WebSphere eXtreme Scale Administration Guide > Secure the deployment environment
Grid security
WebSphere eXtreme Scale grid security ensures that a joining server has the right credentials, so a malicious server cannot join the grid. Grid security uses a shared secret string mechanism.
All WebSphere eXtreme Scale servers, including catalog servers, agree on a shared secret string. When a server joins the grid, it is challenged to present the secret string. If the secret string of the joining server matches the string in the president server or catalog server, the joining server is accepted. If the string does not match, the join request is rejected.
Send a clear text secret is not secure. The WebSphere eXtreme Scale security infrastructure provides a secure token manager plug-in to allow the server to secure this secret before sending. You must decide how to implement the secure operation. WebSphere eXtreme Scale provides an out-of-the-box implementation, in which the secure operation is implemented to encrypt and sign the secret.
The secret string is set in the server.properties file. See Server properties file for more information about the authenticationSecret property.
SecureTokenManager plug-in
A secure token manager plug-in is represented by the com.ibm.websphere.objectgrid.security.plugins.SecureTokenManager interface.
For more information about the SecureTokenManager plug-in, see SecureTokenManager API documentation.
The generateToken(Object) method takes an object, and then generates a token that cannot be understood by others. The verifyTokens(byte[]) method does the reverse process: the method converts the token back to the original object.
A simple SecureTokenManager implementation uses a simple encoding algorithm, such as an exclusive or (XOR) algorithm, to encode the object in serialized form and then use the corresponding decoding algorithm to decode the token. This implementation is not secure.
WebSphere eXtreme Scale provides an immediately available implementation for this interface.
The default implementation uses a key pair to sign and verify the signature, and uses a secret key to encrypt the content. Every server has a JCKES type keystore to store the key pair, a private key and public key, and a secret key. The keystore has to be the JCKES type to store secret keys.
These keys are used to encrypt and sign or verify the secret string on the sending end. Also, the token is associated with an expiration time. On the receiving end, the data is verified, decrypted, and compared to the receiver secret string. Secure Sockets Layer (SSL) communication protocols are not required between a pair of servers for authentication because the private keys and public keys serve the same purpose. However, if server communication is not encrypted, the data can be stolen by looking at the communication. Because the token expires soon, the replay attack threat is minimized. This possibility is significantly decreased if all servers are deployed behind a firewall.
The disadvantage of this approach is that the WebSphere eXtreme Scale administrators have to generate keys and transport them to all servers, which can cause security breach during transportation.
Sample scripts to create default secure token manager properties
As noted in the previous section, you can create a key store that contains a key pair to sign and verify the signature and a secret key to encrypt the content.
For example, you can use the JDK 6 keytool command to create the keys as follows:
keytool -genkeypair -alias keypair1 -keystore key1.jck -storetype JCEKS -keyalg rsa -dname "CN=sample.ibm.com, OU=WebSphere eXtreme Scale" -storepass key111 -keypass keypair1 -validity 10000
keytool -genseckey -alias seckey1 -keystore key1.jck -storetype JCEKS -keyalg DES -storepass key111 -keypass seckey1 -validity 1000These two commands create a key pair "keypair1" and a secret key "seckey1". You can then configure the following in the server property file:
secureTokenKeyStore=key1.jck secureTokenKeyStorePassword=key111 secureTokenKeyStoreType=JCEKS secureTokenKeyPairAlias=keypair1 secureTokenKeyPairPassword=keypair1 secureTokenSecretKeyAlias=seckey1 secureTokenSecretKeyPassword=seckey1 secureTokenCipherAlgorithm=DES secureTokenSignAlgorithm=RSA
Configuration
See Server properties for more information about the properties that you use to configure the secure token manager.
Parent topic
Secure the deployment environment