Chapter 5 Security Configuration

Listeners

A listener is a Jaguar port that communicates to clients using various protocols. For protocols that use SSL security features (HTTPS and IIOPS), you assign a security profile to the listener. The profile defines security characteristics of the listener. For protocols that do not use SSL (HTTP, IIOP, and TDS), no security profile is required.

This section describes the tasks required to configure listeners. You can:

Create a new listener and assign a profile to it.
Assign a profile to an existing listener.
Modify listener settings for both secure (IIOPS and HTTPS) and unsecure protocols (TDS, IIOP, and HTTP).

Preconfigured listeners

Jaguar comes with preconfigured listeners for all protocols. Secure protocols are assigned a predefined security profile.

The default settings for the preconfigured listeners are described in the following table. Only secure listeners use security profiles.

Table 5-6: Default listener settings
Listener name	Port	Security profile
http	8080
https1	8081	sample1
https2	8082	sample2
iiop	9000
iiops1	9001	sample1
iiops2	9002	sample2
tds	7878
OpenServer	7979

The default host for these listeners is "localhost." Sybase recommends that after you install Jaguar, you log in to Jaguar Manager and change the default host setting to the actual host name or IP address of your machine. If you do not, only connection requests originating from the Jaguar host machine are accepted. This means that, until you modify your settings, Jaguar Manager must also be on the same machine as the Jaguar server. You can also modify port number settings for the preconfigured listeners. For more information, see "Modifying an existing listener".

The OpenServer listener is intended for migrating existing Open Server applications to Jaguar. See the Jaguar CTS Programmer's Guide for more information.

You must restart the Jaguar server for your changes to take effect. If you have changed the Jaguar server's host name and port number, you must also restart Jaguar Manager and reconnect to the Jaguar server using the new host name and port number.

Listener failover

If a server cannot retrieve listener information from the repository for an IIOP listener or if an IIOP listener has not been configured, the server attempts to open a listener at this address:

IIOP: localhost, 9000

Listener start-up can fail if a port is already in use. You can verify the listener addresses in use by viewing the initial log entries in the srv.log file. If the log messages indicate a listener configuration problem, use Jaguar Manager to connect to the indicated IIOP address and reconfigure the server's listener properties.

Configuring listeners

This section describes how to create, modify, and delete a listener. All of the configuration tasks require you to first access the Listeners folder from Jaguar Manager:

Double-click the Servers folder.
Double-click the server for which you want to create, modify, or delete a listener.
Click the Listeners folder on the left side of the window.

Creating a new listener

Select File | New Listener.
Enter the name of the new listener, then click Create New Listener.
Complete the information in the Listener Info window. See Table 5-7.

The new listener appears on the right side of the window when you highlight the Listeners folder.

Modifying an existing listener

Highlight the listener you want to modify.
Select File | Listener Properties.
Make your modifications and click Save. Listener properties are described in Table 5-7.

Deleting a listener

Highlight the listener you want to delete.
Select File | Delete Listener Profile.

Table 5-7: Listener profile properties
Property	Description	Comments/example
Protocol	Select the protocol from the drop-down list: HTTP IIOP TDS HTTPS IIOPS	HTTPS and IIOPS are secure protocols that provide all of the security features made available by SSL, including authentication and encryption. TDS, IIOP, and HTTP do not provide encryption. TDS and IIOP provide user name and password-based authentication.
Host	The name or IP address of the Jaguar host to which the listener is being assigned.	For predefined listeners, change the initial setting from "localhost" to the actual machine name or IP address. This allows clients from other machines access to Jaguar. Sybase recommends that you provide the IP address of the host instead of the host name. In certain cases, a client may not be able to resolve a host name. For example, the client's DNS server or hosts file does not have an entry for the specified host.
Port	The port number on the host to which the listener is assigned.	Make sure that the port is not in use by any other service.
Jaguar Security Profile	Select one of the preconfigured security profiles from the drop-down list. This field is enabled for only the secure protocols (HTTPS or IIOPS).	You can create new security profiles that can be assigned to a listener. See "Security profiles" for information on security profiles.
Enable Open Server Events	When selected, the TDS port accepts open server client connections, if not, only MASP requests are accepted.	You must use TDS as the protocol for Open Server events.