[Java programming language only]

Securing data that flows between eXtreme Scale and WebSphere Application Server with SSL encryption

WebSphere® eXtreme Scale uses the Secure Sockets Layer (SSL) configuration in WebSphere Application Server .

About this task

To ensure that you have SSL protection for all data grid traffic that passes over the network, configure global security, configure CSIv2 inbound and outbound security in the WebSphere Application Server administrative console, and configure the SSL certificate and key management.

Procedure

  1. Configure WebSphere Application Server global security. For more information about configuring global security, see Global security settings.
  2. Configure CSIv2 inbound security. In the WebSphere Application Server administrative console, click Security > Global Security > RMI/IIOP Security > CSIv2 inbound communications. Click SSL-Required.
  3. Configure CSIv2 outbound security. In the WebSphere Application Server administrative console, click Security > Global Security > RMI/IIOP Security > CSIv2 inbound communications. CSIv2 outbound communications must be SSL-Supported or SSL-Required.
  4. Configure the SSL certificate and key management in WebSphere Application Server. When running only a WebSphere eXtreme Scale client in a WebSphere Application Server instance and the eXtreme Scale data grid servers are stand-alone. You must ensure that the keystore and truststore certificate information is included in the keystore and truststore files that are specified in the server properties file that is used to start your stand-alone catalog and containers serves.

    When the client, catalog and container servers are all running in WebSphere Application Server processes, they use the WebSphere Application Server security configuration for the client-to-servers communication.

    However, when multiple catalog servers are configured and running in a WebSphere Application Server process the catalog-to-catalog communication has its own proprietary transport paths that cannot be managed by the WebSphere Application Server Common Secure Interoperability Protocol Version 2 (CSIV2) transport settings. Therefore, you must configure the SSL properties in the server properties file for each catalog server. For more information, see Lesson 3.2: Add SSL properties to the catalog server properties file.

What to do next

Storing security artifacts in WebSphere Application Server