![]() |
![]() |
e-docs > Tuxedo > Using the Tuxedo TOP END Domain Gateway with ATMI Applications > Configuring Security Between BEA TOP END and BEA Tuxedo Systems |
Using the Tuxedo TOP END Domain Gateway with ATMI Applications
|
Configuring Security Between BEA TOP END and BEA Tuxedo Systems
This topic includes the following sections:
See Also
How Security Is Provided Between BEA Tuxedo and BEA TOP END Systems
Security is provided between BEA Tuxedo and BEA TOP END systems as follows.
In addition, you have the following options:
Security Prerequisites
The BEA TOP END Security Services Product, version 3.0, is required for security between BEA TOP END and BEA Tuxedo systems. The product must be installed on all BEA TOP END nodes and on any BEA Tuxedo node running a TEDG that has been configured for security.
On the Windows 2000 platform, the BEA TOP END Base product is a prerequisite for installation of the BEA TOP END Security Services product. Therefore, both the BEA TOP END Base product and the BEA TOP END Security Services product must be installed on a Windows 2000 machine that is being used as a BEA Tuxedo node running a TEDG that has been configured for security. Under these circumstances, both products must be installed even if you will not be running a BEA TOP END application on the Windows 2000 machine.
Configuring Security in a BEA Tuxedo System
Defining Security in the UBBCONFIG File
Use the SECURITY parameter in the RESOURCES section of the UBBCONFIG file to specify the type of application security for the BEA Tuxedo domain. This is applicable to the interaction between:
For valid values and syntax for the SECURITY parameter, refer to the UBBCONFIG(5) reference page in the File Formats, Data Descriptions, MIBs, and System Processes Reference
.
Defining Security in the DMCONFIG File
The following sections in the DMCONFIG file contain security parameters you define to establish security for a configuration that includes the TEDG:
DM_LOCAL_DOMAINS Section
The SECURITY parameter specified in the DM_LOCAL_DOMAINS section of the DMCONFIG file controls the security level for the TEDG. This parameter specifies whether BEA TOP END security is used by the TEDG for internode authentication and protection. If TYPE=TOPEND, then the following values are valid for the SECURITY parameter:
Values for the SECURITY parameter must be consistent with the BEA TOP END Node Manager (NM) configuration parameters [security] and [internode security] as described in nm_config(4T). Consistency is checked during node signon.
DM_ACCESS_CONTROL Section
This optional section contains local Access Control Lists (ACL) used by the TEDG to restrict access by remote domains to local resources. Each entry consists of an ACL_NAME resource identifier along with a list of required parameters designating remote domains permitted to access the resource. If no entry exists for a local service, the service is accessible to all remote domains.
DM_LOCAL_SERVICES Section
The optional ACL parameter is used by the TEDG to restrict requests from a BEA TOP END remote domain made to specific services or queue spaces defined in SERVICE and QSPACE entries, respectively. Define the ACL parameter as follows:
ACL = identifier
where identifier specifies the name of the access control list (ACL) to be used by the TEDG to restrict requests made to the target service or queue space by BEA TOP END systems. The ACL is defined in the DM_ACCESS_CONTROL section. If this parameter is not specified then access control is not performed for requests to the service or queue space defined in this entry.
See Also
Using BEA Tuxedo Security Administration Tools to Authorize Intersystem Access
To access BEA Tuxedo services, the TEDG uses the BEA Tuxedo user ID assigned, via DOMAINID, to the appropriate remote domain.
To establish access, by a BEA TOP END application, to BEA Tuxedo resources (services and queue spaces), complete the following procedure.
tpusradd -u uid -g gid DOMAINID
See Also
Defining a BEA TOP END Password for the TEDG
To access BEA TOP END services through RTQ requests, the TEDG uses the BEA TOP END user ID assigned, via DOMAINID, to the local domain. For each local domain defined as type TOPEND in the DMCONFIG file, you must define a password for the BEA TOP END user ID. To define a password, start the dmadmin(1) utility and enter the topendpasswd command. (See Using the dmadmin Command Interpreter for details.)
Note: Non-RTQ access to BEA TOP END services is granted by defining the TEDG nodes as part of the BEA TOP END system, listing the relevant remote services in the DMCONFIG file, and configuring BEA Tuxedo user access to the TEDG advertised services.
See Also
Using BEA TOP END Security Administration Tools to Authorize Intersystem Access
After each system generation on the BEA TOP END administration node, add the new BEA Tuxedo services to the BEA TOP END product and function lists. Updating these lists makes it possible to use the tpsecure(1T) utility to authorize BEA TOP END users to access BEA Tuxedo services and queues.
See Also
Configuring TEDG-to-NI Encryption and Authentication
If, in the DMCONFIG file, you have assigned a value other than NONE to the SECURITY parameter, then you must establish mutual authentication and encryption. To do so, complete the following procedure.
See Also
![]() |
![]() |
![]() |
![]() |
||
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |