esb_deploy - Progress Sonic ESB Deployment Guide 8.5 - Product ...

More documents

Recommendations

Info

Chapter 1: Introduction Different Passwords in Staging and Production Domains You can use unique passwords for access to each domain to control changes made to the staging and production environments. For example, the domain used for developer integration testing might have a password known to all developers, whereas the administrators of the staging and production environments might have secret passwords. As a result, the developer roles and administrator roles are distinguished by their access. The Sonic Workbench development environment should not connect to or update a deployment domain. Any required changes migrate from the development environment to deployment, thereby honoring the life cycle stages. Using Authentication to Differentiate Management Roles Another approach to authentication control uses a variety of administrative user names so that the authority to use administrative tools, ESB tools, management connections for service containers, and management connections for messaging nodes can be assigned to different authenticated users. This technique can be particularly useful if you want to lock out most users of management connections for administrative tools while importing and validating deployments. When you are about to enter a deployment import session, you can check that there are no user connections that are not intended to be involved in import sessions and then temporarily change their user password until the deployment session has been validated (or reverted). With this technique, management connections for services and messaging nodes would not be impacted. Important When domains use management permissions, specified actions might not be allowed and some configuration objects might not be visible. See the chapter “Permissions to Maintain Configurations and Perform Runtime Actions” in the Progress SonicMQ Deployment Guide. Connection Authentication When you use ESB connections to messaging nodes with routing to other messaging nodes, and security is enabled, these connections require user authentication as routing users. The subset of users that you define for these connections can increase the granularity of your control over access and minimize the recovery time from unauthorized use of a user name and password. 28 Progress Sonic ESB Deployment Guide 8.5
Authorization on Endpoints Security in the Staging and Production Domains The authorization policies in a domain enable control over read and write actions on endpoints—topics, queues, and routing nodes. When users are not granted privileges, the ESB services throw an exception. That means that a service can establish connections to perform its assigned tasks, yet might be prevented from performing certain tasks because a tightening of policies constrains the scope of the authenticated user’s access. See the SonicMQ Deployment Guide for information about authorization policies. Naming Queues and Topics Using Hierarchical Namespaces You can use a naming pattern for endpoint queues and topics. While there are some restricted characters and some characters that have special meaning, you can establish any pattern you want. See Appendix A of the SonicMQ Installation and Upgrade Guide for a complete listing of naming rules and allowed characters in SonicMQ configuration elements. Application developers should use dot-delimited naming patterns to define endpoint names, for example: ● com.myCorp.Inventory.Valuation.EntryQ1 ● com.myCorp.Inventory.Valuation.EntryQ2 ● com.myCorp.Inventory.Valuation.Exit You can constrain use of these queues to developers and deployment management of the myCorp Inventory Valuation project. The template character capability in access control lists means that the developer of this application can confidently set the permissions on com.myCorp.Inventory.Valuation.# without concern about conflict with other applications. Progress Sonic ESB Deployment Guide 8.5 29
Page 1 and 2: ® ® PROGRESS® SONIC® Sonic ESB
Page 3 and 4: the redistribution, if any, must in
Page 5 and 6: the relevant code modules. All Righ
Page 7 and 8: OF USE, DATA, OR PROFITS; OR BUSINE
Page 9: products derived from this software
Page 12 and 13: Contents Using the Deployment Expor
Page 14 and 15: Contents Chapter 7: Updating a Revi
Page 16 and 17: Preface About This Guide This guide
Page 18 and 19: Preface Progress Sonic Documentatio
Page 20 and 21: Preface 20 Progress Sonic ESB Deplo
Page 22 and 23: Chapter 1: Introduction Roles in Re
Page 24 and 25: Chapter 1: Introduction Developing
Page 26 and 27: Chapter 1: Introduction ESB Artifac
Page 30 and 31: Chapter 1: Introduction 30 Progress
Page 32 and 33: Chapter 2: Exporting ESB Artifacts
Page 60 and 61: Chapter 3: Mapping ESB Artifacts to
Page 78 and 79:
Chapter 3: Mapping ESB Artifacts to
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Chapter 4: Analyzing ESB Artifacts
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Chapter 5: Importing Deployment Art
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Chapter 6: Adapting Imported Servic
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Chapter 7: Updating a Revised Deplo
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Chapter 8: Distributed Deployment a
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Index ESBWS WSDL files external to
Page 164:
Index 164 Progress Sonic ESB Deploy
show all

esb_deploy - Progress Sonic ESB Deployment Guide 8.5 - Product ...

Create successful ePaper yourself

Delete template?

Save as template?