Configuring the Network Interface Restriction in the Denodo Platform¶
You can configure the servers of the Denodo Platform to listen to incoming connections on only one of the network interfaces of the computer. This can be useful when Denodo runs on a computer that has several network interfaces. If you enable this feature, the connections coming from the other network interfaces will be blocked.
To activate this restriction, first obtain the hostname that the Domain Name System (DNS) of your organization resolves to the network interface that will receive the incoming traffic.
Before proceeding, stop all the components of the installation of the Denodo Platform. Then, edit these files:
Virtual DataPort server: edit the file
<DENODO_HOME>/conf/vdp/VDBConfiguration.properties
and do this:Uncomment the property
com.denodo.vdb.vdbinterface.server.VDBManagerImpl.hostName
and set its value to a Domain Name System (DNS) that the server host will resolve to the restricted network interface.In a Virtual DataPort instance, this property only is required to bound to a specific network interface the
com.denodo.vdb.vdbinterface.server.VDBManagerImpl.port
port.Set the property
com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL.restricted
to the network interface or IP through which the Virtual DataPort will listen to. This property only has to be defined when thecom.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryPort
andcom.denodo.vdb.vdbinterface.server.VDBManagerImpl.factoryPort
ports have to be bound to one specific network interface.Set the property
com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL
to a Domain Name System (DNS) that the server host will resolve to the restricted network interface.
Scheduler Server: in the file
<DENODO_HOME>/conf/scheduler/ConfigurationParameters.properties
, set the propertyServer/registryURL.restricted
to the restricted network interface.Scheduler Index server: in the file
<DENODO_HOME>/conf/arn-index/ConfigurationParameters.properties
, set the propertyLauncher/registryURL.restricted
to the restricted network interface.Aracne server: in the file
<DENODO_HOME>/conf/arn/ConfigurationParameters.properties
and set the propertyServer/registryURL.restricted
to the restricted network interface.Diagnostic and Monitoring Tool: edit the file
<DENODO_HOME>/resources/apache-tomcat/webapps/diagnostic-monitoring-tool/WEB-INF/classes/ConfigurationParameters.properties
and set the propertyvdp.hostname.local
to the restricted network interface.Web Container of the Denodo Platform:
In the file
<DENODO_HOME>/resources/apache-tomcat/conf/tomcat.properties
:Set the property
com.denodo.tomcat.jmx.rmi.host
to the restricted network interface.Uncomment the property
com.denodo.vdp.host
.Add the property
com.denodo.tomcat.shutdown.host
with the restricted network interface as value.
In the file
<DENODO_HOME>/resources/apache-tomcat/conf/server.xml
:Search for
<Server
and add the attributeaddress="${com.denodo.tomcat.shutdown.host}"
to it.This is configure the hostname/IP on which the Tomcat servers waits for shutdown commands.
Search for the element
<Connector>
and in it, add the attributeaddress="${com.denodo.vdp.host}"
to it.This is to specify which address will be used for listening on the specified port.
You have to end with something like this:
<Server address="${com.denodo.tomcat.shutdown.host}" port="${com.denodo.tomcat.shutdown.port}" shutdown="SHUTDOWN"> <Connector address="${com.denodo.vdp.host}" port="${com.denodo.tomcat.http.port}" /> </Server>
In the file
<DENODO_HOME>//resources/apache-tomcat/wepapps/denodo-graphql-service/WEB-INF/classes/application.properties
, set the propertyvdp.datasource.jdbcUrl
to the hostname to the restricted interface instead of localhost.
Start Virtual DataPort and redeploy all the REST and SOAP web services.
This is necessary if the value of the property
com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL
in theVDBConfiguration.properties
is a hostname/IP address that does not resolve locally to the restricted address.The section Configuring the Network Interface Restriction in the Solution Manager explains how to apply this restriction in the installation of Solution Manager.
Note
Configure the shutdown host is optional in the Web Container. If the property com.denodo.tomcat.shutdown.host
is not set the shutdown
listener will be bind to LOCALHOST and the Server tag in the server.xml should not include the address property. Configuring the shutdown host could open a random port listening through all network interfaces that only accepts connections from the Web Container host