Prev Next

Add a Port Definition

As mentioned in the Port Configuration topic, when setting up the Pro Cloud Server you must define at least one Port for the Pro Cloud Server to listen on.  Initially the Pro Cloud Server is supplied with one HTTP port (804) and one HTTPS port (805).

Note: the default HTTPS port will not work until a server certificate has installed as described in the SSL Certificates section below.

To add a new Port Definition:

  1. Open the Pro Cloud Server Configuration Client.
  2. Select the 'Ports' tab.
  3. Click on the Add button.
  4. The 'Add TCP Port' dialog will be displayed. Referring to the Add TCP Port table, enter the Port details, then click on the OK button.
  5. Confirm that the machines Firewall Settings will allow clients to connect.
  6. Restart the Pro Cloud Server Windows Service so that the changes take effect.

Add TCP Port

Field

Description

See also

Server Port

Enter a valid Port number.

Each defined Port must be unique and not used by any other service or application on the current machine. The standard HTTP Port (80) and HTTPS Port (443) are no different; if they are available, the Pro Cloud Server can be configured to use them. You can use the Windows Resource Monitor (which is accessibly via an icon on the Configuration Client 'Ports' tab) to check which Ports are already in use.

Firewall Note: When changing or adding a new Port, check that incoming requests are allowed by the firewall settings at both the local machine and network levels.

Wine Note:  When the service is running on Wine you should not use privileged Ports - those below 1024; under Wine, most applications are only able to listen on Ports above 1024.

Protocol

Select the protocol that the Port will be configured as. The options are:

  • HTTP - The default value
  • HTTPS - When this option is selected, you will be presented with five additional checkboxes that control which versions of TLS (and SSL) are allowed on the given Port

Additionally, for HTTPS to be configured correctly, a file named server.pem must also exist in the same directory as the configuration file, and it must contain a valid private key/certificate.  For more details on server.pem see the SSL Certificates section.

OSLC Supported

Enable this option to allow OSLC access to models.

Note: WebEA makes use of OSLC; if you intend to access models via WebEA then this option should be enabled

Authentication

Select the type of authentication that will be required for this Port:

  • Model - All model connections that use the current Port will be forced to request HTTP authorization, using the user security defined in the Enterprise Architect model being connected to; passwords must be explicitly and individually assigned in that model using the Maintain Users procedure - the default administrator password and any passwords imported from Windows Active Directory do not work
    Note: if you are not using SSL to connect, the usernames and passwords will be sent in plain text
    If the model does not have security enabled, the Cloud user is not prompted for a password
  • Global - Selecting this option displays an additional 'Global Model' field, in which you enter the DB Alias of a Database Manager that will be used to provide the security profile to all connections opened with the current Port; this is helpful if you want to provide multiple models but only manage one list of users
    Passwords must be explicitly and individually assigned in the Global model using the Maintain Users procedure; the default administrator password and any passwords imported from Windows Active Directory will not work.
    Note: If you are not using HTTPS as the protocol, the usernames and passwords will be sent in plain text, therefore Sparx Systems recommends that Global authentication should only be used with HTTPS.

SSL Certificates

In order for the Pro Cloud Server's internal Web Server to start a Port using SSL, two individual files, cacert.pem and server.pem are required to be in the same folder as the Pro Cloud Server configuration file.

  • cacert.pem - contains a collection of trusted CA certificates (in .X509 format), this file is reserved for future use
  • server.pem - contains a certificate and private key (in .X509 format) for your server

Sparx Systems do not supply a server.pem, because typically SSL certificates have to include the current server's details as well as individual details about your organization.  Although this is an additional step, it is a particularly good idea to apply it if you are providing access to external users.  You should create and sign an SSL certificate for your Cloud Server using an appropriate certificate authority (CA).

However, to help with initial set up and testing purposes, or for setups that are entirely within a closed network, you can generate your own self-signed certificate. In general, self-signed certificates are not trusted by major browsers or operating systems and will generate errors or warnings visible to end users. See the Self-Signed SSL Certificates Help topic on how to create a self-signed certificate.

To add trust to a self-signed certificate when it is not practical to generate globally trusted certificates, see the Add Trust with a Certificate Authority (CA) Help topic.

Note: If the Pro Cloud Server is started without a valid server.pem file and a Port is defined with Protocol=HTTPS, then the internal web server will not be able to open the Port; if this situation occurs, error messages to this effect will be written to the .LOG file

Manual Port Configuration

Optionally, Ports can also be configured by directly editing the Pro Cloud Server's configuration file (SSProCloud.config). This allows some additional settings, which are not available in the Pro Cloud Configuration Client, a manual restart of the Pro Cloud Server Windows Service will still be required before any manually adjusted settings to take effect.

The definition of a Port is denoted in the configuration file, with open and close parentheses, each on their own lines without any leading whitespace.  Inside the parentheses are a number of supporting options that control and limit how the Port can be used. All options except SERVER_PORT are optional.

     (

     SERVER_PORT=804

     REQUIRE_SSL=0

     OSLC_SUPPORT=1

     MODEL_AUTHENTICATION=

     GLOBAL_AUTHENTICATION=user model

     EA_MINIMUM_BUILD=

     EA_MAXIMUM_BUILD=

     SSL_PROTOCOLS=SSLv3 | TLSv1 | TLSv1_1 | TLSv1_2 | TLSv1_3

    )

Settings Explained

Setting

Description

SERVER_PORT

This option expects a numeric value (whole number) that defines a Port number; there is no default value.

For example, SERVER_PORT=804  states that the Pro Cloud Server service will listen to HTTP connections on Port 804.  Each defined Port must be unique and not used by any other service or application on the current machine. The standard HTTP Port (80) and HTTPS Port (443) are no different, if they are available the Pro Cloud Server can be configured to use them.

Firewall Note: When changing or adding a new Port, check that incoming requests are allowed by the firewall settings at both the local machine and network levels

Wine Note:  When the service is running on Wine you should not use privileged Ports - those below 1024; under Wine, most applications are only able to listen on Ports above 1024

REQUIRE_SSL

This option expects a value of either 0 or 1; the default is 0. 

A value of 1 will enforce the use of SSL on the current Port; that is, all connections must be performed using HTTPS, which is useful when connections need to be exposed on public networks.

In order for the Pro Cloud Server to be able to successfully configure Ports as REQUIRE_SSL=1, a file called server.pem must exist in the same directory as the configuration file, and contain a valid private key/certificate. For more details on server.pem see the earlier SSL Certificates section.

SSL_PROTOCOLS

This option is a pipe-delimited list of TLS/SSL protocol versions accepted by the Port.  If omitted, the default value of TLSv1_2 | TLSv1_3 is assumed. Valid values are 'SSLv3', 'TLSv1', 'TLSv1_1', 'TLSv1_2', 'TLSv1_3'.  For example, if a Port was to accept versions TLS 1.1, 1.2 and 1.3 an entry should be:

SSL_PROTOCOLS=TLSv1_1 | TLSv1_2 | TLSv1_3

OSLC_SUPPORT

This option expects a value of either 0 or 1. The default is 1.

A value of 1 defines that connections that use the current Port will be able to perform queries using the 'Open Services for Lifecycle Collaboration' standard. This is discussed further in the OSLC Requirements Management Help topic.

MODEL_AUTHENTICATION

This option expects  a value of either 0 or 1. The default is 0. 

By defining this option as 1, all model connections that use the current Port will be forced to request HTTP authorization using the user security defined in the Enterprise Architect repository being connected to. Passwords must be explicitly and individually assigned in that repository using the Maintain Users procedure; the default administrator password and any passwords imported from Windows Active Directory will not work. Note that if you are not using HTTPS/SSL to connect, the usernames and passwords will be sent in plain text.

If the repository/model does not have security enabled, the user is not prompted for a password.

This option is mutually exclusive with GLOBAL_AUTHENTICATION.

GLOBAL_AUTHENTICATION

This option expects the alias of a defined database manager, or blank, the default is blank.

By defining this option a single Enterprise Architect repository with security enabled can be used to provide the security profile to all connections opened with the current Port.  This is helpful if you want to expose multiple repositories/models but only manage one list of users. Passwords must be explicitly and individually assigned in the Global model using the Maintain Users procedure; the default administrator password and any passwords imported from Windows Active Directory will not work.

This option is mutually exclusive with MODEL_AUTHENTICATION.

EA_MINIMUM_BUILD

This option expects a numeric value that represents the minimum Enterprise Architect version that can connect to models using this Port.  The default is undefined, which implies all versions are allowed. 

EA_MAXIMUM_BUILD

This option expects a numeric value that represents the maximum Enterprise Architect version that can connect to models using this Port.  The default is undefined, which implies all versions are allowed. 

DEFAULT_MODEL

This option was removed in Pro Cloud Server 4.1.40; earlier versions could have used this value to limit all connections on the current port to a single repository. However most customers that attempted to use this setting found it confusing and its use tended to cause configuration issues, therefore the decision was made to remove it from the interface.

Learn more