+

Search Tips   |   Advanced Search

Tunnel peer access point settings


To configure a tunnel peer access point. A tunnel peer access point is used to establish communication between core groups that are in different cells, when one of the cells is located on a DMZ Secure Proxy Server for IBM WAS, and the other is located inside of the firewall. A tunnel peer access point corresponds to a core group access point in the peer cell. The tunnel peer access point communication settings are specified by using one or more peer endpoints or a proxy peer.

A tunnel peer access point must contain either peer ports or a proxy peer access point, but not both. When the tunnel peer access point is directly accessible within its tunnel access point group, specify peer ports. When the tunnel peer access point can be reached only indirectly, use a proxy tunnel peer access point. A proxy tunnel peer access point is used to identify the communication settings for the tunnel peer access point that cannot be accessed directly. The proxy tunnel peer access point specifies a peer access point that can communicate with the appropriate destination core group. The specified proxy tunnel peer access point must be a tunnel peer access point that has defined ports.

To view this admin console page ...

Servers > Core Groups > Core group bridge settings > Tunnel peer access points tunnel_access_point_name.

Name

Name of the tunnel peer access point. The name must be unique within the local cell.

Cell

Cell in which the tunnel peer access point resides.

Avoid trouble: Is case sensitive. The value you specify must exactly match the name of the cell in which the peer access point resides. For example, if WASCell05 is the name of the cell that contains the peer access point, specify WASCell05 as the value for this property. If we specify wascell05 as the value for this property, communication between the two core groups is not established.

Retry delay

Specifies, in seconds, the amount of time that you want the core group bridge service to wait before attempting to reconnect to a bridge. The default value is 30.

SSL configuration

Whether to use SSL to establish a secure connection.

If SSL is selected, also select one of the following options:

  • Centrally managed, if we want WAS to manage the secure connections.

  • Specific to this endpoint, to specify a specific SSL configuration that is to be used to establish secure connections. When you select this option, also select the SSL configuration that you want used to establish secure connections.

Cell-level access

Level of access that a server from another cell is given to the local cell when that server uses this access point to establish communication with the local cell.

  • Full access enables the communicating server to read data from and write data to the local cell. This level of access is appropriate if there is no reason to restrict read or write access to the local cell.

  • Read only enables the communicating server to read data from the local cell, but prevents that server from writing data to the local cell. This level of access is appropriate if applications running in other core groups need to access data contained in the local cell but you want to make sure that the data stored on the local cell is not changed.

  • Write only enables the communicating server to write data to the local cell, but prevents that server from reading data from the local cell. This level of access is appropriate if applications running in other core groups need to write data to the local cell, but the data stored on the local cell is sensitive. For example, the local cell might contain customer account numbers, and you do not want applications residings outside of the local cell to read this information.





 

Related tasks


Set communication with a core group residings on a DMZ Secure Proxy Server for IBM WAS

 

Related

Peer port settings

 

Related information


Tunnel access point group settings Tunnel peer access point collection