www.it-ebooks.info
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuration and Administration of Tuxedo<br />
There are mainly five types of incremental secur<strong>it</strong>y provided by Tuxedo, which are<br />
as follows:<br />
• No authentication (NONE): This level might be used in a development<br />
environment or in physically secured environments, as the clients do not<br />
need to be authenticated to join the application.<br />
• Application password (APP-PW): This is a single password for the entire<br />
application; all the clients must provide this password to join the application.<br />
• End user authentication (USER_AUTH): In this level, the client needs to provide<br />
a username and password; this is to customize the secur<strong>it</strong>y for applicationspecific<br />
users to ensure that they can access the Tuxedo application.<br />
• Optional access control (ACL): For all the previously mentioned levels,<br />
<strong>info</strong>rmation needs to be provided by the client and the administrator so<br />
that access can be controlled to services, application queues, and events<br />
w<strong>it</strong>h access control lists. This level allows you to configure access only for<br />
those resources that need secur<strong>it</strong>y; there is restricted access to a certain set of<br />
services while still allowing unprotected access to other services.<br />
• Mandatory access control (MANDATORY_ACL): This is very similar to the<br />
ACL level; the only difference is that the resources w<strong>it</strong>hout an ACL are<br />
considered restricted, that is, access is not granted to resources that do not<br />
have an ACL permission.<br />
In this section, we have discussed all the different types of secur<strong>it</strong>y features that<br />
you may like to consider to secure your Tuxedo application.<br />
Data-dependent routing (DDR)<br />
Data-dependent routing (or context-based routing) is used to enable a client to send<br />
requests for a service to have multiple/distributed copies of <strong>it</strong>; this is determined by<br />
the data in the requested message. Once an administrator has set up data-dependent<br />
routing for an application, the client requests can be routed automatically to servers<br />
based on the data in the requests. This DDR can be used in three different ways; we<br />
will discuss this in the following sections.<br />
Horizontally part<strong>it</strong>ioned<br />
When a Tuxedo service is associated w<strong>it</strong>h a horizontally part<strong>it</strong>ioned database (which<br />
means the database has been divided into segments), each segment is used to store<br />
a different category of <strong>info</strong>rmation. As an example, there are different sections in a<br />
hosp<strong>it</strong>al (for example, ENT and cardiology). So, the same service can be called from<br />
different clients, but the request will be routed to the service-particular department<br />
server as the database was designed as horizontally part<strong>it</strong>ioned.<br />
[ 58 ]<br />
<strong>www</strong>.<strong>it</strong>-<strong>ebooks</strong>.<strong>info</strong>