{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Introduction","type":"text"}]},{"type":"paragraph","content":[{"text":"Each target system is connected to the CoreOne Suite with a system connector. This system connector acts as the bridge between the CoreOne Suite logic and the target system. In many cases, the system connector can be executed directly on one of the application server, as the target system is directly accessible from the application server. But there are many cases where there are technical limitations. To name a few:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The application server is part of a different Active Directory Domain than the target system","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The target system is in a different network zone, that is not directly accessible","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The connector needs to run in 32-bit as used libraries to connect to the system are only available in 32-bit","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"If such a case occurs, you will need to configure an additional system connector and in some cases one or more routers. Below is an example of such an architecutre.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center","width":65.0},"content":[{"type":"media","attrs":{"width":1815,"id":"840c93bd-0f89-4edb-9014-0ceb25862d81","collection":"contentId-2099740673","type":"file","height":445}}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Target Network Configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"Whenever you are adding a target system to the CoreOne Suite configuration, you have to select a target network. That target network identifies in which target network the system is placed. In the example above, we have 5 target networks. Every target system in the “APP Network Zone” is connectable by the default “Local Network” target network, that’s automatically created. If you want to add a system to the “Target System Zone”, you have to add that to the list of target networks in the Admin UI.","type":"text"}]},{"type":"paragraph","content":[{"text":"When adding the target network, you will need to specify the following parameters.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Parameters","type":"text"}]},{"type":"table","attrs":{"layout":"wide","localId":"057fdefd-4a91-4e84-b9e4-af7554e2ccc8"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[63.0]},"content":[{"type":"paragraph","content":[{"text":"Property","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[71.0]},"content":[{"type":"paragraph","content":[{"text":"Data Type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[54.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[166.0]},"content":[{"type":"paragraph","content":[{"text":"Example","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[606.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[63.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[71.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[54.0]},"content":[{"type":"paragraph","content":[{"type":"emoji","attrs":{"id":"atlassian-check_mark","text":":check_mark:","shortName":":check_mark:"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[166.0]},"content":[{"type":"paragraph","content":[{"text":"Target System Zone","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[606.0]},"content":[{"type":"paragraph","content":[{"text":"The name of the target network. This name will also be used in the router configuration.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[63.0]},"content":[{"type":"paragraph","content":[{"text":"Target URI","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[71.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[54.0]},"content":[{"type":"paragraph","content":[{"type":"emoji","attrs":{"id":"atlassian-check_mark","text":":check_mark:","shortName":":check_mark:"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[166.0]},"content":[{"type":"paragraph","content":[{"text":"net.tcp://10.10.11.100:9001","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[606.0]},"content":[{"type":"paragraph","content":[{"text":"The net:tcp address of the next hop. In the example above, the “Target System Zone” is not accessible directly from the “APP Network Zone” which is why we will specify the IP:Port of ","type":"text"},{"text":"Router 1","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[63.0]},"content":[{"type":"paragraph","content":[{"text":"Binding Name","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[71.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[54.0]},"content":[{"type":"paragraph","content":[{"type":"emoji","attrs":{"id":"atlassian-check_mark","text":":check_mark:","shortName":":check_mark:"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[166.0]},"content":[{"type":"paragraph","content":[{"text":"SystemConnectorClientBinding","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[606.0]},"content":[{"type":"paragraph","content":[{"text":"Static value.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[63.0]},"content":[{"type":"paragraph","content":[{"text":"Endpiont Behaviour Name","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[71.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[54.0]},"content":[{"type":"paragraph","content":[{"type":"emoji","attrs":{"id":"atlassian-check_mark","text":":check_mark:","shortName":":check_mark:"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[166.0]},"content":[{"type":"paragraph","content":[{"text":"SystemConnectorClientEndpointBehaviour","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[606.0]},"content":[{"type":"paragraph","content":[{"text":"Static value.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[63.0]},"content":[{"type":"paragraph","content":[{"text":"Endpoint DNS Identity","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[71.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[54.0]},"content":[{"type":"paragraph","content":[{"type":"emoji","attrs":{"id":"atlassian-check_mark","text":":check_mark:","shortName":":check_mark:"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[166.0]},"content":[{"type":"paragraph","content":[{"text":"Router1.SystemConnector.CoreOne.ITSENSE.local","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[606.0]},"content":[{"type":"paragraph","content":[{"text":"The last entry of the Subject Alternative Names of the certificate that should be used to prove the identity of the target server.","type":"text"}]},{"type":"paragraph","content":[{"text":"Note:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The application service (client) has to have access to the ","type":"text"},{"text":"public key","type":"text","marks":[{"type":"strong"}]},{"text":" of the routers certificate","type":"text"}]}]}]}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Router Configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"Each of the routers will take the incoming message, read the target network destination from the header, check the local configuration for the next hop, and forward the message to the next hop. It’s therefore necessary to add all the destination target networks and their next hop to the configuration file. Such configuration files are attached below.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Host configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"First of all, we will configure the router itself. On line 22, we add the ","type":"text"},{"text":"host","type":"text","marks":[{"type":"code"}]},{"text":" section, where we configure which ","type":"text"},{"text":"URI","type":"text","marks":[{"type":"code"}]},{"text":" the router is listening to. In this case, it’s ","type":"text"},{"text":"net.tcp://10.10.11.100:9001","type":"text","marks":[{"type":"code"}]},{"text":" which should match the ","type":"text"},{"text":"Target URI","type":"text","marks":[{"type":"code"}]},{"text":" from the target network example above. This configuration also references the behavior ","type":"text"},{"text":"SystemConnectorServiceBehaviours","type":"text","marks":[{"type":"code"}]},{"text":" which can be found on line 63. In that behavior configuration, we specify with the certificate that router 1 will encrypt its content. In this case, it’s ","type":"text"},{"text":"Router1.SystemConnector.CoreOne.ITSENSE.local","type":"text","marks":[{"type":"code"}]},{"text":" certificate. Similar to the target network configuration we, therefore, have the following requirements:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The router service user has to have access to the ","type":"text"},{"text":"private key ","type":"text","marks":[{"type":"strong"}]},{"text":"of this certificate.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The calling party, in this case, the application service, has to have access to the ","type":"text"},{"text":"public key","type":"text","marks":[{"type":"strong"}]},{"text":" of this certificate, in order to validate the message.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"On line 23 we specify all the ","type":"text"},{"text":"public ","type":"text","marks":[{"type":"strong"}]},{"text":"certificates that we can use to verify a sender's message. In our case, only the application server will initiate the communication and we, therefore, add that public certificate (","type":"text"},{"text":"Client.SystemConnector.CoreOne.ITSENSE.local","type":"text","marks":[{"type":"code"}]},{"text":") to the list. And we have the following requirements:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The router service user has to have access to the ","type":"text"},{"text":"public key ","type":"text","marks":[{"type":"strong"}]},{"text":"of this certificate.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Routing Configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"On line 27 we can find our routing configuration. Here we have to add all target networks, with their next hop. In our Router 1 example we route all traffic destined for ","type":"text"},{"text":"Default Network","type":"text","marks":[{"type":"code"}]},{"text":" to the next hop ","type":"text"},{"text":"net.tcp://10.10.12.100:9002","type":"text","marks":[{"type":"code"}]},{"text":". That destination has to match the configuration of Router 2, i.e. the Port and the certificate ","type":"text"},{"text":"Router2.SystemConnector.CoreOne.ITSENSE.local","type":"text","marks":[{"type":"code"}]},{"text":". So again we have the following requirements:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Router service 1 has to have access to the ","type":"text"},{"text":"public key","type":"text","marks":[{"type":"strong"}]},{"text":" of the router 2 certificate, in order to validate the message.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"This configuration also references the ","type":"text"},{"text":"SystemConnectorEndpointBehaviours","type":"text","marks":[{"type":"code"}]},{"text":" found on line 53. Here again, we specify with which certificate router 1 will encrypt its content sent to the next hops. This is again the ","type":"text"},{"text":"Router1.SystemConnector.CoreOne.ITSENSE.local","type":"text","marks":[{"type":"code"}]},{"text":" certificate. And we have the following requirements:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The router service user has to have access to the ","type":"text"},{"text":"private key ","type":"text","marks":[{"type":"strong"}]},{"text":"of this certificate.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The next hop and the application service, in this case, the Router 2 and the application service, have to have access to the ","type":"text"},{"text":"public key","type":"text","marks":[{"type":"strong"}]},{"text":" of this certificate, in order to validate the message.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Configuration Examples","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Router 1","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Router 2","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Router 3","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"System Connector (Host) ","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n","type":"text"}]}],"version":1}

Browser not supported