Using RLM across a Firewall

Sometimes it is desirable for the RLM server to be behind a firewall.  RLM supports this, but there is a small amount of configuration that you will have to do to use RLM across a firewall.

If  you have a firewall installed on the server node which is not allowing your application to access either the rlm port, or the port of the ISV server you must first configure your firewall to allow access to both the main rlm port, as well as the ISV server port.  To do this, perform the following steps:

  • In your license file, look at the SERVER (or HOST) and ISV lines:
    • SERVER   server-hostname   server-hostid   main-rlm-server-port#  (Note: the keyword HOST is equivalent to SERVER)
    • ISV isvname
  • Add the desired port # to the ISV line as follows:

ISV   isvname   port=isv-port#     (if you have RLM v9.0 or later), or

ISV   isvname   isv-binary   isv-options-file   isv-port#    (if you have pre-v9 RLM)

  • Next, configure your firewall to allow access to both isv-port# and main-rlm-server-port#
  • Make sure that the license file is updated on the server node, and that the client nodes know how to find rlm – either with a license file with the SERVER line above, or by setting the RLM_LICENSE environment variable  to  main-rlm-server-port#@server-hostname
  • Re-start rlm – you must restart RLM in order for any port changes to take effect.  Restarting the ISV server via the web interface or rlmreread does not restart RLM.

Note: you can find this information in the RLM License Administration Manual on the Reprise Website.

 

4 comments

  1. Adam Hauerwas says:

    In the RLM License Administration Manual (p. 19) you describe the HOST line, but in this article you say to look for the SERVER line. In the manual you do state:

    Note: The keyword “SERVER” can be used instead of “HOST” – they are 100% equivalent.

    but people may be expecting HOST since that’s what’s in your documentation (and possibly more common)? So perhaps instead of using SERVER in this article, you should use HOST or at least say to “look at the SERVER/HOST line”….

    Thanks!

  2. Hiroyuki Suzuki says:

    Hi,

    I have a question.
    RLM has -noudp options. What is this option ? How does RLM use udp port ?
    Should the firewall permit the 5053rd UDP port?
    Please let me know your comments.

    Best Regards,.

  3. admin says:

    The -noudp option tells RLM to not bind UDP port 5053. This port is used to reply to clients
    who do a broadcast to find the server. If your applications have license files avaialable, or
    if you use the RLM_LICENSE environment to point to the license server, then UDP is not needed.

    This is generally an option that is used by small end-user sites, to make it easier to
    configure licensing.

Leave a Reply

Your email address will not be published. Required fields are marked *