HCL Workload Automation, Version 9.4

Using SSL for event-driven workload automation (EDWA) behind firewalls

This feature allows a domain manager to be run as a reverse proxy for HyperText Transfer Protocol (HTTP) and Event Integration Facility (EIF) protocols, forwarding traffic to the Event Processor. An option, enabled using the optman command-line program, allows you to choose if workstations that are behind a firewall must connect to the domain manager instead of to the event processor, causing the new proxy on the domain manager to forward its traffic to the event processor.

Restriction: This configuration is not supported if the agent workstation is a dynamic agent.
The incoming traffic is rerouted as follows:
  • If an agent is behind a firewall, the traffic is routed to the domain manager on the agent. If an agent is not behind a firewall, the traffic is sent directly to the event processor.
  • If domain managers have child nodes behind a firewall, the traffic is rerouted to the event processor.
  • Primary domain managers always reroute traffic to the current event processor.
  • Lower level domain managers reroute traffic to upper level domain managers if they are behind a firewall, or to the event processor if they are not behind a firewall.
To use this feature, perform the following steps:
  1. Enable the feature by setting the optman option to yes. The default value is no:
    enEventDrivenWorkloadAutomationProxy | pr = {yes|no}
  2. In the workstation definition in the database for the agent, set the behindfirewall attribute to ON.
  3. Configure OpenSSL or GSKit on the domain manager.
For details on how to set the attribute behindfirewall, see the HCL Workload Automation: User's Guide and Reference.