Security Scenarios

When setting up a cluster, there are two scenarios that must be considered. There is out-of-box security used when you first set up the cluster environment where the dmgr has not configured the security settings. The second scenario is when an existing dmgr has already configured the security settings prior to a node joining a cell.


Out-of-box security

The first scenario is when the default Virtual Member Manager (VMM) file-based repository security is used on both the WebSphere Portal nodes and the dmgr. When the WebSphere Portal node is federated into the dmgr cell, the node's security settings are replaced with the dmgr's security settings. Thus, prior to federating the first WebSphere Portal node into the cell, the required group for WebSphere Portal administrators and administrative user; for example, wpsadmins and wpsadmin; must be defined in the dmgr's security repository. Otherwise, the WebSphere Portal administrators group and administrative user will be lost when federating the node into the dmgr.

Once the cluster has been set up, you can modify the security settings of the cell. Although it is possible to modify security in the cell using the IBM WebSphere Application Server Administrative Console, use the WebSphere Portal security tasks to change cell security in order to ensure that the security configuration settings for WAS and WebSphere Portal are identical. Using the WAS console to configure or update the out-of-box security is NOT supported in a stand-alone environment. This is only supported in a clustered environment that uses the Deployment Manager Administrative Console.


Modified security with Virtual Member Manager (VMM) federated

The second scenario is when the existing dmgr cell has already modified its default security setting prior to the first WebSphere Portal node joining the cell. WebSphere Portal supports the capability of using two different sets of administrative user ID and password credentials when federating a WebSphere Portal node into a cell – one set for the WebSphere Portal node authentication and one set for dmgr authentication. This means that it is not necessary to define a common administrative user ID before WebSphere Portal joins the cell. If the dmgr cell is using federated VMM with additional repositories, the security settings on the Portal node are replaced with the modified dmgr VMM federated security settings. The original stand-alone environment security settings are preserved and will revert back to the original settings if you remove the node from the cluster.


Modified security with standalone Lightweight Directory Access Protocol (LDAP) server

If the dmgr cell is using standalone LDAP security, it is necessary to configure the LDAP values into the WebSphere Portal property files before federation. This enables WebSphere Portal to dynamically adapt to the existing standalone LDAP security settings of the cell. As with the first scenario, once the cluster has been set up then security changes to the dmgr cell security settings can be made using the WebSphere Portal security tasks, and additional WebSphere Portal nodes may be added to the cell following the same procedures.


Parent

Cluster considerations

 


+

Search Tips   |   Advanced Search