Network Deployment (Distributed operating systems), v8.0 > Reference > Sets
Security for bus bus_name [Settings]
Configure the security settings for your service integration bus.
To view this pane in the console, click one of the following paths:Service integration -> Buses -> bus_name > [Additional Properties] Security .
Service integration -> Buses -> security_value .
The value of security_value is either Enabled if messaging security is enabled, or Disabled if messaging security is not enabled.
Configuration tab
These property values are preserved even if the runtime environment is stopped then restarted.
Launch Bus Security Wizard
Click to start a wizard to configure the security settings bus for a bus. If the wizard detects that bus security is disabled, you are prompted to enable it.
General Properties
Enable bus security
Select this option to inherit the secure administration setting of the cell. Deselect this option if you always wish to disable bus security.
Required No Data type Boolean
Inter-engine authentication alias
The name of the authentication alias used to authorize communication between messaging engines on the bus.
We must specify an inter-engine authentication alias if the bus contains a WAS v6 bus member. When bus security is enabled, the bus uses the inter-engine authentication alias to authenticate incoming connections from other messaging engines. An unauthorized messaging engine cannot connect to the bus.
Required No Data type drop-down list
Permitted transports
Select the type of allowed permitted transports.
Allow the use of all defined transport channel chains
Restrict the use of defined transport channel chains to those protected by SSL
Restrict the use of defined transport channel chains to the list of permitted transports
To ensure that all ports used by the bus are secure, select Restrict the use of defined transport channel chains to those protected by SSL , or if your permitted transport chains are secure, select Restrict the use of defined transport channel chains to the list of permitted transports . This prevents the InboundBasicMessaging port being opened. Changes to this setting are effective when the server is restarted.
Required No Data type Radio button
Use the Server ID when running mediations
Check this option to run mediations using the server identity, instead of using a mediation authentication alias.
Select this option to run mediations on multiple servers in different domains. Using the server identity enables you to run mediations successfully across multiple security domains without having to specify a mediation authentication alias for each domain. We can also use this option when multiple domains are not in use.
Required No Data type Boolean
Mediations authentication alias
The name of the authentication alias used to authorize mediations to access the bus.
We must specify a mediation authentication alias if the bus contains a WAS v6 bus member. The mediations authentication alias ensures that the bus operates securely. If a mediation authentication alias is specified for a bus that contains no v6 bus members, it is ignored.
Required No Data type drop-down list
Bus security domain
Select one of the following options to assign the bus to a security domain:
Use the global security domain
Select this option to assign the bus to the global security domain. If we have a mixed-version bus, assign it to the global security domain.
Required No Data type Radio button
Inherit the cell level security domain
Select this option to let the bus inherit the cell level security domain. If no cell level domain is specified then the global security domain will be used.
Required No Data type Radio button
Use the selected domain
Select a custom security domain for this bus. This domain will be used for authentication and determining other security information.
Required No Data type Radio button
Configure Security Domain...
Select this link to configure security settings for a custom security domain. This link becomes active only after we have applied or saved the option to use a non-global domain.
Performance
Group cache timeout
The length of time, in minutes, that a security group will be cached for.
Increasing the timeout decreases the load on the user registry and improves performance but makes the system less responsive to changes in a user's group membership.
To tune the user's group cache to the optimum setting, we have to balance the need for responsiveness with the registry load. The default value is 120 minutes. If the system must respond quickly to changes in a user's group membership, specify a timeout of approximately 15 minutes. If it is acceptable to update a user's group membership only once a day, for example, as an overnight process, specify a timeout of 1440 minutes (24 hours). With a setting of 0, entries in the cache do not timeout, and so remain until the server is next restarted.
A change to this value is effective immediately and only affects the group cache of the bus for which the configuration was changed.
Required No Data type Long Range 0 through 99999
Audit
Enable the auditing service for this bus
Required No Data type Boolean
Authorization Policy
Users and groups in the bus connector role
The list of users and groups in the bus connector role.
Manage default access roles
Manage the assignment of default role types to users and groups
Manage destination access roles
Manage the assignment of destination role types to users and groups
Manage foreign bus access roles
Manage the assignment of foreign bus role types to users and groups
Manage temporary destination prefix access roles
Manage the assignment of temporary destination prefix role types to users and groups
Manage topic access roles
Manage the assignment of topic role types to users and groups
Manage users and groups not known to the user repository
Manage users and groups not known to the user repository
Additional Properties
Permitted transports
The list of permitted transports.
Related Items
JAAS - J2C authentication data
Specifies a list of user identities and passwords for Java 2 connector security to use.
Secure Administration and Applications
Link to configure WebSphere global security settings.
Security domains
Security domain configuration.
Audit Service
Configure the global audit settings
Messaging security
Message security in a service integration bus
Secure service integration
Auditing the service integration security infrastructure
Administer permitted transports for a bus
Administrative console buttons
Administrative console preferences