1. The Remote Loader listens on the configured TCP/IP port for a single client connection.
2. The Remote Interface shim (which is part of the IDM engine) establishes a client TCP connection to the Remote Loader.
3. If TLS/SSL is configured then the TLS/SSL handshake is initiated by the Remote Loader with the Remote Loader acting as client and the Remote Interface shim acting as server for the TLS/SSL handshake (this is the reverse of the TCP/IP connection). The handshake "sense" is reversed so that the only key data that needs to be stored on the Remote Loader machine is the Public Key Certificate of the Engine side. If the Remote Loader acted as server for the TLS/SSL handshake then the Remote Loader would need a Private Key as well as a Public Key.
4. The Remote Loader handshake is performed with the following steps:
d. The Remote Interface shim sends an XDS <check-password> command containing the received password to the Engine. The Engine calls eDirectory to check the password against the DirXML-Driver object's password. If the password does not match then the Remote Interface shim sends an error status document and closes the TCP/IP connection.
5. Once the connection is established and both sides are authenticated to each other via the Remote Loader handshake then XML documents that transmit events (in the case of the Publisher channel) and commands (in the case of the Subscriber channel) are sent in both directions.