top of page

Integration Node Administration Security – V9 vs V10

Am writing this blog to provide an overview of working of Integration Node’s Administrative Security in v9 & v10. This blog does not cover detailed steps for implementing administrative security for integration node.

Integration Node’s Administrative Security in IIB v9

As MQ was a required component of IIB run-time in IIB v9, most of the security was implemented using MQ, as I have tried to illustrate in the below figure

IIB9_MQSecurity

To enable / disable administrative security for Integration Node in IIB v9, the command to be used is

mqsichangebroker <Integration Node> -s active / inactive

Integration Node’s Administrative Security in IIB v10

IBM Integration Bus v10, introduced flexibility in security by providing option for using either File or MQ to implement Integration Node security. Also accordingly it has introduced new commands mqsichangeauthmode / mqsireportauthmode & mqsichangefileauth / mqsireportfileauth for the file-based authorization.

Administrative Security using MQ-Based Authorization

Have tried to illustrate both MQ-based and File-based authorization in IIB v10. The below figure illustrates for MQ-based authorization, if Integration Node is associated with a queue manager

IIB10_MQSecurity

To enable  MQ-based administrative security for the Integration Node in IIB v10, the command to be used is

mqsichangeauthmode <Integration Node> -s active -m mq

For MQ-based authorization, access level is controlled using the Authorization queues – 1 for Integration Node (SYSTEM.BROKER.AUTH) & 1 for each Integration Server (SYSTEM.BROKER.AUTH.<IntegrationServer>). Access granted / revoked for system level users / groups using the mq command setmqaut command

Administrative Security using File-Based Authorization

The below figure illustrates file-based authorization in IIB v10, that can be used irrespective of whether Integration Node is associated to a queue manager or not.

IIB10_FileSecurity

To enable  File-based administrative security for the Integration Node in IIB v10, the command to be used is

mqsichangeauthmode <Integration Node> -s active -m file

For file based security, access level is maintained using the file Permissions, located in the path

<MQSI_WORKPATH>/registry/<IntNode>/CurrentVersion/Security/node/<IntNode>/

Below image provides the snapshot of the Permissions file to indicate how file based authorization is maintained by Integration Node

permission

Access is granted / revoked for system level users, who are specified as Roles, using the command mqsichangefileauth

mqsichangefileauth <IntegrationNode> -r <role> -p <permissions>

Kindly refer to the article in IBM developerworks for more information on file-based authorization

For any corrections / suggestions / query please do drop a note to reachnebula@learnibmesb.com (or) reachnebula@gmail.com

367 views0 comments

Comments


bottom of page