esb_deploy - Progress Sonic ESB Deployment Guide 8.5 - Product ...
esb_deploy - Progress Sonic ESB Deployment Guide 8.5 - Product ...
esb_deploy - Progress Sonic ESB Deployment Guide 8.5 - Product ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Updating Security<br />
Updating Security<br />
Security in a domain has a set of interdependencies that make it an important aspect of the<br />
initial creation of a domain and messaging nodes. You should plan what security you will<br />
use and implement the plan as you define the domain and messaging nodes.<br />
There are many aspects of security to consider:<br />
● When you use authentication, you must:<br />
■ Consider whether to use external authentication and the login SPI.<br />
■ Create the users and passwords in the default authentication domain, or use a<br />
different authentication domain.<br />
■ For SSL, configure the provider, acceptors, and—if you use certificates—the<br />
certificate management and certificate revocation lists.<br />
● When you use Quality of Protection, the cipher suite for encryption<br />
● When you use authorization, defining authorization policies<br />
See the <strong>Sonic</strong>MQ <strong>Deployment</strong> <strong>Guide</strong> section on implementing security in a domain.<br />
Note Channel Encryption and External Authentication — See the <strong>Sonic</strong>MQ <strong>Deployment</strong><br />
<strong>Guide</strong> and the <strong>Sonic</strong>MQ Configuration and Management <strong>Guide</strong> for details about SSL<br />
parameters, HTTPS, QoP, and the Login SPI.<br />
Reconciling Users and Groups to Authentication Domains<br />
<strong>Sonic</strong>MQ endpoint connections specify a user and password. You must either create the<br />
user and password information in the target domain or change the <strong>ESB</strong> connection user<br />
and password to one that exists in the target domain.<br />
Reconciling Endpoint Access and QoP to Authorization Policies<br />
Access control and Quality of Protection (QoP) is enforced by authorization policies in<br />
the target domain. Unless you set up patterns that will apply appropriate policies to new<br />
queues, topics, and routings, you must modify the ACLs in the target domain to provide<br />
your preferred pattern of permissions.<br />
<strong>Progress</strong> <strong>Sonic</strong> <strong>ESB</strong> <strong>Deployment</strong> <strong>Guide</strong> <strong>8.5</strong> 131