...
Property | Data Type | Mandatory | Example | Description |
---|---|---|---|---|
| String |
| Target System Zone | The name of the target network. This name will also be used in the router configuration. |
| String |
|
| The net:tcp address of the next hop. In the example above, the “Target System Zone” is not accessible directly from the “APP Network Zone” which is why we will specify the IP:Port of Router 1. |
| String |
|
| Static value. |
| String |
|
| Static value. |
| String |
|
| The last entry of the Subject Alternative Name Names of the certificate that should be used to encrypt the content that is sent to the Note:
|
Router Configuration
Each of the router routers will take the incoming message, read the target network destination from the header, check the local configuration for the next hop, and forward the message to the next hop. It’s therefore necessary to add all the destination target networks and their next hop to the configuration file. Such a configuration files are attached below.
Host configuration
First of all, we will configure the router itself. On line 22, we add the host
section, where we configure on which URI
the router is listening to. In this case, it’s net.tcp://10.10.11.100:9001
which should match the Target URI
from the target network example above. This configuration also references the behaviour behavior SystemConnectorServiceBehaviours
which can be found on line 63. In that behaviour behavior configuration, we specify with with the certificate the that router 1 will encrypt it’s its content. In this case, it’s the Router1.SystemConnector.CoreOne.ITSENSE.local
certificate. Similar to the target network configuration we, therefore, have the following requirements:
The router service user has to have access to the private key of this certificate.
The calling party, in this case, the application service, has to have access to the public key of this certificate, in order to validate the message.
On line 23 we specify all the public certificates that we can use to verify a sender's message. In our case, only the application server will initiate the communication and we, therefore, add that public certificate (Client.SystemConnector.CoreOne.ITSENSE.local
) to the list. And we have the following requirements:
...
On line 27 we can find our routing configuration. Here we have to add all target networks, with their next hop. In our Router 1 example we route all traffic destined for Default Network
to the next hop net.tcp://10.10.12.100:9002
. That destination has to match the configuration of Router 2, i.e. the Port and the certificate Router2.SystemConnector.CoreOne.ITSENSE.local
. So again we have the following requirements:
The router Router service 1 has to have access to the public key of the router 2 certificate, in order to validate the message.
This configuration also references the SystemConnectorEndpointBehaviours
found on line 53. Here again, we specify with which certificate the router 1 will encrypt it’s its content sent to the next hops. This is again the Router1.SystemConnector.CoreOne.ITSENSE.local
certificate. And we have the following requirements:
The router service user has to have access to the private key of this certificate.
The next hop and the application service, in this case, the Router 2 and the application service, have to have access to the public key of this certificate, in order to validate the message.
...