Provision the Spectrum Cloud Integration Agent

The Spectrum Cloud Integration Agent serves as a communication vehicle between Loftware Enterprise SP and the Oracle Integration Cloud.

A. Deploy the Spectrum Cloud Integration Agent

The Spectrum Cloud Integration Agent can be installed in a Cloud services platform or on-premises.

Note: The OIC Connectivity Agent can be installed on the same system as the Spectrum Cloud Integration Agent.

The following components are required. Loftware can provide a VM image with these components installed, or you can install these components on an existing system.

Apache Tomcat 8.5 (separate from the Loftware Enterprise SP Tomcat instance)
Java 1.8
Spectrum Cloud Integration Agent

Use the following procedure for your environment (Oracle Cloud Custom Image is recommended).

Oracle Cloud Custom Image

Import the image using the Pre-Authenticated Request (PAR) URL from Loftware, and then create a new instance from the image.

Important: The Oracle Cloud pages and options may change over time and may differ from the steps below.

Contact Loftware and request the pre-authenticated URL.
Go to Oracle Cloud > Compute > Custom Images (left-side menu).
Click Import image.
1. Select compartment, then enter a name or accept the generated name.
2. For Operating system, select Linux.
3. Select Import from an Object Storage URL, then enter the URL provided by Loftware.
4. For Image type, select OCI.
5. Wait for the import to complete.
When the imported image is available (you are still on the Custom Images page), click the vertical ellipsis menu to the right of your imported image, and then select Create Instance.
1. Select the Networking options as needed. Be sure to select Assign a public IPv4 address.
2. Add SSH keys — Generate SSH key pair, and Download/Save both the private and public key files.
3. Click Show Advanced Options, and select the Networking tab. Select Paravirtualized networking.
  Note: If you have inadvertently selected the wrong Networking Type and cannot log into a running instance, you can click Edit for the instance and then change the Advanced Options, Networking to network type Paravirtualized networking and Boot volume attachment type to Paravirtualized.
4. The instance will be in the provisioning state until ready. This usually takes a few minutes.

When the instance is running you may use the tool of your choice to log into it to complete configuration of the Spectrum Cloud Integration Agent.

Other Cloud Services Platforms or On-Premises

If you are using Amazon Web Services (AWS), another cloud services platform, or an on-premises system, the Spectrum Cloud Integration Agent is distributed as the cloud-integration.war file. Do the following to deploy the Spectrum Cloud Integration Agent.

Note: Contact Loftware for the most recent version of the cloudIntegration.zip file.

Set up a system with Tomcat 8.5 and Java 1.8. This must be a Tomcat instance that is separate from the Loftware Enterprise SP Tomcat instance.
Extract the contents of the cloudIntegration.zip package to a temporary folder.
Copy the cloud-integration.war file to the <TOMCAT_HOME>/webapps directory.

B. Configure Basic Authentication

The Spectrum Cloud Integration Agent is configured for Basic Authentication. To use the Agent, you must first enter at least one role and user. If you do not want to use Basic Authentication, see Disable Basic Authentication. To configure roles and users for basic authentication, do the following:

Navigate to <TOMCAT_HOME>/conf and locate the tomcat-users.xml file. It is recommended to save a backup copy of this file.
Open the file in a text editor and scroll to the bottom to locate the following commented-out sections.

<!--

NOTE: The sample user and role entries below are intended

for use with the examples web application. They are wrapped

in a comment and thus are ignored when reading this file.

If you wish to configure these users for use with the examples

web application, do not forget to remove the <!.. ..> that

surrounds them. You will also need to set the passwords to

something appropriate.

-->

<!--

<user username="tomcat" password="<must-be-changed>"

roles="tomcat"/>

<user username="both" password="<must-be-changed>"

roles="tomcat,role1"/>

<user username="role1" password="<must-be-changed>"

roles="role1"/>

-->

Immediately following those sections, add at least one role and a user for that role. When you configure connections to the Spectrum Cloud Integration Agent, these are the credentials you will need to use.
Example
<role rolename="loftwarecloud"/>
<user username="jsmith" password="yf7g6w" roles="loftwarecloud"/>
Save and close the file.
Start Tomcat either with the startup script in <TOMCAT HOME>/bin or as a service. For more information, see the Tomcat documentation.

C. Configure SSL

To create the security certificate, do the following.

Create a keystore file and certificate with this format and using values that correspond to your system. Retype any quotes to ensure character compatibility.
JAVA_HOME/bin/keytool -genkey -alias spectrumcloudagent -keyalg RSA
-keystore custom.keystore
-ext "san=dns:HOST_NAME,dns:localhost,ip:IP_ADDRESS,ip:127.0.0.1"
Example
$JAVA_HOME/bin/keytool -genkey -alias spectrumcloudagent -keyalg RSA
-keystore custom.keystore -ext "san=dns:ec267-34-999-222-444.compute1.amazonaws.com,dns:localhost,ip:34.999.222.444,ip:127.0.0.1"
Export the certificate. Retype the quotes to ensure they are compatible characters:
JAVA_HOME/bin/keytool -export -rfc -alias spectrumcloudagent
-keystore custom.keystore -file spectrumcloudagent.cer
Example
$JAVA_HOME/bin/keytool -export -rfc -alias spectrumcloudagent -keystore custom.keystore -file spectrumcloudagent.cer

Note: If the keytool-generated certificate does not result in a successful connection to the Spectrum Cloud Integration Agent, it may be necessary to export the certificate from the browser instead. For more information, refer to your browser's documentation.

D. Edit the Tomcat server.xml File

Stop Tomcat.
Locate the file <TOMCAT_HOME>/conf/server.xml.
Add the following block of code to the file after one of the existing <Connector> blocks, using keystoreFile and keystorePass values that correspond to your system. Retype any quotes to ensure character compatibility.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150"
SSLEnabled="true" scheme="https" secure="true"
keystoreFile="PATH_TO_CERTIFICATE_FILE" keystorePass="PASSWORD" sslProtocol="TLS" sslEnabledProtocols="TLSv1.1, TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"/>
Restart Tomcat.

E. Import the Certificate into Loftware Enterprise SP

Import the certificate exported from your Spectrum Cloud Integration Agent into the Loftware Enterprise SP keystore. Use the following command with values that correspond to your system.

JAVA_HOME/bin/keytool -importcert -alias ALIAS_NAME

-file PATH_TO_CERTIFICATE_FILE -keystore truststore_file

F. Import the Certificate to OIC Connectivity Agent

For instructions, refer to Oracle OIC Connectivity Agent installation documentation.

Next: Continue to Configure an Oracle Cloud Integration in Loftware Enterprise SP.