Secure links between messaging engines
For a mixed-version bus, when security is enabled, define an inter-engine authentication alias so that the messaging engines can establish trust.
Ensure that the user ID that you intend to use for the inter-engine authentication alias meets the following conditions:
- It exists in the user registry.
- It is used only for messaging engine to messaging engine authentication.
- It has not been added to the bus connector access role.
If we have a secure bus where all bus members are at Version 7.0 or later, trust between Version 7.0 or later messaging engines is established by using a LTPA token, and we do not need to perform this task.
If we have a secure, mixed-version bus, define an inter-engine authentication alias to prevent unauthorized messaging engines from establishing a connection. Messaging engines use the inter-engine authentication alias to establish trust in the following scenarios:
- A WAS v6 messaging engine initiates a link with a Version 7.0 or later messaging engine.
- A Version 7.0 or later messaging engine initiates a link with a Version 6 messaging engine.
If we add a server or cluster as a bus member, if that action creates a mixed-version bus, you define an inter-engine authentication alias during that task, and we do not need to perform this task.
- In the navigation pane, click Service integration -> Buses -> security_value. The bus security configuration panel for the corresponding bus is displayed.
- In the Inter-engine authentication alias field, select an authentication alias.
- Click OK.
- Save the changes to the master configuration.
Results
You have selected an inter-engine authentication alias for the bus to use in establishing trust between mixed-version messaging engines.
What to do next
If we require additional security, we can configure the SSL certificate stores to restrict objects that can make an SSL connection, and thereby connect to the bus. For more information see Create a Secure Sockets Layer configuration.
Related concepts
Temporary bus destinations Destination routing paths Interconnected buses Common issues with all bus configurations
Related tasks
Disable bus security Enable client SSL authentication Administer authorization permissions Secure messages between messaging buses Secure access to a foreign bus Controlling which foreign buses can link to the bus Secure database access Secure mediations Administer the bus connector role Add a server as a new bus member Add a cluster as a member of a bus
Related information:
Secure buses Add unique names to the bus authorization policy Administer permitted transports for a bus