Appendix
GateKeeper properties

This appendix describes the properties that may be set on GateKeeper, with the exception of “Server's properties for firewall specifications”, which are properties set on the server.

Note

The following notations are used for the column “Default/Options” in the tables:

•	Options are in bold; gatekeeper.ior

•	<empty> is a blank space or an empty string.

•	Options enclosed in angle brackets (<>) are user supplied values, for example, <port number> or <integer values>.

General properties

The following table lists the common properties used by GateKeeper.

Property	Default/Options	Description
vbroker.gatekeeper.name	null - no name is defined <a user defined name>	Specifies the name of a GateKeeper instance to differentiate it from other GateKeepers instances.
vbroker.gatekeeper.referenceStore	gatekeeper.ior - in the current directory of GateKeeper. <Relative pathname> <Full pathname>	Specifies the name of the GateKeeper IOR file. You may define the full path name if this file is not stored in the GateKeeper current directory.
vbroker.gatekeeper.locationService	true (default) - enabled false - disabled	Enables or disables the location service using GateKeeper. This service is provided for clients such as applets that are not able to communicate with the Smart Agent (OSAgent) to do the bind. If this property is set to false, the client will get a NO_PERMISSION exception during the binding operation through GateKeeper.
vbroker.gatekeeper.cache.size	-1 - cache is disabled 0 - cache size is unlimited 64 (default)	Defines the size of the GateKeeper cache. A value that is a positive integer defines the number of objects in the cache.
vbroker.gatekeeper.cache.timeout	900 <an integer value>	Specifies the time in seconds for keeping the information in the cache. If the information is not used by the end of the timeout interval, garbage information is collected.
vbroker.gatekeeper.asynchronizedIO	false (default) - enabled true - disabled	Enables or disables the asynchronized IO feature in GateKeeper. The asynchronized IO feature is only useful in situations in which calling methods on the servers takes a long time and there are a lot of new incoming clients. In most situations, activating this feature does not provide any advantages. This feature exists mainly due to historical reasons and the use of it is discouraged.

Exterior server engine

The following table lists the properties used by the exterior server engine on the client side or Internet side of GateKeeper. Most of the important properties, however, are defined in each Server Connection Manager (SCM) which are described in the following sections.

Property	Default/Options	Description
vbroker.se.exterior.scms	ex-iiop, ex-hiop (default) - ex-iiop and ex-hiop Server connection managers in use. It can also be a list of ex-iiop, ex-hiop, ex-ssl, and ex-hiops separated by commas.	Defines the server connection managers for the exterior server engine.
vbroker.se.exterior.host	null - the primary host is used; that is the IP address of the primary Network Interface Card (NIC). <a host address>	The host address of the exterior host. The primary NIC is the exterior NIC. You can also set this property using the VisiBroker Console.
vbroker.se.exterior.proxyHost	<empty> - No proxy host. <a fake host address>	Network Address Translation (NAT) devices hide the actual IP address and/or port number in the network by changing the IP address and/or in the IP packet. Set this value to the value defined by the NAT. When you have callback enabled and GateKeeper sits behind a NAT, the callback proxy host (vbroker. gatekeeper.backcompat.callback.proxyHost) should be set to equal this property. This is used when GateKeeper sits behind a NAT. You can also set this property using the VisiBroker Console.
vbroker.se.exterior.type	gatekeeper	This setting says that the exterior server engine is in a “proxying” role. It means packet/messages forwarding function is enabled on this server engine. The user should not change this setting.

ex-hiop server connection manager (SCM)

Java

The ex-hiop server connection manager is responsible for servicing HTTP requests on the exterior server engine. Both the listener and dispatcher properties are configured using the property with the vbroker.se.exterior.scm.ex-hiop prefix.

The following vbroker.se.exterior.scm.ex-hiop properties specify the behavior of the ex-hiop listener. The ex-hiop listener is an HIOP listener. The default port is 8088. The threading policy is set to ThreadSession.

Note

All the properties related to an SCM are defined with the following prefix: vbroker.se.<server engine name>.scm.<server connection manager name>.

Some SCMs may define additional properties, but some properties, especially the properties related to threads and connections, have the same property names for all SCMs.

Property	Default/Options	Description
vbroker.se.exterior.scm.ex-hiop.root	. <Full path of a file directory>	Sets to the root directory as its default. The default directory is where GateKeeper starts.
vbroker.se.exterior.scm.ex-hiop.dispatcher.type	ThreadSession	Specifies the dispatcher type for a ex-hiop scm request. The type should always be set to “Thread Session”.
vbroker.se.exterior.scm.ex-hiop.listener.port	8088 <a port number>	Sets the default listener port for GateKeeper's client side (exterior) HIOP listener. Client applications or applets use this port primarily for HTTP tunneling support. This port may also be used on a limited basis for standard HTTP requests such as fetching the GateKeeper IOR file.
vbroker.se.exterior.scm.ex-hiop.listener.proxyPort	<empty> <a fake port number>	The proxyPort property is often used in conjunction with the server engine proxyHost property to mask the target port for this listener. If this property is set, the GateKeeper IOR file will contain the proxyPort value in the endpoint information for this listener. It is then the responsibility of the external NAT device to map the proxyPort to the listener's true port. The default is <empty> indicating the feature is disabled (the listener port will not be masked).
vbroker.se.exterior.scm.ex-hiop.listener.type	HIOP	Specifies the listener type for the ex-hiop SCM. HIOP indicates that this listener supports the proprietary HIOP protocol used for HTTP tunneling as well as the HTTP protocol. The listener type for pre-configured server connection managers such as ex-hiop should not be changed.
vbroker.se.exterior.scm.ex-hiop.manager.connectionMax	0 - incoming connections are unlimited <an integer value>	Defines the maximum number of incoming connections allowed to the GateKeeper exterior HIOP listener.
vbroker.se.exterior.scm.ex-hiop.manager.connectionMaxIdle	0 <an integer value>	Specifies the time in seconds that an inactive connection is idle before it can be closed.
vbroker.se.exterior.scm.ex-hiop.manager.type	Socket	Specifies the type of Server Connection Manager.
vbroker.se.exterior.scm.ex-hiop.servletList	orb	The servlet class type to be used.
vbroker.se.exterior.scm.ex-hiop.servlet.orb.GET	true (default) - enabled false - disabled	Enables or disables the servlet GET operation. Note that the ORB is a predefined property.
vbroker.se.exterior.scm.ex-hiop.servlet.orb.PUT	true (default) - enabled false - disabled	Enables or disables the servlet PUT operation. Note that the ORB is a predefined property.
vbroker.se.exterior.scm.ex-hiop.servlet.orb.class	com.inprise.vbroker.HIOP.servlets.ORB.Servlet	Specifies the java class to be loaded for HIOP when GateKeeper is used as a servlet. The customer should not change this property to other values.
vbroker.se.exterior.scm.ex-hiop.servlet.orb.load	false (default) - disabled true - enabled	Enables or disables the servlet Load operation. Note that the ORB is a predefined property.
vbroker.se.exterior.scm.ex-hiop. connection.keepAlive	false (default) - disabled true - enabled	Set this property to true to enable the TCP KeepAlive option.

ex-iiop server connection manager (SCM)

The ex-iiop server connection manager is responsible for servicing IIOP requests on the exterior sever engine. The listener and dispatcher properties can be configured using properties with the vbroker.se.exterior.scm.ex-iiop prefix. The following vbroker.se.exterior.scm.ex-iiop properties specify the behavior of the ex-iiop listener. The ex-iiop listener is an IIOP listener.

Property	Default/Options	Description
vbroker.se.exterior.scm.ex-iiop.dispatcher.threadMax	100 <an integer value>	Specifies the maximum number of threads the server connection manager can create.
vbroker.se.exterior.scm.ex-iiop.dispatcher.threadMaxIdle	300 <an integer value>	Specifies the time an idle thread is idle before it is destroyed. The default is 300.
vbroker.se.exterior.scm.ex-iiop.dispatcher.threadMin	0 <an integer value>	Specifies the minimum number of threads the server connection manager can create.
vbroker.se.exterior.scm.ex-iiop.dispatcher.type	ThreadPool	Specifies the dispatcher type for the ex-iiop scm.
vbroker.se.exterior.scm.ex-iiop.listener.giopVersion	1.2	Sets the GIOP version to be used by the GIOP messages. This property can be used to overcome interoperability problems with older ORBs that cannot handle unknown minor GIOP versions correctly.
vbroker.se.exterior.scm.ex-iiop.listener.port	683 <a port number>	Sets as a default listener port for GateKeeper's client-side IIOP listener. Port 683 is the recommended setting for a deployed application since it is an OMG standard for IIOP and is registered with IANA. UNIX: On a UNIX platform, the default listener port number is in the range of 0 to 1024 which is reserved for privileged use. When running as a non-privileged user, the listener port can be set to a value greater than 1024 if desired.
vbroker.se.exterior.scm.ex-iiop.listener.proxyPort	<empty> - The proxy port feature is disabled. This indicates the feature is disabled (the listener port will not be masked). <a fake port number>	Specifies the proxy port number used with the proxy host name property.
vbroker.se.exterior.scm.ex-iiop.listener.type	IIOP	Specifies the listener type for the ex-iiop scm.
vbroker.se.exterior.scm.ex-iiop.manager.connectionMax	0 - incoming connections are unlimited <an integer value>	Defines the maximum number of incoming connections allowed to the GateKeeper exterior IIOP listener.
vbroker.se.exterior.scm.ex-iiop.manager.connectionMaxIdle	0 <an integer value>	Specifies the time in seconds in which an inactive connection is idle before it can be closed.
vbroker.se.exterior.scm.ex-iiop.manager.type	Socket	Specifies the type of Server Connection Manager. Currently, only “Socket” is available.
vbroker.se.exterior.scm.ex-iiop.connection.keepAlive	false (default) - disabled true - enabled	Set this property to true to enable the TCP KeepAlive option.

ex-hiops server connection manager (SCM)

Java

The ex-hiops server connection manager is responsible for servicing HTTPS requests on the exterior server engine. Both the listener and dispatcher properties are configured using the property with the vbroker.se.exterior.scm.ex-hiops prefix.

The following vbroker.se.exterior.scm.ex-hiops properties specify the behavior of the ex-hiops listener. The ex-hiops listener is an HIOPS listener. The default port is 8089. The threading policy must always be ThreadSession.

Property	Default/Options	Description
vbroker.se.exterior.scm.ex-hiops.root	. <Full path of a file directory>	Sets to the root directory as its default. The default directory is where GateKeeper starts.
vbroker.se.exterior.scm.ex-hiops.dispatcher.type	ThreadSession	Specifies the dispatcher type for ex-hiops scm request. The type should always be set to “ThreadSession”.
vbroker.se.exterior.scm.ex-hiops.listener.port	8089 <a port number>	Sets the default listener port for the GateKeeper's client-side (exterior) HIOPS listener. Client applications or applets use this port primarily for HTTPS tunneling support. This port may also be used on a limited basis for standard HTTPS requests such as fetching the GateKeeper IOR file.
vbroker.se.exterior.scm.ex-hiops.listener.proxyPort	<empty> <a fake port number>	The proxyPort property is often used in conjunction with the server engine proxyHost property to mask the target port for this listener. If this property is set, the GateKeeper IOR file will contain the proxyPort value in the end point information for this listener. It is then the responsibility of the external NAT device to map the proxyPort to the listener's true port. The default is <empty> indicating the feature is Disabled (the listener port will not be masked).
vbroker.se.exterior.scm.ex-hiops.listener.type	HIOPS	Specifies the listener type for the ex-hiops SCM. HIOPS indicates that this listener supports the proprietary HIOPS protocol used for HTTP tunneling as well as the HTTPS protocol. The listener type for pre configured server connection managers such as ex-hiops should not be changed.
vbroker.se.exterior.scm.ex-hiops.manager.connectionMax	0 - the cached connections are unlimited <an integer value>	Defines the maximum number of cached connections available to the GateKeeper exterior HIOPS listener.
vbroker.se.exterior.scm.ex-hiops.manager.connectionMaxIdle	0 <an integer value>	Specifies the time in seconds in which an inactive connection is idle before it can be closed.
vbroker.se.exterior.scm.ex-hiops.manager.type	Socket	Specifies the type of Server Connection Manager.
vbroker.se.exterior.scm.ex-hiops.servletList	orb	The servlet class type to be used.
vbroker.se.exterior.scm.ex-hiops.servlet.orb.GET	true (default) - enabled false - disabled	Enables or disables the servlet GET operation. Note that the ORB is a predefined property.
vbroker.se.exterior.scm.ex-hiops.servlet.orb.PUT	true (default) - enabled false - disabled	Enables or disables the servlet PUT operation. Note that the ORB is a predefined property.
vbroker.se.exterior.scm.ex-hiops.servlet.orb.class	com.inprise.vbroker.HIOP.servlets.ORB.Servlet	Specifies the Java class to be loaded for HIOPS when GateKeeper is used as a servlet. The customer should not change this property to other values.
vbroker.se.exterior.scm.ex-hiops.servlet.orb.load	false (default) - disabled true - enabled	Enables or disables the servlet Load operation. Note that the ORB is a predefined property.
vbroker.se.exterior.scm.ex-hiops.connection.keepAlive	false (default) - disabled true - enabled	Set this property to true to enable the TCP KeepAlive option.

ex-ssl server connection manager (SCM)

The ex-ssl server connection manager is responsible for servicing SSL requests on the exterior sever engine. The listener and dispatcher properties can be configured using properties with the vbroker.se.exterior.scm.ex-ssl prefix.

The following vbroker.se.exterior.scm.ex-ssl properties specify the behavior of the ex-ssl listener. The ex-ssl listener is an ssl listener.

Property	Default/Options	Description
vbroker.se.exterior.scm.ex-ssl.dispatcher.threadMax	100 <an integer value>	Specifies the maximum number of threads the server connection manager can create.
vbroker.se.exterior.scm.ex-ssl.dispatcher.threadMaxIdle	300 <an integer value>	Specifies the time an idle thread is idle before it is destroyed. The default is 300.
vbroker.se.exterior.scm.ex-ssl.dispatcher.threadMin	0 <an integer value>	Specifies the minimum number of threads the server connection manager can create.
vbroker.se.exterior.scm.ex-ssl.dispatcher.type	ThreadPool	Specifies the dispatcher type for the ex-ssl scm.
vbroker.se.exterior.scm.ex-ssl.listener.port	684 <a port number>	Sets as a default listener port for the GateKeeper's client-side SSL listener. Port 684 is the recommended setting for deployed application since it is an OMG standard for IIOP and is registered with IANA. UNIX: On a UNIX platform, the default listener port number is in the range 0 to 1024 which is reserved for privileged use. When running as a non-privileged user, the listener port can be set to a value greater than 1024 if desired.
vbroker.se.exterior.scm.ex-ssl.listener.proxyPort	<empty> - The proxy port feature is disabled. This indicates the features is disabled (the listener port will not be masked). <a fake port number>	Specifies the proxy port number used with the proxy host name property.
vbroker.se.exterior.scm.ex-ssl.listener.type	SSL	Specifies the listener type for the ex-ssl scm.
vbroker.se.exterior.scm.ex-ssl.manager.connectionMax	0 - cached connections are unlimited. <an integer value>	Defines the maximum number of cached connections available to the GateKeeper exterior SSL listener.
vbroker.se.exterior.scm.ex-ssl.manager.connectionMaxIdle	0 <an integer value>	Specifies the time in seconds in which an inactive connection is idle before it can be closed.
vbroker.se.exterior.scm.ex-ssl.manager.type	Socket	Specifies the type of Server Connection Manager. Currently, only “Socket” is available.
vbroker.se.exterior.scm.ex-ssl.connection.keepAlive	false (default) - disabled true - enabled	Set this property to true to enable the TCP KeepAlive option.

Interior server engine

The following table lists the properties used by the interior server engine on the server-side or Intranet side of GateKeeper.

You may need to set some of the properties in the interior server engine in special cases, such as when GateKeeper runs on a dual-homed machine or if there is a Network Address Translation (NAT) between GateKeeper and the server.

Property	Default/Options	Description
vbroker.se.interior.scms	in-iiop (default), in-hiop, in-ssl, in-hiops <Combination of the above separated by commas.>	This defines the server connection managers for the server engine. The default is IIOP scm. However, you may choose to use other types of protocols, such as SSL by specifying its respective scms.
vbroker.se.interior.host	Null - the primary host is used; that is the IP address of the primary Network Interface Card (NIC). <a host address>	The interior server engine host address. You can also set this property using the VisiBroker Console.
vbroker.se.interior.proxyHost	<empty> - The proxy port feature is disabled. <a fake host address>	This property can be used if you have a NAT running between GateKeeper and the server to hide the server host's address. You can also set this property using the VisiBroker Console.

in-iiop server connection manager (SCM)

The in-iiop server manager is responsible for servicing IIOP requests on the interior server engine. The listener and dispatcher can be configured using properties with the vbroker.se.interior.scm.in-iiop prefix.

The following vbroker.se.interior.scm.in-iiop properties specify the behavior of the in-iiop server connection manager.

Property	Default/Options	Description
vbroker.se.interior.scm.in-iiop.dispatcher.threadMax	100 <an integer value>	Specifies the maximum number of threads the server connection manager can create.
vbroker.se.interior.scm.in-iiop.dispatcher.threadMaxIdle	300 <an integer value>	Specifies the time an idle thread is idle before it is destroyed. The default is 300.
vbroker.se.interior.scm.in-iiop.dispatcher.threadMin	0 <an integer value>	Specifies the minimum number of threads the server connection manager can create.
vbroker.se.interior.scm.in-iiop.dispatcher.type	ThreadPool	Specifies the dispatcher type for the in-iiop scm. The type should always be set to “ThreadPool”.
vbroker.se.interior.scm.in-iiop.listener.giopVersion	1.2	The protocol version number to be used for GIOP messages.
vbroker.se.interior.scm.in-iiop.listener.port	0 - pick a random number <a port number>	Specifies the port number used with the host name property.
vbroker.se.interior.scm.in-iiop.listener.proxyPort	<empty> - The proxy port feature is disabled. <a fake port number>	Specifies the proxy port number used with the proxy host name property.
vbroker.se.interior.scm.in-iiop.listener.type	IIOP	Specifies the listener type for the in-iiop scm.
vbroker.se.interior.scm.in-iiop.manager.connectionMax	0 - cached connections are unlimited. <an integer value>	Defines the maximum number of cached connections available to the GateKeeper IIOP listener.
vbroker.se.interior.scm.in-iiop.manager.connectionMaxIdle	0 <an integer value>	Specifies the time in seconds in which an inactive connection is idle before it can be closed.
vbroker.se.interior.scm.in-iiop.manager.type	Socket	Specifies the type of Server Connection Manager. Currently, only Socket is available.
vbroker.se.interior.scm.in-iiop.connection.keepAlive	false (default) - disabled true - enabled	Set this property to true to enable the TCP KeepAlive option.

in-ssl server connection manager (SCM)

The in-ssl server manager is responsible for servicing SSL requests on the interior server engine. The listener and dispatcher can be configured using properties with the vbroker.se.interior.scm.in-ssl prefix.

The vbroker.se.interior.scm.in-ssl properties listed below specify the behavior of the in-ssl server connection manager.

Property	Default/Options	Description
vbroker.se.interior.scm.in-ssl.dispatcher.threadMax	100 <an integer value>	Specifies the maximum number of threads the server connection manager can create.
vbroker.se.interior.scm.in-ssl.dispatcher.threadMaxIdle	300 <an integer value>	Specifies the time an idle thread is idle before it is destroyed. The default is 300.
vbroker.se.interior.scm.in-ssl.dispatcher.threadMin	0 <an integer value>	Specifies the minimum number of threads the server connection manager can create.
vbroker.se.interior.scm.in-ssl.dispatcher.type	ThreadPool	Specifies the dispatcher type for the in-ssl scm. The type should always be set to ThreadPool.
vbroker.se.interior.scm.in-ssl.listener.port	0 - pick a random number <a port number>	Specifies the port number used with the host name property.
vbroker.se.interior.scm.in-ssl.listener.proxyPort	<empty> - The proxy port feature is disabled. <a fake port number>	Specifies the proxy port number used with the proxy host name property.
vbroker.se.interior.scm.in-ssl.listener.type	SSL	Specifies the listener type for the in-ssl scm.
vbroker.se.interior.scm.in-ssl.manager.connectionMax	0 - incoming connections are unlimited. <an integer value>	Defines the maximum number of incoming connections allowed to the GateKeeper interior SSL listener.
vbroker.se.interior.scm.in-ssl.manager.connectionMaxIdle	0 <an integer value>	Specifies the time in seconds in which an inactive connection is idle before it can be closed.
vbroker.se.interior.scm.in-ssl.manager.type	Socket	Specifies the type of Server Connection Manager. Currently, only Socket is available.
vbroker.se.interior.scm.in-ssl.connection.keepAlive	false (default) - disabled true - enabled	Set this property to true to enable the TCP KeepAlive option.

Administration

Java: The following table lists the administration properties. Note that the default listener port number is 9091.

Property	Default/Options	Description
vbroker.se.iiop_tp.host	null - use host address from the system. <Host address>	Specifies the host address that can be used by this server engine.
vbroker.se.iiop_tp.ProxyHost	<empty> - use host address from the system. <Proxy host address>	Specifies the proxy host address that can be used by this server engine.
vbroker.se.iiop_tp.scms	iiop_tp, hiop_ts	Specifies the list of Server Connection Managers name(s).
vbroker.se.iiop_tp.scm.iiop_tp.listener-port	<empty> <a port number>	Specifies the IIOP administrative listener port.
vbroker.se.iiop_tp.scm.iiop_tp.listener.proxyPort	<empty> <a port number>	Specifies the proxy port for IIOP administrative listener port.
vbroker.se.iiop_tp.scm.hiop_ts.listener.port	9091 <a port number>	Specifies the GateKeeper administrative listener port.
vbroker.se.iiop_tp.scm.hiop_ts.listener.proxyPort	<empty> - The proxy port feature is disabled <a fake port number>	Specifies the proxy port number for HIOP administrative listener port.
vbroker.se.iiop_tp.type	normal	This is applicable to the Administrative Server Engine.
vbroker.se.iiop_tp.scm.hiop_ts.servletList	orb	A virtual name given to the servlet class. It is used for specifying other properties like PUT, GET, LOAD and etc.
vbroker.se.iiop_tp.scm.hiop_ts.servlet.orb.GET	true (default) - enabled false - disabled	Enables or disables the servlet GET operation.
vbroker.se.iiop_tp.scm.hiop_ts.servlet.orb.PUT	true (default) - enabled false - disabled	Enables or disables the servlet PUT operation.
vbroker.se.iiop_tp.scm.hiop_ts.servlet.orb.class	com.inprise.vbroker.HIOP.servlets.ORBServlet	The name of the servlet class.
vbroker.se.iiop_tp.scm.hiop_ts.servlet.orb.load	false (default) - disabled true - enabled	Enables or disables the servlet Load operation.
vbroker.se.iiop_tp.scm.iiop_tp.connection.keepAlive	false (default) - disabled true - enabled	Set this property to true to enable the TCP KeepAlive option.

Access control

The following table lists the properties used to set security control in GateKeeper.

Property	Default/Options	Description
vbroker.gatekeeper.security.accessControllers	default	Specifies the list of names of access controllers.
vbroker.gatekeeper.security.acl.<controllerName>.default	null (default) - no default action deny - refused entry grant - permission granted	Specifies the default action for the control list. <controllerName> is specified above.
vbroker.gatekeeper.security.acl.<controllerName>.<xx> where <xx> is the name of the given rule.	null - no actions specified. See description for additional options.	Defines the action for the specific properties for the given rule. The definition is as follows (variables in bold are user-definable): <deny | grant> [operation=”<operation name>” [signer by=”<signer's company name>”] [server host=”<hostname>”] [client host=”<hostname>”] [server ip=aa.bb.cc.dd | <sub-mask>] [client ip=aa.bb.cc.dd | <sub-mask>] [object type=”<object type>”] ] <deny | grant> defines the action related to the individual rule. operation=”<operation name>” defines the related operation name based on the IDL. signer by=”<signer's company name>” defines the signer's company name. server host=”<hostname>” specifies the server hostname. client host=”<hostname>” specifies the client hostname. server ip=”<aa.bb.cc.dd>” specifies the IP address of the machine that the server resides on. client ip=”<aa.bb.cc.dd>” defines the IP address of the machine that the client resides on. object type=”<object type>” defines the object type.
	Examples: vbroker.gatekeeper.security.accessControllers=default vbroker.gatekeeper.security.acl.default.rules=rule1,rule2,rule3 vbroker.gatekeeper.security.acl.default.rule1=grant [operation=\”*”\ [server host=\”borland”\]] vbroker.gatekeeper.security.acl.default.rule2=deny [operation=\”*”\ [client ip=192.168.100.40 | 255.255.255.0]] vbroker.gatekeeper.security.acl.default.rule3=deny [operation=\”*”\ [server host=\”inprise”\] [client ip=192.168.100.88 | 255.255.255.0]]
vbroker.gatekeeper.security.acl.<controllerName>.type	com.inprise.vbroker. gatekeeper.security. ACImpl	Specifies the implementation class to be loaded by GateKeeper for Access Control. Note: User should not change this value.
vbroker.gatekeeper.security.acl.<controllerName>.rules	null - no rules specified. See description.	Specifies the names for the set of rules. Example: vbroker.gatekeeper.security.accessControllers= default vbroker.gatekeeper.security.acl.default.rules= rule1,rule2,rule3 where rule1, rule2, rule3 are names defined by the user.

VisiBroker 3.x style callback

The following table lists the properties that can be set in VisiBroker 5.x and later to use the VisiBroker 3.x style callback.

Property	Default/Options	Description
vbroker.gatekeeper.callback.enabled	false (default) - disabled true - enabled	Enables or disables the callback mechanism through GateKeeper. The default is disabled.
vbroker.gatekeeper.backcompat.callback	false (default) - disabled true - enabled	Enables or disables the VisiBroker 3.x style callbacks. If you wish to use the old style callbacks, set both the above and this property to true.
vbroker.gatekeeper.backcompat.callback.listeners	iiop (default ssl	Specifies a comma-separated list of listeners.
vbroker.gatekeeper.backcompat.callback.listener.iiop.type	IIOPCallback	Specifies the type of IIOP callback listeners.
vbroker.gatekeeper.backcompat.callback.host	<empty> - the value is set to the primary host IP address and that is the IP address of the primary NIC. <a host address>	Defines the host IP address to bind for the callback listener.
vbroker.gatekeeper.backcompat.callback.proxyHost	<empty> - no proxy host is used. <a fake host address>	This property is often used in conjunction with the server engine proxyPort property to mask the target port for this listener. If this property is set, the callback IOR will contain the proxyHost value in the end point information for this listener. It is then the responsibility of the Network Address Translation (NAT) device to map the proxyHost to the listener's true port. The default is <empty> indicating that the feature is disabled (the listener port will not be masked in the callback IOR).
vbroker.gatekeeper.backcompat.callback.listener.ssl.type	SSLCallback	Specifies the type of SSL callback listener.
vbroker.gatekeeper.backcompat.callback.listener.ssl.port	0-a port picked at random <port number>	Defines the port on which the callback listener uses to listen for SSL.
vbroker.gatekeeper.backcompat.callback.listener.ssl.proxyPort	<empty> - no proxy port is used> <fake port number>	Use this property when a NAT sits between the client and GateKeeper in which the NAT hides the actual GateKeeper host address.
vbroker.gatekeeper.backcompat.callback.listener.iiop.port	0 - a port number is picked at random. <a port number>	Specifies the port in which the callback listeners listen for the IIOP.
vbroker.gatekeeper.backcompat.callback.listener.iiop.proxyPort	<empty> - no proxy port is used. <a fake port number>	The proxyPort property is often used in conjunction with the server engine proxyHost property to mask the target port for this listener. If this property is set, the callback IOR will contain the proxyPort value in the end point information for this listener. It is then the responsibility of the Network Address Translation (NAT) device to map the proxyPort to the listener's true port. The default is <empty> indicating that the feature is disabled (the listener port will not be masked in the callback IOR).

Performance and load balancing

The following table lists the performance and load balancing properties to distribute and monitor the load between client and server.

Property	Default/Options	Description
vbroker.gatekeeper.load.distributor	com.inprise.vbroker. gatekeeper.ext. RoundRobinDistributor	Specifies the Distributor class to be used by the Load Balance Manager. Users should not change this property unless they understand the distributor interface and implement their own distributor. The following implementation class is used as a default distributor: (Round Robin):com.inprise.vbroker.gatekeeper. ext.RoundRobinDistributor.
vbroker.ce.iiop.ccm.connectionMax	0 - will not try to close any of the old active or cached connections. <an integer value>	Specifies the maximum number of total connections within a client. This value is equal to the number of active connections plus those that are cached.
vbroker.orb.gcTimeout	300 (default) <an integer value>	Specifies the time in seconds that must pass before important resources that are not used are cleared.
vbroker.orb.fragmentSize	0	Specifies the GIOP fragment size. It must be a multiple of GIOP stream chunk size.
vbroker.orb.streamChunkSize	4096 <a number which is the power of 2>	Specifies the GIOP message chunk size. It must be the power of 2.
vbroker.orb.bufferCacheTimeout	6000 <an integer value>	Specifies (in milliseconds) the time in which a message chunk has been cached before it is discarded.
vbroker.gatekeeper.load.slaves	<empty> - no slaves GateKeeper <a list of slaves> - see description.	Specifies the list of Slave GateKeepers to be clustered together for the purpose of Load Balancing by this Master GateKeeper. The list of names is separated by commas. For each name in the list, a property such as “vbroker.gatekeeper.load.slave.<slave_name>” is added to the property file. There is no default value for this property. Note that this property is used in the Master GateKeeper property only. For example: vbroker.gatekeeper.load.slaves=abc,xyz. Note: If you set this property, you must load the appropriate library. See the description of vbroker.orb.dynamicLibs in Miscellaneous ORB properties.
vbroker.gatekeeper.load.slave.<slave_name>	<empty> <Specific Slave IOR> - see description.	Specifies the IOR or a URL pointing to specific Slave GateKeeper to be clustered for the purpose of Load Balancing by this Master GateKeeper. Note that this property is used in Master GateKeeper property only. For example: vbroker.gatekeeper.load.slave.abc=http://host1:9091/GateKeeper.ior vbroker.gatekeeper.load.slave.xyz=http://host2:9091/GateKeeper.ior. Note: If you set this property, you must load the appropriate library. See the description of vbroker.orb.dynamicLibs in Miscellaneous ORB properties.
vbroker.gatekeeper.load.balancer	<empty> <master>	Specifies that the master GateKeeper's sole purpose is to do load balancing and it will never take a turn in serving clients. In the default mode, the master itself is also a slave, in the sense that it is included in the list of available GateKeepers and will take turn among the slaves. When a particular GateKeeper is unavailable, the client will come back to the master to obtain the next slave GateKeeper in turn (this can be one of the slaves or the master itself). Note: If you set this property, you must load the appropriate library. See the description of vbroker.orb. dynamicLibs in Miscellaneous ORB properties.

Support for bidirectional communications

The following table lists the properties that support bidirectional communications. These properties are evaluated only once, when the SCMs are created. In all cases, the exportBiDir and importBiDir properties on the SCMs are given priority over the enableBiDir property. In other words, if both properties are set to conflicting values, the SCM-specific properties will take effect. This allows you to set the enableBiDir property globally, and more importantly, turn off bidirectionality in individual SCMs.

Property	Default/Options	Description
vbroker.orb.enableBiDir	none (default) both server client See “Callback with GateKeeper's bidirectional support”.	You can selectively make bidirectional connections. If the client defines vbroker.orb.enableBiDir=client, and the server defines vbroker.orb.enableBiDir=server, the value of vbroker.orb.enableBiDir in GateKeeper determines the state of the connection. Note: Just as you can selectively enable bidirectional communication on a per-SCM basis, you can also selectively enable bidirectional communication on GateKeeper. For example, if you set the vbroker.se.exterior.scm.ex--iiop.manager.importBiDir property to true, GateKeeper will accept bidirectional connections from the client. Setting the vbroker.se.exterior.scm.ex--iiop.manager. exportBiDir property to true causes GateKeeper to request bidirectional connections with the server.

Support for pass-through connections

Note

The vbroker.gatekeeper.enablePassthru property is the only property that supports pass-through connections.

Property	Default/Options	Description
vbroker.gatekeeper.enablePassthru	false (default) - disabled true - enabled	Specifies enabled or disabled Passthru mode in GateKeeper.
vbroker.gatekeeper.passthru.blockSize	16384 <an integer value>	Specifies the buffer size that the channel uses for each read and write operation. A high value handles large messages with a single read and write, but increases the resources used by a single channel. A low value will optimize resource utilization, while degrading performance due to multiple reads and writes.
vbroker.gatekeeper.passthru.connectionTimeout	300000 milliseconds (5 minutes) <an integer value>	Specifies the amount of time in milliseconds a given channel will wait before it stops waiting for connections and shuts down the channel.
vbroker.gatekeeper.passthru.inPortMin	1024 <a port number>	Used together with vbroker.gatekeeper. passthru.inPortMax. It specifies the start of a range of interior port for pass-through incoming connections.
vbroker.gatekeeper.passthru.inPortMax	65535 <a port number>	Used together with vbroker.gatekeeper. passthru.inPortMin. It specifies the end of a range of ports for pass-through in-coming connections.
vbroker.gatekeeper.passthru.logLevel	0 - no logging <an integer value>	Enables the level of logging for the pass-through component.
vbroker.gatekeeper.passthru.outPortMin	0 <a port number>	Used together with vbroker.gatekeeper. passthru.outPortMax. It specifies the start of a range of exterior port for pass-through outgoing connections.
vbroker.gatekeeper.passthru.outPortMax	65535 <a port number>	Used together with vbroker.gatekeeper. passthru.outPortMin. It specifies the end of a range of exterior port for pass-through outgoing connections.
vbroker.gatekeeper.passthru.streamTimeout	2000 <an integer value>	Specifies the amount of time in milliseconds an established channel will wait for messages before it shuts down.

Security services (SSL)

The following table lists the properties used in the Security Services.

Note

If you set this property then you load the appropriate library. See the description of vbroker.orb.dynamicLibs in Miscellaneous ORB properties.

Property	Default/Options	Description
vbroker.orb.alwaysSecure	false (default) - disabled true - enabled	Whether GateKeeper will make secure connections to the server.
vbroker.security.peerAuthenticationMode	See description.	Refer to the VisiBroker Security Guide for more details.
vbroker.security.trustpointsRepository	See description.	Refer to the VisiBroker Security Guide for more details.
vbroker.security.wallet.identity	See description.	Refer to the VisiBroker Security Guide for more details.
vbroker.security.wallet.password	See description.	Refer to the VisiBroker Security Guide for more details.

Location services (Smart Agent)

The following table lists the Smart Agent (OSAgent) properties used in the Location Service to locate server objects.

See Using the Smart Agent in either the VisiBroker for Java Developer's Guide or the VisiBroker for C++ Developer's Guide for more details of these properties.

Property	Default/Options	Description
vbroker.agent.addr	null - see description.	Specifies the IP address or host name of the host running the Smart Agent (OSAgent). The default value, null, installs VisiBroker applications to use the value from the OSAGENT_ADDR environment variable. If the OSAGENT_ADDR variable is not set, it is assumed that the Smart Agent is running on the local host or will be located by a broadcast message.
vbroker.agent.port	null	Specifies the port number that defines a domain within your network. VisiBroker applications and Smart Agent (OSAgent) work together when they have the same port number. This is the same property as the OSAGENT_PORT environment variable.
vbroker.agent.addrFile	null	Specifies a file that stores information on where the IP address(es) or host names of the Smart Agent may be found.
vbroker.agent.failOver	true (default) false	When set to true, allows a VisiBroker application to failover to another Smart Agent.
vbroker.agent.enableCache	true (default) false	When set to true, allows VisiBroker applications to cache object references. Setting this property to true improves performance when locating servers, but disables Smart Agent round-robin activity.

Backward compatibility with VisiBroker 4.x and below

From VisiBroker version 5.x onwards, GateKeeper by default is not compatible with programs developed with VisiBroker 4.x and below. To make GateKeeper run properly with programs developed with VisiBroker 4.x and below, set the following property to true.

Note

Earlier versions of GateKeeper are by default compatible with older programs developed with Visibroker 4.x and below. From GateKeeper 5.x, however, you must explicitly set this property.

Property	Default/Options	Description
vbroker.orb.enableVB4backcompat	true (default) false	Specifies whether GateKeeper is compatible with older VisiBroker versions. Setting the property to false makes GateKeeper compatible with programs developed with VisiBroker 4.5.x onwards. Setting this property to true makes GateKeeper compatible with versions earlier than VisiBroker 4.5.x as well. (See “Appendix GateKeeper deployment scenarios” for more information.) Note: This value is set to true by default in GateKeeper. This value, however, is false by default on the client and server.

Server's properties for firewall specifications

These properties should only be set in the property file for the server. If you set any of these properties then you load the appropriate library. See the description of vbroker.orb.dynamicLibs (for Java) and vbroker.orb.enableFirewall (for C++) in Miscellaneous ORB properties.

The following properties specify the communication paths from the client to the server. See “Specifying communication paths to the server” for examples of its usage.

Property	Default/Options	Description
vbroker.se.iiop_tp.firewallPaths	<empty> <List of paths>	Specifies a list of communication paths from the clients to the servers. <List of paths> is a set of user defined names for the paths separated with commas. An example of the <List of paths> is: vbroker.se.iiop_tp.firewallPaths=x,y
vbroker.firewall-path.<pathname>	<empty> <List of components>	Specifies the list of components in the firewall path <pathname>. For example, vbroker. firewall-path.x=a,b vbroker.firewall-path.y=c
vbroker.firewall.<component>.type	<empty> PROXY TCP	Specifies the type of the components. For example: vbroker.firewall.a.type = PROXY vbroker.firewall.b.type = TCP
vbroker.firewall.<component>.ior	<empty> <Filename of ior file> <URL of the ior file> IOR:<GateKeeper's stringified ior>	Specifies the ior of the component. This is specified together with vbroker.firewall.<component>.type= PROXY. Examples of the values are: 1 file:C:/GateKeeper/gatekeeper.ior 2 http://www.inprise.com/GK gatekeeper.ior 3 IOR:2398402841729073423497234234234
vbroker.firewall.<component>.host	<empty> <fake host name>	Specifying fake host of the server. This is specified together with vbroker.firewall.<component>.types=TCP and the component is a TCP Firewall with NAT.
vbroker.firewall.<component>.iiop_port	<empty> <fake IIOP Port>	Specifies a fake IIOP port for the server. This is specified together with vbroker.firewall.<component>.type=TCP and the component is a TCP Firewall with NAT.
vbroker.firewall.<component>.ssl_port	<empty> <fake SSL Port>	Specifies a fake SSL port for the server. This is specified together with vbroker.firewall.<component>.type=TCP and the component is a TCP Firewall with NAT.
vbroker.firewall.<component>.hiop_port	<empty> <fake HIOP Port>	Specifies a fake HIOP port for the server. This is specified together with vbroker.firewall.<component>.type=TCP and the component is a TCP Firewall with NAT.

Miscellaneous ORB properties

These properties are common ORB objects and are directly and indirectly related to GateKeeper. They are not necessarily set in the GateKeeper property file, so please read each description carefully.

Property	Default/Options	Description
vbroker.orb.gatekeeper.ior	<empty> <ior filename>	Specifies the URL of the GateKeeper IOR file. This property must be set in the HTML files with applets because of the change in the behavior of the Applet Viewer.
vbroker.orb.alwaysProxy	false (default) - disable true - enabled	Specifies whether the client must always connect to the server via GateKeeper. This property can be set in the client or GateKeeper. If set to true in the client, the client will always connect to the server via GateKeeper. If set to true in GateKeeper, it will connect to the server via another GateKeeper.
vbroker.locator.ior	<empty> <ior filename>	Specifies the URL of the GateKeeper IOR file. This property is usually set in the client applet, but can also be set in an application. Note: GateKeeper provides limited location services. It cannot forward location requests to another GateKeeper. This is in contrast to the Smart Agent which is able to forward requests to another available Smart Agent.
vbroker.orb.alwaysTunnel	false (default) - disabled true - enabled	Specifies whether the client must always make HTTP tunnel (IIOP wrapper) connections to the server. When set to true, specifies that the client always make connections to the server using HTTP tunnel (IIOP wrapper). This property can be set in the client or GateKeeper.
vbroker.orb.dynamicLibs	<empty> <a list of libraries> See description	Specifies a list of libraries. Only libraries related to GateKeeper are described here. If the firewall component is specified, you must set this property in the properties of the Java client and Java server to: com.inprise.vbroker.firewall.Init If the load balancing component is specified, you must set this property in GateKeeper's property file to: com.inprise.vbroker.gatekeeper.ext.Init
vbroker.orb.enableFirewall	false (default) - disabled true - enabled	Setting this property to true at the C++ client and C++ server loads the required firewall library to enable the firewall feature with Gatekeeper.
vbroker.orb.firewall.init	false (default) - disabled true - enabled	If this property is set to true, and if the IOR has both IIOP and TCP type firewall components, then if any one of the end points fails, fail-over can occur. Setting vbroker.orb.alwaysProxy=true or a programmatically configured firewall proxy takes precedence.