In the default configuration, the CORBA port changes with every restart of the application server which is
inconvenient in case of an intermediate firewall. In this case, the port can be set to a fixed value through the
ORB property com.sun.CORBA.ORBServerPort
. In the following example, the ORB is configured to listen
on port 55555, by setting a system property:
-Dcom.sun.CORBA.ORBServerPort=55555
If you want to access the Server from "outside" a firewall and the server IP address is not directly accessible (due to network address translation for example), it is possible to establish an SSH tunnel. The tunnel forwards all traffic from the client to the server. Of course, the endpoint of the tunnel must be able to reach the server. Figure 4.2, “Schema of the SSH tunnel” shows the scenario:
Four parties are involved in the tunneling:
A client <CMSClient> which cannot access the server directly.
The client-side SSH client <SSHClient> which cannot access the Content Server.
The server-side SSH server <SSHServer> which can access the Content Server.
The CoreMedia Server <CMSServer>.
<CMSClient>/<SSHClient> and <CMSServer>/<SSHServer> can reside on the same machine respectively.
Two ports must be configured:
<HTTPPort> is the HTTP port for the IOR.
<CORBAPort> is the port for CORBA communication.
For this scenario you must,
establish the tunnel,
redirect client requests to the tunnel endpoint SSHClient instead of CMSServer.
Proceed as follows:
Configure the HTTP port of the server as usual in the
contentserver.properties
files.Configure the HTTP address where to fetch the IOR of the server in the
capclient.properties
file as follows:
cap.client.server.ior.url=http://<SSHClient>:<HTTPPort>/coremedia/ior
Start a SSH server on <SSHServer>. No particular configuration is necessary.
Start the SSH client on <SSHClient>.
On a UNIX system, open the tunnel on the SSHClient with
ssh -g -L<CORBAPort>:<CMSServer>:<CORBAPort> -L<HTTPPort>:<CMSServer>:<HTTPPort> <SSHServer>
. Replace the values in angle brackets with the appropriate settings.
For the Windows SSH client SSH Secure Shell choose
Edit|Settings|Profile Settings|Tunneling|Incoming
. You need to make two entries. Insert as follows:Type: TCP
Listen Port: <HTTPPort>
Destination Host: <CMSServer>
Destination Port: <HTTPPort>
and
Type: TCP
Listen Port: <CORBAPort>
Destination Host: <CMSServer>
Destination Port: <CORBAPort>
This will instruct ssh to forward all requests on <SSHClient>:<Port> via <SSHServer> to <CMSServer>:<Port>.
In order to instruct a client to contact <SSHClient> instead of <CMSServer>, you need to configure its client-side ORB with ORB properties and system properties.
Depending on the type of client, system properties are set either in the JPIF file (for command line tools), in the JNLP file (for Web Start) or in
setenv.sh/setenv.bat
(for web applications deployed in Tomcat). ORB properties are also set as system properties, except for command line tools, described below.You need to set the following properties, replacing <CMSServer> and <SSHClient> with the names of the appropriate computers and <CorbaPort> with the port number of the ends of the SSH tunnel:
Property Type | Property Name | Property Value |
---|---|---|
ORB | com.sun.CORBA.legacy.connection.ORBSocketFactoryClass | com.coremedia.corba.ORBRedirector50 |
System | com.coremedia.corba.ORBRedirector.original.host | <CMSServer> |
System | com.coremedia.corba.ORBRedirector.redirect.host | <SSHClient> |
System | com.coremedia.corba.ORBRedirector.original.port | <CorbaPort> |
System | com.coremedia.corba.ORBRedirector.redirect.port | <CorbaPort> |
Table 4.1. Properties for SSH configuration
In order to instruct stand-alone Unified API clients like the command line tools to contact <SSHClient> instead of <CMSServer>, you must configure the ORB property for the socket factory in the connection parameters for the Unified API.
If you are setting up the Unified API connection programmatically, consider using the
connect(Map)
method of the classCap
.
Map parameters = new HashMap(); ... parameters.put ("com.sun.CORBA.legacy.connection.ORBSocketFactoryClass", "com.coremedia.corba.ORBRedirector50"); connection = Cap.connect(parameters);
In any case, you may inject the parameter through the IOR URL passed to the Unified API. For command line tools, you can pass the URL on the command line:
cm systeminfo -url http://<SSHCLIENT>:<HTTPPort>/coremedia/ior? com.sun.CORBA.legacy.connection.ORBSocketFactoryClass= com.coremedia.corba.ORBRedirector50 -u admin -p admin
You can also set the extended URL in the file
capclient.properties
:
cap.client.server.ior.url=\ http://<SSHCLIENT>:<HTTPPort>/coremedia/ior?\ com.sun.CORBA.legacy.connection.ORBSocketFactoryClass=\ com.coremedia.corba.ORBRedirector50
It is also possible to pass an extended URL when opening a connection programmatically.
An alternative to setting up a SSH tunnel might be the use of a VPN, or SSL.
Note | |
---|---|
The |