IBM Integration Bus, Version 9.0.0.8 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Security in a Windows domain environment

Set up the required security configuration in a Windows domain environment.

You can use Windows domain groups to organize different levels of authorization to selective IBM® Integration Bus resources across your domain. To design and implement this domain group topology, add each domain group to the relevant local security groups on the domain workstations. You can now manage authorities by adding domain user accounts to the appropriate domain groups. For information about the group membership required to administer IBM Integration Bus resources, see Security requirements for Windows systems.

  1. Design your authorization group categories, and define domain groups on the domain controller system that correspond to these authorization categories, by using Windows security. For example, suppose you have a single domain containing three distinct sets of systems, used in development, testing, and production. Within your organization, various user roles require different levels of authorization to WebSphere® MQ and IBM Integration Bus resources on those systems.

    Here is an example of how those authorization categories could map to domain groups:

    Domain group Description
    ADM-MQprd WebSphere MQ administrator authorities on production machines
    ADM-MQuat WebSphere MQ administrator authorities on test machines
    ADM-MQdev WebSphere MQ administrator authorities on development machines
    ADM-MBprd IBM Integration Bus administrator authorities on production machines
    ADM-MBuat IBM Integration Bus administrator authorities on test machines
    ADM-MBdev IBM Integration Bus administrator authorities on development machines
  2. Define and configure domain user accounts on the domain controller, by using Windows security. Add each user account to one or more domain groups to determine the authorizations granted that account. For example:
    Table 1.
    Domain user account Role Group membership
    MQadmPRD WebSphere MQ administrator for production systems ADM-MQprd
    MQadmUAT WebSphere MQ administrator for test systems ADM-MQuat
    MQadmDEV WebSphere MQ administrator for development systems ADM-MQdev
    MBadmPRD IBM Integration Bus administrator for production systems ADM-MBprd
    MBadmUAT IBM Integration Bus administrator for test systems ADM-MBuat
    MBadmDEV IBM Integration Bus administrator for development systems ADM-MBdev
    john.smith WebSphere MQ and IBM Integration Bus administrator for production environments ADM-MQprd, ADM-MBprd
  3. Install and configure IBM Integration Bus on domain workstations.
    1. Install IBM Integration Bus on the workstation.
    2. Add your domain groups to local groups mqm or mqbrkrs as appropriate. In our example, if a particular workstation is to serve as a development machine, add domain group ADM-MQdev to local group mqm, and domain group ADM-MBdev to local group mqbrkrs.
Parent topic: Setting up security
Related tasks:
Installing
Preparing the system
Setting up security
Security on Windows systems
Resolving problems when installing
Related information:
IBM Integration Bus requirements
bh26033_.htm | Last updated Friday, 21 July 2017