WebSphere® eXtreme Scale supports both TCP/IP and Transport Layer Security/Secure Sockets Layer (TLS/SSL) for secure communication between clients and servers.
TLS/SSL provides secure communication between the client and server. The communication mechanism that is used depends on the value of the transportType parameter that is specified in the client and server configuration files.
Client transportType property | Server transportType property | Resulting protocol |
---|---|---|
TCP/IP | TCP/IP | TCP/IP |
TCP/IP | SSL-supported | TCP/IP |
TCP/IP | SSL-required | Error |
SSL-supported | TCP/IP | TCP/IP |
SSL-supported | SSL-supported | SSL (if SSL fails, then TCP/IP) |
SSL-supported | SSL-required | SSL |
SSL-required | TCP/IP | Error |
SSL-required | SSL-supported | SSL |
SSL-required | SSL-required | SSL |
When SSL is used, the SSL configuration parameters must be provided on both the client and server side. In a Java™ SE environment, the SSL configuration is configured in the client or server property files. If the client or server is in a WebSphere Application Server, then you can use WebSphere Application Server's transports security support to configure SSL parameters.
You can use TLS/SSL when the transportType property has a value of SSL-Supported.
To support secure transport in a Java Platform, Standard Edition environment, you must modify the ORB properties file file to include the following properties:
# IBM JDK properties org.omg.CORBA.ORBClass=com.ibm.CORBA.iiop.ORB org.omg.CORBA.ORBSingletonClass=com.ibm.rmi.corba.ORBSingleton javax.rmi.CORBA.StubClass=com.ibm.rmi.javax.rmi.CORBA.StubDelegateImpl javax.rmi.CORBA.PortableRemoteObjectClass=com.ibm.rmi.javax.rmi.PortableRemoteObject javax.rmi.CORBA.UtilClass=com.ibm.ws.orb.WSUtilDelegateImpl # WS Plugins com.ibm.CORBA.ORBPluginClass.com.ibm.ws.orbimpl.transport.WSTransport com.ibm.CORBA.ORBPluginClass.com.ibm.ws.orbimpl.WSORBPropertyManager com.ibm.CORBA.ORBPluginClass.com.ibm.ISecurityUtilityImpl.SecurityPropertyManager # WS Interceptors org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ws.objectgrid.corba.ObjectGridInitializer org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityComponentFactory # WS ORB & Plugins properties com.ibm.ws.orb.transport.ConnectionInterceptorName=com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor com.ibm.ws.orb.transport.WSSSLClientSocketFactoryName=com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl com.ibm.CORBA.TransportMode=Pluggable com.ibm.CORBA.ServerName=ogserver
You can configure SSL parameters for clients in the following ways:
See the section on security client properties in the Client properties file for examples of properties that you can set on a client.
SSL parameters are configured for servers using a server properties file, such as the examples of server.properties file referred to above. This property file can be passed as a parameter when starting an eXtreme Scale server. For more information about the SSL parameters you can set for eXtreme Scale servers, see Server properties file.
When an eXtreme Scale client, container server, or catalog server is running in a WebSphere Application Server process, eXtreme Scale transport security is managed by the Application Server CSIV2 transport settings. You should not use eXtreme Scale client or server properties to configure the SSL settings. All the SSL settings should be specified in the WebSphere Application Server configuration.
If you do configure your SSL settings with a properties file, you will override the existing settings.