TABLE OF CONTENTS
- What is the Illuminate Integration Gateway?
- General System Requirements
- What is Docker and why does N2N use this?
- Docker Installation Instructions
- Detailed instructions for installing Docker & Docker Compose (on CentOS)
- Integration Gateway Installation
- Load Balancing the Integration Gateway
- Integration Gateway setup for PROD on the same QA host/server
- Optional step to autostart the containers after a server reboot
- SSL Certs In Dataport/IIG
- What is an SSL certificate?
- What are Certificate Chains?
- What is SSL Certificate Chain Order?
- There are three parts to the chain certificates
- How To Update SSL Certs In Dataport
What is the Illuminate Integration Gateway?
The Illuminate Integration Gateway, also called the Dataport, is a tool used to provide the Illuminate platform with access to data that is located in physically and logically secure configurations, such as behind a firewall in the organization’s data center. The Integration Gateway provides a secure, encrypted channel to transport this data to the Illuminate cloud environment, where Illuminate creates a secure Application Program Interface (API) access platform.
How it works
N2N provides a Docker container that runs Illuminate's Integration Gateway (IIG). This is installed on a Virtual Machine (VM) that is provided by the University and typically hosted on the University's network. The IIG is used to facilitate secure communication between the University database and the Illuminate Platform without having to allow direct external communication to the actual database. VM setup is operating system specific, please refer to your onsite System Administrator for VM setup.
What is the current version of the Integration Gateway?
Illuminate Integration Gateway is at Version 4.12
*Note: Prior versions of the Illuminate Integration Gateway were branded "Illuminate Dataport"
What do we provide?
N2N provides a Docker image with the following software packages included:
- Tomcat 9.0.20
- JVM 11.0
- Illuminate Integration Gateway Project 4.12 (the N2N application code)
General System Requirements
General system requirements for installing the Integration Gateway:
Software
Docker 17.x version or higher
Hardware (VM)
4 to 8 CPU Cores (processors)
8GB to 16GB RAM
Enough disk space to run the OS and other supporting software (recommended disk space 40+ GB)
|
What is Docker and why does N2N use this?
What is Docker?
Docker is the world's leading software containerization platform. Docker containers wrap a piece of software in a complete file system that contains everything needed to run: code, run time, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. Containers isolate applications from one another and the underlying infrastructure while providing an added layer of protection for the application.
. For more details about Docker please visit this Docker page |
What is Docker Compose?
Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.
. For more details about docker-compose please visit the Docker Compose page |
Why does N2N use Docker for the Illuminate Integration Gateway?
The Docker platform provides N2N with a simple, effective way to deliver the right package of software to the Illuminate Integration Gateway. Docker allows N2N to combine tested versions of software with validated configuration files into one deployment package. This process greatly reduces the number of manual steps, which improves reliability and robustness, as well as making deployment faster!
Docker Installation Instructions
Docker CE (Community Edition) is available on multiple platforms. Use the following matrix to choose a supported operating system that provides the best installation path for you. Click on the platform to navigate for detailed documentation on the docker site. We provide detailed instructions for installing Docker and the Integration Gateway on CentOS along with other required configurations. Other Linux implementations will be similar.
Supported Platforms
Platform | Docker CE x86_64 |
---|---|
CentOS | Yes (Recommended) |
Yes | |
Yes | |
Yes | |
No (Supported by Podman) | |
Yes | |
Yes | |
Yes | |
Yes | |
Yes | |
Oracle Linux | Yes |
SUSE Linux Enterprise Server | No |
Microsoft Windows Server 2016 | No |
For more details please visit docker supported-platform documentation |
Detailed instructions for installing Docker & Docker Compose (on CentOS)
Prerequisites
An SSL certificate ready (self-signed is not supported) which includes .crt file (the .crt file must have the public, root, and intermediate certs, with public cert on top of the file) and a private key. (See SSL Certs FAQs at the end of this document)
Ports 443, 80, 2376 (2376 port is optional) need to be open on the VM instance where Docker and Integration Gateway are installed
Get the authorization credentials from N2N to pull the Docker image
Docker Installation
There are two ways to install Docker Engine
- Install using the yum package manager (Recommended)
- Install using the instruction from https://docs.docker.com/install/linux/docker-ce/centos/
Install with yum
- Log into your VM as a user with sudo rights to install and manage services or root user. If you are logged in as root you do not need to add the "sudo" at the beginning of each command.
- Make sure your existing packages are up-to-date using yum
- Add the yum repository if it doesn’t exist on your server where you are installing Docker.
- We will also need to enable the Redhat "extras" repository for RHEL 7 (The third command to enable the Redhat extras repository will only need to be run if you are running RHEL 7).
sudo yum install -y yum-utils |
Install the Docker package for RHEL 7.
sudo yum install -y docker-ce docker-ce-cli containerd.io |
Enable the Docker service. This is needed so docker will start whenever the system is restarted
sudo systemctl enable docker.service |
Start the Docker daemon
sudo systemctl start docker |
Verify Docker has been installed correctly by running a test image in a container
sudo docker ps |
- The screenshot below will show the installation is done properly.
Now that Docker installation is complete, the next step is to install Docker compose.
Docker Compose Installation
Run this command to download the current stable release of Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose |
If you have problems installing with |
Apply executable permissions to the binary.
sudo chmod +x /usr/local/bin/docker-compose |
. If the command For Example:
For more details about Docker Compose, please visit here |
Test the docker-compose Installation
docker-compose --version |
Integration Gateway Installation
Note: Firewall rules need to set up by this time. Whitelist N2N NAT IPs below
. QA: 23.20.165.255 PROD: 54.204.165.208 |
Installing The Integration Gateway
- Logging into the Illuminate app
- Login into QA Illuminate app: https://qa.illuminateapp.com/api-universe/login
- Login into PROD Illuminate app: https://illuminateapp.com/api-universe/login
Note: If you do not have an Illuminate account please contact appsupport@n2nservices.com
- Configure the Integration Gateway details within the Illuminate App's Connection Module by following the below steps
- From the left-side menu, select the connection button.
- Next select New/Upgrade Installation from the list of options
- Click on either Default Script or Pre-Configured Script
- Opting for the default script results in the availability of a basic tar file
- Selecting the pre-configured script provides a downloadable custom tar file containing the database details you entered into Illuminate
- Enter the details as prompted in the resulting window
- Note: This is an example of the menu provided by selecting Pre-Configured Script
- At this point, you can download the installation tar file from the download button in the upper right
- Note: Directions can also be referenced from the Installation Instructions button to the left of the download button
Untar the copied file on the server with the below command
tar -xvf iig-clienthosted.tar
- Run the prerequisites script to install the necessary packages to run the automated scripts, this will ask for the
cd iig-automation-clienthosted
bash install-prereqs.sh
A directory named "iig" will be created in the /opt directory, and it will contain all the scripts
Navigate to the "iig" directory and execute the configure.py script
The configure.py script will ask for account information, system configuration, and database details if the chosen
option in the UI is the default script
cd /opt/iig
/opt/iig/install/configure.py
Note: If scripts are not able to run due to the insufficient permissions, give the execute permissions to the scripts
Command: chmod +x <script_name>
Example: chmod +x configure.py
Once all the information has been entered, run the following command to install and connect the IIG to the
database
/opt/iig/install.sh
Check whether the installation has been completed successfully or not with the DNS status and in the
Illuminate App
curl -X GET https://{your dns}/idp/status
Adding Additional Database Providers
Default Script
To add one more database provider for the existing setup, run configure-db.py to enter the database details then run the save-multiple-database-connections.yaml script with chosen environment
/opt/iig/install/configure-db.py cd /opt/iig/install ansible-playbook save-multiple-database-connections.yaml -e stage_env=qa or prod
Pre-Configured Script
The Illuminate App UI allows for the input of multiple database details by selecting the Confirm & Add More button when
creating or editting the dataport details.
. Load Balancing the Integration GatewayNote: Recommended but optional Load balancing refers to efficiently distributing incoming network traffic across a group of servers. A Load Balancer acts as the "traffic cop" sitting in front of your servers and routing requests across all servers capable of fulfilling those requests in a manner that maximizes speed and capacity utilization and ensures that no one server is overworked, which could degrade performance.If a single server goes down, the load balancer redirects traffic to the remaining online servers. When a new server is added to the server group, the load balancer automatically starts to send requests to it.
Sample load balancing diagram leveraging Docker |
Integration Gateway setup for PROD on the same QA host/serverIf the client wants to set up a PROD integration gateway on the QA host, they need to follow these steps
|
. Optional step to autostart the containers after a server rebootIf a server is rebooted, restarted, or start/restart, the docker engine must be restarted. To accomplish that automatically follow the steps below
|
. SSL Certs In Dataport/IIGIf a client wants to update SSL certs in Nginx, they can go through these instructions for more details What is an SSL certificate?An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key. What are Certificate Chains?A certificate chain (or Chain of Trust) is made up of a list of certificates that start from a server’s certificate and terminate with the root certificate. What is SSL Certificate Chain Order?The SSL certificate chain order consists of root certificates, intermediate certificates, and a server’s certificate. Root CAs are a trusted source of certificates. Intermediate CAs are bridges that link the server’s certificate to the root CA. There are three parts to the chain certificates
For an SSL certificate to be authenticated by the web browsers, it must be authentic and issued by a trusted certificate authority embedded in the browser’s trusted store. If your SSL certificate isn’t issued by a trusted certificate authority, i.e., if it isn’t issued by a Root CA, then the connecting device or web browser will continue to check if the issuing CA was issued by a root CA. It will keep going back down the SSL certificate chain order to find the root CA. If it finds a root CA, a secure connection will be established. If it doesn’t find a root CA, then the connection will be dropped, and your web browser will display an error message that reads “invalid certificate” or “certificate not trusted.” How To Update SSL Certs In Dataport
How To form a bundle .crt file
(OR) Example GoDaddy:
Other SSL providers with a single intermediate certificate:
Other SSL providers with multiple intermediate certificates:
Additional step if the private key is password protected:
Now you have the bundled cert and private key ready, do the below steps to update these files in the Nginx container: Step 1:
Step 2:
Step 3:
If NGINX does not come back as successful, then do not proceed to the restart of NGINX. A successful output looks like this.
Step 4:
A successful restart of NGINX looks like this
Step 5: Verify that the NGINX container is running
|
Dataport Upgrade - Appendix - 5 | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Integration Gateway upgrade using manual steps
1) Authorization to Access Integration Gateway Docker Images
2) Find and stop the dataport container
3) Save the previous version of dataport
4) Pull and Run N2N's Integration Gateway image.
Auto Restart the containers
OptionalStep: Remove the renamed running container. Dataport is the container name
5) Add Database Credentials.
|
.Appendix 6
Podman Installation:
IIG setup process:
vim /etc/nginx/conf.d/default.conf
|
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article