Migrate an existing secure bus to multiple domain security

Use this task to migrate a secured service integration bus from the global security domain to a cell-level or custom security domain.

• Review the information in Service integration security planning and Messaging security and multiple security domains.

• All the bus members must be at WAS v7 or later; use of multiple domain security is not supported for earlier versions of the product.

• Ensure that there are no indoubt transactions on the messaging engine because incomplete transactions cannot be recovered after the bus is secured. For more information, see Resolve indoubt transactions.

• Stop all servers on which the SIB Service enabled. This ensures that the bus security configuration is applied consistently when the servers are restarted. For more information, see Stopping an application server.

The security settings for a bus are held in a security domain. There are three types of security domain:

• The global security domain which a bus uses by default.

• A cell level security domain which the bus might inherit from the administrative cell.

• A custom domain which might contain security settings that are unique to the bus.

We can use the administrative console to change the type of security domain that the bus uses. Note that the link Configure Security Domain only becomes active if you select and apply the option to use a selected security domain. In this case, you must also specify a user realm. We can either use the existing global security settings, or customize a user realm specifically for the domain.

1. In the navigation pane, click Service integration -> Buses -> security_value. The security settings panel for the selected bus are displayed.

2. Select either Inherit the cell level security domain or Use the selected domain, depending on the type of security domain to use for the bus.

3. Click Apply.

4. Complete the following steps to create a custom security domain:

   1. Click the link Configure Security Domain. The security domain configuration panel for the selected bus is displayed.

   2. Use the name suggested for the security domain, or type a new one.

   3. Optional: Type a description of the security domain.

   4. Select the type of user realm for the domain. We can either use the global security settings, or configure a new one.

5. Click Next.

6. Review the summary of the choices:

   1. Optional: To make changes, click Previous to return to an earlier panel, and make the changes you require.

   2. Click Finish to confirm your choices.

7. Save the changes to the master configuration.

Results

You have migrated the existing bus from the global domain to a non-global security domain. The new security settings for the bus are displayed in the updated Bus Security Settings panel.

What to do next

We must propagate the bus security configuration to all the affected nodes, and restart the servers. For more information, see Synchronize nodes using wsdmin.sh and Start an application server.

Related tasks

Secure an existing bus by using multiple security domains

Configure bus security by using an administrative console panel

Configure the bus to access secured mediations

Configure a bus to run mediations in a multiple security domain environment

Related information:

Add a secured bus

Secure an existing bus using the global security domain