To add a JDBC connection:

1. In the left console pane of the Server menu, select Data Provider.
2. Beneath the JDBC section, click Add.

   The JDBC Data Provider Definition pane displays.

3. Provide the appropriate values for your JDBC connection as listed and defined in the following table.

   Parameter	Description
   JDBC Connection Pool Properties
   Name *	Enter the name of the JDBC data provider to add.
   Driver Class	The JDBC driver class is the name of the class that contains the code for this JDBC Driver. You can select a predefined database from the drop-down list or enter your own. The following are sample values for the driver: com.microsoft.jdbc.sqlserver.SQLServerDriver COM.ibm.db2.jdbc.app.DB2Driver com.informix.jdbc.IfxDriver sun.jdbc.odbc.JdbcOdbcDriver oracle.jdbc.driver.OracleDriver com.sybase.jdbc2.jdbc.SybDriver The required .jar files for the JDBC driver must be installed and registered in the Service Manager classpath. You can use the Path Settings option on the console to add Java classes and libraries.
   Connection URL	The JDBC connection URL to use when creating a connection to the target database. The URL generally includes the server name or IP address, the port or service, the data source name, and a driver specific prefix. You can select a predefined database from the drop-down list or enter your own. The following are sample values for the URL: jdbc:microsoft:sqlserver://server:1433;DatabaseName=DB jdbc:db2:database jdbc:informix-sqli://HOST:PORT/DB:INFORMIXSERVER=SERVER_NAME jdbc:odbc:DBjdbc:oracle:thin:@HOST:PORT:SIDjdbc:sybase:Tds:HOST:PORT For more information, see the JDBC documentation for the specific data source.
   User	User name with respect to the JDBC URL and driver. SREG names can be used.
   Password	Password with respect to the JDBC URL and driver. SREG names can be used.
   Connection Pool Properties
   Initial Pool Size *	Number of connections to place in the pool at startup.
   Maximum Number of Idle Connections *	Maximum number of idle connections to retain in the pool. 0 means no limit except what is enforced by the maximum number of connections in the pool.
   Maximum Number of Connections *	Maximum number of connections in the pool. 0 means no limit.
   Login Timeout	Time in seconds to wait for a pooled connection before throwing an exception. 0 means wait forever.
   Behavior When Exhausted	What to do when the pool reaches the maximum number of connections. Block means wait for a connection to become available for the period defined by the login timeout parameter. Fail means throw an exception immediately.
   Validation SQL	SQL statement that can be executed to validate the health of a pooled connection. The statement should return a result set of at least one row.
   Validate on Borrow	If set to true, the validation SQL statement will be executed on a pooled connection before returning the connection to the caller.
   Validate on Return	If set to true, the validation SQL statement will be executed on a pooled connection before replacing the connection in the pool.

4. Click Test to check for proper connections.

   If a connection cannot be made, an error message displays describing the problem. Typically, the driver has not been installed or the classpath has not been set.

5. Click Add to return to the Data Provider pane.

Since drivers are stopped, they do not need to be added. However, if you need to add a JLINK data source:

1. In the left console pane of the Server menu, select Data Provider.
2. Beneath the JLINK section, click Add.

   The JLink pane displays.

   

3. In the Name field, type the name of a new server. In this example, type NEWSERV.
4. In the Description field, type a brief description for the new server. The default is JLINK Data Provider.
5. From the Type drop-down list, select a JLINK server type.

   The default is WebFOCUS Pro Server.

6. Type the required values for Host and Port.
7. Type the required values for User and Password.
8. From the Engine drop-down list, select a database engine.

   The default is 0 (EDA).

9. From the Encoding drop-down list, select a codepage.

   The default value is 137 (U.S. English).

10. To encrypt data that is transported over the wire (optional), select the Encryption check box.
11. In the Trace File field, type the path and name of the file for the trace output.
12. To set trace levels, select any number of the check boxes listed (optional).
13. Click Add.

The Services Provider pane enables you to define properties required to support iWay business services as web services.

To configure for a web service:

1. In the left console pane of the Server menu, select Services Provider.

   The Services Provider pane opens, as shown in the following image.

   

2. From the Data Store Type drop-down list, select a repository you want to configure.

   The following are available:

   • Embedded Database (no data provider required)
   • File System (no data provider required)
   • IBM DB2
   • MaxDB
   • Microsoft SQL Server
   • Oracle
   • Sybase

   You must configure the tables before using the repository. For more information on configuring repository tables, see the iWay Installation and Configuration Guide.

   Note: iWay Service Manager is installed with an embedded HSQL repository, which is the default data store for information that is generated during design time and then published into a deployed runtime environment.

   For more information on the properties on this window, see the table in Services Provider Settings.

3. From the Data Provider Name drop-down list, select an available data provider.

   For more information on how to add a data provider, see How to Add a Data Provider.

4. Type new values or modify existing values.
5. Click Update.

The following table lists and describes the Services Provider settings.

Property	Type/Value	Description
Repository
Data Store Type	Choice	Acts as a metadata repository. The default value is Embedded Database. Select a database from the drop-down list: File System (not supported for production use), IBM DB2, MaxDB, Microsoft SQL Server, Oracle, and Sybase.
Data Provider Name	String	JDBC driver defined in the Data Provider pane. Select from the drop-down list, or click Add to define a new JDBC connection.
Connection Pooling	Boolean	When selected, turns on connection pooling for the JDBC driver.
iWay Business Services
Publishing Location	Directory	Directory where the WSDL files produced by the iWay Business Services Provider (iBSP) are stored. If the directory does not exist, select the check box to create the named directory.
Adapter Library	Directory	Directory where the iWay adapter JAR files are located. If the directory does not exist, select the check box to create the named directory.
Policy Based Security	Boolean	When selected, enforces iBSP security policy. For more information, see the iWay Business Services Provider User's Guide.
Namespace Awareness	Boolean	If set, iWay Business Services preserve XML namespaces from the adapter's response message in the SOAP response message. Note: When the Java system property ibsp.wsdl.nsaware is set to true, namespaces are preserved without regard for the Namespace Awareness property.
Operation Namespace URI	String	If set, iWay Business Services use this specified URI for the operation node in the SOAP response message. Note: When the Java system property ibsp.operation.ns is set, the value of this Java system property is used and the Operation Namespace URI property is ignored.

<SOAP-ENV:Envelope xmlns:SOAP-
ENV="http://schemas.xmlsoap.org/soap/envelope/">
     <SOAP-ENV:Body>
        <PFIVP_1Response cid="9952CD68D2AFAC3FCD1ED00A645237D4"
         xmlns="urn:iwaysoftware:ibse:jul2003:PFIVP_1:response">
              <d>
                  <d1/>
                  <d2/>
              </d>
        </PFIVP_1Response>
     </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

To add a data provider:

1. Click Add in the Data Provider Name section.

   The Data Provider - JDBC pane opens.

   

2. Enter a name for the JDBC data provider.
3. From the Driver Class drop-down list, select the JDBC class for the data provider.

   You can also manually enter the name.

4. From the Connection URL drop-down list, select the connection URL to use when creating a connection to the target database.

   You can also manually enter the URL.

5. Enter the user ID to access the repository database.
6. Enter the password to access the repository database.
7. Click Test.

   You should receive a response that says:

   The JDBC data provider test completed successfully.

   If you receive an error, troubleshoot accordingly. Ensure the driver is in the iWay61\lib directory. For more information, see the iWay Installation and Configuration Guide.

8. Click Update if the test is successful.

   You connection appears on the Data Provider pane. If you need to change its parameters, you can click the name of the connection.

   

   If you need to define both the target and source repositories, repeat this procedure to define another repository.

You can migrate repositories using the iWay Service Manager Administration Console. These repositories can be for iWay Service Manager, the older iWay Adapter Manager, Servlet iBSP, or iWay Connector for JCA. The structure of the repository has not changed.

Some of the things you can migrate include:

• Migrate the data in the default iWay SM HSQL database to another database repository.
• Migrate an older iWay Adapter Manager repository into the default iWay SM HSQL database.
• Migrate a Servlet iBSP or iWay Connector for JCA database repository.

Note: Monitoring tables are not migrated.

In this section:

• Source repository refers to the older existing repository you wish to migrate.
• Target repository refers to the new repository you wish to use.

A directory is a set of information with similar attributes organized in a logical and hierarchical manner. The protocol accesses LDAP directories, regardless of the form of the directory itself. LDAP sees the directory in a standard manner.

• A directory is a tree of directory entries.
• An entry consists of a set of attributes.
• An attribute has a name (an attribute type or attribute description) and one or more values. The attributes are defined in a schema.
• Each entry has a unique identifier: its Distinguished Name (DN). This consists of its Relative Distinguished Name (RDN) constructed from some attribute(s) in the entry, followed by the parent entry's DN. Think of the DN as a full filename and the RDN as a relative filename in a folder.

A DN may change over the lifetime of the entry, for instance, when entries are moved within a tree. To reliably and unambiguously identify entries, a unique key (called a UUID) may be provided in the set of the entry's operational attributes.

iWay provides a simple access function to supply the value of a single LDAP attribute for use as a configuration parameter. The following function accesses the information in the directory:

_LDAP( filter, attribute, context [,providername])

For example: _LDAP("cn=John Doe",mail,'dc=example') might return the mailing address for John.

LDAP providers may also be used to hold certificates for security operations.

A keystore is a database of key material. Key material is used for a variety of purposes, including authentication and data integrity. There are various types of keystores available, including "PKCS12" and Sun's "JKS." Some keystores can contain both encryption keys and security certificates. Formally, however, a keystore holds the private key for one or more PKI key pairs.

A truststore is a database of key material. It holds the public certificates of trusted partners for message exchange. Although it is possible to share a single file with the keystore, more formally a truststore and a keystore are separate entities.

A certificate store, also called a certstore, is a database of public key certificates and Certificate Revocation Lists. The CRL is required to stop the use of a certificate when it would otherwise be considered valid. A CRL is not needed to tell you a certificate is bad once its expiration date is reached. In fact, CRLs are usually cleaned of expired CRLs after one complete CRL revision period has elapsed. This means the expired CRL will continue to appear in at most one CRL after it expired.

If certificate revocation is turned on, you will need one CRL for each CA in the certificate chain you want to verify. If a CRL is missing, there is no way to know whether certificates issued by that Certificate Authority are still valid. Therefore, all certificates issued by this CA will be considered revoked. A CRL that contains no certificates is acceptable. It belongs to a Certificate Authority that did not revoke any certificates.

CertStore providers define the directories from which certificates and CRLs can be loaded. A configured Directory Certstore provider can be used as a named provider in the components that support CRL checking for messages.

The following section describes LDAP certstore providers.

To define a keystore provider using the iWay Service Manager Administration Console:

1. In the left console pane of the Server menu, select Security Provider.

   The Security Provider pane opens.

   

2. Click New in the Keystores section.

   

   The Keystore Definition pane opens.

   

3. Enter the parameters for the keystore and make sure to select the appropriate values from the Keystore Type and the Keystore Provider drop-down lists that will correspond to your keystore configuration.
4. In the Callback Handler field, optionally enter the fully qualified name of a callback handler that will satisfy authentication callbacks for the keystore.

   The callback handler must satisfy the javax.security.auth.callback.CallbackHandler interface and be available in the classpath for iWay Service Manager.

5. Click Add.

   You are returned to the main Security Provider pane and the new keystore that was defined is added to the list.

   

   Note: The keystore provider is set as the default SSL provider and default S/MIME provider if it is the first one that is created. When an SSL or S/MIME default provider is removed, the first remaining keystore provider is automatically set as the default.

6. To define multiple keystore providers, repeat this procedure.

   A defined keystore provider can be used as a named provider when configuring other iWay components (for example, listeners, services, emitters, and so on).

To define an SSL context provider using the iWay Service Manager Administration Console:

1. In the left console pane of the Server menu, select Security Provider.

   The Security Provider pane opens.

   

2. Click New in the SSL Contexts section.

   The SSL Context Provider pane opens.

3. Enter the appropriate values for the SSL context provider parameters.

   For more information, see Parameters for SSL Context Providers.

4. Click Add when you are finished.

   You are returned to the main Security Provider pane and the new SSL context provider that was defined is added to the list.

   

   Note: The SSL context provider is set as the default provider, if it is the first one that is created. When the default provider is removed, the first remaining provider is automatically set as the default.

5. To define multiple SSL context providers, repeat this procedure.

   A defined SSL context provider can be used as a named provider when configuring IP-based components, such as AS2 and HTTP.

   Note: To activate any new security providers that have been configured, you must restart iWay Service Manager.

The following table lists and describes all of the available parameters for SSL context providers.

Property	Description
Name	The name of the SSL Context definition to add.
Description	A brief description of the use of this SSL Context.
Keystore Provider	Configured Security Provider for the keystore you wish to use for this SSL context. Choose default to use the default SSL Keystore Provider. Keystores hold private keys.
Truststore Provider	Configured Security Provider for the truststore you wish to use for this SSL context. Choose default to use the default SSL Keystore Provider. Truststores hold the certificate of Trusted CAs used to verify peer certificates.
Security Protocol	Specify the version of security protocol that should be used. During SSL handshake, a negotiation selects the protocol to be used from the best mutually supported. This field sets the minimum acceptable security protocol. If the handshake cannot select a mutually supported protocol, the connection fails. The options are: SSL, SSLv2, SSLv3, TLS, TLSv1, and TLSv2. Note: You must have Java version 1.7 configured on your system to use TLS protocol version 2.
JCE SSL Context Provider	JCE Provider for the SSL Context.
Server Key Alias	Alias for the key to be used to identify secure servers using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
Client Key Alias	Alias for the key to be used to identify secure clients using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
Session Cache Size	The maximum number of SSL sessions that will be retained in the session cache. Sessions in the cache can be reconnected with less overhead than those not cached.
Session Timeout	Maximum length of time (in seconds) that an SSL session can remain in the cache.
Enable Certificate Revocation	Enable CRL checking of certificates during handshake.
OCSP Responder	Name of the OCSP Responder provider. This verifies the status of certificates online instead of relying on Certificate Revocation Lists (CRLs).
JCE PKIX Trust Manager Provider	JCE provider to construct PKIX Trust Manager. Choose 'Not Specified' for default.
JCE Signature Provider	JCE provider used to verify digital certificate signatures during handshake.
PKIX Certificate Store	Certificate store from which certificate revocation lists are loaded.
Enabled Cipher Suites	If supplied, only cipher suites on this list will be enabled for SSL sockets or SSL engines created using this provider. The user must take care that enabled cipher suites are supported by other components specified. Enter as comma-delimited list or use FILE() function. If left blank, all available cipher suites will be enabled and be available during SSL negotiation.
Hostname Verification	If true, client SSL connections using this provider will attempt to verify that the server certificate matches its host name.
Client Authentication	If true, servers using this provider will use SSL client authentication, that is, the server must receive and authenticate a certificate from the client as part of the SSL handshake.

To define nHTTP and HttpClient providers:

1. In the left console pane of the Server menu, select Pooling Providers.

   The Pooling Providers pane opens.

   

2. Click New in the Defined HttpClient Providers section.

   The HttpClient Provider Settings pane opens.

   

3. Enter the appropriate values for the HttpClient provider parameters.
4. Click Add when you are finished.

   You are returned to the main Pooling Providers pane and the new HttpClient provider that was defined is added to the list.

5. To define multiple Pooling Providers, repeat this procedure.

The following table lists and describes all of the available parameters for the HttpClient provider.

Parameter	Description
Name	Name for the HttpClient provider.
Description	Brief description of the use of this HttpClient provider.
Maximum Connections Per Host	Defines the maximum number of simultaneous connections allowed per host. When this threshold is reached, new connections will not be accepted until current connections are closed and the total number of connections is below the limit. Leave this field blank (default) or set a value of zero to have no maximum limit of connections.
Maximum Total Number of Connections	Defines the maximum number of simultaneous connections that are allowed overall. When this threshold is reached, new connections will not be accepted until current connections are closed and the total number of connections is below the limit. Leave this field blank (default) or set a value of zero to have no maximum limit of connections.
Connection Timeout	Maximum length of time (in milliseconds) that a request will block while waiting for a connection to become available from the pool. The value 0 means there is no timeout.
Set TCP No Delay	If set to True, disables Nagle's Algorithm on the client socket. This will result in faster line turnaround at the expense of an increased number of packets.
Proxy	If set to True, emit through a proxy server.
Proxy User ID	User ID for the proxy challenges.
Proxy Password	Password to access the proxy server.
Proxy Domain	Domain for NTLM proxy authentication.
Proxy Host	Host where the proxy can be accessed.
Proxy Port	Port where the proxy can be accessed.
Authentication Preference	If several schemes are returned in the WWW-Authenticate header, this parameter defines which schemes take precedence over others. The value is a comma-separated list of authentication scheme names with the most preferred scheme listed first. The default is negotiate,NTLM,Digest,Basic where negotiate means SPNEGO. Kerberos requires the negotiate scheme and HttpClient version 4.1 or higher.
Kerberos Login Entry	The Application Login Entry in the JAAS login configuration file that will be used to login to Kerberos. This login entry should configure a Kerberos login module (Krb5LoginModule).
SSL Context Provider	Named iWay Security provider for SSL Context. Defaults to the value assigned to the SSL Context Provider.
IP Interface Host	Local IP Interface from which the outgoing IP socket originates.
Idle Timeout	Time in seconds that an unused connection can remain in the pool. If set to 0, connections will remain in the pool indefinitely.
Cookie Specification	The cookie management specification determines the rules for parsing, validating, and formatting cookies. By default, best-match is selected from the drop-down list, which is the recommended policy. HttpClient version 4.1 or higher is required.
Persistent Cookie Store	If set to true, cookies are preserved between server reboots. By default, false is selected.

By default, the HttpClient provider handles cookies automatically. The provider looks for cookies in the responses it receives and then stores them in a cookie store. When a new request is made, the provider looks in the cookie store and the cookies that match are resubmitted to the originating server. Each HttpClient provider manages its own independent cookie stores.

Cookie management is configured with parameters on the HttpClient provider. The Cookie Specification parameter determines the rules for parsing, validating, and formatting cookies. The specifications that are available for this parameter are listed and described in the following table.

Cookie Specification	Description
best-match	Selects a cookie policy based on the format of cookies sent with the HTTP response.
rfc2109	Cookie Version 0.
rfc2965	Cookie Version 0 and Cookie2 Version 1.
compatibility	Closely mimics (mis)behavior of common web browsers.
netscape	Conforms to the original draft specification published by Netscape Communications. Should be avoided unless strictly necessary for legacy code.
ignoreCookies	Cookie management is disabled.

The iSM SNMP agent is exposed as a provider. There can be one or more providers defined in a configuration, although more than one is only required if there are independent managers controlling different aspects of the server.

To complete the configuration, you will need to know the configuration of the manager. For example, the manager will be configured to interact with the agent on a specific port (usually 161). If you have multiple configurations on the same installation host, you will need to separate these by having different addresses. For performance reasons, iSM uses separate providers on each configuration rather than having a single provider poll other configurations.

You will also be requested to specify which protocol(s) are used by your manager. Select the set that is supported by the manager.

The provider can accept simultaneous requests from multiple managers, and some managers are capable of sending multiple requests to their agents in parallel. If this is the case, you can specify the number of expected parallel requests by setting the number of execution threads.