Chapter 1 Introducing Jaguar CTS

Network protocol support

Jaguar supports the following protocols:

• Internet Inter-ORB Protocol (IIOP) IIOP is the standard protocol for communication between CORBA ORBs over TCP/IP networks. All Jaguar client models except MASP use IIOP or IIOP tunnelled inside of SSL (referred to as IIOPS). IIOP connections can also be tunnelled inside of HTTP to allow connections through firewalls that do not allow passage of IIOP traffic, as discussed in "HTTP tunneling support".
• Sybase Tabular Data Stream™ (TDS) TDS is a proprietary protocol used in two-tier database applications that connect to Sybase database servers or gateways. Two types of clients connect to Jaguar using TDS:
  • MASP MASP and TDS allow you to incorporate Jaguar components into applications that were developed with traditional two-tier development tools.
  • Legacy Open Server clients If you have converted an Open Server application to run in Jaguar, legacy clients for the application connect to Jaguar using TDS.
  To separate MASP and Open Server requests, Jaguar requires different listener ports for each type of client. To support MASP clients, your server must have at least one TDS listener installed. You must define an Open Server listener to support legacy Open Server clients.
• Hypertext Transfer Protocol (HTTP) HTTP is used by Web browsers for file downloads and uploads. Jaguar provides HTTP support to allow you to deploy HTML pages and Java applets on the Jaguar server itself.
• Secure Sockets Layer (SSL) The SSL protocol allows connections to be secured using public-key encryption and authentication algorithms. "SSL support" describes Jaguar's SSL support.

To enable support for each protocol, you must define a listener in Jaguar Manager. The listener configuration specifies a server address (host name and port number) as well as the network protocol and security settings to be used by clients that connect to that listener. SSL support requires installation of a server certificate. See the Jaguar CTS System Administration Guide for more information.

HTTP tunneling support

Almost all network firewalls allow HTTP traffic to pass, but some reject IIOP packets. When IIOP traffic is tunnelled inside of HTTP, your clients can connect to the Jaguar server through a firewall that does not allow IIOP traffic to pass.

Jaguar's Java client ORB performs HTTP tunnelling automatically using the designated IIOP port. No additional configuration or proxies are required. When connecting, the Jaguar client-side ORB first tries to open an IIOP connection to the specified address and port. If the IIOP connection fails, the ORB tries an HTTP-tunnelled connection to the same address and port. The default behavior is appropriate when some users connect through firewalls that require tunnelling and others do not; the same application can serve both types. If you know HTTP tunnelling is always required for a Java client, you can set the ORBHttp property to cause the ORB to use HTTP tunnelling without trying plain IIOP connections first.

The C++ client ORB supports tunnelling when clients explicitly request it by setting the ORBHttp property.

SSL support

The SSL protocol allows connections to be secured using public-key encryption and authentication algorithms that are based on digital certificates. SSL is a wrapper protocol: packets for another protocol are secured by embedding them inside of SSL packets. For example, HTTPS is HTTP secured by embedding each HTTP packet within an SSL packet. Likewise, IIOPS is IIOP embedded within SSL. HTTPS and IIOPS are also commonly called secure HTTP and secure IIOP, respectively.

Jaguar server provides native SSL protocol support. Specifically, Jaguar's built-in SSL driver supports dynamic negotiation, cached and shared sessions, and authorization for client and server using X.509 Digital Certificate Support.

In Jaguar Manager, you configure a secure IIOP or HTTP port by defining an IIOP or HTTP listener, then associating a security profile with the listener. The security profile designates a server certificate which will be sent to clients to verify that the connection ends at the intended server. The security profile also specifies the connection's required security settings, such as:

• Whether a client certificate is required to open connections. The client certificate serves as proof of the client user's identity.
• What data security options, such as the encryption algorithm, will be used to secure data transmitted over the connection.

For detailed instructions on configuring secure ports, see Jaguar CTS System Administration Guide.

On the client-side, the following types of clients can open SSL connections to Jaguar servers:

• Java applets hosted by SSL-capable Web browsers.
• Java applications
• C++ clients
• PowerBuilder clients
• ActiveX clients

Copyright © 2000 Sybase, Inc. All rights reserved.