Accessing Integration Server using a Load Balancer

Hi Experts,

We are trying to configure the Integration server listening on port 5555 to be accessible outside the network on an Elastic Load Balancer (on the Amazon Cloud).
We were able to successfully implement this for the MWS server but not on the IS box.

Once the ELB on Amazon is configured, what steps are needed to be made on the Integration server box to have its pages available to the outside world on port 443.

Thanks and please let me know of any questions.

What is your IS env version?

First on you DMZ (RG) did you try create the https 443 port as Gateway External which in turn connects the Gateway Registration port 5555 (Internal IS port) on both IS’s?

Are you getting any error during/after the setup? Is the ports enabled/ACL/IP access set to default on the ports and assuming no firewall blocking for AZ IP specific in your network port level acess?

HTH,
RMG

Thanks rmg.

We did setup Listeners on the Load Balancer that will forward requests for 80 to 5555. This works.
Listeners for 443 to 5555 is also setup but doesn’t work.

We also made sure the security group (aka the amazon firewall) allows port 443 through so we’re pretty sure it is not on the Amazon side but we could be wrong here.

I just want to make sure if there are no additional settings that need to made on the IS server to accept incoming SSL traffic.

We haven’t made any changes on the ACL’s/IP access. Is there a document that can be looked into for configuring this.

Thanks a lot for your help.

OK make sense…

In what way you enabled the ports after this LB setup?

I would say can you use different port on the Internal IS rather than 5555 default for example 4433 sort of?

First enable RG port 443 and make sure the 5555 also enabled on the RG server and next enable the Internal server port (very first time) that way both are in sync.

During enablement can you increase the security SSL/HTTPS codes logging levels to trace on both RG/Internal?

Are both RG/Internal IS versions are same?

HTH,
RMG

We have 2 IS servers on the network that comes up with the default 5555 port. Changing the ports would mean disturbing the other servers as well (MWS/Broker/WSDC/OPTIMIZE…) and I’m not sure what else we may lose if the default port on IS server is changed.
There are no IS servers on the DMZ. These servers are on the same subnet as the other servers mentioned earlier. As I mentioned earlier, MWS works fine maybe because they had a front end URL setting that we could tweak on Cluster Settings. We were hoping something similar was available on IS.

Thanks again,
Krishna

I am not asking you to disturb or change default/primary existing 5555 port…

For troubleshooting testing purpose create another Internal server port 4333 or some thing which RG 443 connects to this 4333 and enable the settings the way I mentioned above along with Trace logging level…and to prove RG server https connects to internal IS with out issues from external URL.

What URL service are you trying to invoke?..instead can you have invoke/wm.server/ping for testing communication here? for ex URL:

https://RGserverip:443/invoke/wm.server/ping (assuming all the ports are enabled)

Can you answer the IS version question as well?

You said no servers on DMZ…Are you currently setup Reverse Gateway (RG) IS which is configured gateway external port 443?

Are you trying this on 8.x or 9.x IS?

HTH,
RMG

Thanks rmg. I’ll update this thread on Tue/Wed after we do our tests.
We are using WM 8.2.

I’m not sure what RG means but I’ll have answers on this after I discuss internally.

Thanks and have a good weekend.