Chapter 1 Introducing Jaguar CTS


Network protocol support

Jaguar supports the following protocols:

To enable support for each protocol, you must define a listener in Jaguar Manager. The listener configuration specifies a server address (host name and port number) as well as the network protocol and security settings to be used by clients that connect to that listener. SSL support requires installation of a server certificate. See the Jaguar CTS System Administration Guide for more information.

HTTP tunneling support

Almost all network firewalls allow HTTP traffic to pass, but some reject IIOP packets. When IIOP traffic is tunnelled inside of HTTP, your clients can connect to the Jaguar server through a firewall that does not allow IIOP traffic to pass.

Jaguar's Java client ORB performs HTTP tunnelling automatically using the designated IIOP port. No additional configuration or proxies are required. When connecting, the Jaguar client-side ORB first tries to open an IIOP connection to the specified address and port. If the IIOP connection fails, the ORB tries an HTTP-tunnelled connection to the same address and port. The default behavior is appropriate when some users connect through firewalls that require tunnelling and others do not; the same application can serve both types. If you know HTTP tunnelling is always required for a Java client, you can set the ORBHttp property to cause the ORB to use HTTP tunnelling without trying plain IIOP connections first.

The C++ client ORB supports tunnelling when clients explicitly request it by setting the ORBHttp property.

SSL support

The SSL protocol allows connections to be secured using public-key encryption and authentication algorithms that are based on digital certificates. SSL is a wrapper protocol: packets for another protocol are secured by embedding them inside of SSL packets. For example, HTTPS is HTTP secured by embedding each HTTP packet within an SSL packet. Likewise, IIOPS is IIOP embedded within SSL. HTTPS and IIOPS are also commonly called secure HTTP and secure IIOP, respectively.

Jaguar server provides native SSL protocol support. Specifically, Jaguar's built-in SSL driver supports dynamic negotiation, cached and shared sessions, and authorization for client and server using X.509 Digital Certificate Support.

In Jaguar Manager, you configure a secure IIOP or HTTP port by defining an IIOP or HTTP listener, then associating a security profile with the listener. The security profile designates a server certificate which will be sent to clients to verify that the connection ends at the intended server. The security profile also specifies the connection's required security settings, such as:

For detailed instructions on configuring secure ports, see Jaguar CTS System Administration Guide.

On the client-side, the following types of clients can open SSL connections to Jaguar servers:

 


Copyright © 2000 Sybase, Inc. All rights reserved.