Configuring server security

Server security configuration starts with the Global security page. Global security represents the administrative security and the default security configuration that is effective for all applications running in the environment. Security domains can be defined to override and customize the security policies for applications.

A security domain consists of all servers configured with the same user registry realm name. The basic requirement for a security domain is that the access ID returned by the registry from one server within the security domain is the same access ID as that returned from the registry on any other server within the same security domain. Configuration of global security for a security domain consists of configuring the common user registry, the authentication mechanism, and other security information that defines the behavior of a security domain.

System authentication aliases
Authentication aliases are assigned administrative IDs when the product is initially configured. If the password of the administrative ID specified in the authentication alias later changes in the user account repository, or if the authentication alias is no longer to be associated with the user specified in the authentication alias, you can change the password or ID using the administrative console. Note that changing IDs or passwords is an administrative task for a system that is in use, not for a system that is being configured.
Access control
When a general user is authenticated to IBM Business Monitor, it is important for security that not every possible operation is available to that user. Allowing some users to perform certain tasks, while denying these tasks to other users, is termed access control.
Enabling administrative security
Administrative security protects your server from unauthorized users and is the primary security mechanism for WebSphere Application Server. Administrative security prevents unauthorized changes to the WebSphere Application Server configuration. With administrative security enabled, many other security options become available to further secure your environment. If you chose to enable security during the installation process, you enabled administrative security.
Enabling application security
Application security enables security for the applications in your environment. You must have enabled administrative security before you can enable application security. By default, application security is disabled. After you enable application security, role-based security constraints on various applications become active.
Enabling identity assertion
Identity assertion is an authentication method used by WebSphere Application Server. Identity assertion must be enabled for the Monitor scheduled services to work. The underlying WebSphere scheduler uses asynchronous beans, which only work properly if identity assertion is enabled.
Enabling Java 2 security
Enabling Java™ 2 security provides a fine-grained security mechanism that uses policies for the primary access control. Java 2 security includes Java authentication and authorization service (JAAS) and Java 2 connector authentication (JCA). You can enable or disable Java 2 security independent of administrative security settings. By default, Java 2 security is disabled.
Specifying credentials in an IBM Business Monitor secured environment
If you have enabled security for IBM Business Monitor, or you have changed the password for an administrative user, you must also update the credentials that IBM Business Monitor uses to access WebSphere Application Server services.
Configuring server-to-server SSL in multiple-cell CEI environments
You must configure the server-to-server Secure Sockets Layer (SSL) if your secure environment has a remote event source or if your dashboard server is not in the same cell as your IBM Business Monitor server. When server-to-server SSL is not configured, the monitor model deployment fails or the IBM Business Monitor dashboards are unable to retrieve data.

Parent topic: Securing your environment