Network Deployment (Distributed operating systems), v8.0 > Reference > Sets
Tunnel peer access point settings
Use this page to configure a tunnel peer access point. A tunnel peer access point is used to establish communication between core groups that are in different cells, when one of the cells is located on a DMZ Secure Proxy Server for IBM WAS, and the other is located inside of the firewall. A tunnel peer access point corresponds to a core group access point in the peer cell. The tunnel peer access point communication settings are specified by using one or more peer endpoints or a proxy peer.
A tunnel peer access point must contain either peer ports or a proxy peer access point, but not both. When the tunnel peer access point is directly accessible within its tunnel access point group, specify peer ports. When the tunnel peer access point can be reached only indirectly, use a proxy tunnel peer access point. A proxy tunnel peer access point is used to identify the communication settings for the tunnel peer access point that cannot be accessed directly. The proxy tunnel peer access point specifies a peer access point that can communicate with the appropriate destination core group. The specified proxy tunnel peer access point must be a tunnel peer access point that has defined ports. From the console...
Servers > Core Groups > Core group bridge settings > Tunnel peer access points tunnel_access_point_name.
Name
Name of the tunnel peer access point. The name must be unique within the local cell.
Cell
Cell in which the tunnel peer access point resides. This property is case sensitive. The value you specify must exactly match the name of the cell in which the peer access point resides. For example, if WASCell05 is the name of the cell that contains the peer access point, specify WASCell05 as the value for this property. If you specify wascell05 as the value for this property, communication between the two core groups is not established.
Retry delay
Specifies, in seconds, the amount of time that you want the core group bridge service to wait before attempting to reconnect to a bridge. The default value is 30.
SSL configuration
Whether to use SSL to establish a secure connection.
If SSL is selected, also select one of the following options:
- Centrally managed, if you want the product to manage the secure connections.
- Specific to this endpoint, if you want to specify a specific SSL configuration that is to be used to establish secure connections. When you select this option, also select the SSL configuration that you want used to establish secure connections.
Cell-level access
Level of access that a server from another cell is given to the local cell when that server uses this access point to establish communication with the local cell.
- Full access enables the communicating server to read data from and write data to the local cell. This level of access is appropriate if there is no reason to restrict read or write access to the local cell.
- Read only enables the communicating server to read data from the local cell, but prevents that server from writing data to the local cell. This level of access is appropriate if applications running in other core groups need to access data that is contained in the local cell but to make sure that the data stored on the local cell is not changed.
- Write only enables the communicating server to write data to the local cell, but prevents that server from reading data from the local cell. This level of access is appropriate if applications running in other core groups need to write data to the local cell, but the data stored on the local cell is sensitive. For example, the local cell might contain customer account numbers, and you do not want applications that resides outside of the local cell to read this information.
Configure communication with a core group that resides on a DMZ Secure Proxy Server for IBM WAS
Related
Peer port settings
Tunnel access point group settings
Tunnel peer access point collection