Administration guide >
Secure the deployment environment
WebSphere eXtreme Scale can secure data access, including allowing for integration with external security providers. Aspects of security include authentication, authorization, transport security, data grid security, local security, and JMX (Mbean) security.
- Tutorial: Integrate WebSphere eXtreme Scale security with WAS
This tutorial demonstrates how to secure a WebSphere eXtreme Scale server deployment in a WAS environment.
- Tutorial: Integrate WebSphere eXtreme Scale security in a mixed environment with an external authenticator
This tutorial demonstrates how to secure WebSphere eXtreme Scale servers that are partially deployed in a WAS environment.
- Security integration with WAS
When WebSphere eXtreme Scale is deployed in a WAS environment, you can simplify the authentication flow and transport layer security configuration from WAS.
- Enable local security
WebSphere eXtreme Scale provides several security endpoints to integrate custom mechanisms. In the local programming model, the main security function is authorization, and has no authentication support. You must authenticate independently from the already existing WAS authentication. However, you can use the provided plug-ins to obtain and validate Subject objects.
- Start and stop secure servers
Security is enabled by specifying security-specific configurations when you start and stop servers.
- Data grid authentication
Use the secure token manager plug-in to enable server-to-server authentication, which requires you to implement the SecureTokenManager interface.
- Data grid security
Data grid security ensures that a joining server has the right credentials, so a malicious server cannot join the data grid. Data grid security uses a shared secret string mechanism.
- Application client authentication
Application client authentication consists of enabling client-server security and credential authentication, and configuring an authenticator and a system credential generator.
- Application client authorization
Application client authorization consists of ObjectGrid permission classes, authorization mechanisms, a permission checking period, and access by creator only authorization.
- Transport layer security and secure sockets layer
WebSphere eXtreme Scale supports both TCP/IP and Transport Layer Security/Secure Sockets Layer (TLS/SSL) for secure communication between clients and servers.
- Java Management Extensions (JMX) security
You can secure managed beans (MBean) invocations in a distributed environment.
- Security integration with external providers
To protect the data, the product can integrate with several security providers.
- Secure the REST data service
Secure multiple aspects of the REST data service. Access to the eXtreme Scale REST data service can be secured through authentication and authorization. Access can also be controlled by service-scoped configuration rules, known as access rules. Transport security is the third consideration.
- Security descriptor XML file
Use a security descriptor XML file to configure an eXtreme Scale deployment topology with security enabled. Use the elements in this file to configure different aspects of security.
- objectGridSecurity.xsd file
Use the following ObjectGrid security XML schema to enable security.
Plan the WebSphere eXtreme Scale environment
Install WebSphere eXtreme Scale
Upgrade and migrating WebSphere eXtreme Scale v7.1
Configure the deployment environment
Operate the deployment environment
Monitor the deployment environment
Tune and performance
Program for security