Tunnel peer access point settings
to configure a tunnel peer access point, from the admin console, click...
Servers > Core Groups > Core group bridge settings > Tunnel peer access points > tunnel_access_point_name
A tunnel peer access point is used to establish communication between core groups in different cells, when one of the cells is located on a DMZ Secure Proxy Server for IBM WebSphere Application Server, and the other is located inside of the firewall. A tunnel peer access point corresponds to a core group access point in the peer cell. The tunnel peer access point communication settings are specified using one or more peer endpoints or a proxy peer.
A tunnel peer access point must contain either peer ports or a proxy peer access point, but not both. When the tunnel peer access point is directly accessible within its tunnel access point group, specify peer ports. When the tunnel peer access point can be reached only indirectly, use a proxy tunnel peer access point. A proxy tunnel peer access point is used to identify the communication settings for the tunnel peer access point that cannot be accessed directly. The proxy tunnel peer access point specifies a peer access point that can communicate with the appropriate destination core group. The specified proxy tunnel peer access point must be a tunnel peer access point that has defined ports.
Name
Name of the tunnel peer access point. The name must be unique within the local cell.
Cell
Cell in which the tunnel peer access point resides.
This property is case sensitive. The value we specify must exactly match the name of the cell in which the peer access point resides. For example, if WASCell05 is the name of the cell containing the peer access point, specify WASCell05 as the value for this property. If we specify wascell05 as the value for this property, communication between the two core groups is not established.
Retry delay
Specifies, in seconds, the amount of time that we want the core group bridge service to wait before attempting to reconnect to a bridge. The default is 30.
SSL configuration
Specifies whether to use SSL to establish a secure connection.
If SSL is selected, we must also select one of the following options:
- Centrally managed, if we want the product to manage the secure connections.
- Specific to this endpoint, to specify a specific SSL configuration that is to be used to establish secure connections. When selected, we must also select the SSL configuration that we want used to establish secure connections.
Cell-level access
Level of access that a server from another cell is given to the local cell when that server uses this access point to establish communication with the local cell.
- Full access enables the communicating server to read data from and write data to the local cell. This level of access is appropriate if there is no reason to restrict read or write access to the local cell.
- Read only enables the communicating server to read data from the local cell, but prevents that server from writing data to the local cell. This level of access is appropriate if applications running in other core groups need to access data contained in the local cell but we want to make sure that the data stored on the local cell is not changed.
- Write only enables the communicating server to write data to the local cell, but prevents that server from reading data from the local cell. This level of access is appropriate if applications running in other core groups need to write data to the local cell, but the data stored on the local cell is sensitive. For example, the local cell might contain customer account numbers, and we do not want applications that resides outside of the local cell to read this information.
Configure communication with a core group that resides on a DMZ Secure Proxy Server for IBM WAS Peer port settings Tunnel access point group settings Tunnel peer access point collection