WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Secure buses

Add a secured bus

In this task you add a new service integration bus that is secured by default. The security settings for the bus are stored in a security domain. When you add a new bus, we can assign it to the default global security domain, the cell-level domain, or specify a custom domain containing a set of settings that are unique to the bus, or shared with another resource.

• Plan the security requirements for the bus. For more information about security planning, see Service integration security planning. For more information about security domains, see Messaging security and multiple security domains.
• Stop all servers that have the SIB Service enabled. This ensures the bus security configuration is applied consistently when the servers are restarted. For more information, see Stop an application server.

This task uses an dmgr console security wizard to add a new bus. If the wizard detects that administrative security is disabled, it prompts you to configure a user repository, and enable administrative security.

By default, connecting clients are required to use SSL protected transports to ensure data confidentiality and integrity. If we do not want clients to use SSL protected transports, we can specify that we do not require this option.

The type of security domain we can specify for the bus depends on the versions of the bus members you intend to add to the bus:

• Specify the global domain to add one or more WebSphere Application Server v6 bus members.
• We can specify the global, cell-level, or custom domain to add WAS v7.0 or later bus members only.

1. In the navigation pane, click Service integration -> Buses. A list of buses is displayed.

2. Click New.

3. Type a name for the new bus. You must choose bus names that are compatible with the WebSphere MQ queue manager naming restrictions. We cannot change a bus name after the bus is created, which means that we can only interoperate with WebSphere MQ in the future if we use compatible names. See the topic about WebSphere MQ naming restrictions in the related links.
4. Ensure the Bus security check box is selected.

5. Click Next. The Bus Security Configuration wizard is started.
6. Read the Introduction panel, and click Next.

7. If the wizard detects that administrative security is disabled, follow the prompts to select, and configure the appropriate user repository.

8. Click Next. A summary of the administrative security settings for the bus is displayed.
9. Review the summary, and click Finish. Administrative security for the cell is now enabled.

10. If we do not want clients to use SSL protected transports, clear the check box Require clients use SSL protected transports .

11. Select a security domain for the bus.

12. If we have selected to use a custom security domain, follow the prompts to specify a user realm.
13. Review the summary of your choices, and click Finish.

14. Save your changes to the master configuration.
    

Results

You have created a new bus secured with your chosen security settings.

• Restart the servers. Start an application server provides more information.
• We can add bus members to the bus.
• Groups of users in the user repository require explicit authority to access the bus. For more information, see Administer authorization permissions.

Related concepts:

Messaging security and multiple security domains
Service integration buses

Related

Secure an existing bus using multiple security domains
Configure bus security using an dmgr console panel
Configure the bus to access secured mediations
Configure a bus to run mediations in a multiple security domain environment
Configure the members of a bus

Reference:

SIBAdminCommands: Bus administrative commands for AdminTask
WebSphere MQ naming restrictions

Related information:

Secure an existing bus using the global security domain
Migrating an existing secure bus to multiple domain security

+

Search Tips   |   Advanced Search