Migrating an existing secure bus to multiple domain security

Use this task to migrate a secured service integration bus from the global security domain to a cell-level or custom security domain.

Before you begin

  • Review the information in Service integration security planning and Messaging security and multiple security domains.
  • All the bus members must be at WebSphere® Application Server 7.0 版或更新版本; use of multiple domain security is not supported for earlier versions of the product.
  • Ensure that there are no indoubt transactions on the messaging engine because incomplete transactions cannot be recovered after the bus is secured. For more information, see 解析不確定的交易.
  • Stop all servers on which the SIB Service enabled. This ensures that the bus security configuration is applied consistently when the servers are restarted. For more information, see 停止應用程式伺服器.

About this task

The security settings for a bus are held in a security domain. There are three types of security domain:
  • The global security domain which a bus uses by default.
  • A cell level security domain which the bus might inherit from the administrative cell.
  • A custom domain which might contain security settings that are unique to the bus.
You can use the administrative console to change the type of security domain that the bus uses. Note that the link Configure Security Domain only becomes active if you select and apply the option to use a selected security domain. In this case, you must also specify a user realm. You can either use the existing global security settings, or customize a user realm specifically for the domain.

Procedure

  1. In the navigation pane, click 服務整合 -> 匯流排 -> security_value. The security settings panel for the selected bus are displayed.
  2. Select either Inherit the cell level security domain or Use the selected domain, depending on the type of security domain you want to use for the bus.
  3. Click Apply.
  4. Complete the following steps if you want to create a custom security domain:
    1. Click the link Configure Security Domain. The security domain configuration panel for the selected bus is displayed.
    2. Use the name suggested for the security domain, or type a new one.
    3. Optional: Type a description of the security domain.
    4. Select the type of user realm for the domain. You can either use the global security settings, or configure a new one.
  5. Click Next.
  6. Review the summary of your choices:
    1. Optional: If you want to make changes, click Previous to return to an earlier panel, and make the changes you require.
    2. Click Finish to confirm your choices.
  7. Save your changes to the master configuration.

Results

You have migrated your existing bus from the global domain to a non-global security domain. The new security settings for the bus are displayed in the updated Bus Security Settings panel.

What to do next

You must propagate the bus security configuration to all the affected nodes, and restart the servers. For more information, see Synchronizing nodes using the wsadmin scripting tool and 啟動應用程式伺服器.

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:16
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tjr_migrate_to_multi
檔名:tjr_migrate_to_multi.html