Configuring the Network Interface Restriction in the Denodo Platform

You can configure the servers of the Denodo Platform to listen to incoming connections on only one of the network interfaces of the computer. This can be useful when Denodo runs on a computer that has several network interfaces. If you enable this feature, the connections coming from the other network interfaces will be blocked.

To activate this restriction, first obtain the hostname that the Domain Name System (DNS) of your organization resolves to the network interface that will receive the incoming traffic.

Before proceeding, stop all the components of the installation of the Denodo Platform. Then, edit these files:

  1. Virtual DataPort server: edit the file <DENODO_HOME>/conf/vdp/VDBConfiguration.properties and do this:

    • Uncomment the property com.denodo.vdb.vdbinterface.server.VDBManagerImpl.hostName and set its value to a Domain Name System (DNS) that the server host will resolve to the restricted network interface.

      In a Virtual DataPort instance, this property only is required to bound to a specific network interface the com.denodo.vdb.vdbinterface.server.VDBManagerImpl.port port.

    • Set the property com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL.restricted to the network interface or IP through which the Virtual DataPort will listen to. This property only has to be defined when the com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryPort and com.denodo.vdb.vdbinterface.server.VDBManagerImpl.factoryPort ports have to be bound to one specific network interface.

    • Set the property com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL to a Domain Name System (DNS) that the server host will resolve to the restricted network interface.

  2. Scheduler Server: in the file <DENODO_HOME>/conf/scheduler/ConfigurationParameters.properties, set the property Server/registryURL.restricted to the restricted network interface.

  3. Scheduler Index server: in the file <DENODO_HOME>/conf/arn-index/ConfigurationParameters.properties, set the property Launcher/registryURL.restricted to the restricted network interface.

  4. Aracne server: in the file <DENODO_HOME>/conf/arn/ConfigurationParameters.properties and set the property Server/registryURL.restricted to the restricted network interface.

  5. Diagnostic and Monitoring Tool: edit the file <DENODO_HOME>/resources/apache-tomcat/webapps/diagnostic-monitoring-tool/WEB-INF/classes/ConfigurationParameters.properties and set the property vdp.hostname.local to the restricted network interface.

  6. Web Container of the Denodo Platform:

    • In the file <DENODO_HOME>/resources/apache-tomcat/conf/tomcat.properties:

      1. Set the property com.denodo.tomcat.jmx.rmi.host to the restricted network interface.

      2. Uncomment the property com.denodo.vdp.host.

      3. Add the property com.denodo.tomcat.shutdown.host with the restricted network interface as value.

    • In the file <DENODO_HOME>/resources/apache-tomcat/conf/server.xml:

      1. Search for <Server and add the attribute address="${com.denodo.tomcat.shutdown.host}" to it.

        This is configure the hostname/IP on which the Tomcat servers waits for shutdown commands.

      2. Search for the element <Connector> and in it, add the attribute address="${com.denodo.vdp.host}" to it.

        This is to specify which address will be used for listening on the specified port.

      You have to end with something like this:

      <Server address="${com.denodo.tomcat.shutdown.host}" port="${com.denodo.tomcat.shutdown.port}" shutdown="SHUTDOWN">
      
          <Connector
              address="${com.denodo.vdp.host}"
              port="${com.denodo.tomcat.http.port}"
      
          />
      
      </Server>
      
    • In the file <DENODO_HOME>//resources/apache-tomcat/wepapps/denodo-graphql-service/WEB-INF/classes/application.properties, set the property vdp.datasource.jdbcUrl to the hostname to the restricted interface instead of localhost.

  7. ITPilot:

    • In the file <DENODO_HOME>/conf/iebrowser/IEBrowserConfiguration.properties, set the property RemoteIEBrowserPoolImpl.HOST.restricted to the restricted network interface.

    • In the file <DENODO_HOME>/conf/maintenance/MaintenanceConfiguration.xml, add the property <restricted> into <extraction><rmi> with the restricted address as value.

  8. Start Virtual DataPort and redeploy all the REST and SOAP web services.

    This is necessary if the value of the property com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL in the VDBConfiguration.properties is a hostname/IP address that does not resolve locally to the restricted address.

  9. The section Configuring the Network Interface Restriction in the Solution Manager explains how to apply this restriction in the installation of Solution Manager.

Note

Configure the shutdown host is optional in the Web Container. If the property com.denodo.tomcat.shutdown.host is not set the shutdown listener will be bind to LOCALHOST and the Server tag in the server.xml should not include the address property. Configuring the shutdown host could open a random port listening through all network interfaces that only accepts connections from the Web Container host