×

Please give details of the problem

Docs

Find

Secure Enterprise Connector Installation Guide

This guide will show you how to install and configure the Connector Agent and the Protocol Manager.

1 Prerequisites

  1. In order to deploy the Secure Enterprise Connector (SEC), a dedicated server is needed on the same network as the internal resources that you wish to access.

  2. Minimum System Requirements:

    • Operating System: Windows or Linux (for example Ubuntu, Red Hat, or Debian).
    • Disk Space: 200 MB for software installation, 2 GB for log files
    • CPU: Pentium D 2.4 GHz or faster (or equivalent AMD CPU) 32-bit or 64-bit
  3. Network requirements:

    • Ports: Open TCP port 4433 to sdc.runmyprocess.com (174.129.212.17)
    • No fixed IP is required for Internet Access (this tutorial assumes that the machine is connected to internet).
  4. Components and Access requirements:

    • Administrator access to the machine to install the software components
    • JDK 1.7 (http://www.oracle.com/technetwork/java/javase/downloads/index.html) minimum
    • The machine must have a web-browser and a means of downloading the required software components during installation. if this is not possible, the files must be imported by some other means.

2 - Install and Configure the Protocol Manager

The Protocol Manager receives the information from the agent and forwards it to the correct Adapter. All adapters are automatically registered in Protocol Manager when they are running. To Install the Protocol Manager simply download and unzip the following zip file on your local server:

SEC Manager zip file

2.1 Protocol Manager Configuration

The Protocol Manager must be configured to listen to the different adapter handlers. To configure the Protocol Manager you must modify the {SECPATH}\configFiles\manager.config file.

The config file should look like this :

1
2
3
#ProtocolManager configuration
pingPort = 4444
pingFrequency = 10000

Where

  • The pingPort is the port where the Protocol Manager expects to receive pings with registration information from the different protocols.
  • The pingFrequency is how long (in milliseconds) the Manager will wait for periodic pings from registered handlers before it assumes they are idle. The handlers are automatically registered with the first ping.

NB : It is important that the pingPort is configured with the same pingPort as the ProtocolHandlers and the pingFrequency should be at least three times as long as the time between periodic pings.

2.2 Testing the Protocol Manager

To start the Protocol Manager in a Linux environment simply navigate to the installed folder and, in the jetty7.6.11 folder, run the following command from the Terminal:

1
java -jar start.jar

After starting the Protocol Manager you should see the following information:

config_domain

Similarly, to start the Protocol Manager in a Windows environment, navigate to the installed folder and, in the jetty7.6.11 folder, run the following command from the Command Prompt:

1
java -jar start.jar

Alternatively, in Windows, you can choose to run the runManager.bat file which can be found in the root folder. After starting the Protocol Manager you should see the following information:

protocol_manager

Notice that the Jetty server is running on port 8080. It is very important to remember this port to configure it later on RunMyProcess. Once the Manager is running you can test it by opening a browser and navigating to:

1
http://localhost:8080/

You should get the following message:

1
The SEC-ProtocolManager is running! Registered Protocols

When you have registered some adapters, this test will show a list of the adapters that are registered in the manager.

NB : A common error you may get is that the port is already in use. This may be due to a previous jetty server that was running and was not correctly stopped, or that there is some other application using that port. You have to kill the process that is already using the port or you can change the port in which jetty runs the Manager. To change the port simply navigate to the jetty folder and edit the jetty.xml file that is located in the {SECPATH}\jettyxxx\etc" folder, and modify the default jetty port.

1
<Set name="port"><Property name="jetty.port" default="8085"/></Set>

3 - Install and Configure the SEC Agent

The SEC-Agent will establish the tunnel to connect your local machine to RunMyProcess.

3.1 - Configure a RunMyProcess domain to accept your SEC connection

  • Go to ACCOUNT > Configuration > Domains tab > New domain

config_domain

  • Enter your domain name (1), tick 'Allow SEC connections' (2), then enter login (3) and password (4) (the ones you've replaced in localConfig.xml).

  • Save.

3.2 - SEC Agent Configuration

To install and configure the Connector Agent follow these instructions:

  • Download and unzip the folowing zip file on your local server:

RunMyProcess modified Connector Agent zip file

  • Edit the Local config file in {SECPATH}\sec-agent-manzanillo\config\localConfig.xml:

    • Replace mydomain.com (eg : iloverunmyprocess.com)
    • Replace mynickname (eg: admin)
    • Replace mypassword with a strong password (eg :CI6ADFOmLU3CQB3JDywl)

NB : To allow the Secure Enterprise Connector to connect to RunMyProcess, please open outgoing call to IP address 52.28.206.190 on port 4433 (TCP) in your Firewall.

3.2.1 - Configuring the Keep-Alive Health-checker (OPTIONAL)

Most problems with the Secure Enterprise Connector in production environments occur because there is a Firewall restriction that closes the SEC tunnel. Some Firewalls have a strict rule that data must be flowing through open ports. The newest version of the Secure Enterprise Connector assures that the tunnels remain open by periodically receiving ping information from RunMyProcess.

You can configure your SEC to take action when the periodic pings are interrupted. You can either log the connection error, send an email through your SMTP, or send an HTTP POST to start a process in RunMyProcess.

LOGGING

To log the connection error create "keepAlive.config" file in *{SECPATH}\sec-agent-manzanillo\config*, if it does not already exist. The config file should look like this:

1
2
3
#KeepAlive error Configuration
operation = LOGGING
waitIdleTime = 300000

Where

  • operation is the operation to take place (it should always be LOGGING)
  • waitIdleTime is the time in milliseconds, that the agent will wait for a message from RunMyProcess. Runmyprocess will send a message every 30000ms approximately so the closer the number is to 30000 the sooner you will receive an error if something goes wrong, but if you get too close you may get false negative. We recomend that you set this value to 300000 (300 seconds).

POSTING

Posting can be very useful to interact with RunMyProcess during a tunnel problem. You can, for example, create a Process or a composite API and launch it from the SEC by creating a "keepAlive.config" file in *{SECPATH}\data-connector-agent\config*, if it does not already exist. The config file should look like this:

1
2
3
4
5
6
7
8
#KeepAlive error Configuration
operation = POST
waitIdleTime = 300000
url = https://live.runmyprocess.com/{Your_Process'_ConnectorUrl}
contentType = application/json
content = {}
userName = myuser@mycompany.com
password = mypassword

Where

  • operation is the operation to take place (it should always be POST)
  • waitIdleTime is the timem in milliseconds, that the agent will wait for a message from RunMyProcess. Runmyprocess will send a message every 150000ms approximately so the closer the number is to 150000 the sooner you will receive an error if something goes wrong, but if you get too close you may get false negative. We recomend that you set this value to 300000.
  • url is the url of the process you wish to post
  • contentType is what your post expects as type of input
  • content is the input or body of your post
  • userName is the HTTP request authentification user (your RunMyProcess login user)
  • password is the HTTP request authentification password (your RunMyProcess password)

NOTE: Make sure that your process/API is set to receive a POST request. The SEC will log the POST reply.

E-MAILING

You may choose to send an email using your local SMTP server. To do this, create a "SMTP.config" file and a "keepAlive.config" file in *{SECPATH}\data-connector-agent\config*.

The keepAlive.config file should look like this:

1
2
3
4
5
6
7
8
9
#KeepAlive error Configuration
type = EMAIL
waitIdleTime = 300000
username = admin@mycompany.com
password = mypassword
from = from@mycompany.com
to = to@mycompany.com
subject = Secure Enterprise Connector not working
body = The SEC is no longer sending periodic keep alive pings

Where

  • operation is the operation to take place (it should always be EMAIL)
  • waitIdleTime is the timem in milliseconds, that the agent will wait for a message from RunMyProcess. Runmyprocess will send a message every 150000ms approximately so the closer the number is to 150000 the sooner you will receive an error if something goes wrong, but if you get too close you may get false negative. We recomend that you set this value to 300000.
  • username is the SMTP user
  • password is the SMTP password
  • from is the email sender
  • to is the email recipient
  • subject is the email's subject
  • body is the email's message

the SMTP.config file should have your SMTP properties. it should look something like this:

1
2
3
4
5
6
#KeepAlive error Configuration
mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.host=smtp.gmail.com
mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory
mail.smtp.port=465

NOTE: The connection problems with RunMyProcess may be due to a problem with your Internet connection. If you configured the SEC to send an email outside your local network, or a POST to an external URL, it will not work. Make sure that you are not having problems accessing external resources.

4 - Testing the SEC

The SEC is comprised of two elements: the Protocol Manager and the SEC Agent.

4.1 - Run the Protocol Manager

To start the Protocol Manager in a Linux environment simply navigate to the installed folder and, in the jetty7.6.11 folder, run the following command from the Terminal:

1
java -jar start.jar

You should see the following information:

protocol_manager

To start the Protocol Manager in a Windows environment, navigate to the root folder and run the runManager.bat file.

You should see the following information:

protocol_manager

4.2 - Run the Connector Agent

Make sure that the Domain is registered and configured correctly in RunMyProcess.

In a Linux environment you should navigate to the installation_path/data-connector-agent and run:

1
{SECPATH}\data-connector-agent\bin\runagent.sh

connector_agent

If you are running the Agent on a Windows server navigate to the {SECPATH}\data-connector-agent\ and run the runagent.bat file.

1
runagent.bat

connector_agent

A log folder is generted when you first launch the agent, you can modify the log properties in {SECPATH}\data-connector-agent\config\log4j.properties file.

When the agent is running successfully the following message will be logged:

log_file

Now the encrypted Secure Enterprise Connector tunnel is configured between your local server and RunMyProcess.

5 - How to call a local resource from my RunMyProcess account ?

  • in RunMyProcess select a project > New > Provider.

config_provider

  • Enter a title (1), enter the root of your local server (2), select Authentication scheme : None (3), tick 'use Secure Enterprise Connector' (4), select domain (5), click on the green arrow to duplicate configuration for test and live environments (6).
  • Save.
  • Now create a new connector for this provider.

new_connector

  • And put the resource url you want to reach (in Connector url field). In the screenshot below we left it empty to check the manager status.

config_connector

  • Click on 'Launch Test' link then 'Launch test' button to call this connector:

SEC_test_results

Note: If the SEC does not respond make sure that the configured port for the Protocol Manager is the same as configured in RunMyProcess (localhost:8080 by default).

  • Now you can use this connector in your process.

Congratulations!

You can now call resources on your local servers from your RunMyProcess applications in the cloud! Start adding adapters to connec to your local resources