WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Configuring DataPower security settings

Use the DataPower Security wizard in the WebSphere® Message Broker Explorer to configure an external DataPower® appliance to handle the WS-Security Policy for your HTTP, HTTPS input, and SOAP nodes within your message flow. The DataPower box is configured to decrypt incoming messages to your flow and encrypt outgoing messages from your flow without requiring any changes to the message flows or broker configuration.

Before you start:

To use the DataPower Security wizard you must have access to the SYSTEM.DEF.SVRCONN channel on the broker's queue manager. Your clients must send their messages direct to the DataPower appliance on a Client port you specify.

The following steps are required to configure a DataPower appliance for WS-Security for your message flows:
  • Select which HTTP(S)Input and SOAP nodes you want to configure your security for.
  • Create a DataPower connection profile or edit an existing profile.
  • Use or alter the default Policy Sets to specify your encryption and decryption WS- Security parameters.
  • Specify which specific Crypto Keys to use from the DataPower box
On the DataPower appliance the following configuration is created after you run the DataPower Security wizard:
  • An XML Firewall with optionally Back (for HTTPSInput Nodes) and Front (Client) SSL connection.
  • An XML Firewall Policy consisting of a list of inbound/ request rules and an outbound/ response rule per HTTP Input or SOAP Node.
  • Each inbound/ request rule consists of a decryption action with parameters specified from the Policy Set.
  • Each outbound/ response rule consists of an encryption action with parameters specified from the Policy Set.

To configure DataPower security for your message flows:

  1. Right-click on the message flow or execution group with which you want to work, and click Properties. You can enable security handling on a single message flow containing HTTP, HTTPS input and SOAP nodes, or you can select an execution group to enable security handling for these nodes in all the message flows in the execution group.
  2. In the Properties window, click DataPower on the left to open the DataPower tab.
  3. Click Configure Security to open the Security on DataPower Appliance window. The HTTP, HTTPS input, and SOAP nodes from your message flows are displayed in the Flow Details table.
  4. Select a Policy Set Binding from the list of options. If you select the No Policy Set Bindings option, no encryption or decryption nodes are specified in your policy rules. You can use this option as a test for the communication channels before applying a policy set binding. To create a policy set binding, click Edit Policy Sets. See Policy Sets and Policy Set Bindings editor, for more information about the Policy Sets and Policy Set Bindings editor.
  5. In the DataPower details section, select a User profile from the list of options. Click Edit Profiles to create or edit connection profiles. To create a profile:
    1. In the DataPower Connection Profiles window, click Add.
    2. Click in the relevant cell in the table to edit the values. You must provide a valid user name, domain, and the host name of your DataPower appliance.
    3. Click Finish. The new or edited profile is now available to select in the Security on DataPower Appliance window.
    4. Add a password for the profile in the Password field.
    You can also use the DataPower Connection Profiles window to import and export profiles in the WebSphere Message Broker Explorer on different machines.
  6. You must now decide whether to create a new Policy or merge with an existing Policy. If you attempt to merge with a policy that does not exist, a new one is created. A merge adds request and response rules to your policy, but it does not overwrite any preexisting rules. A merge also does not alter your existing firewall settings.
  7. Enter the name or names of your XML Firewalls, and the Client Ports on which your HTTP clients connect to your DataPower box.
  8. Optional: Select the nodes to configure in the Flow Details section, and click Next to select XML Firewall SSL settings, Decryption, and Encryption rules for your DataPower device.
  9. Click Finish. An attempt is made to connect to your domain on your DataPower box to retrieve your Crypto Profiles.
  10. Click Yes to confirm that you want to alter the configuration of your DataPower appliance.

You have configured DataPower security settings for your message flow or execution group.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:04


Task topicTask topic | Version 8.0.0.7 | be10250_