Cluster Security Scenarios
When setting up a cluster, there are two scenarios that must be considered. There is out-of-box security used when you first set up the cluster environment where the deployment manager has not configured the security settings.
The second scenario is when an existing deployment manager has already configured the security settings prior to a node joining a cell.
Out-of-box security
The first scenario is when the default Virtual Member Manager (VMM) file-based repository security is used on both the WebSphere Portal nodes and the deployment manager. When the WebSphere Portal node is federated into the deployment manager cell, the node's security settings are replaced with the deployment manager's security settings. Thus, prior to federating the first WebSphere Portal node into the cell, the required group for WebSphere Portal administrators and administrative user; for example, wpsadmins and wpsadmin; must be defined in the deployment manager's security repository. Otherwise, the WebSphere Portal administrators group and administrative user will be lost when federating the node into the deployment manager.
Once the cluster has been set up, you can modify the security settings of the cell. Although it is possible to modify security in the cell using the admin console, use the WebSphere Portal security tasks to change cell security in order to ensure that the security configuration settings for WAS and WebSphere Portal are identical.
Modified security with Virtual Member Manager (VMM) federated
The second scenario is when the existing deployment manager cell has already modified its default security setting prior to the first WebSphere Portal node joining the cell. WebSphere Portal supports the capability of using two different sets of administrative user ID and password credentials when federating a WebSphere Portal node into a cell – one set for the WebSphere Portal node authentication and one set for deployment manager authentication. This means that it is not necessary to define a common administrative user ID before WebSphere Portal joins the cell. If the deployment manager cell is using federated VMM with additional repositories, WebSphere Portal will pick up this configuration dynamically from the deployment manager when it joins the cell.
Modified security with standalone LDAP server
If the deployment manager cell is using standalone LDAP security, however, then it is necessary to configure the LDAP values into the WebSphere Portal property files before federation to enable WebSphere Portal to dynamically adapt to the existing standalone LDAP security settings of the cell. As with the first scenario, once the cluster has been set up then security changes to the deployment manager cell security settings can be made using the WebSphere Portal security tasks, and additional WebSphere Portal nodes may be added to the cell following the same procedures.
Parent topic:
Cluster