iMIS SOA is a web service used by newer iParts, which you can add to 1600 and 1700 templated sites. Be sure to enable SOA if you intend to use a site based on 1600 or 1700.
Caution! iMIS SOA installs as an enabled service, so be sure to secure it before going live.
To prepare your SOA host
For the SOA service to receive connections and pass Windows security, configure several things on the machine that is hosting it:
1. Install iMIS. This installs the SOA service host with the correct database connection information.
2. Disable simple file sharing (Folder Options, View, Advanced settings).
Tip: Missing this can cause this error: "A remote side security requirement was not fulfilled during authentication. Try increasing the ProtectionLevel and/or ImpersonationLevel."
To secure your SOA service for external access
If IIS version 6 (IIS6) is installed on your computer, then iMIS installs the SOA service onto each appserver. The iMIS SOA Service Host (AsiSoaHost15) includes a Net.TCP endpoint for the SOA service. If IIS version 7 (IIS7) is installed on your computer, then iMIS SOA is integrated with IIS7 so there is no separate service. The default port is different for SOA depending on version of IIS.
■ IIS6: The default Net.TCP endpoint is port 16000. You can change it to another port by editing the Asi.Soa.ServiceHost.exe.config file and restarting the service.
■ IIS7: The default port is 808. You can change this port through IIS7 administration.
Note: If you change the default port, you must change the DefaultBaseUri key in the site web.config file as well as any client that uses SOA.
Take these steps to help prevent unauthorized access through SOA:
1. Limit access to this port to specifically trusted IP addresses only:
□ At minimum, the addresses of any appservers that will be using (or hosting iParts which use) SOA.
□ Additionally, the addresses of any other machines hosting in-house applications that use WCF to consume the SOA service.
Caution! Do not make this endpoint available externally; for B2B and other external scenarios, use the Soap11 (username/password required) endpoint.
2. To secure the host service's port, configure Internet Protocol Security (IPSec) to prevent unauthorized access. For complete walkthroughs of IPSec on both Windows 2008 and Windows 2003, see Microsoft's IPSec guidance.
(IIS7) To enable the SOA service protocol
Using IIS7, you will not see the ASI SOA host service because it is integrated under IIS. Because of this integration, you must turn on NetTcp for your sites, for each virtual root you create:
1. In IIS Manager, select the site, and select Advanced Settings.
2. Make sure net.tcp appears in Enabled Protocols:
3. Repeat this process for each of your virtual roots.
(IIS6) To manage the SOA service
1. Open the Services window on the host.
2. As needed, edit the ASI SOA service to run Automatically.
3. As needed, Stop or Start the ASI SOA Host service.
4. Reboot the system.
Best practices
■ After you change any iMIS system configuration item, restart the SOA service to ensure that the changes take effect.