×

Please give details of the problem

Docs

Find

Secure Enterprise Connector Installation Guide

This guide describes how to install and configure the following components:

  • SEC Agent
  • Protocol Manager
  • Adapters

1 - Prerequisites

  1. In order to deploy the Secure Enterprise Connector (SEC), a dedicated server is needed on the same network as the internal resources that you want to access.

  2. Minimum system requirements:

    • Operating System: Windows or Linux (for example Ubuntu, Red Hat, or Debian)
    • Disk Space: 200 MB for software installation, 2 GB for log files
    • CPU: Pentium D 2.4 GHz or faster (or equivalent AMD CPU) 32-bit or 64-bit
  3. Network requirements:

    • Ports: Open TCP port 4433 to sdc.runmyprocess.com (174.129.212.17)
    • No fixed IP is required for Internet access (this tutorial assumes that the machine is connected to the Internet).
  4. Components and access requirements:

    • Administrator access to the machine to install the software components
    • At least JDK 8
    • The machine must have a Web browser and a facility to download the required software components during the installation. Otherwise the files must be imported by different means.

2 - Installing and Configuring the Protocol Manager

The Protocol Manager receives information from the SEC Agent and forwards it to the correct adapter. All adapters are automatically registered in the Protocol Manager when they are running. To install the Protocol Manager, download and unzip the following zip file on your local server:

SEC Manager zip file

2.1 - Protocol Manager Configuration

The Protocol Manager must be configured to listen to the different adapter handlers. To configure the Protocol Manager you need to modify the [SECPATH]\configFiles\manager.config file.

The manager.config file should look like this :

1
2
3
#ProtocolManager configuration
pingPort = 4444
pingFrequency = 10000

Where

  • The pingPort is the port where the Protocol Manager expects to receive pings with registration information from the different protocols.
  • The pingFrequency is how long (in milliseconds) the Protocol Manager will wait for periodic pings from registered handlers before it assumes they are idle. The handlers are automatically registered with the first ping.

NB : It is important that the pingPort is configured with the same pingPort as the ProtocolHandlers and the pingFrequency should be at least three times as long as the time between periodic pings.

2.2 - Testing the Protocol Manager

To start the Protocol Manager in a Linux environment, navigate to the installation folder and, in the jetty7.6.11 subfolder, run the following command:

1
java -jar start.jar

After starting the Protocol Manager, you should see the following information:

config_domain

For starting the Protocol Manager in a Windows environment, navigate to the installation folder and, in the jetty7.6.11 subfolder, run the following command from the command prompt:

1
java -jar start.jar

Alternatively, you can choose to run the runManager.bat file which can be found in the root folder. After starting the Protocol Manager you should see the following information:

protocol_manager

Notice that the Jetty server is running on port 8080. It is very important to remember this port to configure it later in RunMyProcess.

Once the Protocol Manager is running, you can test it by opening a browser and navigating to:

1
http://localhost:8080/

You should get the following message:

1
The SEC-ProtocolManager is running! Registered Protocols

When you have registered some adapters, this test will show a list of the adapters that are registered in the Protocol Manager.

NB : A common error you may get is that the port is already in use. This may be due to a previous Jetty server that was running and has not been stopped correctly, or some other application is using this port. You have to kill the process that is already using the port or you can change the port on which Jetty runs the Protocol Manager. To change the port, navigate to the jetty7.6.11 folder and edit the jetty.xml file located in the [SECPATH]\jetty7.6.11\etc folder, and modify the default Jetty port.

1
<Set name="port"><Property name="jetty.port" default="8085"/></Set>

3 - Installing and Configuring the SEC Agent

The SEC Agent establishes the tunnel to connect your local machine with RunMyProcess.

3.1 - Configuring a RunMyProcess Domain to Accept your SEC Connection

  • Go to ACCOUNT > Configuration > Domains tab > New domain

    config_domain

  • Enter your domain name (1), select Allow SEC connections (2), enter the login name (3) and password (4) (the ones you have replaced in the localConfig.xml file).

  • Save your changes.

3.2 - SEC Agent Configuration

To install and configure the SEC Agent, proceed as follows:

  • Download and unzip the following zip file on your local server:

    RunMyProcess SEC Agent zip file

  • Edit the local config file in {SECPATH}\sec-agent-manzanillo\config\localConfig.xml:

    • Replace mydomain.com (e.g. iloverunmyprocess.com)
    • Replace mynickname (e.g. admin)
    • Replace mypassword with a strong password (e.g. CI6ADFOmLU3CQB3JDywl)

NB : To allow the Secure Enterprise Connector to connect to RunMyProcess, please open outgoing call to the IP address 52.28.206.190 on port 4433 (TCP) in your Firewall.

3.2.1 - Configuring the Keep-Alive Health Checker (OPTIONAL)

Most problems with the Secure Enterprise Connector in production environments occur because there is a firewall restriction that closes the SEC tunnel. Some firewalls have a strict rule that data must be flowing through open ports. The newest version of the Secure Enterprise Connector assures that the tunnels remain open by periodically receiving ping information from RunMyProcess.

You can configure your SEC to take action when the periodic pings are interrupted. You can either log the connection error, send an email through your SMTP, or send an HTTP POST request to start a process in RunMyProcess.

LOGGING

To log connection errors, create a keepAlive.config file in [SECPATH]\sec-agent-manzanillo\config\, if it does not already exist. The config file should look like this:

1
2
3
#KeepAlive error Configuration
operation = LOGGING
waitIdleTime = 300000

Where

  • operation is the operation to take place (it should always be LOGGING)
  • waitIdleTime is the time in milliseconds, that the SEC Agent will wait for a message from RunMyProcess. Runmyprocess will send a message approximately every 30000ms, so the closer the number is to 30000 the sooner you will receive an error if something goes wrong, but if you get too close you may get false negative. We recommend that you set this value to 300000 (300 seconds).

POSTING

Posting can be very useful to interact with RunMyProcess during a tunnel problem. You can, for example, create a Process or a composite API and launch it from the SEC by creating a keepAlive.config file in [SEC_PATH]\sec-agent-manzanillo\config\, if it does not already exist. The config file should look like this:

1
2
3
4
5
6
7
8
#KeepAlive error Configuration
operation = POST
waitIdleTime = 300000
url = https://live.runmyprocess.com/{Your_Process'_ConnectorUrl}
contentType = application/json
content = {}
userName = myuser@mycompany.com
password = mypassword

Where

  • operation is the operation to take place (it should always be POST).
  • waitIdleTime is the time in milliseconds that the SEC Agent will wait for a message from RunMyProcess. RunMyProcess will send a message approximately every 150000ms, so the closer the number is to 150000 the sooner you will receive an error if something goes wrong, but if you get too close you may get false negative. We recommend that you set this value to 300000.
  • url is the url of the process you wish to post.
  • contentType is what your post expects as type of input.
  • content is the input or body of your post.
  • userName is the HTTP request authentification user (your RunMyProcess login user).
  • password is the HTTP request authentification password (your RunMyProcess password).

NB: Make sure that your process/API is set to receive a POST request. The SEC will log the POST reply.

E-MAILING

You may choose to send an email using your local SMTP server. To do this, create a SMTP.config file and a keepAlive.config file in [SEC_PATH]\sec-agent-manzanillo\config\.

The keepAlive.config file should look like this:

1
2
3
4
5
6
7
8
9
#KeepAlive error Configuration
operation = EMAIL
waitIdleTime = 300000
username = admin@mycompany.com
password = mypassword
from = from@mycompany.com
to = to@mycompany.com
subject = Secure Enterprise Connector not working
body = The SEC is no longer sending periodic keep alive pings

Where

  • operation is the operation to take place (it should always be EMAIL).
  • waitIdleTime is the time in milliseconds that the SEC Agent will wait for a message from RunMyProcess. Runmyprocess will send a message approximately every 150000ms, so the closer the number is to 150000 the sooner you will receive an error if something goes wrong, but if you get too close you may get false negative. We recommend that you set this value to 300000.
  • username is the SMTP user.
  • password is the SMTP password.
  • from is the email sender.
  • tois the email recipient.
  • subject is the email's subject.
  • body is the email's message.

The SMTP.config file should have your SMTP properties. It should look something like this:

1
2
3
4
5
6
#KeepAlive error Configuration
mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.host=smtp.gmail.com
mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory
mail.smtp.port=465

NB: The connection problems with RunMyProcess may be due to a problem with your internet connection. If you configured the SEC to send an email outside your local network, or a POST to an external URL, it will not work. Make sure that you are not having problems accessing external resources.

4 - Installing and Configuring the Adapters

The following Adapters are available in a single executable:

  • File Reader Adapter
  • FTP Adapter
  • JDBC Adapter
  • LDAP Adapter
  • SMTP Adapter

Follow these instructions:

  1. Download and unzip the following zip file on your local server:

    Unified Adapters zip file

    This zip file contains the executable for installing the above adapters, licences, and configuration files.

    The directory structure should be as follows: \unified-adapter-develop-jar-with-dependencies.jar\configFiles\handler.config \configFiles\[ADAPTER].config

  2. Copy the following files into [SECPATH]\configFiles\:

    • handler.config
    • [ADAPTER].config (e.g. JDBC.config)
  3. Specify the target adapter in the \configFiles\handler.config file and configure the [adapter].config file. The Unified Adapters zip file contains reference configuration files.

    Proceed as described in the individual adapter documents:

The Unified Adapters zip file also contains a sample for creating a custom adapter.

In addition, a JCO3 Adapter is available as a separate, single zip file.

NB: You can use only one adapter instance per adapter. The Adapter Manager does not handle multiple adapters at once.

5 - Testing the SEC

The SEC is comprised of the following elements: the Protocol Manager and the SEC Agent, plus the individual adapters.

5.1 - Running the Protocol Manager

To start the Protocol Manager in a Linux environment simply navigate to the installed folder and, in the jetty7.6.11 folder, run the following command from the Terminal:

1
java -jar start.jar

You should see the following information:

protocol_manager

To start the Protocol Manager in a Windows environment, navigate to the root folder and run the runManager.bat file.

You should see the following information:

protocol_manager

5.2 - Running the SEC Agent

Make sure that the domain is registered and configured correctly in RunMyProcess.

In a Linux environment, you should navigate to the [SEC_PATH]\sec-agent-manzanillo and run:

1
[SEC_PATH]\sec-agent-manzanillo\bin\runagent.sh

connector_agent

If you are running the SEC Agent on a Windows server, navigate to the [SEC_PATH]\sec-agent-manzanillo\ folder and run the runagent.bat file.

1
runagent.bat

connector_agent

A log folder is generated when you first launch the SEC Agent. You can modify the log properties in the [SEC_PATH]\sec-agent-manzanillo\config\log4j.properties file.

When the SEC Agent is running successfully, the following message will be logged:

log_file

Now the encrypted SEC tunnel is configured between your local server and RunMyProcess.

6 - How to Call a Local Resource from my RunMyProcess Account?

  • In RunMyProcess, select a project > New > Provider.

config_provider

  • Enter a title (1), enter the root of your local server (2), select None as authentication scheme (3), select Use Secure Enterprise Connector (4), select a domain (5), click on the green arrow to duplicate the configuration for test and live environments (6).
  • Save.
  • Now create a new connector for this provider.

new_connector

  • Enter the resource URL you want to reach in the Connector url field. In the screenshot below we left it empty to check the manager status.

config_connector

  • Click the Launch Test link, then the Launch test button to call this connector:

SEC_test_results

NB: If the SEC does not respond, make sure that the configured port for the Protocol Manager is the same as configured in RunMyProcess (localhost:8080 by default).

  • Now you can use this connector in your process.

Congratulations!

You can now call resources on your local servers from your RunMyProcess applications in the cloud! Start adding adapters to connect to your local resources.