Secure Data Gateway
The iON Secure Data Gateway (SDG) Client provides a secure data link between your iON application and enterprise data sources. Any private services or data sources behind an enterprise firewall can be made available to your iON application by using the SDG client.
Installing the Secure Data Gateway
The SDG Client is distributed as a zip file that you need to save and expand on a system within the private network (including the same machine where your data sources are running). Once launched, the SDG provides connectivity to your private data sources. This means that the SDG system must have the authority to connect to, and perform the desired operations on, these private data sources.
To set up the SDG Client, you need to:
Prerequisite JDK/JRE
- SDG is a Java application, in order to run it you'll to have a Java runtime installed(JDK or JRE). One way to check if you have Java installed is to run "java --version" on the command line.
- If you find our that you need to install Java, please download the appropriate version from: http://www.java.com/en/download/manual.jsp and follow the instructions for installation.
Download the SDG Client
- Click here to download the SDG Client zip file.
- Copy the zip file to the SDG server (that is, the system where the SDG client application will run).
- Expand the SDG zip file oOn the SDG system.
$ unzip ion-sdg-client-version.zip
Configure the SDG Client
On the SDG server, navigate to the ion-sdg-client directory (that is, where you expanded the SDG client zip file as explained in Download the SDG Client). Then edit the conf/config.xml file. This file contains the configuration parameters used to connect to iON and to obtain information about your running iON applications.
Te following examples assume that the ion-sdg-client directory is in /opt/ion-sdg-client-version.
$ cd /opt/ion-sdg-client-version
$ vim conf/config.xml
Enter you application domain names:
<domains>myapp1,myapp2</domains>
 | The domains element should contain a comma separated list of the short unqualified domain names of the applications that need to make use of the SDG. |
Enter your iON username and password:
<username>your.ion.username</username>
<password>your.ion.password</password>
By default, the SDG client tunnels socket connections via SSH over HTTP. If the network where the SDG is running supports outbound SSH traffic, SSH can be used by the SDG directly. To disable the use of HTTP tunneling:
<disableHTTPTunnel>1</disableHTTPTunnel>
| HTTP proxy support is not currently supported, but will be coming soon. |
The domains parameter in the conf/config.xml file identifies the applications that will be auto-detected by the Secure Data Gateway when the applications are running. The mappings in the mappings.xml file are used to establish secure tunnels with the workers for the domains.
Set up SDG Mappings
The SDG client works by securely mapping network ports from your iON application worker to hosts/ports in your private network. These mappings are read from the conf/mappings.xml file by the SDG Client when it discovers your iON application.
The default mappings.xml file that comes with the download looks something like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<mappings>
<mapping>
<domain>mydomain</domain>
<remotePort>10000</remotePort>
<privateHost>localhost</privateHost>
<privatePort>3306</privatePort>
</mapping>
</mappings>
This configuration maps port 10000 on the mydomain application worker to port 3306 on the SDG Client system. That is, if a MySQL database is running on port 3306 of the client system, a JDBC connector running on iON could refer to localhost:10000 and interact with the MySQL database on the SDG Client system.
There is no reason the data sources need to run on the SDG Client, and there are no limits to the number of mappings supported.
| It is important to pay attention to the domain element for each mapping, especially when mapping ports for multiple application domains. The domain element should map to one of the domains specified in the domains element of the config.xml file. |
Launch the SDG Client
Navigate to the ion-sdg-client directory and execute the invoke script that matches your operating system.
The following examples assume that the ion-sdg-client directory is in /opt/ion-sdg-client-1.0
On Linux or Mac OS X:
$ cd /opt/ion-sdg-client-version
$ ./bin/sdg.sh
On Windows:
$ cd ion-sdg-client-version/bin
$ sdg.bat
When this script launches, it reads the configuration data from conf/config.xml and connects to iON. It receives information that it uses to establish secure connections directly to your running iON applications. Periodic polling enables the SDG client to adapt to changes in the location and number of applications you have running on iON.
Example output:
Initializing Secure Data Gateway
Establishing connection to iON plaform server muleion.com
Connecting to 75.101.227.200 port 9999
Connection established
Remote version string: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
Local version string: SSH-2.0-JSCH-0.1.44
CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server->client aes128-ctr hmac-md5 none
kex: client->server aes128-ctr hmac-md5 none
SSH_MSG_KEXDH_INIT sent
expecting SSH_MSG_KEXDH_REPLY
ssh_rsa_verify: signature true
SSH_MSG_NEWKEYS sent
SSH_MSG_NEWKEYS received
SSH_MSG_SERVICE_REQUEST sent
SSH_MSG_SERVICE_ACCEPT received
Authentications that can continue: publickey,keyboard-interactive,password
Next authentication method: publickey
Authentication succeeded (publickey).
Secure tunnel established 75.101.227.200:10000 -> localhost:3306
Managing and Monitoring
The status of the SDG can be seen on the application dashboard. When it's connected, you'll see the a green icon, when it was started, and when it was last seen. Additionally, you can receive email alerts whenever the SDG connects and disconnects, allowing you to quickly fix anything if it goes wrong with your installation. For more information, see Alerts and Notifications.
Next steps
Congratulations! You have now successfully set up the SDG client. From here, you can proceed to one of the following tutorials.
This page
Other pages
Account
Administration