Maintaining a secure environment

This section summarizes the practices that can help to ensure a secure environment. The following topics are covered:

InterChange Server security

Ensure security on InterChange Server:

WebSphere business integration administrator security

Make sure that the account with which you log in when administering the WebSphere business integration system has administrator privileges.

You must have administrator privileges to install and run many of the products that the InterChange Server software uses, such as the DBMS, WebSphere MQ, and JDBC drivers. Without these privileges, you cannot set up and start the product.

HA

For high availability, make sure the Domain user account has administrator privileges on each machine in the cluster.

To check the privileges of a user login follow these steps:

  1. Click Start > Settings > Control Panel, then double-click Users and Passwords.
  2. In the Users and Passwords dialog box, check to see if your account is listed in the Administrators Group.

    If your account is not in the Administrator group, create a new user following the instructions in "Creating the InterChange Server Administrator account" or "Creating the Domain user for high availability", or ask your Windows system administrator for help.

Securing the ProductDir directory

To protect the ProductDir folder and all directories and files under it, check sharing settings and permissions for the folder:

  1. Right-click the ProductDir folder (C:\IBM\WebSphereICS is the default), then click Properties.
  2. Set up the properties of the folder to provide the protection you want.

Controlling database logins

To provide database protection, make sure that the data sources specified in the InterChange Server configuration file are dedicated to InterChange Server and have only one user defined.

Isolate the repository, event management information, transaction data, and flow monitoring information from other functions within the database server, and make sure there is only one user for each database. This setup makes it easier to control database logins and to ensure that unauthorized users cannot view sensitive information stored in the repository.

Role-base access control (RBAC)

Turn on the role-based access control (RBAC) in the System Manager and use the User/Roles Management View to create roles and assign each user to one of these roles. Use the Security Policy View to assign the correct permissions and privileges to each role and users within the that role. RBAC limits access to the ICS system to specific users and controls user privileges within the system. RBAC enables the WebSphere business administrator to readily create roles (with varying permission) into one of which each user can be easily assigned.

For more information about RBAC see the WebSphere InterChange Server: System Administration Guide.

Copyright IBM Corp. 1997, 2004