Configuration and Data Files
Gateway Administrator Properties File
You can use the Gateway Administrator properties file to modify the
configurable settings listed below. It is located in the Reflection
Gateway installation folder in the GatewayAdministrator\conf
subfolder. The default location is:
C:\Program Files\Micro Focus\ReflectionGateway\GatewayAdministrator\conf
Note
-
You must restart the server after editing
container.properties
for your changes to take effect. -
A backup file,
container.properties.example
, in the same folder provides a copy of the original default settings.
Database settings
-
Default settings configure connection to the default HyperSQL database. Commented settings show sample configuration to MySQL. For more information about changing the database, see Changing the Gateway Administrator Database.
-
jdbc.url
The connection information for the database. Edit
localhost:3306/mft
to specify the host, port, and database name of your database. Do not changeuseSSL=false
; SSL connections are not supported. -
jdbc.username
The username of a user with access to the database.
-
jdbc.password
The username of a user with access to the database.
-
hibernate.dialect
Use the value shown in the file.
-
-
ldaps.port.enabled
Set this option to true to expose the internal Gateway Administrator LDAP server. The default is false.
-
directory.ldaps.port
Specifies the listening port used by the Gateway Administrator LDAP server when ldaps.port.enabled is true.
-
servletengine.ssl.port
The HTTPS port used to connect to the Gateway Administrator web interface. The default is 9490.
-
proxy.host.name=localhost
The public host name of the SFTP proxy server
-
transfer.server.url
The public-facing base URL of the Reflection Transfer Server. This is used in URLs included in email messages sent from Gateway Administrator.
-
password.reset.expiration
Sets the token expiration time (in minutes) for password reset. Users who request a password recovery email must perform the reset before the token expires.
-
configservice-ws.host
Specifies the hostname or IP address that the Gateway Administrator web service listens on. The Reflection Secure Shell Proxy and the Reflection Transfer Server communicate with this web service. If no host is specified (the default), the Gateway Administrator listens on all available IP addresses on the Gateway Administrator server.
-
configservice-ws.port
Specifies the port that the Gateway Administrator web service listens on. This value must match the value configured on the Reflection Secure Shell Proxy (set from console using Reflection Gateway Users > Gateway Administrator port) and for the Transfer Server (set by clicking Activate and verify in the Reflection Gateway Users pane, which automatically updates configservice-ws.port in the Transfer Server properties file). The default is 9190.
Certificate settings
-
For more information about changing the server certificate, see Replace the Default Server Certificate.
-
servletengine.ssl.keystore
The path to the keystore that contains the server certificate and private key. The path must be specified using forward slashes or escaped backslashes. For example:
-
C:/pathto/keystore
-
C:\pathto\keystore
-
You can specify a relative or absolute path. The default is
../etc/mycert.bcfks
.
-
-
servletengine.ssl.keystoretype
The file type of the keystore that contains the server certificate and private key. The only supported Java keystore type is BCFKS.
-
servletengine.ssl.keystorepassword
The password that protects the keystore that contains the server certificate and private key.
-
-
configservice.event.threads
Specifies the number of post transfer action events to process in parallel. If the number of active events is under this limit, the action will start immediately; otherwise, it will wait its turn in the queue. The default is 10.
-
configservice.email.threads
Specifies the number of emails to process in parallel. If the number of active emails is under this limit, the email will be processed immediately; otherwise, it will wait its turn in the queue. The default is 10.
-
configservice.hubevent.threads
Specifies the number of hub events to process in parallel. If the number of active events is under this limit, the event will be processed immediately; otherwise, it will wait its turn in the queue. The default is 10.
-
configservice.account.expiration
The default number of days after which a newly created Reflection Gateway user account expires. The default is 730 (two years). Set this to 0 (zero) to default to no expiration date.
-
configservice.transfersite.expiration
The default number of days after which a newly created Transfer Site expires. The default is 730 (two years). Set this to 0 (zero) to default to no expiration date.
-
configservice.response-api.interface
The network interface used by the Hub to send command responses to Gateway Administrator.
-
configservice.response-api.port
Listening port on Gateway Administrator port used by the Hub to send command responses to Gateway Administrator. This value must match the value for Gateway Administrator listening port configured on the Edit Hub page.
More Information
Transfer Server Properties File
You can use the Reflection Transfer Server properties file to modify the
configurable settings listed below. It is located in the Reflection
Gateway installation folder in the TransferServer\conf
subfolder. The
default location is:
C:\Program Files\Micro Focus\ReflectionGateway\TransferServer\conf
Note
-
You must restart the server after editing
container.properties
for your changes to take effect. -
A backup file,
container.properties.example
, in the same folder provides a copy of the original default settings.
Note
The Reflection Transfer Client has been deprecated, and is replaced with Reflection Identity Manager. The legacy File Transfer Java Applet is no longer supported. For backward compatibility, some settings in this file still refer to File Transfer configuration properties that were used by this Applet, but they have no effect on currently supported features, and may be removed in future releases.
-
servletengine.ssl.port
The HTTPS port used to connect to the Identity Manager. The default is 9492.
-
servletengine.ssl.updateInterval
The interval in seconds for how often the Transfer Server checks for changes to authentication settings made in Gateway Administrator and queries Gateway Administrator for PKI Services Manager trust anchors. The default is 60 (deprecated).
Certificate settings
-
For more information about changing the server certificate, see Replace the Default Server Certificate.
-
servletengine.ssl.keystore
The path to the keystore that contains the server certificate and private key. The path must be specified using forward slashes or escaped backslashes. For example:
-
C:/pathto/keystore
-
C:\pathto\keystore
-
You can specify a relative or absolute path. The default is
../etc/mycert.bcfks
.
-
-
servletengine.ssl.keystoretype
The file type of the keystore that contains the server certificate and private key. The only supported Java keystore type is BCFKS.
-
servletengine.ssl.keystorepassword
The password that protects the keystore that contains the server certificate and private key.
-
-
sftp.hostname
The hostname used by the Transfer Client to connect to the Reflection Secure Shell Proxy (deprecated).
-
sftp.port
The port used by the Transfer Client to connect to the Reflection Secure Shell Proxy Server. The default is 22 (deprecated).
Hub Properties File
You can use the Reflection Hub properties file to modify the
configurable settings listed below. It is located in the Reflection
Gateway installation folder in the Hub\conf
subfolder. The default
location is:
C:\Program Files\Micro Focus\ReflectionGateway\Hub\conf
Note
-
You must restart the server after editing
container.properties
for your changes to take effect. -
A backup file,
container.properties.example
, in the same folder provides a copy of the original default settings.
-
hub.events.threads
Specifies the number of commands to process in parallel. If the number of active commands is under this limit, the command is processed immediately; otherwise, it will wait its turn in the queue. Commands in this queue include file transfers and commands configured as Job actions. The default is 10.
-
hub.highpriorityevent.threads
High-priority commands are ones that need to run right away and are expected to have a quick response. These commands use a separate queue to help ensure that they are not backed up or put on hold behind long running commands such as file transfers and commands configured as Job actions. The commands that run through the high-priority queue include status queries to see if a job is still running, file listings to support the Gateway Administrator Browse actions, and file listings required by scans. The default is 10.
-
hub.responseevent.threads
The number of command responses to process in parallel. The default is 10.
-
hub.command-api.interface
The network interface used by Gateway Administrator to send commands to the Hub.
-
hub.command-api.port
The listening port on the Hub used by Gateway Administrator to send commands to the Hub. This value must match the value for Hub listening port configured on the Edit Hub page.
-
restengine.ssl.keystore
The path to the keystore that contains the server certificate and private key. In most cases, you will not change these files on the Hub.
-
restengine.ssl.keystoretype
The file type of the keystore that contains the server certificate and private key. The only supported Java keystore type is BCFKS.
-
restengine.ssl.keystorepassword
The password that protects the keystore that contains the server certificate and private key.
-
hub.changedetection.waittime
In order to avoid processing files that are in use, the Hub uses directory listing comparisons to determine if files are currently changing. When a comparison of two listings shows no new files, no changes in file size, and no changes to file timestamps, the files are considered to be inactive. This setting specifies the time to wait (in seconds) between these directory listings. With a shorter wait time, Job actions happen sooner, but this also increases the chance of erroneously determining that a file is not being changed when it actually is. A longer wait time decreases those chances but also delays the job.
Reflection Gateway Data Files
Caution
The data locations below contain sensitive information. Windows administrator privileges are required in order to read or write to these file locations. You should not change these permissions. Any new locations you copy the files to should use the same permissions.
Gateway Administrator
These Gateway Administrator data files are located in subdirectories in the Reflection Gateway installation folder. The default location is:
C:\Program Files\Micro Focus\ReflectionGateway\
Files | Data Description |
---|---|
\GatewayAdministrator\conf\container.properties |
Gateway Administrator properties file. |
\GatewayAdministrator\etc\database |
The default HyperSQL database. (Not used if you have configured an alternate database.) |
\GatewayAdministrator\etc\ |
*.rnd - Queued events.If the server stops for any reason, queued actions resume after a server restart using information stored in these queue files. Deleting these files empties the queues. *.cer and *.bcfks - Gateway Administrator certificates and keystore filesDo not delete any of the existing certificates or keystore files in these locations. The server certificates located here are required for communication between Reflection Gateway components. Deleting the Gateway Administrator's server keystore and certificate will cause authentication of LDAP users to fail. If your Gateway Administrator Administrators group consists entirely of users in remote LDAP directories, you will no longer be able to log on to Gateway Administrator. |
Reflection Hub
These Reflection Hub data files are located in subdirectories in the Reflection Gateway installation folder. The default location is:
C:\Program Files\Micro Focus\ReflectionGateway\
Files | Data Description |
---|---|
\Hub\conf\container.properties |
Hub properties file. |
\Hub\etc\ |
*.cer and *.bcfks - Hub certificates and keystore files.Do not delete any of the existing certificates or keystore files in these locations. The server certificates located here are required for communication between Reflection Gateway components. *.rnd - Queued events.If the server stops for any reason, queued actions resume after a server restart using information stored in these queue files. Deleting these files empties the queues. ga-response-service.properties - Automatically maintained file with information for connecting to Gateway Administrator. Do not modify this file manually.trustedGA.cer - The certificate used to authenticate Gateway Administrator. |
Reflection Transfer Server
These Transfer Server data files are located in subdirectories in the Reflection Gateway installation folder. The default location is:
C:\Program Files\Micro Focus\ReflectionGateway\
Files | Data Description |
---|---|
\TransferServer\conf\container.properties |
Transfer Server properties file. |
\TransferServer\etc\ |
Transfer Server certificates Do not delete any of the existing certificates or keystore files in these locations. The server certificates located here are required for communication between Reflection Gateway components. |
Reflection for Secure IT Server for Windows and Reflection Secure Shell Proxy
Directory | Data Description |
---|---|
C:\ProgramData\Micro Focus\RSecureServer\ |
Reflection for Secure IT Server for Windows settings, server certificates, key files, and the credential cache |
Backing Up Gateway Administrator Data
To back up your current Gateway Administrator configuration, or move your configuration to a different system, copy the files listed below. These are installed to the following location by default:
C:\Program Files\Micro Focus\ReflectionGateway\GatewayAdministrator\
-
\conf\*.*
-
\etc\*.*
-
If you have installed a commercial certificate, back up the appropriate
.bcfks
file, as specified in the properties file using the servletengine.ssl.keystore setting.
More Information
Changing the Gateway Administrator Database
Gateway Administrator installs with a HyperSQL database, which is used by default to store Gateway Administrator data. This default database is suitable for initial testing. For configuring a high availability production environment, you will need to configure Gateway Administrator to use an external database running on a different system.
Install MySQL
-
Download and run the MySQL installer from the MySQL Downloads page:
-
Run the installer on the system you want to store your database.
-
Make a note of the root password. You will need this to create the database.
Install the JDBC Driver for MySQL (Connector/J)
-
Download the driver from the MySQL downloads page:
-
On the system running Reflection Gateway Administrator service, navigate to
GatewayAdministrator\lib
folder. The default location is:C:\Program Files\Micro Focus\ReflectionGateway\GatewayAdministrator\lib
-
Copy the driver
jar
file to this location (for examplemysql-connector-java-5.1.44-bin.jar
).
Create the database
-
On the system running MySQL, start the command line client. For example:
Start > MySQL Server 5.7 > MySQL 5.7 Command Line Client
-
Enter the MySQL root password.
-
You'll see the following prompt:
mysql>
-
Create the database as shown here. (Note that a semicolon is required to complete the command.)
mysql> create database gateway;
Create the database user that Gateway Administrator will use to connect to the database
If MySQL is running on the same server as Gateway Administrator, you can use the MySQL root user without making any modifications to this user.
If the database is installed on a different system than Gateway Administrator, the user must be able to connect from a remote host using the host’s network name or IP address. You can use MySQL Workbench or a command line to grant network access by allowing access from a specific host, or using the % wildcard to allow access from any host.
For example, to use the MySQL command line to create a user called gwuser with access to Gateway Administrator from any host:
-
On the system running MySQL, start the command line client.
-
Enter the following commands, replacing
some_password
with the actual password you want to use for this user.CREATE USER 'gwuser'@'%' IDENTIFIED BY 'some_password'; GRANT ALL PRIVILEGES ON gateway.* to 'gwuser'@'%';
-
Make a note of the username and password; you will need these to configure Gateway Administrator.
Configure Gateway Administrator to use the MySQL database
-
Open the Gateway Administrator properties file in a text editor. The default location is:
C:\Program Files\Micro Focus\ReflectionGateway\GatewayAdministrator\conf\container.properties
-
Comment out the HyperSQL settings, and uncomment the MySQL settings. Configure the MySQL hostname, database name, user name, and password. For example:
# HyperSQL (default) #jdbc.url=jdbc:hsqldb:file:../etc/database/gateway.db #jdbc.username=sa #jdbc.password= #hibernate.dialect=org.hibernate.dialect.HSQLDialect # MySQL (recommended for production or clustered environments) jdbc.url=jdbc:mysql://myhost:3306/gateway?useSSL=false jdbc.username=gwuser jdbc.password=some_password hibernate.dialect=org.hibernate.dialect.MySQLDialect
-
Restart the Reflection Gateway Administrator service and wait until the
server.log
shows the message "Server container started." -
Log into Gateway Administrator using the default user and password (
admin
/secret
).Any settings you configured using the default database will need to be redone using the new database.
-
If you have configured the Reflection Secure Shell Proxy to enable connections from Reflection Gateway users, repeat the Activate and Verify action. (See Enable Reflection Gateway Connections in the Reflection Secure Shell Proxy.)