Add a secured bus

Overview

In this task we add a new service integration bus that is secured by default. The security settings for the bus are stored in a security domain. When we add a new bus, we can assign it to the default global security domain, the cell-level domain, or specify a custom domain containing a set of settings unique to the bus, or shared with another resource.

1. Plan the security requirements for the bus.
2. Stop all servers that have the SIB Service enabled.

This task uses an administrative console security wizard to add a new bus. If the wizard detects that administrative security is disabled, it prompts you to configure a user repository, and enable administrative security.

By default, connecting clients are required to use SSL protected transports to ensure data confidentiality and integrity. If we do not want clients to use SSL protected transports, we can specify that we do not require this option.

The type of security domain we can specify for the bus depends on the versions of the bus members you intend to add to the bus:

• Specify the global domain to add one or more WAS v6 bus members.
• We can specify the global, cell-level, or custom domain to add WAS v7 or later bus members only.

Add a secured bus

1. In the navigation pane, click...
   Service integration | Buses | New

2. Type a name for the new bus.

   Choose bus names that are compatible with the WebSphere MQ queue manager naming restrictions. We cannot change a bus name after the bus is created, which means that we can only interoperate with WebSphere MQ in the future if you use compatible names.

3. Ensure that the Bus security check box is selected.

4. Click Next.

   The Bus Security Configuration wizard is started.

5. Read the Introduction panel, and click Next.

6. If the wizard detects that administrative security is disabled, follow the prompts to select, and configure the appropriate user repository.

7. Click Next.

   A summary of the administrative security settings for the bus is displayed.

8. Review the summary, and click Finish.

   Administrative security for the cell is now enabled.

9. If we do not want clients to use SSL protected transports, clear the check box...
   Require clients use SSL protected transports

10. Select a security domain for the bus.

11. If we have selected to use a custom security domain, follow the prompts to specify a user realm.

12. Review the summary of the choices, and click Finish.

13. Save the changes to the master configuration.
    

Results

You have created a new bus secured with the chosen security settings.

What to do next

• Propagate the bus security configuration to all the affected nodes, and restart the servers.

• We can add bus members to the bus.

• Groups of users in the user repository require explicit authority to access the bus.

Related concepts

Messaging security and multiple security domains

Service integration buses

Secure an existing bus by using multiple security domains

Configure bus security by using an administrative console panel

Configure the bus to access secured mediations

Configure a bus to run mediations in a multiple security domain environment

Configure the members of a bus

SIBAdminCommands: Bus administrative commands (AdminTask)

WebSphere MQ naming restrictions

Secure an existing bus using the global security domain

Migrate an existing secure bus to multiple domain security