Scenario: Securing your data grid in eXtreme Scale
WebSphere® eXtreme Scale data grids store information that is sensitive and must be protected.
Before you begin
- Install the product. You must install both the server runtime and the clients. For clients, you can use both Java™ and .NET clients. For more information, see Installing.
- If you are upgrading from a previous release, you must have all of your container and catalog servers at the same release level. For more information, see Upgrading and migrating WebSphere eXtreme Scale.
About this task
For a secure deployment, use several layers of protection for optimal security. The first element of protection is the use of firewalls to segment the network. The standard tiered model for web applications is comprised of web clients, a presentation tier of HTTP servers, an application tier comprised of application servers, a data tier, and a storage tier.
eXtreme Scale data grid servers are deployed as part of the data tier. Standard practice is to put the presentation layer servers in a demilitarized zone (DMZ) protected by one firewall, and to put the application, data, and storage tiers in network segments protected by additional firewalls. Do not deploy eXtreme Scale servers in a DMZ. eXtreme Scale servers must be protected as all elements of the data tier are, according to standard industry practice.
However, for optimal protection against security threats, use an in-depth defense mechanism, where a number of additional measures protect eXtreme Scale operation and the data that is stored in the data grid. These additional measures not only help in defending against external threats, but also prevent unauthorized data access by employees and contractors who might have access to network segments in which the eXtreme Scale servers reside.
Use the following end-to-end steps to configure security in WebSphere eXtreme Scale, whether you have stand-alone servers, the Liberty, the OSGi framework, or WebSphere Application Server installed in your environment: