FileNet P8 Application Engine, FileNet P8 Content Engine, FileNet P8 Process Engine, Version 5.0.+              

Setting up Content Engine and client transport SSL security

Configuring SSL enables secure communications between the Content Engine and the directory service, as well as between Content Engine clients and the Content Engine server. In addition, setting up Content Engine SSL provides secure authentication for Process Engine.

Important: IBM® strongly recommends enabling SSL for the Content Engine and Process Engine web services. Authentication over these two web services is usually performed by providing username and password credentials. If these web services are not configured to run over an SSL connection, clear text passwords will be sent across the network. (However, this is not true when Kerberos-based authentication is used. In the IBM FileNet® P8 5.0.0 release, Kerberos authentication is available only for the Content Engine web service.) The option not to use SSL over these two web services is provided primarily for development systems or other non-production systems where the security provided by SSL might not be required.

For access to the Content Engine through the EJB transport (IIOP or T3 protocol), an SSL connection is necessary to provide privacy for data sent across the network. However, user passwords would not be compromised if SSL were not used. While it is preferable to use SSL with the EJB transport (IIOP or T3 protocol), it is not a requirement.

  • The Content Engine web service is used:
    • By all clients of the Content Engine version 5.0.0 .NET API
    • By all clients of the Content Engine version 5.0.0 COM Compatibility API (CCL)
    • By Enterprise Manager tool and FileNet Deployment Manager tools
    • By the Content Engine version 3.5.2 to 5.0.0 Upgrade tool
    • By the Process Engine, when making calls to the Content Engine to retrieve user and group information
    • By the Component Manager, running on the Application Engine, which is an integral component for BPM Process Orchestration framework
    • By customer and 3rd party tools written against the Content Engine version 3.5 web service API, including Altien Document Manager and the Sharepoint integration done by Vorsite.
  • Certain Java™ applications (written against the Content Engine version 3.5 Java API or the Content Engine 5.0.0 zJava API) might use the Content Engine web service transport, but typically they would use EJB transport (IIOP or T3 protocol).
  • The Application Engine server uses only the EJB transport to communicate with the Content Engine in the 5.0.0 release.
  • The Process Engine web service is used by customer and independent software vendor applications to write runtime applications (typically step processor applications) against the Process Engine. The Process Engine Java API does not make use of the Process Engine web service.


Feedback

Last updated: November 2010


© Copyright IBM Corporation 2010.
This information center is powered by Eclipse technology. (http://www.eclipse.org)