WebSphere eXtreme Scale Administration Guide > Secure the deployment environment
Transport layer security and secure sockets layer
WebSphere eXtreme Scale supports both TCP/IP and Transport Layer Security/Secure Sockets Layer (TLS/SSL) for secure communication between clients and servers.
TLS/SSL provides secure communication between the client and server. The communication mechanism that is used depends on the value of the transportType parameter that is specified in the client and server configuration files.
You can set the transportType property in the following client and server configuration files:
- To set the property in the client security configuration, see Client properties file.
- To set the property in the container server security configuration, see Server properties file.
- To set the property in the catalog server security configuration, see Server properties file.
Table 1. Transport protocol to use under client transport and server transport settings Client transportType property Server transportType property Resulting protocol TCP/IP TCP/IP TCP/IP TCP/IP SSL-supported TCP/IP TCP/IP SSL-required Error SSL-supported TCP/IP TCP/IP SSL-supported SSL-supported SSL (if SSL fails, then TCP/IP) SSL-supported SSL-required SSL SSL-required TCP/IP Error SSL-required SSL-supported SSL SSL-required SSL-required SSL
When SSL is used, the SSL configuration parameters must be provided on both the client and server side. In a Java™ SE environment, the SSL configuration is configured in the client or server property files. If the client or server is in a WebSphere Application Server, then you can use WebSphere Application Server's transports security support to configure SSL parameters.
Configure the orb.properties file for transport security support
You can use TLS/SSL when the transportType property has a value of SSL-Supported.
To support secure transport in a Java Platform, Standard Edition environment, modify the ORB properties file file to include the following properties:
# IBM JDK properties org.omg.CORBA.ORBClass=com.ibm.CORBA.iiop.ORB org.omg.CORBA.ORBSingletonClass=com.ibm.rmi.corba.ORBSingleton javax.rmi.CORBA.StubClass=com.ibm.rmi.javax.rmi.CORBA.StubDelegateImpl javax.rmi.CORBA.PortableRemoteObjectClass=com.ibm.rmi.javax.rmi.PortableRemoteObject javax.rmi.CORBA.UtilClass=com.ibm.ws.orb.WSUtilDelegateImpl # WS Plugins com.ibm.CORBA.ORBPluginClass.com.ibm.ws.orbimpl.transport.WSTransport com.ibm.CORBA.ORBPluginClass.com.ibm.ws.orbimpl.WSORBPropertyManager com.ibm.CORBA.ORBPluginClass.com.ibm.ISecurityUtilityImpl.SecurityPropertyManager # WS Interceptors org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ws.objectgrid.corba.ObjectGridInitializer org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityComponentFactory # WS ORB & Plugins properties com.ibm.ws.orb.transport.ConnectionInterceptorName=com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor com.ibm.ws.orb.transport.WSSSLClientSocketFactoryName=com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl com.ibm.CORBA.TransportMode=Pluggable com.ibm.CORBA.ServerName=ogserver
Configure SSL parameters for eXtreme Scale clients
You can configure SSL parameters for clients in the following ways:
- Create a com.ibm.websphere.objectgrid.security.config.SSLConfiguration object by using the com.ibm.websphere.objectgrid.security.config.ClientSecurityConfigurationFactory factory class. For more details, refer to the ClientSecurityConfigurationFactory API Documentation.
- Configure the parameters in the client.propeties file, and then use the ClientSecurityConfigurationFactory.getClientSecurityConfiguration(String) method to populate the object instance.
See the section on security client properties in the Client properties file for examples of properties that you can set on a client.
Configure SSL parameters for eXtreme Scale servers
SSL parameters are configured for servers using a server properties file, such as the examples of server.properties file referred to above. This property file can be passed as a parameter when starting an eXtreme Scale server. For more information about the SSL parameters you can set for eXtreme Scale servers, see Server properties file.
Transport security support in WebSphere Application Server
When an eXtreme Scale client, container server, or catalog server is running in a WebSphere Application Server process, eXtreme Scale transport security is managed by the Application Server CSIV2 transport settings. For the eXtreme Scale client or container server, you should not use eXtreme Scale client or server properties to configure the SSL settings. All the SSL settings should be specified in the WebSphere Application Server configuration.
However, the catalog server is a little different. The catalog server has its own proprietory transport paths which cannot managed by the Application Server CSIV2 transport settings. Therefore, the SSL properties still need to be configured in the server properties file for the catalog server.
Parent topic
Secure the deployment environmentRelated reference