Skip to content

Configuration and Data Files


Gateway Administrator Properties File

You can use the Gateway Administrator properties file to modify the configurable settings listed below. It is located in the Reflection Gateway installation folder in the GatewayAdministrator\conf subfolder. The default location is:

C:\Program Files\Micro Focus\ReflectionGateway\GatewayAdministrator\conf

Note

  • You must restart the server after editing container.properties for your changes to take effect.

  • A backup file, container.properties.example, in the same folder provides a copy of the original default settings.

Database settings

  • Default settings configure connection to the default HyperSQL database. Commented settings show sample configuration to MySQL. For more information about changing the database, see Changing the Gateway Administrator Database.

    • jdbc.url

      The connection information for the database. Edit localhost:3306/mft to specify the host, port, and database name of your database. Do not change useSSL=false; SSL connections are not supported.

    • jdbc.username

      The username of a user with access to the database.

    • jdbc.password

      The username of a user with access to the database.

    • hibernate.dialect

      Use the value shown in the file.

  • ldaps.port.enabled

    Set this option to true to expose the internal Gateway Administrator LDAP server. The default is false.

  • directory.ldaps.port

    Specifies the listening port used by the Gateway Administrator LDAP server when ldaps.port.enabled is true.

  • servletengine.ssl.port

    The HTTPS port used to connect to the Gateway Administrator web interface. The default is 9490.

  • proxy.host.name=localhost

    The public host name of the SFTP proxy server

  • transfer.server.url

    The public-facing base URL of the Reflection Transfer Server. This is used in URLs included in email messages sent from Gateway Administrator.

  • password.reset.expiration

    Sets the token expiration time (in minutes) for password reset. Users who request a password recovery email must perform the reset before the token expires.

  • configservice-ws.host

    Specifies the hostname or IP address that the Gateway Administrator web service listens on. The Reflection Secure Shell Proxy and the Reflection Transfer Server communicate with this web service. If no host is specified (the default), the Gateway Administrator listens on all available IP addresses on the Gateway Administrator server.

  • configservice-ws.port

    Specifies the port that the Gateway Administrator web service listens on. This value must match the value configured on the Reflection Secure Shell Proxy (set from console using Reflection Gateway Users > Gateway Administrator port) and for the Transfer Server (set by clicking Activate and verify in the Reflection Gateway Users pane, which automatically updates configservice-ws.port in the Transfer Server properties file). The default is 9190.

Certificate settings

  • For more information about changing the server certificate, see Replace the Default Server Certificate.

    • servletengine.ssl.keystore

      The path to the keystore that contains the server certificate and private key. The path must be specified using forward slashes or escaped backslashes. For example:

      • C:/pathto/keystore

      • C:\pathto\keystore

      • You can specify a relative or absolute path. The default is ../etc/mycert.bcfks.

    • servletengine.ssl.keystoretype

      The file type of the keystore that contains the server certificate and private key. The only supported Java keystore type is BCFKS.

    • servletengine.ssl.keystorepassword

      The password that protects the keystore that contains the server certificate and private key.

  • configservice.event.threads

    Specifies the number of post transfer action events to process in parallel. If the number of active events is under this limit, the action will start immediately; otherwise, it will wait its turn in the queue. The default is 10.

  • configservice.email.threads

    Specifies the number of emails to process in parallel. If the number of active emails is under this limit, the email will be processed immediately; otherwise, it will wait its turn in the queue. The default is 10.

  • configservice.hubevent.threads

    Specifies the number of hub events to process in parallel. If the number of active events is under this limit, the event will be processed immediately; otherwise, it will wait its turn in the queue. The default is 10.

  • configservice.account.expiration

    The default number of days after which a newly created Reflection Gateway user account expires. The default is 730 (two years). Set this to 0 (zero) to default to no expiration date.

  • configservice.transfersite.expiration

    The default number of days after which a newly created Transfer Site expires. The default is 730 (two years). Set this to 0 (zero) to default to no expiration date.

  • configservice.response-api.interface

    The network interface used by the Hub to send command responses to Gateway Administrator.

  • configservice.response-api.port

    Listening port on Gateway Administrator port used by the Hub to send command responses to Gateway Administrator. This value must match the value for Gateway Administrator listening port configured on the Edit Hub page.

More Information


Transfer Server Properties File

You can use the Reflection Transfer Server properties file to modify the configurable settings listed below. It is located in the Reflection Gateway installation folder in the TransferServer\conf subfolder. The default location is:

C:\Program Files\Micro Focus\ReflectionGateway\TransferServer\conf

Note

  • You must restart the server after editing container.properties for your changes to take effect.

  • A backup file, container.properties.example, in the same folder provides a copy of the original default settings.

Note

The Reflection Transfer Client has been deprecated, and is replaced with Reflection Identity Manager. The legacy File Transfer Java Applet is no longer supported. For backward compatibility, some settings in this file still refer to File Transfer configuration properties that were used by this Applet, but they have no effect on currently supported features, and may be removed in future releases.

  • servletengine.ssl.port

    The HTTPS port used to connect to the Identity Manager. The default is 9492.

  • servletengine.ssl.updateInterval

    The interval in seconds for how often the Transfer Server checks for changes to authentication settings made in Gateway Administrator and queries Gateway Administrator for PKI Services Manager trust anchors. The default is 60 (deprecated).

Certificate settings

  • For more information about changing the server certificate, see Replace the Default Server Certificate.

    • servletengine.ssl.keystore

      The path to the keystore that contains the server certificate and private key. The path must be specified using forward slashes or escaped backslashes. For example:

      • C:/pathto/keystore

      • C:\pathto\keystore

      • You can specify a relative or absolute path. The default is ../etc/mycert.bcfks.

    • servletengine.ssl.keystoretype

      The file type of the keystore that contains the server certificate and private key. The only supported Java keystore type is BCFKS.

    • servletengine.ssl.keystorepassword

      The password that protects the keystore that contains the server certificate and private key.

  • sftp.hostname

    The hostname used by the Transfer Client to connect to the Reflection Secure Shell Proxy (deprecated).

  • sftp.port

    The port used by the Transfer Client to connect to the Reflection Secure Shell Proxy Server. The default is 22 (deprecated).


Hub Properties File

You can use the Reflection Hub properties file to modify the configurable settings listed below. It is located in the Reflection Gateway installation folder in the Hub\conf subfolder. The default location is:

C:\Program Files\Micro Focus\ReflectionGateway\Hub\conf

Note

  • You must restart the server after editing container.properties for your changes to take effect.

  • A backup file, container.properties.example, in the same folder provides a copy of the original default settings.

  • hub.events.threads

    Specifies the number of commands to process in parallel. If the number of active commands is under this limit, the command is processed immediately; otherwise, it will wait its turn in the queue. Commands in this queue include file transfers and commands configured as Job actions. The default is 10.

  • hub.highpriorityevent.threads

    High-priority commands are ones that need to run right away and are expected to have a quick response. These commands use a separate queue to help ensure that they are not backed up or put on hold behind long running commands such as file transfers and commands configured as Job actions. The commands that run through the high-priority queue include status queries to see if a job is still running, file listings to support the Gateway Administrator Browse actions, and file listings required by scans. The default is 10.

  • hub.responseevent.threads

    The number of command responses to process in parallel. The default is 10.

  • hub.command-api.interface

    The network interface used by Gateway Administrator to send commands to the Hub.

  • hub.command-api.port

    The listening port on the Hub used by Gateway Administrator to send commands to the Hub. This value must match the value for Hub listening port configured on the Edit Hub page.

  • restengine.ssl.keystore

    The path to the keystore that contains the server certificate and private key. In most cases, you will not change these files on the Hub.

  • restengine.ssl.keystoretype

    The file type of the keystore that contains the server certificate and private key. The only supported Java keystore type is BCFKS.

  • restengine.ssl.keystorepassword

    The password that protects the keystore that contains the server certificate and private key.

  • hub.changedetection.waittime

    In order to avoid processing files that are in use, the Hub uses directory listing comparisons to determine if files are currently changing. When a comparison of two listings shows no new files, no changes in file size, and no changes to file timestamps, the files are considered to be inactive. This setting specifies the time to wait (in seconds) between these directory listings. With a shorter wait time, Job actions happen sooner, but this also increases the chance of erroneously determining that a file is not being changed when it actually is. A longer wait time decreases those chances but also delays the job.


Reflection Gateway Data Files

Caution

The data locations below contain sensitive information. Windows administrator privileges are required in order to read or write to these file locations. You should not change these permissions. Any new locations you copy the files to should use the same permissions.


Gateway Administrator

These Gateway Administrator data files are located in subdirectories in the Reflection Gateway installation folder. The default location is:

C:\Program Files\Micro Focus\ReflectionGateway\

Files Data Description
\GatewayAdministrator\conf\container.properties Gateway Administrator properties file.
\GatewayAdministrator\etc\database The default HyperSQL database. (Not used if you have configured an alternate database.)
\GatewayAdministrator\etc\ *.rnd - Queued events.

If the server stops for any reason, queued actions resume after a server restart using information stored in these queue files. Deleting these files empties the queues.

*.cer and *.bcfks - Gateway Administrator certificates and keystore files

Do not delete any of the existing certificates or keystore files in these locations. The server certificates located here are required for communication between Reflection Gateway components. Deleting the Gateway Administrator's server keystore and certificate will cause authentication of LDAP users to fail. If your Gateway Administrator Administrators group consists entirely of users in remote LDAP directories, you will no longer be able to log on to Gateway Administrator.

Reflection Hub

These Reflection Hub data files are located in subdirectories in the Reflection Gateway installation folder. The default location is:

C:\Program Files\Micro Focus\ReflectionGateway\

Files Data Description
\Hub\conf\container.properties Hub properties file.
\Hub\etc\ *.cer and *.bcfks - Hub certificates and keystore files.

Do not delete any of the existing certificates or keystore files in these locations. The server certificates located here are required for communication between Reflection Gateway components.

*.rnd - Queued events.

If the server stops for any reason, queued actions resume after a server restart using information stored in these queue files. Deleting these files empties the queues.

ga-response-service.properties - Automatically maintained file with information for connecting to Gateway Administrator. Do not modify this file manually.

trustedGA.cer - The certificate used to authenticate Gateway Administrator.

Reflection Transfer Server

These Transfer Server data files are located in subdirectories in the Reflection Gateway installation folder. The default location is:

C:\Program Files\Micro Focus\ReflectionGateway\

Files Data Description
\TransferServer\conf\container.properties Transfer Server properties file.
\TransferServer\etc\ Transfer Server certificates

Do not delete any of the existing certificates or keystore files in these locations. The server certificates located here are required for communication between Reflection Gateway components.

Reflection for Secure IT Server for Windows and Reflection Secure Shell Proxy

Directory Data Description
C:\ProgramData\Micro Focus\RSecureServer\ Reflection for Secure IT Server for Windows settings, server certificates, key files, and the credential cache

Backing Up Gateway Administrator Data

To back up your current Gateway Administrator configuration, or move your configuration to a different system, copy the files listed below. These are installed to the following location by default:

C:\Program Files\Micro Focus\ReflectionGateway\GatewayAdministrator\

  • \conf\*.*

  • \etc\*.*

  • If you have installed a commercial certificate, back up the appropriate .bcfks file, as specified in the properties file using the servletengine.ssl.keystore setting.

More Information


Changing the Gateway Administrator Database

Gateway Administrator installs with a HyperSQL database, which is used by default to store Gateway Administrator data. This default database is suitable for initial testing. For configuring a high availability production environment, you will need to configure Gateway Administrator to use an external database running on a different system.

Install MySQL

  1. Download and run the MySQL installer from the MySQL Downloads page:

    http://dev.mysql.com/downloads/installer/

  2. Run the installer on the system you want to store your database.

  3. Make a note of the root password. You will need this to create the database.

Install the JDBC Driver for MySQL (Connector/J)

  1. Download the driver from the MySQL downloads page:

    http://www.mysql.com/products/connector/

  2. On the system running Reflection Gateway Administrator service, navigate to GatewayAdministrator\lib folder. The default location is:

    C:\Program Files\Micro Focus\ReflectionGateway\GatewayAdministrator\lib

  3. Copy the driver jar file to this location (for example mysql-connector-java-5.1.44-bin.jar).

Create the database

  1. On the system running MySQL, start the command line client. For example:

    Start > MySQL Server 5.7 > MySQL 5.7 Command Line Client

  2. Enter the MySQL root password.

  3. You'll see the following prompt:

    mysql>

  4. Create the database as shown here. (Note that a semicolon is required to complete the command.)

    mysql> create database gateway;

Create the database user that Gateway Administrator will use to connect to the database

If MySQL is running on the same server as Gateway Administrator, you can use the MySQL root user without making any modifications to this user.

If the database is installed on a different system than Gateway Administrator, the user must be able to connect from a remote host using the host’s network name or IP address. You can use MySQL Workbench or a command line to grant network access by allowing access from a specific host, or using the % wildcard to allow access from any host.

For example, to use the MySQL command line to create a user called gwuser with access to Gateway Administrator from any host:

  1. On the system running MySQL, start the command line client.

  2. Enter the following commands, replacing some_password with the actual password you want to use for this user.

    CREATE USER 'gwuser'@'%' IDENTIFIED BY 'some_password';
    GRANT ALL PRIVILEGES ON gateway.* to 'gwuser'@'%';
    
  3. Make a note of the username and password; you will need these to configure Gateway Administrator.

Configure Gateway Administrator to use the MySQL database

  1. Open the Gateway Administrator properties file in a text editor. The default location is:

    C:\Program Files\Micro Focus\ReflectionGateway\GatewayAdministrator\conf\container.properties

  2. Comment out the HyperSQL settings, and uncomment the MySQL settings. Configure the MySQL hostname, database name, user name, and password. For example:

    # HyperSQL (default)
    #jdbc.url=jdbc:hsqldb:file:../etc/database/gateway.db
    #jdbc.username=sa
    #jdbc.password=
    #hibernate.dialect=org.hibernate.dialect.HSQLDialect
    
    # MySQL (recommended for production or clustered environments)
    jdbc.url=jdbc:mysql://myhost:3306/gateway?useSSL=false
    jdbc.username=gwuser
    jdbc.password=some_password
    hibernate.dialect=org.hibernate.dialect.MySQLDialect
    
  3. Restart the Reflection Gateway Administrator service and wait until the server.log shows the message "Server container started."

  4. Log into Gateway Administrator using the default user and password (admin/secret).

    Any settings you configured using the default database will need to be redone using the new database.

  5. If you have configured the Reflection Secure Shell Proxy to enable connections from Reflection Gateway users, repeat the Activate and Verify action. (See Enable Reflection Gateway Connections in the Reflection Secure Shell Proxy.)