When running a transformation, Data Exchange allows you to use secure connection SSL between the database host and Runtime Service, as well as between Data Exchange internal Windows components. This helps to improve security for data in motion.
The technologies used to enable SSL are different for links between different components. You must enable the secure connection for these links in different places in Data Exchange.
DEMS is only responsible for enabling the secure connections for the Data Exchange Windows components, for which the underneath technology used is Windows Communication Framework (WCF). For these SSL enabled links, you must use the same certificate.
You can configure the certificate validation and revocation modes in the configuration files of the Data Exchange Windows components. You can also choose to use the default values. The default values for revocation and validation are NoCheck and PeerOrChainTrust, respectively.
For links that involve an external product, such as AIS, a source database product, or a target database product, the secure connection configuration is done outside of Data Exchange, and should follow the SSL instructions of those products. However, there is one exception: for RDMS as a source for Changed Data Transformation, you must enable SSL and configure the certificate in the Data Exchange Runtime Service configuration file. And you need to install the certificates on the respective Data Exchange Windows Runtime machines.
Notes:
The user account (Application User Account or Windows User Account) under which the Data Exchange Windows components are running must have access to
the certificate used for communication between Windows components.
the certificate used for communicating with their corresponding internal database.
The user account of Runtime Service must also have access to
the certificates used for communication with the source and target data store.
the certificate used for communication between the OS 2200 Agent and Runtime Service.
The user account of DE Agent for SQL Service must have access to the certificate used for source SQL Server connection.
The Administration application pool must have access to the certificate used for communication between Windows components.
The following tables summarize this information:
Pre-requisites: All necessary certificates should be requested and installed on the appropriate database or Data Exchange hosts.
Table 1. Enable Secure Connection Between Source or Target Database and Runtime Service
| Transformation Pair | Component 1 | Component 2 | Technology Used | Where to Enable Secure Connection in Data Exchange |
Enterprise Database Server to SQL Server | Enterprise Database Server | Runtime Service | AIS (for both BDT and CDT) | AIS Configuration Utility |
Runtime Service | SQL Server | SQL Server Secure Connection | Start Transformation flow on Administration Site | |
Enterprise Database Server to Oracle | Enterprise Database Server | Runtime Service | AIS (for both BDT and CDT) | AIS Configuration Utility |
Runtime Service | Oracle | Oracle Secure Connection | Start Transformation flow on Administration Site | |
Enterprise Database Server to Kafka | Enterprise Database Server | Runtime Service | AIS (for both BDT and CDT) | AIS Configuration Utility |
Runtime Service | Kafka | Kafka Secure Connection | Start Transformation flow on Administration Site | |
RDMS to SQL Server | RDMS | Runtime Service | AIS (for BDT) | AIS Configuration Utility |
RDMS | Runtime Service | TCP Socket Connection (for CDT) | Data Exchange Runtime Service Configuration file | |
Runtime Service | SQL Server | SQL Server Secure Connection | Start Transformation flow on Administration Site | |
RDMS to Oracle | RDMS | Runtime Service | AIS (for BDT) | AIS Configuration Utility |
RDMS | Runtime Service | TCP Socket Connection (for CDT) | Data Exchange Runtime Service Configuration file | |
Runtime Service | Oracle | Oracle Secure Connection | Start Transformation flow on Administration Site | |
RDMS to Kafka | RDMS | Runtime Service | AIS (for BDT) | AIS Configuration Utility |
RDMS | Runtime Service | TCP Socket Connection (for CDT) | Data Exchange Runtime Service Configuration file | |
Runtime Service | Kafka | Kafka Secure Connection | Start Transformation flow on Administration Site | |
SQL Server to Enterprise Database Server | SQL Server | Runtime Service | SQL Server Secure Connection (for BDT) | Start Transformation flow on Administration Site |
SQL Server | DE Agent for SQL Server | SQL Server Secure Connection (for CDT) | Start Transformation flow on Administration Site | |
DE Agent for SQL Server | Runtime Service | WCF (for CDT) | DEMS | |
Runtime Service | Enterprise Database Server | AIS | AIS Configuration Utility |
Table 2. Enable Secure Connection Between Data Exchange Internal Components
Component 1 | Component 2 | Technology Used | Where to Enable Secure Connection for this link in Data Exchange |
DDW | DDW Repository | SQL Server Secure Connection | On DDW User Interface, when you create or connect to a repository |
Runtime Administration | Runtime Administration Database | SQL Server Secure Connection | During installation of Runtime Administration |
Runtime Service | Tracking Database | SQL Server Secure Connection | During installation of Runtime Service |
DDW | Runtime Administration | Windows Communication Foundation (WCF) | DEMS |
Runtime Administration | Runtime Service | WCF | DEMS |
Runtime Administration | DE Agent for SQL Server | WCF | DEMS |
Administration Site | Administrative Service | WCF | DEMS |
DEMS | DDW/ Runtime Administration / Runtime Service / DE Agent for SQL Service | Web API | IIS where DEMS is installed |