Configuring inbound transports

Before you begin

Inbound transports refer to the types of listener ports and their attributes that are opened to receive requests for this server. Both Common Secure Interoperability Specification, Version 2 (CSIv2) and z/OS Secure Authentication Service (z/SAS) have the ability to configure the transport.

CSIv2 and z/SAS support most of the same functions. CSIv2 has the advantage of interoperability with other WebSphere Application Server products and any other platforms that support the CSIv2 protocol.

Why and when to perform this task

Complete the following steps to configure the Inbound Transport panels in the administrative console:

Steps for this task

  1. Click Security > Authentication Protocol > CSIv2 Inbound Transport to select the type of transport and the SSL settings.
    By selecting the type of transport, as noted previously, you choose which listener ports you want to open. In addition, you disable the SSL client certificate authentication feature if you choose TCP/IP as the transport.
  2. Select the SSL settings that correspond to an SSL transport.
    These SSL settings are defined in the Security > SSL panel and define the SSL configuration including the keyring, security level, ciphers, and so on.
  3. Consider fixing the listener ports that you configured.

    You complete this action in a different panel, but this is the time to think about it. Most end points are managed at a single location, which is why they do not appear in the Inbound Transport panels. Managing end points at a single location helps you decrease the number of conflicts in your configuration when you assign the end points. The location for SSL end points is at each server. The following port names are defined in the End Points panel and are used for object request broker (ORB) security:

    • ORB_SSL_LISTENER_ADDRESS - SSL Port
    • ORB_LISTENER_ADDRESS - IIOP port

    For an application server, click Servers > Application Servers > server_name > End Points.

    The Object Request Broker (ORB) on WebSphere Application Server uses a listener port for Remote Method Invocation over the Internet Inter-ORB Protocol (RMI/IIOP) communications, which is generally not specified and selected dynamically during run time. If you are working with a firewall, you must specify a static port for the ORB listener and open that port on the firewall so that communication can pass through the specified port. The end point property for setting the ORB listener port is: ORB_LISTENER_ADDRESS.

    Complete the following steps using the administrative console to specify the ORB_LISTENER_ADDRESS port or ports.

    1. Click Servers > Application Servers > server_name > End Points.
    2. Select ORB_LISTENER_ADDRESS from the End Point Name field in the Configuration panel.
    3. Enter the IP address, the fully qualified DNS host name, or the DNS host name by itself in the Host field.
      On z/OS, the host field for ORB_LISTENER_ADDRESS can be set only to a wild card (*) value, or a dotted decimal IP address in the form www.xxx.yyy.zzz where www, xxx, yyy and zzz are the decimal values 0-255. This end point cannot be set to a fully qualified DNS name such as myhost.myco.com.
    4. Enter the port number in the Port field.
      The port number specifies the port for which the service is configured to accept client requests. The port value is used in conjunction with the host name. Using the previous example, the port number might be 9000. The port number that you use for ORB_LISTENER_ADDRESS must equal the port value for the BOOTSTRAP_ADDRESS end point.
  4. Click Security > Authentication Protocol > z/SAS Inbound to select the SSL settings used for inbound requests from z/SAS clients.

Results

The inbound transport configuration is complete.

Example

What to do next

When you finish configuring security, perform the following steps to save, synchronize, and restart the servers:
  1. Click Save in the administrative console to save any modifications to the configuration.
  2. Stop and restart all servers, when synchronized.

Related reference
Common Secure Interoperability transport inbound settings



Searchable topic ID:   tsecinboundtransport
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_inboundtransport.html

Library | Support | Terms of Use | Feedback