Network Deployment (Distributed operating systems), v8.0 > Applications > Service integration > Service integration security
Messaging security and multiple security domains
When you secure a service integration bus, you assign it to a security domain that contains a set of security attributes. There are three types of security domain: global, cell level and custom. The type of security domain you use for a particular bus depends on the security requirements, the bus topology, and the versions of the bus members.
Global domain
This is the default security domain, and contains the administrative security settings.
We must assign the bus to use the global domain if the following conditions apply:
- The bus contains a WAS v6 bus member, or might contain a v6 bus member in the future.
- The bus is used for administrative purposes, and must share the administrative security settings.
You might also choose to use the global security domain if we have a simple bus topology, and have no need to use multiple security domains.
Cell level domain
Assign the bus to the cell level domain enables the bus to use multiple security domains.
You might want to assign the bus to use the cell level domain if one of the following scenarios apply:
- Your company security policy requires that the administrative user repository is separate from the customer user repository. Using the cell level domain enables you to configure multiple sets of security attributes for administrative and user applications within a cell environment.
- For ease of configuration and maintenance, you want the bus, its user applications, and servers to share a common security configuration that is separate from the administrative security settings.
Custom domain
We must assign the bus to a custom domain if the following scenarios apply:
- You want to guarantee that the bus and its user application can access the same user realm. In this case, the bus and the user applications use the same custom domain.
- You want the bus to use a user realm that is dedicated to messaging, and have a separate user repository each for administrative and customer accounts.
- You want the bus, and each of its user applications in separate domains. The application users can interact with the users of the bus domain, which acts as a bridge between the application domains. In this case, only the bus requires information about the users in each domain .
Bus configurations
Service integration security planning
Bootstrap members
Multiple security domains
Configure the bus to access secured mediations
Configure a bus to run mediations in a multiple security domain environment
Secure service integration
Secure buses
Add a secured bus
Secure an existing bus by using multiple security domains
Secure an existing bus by using the global security domain
Configure bus security by using an administrative console panel
Add an unsecured bus
Security domain configuration. [Settings]