Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure Service integration > Secure service integration > Secure buses

Add a secured bus

In this task you add a new service integration bus that is secured by default. The security settings for the bus are stored in a security domain. When you add a new bus, you can assign it to the default global security domain, the cell-level domain, or specify a custom domain that contains a set of settings that are unique to the bus, or shared with another resource.

• Plan the security requirements for the bus. For more information about security planning, see Service integration security planning. For more information about security domains, see Messaging security and multiple security domains.
• Stop all servers that have the SIB Service enabled. This ensures that the bus security configuration is applied consistently when the servers are restarted. See Stop an application server.

This task uses an administrative console security wizard to add a new bus. If the wizard detects that administrative security is disabled, it prompts you to configure a user repository, and enable administrative security.

By default, connecting clients are required to use SSL protected transports to ensure data confidentiality and integrity. If you do not want clients to use SSL protected transports, you can specify that you do not require this option.

The type of security domain you can specify for the bus depends on the versions of the bus members you intend to add to the bus:

• We must specify the global domain to add one or more WAS v6 bus members.
• We can specify the global, cell-level, or custom domain if you want to add WAS v7.0 or later bus members only.

Procedure

1. In the navigation pane, click Service integration -> Buses . A list of buses is displayed.

2. Click New.
3. Type a name for the new bus. We must choose bus names that are compatible with the WebSphere MQ queue manager naming restrictions. We cannot change a bus name after the bus is created, which means that you can only interoperate with WebSphere MQ in the future if you use compatible names. See the topic about WebSphere MQ naming restrictions in the related links.
4. Ensure that the Bus security check box is selected.

5. Click Next. The Bus Security Configuration wizard is started.
6. Read the Introduction panel, and click Next.

7. If the wizard detects that administrative security is disabled, follow the prompts to select, and configure the appropriate user repository.

8. Click Next. A summary of the administrative security settings for the bus is displayed.

9. Review the summary, and click Finish. Administrative security for the cell is now enabled.

10. If you do not want clients to use SSL protected transports, clear the check box Require clients use SSL protected transports .

11. Select a security domain for the bus.

12. If we have selected to use a custom security domain, follow the prompts to specify a user realm.

13. Review the summary of your choices, and click Finish.

14. Save your changes to the master configuration.

Results

You have created a new bus secured with your chosen security settings.

What to do next

• We must propagate the bus security configuration to all the affected nodes, and restart the servers. See Synchronize nodes using wsadmin.sh and Start an application server.
• We can add bus members to the bus.
• Groups of users in the user repository require explicit authority to access the bus. See Administer authorization permissions.

Messaging security and multiple security domains
Service integration buses
Configure the members of a bus

Related

SIBAdminCommands: Bus administrative commands
WebSphere MQ naming restrictions

+

Search Tips   |   Advanced Search