Administration guide > Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security with WAS
Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security with WAS >
< Previous | Next >
Module 3: Configure transport security
Configure transport security to secure data transfer between the clients and servers in the configuration.
In the previous module in the tutorial, you enabled WebSphere eXtreme Scale authentication. With authentication, any application that tries to connect to the WebSphere eXtreme Scale server is required to provide a credential. Therefore, no unauthenticated client can connect to the WebSphere eXtreme Scale server. The clients must be an authenticated application that is running in a WAS cell.
With the configuration up to this module, the data transfer between the clients in the appCluster cluster and servers in the xsCluster cluster is not encrypted. This configuration might be acceptable if the WAS clusters are installed on servers behind a firewall. However, in some scenarios, non-encrypted traffic is not accepted for some reasons even though the topology is protected by firewall. For example, a government policy might enforce encrypted traffic. WebSphere eXtreme Scale supports Transport Layer Security/Secure Sockets Layer (TLS/SSL) for secure communication between ObjectGrid endpoints, which include client servers, container servers, and catalog servers.
In this sample deployment, the eXtreme Scale clients and container servers are all running in the WAS environment. Client or server properties are not necessary to configure the SSL settings because the eXtreme Scale transport security is managed by the Application Server Common Secure Interoperability Protocol v2 (CSIV2) transport settings. WebSphere eXtreme Scale servers use the same Object Request Broker (ORB) instance as the application servers in which they run. Specify all the SSL settings for client and container servers in the WAS configuration using these CSIv2 transport settings. The catalog server has its own proprietary transport paths that do not use which does not use Internet Inter-ORB Protocol (IIOP) or Remote Method Invocation (RMI). Because of these proprietary transport paths, the catalog server cannot be managed by the WAS CSIV2 transport settings. Therefore, configure the SSL properties in the server properties file for the catalog server.
Learning objectivesAfter completing the lessons in this module, you know how to:
- Configure CSIv2 inbound and outbound transport.
- Add SSL properties to the catalog server properties file.
- Check the ORB properties file.
- Run the sample.
Time requiredThis module takes approximately 60 minutes.
PrerequisitesThis step of the tutorial builds upon the previous modules. Complete the previous modules in this tutorial before you configure transport security.
Lessons in this module
- Lesson 3.1: Configure CSIv2 inbound and outbound transport
To configure Transport Layer Security/Secure Sockets Layer (TLS/SSL) for the server transport, set the Common Secure Interoperability Protocol v2 (CSIv2) inbound transport and CSIv2 outbound transport to SSL-Required for all the WAS servers that host clients, catalog servers, and container servers.
- Lesson 3.2: Add SSL properties to the catalog server properties file
The catalog server has its own proprietary transport paths that cannot be managed by the WAS Common Secure Interoperability Protocol v2 (CSIV2) transport settings. Therefore, configure the SSL properties in the server properties file for the catalog server.
- Lesson 3.3: Check the orb.properties file
With WebSphere eXtreme Scale v7.0 or earlier, verify that the SSL works correctly between WAS and WebSphere eXtreme Scale servers. You must edit the orb.properties file in the JAVA_HOME/jre/lib directory must contain the specific properties.
- Lesson 3.4: Run the sample
Restart all the servers and run the sample application again. You should be able to run through the steps without any problems.
< Previous | Next >