The Reflection Gateway Proxy system is required to support Transfer Sites. Two services run on this system:
Reflection Transfer Server
Reflection Secure Shell Proxy.
To support high availability, you will configure and test an initial instance of the Reflection Gateway Proxy system, then create an identically-configured system and use a load-balancing proxy to distribute the load between these systems.
Before you begin
Run the Setup program on each system. Use the tab to install the feature on each of these systems. Restart Windows on each system. This starts the services and creates initial default settings files.
Log onto Gateway Administrator. Go to
> and confirm that is set to use an added SFTP Server. Using the default Reflection Gateway Proxy is not supported for a high availability configuration because there is no replication of data between the Reflection Gateway Proxy systems.Select one of the Reflection Gateway Proxy systems for your initial configuration and testing. After you have this instance working, you will copy required files to duplicate the configuration on your other system.
Configure an initial Reflection Gateway Proxy system
Start the Reflection Secure Shell Proxy console on the server you are using for initial configuration.
On the
pane, enable .For
, enter the network name or IP address of the load-balancing proxy configured to connect to Reflection Gateway Administrator.Click
. Click when prompted to restart the Reflection Transfer Server service.This action configures the connection between components and saves an internal password that is used to connect to Gateway Administrator. (Each time you click trustedWebService.cer and RSITDatabase files and the Transfer Server's trustedWebService.cer and container.properties files.
, the internal password is changed.) Changes are saved to the following files: the Secure Shell Proxy'sIf your users will transfer files using the Transfer Client, you need to replace the default self-signed server certificate with a CA-signed certificate. See Replace the Default Server Certificate. This certificate should be configured to authenticate the server name that will be used for connecting to you your load-balancing proxy.
Test your configuration. Use Gateway Administrator to create Transfer Sites and confirm that you can transfer files using the Transfer Client or your alternate SFTP client.
Copy required configuration files to the duplicate Reflection Gateway Proxy system
You will need to copy configuration files for both the Reflection Secure Shell Proxy and the Reflection Transfer Server. These files are stored in different locations as described in the procedure.
On the destination server, stop the Reflection Secure Shell Proxy and the Reflection Transfer Server services.
Locate the Reflection Secure Shell Proxy configuration files. The default location is:
C:\ProgramData\Micro Focus\RSecureServer
Copy the following files to the duplicate system.
File |
Details |
---|---|
rsshd_config.xml |
The Reflection Secure Shell Proxy configuration file. The settings saved to this file include the values you have specified on the Reflection Gateway Users tab for connecting to the Gateway Administrator host name and port. |
RSITDatabase |
The Reflection Secure Shell Proxy's encrypted credential cache. |
RSITDatabase.sec |
This file contains the key required to decrypt the credential cache and is required to use the cache. |
trustedWebService.cer |
Contains the public key used to authenticate Reflection Gateway Administrator. This file is created when you click the Activate and Verify button on the Reflection Gateway Users pane. |
hostkey |
The private key of the public/private host key pair used to authenticate this server. |
hostkey.pub |
The public key of the public/private host key pair used to authenticate this server. |
Locate the Reflection Transfer Server configuration files. The default location is:
C:\Program Files\Micro Focus\ReflectionGateway\TransferServer
Copy the following files to the duplicate system.
Files |
Details |
---|---|
container.properties |
In the conf subfolder. Includes settings and password for connecting to the Gateway Administrator. If configured, it incudes settings for using a CA-signed certificate. |
trustedWebService.cer |
In the etc subfolder. Public key of Gateway Administrator. |
servletcontainer.cer servletcontainer.jks -OR- Your CA-signed certificate package (typically a .p12, .pfx, or .jks file) |
These files contain the certificate and private key used to authenticate the server when users make HTTPS connections to the Reflection Transfer Server.
|
Restart the Reflection Secure Shell Proxy and the Reflection Transfer Server on the duplicate system.