Configure firewall ports and setup

This topic describes how to configure Process Engine to work in a firewall configuration. To do so, make the following changes.

On the firewall:

Enable communication between the Application Engine and Content Engine servers on one side of the firewall (if Content Engine is co-located on the same side of the firewall as Application Engine), and the Process Engine by opening ports for the Broker (user configurable) and WSI access (user configurable through Process Task Manager).

On Process Engine:

A parameter must be added to the Process Engine server through Process Task Manager that forces Process Engine to return its host name instead of an IP address.

vworbbroker.endPoint = giop:tcp:<Process Engine FQDN>:<Port>

Application Engine

The Interoperable Object Reference (IOR) ports are used by Application Engine to communicate with Process Engine.

NOTE   The ports are user configurable. You can modify the ports in Process Task Manager on the General tab.

A static return port must be configured for Process Engine to return communication to Application Engine. This port is user-configurable and assigned in Process Task Manager.

To set a static return port

In Process Task Manager, go to the Process Engine node, and select the Advanced tab. Add the following property:

vworbbroker.endPoint = giop:tcp:<Process Engine FQDN>:<Port>

where <Port> is the port number that Process Engine uses to reply to the Application Engine request.

Content Engine communicating with Process Engine only

Process Engine authenticates users via Content Engine. To do this:

  1. Process Engine contacts Content Engine to verify the user credentials and user authentication information.
  2. Content Engine contacts the LDAP server to verify the information.
  3. The Content Engine server responds to Process Engine with authentication results.

The ports are bi-directional between Content Engine and Process Engine, and between Process Engine and Content Engine.

The ports used correspond to the Application Server, and are user-configurable.

Local Database

No firewall changes are required for Process Engine with a local database.

Remote database

The database “Listener” port is used for communication between Process Engine and the database.

The ports are bi-directional between Process Engine and the database, and the database and Process Engine.

The database ports are user-configurable.