Appendix I. Connection Manager

The Connection Manager is used to solve the problem encountered when a DMZ server communicates with an internal network server.

The Connection Manager solves a common problem typically found when a server in the DMZ needs to communicate with a server in the internal network. For example, MFT Internet Server (MFTIS) generally executes in the DMZ to allow external client access. MFTIS needs to connect to the following servers executing in the internal network, and therefore needs to make TCP connections with the following servers:
  • LDAP Server for authentication
  • Oracle Server DB Instance
  • MFT Platform Server where data resides
Many firewalls are configured to not allow TCP connections to be opened from the DMZ to the Internal Network. When not allowed, a security exception is often required. Connection Manager allows DMZ server instances to create connections to servers in the internal network without opening the connection from the DMZ; all connections are opened from the internal network.

Connection Manager Components



Connection Manager Agent(CMA)

The CMA accepts TCP Connection Requests from the Internet Server. It will then send these requests to the Connection Manager Server (CMS) over the Control Connection established by the CMS. The CMA generally executes in the DMZ.

The CMA is distributed with the MFT Internet Server product. It can be installed and configured as part of the Internet Server installation or it can be installed and configured standalone. The CMA can execute on the same computer as the Internet Server or it can execute on a different computer than the Internet Server. The CMA installation is described in TIBCO Managed File Transfer Internet Server Installation Guide. Multiple instances of the CMA can be installed to provide High Availability.

Connection Manager Server(CMS)

The CMS creates a TCP Control Connection with the CMA. CMA uses this Control Connection to send TCP Connection requests to CMS. When CMA sends a connection request, CMS will initiate the connection to the remote server and respond back to the CMA request. The CMS will generally execute in the internal network.

The CMS is distributed with the TIBCO MFT Command Center product. It is installed and configured in a standalone environment. The CMS can execute on the same computer as the Command Center or it can execute on a different computer than the Command Center. The CMS installation is described in this TIBCO Managed File Transfer Command Center Installation Guide. Multiple instances of the CMS can be installed to provide High Availability.

MFT Command Center (MFTCC)

MFTCC is the component that allows you to configure the CMA, CMS and Internet Server components.

MFT Internet Server (MFTIS)

MFTIS is the component that requires connections to the internal network. MFTIS can execute in the internal network or in the DMZ. When executing in the DMZ, MFTIS may require the CMA to establish connections to the internal network. When connections to the internal network are required, MFTIS connects to the CMA to initiate the TCP connections.