When bus security is enabled, you need to be aware of the additional requirements to
secure communication between messaging engines.
To ensure that messaging engines operate securely when bus security is enabled, you should understand the following points:
- Use secure transport connections (SSL or HTTPS) to ensure confidentiality
and integrity of messages in transit between messaging engines. Define an
appropriate secure transport chain, and then reference the transport chain
name from the bus propertyInter-engine transport chain.
For more information, see Secure transport configuration requirements.
- If the bus has a bus member at
WebSphere® Application Server Version 6, set the Inter-engine authentication alias property. This prevents unauthorized clients or messaging engines
from establishing a connection. For more information, see Adding a secured bus.
- Secure access to the data store for a messaging engine by using a user ID
and password. Apply higher levels of security by using the underlying features
of message stores. For example, for a data store, Apache Derby Version 10.3
allows the whole database to be encrypted, DB2® allows specific tables to be encrypted.
These features must be managed directly by the appropriate database administrator.
Refer to Securing database access for
more details.
- If fine-grained administrative security is in use, messaging engines are
administered as resources at the server or cluster level.