Transaction Manager protocol and proxy server communication

SecureTransport uses a streaming protocol for communication between the protocol servers running on SecureTransport Edge and the Transaction Manager (TM) server running on SecureTransport Server. The streaming protocol abstracts all file transfer protocols and unifies and secures this central communication. When you deploy one or more SecureTransport Edge servers in a peripheral network (DMZ), the deployment is called streaming because no file transfer data is stored on the SecureTransport Edge server. The protocol servers translate the protocol they are serving to the streaming protocol but do not read or write files.

With a streaming deployment, the TM Server connects to the protocol servers on the configured SecureTransport Edge servers to establish the connections for the streaming protocol, so no process on a SecureTransport Edge ever makes a connection from the DMZ into the internal secure network. For more information, see SecureTransport Edge. (The TM server and protocol servers running on SecureTransport Server also use the streaming protocol internally.)

Note Unless a number is specified via the corresponding system properties, the number of established streaming connections from Transaction Manager to a single protocol daemon (Admin, FTP, HTTP, and so forth) is calculated with the help of formula: min(20, 2*CPUs)

SecureTransport Edge provides a SOCKS5 proxy for server-initiated file transfers.

You configure the communication between the TM server and protocol servers and access to SOCKS5 and HTTP proxies by defining network zones. Each network zone on a SecureTransport Server can have one or more network zone nodes that define access either within the SecureTransport Server or between the SecureTransport Server and one or more SecureTransport Edge servers or HTTP or SOCKS5 proxy servers. The TM Server connects to all protocol servers configured in all network zones. In each AS2, FTP(S), HTTP(S), PeSIT, or SSH transfer site, you can select a network zone to specify which HTTP or SOCKS5 proxy SecureTransport uses for server-initiated transfers through that transfer site. SecureTransport selects a node from the network zone using a load-balancing policy when a server-initiated transfer uses the network zone.

Because you can specify multiple SecureTransport Edge addresses in a node and multiple nodes in a network zone, you can implement any required many-to-many communication between TM servers on SecureTransport Servers and protocol and SOCKS5 proxy servers on SecureTransport Edge servers.

On a SecureTransport Server, a special network zone named Private defines the ports used for internal communication between the TM Server and the protocol servers and the Administration Tool server running on the SecureTransport server.

On a SecureTransport Edge server, there is only one network zone, a special one named Private that specifies the ports that the protocol servers listen on for connections from TM servers on SecureTransport Servers. The port number must match the port number configured in the network zone on the SecureTransport Servers that defines the connection to the SecureTransport Edge server. You cannot define more network zones on a SecureTransport Edge server.

Note Do not configure a connection from the SecureTransport TM Server to the SecureTransport Edge ADMIN server.

The following topics describe the streaming deployment and describe managing the Transaction Manager (TM), protocol, and proxy server communication:

Related Links