Configuring Mobile Enterprise Gateway (MEG) in High Availability (HA) mode

Follow these steps to configure a gateway cluster in High Availability (HA) mode.

Procedure

  1. From the Cloud Extender® Configuration Tool, select Enterprise Gateway, and then choose the High Availability - setup a new cluster checkbox.
  2. Select whether to run the gateway cluster in Direct or Relay mode.
    • To run the gateway cluster in relay access mode, configure these settings:
      Gateway Details window
      1. Enter the name of the gateway in the Gateway Name field. This name is displayed in all MaaS360® Portal workflows.
      2. Select Relay.
      3. From the relay server list, select an available relay server. MaaS360 administrators provision the relay server list during service provisioning. If a regional relay is missing from your list (US, EU, or APAC), contact IBM® Support.
      4. Select Accept all Untrusted Certificates to configure the gateway to ignore certificate exceptions from intranet resources. For example, if your intranet site uses a self-signed certificate, then access to this site produces a certificate exception. When you enable this option, the exception is ignored and the request is served by the gateway.

        For security reasons, disable this option and install the site SSL certificates to the certificate store of the gateway server instead.

      5. For procedures on how to set up a database, see Setting up a shared database for High Availability (HA).
    • To run the gateway cluster in direct mode, configure these settings:
      1. Enter the name of the gateway in the Gateway Name field. This name is displayed in all MaaS360 Portal workflows.
      2. Select Direct.
      3. Select Use Web Server / Load Balancer in front of the Gateway to configure your load balancer for the following functions:
        • Accept inbound traffic from mobile devices
        • Forward this traffic to the gateway server
      4. In the Gateway External URL (including port) field, provide the gateway URL (or the external URL or host name of your load balancer) if you use a load balancer in front of the gateway.

        If you do not use a load balancer in front of the gateway, the gateway URL is the host name of this gateway server. This external URL includes the port, if this port is different from the standard ports for HTTP or HTTPS.

      5. In the Gateway Server Port field, provide the port that runs the gateway server and listens for requests. If you use a load balancer, make sure that the load balancer redirects traffic to this gateway port. If you do not use a load balancer, the gateway port is any open port on this gateway server.
      6. Optional: If you want to configure SSL for Direct Mode, configure these settings:
        SSL for Direct Mode
        1. Select the Use SSL check box.

          Use SSL encryption along with AES-256 bit end-to-end encryption to secure communication further between a mobile device and the gateway.

          Note: Using SSL encryption is optional. If you choose not to use SSL, the security of the Mobile Enterprise Gateway (MEG) is not compromised.
          • If you do not use a load balancer, a mobile device uses the SSL certificate that you enter in the SSL Certificate field to initiate an SSL session to the gateway.
          • If you use a load balancer, the load balancer uses the SSL certificate that you enter in the SSL Certificate field to initiate an SSL session to the gateway. The load balancer SSL certificate secures the traffic between a mobile device and your load balancer. For more information, see your load balancer documentation.
        2. In the SSL Certificate field, provide the path to the SSL certificate (PEM) file. If you do not use a load balancer, SSL terminates on your gateway. In this case, you cannot use self-signed certificates. You must receive an SSL certificate from a public certificate authority (CA).
        3. In the SSL Certificate Private Key field, provide the private key for the SSL certificate (.key) file.
        4. Select Accept all Untrusted Certificates to configure the gateway to ignore certificate exceptions from intranet resources. For example, if your intranet site uses a self-signed certificate, then access to this site produces a certificate exception. When you enable this option, the exception is ignored and the request is served by the gateway.

          For security reasons, disable this option and install the site SSL certificates to the certificate store of the gateway server instead.

        5. For procedures on how to set up a database, see Setting up a shared database for High Availability (HA).

What to do next

Setting up a shared database for High Availability (HA)