Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure Service integration > Secure service integration > Secure buses

Secure an existing bus by using multiple security domains

We can configure an existing bus to use a cell-level or custom security domain. Using non-global security domains provides the scope to use multiple security domains. The bus can inherit security settings from the cell, or have a unique security configuration.

• Review the information in Service integration security planning and Messaging security and multiple security domains.
• The bus to secure must exist in the admin console. To create a new bus, see Add a secured bus.
• Ensure that all the bus members are at WAS v7.0 or later; use of non-global security domains is not supported for earlier versions of WAS. If the bus has a WAS v6 bus member, see Secure an existing bus by using the global security domain. For more information about using security domains, see Service integration security planning and Messaging security and multiple security domains.
• Ensure that there are no indoubt transactions on the messaging engine because incomplete transactions cannot be recovered after the bus is secured. See Resolve indoubt transactions.
• Stop all servers on which the SIB Service enabled. This ensures that the bus security configuration is applied consistently when the servers are restarted. See Stop an application server.

This task uses the admin console Bus Security Configuration wizard to secure an existing bus. If the wizard detects that administrative security for the cell is disabled, it prompts you to enable it. We must specify the type of user repository, the administrative security username and password. By default, connecting clients are required to use SSL protected transports to ensure data confidentiality and integrity. We can choose not to use this option. We can specify that the bus uses the cell-level or a custom security domain. If you choose a custom security domain, also specify a user realm.

Procedure

1. In the navigation pane, click Service integration -> Buses -> security_value . The general properties for the selected bus are displayed.

2. Click Configure Bus Security to start the Bus Security Configuration wizard.
3. Read the Introduction panel, and click Next.

4. If administrative security is disabled, follow the instructions to configure the appropriate user repository, and click Next.

5. Review the summary of your choices:

   1. To make changes, click Previous to return to an earlier panel, and make the changes you require.

   2. Click Finish when you are ready to confirm your choices.

   Administrative security for the cell is now enabled.

6. If you do not want clients to use SSL protected transports, clear the check box Require clients use SSL protected transports .

7. Select the cell-level or custom security domain for the bus.

8. Optional: To create a new custom security domain:

   1. Use the name suggested for the security domain, or type a new one.

   2. Optional: Provide a description of the security domain.

   3. Select a user realm for the domain. We can use the user realm configured in the global security domain, or follow the steps to configure a new user realm.

9. Click Next.

10. Review the summary of your choices:

    1. Optional: If you want to make changes, click Previous to return to an earlier panel, and make the changes you require.

    2. Click Finish to confirm your choices.

11. Save your changes to the master configuration.

Results

You have specified that the selected bus uses a cell-level or custom security domain. The security settings configured for the bus are displayed in the updated Bus Security Settings panel. The bus is secured after you restart all the servers that are members of the bus, or (for a bus that has bootstrap members) servers for which the SIB service is enabled.

What to do next

We must propagate the bus security configuration to all the affected nodes, and restart the servers. See Synchronize nodes using wsadmin.sh and Start an application server.
Messaging security and multiple security domains
Select a user registry or repository

+

Search Tips   |   Advanced Search