esb_deploy - Progress Sonic ESB Deployment Guide 8.5 - Product ...
esb_deploy - Progress Sonic ESB Deployment Guide 8.5 - Product ...
esb_deploy - Progress Sonic ESB Deployment Guide 8.5 - Product ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 1: Introduction<br />
Different Passwords in Staging and <strong>Product</strong>ion Domains<br />
You can use unique passwords for access to each domain to control changes made to the<br />
staging and production environments. For example, the domain used for developer<br />
integration testing might have a password known to all developers, whereas the<br />
administrators of the staging and production environments might have secret passwords.<br />
As a result, the developer roles and administrator roles are distinguished by their access.<br />
The <strong>Sonic</strong> Workbench development environment should not connect to or update a<br />
<strong>deploy</strong>ment domain. Any required changes migrate from the development environment to<br />
<strong>deploy</strong>ment, thereby honoring the life cycle stages.<br />
Using Authentication to Differentiate Management Roles<br />
Another approach to authentication control uses a variety of administrative user names so<br />
that the authority to use administrative tools, <strong>ESB</strong> tools, management connections for<br />
service containers, and management connections for messaging nodes can be assigned to<br />
different authenticated users.<br />
This technique can be particularly useful if you want to lock out most users of<br />
management connections for administrative tools while importing and validating<br />
<strong>deploy</strong>ments. When you are about to enter a <strong>deploy</strong>ment import session, you can check<br />
that there are no user connections that are not intended to be involved in import sessions<br />
and then temporarily change their user password until the <strong>deploy</strong>ment session has been<br />
validated (or reverted). With this technique, management connections for services and<br />
messaging nodes would not be impacted.<br />
Important When domains use management permissions, specified actions might not be allowed and<br />
some configuration objects might not be visible. See the chapter “Permissions to<br />
Maintain Configurations and Perform Runtime Actions” in the <strong>Progress</strong> <strong>Sonic</strong>MQ<br />
<strong>Deployment</strong> <strong>Guide</strong>.<br />
Connection Authentication<br />
When you use <strong>ESB</strong> connections to messaging nodes with routing to other messaging<br />
nodes, and security is enabled, these connections require user authentication as routing<br />
users. The subset of users that you define for these connections can increase the<br />
granularity of your control over access and minimize the recovery time from unauthorized<br />
use of a user name and password.<br />
28 <strong>Progress</strong> <strong>Sonic</strong> <strong>ESB</strong> <strong>Deployment</strong> <strong>Guide</strong> <strong>8.5</strong>