Security options
The security model in IBM® WebSphere® Application Server and IBM WebSphere Portal affects the planning and implementation of security in a cluster. Security is enabled by default for the WebSphere Application Server deployment manager; WebSphere Portal will not attempt to change the security settings in the deployment manager cell whenever a node is federated. This means that any existing security configuration of a stand-alone WebSphere Portal is replaced with the security settings of the deployment manager cell when it joins that cell. If you remove the node from the deployment manager cell, the original security settings are reinstated.
Default security settings
WebSphere Portal also supports the option of installing into a managed profile of an existing cell. In this case, WebSphere Portal will inherit the security settings of the existing cell. Certain security options, such as standalone LDAP or custom user registry, will collect information during the installation to allow WebSphere Portal to adapt to the existing security settings.
Security options for a cluster
There are many security options that can be used in a cluster. All of the VMM federated security options, including multiple LDAP repositories, database repositories, and the default file-based repository can be used. Additionally there is an option to use standalone LDAP security instead of the VMM federated security approach.
WebSphere Portal provides a number of security tasks, which can be used to modify the WebSphere Application Server security settings and make the required updates to the WebSphere Portal configuration in a single step. As soon as a WebSphere Portal node is federated into a deployment manager cell, all executed WebSphere Portal security tasks will update the security configuration on the deployment manager cell. Run security tasks after federating the WebSphere Portal node because the Deployment Manager cell does not contain the configuration resources required to run the security tasks.
The tasks under “Setting up a clustered production environment” recommend configuring security before configuring your additional nodes. If you configure your security after configuring your additional nodes or if you need to update your security configuration after you created your clustered environment, you will need to run an additional task to update the security settings on the secondary nodes; see "Configuring security after cluster creation" for information.