WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Secure buses

Migrating an existing secure bus to multiple domain security

Use this task to migrate a secured service integration bus from the global security domain to a cell-level or custom security domain.

• Review the information in Service integration security planning and Messaging security and multiple security domains.
• All the bus members must be at WebSphere Application Server v7.0 or later; use of multiple domain security is not supported for earlier versions of the product.
• Ensure there are no indoubt transactions on the messaging engine because incomplete transactions cannot be recovered after the bus is secured. For more information, see Resolve indoubt transactions.
• Stop all servers on which the SIB Service enabled. This ensures the bus security configuration is applied consistently when the servers are restarted. For more information, see Stop an application server.

The security settings for a bus are held in a security domain. There are three types of security domain:

• The global security domain which a bus uses by default.
• A cell level security domain which the bus might inherit from the administrative cell.
• A custom domain which might contain security settings that are unique to the bus.

We can use the dmgr console to change the type of security domain the bus uses. Note the link Configure Security Domain only becomes active if you select and apply the option to use a selected security domain. In this case, you must also specify a user realm. We can either use the existing global security settings, or customize a user realm specifically for the domain.

1. In the navigation pane, click Service integration -> Buses -> security_value. The security settings panel for the selected bus are displayed.

2. Select either Inherit the cell level security domain or Use the selected domain, depending on the type of security domain to use for the bus.

3. Click Apply.

4. Complete the following steps to create a custom security domain:

   1. Click the link Configure Security Domain. The security domain configuration panel for the selected bus is displayed.

   2. Use the name suggested for the security domain, or type a new one.

   3. Optional: Type a description of the security domain.

   4. Select the type of user realm for the domain. We can either use the global security settings, or configure a new one.

5. Click Next.
6. Review the summary of your choices:

   1. Optional: To make changes, click Previous to return to an earlier panel, and make the changes you require.

   2. Click Finish to confirm your choices.

7. Save your changes to the master configuration.

Results

You have migrated your existing bus from the global domain to a non-global security domain. The new security settings for the bus are displayed in the updated Bus Security Settings panel.

Restart the servers. Start an application server provides more information.

Related

Secure an existing bus using multiple security domains
Configure bus security using an dmgr console panel
Configure the bus to access secured mediations
Configure a bus to run mediations in a multiple security domain environment

Related information:

Add a secured bus
Secure an existing bus using the global security domain

+

Search Tips   |   Advanced Search