Cluster security options

When a node is federated, any existing security configuration of a stand-alone WebSphere Portal is replaced with the security settings of the dmgr cell when it joins that cell. If we remove the node from the dmgr cell, the original security settings are reinstated. The default security enabled on the dmgr profiles and WebSphere Portal profiles installation is the Virtual Member Manager federated security with a single file-based repository configured. When adding the stand-alone node into a dmgr cell, there is no need to modify this default security setting on a WebSphere Portal node.

Enable administrative security on the deployment manager before running the security ConfigEngine tasks on the WebSphere Portal cluster members.

All of the VMM federated security options, including multiple LDAP repositories, database repositories, and the default file-based repository can be used.

Do not use the file-based repository as the only repository in a production environment. With the file-based repository, Updates are only possible through the WAS console, not through portal user management. Updates are sent to each node in the cell with deployment manager file synchronization. This process can be time-consuming. Synchronization does not occur at the same time for all nodes in a cell, so there are times when the nodes in the cell have differing security definitions. The Users and Groups portlet is not available with the file-based repository. Replace the file-based repository with a federated LDAP user registry to have access to the Users and Groups portlet.

Parent Cluster considerations