Enabling SSL connection for your Remote Engine - Cloud

Talend Remote Engine User Guide for Windows
Version
Cloud
Language
English
Operating system
Windows
Product
Talend Cloud
Module
Talend Remote Engine
Content
Design and Development
Installation and Upgrade
Last publication date
2023-11-16

Set up a secure connection between the JobServer server and the JobServer client within a Remote Engine.

Both the JobServer server and its client are installed inside your engine. When a Remote Engine receives a request from Talend Cloud Management Console to run a task, the JobServer client deploys artifacts to the JobServer server. The SSL connection you are establishing thus secures this traffic between these two JobServer sides.

Note that the connection between Talend Cloud Management Console and Talend Remote Engine is secured by default, not impacted by this SSL configuration. The same is true for the connection between Talend Studio and Talend Remote Engine.

Procedure

  1. Open the <RemoteEngineInstallationDirectory>/etc/org.talend.remote.jobserver.server.cfg file to edit it.
  2. Change the values of the following parameters: 
    org.talend.remote.jobserver.server.TalendJobServer.USE_SSL=true
org.talend.remote.server.ssl.keyStore=<path to JobServer keystore>
org.talend.remote.server.ssl.keyStorePassword=<JobServer keystore password>
    Add your specific values to the last two parameters.
  3. Open the <RemoteEngineInstallationDirectory>/etc/system.properties file to edit it.
  4. Change the values of the following parameters: 
    org.talend.remote.client.ssl.force=true
org.talend.remote.client.ssl.trustStore=<path to truststore>
org.talend.remote.client.ssl.trustStorePassword=<truststore password>
    Add your specific values to the last two parameters.
  5. Edit the <RemoteEngineInstallationDirectory>/bin/setenv (for Linux) or <RemoteEngineInstallationDirectory>/bin/setenv.bat (for Windows) file to configure the JobServer client. 
    export JAVA_OPTS="${JAVA_OPTS} -Dorg.talend.remote.client.ssl.keyStore=<path_to_jobserver_client_keystore> -Dorg.talend.remote.client.ssl.keyStorePassword=<jobserver_client_keystore_password> -Dorg.talend.remote.client.ssl.trustStore=<path_to_jobserver_client_truststore> -Dorg.talend.remote.client.ssl.trustStorePassword=<jobserver_client_truststore_password> -Dorg.talend.remote.client.ssl.enabled.protocols=<jobserver_client_enabled_protocols> -Dorg.talend.remote.client.ssl.disablePeerTrust=false"
    These parameters represent the same SSL configuration previously set on the JobServer server side.
  6. Restart the engine.