Configuring bus security by using an administrative console panel

Use the administrative console to configure the security properties for an existing service integration bus.

Before you begin

About this task

This task uses the Bus Security administrative console panel. You can start the Bus security wizard from the panel, or specify individual security properties directly in the panel. The bus security properties are effective only when administrative security for the cell is enabled. If the wizard detects that administrative security is disabled, it prompts you to enable it.
The security properties available to a particular bus depend on the versions of the bus members:
  • If the bus has a WebSphere® Application Server 第 6 版 bus member, you must specify the global security domain. You must also specify an inter-engine authentication alias to prevent unauthenticated messaging engines from establishing a connection with the bus.
  • If the bus contains 7.0 版或更新版本 bus members only, you can specify any type of security domain. You do not need to specify an inter-engine or mediation authentication alias.

If you want to run mediations across multiple security domains, you can specify a single server identity for the bus, rather than specify a mediation authentication alias for each domain. You can use a server identity to run mediations on the global domain.

Procedure

  1. In the navigation pane, click 服務整合 -> 匯流排 -> security_value. security_value is either Enabled or Disabled, depending on the security status of the bus.
  2. Optional: Click Launch Bus Security Wizard to start the wizard, or specify the following properties directly:
    啟用匯流排安全
    Bus security is enabled by default. Clear this check box if you want to disable security for the selected bus. Note that the check box is read-only if administrative security is disabled.
    跨引擎鑑別別名
    Specify an inter-engine authentication alias if the bus has a 第 6 版 bus member, bus security is enabled, and you want to prevent unauthorized messaging engines from establishing a connection with the bus.
    允許的傳輸
    Specify one of the following transports for the bus:
    • Any messaging transport chain defined to any bus member.
    • Only messaging transport chains that are protected by an SSL chain.
    • Only the transports specified in the list of permitted transports.
    If you want to add and remove permitted transports, click 服務整合 -> 匯流排 -> security_value -> [其他內容] 允許的傳輸.
    在執行調解時使用伺服器 ID
    Check this option if you want to run mediations by using the server identity, instead of by using a mediation authentication alias.

    Mediations are deployed as applications, and run in the domain used by the application server, not the bus domain. If you want to run a mediation on multiple servers in different domains, you must ensure that the user identity in the mediation authentication alias exists in the configuration for each domain. Alternatively, you can choose to use the server identity option. You can use this option when multiple domains are not in use.

    調解鑑別別名
    If the bus has a WebSphere Application Server6.0.x 版 bus member, you must specify a mediations authentication alias. If you specify a mediations authentication alias for a bus that contains WebSphere Application Server7.0 版或更新版本 bus members only, it is ignored.
    匯流排安全網域
    Specify one of the following security domains for the bus:
    Global domain
    You must specify the global domain if the bus contains a 第 6 版 bus member, or you do not want the bus to use multiple domains.
    Cell level domain
    Specify the cell-level security domain if the bus has 7.0 版或更新版本 bus members only, and you want the bus to share security settings with the administrative cell.
    Custom domain
    Specify a custom security domain if the bus has 7.0 版或更新版本 bus members only, and you want the bus to use a security domain that is used by another resource, or you want to create a new security configuration for this bus.
  3. 儲存對主要配置所做的變更。

Results

You have configured security properties for the selected bus.

What to do next

You can use the administrative console to control access to the bus.

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:16
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tjr0205_
檔名:tjr0205_.html