Enabling the Network Interface Restriction in the Solution Manager

By default, the components of the Denodo Solution Manager listen to incoming connections on all the network interfaces of the computer. If you installed the Solution Manager on a computer that has two or more network interfaces you can configure these components to listen to incoming connections on only one of the network interfaces but not the others. This is useful to restrict access to these components, for security purposes.

Before enabling this feature, obtain the hostname or IP address of this network interface. If you choose a hostname, this computer has to resolve this hostname to this network interface. Regardless of if you choose an IP address or a hostname, we will call this the restricted hostname. You will use this value in the steps below.

Now, follow these steps:

  1. Open the Administration Tool or the Design Studio and log in to the Virtual DataPort of the Solution Manager, using an administrator account. Then, execute these commands:

    SET 'com.denodo.vdb.vdbinterface.server.VDBManagerImpl.hostName' = '<restricted hostname>';
    SET 'com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL.restricted' = '<restricted hostname>';
    SET 'com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL' = '<restricted hostname>';
    
  2. Stop all the components of this installation.

  3. For the License Manager, edit the file <SOLUTION_MANAGER_HOME>/conf/license-manager/LMConfigurationParameters.properties and do these changes:

    1. Add the property server.address with the value restricted hostname.

    2. Change the value of the property com.denodo.solutionmanager.storage.DerbyStorageManager.derbyHost to the restricted hostname.

  4. For the Solution Manager Server, edit the file <SOLUTION_MANAGER_HOME>/conf/solution-manager/SMConfigurationParameters.properties and do these changes:

    1. Add the property server.address with the value restricted hostname.

    2. Change the value of the property com.denodo.solutionmanager.vdp.hostname to the restricted hostname.

  5. For the Solution Manager Administration Tool, in file <SOLUTION_MANAGER_HOME>/conf/solution-manager-web-tool/SMAdminConfiguration.properties, change the value of the property com.denodo.solutionmanager.host to the restricted hostname.

  6. For the Diagnostic & Monitoring Tool, in <SOLUTION_MANAGER_HOME>/resources/apache-tomcat/webapps/diagnostic-monitoring-tool/WEB-INF/classes/ConfigurationParameters.properties change the value of the property vdp.hostname to the restricted hostname.

  7. For the web container, edit the file <SOLUTION_MANAGER_HOME>/resources/apache-tomcat/conf/tomcat.properties and do these changes:

    1. Set the property com.denodo.tomcat.jmx.rmi.host to the restricted hostname.

    2. Comment the property com.denodo.vdp.host.

  8. Also for the web container, edit <SOLUTION_MANAGER_HOME>/resources/apache-tomcat/conf/server.xml. Search the element <Connector and add this attribute address="${com.denodo.vdp.host}". Add this attribute “as is”, do not replace its value with a hostname. You have to end up with something like this:

    <Connector
         address="${com.denodo.vdp.host}"
         port="${com.denodo.tomcat.http.port}"
         protocol="HTTP/1.1"
         maxThreads="150"
    ...
    />
    

    Note

    This file has two Connector elements; one for the HTTP connector and one for the HTTPS connector. You have to do this change in both of them.

  9. Start the components of the Solution Manager. After these changes, they will only be reachable through the network interface associated with the restricted hostname, not through “localhost” or the other interfaces of this computer.