Network considerations

All the IBM TRIRIGA Application Suite network HTTPS endpoints are exposed using secure Openshift routes of reencrypt termination type.

The fully qualified domain name of TAS network endpoints has the form <route-name>-<namespace>.<domain>. If the rt.domain field of the TAS instance is equal to default, then the default subdomain of OCP cluster is used, and the routes are secured using the default cluster certificate. If the rt.domain field is set to a custom domain, then you need to provide a certificate able to secure the custom domain using a Kubernetes secret of tls type. The ca.crt field of this secret can be left empty, but must be present, while the tls.key and tls.crt fields are required. Ensure that the DNS is correctly configured, in case of the adoption of a custom domain method.

All the IBM TRIRIGA Application Suite routes are annotated with a default timeout of 600 seconds (600s). This value can be overridden by using the optional attribute *spec.rt.timeout* of the custom resource, a string with the structure ```<timeout_value><time_unit>```, where ```<timeout_value>``` is any non-zero unsigned integer number and the supported ```<time_unit>``` are microseconds (us), milliseconds (ms), seconds (s), minutes (m), hours (h), or days (d).

Starting with 11.3 version, the TAS Operator does not create the Nodeport Service <TAS-instance-name>-smtp-service anymore. You must decide and implement the process to expose the SMTP server endpoint required by the TRIRIGA Reserve application and Microsoft® Exchange integration, based on the available networking capabilities and in respect of the local security standards. For more information, to publish outside the cluster, a non HTTP service look for Publishing Services. The selector needed to identify the PODs implementing the TRIRIGA SMTP server endpoint is tas.ibm.com/smtp: '<TAS-instance-name> and the spec.ports array of the Service object must include the following item, independently of the chosen service type:

    - name: 'smtp'
      protocol: TCP
      port: <incoming-port>
      targetPort: 1025

The integration between the TRIRIGA Reserve application and Microsoft® Exchange needs to send the network traffic to port 25. You can set <incoming-port> to 25, if the underlying network provider allows for network traffic to be directly sent to your cluster on port 25. If this is not the case, then you need to establish port address translation for incoming traffic on port 25 directed to your cluster, following the processes and using the tools established by your underlying network provider. The <incoming-port> is the value agreed with your underlying network provider.