When setting up a MassTransit server, there are several related configuration options to keep in mind. It's best to decide on the options before starting a MassTransit installation.
Active Directory integration: If you're using the MassTransit web interface, you should consider whether to implement Active Directory integration. This will allow authorized users to log in with their domain credentials. To set up MassTransit with AD integration, you will need a domain account with LDAP read access that MassTransit can use. You will also need to specify one or more AD groups whose members will have MassTransit accounts created on demand.
SSL: When using the MassTransit web interface, it's best to use an SSL certificate on the server. This will cause logins to be encrypted, along with all page activity. It will also have the effect of making HTTP transfers encrypted HTTPS transfers. Note that regular MassTransit TCP/IP transfers can be encrypted with or without an SSL certificate using the TCP/IP Secure Communication method. You will need to purchase an SSL certificate in advance from a certificate authority, such as Verisign, Thawte or Comodo.
IP Addresses: You may want two IP address for the server. If the server is going to use an SSL certificate you should allow access to the web site on the default SSL port, 443. If you want to use the MassTransit TCP/IP Secure method for transfers, we recommend using port 443 to enable the maximum compatibility with users' default firewall configurations. If using SSL on 443 and TCP/IP Secure on 443, you will need two IP addresses for the server, since only one service can listen on a given IP address on a given port.
External IP Addresses: If the server is set up with an internal IP address that is not routable on the Internet, you will need to set up Network Address Translation (NAT) so that an externally accessible public IP address maps to the internal one. If the server is set up with two internal IP addresses to avoid the port 443 conflict discussed above, you will need two external addresses.
Mailbox Location: Files sent through MassTransit are stored on disk in mailbox folders. These can be local on the server or on attached storage. They can be on a network server accessible via a UNC path (e.g., \\ServerName\ShareName). With this configuration, the user that the MassTransit service runs as will need to have read, write and modify permissions for the share. Normally for network shares, you should set up a MassTransit domain account with permissions to the share and set the MassTransit service to run under that account instead of the System account.
SMTP Access: Most MassTransit installations are configured to send emails when certain events occur. You can configure MassTransit to send through an SMTP server on your network with or without authentication. You will need to determine the security policies for your SMTP server. For example, the SMTP server may need to be configured to authorize the IP address of the MassTransit server.
Firewall Rules: You will need to open appropriate ports for MassTransit on your firewall. The standard ports are: 80 for HTTP web access (web site and HTTP transfers), 443 for HTTPS web access (web site and HTTPS transfers), 443 for encrypted MassTransit transfers, 50000 for unencrypted MassTransit transfers. If setting up MassTransit to listen on FTP, you should open the standard ports 20 and 21. For SFTP listens, open port 22.