Security for messaging engines
When bus security is enabled, we need to be aware of the additional requirements to secure communication between messaging engines.
To ensure that messaging engines operate securely when bus security is enabled, you should understand the following points:
- Use secure transport connections (SSL or HTTPS) to ensure confidentiality and integrity of messages in transit between messaging engines. Define an appropriate secure transport chain, and then reference the transport chain name from the bus propertyInter-engine transport chain. For more information, see Secure transport configuration requirements.
- If the bus has a bus member at WAS v6, set the Inter-engine authentication alias property. This prevents unauthorized clients or messaging engines from establishing a connection. For more information, see Add a secured bus.
- Secure access to the data store for a messaging engine by using a user ID and password. Apply higher levels of security using the underlying features of message stores. For example, for a data store, Apache Derby Version 10.3 allows the whole database to be encrypted, DB2 allows specific tables to be encrypted. These features must be managed directly by the appropriate database administrator. Refer to Secure database access for more details.
- If fine-grained administrative security is in use, messaging engines are administered as resources at the server or cluster level.
Related concepts
Messaging engine communication