Enabling SSL communication between your Remote Engine and its JobServer
Set up a secure connection between the JobServer server and the JobServer client within a Remote Engine.
Starting from Talend Remote Engine v2.13.13, SSL communication can be automatically set up during engine installation or modified later. The SSL setup secures traffic between the engine and its JobServer. For further information about automatic SSL setup with the installer, see Installing the Remote Engine automatically.
Both the JobServer server and its client are specific to Talend Remote Engine and installed inside your engine. When a Remote Engine receives a request from Talend Management Console to run a task, the JobServer client deploys artifacts to the JobServer server. The SSL connection you are establishing thus secures this traffic between these two JobServer sides.
If you use Talend Remote Engine as a remote execution server to run or debug Jobs remotely from Talend Studio, which is typically the case for a development environment, and if SSL is also activated for your engine in this environment, additional configuration is required for Talend Studio integration. For further information, see Configuring Talend Studio as an SSL client to Talend Remote Engine for remote runs and debug runs.
If you use only Talend Management Console to manage and run artifacts, the communication between Talend Management Console and Talend Remote Engine is automatically secured. Talend Studio does not need to directly communicate with Talend Remote Engine.About this task
- To simplify the process, reuse the engine's JobServer client keystore and truststore for Studio.
- When modifying SSL after installation, you must manually generate the required
keystores and truststores, and update the following configuration files:
- <RemoteEngineInstallationDirectory>/etc/org.talend.remote.jobserver.server.cfg
- <RemoteEngineInstallationDirectory>/etc/system.properties
Procedure
Configuring Talend Studio as an SSL client to Talend Remote Engine for remote runs and debug runs
Securely connect Talend Studio to a Talend Remote Engine JobServer using SSL by configuring the required keystore and truststore settings.
When SSL is enabled on engine's JobServer, Talend Studio must be configured as an SSL client to communicate securely for remote run and debug operations. You can use the same keystore and truststore files as the engine, and specify their locations and passwords in Talend Studio's startup configuration.
If you do not need to use Talend Remote Engine for remote run and debugging, and you only publish artifacts to Talend Management Console to manage task runs from there, skip this section, because your Studio does not need to directly communicate with Talend Remote Engine.