IBM Business Monitor, V8.0.1 > Securing your environment
Configure server security
Server security configuration starts with the Global security page. Global security represents the administrative security and the default security configuration that is effective for all applications running in the environment. Security domains can be defined to override and customize the security policies for applications.
A security domain consists of all servers configured with the same user registry realm name. The basic requirement for a security domain is that the access ID returned by the registry from one server within the security domain is the same access ID as that returned from the registry on any other server within the same security domain. Configuration of global security for a security domain consists of configuring the common user registry, the authentication mechanism, and other security information that defines the behavior of a security domain.
- Access control
When a general user is authenticated to IBM Business Monitor, it is important for security that not every possible operation is available to that user. Allowing some users to perform certain tasks, while denying these tasks to other users, is termed access control. 
RACF: Commands to implement roles and user assignments (System Authorization Facility directions)
The System Authorization Facility (SAF) is a z/OS interface that programs can use to communicate with an external security manager, such as Resource Access Control Facility (RACF). You can use RACF commands to implement roles and user assignments.- Enabling administrative security
Administrative security protects your server from unauthorized users and is the primary security mechanism for WebSphere Application Server. Administrative security prevents unauthorized changes to the WebSphere Application Server configuration. With administrative security enabled, many other security options become available to further secure your environment. If you chose to enable security during the installation process, you enabled administrative security. - Enabling application security
Application security enables security for the applications in your environment. You must have enabled administrative security before you can enable application security. By default, application security is disabled. After you enable application security, role-based security constraints on various applications become active. - Enabling identity assertion
Identity assertion is an authentication method used by WebSphere Application Server. Identity assertion must be enabled for the Monitor scheduled services to work. The underlying WebSphere scheduler uses asynchronous beans, which only work properly if identity assertion is enabled. - Enabling Java 2 security
Enabling Java™ 2 security provides a fine-grained security mechanism that uses policies for the primary access control. Java 2 security includes Java authentication and authorization service (JAAS) and Java 2 connector authentication (JCA). You can enable or disable Java 2 security independent of administrative security settings. By default, Java 2 security is disabled. - Specifying credentials in an IBM Business Monitor secured environment
If you have enabled security for IBM Business Monitor, or you have changed the password for an administrative user, you must also update the credentials that IBM Business Monitor uses to access WebSphere Application Server services.
- Configure server-to-server SSL in multiple-cell environments
You must configure the server-to-server Secure Sockets Layer (SSL) if your secure environment has a remote common event infrastructure (CEI) server for either queue-based or table-based event delivery, or your dashboard server is not in the same cell as your IBM Business Monitor server. When server-to-server SSL is not configured, the monitor model deployment fails at the CEI subscription step, or the IBM Business Monitor dashboards are unable to retrieve data.