User IDs and passwords sent between Tivoli® Management Services components are encrypted by default. Other communication between components can be secured by configuring the components to use secure protocols.
See Communication between components for more information.
Access to the Tivoli Enterprise Portal (authorization) and tacmd commands that send requests to the portal server are controlled by user accounts (IDs) defined to the Tivoli Enterprise Portal Server. The hub Tivoli Enterprise Monitoring Server can be configured to validate, or authenticate, user IDs through either the local operating system registry or an external LDAP-enabled registry. Alternatively, authentication by an external LDAP registry can be configured through the Tivoli Enterprise Portal Server. If authentication is not configured through either the monitoring server or the portal server, no password is required to log on to the Tivoli Enterprise Portal. See Authorization and authentication.
Users that execute tacmd commands that send SOAP requests to the hub monitoring server, or user IDs that require direct access to the SOAP server, must be authenticated through the hub monitoring server. If user authentication is not enabled on the hub monitoring server, anyone can make requests to the SOAP Server. If user authentication is enabled on the hub, the SOAP Server honors only requests from user IDs and passwords authenticated by the local or external registry. If the type of access is specified for specific users, only requests from those users for which access is specified are honored. See SOAP server security. The user ID and passwords that are used to authenticate with the SOAP server must be 15 characters or less.
If you are using the Dashboard Application Services Hub with a monitoring dashboard application such as IBM® Infrastructure Management Dashboards for Servers, IBM Infrastructure Management Dashboards for VMware, IBM Infrastructure Management Capacity Planner for VMware, IBM Infrastructure Management Capacity Planner for PowerVM® or in custom dashboards, you should configure Dashboard Application Services Hub and Tivoli Enterprise Portal Server to use a central LDAP registry and enable single sign-on. This ensures that the portal server can authenticate dashboard users when they request monitoring data and Dashboard Application Services Hub forwards the request to the dashboard data provider component of the portal server. See Single sign-on capability. If you have previously enabled authentication through the hub monitoring server and want to use LDAP authentication and single signon with the portal server, see the Enabling user authentication chapter in the IBM Tivoli Monitoring Administrator's Guide.
Single sign-on should also be configured for the Tivoli Enterprise Portal Server if users will launch out of the Tivoli Enterprise Portal to other Tivoli Web-based or Web-enabled applications, or if they will launch into the Tivoli Enterprise Portal from other Web-based applications. Using single sign-on with a central LDAP registry allows users to move seamlessly between applications without having to re-enter their user IDs and passwords.
If you want the Performance Monitoring service provider to authenticate HTTP requests from OSLC clients, you must configure the service provider to use the Security Services component of Jazz™ for Service Management. Security Services is an optional Jazz for Service Management component that enables non-WebSphere based applications such as the Performance Monitoring service provider to participate in LTPA based single sign-on. See Single sign-on capability for more details on using Security Services with the Performance Monitoring service provider.