Modifying security for a Link do IBM MQ

Securing access between a service integration bus and a IBM MQ Queue Manager.

About this task

When you create a new Link do WebSphere® MQ, you can use the foreign bus connection wizard to enable security:
  • If the IBM MQ queue manager requires a secure connection, you can set the IBM MQ receiver channel to accept only connections that have secure sockets layer (SSL) based encryption.
  • If the local bus is secure, you can set the service integration bus inbound user ID to replace the user ID in messages from the IBM MQ queue manager, so that these messages are authorized to access their destinations.
    Inbound user ID
    If an inbound user ID is set, then all incoming messages will appear to have originated from that user ID. If the bus is security enabled then messages will appear authenticated as this user ID and have access to any resources that the user ID has access to.
    If an inbound user ID is not set, then messages will have the same user ID as in the IBM MQ message descriptor (MQMD) header of the IBM MQ message. These users will not be authenticated and therefore only have access to resources that require no authentication.
    Outbound user ID
    If an outbound user ID is set, then all outgoing messages will appear to have originated from that user ID (using the userid field of the MQMD)
    If an outbound user ID is not set, then messages will have the same user ID as in the original service integration bus message.

Use this task to secure the local and foreign bus that are part of a Link do IBM MQs configuration, and to secure an existing Link do IBM MQ that was not secured when it was first created.

For more general information about service integration bus security, see Assegurando a Integração de Serviços.

Procedure

  1. Enable security on the service integration bus and the foreign bus representing the IBM MQ network. See Protegendo Barramentos.
  2. Secure the link between the buses - see Assegurando conexões com uma rede do IBM MQ.
  3. Grant access to the local bus for users who will be sending messages to the foreign bus - see Protegendo Barramentos.
  4. Grant access to the foreign bus for users who will be sending messages to it - see Administrando Funções do Barramento Externo.
  5. Optional: Give users access to foreign or alias destinations that will forward messages to a foreign bus - see Administrando Funções de Destino.

Ícone que indica o tipo de tópico Tópico de Tarefa



Ícone de registro de data e hora Última atualização: July 9, 2016 7:54
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tjc0002S_
Nome do arquivo: tjc0002S_.html