Network considerations

IBM® TRIRIGA® Application Suite network HTTPS endpoints are exposed by using secure Red Hat® OpenShift® routes of reencrypt termination type.

The fully qualified domain name of TRIRIGA Application Suite network endpoints has the form <route-name>-<namespace>.<domain>. If the rt.domain field of the TRIRIGA Application Suite instance is equal to default, then the default subdomain of Red Hat OpenShift Container Platform cluster is used, and the routes are secured by using the default cluster certificate. If the rt.domain field is set to a custom domain, then you need to provide a certificate able to secure the custom domain with a Kubernetes secret of tls type. The ca.crt field of this secret can be left empty, but must be present, while the tls.key and tls.crt fields are required. Ensure that the DNS is correctly configured, in case of the adoption of a custom domain method.

All the TRIRIGA Application Suite routes are annotated with a default timeout of 600 seconds (600s). This value can be overridden by using the optional attribute *spec.rt.timeout* of the custom resource, a string with the structure ```<timeout_value><time_unit>```, where ```<timeout_value>``` is any nonzero unsigned integer number and the supported ```<time_unit>``` are microseconds (us), milliseconds (ms), seconds (s), minutes (m), hours (h), or days (d).

Starting in TRIRIGA Application Suite 11.3, the TAS Operator no longer creates the Nodeport Service <TAS-instance-name>-smtp-service. Decide and implement the process to expose the SMTP server endpoint required by the TRIRIGA Reserve application and Microsoft Exchange integration, based on the available networking capabilities and in respect of the local security standards. For more information, to publish outside the cluster, a non-HTTP service look for Publishing Services. The selector needed to identify the PODs implementing the TRIRIGA SMTP server endpoint is tas.ibm.com/smtp: '<TAS-instance-name> and the spec.ports array of the Service object must include the following item, independently of the chosen service type:

    - name: 'smtp'
      protocol: TCP
      port: <incoming-port>
      targetPort: 1025

The integration between the TRIRIGA Reserve application and Microsoft Exchange needs to send the network traffic to port 25. You can set <incoming-port> to 25, if the underlying network provider allows for network traffic to be directly sent to your cluster on port 25. If this is not the case, then you need to establish port address translation for incoming traffic on port 25 directed to your cluster, following the processes and using the tools established by your underlying network provider. The <incoming-port> is the value agreed with your underlying network provider.