IBM Business Monitor, V8.0.1 >

Securing your environment

To provide a secure environment for IBM Business Monitor, you must enable both administrative security and application security. Use the Security Configuration Wizard in the WebSphere Application Server administrative console to enable or change security for IBM Business Monitor.

The security configuration of IBM Business Monitor must match the configuration of other servers that participate in the same single sign-on domain; for example, Business Space powered by WebSphere, WebSphere Portal, and Process Server.

IBM Business Monitor uses long security names (for example, LDAP DN) if security is enabled, and it uses a short name if security is disabled. Therefore, any configuration made under one setting will not be visible under the other. Use the WebSphere Portal configuration wizard to change security settings for WebSphere Portal.

You can configure access to monitor resources in the following ways:

• You can configure access to monitor models using Monitor Data Security in the administrative console.

• You can configure a more fine-grained form of access by filtering the data that users and groups can view.

  • You can limit which instances of a model context are available to the users and groups by setting up a security filter. The security filter is applied to all instance, KPI, and cube queries.

  • You can limit access to specific monitor objects by setting up security rules. You can set up security rules to apply to metrics, dimensions, measures, KPIs, and alerts.

IBM Business Monitor supports LDAP configured under Federated Repositories, and now also supports a standalone LDAP configuration. If you are not using WebSphere Portal, you can use a file-based repository. WebSphere Portal must be able to share a user registry with the IBM Business Monitor server, meaning that only LDAP server registry or custom user registry is supported.

Additionally, configure CEI security. You can use method-level declarative security to access CEI functions. Detailed information is provided in a related link below.

For more information about securing applications and the environment for WebSphere Application Server, see the Security section of the WebSphere Application Server Information Center. A related link is provided.

Detailed information on the configurations are provided in the following topics:

• Configure server security
  Server security configuration starts with the Global security page. Global security represents the administrative security and the default security configuration that is effective for all applications running in the environment. Security domains can be defined to override and customize the security policies for applications.
• Viewing the status of security properties
  

  You can view the status of security properties for IBM Business Monitor from a central location in the administrative console. You can also access the administrative pages for configuring WebSphere administrative security, WebSphere application security, IBM Business Monitor data security, LTPA, and single sign-on (SSO) from the IBM Business Monitor security console page.

• Configure user registries
  The user registry stores information used to authenticate users using basic authentication. You must configure WebSphere Application Server to use the user registry in your environment. Your choice of user registry is also an essential consideration when planning your monitoring environment.
• Securing the database environment
  

  You can enhance the operational security of your databases during the installation using either DB2 , Oracle, or Microsoft SQL Server. You can complete the installation without giving database users who are associated with the application server administrative privileges.

• Enabling security for WebSphere Portal
  WebSphere Portal uses the security mechanism provided by WebSphere Application Server.
• Configure IBM Cognos BI security
  The IBM Cognos Business Intelligence service requires a database for its content store repository. You can enhance security by creating a database user for IBM Cognos BI only.
• Configure data security
  Using the administrative console, you can configure security for your monitor models by setting data access permissions.
• Configure fine-grained security
  

  You secure access to monitor models by adding users to resource groups (as described in "Configuring data security"). After providing access at the monitor model level, you can provide a more fine-grained form of data security by granting access to users and groups at the monitor context instance level or the monitor context object level.

• Set up security for dashboards
  

  If you are using dashboards with your environment, you must consider security options for the Business Space component.

  If you want to turn on security, set up application security and designate a user repository. To define administrators, assign a Business Space superuser role.

• Considerations when enabling security in an ND environment
  This section contains information that you need to know when enabling security in an ND environment.

Related reference:

Securing applications and their environment