Types of embedded servers

The following sections describe the types of embedded servers. See Usage summary of embedded servers for a quick-reference table of functionality for embedded servers.

Global and community-specific servers

When you define HTTP and SMTP delivery exchanges for a community, you can choose to use the global server, which can be shared by any community. Alternatively, you can define a community-specific server on a new port. Typically, the global server is the best choice.

Activator matches inbound messages to delivery exchanges for specific communities by the HTTP path or the email address, so there is no need to create a server for each community. The exception is HTTPS. Since the server certificate and list of trusted client authentication certificates are associated with particular communities, you must create a community-specific HTTP server to handle incoming HTTPS messages for each community.

FTP and SFTP servers

These servers use a slightly different model than the HTTP and SMTP servers. They are never tied to a particular community. Furthermore, they can host outbound exchanges for partners in addition to inbound exchanges for communities. An FTP server can be used in either a plain context (FTP) or a secure context (FTPS), but not both.

The FTP and SFTP servers also handle secure connections differently than the embedded HTTP server. Since the embedded HTTP server determines whether a connection must be secure based on the port, you must define separate servers on different ports if you want to allow both clear and secure connections. An embedded FTP server is not tied to a particular community; its trust of client authentication certificates is tied to the server itself and not to a particular community. When you view the settings for an embedded FTP server, there is a Trusted root certificates tab on the server settings page. This is in contrast with embedded HTTP servers, whose trusted SSL certificates are specified on the Certificates dialog for the associated communities.

SFTP has a slightly different model still. SFTP uses public keys instead of certificates to trust clients, and the public keys are tied to each SFTP user. Thus, you do not see a tab related to trusts when you view the settings for an embedded SFTP server. Nor do you find trusted public keys mixed in with a community’s trusted SSL certificates. Instead, you must go to the community or partner that owns the SFTP user and view the settings for that SFTP user. This is a security feature of the SFTP protocol that ties log‑in accounts to specific trusted keys. A key is not be accepted if it is used by the wrong user account for authentication.

With FTP and SFTP servers, all servers on the trading side share the same pool of user accounts. User accounts for trading are kept separate from user accounts for back-end application exchanges. This is further enforced when you create an FTP or SFTP exchange for an application delivery or pickup; you must define a new server instance on a separate port.

You should generally not allow outside connections to the SFTP embedded server.

PeSIT servers

Transfer CFT embedded servers move messages via PeSIT. See PeSIT for more information.

Servers for the user interface

Activator provides three embedded servers to handle end-user browser connections to the user interface:

  • CnHttpServer – Default HTTP embedded server enables users to log on to the UI via HTTP.
  • This server also enables the Mapping Services connection to the server for the deployment of maps and flows to the environment.
  • CnHttpsServer – HTTPS server is available if you want users to connect to the UI by a more secure method.
  • This server also enables the Mapping Services connection to the server for the deployment of maps and flows to the environment.
  • For more information see Configure the UI.
  • CnHttpsSamlSsoServer – Supports user SAML SSO connections with identity checks on the SSO identity server.
  • For general SSO configuration information, see Single sign-on.

For more information on these embedded server settings, see Configure the UI.

Related Links