Cantara supports a variety of network architectures for installation on-premises. This document explores some of the common approaches and the considerations of each.
On-Premise Installation Options
The Cantara Integration Platform is deployed as one or more farms. A farm if effectively a platform environment, for example production vs non-production and will contain the following components:
Cantara Access Application
This is a java web application and is the primary component in general operation of the Cantara Integration Platform. The application instances will require a common database to be deployed which will store service definitions, client authentication tokens and scheduled jobs. The application can access the JDE Enterprise Servers directly or alternatively can utilize the Cantara Agent. Multiple instances can be deployed within a farm to provide high availability.
Cantara Console Application
This is a java web application and provides administration access to one or more farms. To enable the console to execute it must be able to communicate with the access application instances directly. Multiple console instances can be deployed to provide high availability.
This is an optional component which can be utilized to communicate with internal services, such as the JDE Enterprise servers, where locating the access instances within the corporate network is not preferred.
Cantara On-Premises Architecture - Option 1
The above architecture has the following features:
- The SSL communications end point is located at the edge of the corporate network DMZ. This provides optimal performance without compromising security.
- For high availability deployments, the access instances should be access through load balancers rather than a simple reverse proxy. The load balancers should be configured for sticky web sessions using cookies to minimize traffic and authentication overhead.
- The access instances should be placed as close to the JDE Enterprise servers as possible within the network. The latency between the agent and the JDE enterprise servers is a critical metric with regards to system performance and should be minimized.
Cantara On-Premises Architecture - Option 2
You can choose to deploy the Cantara Agent for an on-premise installation of the Cantara Integration Platform. This allows the access instances to be moved to the DMZ for added external intrusion protection.