Migrate an existing secure bus to multiple domain security

Use this task to migrate a secured service integration bus from the global security domain to a cell-level or custom security domain.

• Review the information in Service integration security planning and Messaging security and multiple security domains.
• All the bus members must be at WebSphere Application Server v7.0 or later; use of multiple domain security is not supported for earlier versions of the product.

• Ensure that there are no indoubt transactions on the messaging engine because incomplete transactions cannot be recovered after the bus is secured. See Resolving indoubt transactions.

• Stop all servers on which the SIB Service enabled. This ensures that the bus security configuration is applied consistently when the servers are restarted. See Stopping an application server.

The security settings for a bus are held in a security domain. There are three types of security domain:

• The global security domain which a bus uses by default.
• A cell level security domain which the bus might inherit from the administrative cell.
• A custom domain which might contain security settings that are unique to the bus.

Use the administrative console to change the type of security domain that the bus uses. Note that the link Configure Security Domain only becomes active if we select and apply the option to use a selected security domain. In this case, we must also specify a user realm. We can either use the existing global security settings, or customize a user realm specifically for the domain.

Tasks

1. In the navigation pane, click Service integration -> Buses -> security_value. The security settings panel for the selected bus are displayed.

2. Select either Inherit the cell level security domain or Use the selected domain, depending on the type of security domain we want to use for the bus.

3. Click Apply.
4. Complete the following steps to create a custom security domain:

   1. Click the link Configure Security Domain. The security domain configuration panel for the selected bus is displayed.

   2. Use the name suggested for the security domain, or type a new one.

   3. Optional: Type a description of the security domain.

   4. Select the type of user realm for the domain. We can either use the global security settings, or configure a new one.

5. Click Next.

6. Review the summary of our choices:

   1. Optional: To make changes, click Previous to return to an earlier panel, and make the changes you require.

   2. Click Finish to confirm our choices.

7. Save changes to the master configuration.

We have migrated our existing bus from the global domain to a non-global security domain. The new security settings for the bus are displayed in the updated Bus Security Settings panel.

What to do next

We must propagate the bus security configuration to all the affected nodes, and restart the servers. For more information, see Synchronize nodes and Starting an application server.

Secure an existing bus using multiple security domains

Configure bus security using an administrative console panel

Configure the bus to access secured mediations

Configure a bus to run mediations in a multiple security domain environment

Add a secured bus

Secure an existing bus using the global security domain