Securing links between messaging engines

For a mixed-version bus, when security is enabled, you must define an inter-engine authentication alias so that the messaging engines can establish trust.

Before you begin

Ensure that the user ID that you intend to use for the inter-engine authentication alias meets the following conditions:
  • It exists in the user registry.
  • It is used only for messaging engine to messaging engine authentication.
  • It has not been added to the bus connector access role.
If you have a secure bus where all bus members are at 7.0 版或更新版本, trust between 7.0 版或更新版本 messaging engines is established by using a Lightweight Third Party Authentication (LTPA) token, and you do not need to perform this task.

About this task

If you have a secure, mixed-version bus, you must define an inter-engine authentication alias to prevent unauthorized messaging engines from establishing a connection. Messaging engines use the inter-engine authentication alias to establish trust in the following scenarios:
  • A WebSphere® Application Server 第 6 版 messaging engine initiates a link with a 7.0 版或更新版本 messaging engine.
  • A 7.0 版或更新版本 messaging engine initiates a link with a 第 6 版 messaging engine.

If you add a server or cluster as a bus member, if that action creates a mixed-version bus, you define an inter-engine authentication alias during that task, and you do not need to perform this task.

Procedure

  1. In the navigation pane, click 服務整合 -> 匯流排 -> security_value. The bus security configuration panel for the corresponding bus is displayed.
  2. In the Inter-engine authentication alias field, select an authentication alias.
  3. Click OK.
  4. 儲存對主要配置所做的變更。

Results

You have selected an inter-engine authentication alias for the bus to use in establishing trust between mixed-version messaging engines.

What to do next

If you require additional security, you can configure the SSL certificate stores to restrict objects that can make an SSL connection, and thereby connect to the bus. For more information see Creating a Secure Sockets Layer configuration.

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:16
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tjr0040_
檔名:tjr0040_.html