Configuring bus security by using an administrative console panel

Use the administrative console to configure the security properties for an existing service integration bus.

Before you begin

About this task

This task uses the Bus Security administrative console panel. You can start the Bus security wizard from the panel, or specify individual security properties directly in the panel. The bus security properties are effective only when administrative security for the cell is enabled. If the wizard detects that administrative security is disabled, it prompts you to enable it.
The security properties available to a particular bus depend on the versions of the bus members:
  • If the bus has a WebSphere® Application Server Version 6 bus member, you must specify the global security domain. You must also specify an inter-engine authentication alias to prevent unauthenticated messaging engines from establishing a connection with the bus.
  • If the bus contains Version 7.0 or later bus members only, you can specify any type of security domain. You do not need to specify an inter-engine or mediation authentication alias.

If you want to run mediations across multiple security domains, you can specify a single server identity for the bus, rather than specify a mediation authentication alias for each domain. You can use a server identity to run mediations on the global domain.

Procedure

  1. In the navigation pane, click Service integration -> Buses -> security_value. security_value is either Enabled or Disabled, depending on the security status of the bus.
  2. Optional: Click Launch Bus Security Wizard to start the wizard, or specify the following properties directly:
    Enable bus security
    Bus security is enabled by default. Clear this check box if you want to disable security for the selected bus. Note that the check box is read-only if administrative security is disabled.
    Inter-engine authentication alias
    The name of the authentication alias used to authorize communication between messaging engines on the bus. Specify an inter-engine authentication alias if the bus has a Version 6 bus member, bus security is enabled, and you want to prevent unauthorized messaging engines from establishing a connection with the bus.
    Permitted transports
    Specify one of the following transports for the bus:
    • Any messaging transport chain defined to any bus member.
    • Only messaging transport chains that are protected by an SSL chain.
    • Only the transports specified in the list of permitted transports.
    If you want to add and remove permitted transports, click Service integration -> Buses -> security_value -> [Additional Properties] Permitted transports.
    Use the Server ID when running mediations
    Check this option if you want to run mediations by using the server identity, instead of by using a mediation authentication alias.

    Mediations are deployed as applications, and run in the domain used by the application server, not the bus domain. If you want to run a mediation on multiple servers in different domains, you must ensure that the user identity in the mediation authentication alias exists in the configuration for each domain. Alternatively, you can choose to use the server identity option. You can use this option when multiple domains are not in use.

    Mediations authentication alias
    The name of the authentication alias used to authorize mediations to access the bus. If the bus has a WebSphere Application ServerVersion 6.0.x bus member, you must specify a mediations authentication alias. If you specify a mediations authentication alias for a bus that contains WebSphere Application ServerVersion 7.0 or later bus members only, it is ignored.
    Bus security domain
    Specify one of the following security domains for the bus:
    Global domain
    You must specify the global domain if the bus contains a Version 6 bus member, or you do not want the bus to use multiple domains.
    Cell level domain
    Specify the cell-level security domain if the bus has Version 7.0 or later bus members only, and you want the bus to share security settings with the administrative cell.
    Custom domain
    Specify a custom security domain if the bus has Version 7.0 or later bus members only, and you want the bus to use a security domain that is used by another resource, or you want to create a new security configuration for this bus.
  3. Save your changes to the master configuration.

Results

You have configured security properties for the selected bus.

What to do next

You can use the administrative console to control access to the bus.
Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 18, 2014 05:01 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-iseries&topic=tjr0205_
File name: tjr0205_.html