Configuring the Network Interface Restriction in Virtual DataPort

The Denodo Platform allows to restrict the network interface through which the platform’s servers will listen to incoming connections.

In order to activate this restriction, stop all the Denodo servers and edit the following configuration options:

Configuration property files to modify to enable the network interface restriction in Virtual DataPort

Component

Configuration File

Virtual DataPort server

<DENODO_HOME>/conf/vdp/VDBConfiguration.properties

ITPilot

<DENODO_HOME>/conf/iebrowser/IEBrowserConfiguration.properties <DENODO_HOME>/conf/maintenance/MaintenanceConfiguration.properties

Scheduler Server

<DENODO_HOME>/conf/scheduler/ConfigurationParameters.properties

Scheduler Index Server

<DENODO_HOME>/conf/arn-index/ConfigurationParameters.properties

Aracne server

<DENODO_HOME>/conf/arn/ConfigurationParameters.properties

Diagnostic and Monitoring Tool

<DENODO_HOME>/resources/apache-tomcat/webapps/diagnostic-monitoring-tool/WEB-INF/classes/ConfigurationParameters.properties

Web Container

<DENODO_HOME>/resources/apache-tomcat/conf/tomcat.properties <DENODO_HOME>/resources/apache-tomcat/conf/server.xml <DENODO_HOME>/resources/apache-tomcat/wepapps/denodo-graphql-service/WEB-INF/classes/application.properties

  • Virtual DataPort:

    • Uncomment the property com.denodo.vdb.vdbinterface.server.VDBManagerImpl.hostName and set its value to a Domain Name System (DNS) that the server host will resolve to the restricted network interface. In a Virtual DataPort instance, this property only is required to bound to a specific network interface the com.denodo.vdb.vdbinterface.server.VDBManagerImpl.port port.

    • Set the property com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL.restricted to the network interface or IP through which the Virtual DataPort will listen to. This property only has to be defined when the com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryPort and com.denodo.vdb.vdbinterface.server.VDBManagerImpl.factoryPort ports have to be bound to one specific network interface.

    • Set the property com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL to a Domain Name System (DNS) that the server host will resolve to the restricted network interface. This property is mandatory in a Virtual DataPort server.

  • ITPilot:

    • In the IEBrowserConfiguration.properties file, set the property RemoteIEBrowserPoolImpl.HOST.restricted to the restricted network interface.

    • In the MaintenanceConfiguration.xml file, add the property <restricted> into <extraction><rmi> with the restricted address as value.

  • Scheduler Server:

    • Set the property Server/registryURL.restricted to the restricted network interface.

  • Scheduler Index Server:

    • Set the property Launcher/registryURL.restricted to the restricted network interface.

  • Aracne server:

    • Set the property Server/registryURL.restricted to the restricted network interface.

  • Diagnostic and Monitoring Tool:

    • Set the property vdp.hostname.local to the restricted network interface.

  • Web Container:

    • In the tomcat.properties file:

      1. Set the property com.denodo.tomcat.jmx.rmi.host to the restricted network interface.

      2. The property com.denodo.vdp.host must be commented out.

      3. Add the property com.denodo.tomcat.shutdown.host with the restricted network interface as value.

    • In the server.xml:

      1. Add the property address="${com.denodo.tomcat.shutdown.host}" to the <Server> declaration in order to configure the IP on which the Tomcat servers waits for shutdown commands.

      2. Add the property address="${com.denodo.vdp.host}" to the <Connector> component to specify which address will be used for listening on the specified port.

      <Server address="${com.denodo.tomcat.shutdown.host}" port="${com.denodo.tomcat.shutdown.port}" shutdown="SHUTDOWN">
      
          <Connector
             address="${com.denodo.vdp.host}"
             port="${com.denodo.tomcat.http.port}"
      
          />
      
      </Server>
      
    • In the application.properties file of the graphql webapp:

      1. Edit the vdp.datasource.jdbcUrl property to set the host to the restricted interface instead of localhost.

Note

After restricting the network interface, redeploy all the published web services if the value of the property com.denodo.vdb.vdbinterface.server.VDBManagerImpl.registryURL is a hostname/IP address that does not resolve locally to the restricted address.

Note

Configure the shutdown host is optional in the Web Container. If the property com.denodo.tomcat.shutdown.host is not set the shutdown listener will be bind to LOCALHOST and the Server tag in the server.xml should not include the address property. Configuring the shutdown host could open a random port listening through all network interfaces that only accepts connections from the Web Container host