...
The Service Proxy protocol is enabled and configured on a Gateway server through the Gateway Configuration. The Service Proxy provides access to the management API built into the Swarm cluster nodes, using the same IDSYS authorization and authentication as your Content Gateway.
| Tip |
|---|
Best PracticeAccess: Enable the Service Proxy for cluster admins only, to grant them alone access to the cluster's Swarm UI and Management API. Disable Service Proxy for all other users (end users, tenants, customers), who should be restricted to the content interfaces (Content UI and the SCSP and S3 APIs). Production: In production, have one Gateway dedicated to run as Service Proxy for your cluster administration (via Swarm UI and Management API), and have a pool of additional Gateways to handle all content management at scale. Only if the cluster is for testing or light usage should you enable both cluster administration and content management on a single Gateway instance, such as on a CSN. |
Using the Service Proxy
To enable users to log in via the Service Proxy, provide them with the correct URL.
Host: Rather than use the IP address or hostname of a Swarm storage cluster node, give the Service Proxy hostname or IP instead. When using a hostname, verify that DNS resolves the name to the front-end IP address of the Gateway instance that is running Service Proxy.
Port: Include the
bindPortvalue (from the [cluster_admin] section of Gateway Configuration).
Swarm UI Access
| Code Block |
|---|
http://HOST:CLUSTER_ADMIN·BINDPORT/_admin/storage http://HOST:91/_admin/storage (default) |
...
Host | Read-only. The Service Proxy host name or IP address for the Swarm storage cluster to be viewed. |
|---|---|
Username | User logins for the UIs are not Swarm-managed but rather LDAP or PAM, as configured by the Gateway IDYSYS file, |
...
How the Service Proxy Works
The Service Proxy servlet listens on the specified port and handles two types of requests on the same port:
...