This section summarizes the practices that will help to ensure a secure and
efficient InterChange Server environment.
- Install InterChange Server on its own computer.
- Make sure that you log in with the
WebSphere business integration administrator account when administering
InterChange Server.
- You must have the appropriate user privileges to install and run
many of the third-party products that InterChange Server software uses, such
as the DBMS, WebSphere MQ, and IBM-branded drivers. Without these
privileges, you cannot set up and start the product.
- You must have the appropriate group privileges to install and run
WebSphere MQ. If your account is not in the mqm group, ask
your UNIX system administrator for help.
To check the groups to which your user login belongs, use the
groups command.
- You must have the appropriate group privileges to run the DBMS. If
your account is not in the dba group, ask your UNIX system
administrator for help.
To check the groups to which your user login belongs, use the
groups command.
-
Protect the ProductDir folder and all directories and
files under it.
To check sharing settings and permissions for the
ProductDir folder, use the following command:
ls -l $CROSSWORLDS
where $CROSSWORLDS is the environment variable that is set to
the location of the ProductDir directory.
- Make sure that the data sources specified in the
InterchangeSystem.cfg file are dedicated to InterChange
Server and have only one user defined.
The repository, event management information, transaction data, flow
monitoring and security service information should be isolated from other
functions within the database server, and there should be only one user per
database. This setup makes it easier to control database logins and to
ensure that unauthorized users cannot view sensitive information stored in the
repository.
- Choose a high level of security. This can be achieved using
the System Manager to alter security settings in the
InterChangeSystem.cfg file. For messages which might
contain sensitive information choose the setting "Integrity plus
Privacy". See the WebSphere InterChange Server: Technical Introduction to IBM
WebSphere InterChange Server for more details on the security
settings.
- Note:
- It is necessary that the level of security on the server and the adapter
agree.
- Turn on the role-based access control
(RBAC) in the System Manager and use the User/Roles Management View to create
roles and assign each user to one of these roles. Use the Security
Policy View to assign the correct permissions and privileges to each role and,
consequently to users within that role. RBAC limits access to the
system to specific users and controls each user's privileges within the
system. RBAC allows the WebSphere business administrator to readily
create roles (with various degrees of permission) into one of which each user
can be easily assigned. Setting up the roles correctly and assigning
users to the correct roles prevents accidental loss of data. For more
information about RBAC see the WebSphere InterChange Server: System Administration
Guide.
- Change the
InterChange Server password as described in the section titled "Changing
the InterChange Server password" in Implementation Guide for WebSphere InterChange Server.