2

I would like to load on-premise Oracle data to Bluemix dashDB. I plan to use DataWorks and Secure Gateway. It is required that only DataWorks can access to Secure Gateway.

According to the tutorial Securing Destinations with TLS in Bluemix Secure Gateway, a destination with TLS: Mutual Auth can restrict clients.

So I try to adapt the how-to to DataWorks and refer the APIs of DataWorks. But, I found the can't find request parameters about TLS: Mutual Auth in "Create an activity" API.

Would anyone teach me how to use TLS: Mutual Auth between DataWorks and Secure Gateway or any other methods to secure the destination of Secure Gateway?

  Oracle Connection:
    type ( string): Specify oracle,
    sid ( string): The Oracle System ID,
    host ( string): The host name or IP address of the database,
    port ( integer): The port number,
    user ( string): The user name to use to connect to the database,
    password ( string): The password for the specified user name,
    schema ( string): The schema name. The name is case sensitive,
    ssl ( string, optional):
    sslCert ( string, optional):
    gateway ( string, optional):

ralphearle
  • 1,696
  • 13
  • 18
shimac-jp
  • 233
  • 3
  • 11

1 Answers1

1

This documentation describes how to add the Secure Gateway service by using the Bluemix UI:

https://www.ng.bluemix.net/docs/#services/SecureGateway/index.html#gettingstartedsecuregateway

There are 3 possible options:

  1. No TLS - No authentication is provided. Your application can communicate directly to the gateway without requiring any certificates.
  2. TLS: Server Side - TLS is enabled and the server provides a certificate to prove its authority. You need to accept the server certificate into your application truststore.
  3. TLS: Mutual Auth - The server provides a set of certificates. However, you also need to upload your own certificate or select auto-generate to automatically create a self-signed certificate/key pair that you can download along with the server certificate.

To choose TLS: Mutual Auth, just select it in the Create Destinations page. If you are using DataWorks, you do not need to create a destination.

CharlesL
  • 942
  • 5
  • 14
  • Thank you for your response. I am using DataWorks. Is it right that the connection between DataWorks and SecureGateway is secure like "TLS: Mutual Auth" when I using "gateway option and host/port set as on-premise" in DataWorks creating an activity API ? – shimac-jp Apr 30 '15 at 01:26
  • If you are using DataWorks, you would need to add the secure gateway through the DataWorks UI interface. Yes, you do not need to choose the method for TLS as it should automatically set up the appropriate secure path between your source and your destination for you. https://www.ng.bluemix.net/docs/services/dataworks1/index.html#t_secure_gateway – CharlesL May 01 '15 at 16:42
  • Thank you for your cooperation. I understand that Secure Gateway makes the path between source and destination secure. My concern is whether any apps can access the Secure Gateway's destination which is created by DataWorks while DataWorks uses the path. If I use a Node.js app with Secure Gateway, I can secure my Secure Gateway's destination so that only my Node.js app can access the destination with TLS mutual Auth option. In case of DataWorks with Secure Gateway, is the destination created by DataWorks secure ? ( NO TLS or TLS mutual Auth ? ) – shimac-jp May 07 '15 at 09:12
  • I confirmed that the temp destinatination created by DataWorks had TLS: Mutual Auth option by looking at the Secure Gateway Dashboard during dataloda. – shimac-jp May 10 '15 at 19:07