Connect:Direct Adapter Configuration - Basic

Use this screen to specify system-level communications information for IBM® Connect:Direct® connections to and from Secure Proxy. You can set up a configured Proxy Adapter to multiple Secure Proxy engines so you can push one adapter configuration from the Configuration Manager to multiple engine instances.

Before you can click the Advanced or Properties tab, you must specify Adapter Name and Listen Port and select a Netmap and SNODE Netmap Entry to associate with the adapter.

To manage Secure Proxy engines with a configured Adapter:
  • Click Add to add a new engine to the configured adapter.
  • Click Copy to copy an existing engine to the configured adapter.
  • Click Remove to remove a specific engine to the configured adapter.

Connect:Direct basic adapter fields are defined in the following table:

Field Name

Description

Name

Name identifies the name to assign to the adapter you create. Valid values are 1-150 alphanumeric characters with no spaces. Special characters allowed are period (.), dash (-), and underscore (_).

Description

Description assigns a description to help you identify the adapter you create. Description can be up to 255 characters.

Type

Type identifies the protocol being used: Connect:Direct.

Listen Port

Listen Port identifies the port number to use to listen for inbound connections. Valid values include 1-65535.

Netmap

Netmap identifies the name of the netmap to associate with the adapter you are defining. If the netmap has not been created, click + to add the netmap.

Routing Type
Select the Routing Type to identify how inbound connections are routed to the server in the trusted zone. Routing options include:
  • Standard — select Standard to direct connections to the outbound node specified in the SNODE Netmap Entry field.
  • Certificate-based — select this option to use the certificate presented by the inbound PNODE to determine which outbound SNODE to connect to. Certificate-based routing uses IBM Sterling External Authentication Server and requires that you configure a Sterling External Authentication Server.
  • PNODE-specified — select this option to route outbound connections based on information provided by the inbound PNODE.
  • PNODE-specified, then Standard — select this option to route outbound connections based first on information provided by the inbound PNODE. If no routing information is selected by the PNODE, the connection is routed to the outbound node specified in the SNODE Netmap Entry field.
  • PNODE-based routing — select this option to use the routing node name specified in the PNODE entry in the netmap to make backend Sterling Connect:Direct server connections. If there is no routing node selected for this PNODE, an error is reported.
  • PNODE-based routing with a fallback — select this option to use the routing node name specific in the PNODE entry in the netmap to make backend Sterling Connect:Direct server connections. If no routing information is selected for this PNODE, it will use a default node to make the backend connection.

SNODE Netmap Entry

SNODE Netmap Entry identifies the name of the Connect:Direct server where the node connections are routed, after connecting to Secure Proxy. Select this value from a pull-down list.

Engines

Engine identifies the Secure Proxy server in the DMZ where traffic is first routed before being sent to the outbound secure Connect:Direct server. Select an engine from the list. You can identify multiple engines to a configured adapter. You must define an engine before you can create an adapter.

Inbound PS

Inbound Perimeter Server. Select the perimeter server for the inbound connection in the Perimeter Server Mapping - Inbound Perimeter Server field. To use a remote perimeter server, you must define the server before you associate it with an inbound connection.

Outbound PS

Outbound Perimeter Server. Select the perimeter server to use for the outbound connection in the Perimeter Server Mapping - Outbound Perimeter Server field. To use a remote perimeter server, you must define it before you can associate it with an outbound connection.

EA PS

External Authentication Perimeter Server. Select the perimeter server to use for the Sterling External Authentication Server connection in the Perimeter Server Mapping - External Authentication Perimeter Server field. To use a remote perimeter server, you must define it before you can associate it with an Secure Proxy connection.

EA Server

External Authentication Server. External Authentication Server identifies the server to use. Select the server from the pull-down list. You must define a Sterling External Authentication Server before you can select the server from the list.
ICAP Server Internet Content Adaptation Protocol (ICAP) Server. Select the ICAP server to use to process anti virus and malware scanning requests. You must define a ICAP server before you can select the server from the list.
ICAP PS Internet Content Adaptation Protocol (ICAP) Perimeter Server. Select the perimeter server to use to connect to ICAP Server per engine basis for a given Connect:Direct Adapter.

Startup Mode
Startup Mode identifies how the adapter is started. Values are:
  • auto — starts the adapter as soon as it is pushed to the engine
  • manual — requires that the adapter be manually started