Configure the SecureTransport server

Introduction

This guide provides information about configuring:

Setup SecureTransport SSL connectivity

Log in to the SecureTransport administration

The secure URL normally uses either port 444 or port 8444 : https://securetransport-server-hostname:port

Add the Axway Decision Insight trusted certificate in SecureTransport

The SecureTransport connection must be secure. For that, you must trust the public certificate authority of the Axway Decision Insight (DI) QLT server .

  1. Retrieve the DI public certificate authority from the JKS created in DI. For more information, see how to create a key store.
  2. In Setup (1) > Certificates (2) > Trusted CAs (3), import the public certificate authority (4).
  3. Enter an alias name for example: Decision Insight QLT server (1) and import the certificate file (2) (3).

Set up the connection to Axway Decision Insight

In the SecureTransport Decision Insight Setup pane, specify:

  • The DI server IP address in the Host field and a valid TCP port (1305 is the default port to send messages events through QLT ).
  • That SecureTransport uses a secure connection.
  • The event state types sent by SecureTransport.
  • The configuration of retention files containing messages ().

To enable the connector, in Setup (1) > Axway Sentinel/DI (2), select the Send Events to Axway Sentinel or Decision Insight Server checkbox (3).

 

Axway Sentinel / Decision Insight pane

  1. Enter the DI server host name (1).
  2. Enter the DI server port (2).
  3. Select the  Use Secure Connection checkbox (3).
  4. Select the  Verify Certificate checkbox (4).
  5. Select the  Send Heartbeat to Axway Sentinel Every checkbox (5).
  6. Set the time between two heartbeats (for example, 5 minutes ) (6) (7).

If DI is ready to receive transactions, that is you've correctly configured DI and started the data integration route, you can test the connection with the Test connection button (8).
This test indicates whether the port specified as the DI host accepts connections.

Events pane

In the Events pane, select the event states to send to Decision Insight.

The following states are mandatory and will be always reported to Decision Insight.

  • RECEIVING
  • RECEIVED
  • SENDING
  • SENT
  • FAILED
  • CANCELED

Overflow File pane

When SecureTransport cannot connect to Decision Insight to send events messages, it writes the event to the Overflow file and sends them once it can connect.
This should prevent loss of data for a few hours in case of a potential Decision Insight connection problem or a maintenance period.
You can convert a rentetion time periodd into disk space consumption to adapt the Size (MB) parameter of the Overflow file.

Determine disk space for event messages retention

Use this formula to determine the space without a margin:

Retention period (in Hours)  x Message log size (in ko)
/ 1024  x   Throughput (in Files per hour)  
x average of event message log send per receive file

For example:

5 h x 3 ko  / 1024 x 20 files/h x 15 Ev/file = 4,4 → 5 Mo

(info) The number of event message logs per received files depends on the SecureTransport route process number.

  1. In the Name filed, enter a file name, for example, overflowFile.data (1).
  2. In the Path field, enter the path to the overflow file, for example, <PATH_TO_ST> (2).
    (warning) Specify a local path, not one in a shared storage, because each server in a cluster must have its own overflow file.
  3. Specify a size in MB, for example, 10 (3).
  4. Enter the Warning Threshold in percent of file size, for example, 90 (4).
  5. Select the Stop Collecting New Events checkbox (5).

Save settings

Don't forget to save the new settings (1).

Changes to these settings take effect only when the Transaction Manager is restarted.

Mandatory SecureTransport configuration rules

To ensure the information you see in your dashboards is clear and well built, you must respect some configuration rules for the definition of:

  • the Account Type in User Account definition.
  • the Site Type in Transfer Site definition .

Rules

  1. To display the account transfers on the dashboard:
    You must specify the Account Type or Site Type. Select Partner or Internal. (warning) Do NOT select Unspecified.
  2. To display consistent information on the dashboard:
    All Transfer Sites must have the same Site Type as the User Account Type (Internal or Partner).

Types of Configuration Panes

User Account
Choose Internal or Partner

Transfer Site

For a Transfer site type, choose the same type as the Account type.

SecureTransport Server access configuration on Decision Insight

Once the SecureTransport server is configured, you will need to register it in order to be able to resubmit transfers from the dashboards and also retrieve SecureTransport reference data such as business units and accounts.

To achieve that, you can either use the configuration dashboard, APIs, or data integration tools such as resources/routes.

Configuration dashboard

You can remove a SecureTransport from the list, typically when this server is no longer active. At the bottom of the screen the link towards the Swagger interface will allow you to create or update a server with the parameters listed in the next section.

Configuration APIs

Register SecureTransport administration server

HTTP Method

URL

POST <base_ADI_url>/ws-doc#!/absorb/07_ST_Configuration_04_UpdateSTServer


In-line parameters

Name

Description

id

Server hostname. Should be the exact same value as the one that will be conveyed in the transfer events (PRODUCTIPADDR attribute).
name Server name.

address

SecureTransport Server hostname (or IP) with port number.

login

User login

password

User password

Sample request body

{
  "id": "NewHostname",
  "name": "NewHostname",
  "address": "10.128.77.150:8444",
  "login": "admin",
  "password": "admin"
}

Unregister SecureTransport server

This operation can be done when the server is no longer in use and should be permanently removed so as to prevent the dashboards from being polluted with unnecessary data. The removal will take effect from the operation date, meaning that past data related to the server will be kept. 

HTTP Method

URL

POST <base_ADI_url>/ws-doc#!/absorb/07_ST_Configuration_10_RemoveSTServer


In-line parameters

Name

Description

id

Server hostname. Should be the exact same value as the one that will be conveyed in the transfer events (PRODUCTIPADDR attribute).


Sample request body

{
  "id": "OldHostname"
}

Resources/routes

Using resources/routes is a convenient method to create or modify mulitple servers at once.

Update the configuration resource

On the main menu, click Data integration. On the left menu, click Resources, and change the content of the 04_STServers resource.

The resource content is using the CSV format and must contain a header as shown in the example below:

id,name,address,login,password
452f28c12d59,ST Instance Test,vmqa17.lab.ptx.axway.int:8444,admin,admin


A SecureTransport instance configuration consists of:

  • An ID – Must be the same as reported in the Tracked Object event (PRODUCTIPADDR attribute).
  • name – For use in the Prebuilt Dashboards.
  • The address – Used to access the SecureTransport instance.(make sure to provide a valid address, otherwise the 'resubmit' operation will return an error message).
      address field formatted as below: <hostname>:<port>
  • login and a password  – Used to access the SecureTransport instance (make sure to provide a valid login/password combination, otherwise the 'resubmit' operation will return an error message).
Run the configuration route

Once the resource content is updated:

  1. On the left menu, click Routes.
  2. Run the configuration route 04-ConfigureSTServers, located in the 07-ST-Configuration space.



Related Links