HULFT over TLS

Making Manager relay a file transfer, you can securely transfer a file from Agent to HULFT. This secure file transfer function is called "HULFT over TLS". This section explains a configuration and settings in the Manager environment and an Agent environment when you use HULFT over TLS.

Figure 2.15 Overview of HULFT over TLS

Note

To switch HULFT over TLS enable or disable, after you updated the settings files (application.properties and agent.conf), restart Agent and Manager.

(1) Configuration and settings for the Manager environment

This topic shows a configuration and settings in the Manager environment. The configuration of Manager is divided into the following two:

  • Basic configuration
  • Configuration using an SSL accelerator

Basic configuration

This configuration uses a certificate store managed by Manager.

Figure 2.16 Manager environment using HULFT over TLS (Basic configuration)

1. Agent transfers a file to Manager.

2. Manager relays the file transfer from Agent to HULFT.

3. HULFT returns an answer to Manager.

4. Manager returns the answer to Agent.

Configuration using an SSL accelerator

This configuration uses an SSL accelerator.

Figure 2.17 Manager environment using HULFT over TLS (Configuration using an SSL accelerator)

1. Agent tarnsfers a file to an SSL accelerator.

2. An SSL accelerator relays the file transfer from Agent to Manager.

3. Manager relays the file transfer from Agent to HULFT.

4. HULFT returns an answer to Manager.

5. Manager returns the answer from HULFT to the SSL accelerator.

6. The SSL accelerator returns the answer from HULFT to Agent.

Settings

Specify the environment settings file (application.properties) as follows:

  • ssl.route.cipher=true
  • ssl.route.multiplicity=Communication multiplex level so that Manager can relay file transfers at the same time
  • ssl.route.timeout=Non-communication timeout when Manager relays a file transfer

If you establish a basic configuration, in order to use the certificate store managed by Manager, you must specify the following five items, too:

  • server.ssl.enabled=true
  • server.ssl.key-store=Path of the certificate store
  • server.ssl.key-password=Password for the key that is stored in the certificate store
  • server.ssl.key-store-password=Password for the certificate store
  • server.ssl.key-alias=Alias name for the key that is stored in the certificate store

For details of the settings, see Configuring the Manager environment.

(2) Configuration and settings for an Agent environment

This topic shows a configuration and settings in an Agent environment.

Configuration

The configuration is the same as the configuration that does not use HULFT over TLS. For the configuration of an Agent environment, see How HULFT IoT transfers files.

Settings

Specify the settings file (agent.conf) as follows:

  • protocol=1
  • cert_verification=1

For details of the settings, see Editing the settings file (agent.conf).