Do you have to use Sequelink for TN

One other thought, if you have the license, you could strip down the IS in the DMZ to doing only the DSP pages, and forward the “real work” requests to another IS inside. The inside IS would do the database connections.

Could be an idea refactoring dsp pages… This will however require more hw I don’t have… :stuck_out_tongue:

Thanks 4 everything

Bye

Regarding network architecture (in particular, IS in DMZ). Actually, I don’t think it’s that big a problem. An IS, after all, is not a generic Application Server along the lines of WebSphere or WebLogic. We normally expose to outside only an HTTPS port, locked down to put only wm.ip.rn:receive (RosettaNet), wm.tn:receive, and wm.server:ping (for connectivity testing) available. To inside, expose another HTTPS port with full admin privilege. Then lastly, open DB or whatever backend connections through inside FW also.

The thinking is that we’ll only be accepting docs (XML, RosettaNet, EDI, whatnot) from outside, and an outsider will have a hard time connecting to inside network even if the IS is compromised.

Of course, this is not going to be as secure as having a reverse proxy in the DMZ, but 1) not every client’s going to purchase a license for a server that looks like it does pretty much nothing, 2) it’s much easier to set up and manage, and 3) one fewer point-of-failure.

The same thing could be said about many kinds of IT servers. webMethods does make it easier than many other products to exclude services that can be executed through a given port.

However, the decision to put a server in the DMZ is usually not based on the technical capabilities of the software. These two usually drive it:

  1. A configuration or programming error on a server in the DMZ should not put the company at risk.

  2. An independent person or group are controlling and monitoring the network “gates”. These are designated security staff that are responsible for the safety of all applications and systems.

Even in strict configuration like this, it is possible to expose the company to risk. It is just considered less likely, and easier to monitor/audit.

Hi all,

Thanks for your suggestions. I think Reverse Proxy is a very good thing to consider certainly for next system upgrades / evolution.

I try to think to a bigger wM architecture. For example it could be interesting to consider using inside DMZ wM Portal for exposing GUI, or Reverse Proxy to enable document routing. Behind firewalls IS that I like to consider it our middleware, very useful to connect to multiple data sources, and offering logic support for functionalities although exposed through Portal, TN or Monitor. Is just because of multiple data access that I think would be safer placing IS behind the firewall. As you said Mark, multiple data connections will be more difficult to monitor for and will increase security risk.

Returning back to my original problem, I found that TN 4.6 SP2 somehow seams to partially resolve the problem. After installing it we still keep having connection errors reported in server.log from monitor.execSQL, but refreshing ProcessMonitor page we got the results. Seams like now ProcMon is able to open a new connection when the old one is broken… At least I hope so :stuck_out_tongue:

Thank you again,
Best regards

Hi All,
Am getting this error when trying to configure TN on IS6.1
Test of TN Failed
[wm-cjdbc33-0009][Oracle JDBC Driver]Error establishing socket. Connection refused: connect
Am using “com.wm.dd.jdbc.oracle.OracleDriver” .

TIA

Am getting the same error if I use this driver too…
“oracle.jdbc.driver.OracleDriver”

TIA

Hi Krishna

I think the drivers are ok, especially the “com.wm.dd.jdbc.oracle.OracleDriver” one. But your problem might be the patch for TN that I dont think you have applied. The file name is TNS_6-1_Fix15.jar but I am not certain whether the ns is global. You might also have an error like “value inserted too large” when starting the IS. That happens when you haven’t applied the fix pack. I don’t know the policy about sharing files here. So I won’t send it to you. Hope you get it.

Cheers

Krishna,

As the error message suggests, this is a basic connection problem and is not related to the TN “millenium bug”.

As you’ve probably noticed, the Administrator’s guide says:

“You must use DataDirect Connect JDBC 3.3 as your driver; it is the only JDBC driver certified by webMethods for this purpose. The Connect JDBC driver is a Type 4 JDBC driver that does not have a server component. The client component comes with Integration Server, so no installation is required.”

So philosophical objections aside, you are doing the right thing by using the supplied DataDirect driver.

Have you verified your ability to connect using another client app with the same port and sid?

Have you verified your database URL in the JDBC pool connection alias configuration page?
It should look something like:
jdbc:wm:oracle://host_or_IPaddress:1521;SID=database_name

Hi Guys,
I am using the below format of URL and sequl link driver for TN connection,but when i try to reconnect .It throughs an error.


[wm-cjdbc33-0069][Oracle JDBC Driver]Unable to connect. Invalid URL.


“Have you verified your database URL in the JDBC pool connection alias configuration page?
It should look something like:
jdbc:wm:oracle://host_or_IPaddress:1521;SID=database_name”

Please help ,i am not able to open my TN console.
Thanks

Please do not CROSS-POST.