Yesterday I wrote a blog regarding Maximo Asset Health Insights and connecting it out to the Watson IoT Platform. You can find that document here. One of the sections in this document described the Secure Gateway software service available on Blue Mix, which may be a requirement to connect your Maximo Server to the Watson IoT platform if it's not available on a public domain. If you haven't deploy the Secure Gateway software please do so before following this blog and ensure it is bound to your IoT Platform Boiler plate.
So lets get started now and launch the Secure Gateway application on Blue Mix so we can configure it.
Creating your Gateway
The first thing we need to do is create a gateway for our Maximo sever to connect to, this gateway will provide us with both an ID and token that's neededto make the connection from the Maximo server. We can do this following the steps that have been outlined below.
1. From the Secure Gateway Dashboard click on 'Add Gateway'
2. On the add gateway screen, we can give our gateway a name, as we will tunnel to a Maximo server, I'm going to call this MaximGateway. Check the 'Require security token to connect clients' and set the token expiration. The client will need to be updated with a new token after the expiration date. The default is 90, but this can be changed to meet your companies security needs, once complete click on 'Add Gateway'.
3. After clicking add you will be brought back to the main Secure Gateway Dashboard. From here click on the settings gear for your new gateway that you see created, this will bring up a panel showing our gateway id and token.
4. I've marked out my current gateway, token and node, you will want to copy this information down as it will be needed when you install your client,. After 90 days expiration you can also regenerate your gateway certificate and key from this panel. Once all information has been noted close out of the screen and then click on the MaximoGateway icon.
5. On the MaximoGateway screen you will see and 'Add Destination' option, we want to choose this and set our Maximo server as the destination.
6. A new panel will now show up, it will first ask you if your destination is an On-Premise destination or a Cloud destination, for this we have chosen On-Prem and clicked next. You will then be prompted to entered your destination, enter both the host name of your Maximo server and the port you use to connect to Maximo, click next.
7. Choose the protocol you will be connecting over, we are connecting via HTTP to our Maximo server
8. Choose your Authentication type if your destination enforces authentication, for this we are not enforcing authentication at our destination so I've chosen 'None'. Click next to proceed to the panel of the destination wizard.
9. One of the last panels allows for configuration to make your destination private and restrict it to certain IPs or ports. This will prevent anyone from accessing the application over www and only provide access to those that meet the rules in the IP tables, click next.
11. Once finished you will end up back on the destinations panel and see the destination we created. The next thing we need to do is add a client, which will be your Maximo Server. In the top right hand corner of the screen you will see a button that say 'Add Client'. Click on this button.
12 . The 'Add Clients' button will bring up a list of client installers, your token and your gateway id again. We are going to choose IBM Installer and download the Windows file. Once the file is downloaded we will want to copy the file to the server that we set the destination up for.
That concludes the Secure Gateway on Blue Mix configuration, we will now go through the client configuration.
Configuring the Maximo Server with the Secure Gateway Client.
Now that the Gateway is configured on Blue Mix we need to set up the client on our Maximo server that is going to make the connection to the gateway, at the end of the previous section we copied over the IBM Installer to our Maximo Server and that is where this section will start off. By the end of this section our Maximo application will be set up with Secure Gateway.
1. After the installer has been copied to the Maximo Server you will want to open and run it, proceed through the normal screens, such as agreements, installation path etc. Install as a service when prompted, then once you come to the following screen you will want to input your Gateway ID and Token which you copied down in the steps above. We won't define an ACL list as we will add our server in the UI that will be set up, once done click next.
2. The next panel will ask if you want to install the Client UI, choose yes and enter a password if you wish to secure it, then click install.
3. Once the install is complete, launch the secure gateway client, you will see it's enabled in the top right hand corner and the gateway id it's connected to. If you have other gateways configured in Blue Mix you can click on the + to add them. Now we want to complete our last step which is to add the Maximo Server address to our ACL.
4. In the ACL add the address and port to your Maximo server again, this would be the same address added when creating the destination. Once added you can exit out of the Web UI panel and your secure gateway to the Maximo server should be configured.
Accessing Maximo Through the Secure Gateway
Once your secure gateway is configured accessing Maximo is simple, you would use the node address from the destination settings panel (similar to gateway settings) along with the context of your Maximo server.
So if my node looks similar to the following : nodeid.integration.ibmcloud.com:nodeport
I can access Maximo using the address: nodeid.integration.ibmcloud.com:nodeport/maximo
This will redirect me to the internal Maximo Server address and allow me to log in to the application. The secure gateway is bound to your IoT Platform Boiler Plate, the Watson IoT Platform can contact your server as well. You will also be able to monitor the connections from the Secure Gateway Dashboard in Blue Mix.
This document was a bit to long to add to my initial post which is why I created a separate blog to give a step by step of the Secure Gateway configuration to the Maximo sever. Remember to use the IP tables to restrict access so every who has your node address and port can't access the environment. Any questions, comments or concerns please let me know.