Cluster security options
Security is enabled by default for the deployment manager; WebSphere Portal will not attempt to change the security settings in the deployment manager cell whenever a node is federated. This means that any existing security configuration of a stand-alone WebSphere Portal is replaced with the security settings of the deployment manager cell when it joins that cell. If you remove the node from the deployment manager cell, the original security settings are reinstated.
Default security settings
The default security that is enabled on the deployment manager profiles and WebSphere Portal profiles installation is the Virtual Member Manager (VMM) federated security with a single file-based repository configured. If you plan to add the standalone node into a deployment manager cell, there is no need to modify this default security setting on a WebSphere Portal node when the purpose of that node is to join a deployment manager cell and run as part of a cluster.
During federation, the standalone environment security settings are replaced with the deployment manager security settings. The original standalone environment security settings are preserved and will revert back to the original settings if you remove the node from the cluster.
If administrative security is deselected during installation of the deployment manager or is disabled after the deployment manager is installed, it must be enabled prior to executing the security configuration tasks on the WebSphere Portal cluster members.
Security options for a cluster
There are many security options that can be used in a cluster. All of the VMM federated security options, including multiple LDAP repositories, database repositories, and the default file-based repository can be used. Additionally there is an option to use standalone LDAP security instead of the VMM federated security approach.
WebSphere Portal provides a number of security tasks, which can be used to modify the WAS security settings and make the required updates to the WebSphere Portal configuration in a single step. As soon as a WebSphere Portal node is federated into a deployment manager cell, all WebSphere Portal security tasks will execute on the deployment manager. Run...
security tasks after federating the WebSphere Portal node because the Deployment Manager cell does not contain the configuration resources required to run the security tasks.
Configure security before configuring your additional nodes. If you configure your security after configuring your additional nodes or if update your security configuration after creating the clustered environment, run an additional task to update the security settings on the secondary nodes.
It is not recommended to use the file-based repository in a production environment. The reason is that updates are only possible through the administrative console, not through portal user management. These updates are sent to each node in the cell using deployment manager file synchronization. This can be time consuming for large volumes of users and groups. Also, synchronization does not occur at the same time for all nodes in a cell, so there will be time windows when the nodes in the cell have differing security definitions.
Parent topic:
Cluster
Related tasks
Enable LDAP security after cluster creation