Enabling the Governance Agent Using an AppSpace Configuration File
The governance agent within each AppNode is disabled by default. You must enable it by setting properties within their respective config.ini files.
Enabling the Governance Agents in the AppNodes of an AppSpace
Each AppNode in TIBCO ActiveMatrix BusinessWorks includes a governance agent that enforce policies for TIBCO ActiveMatrix BusinessWorks applications. The governance agents are disabled by default. In order to apply security policies, you must enable these governance agents and configure the environment as described below.
To enable governance on an AppSpace, configure the governance agent property on the AppSpace by following these steps:
-
Copy the existing AppSpace configuration file appspace_config.ini that is located in the root of the AppSpace folder, or the AppSpace configuration template file, appspace_config.ini_template, that is located in <BW_HOME>\config\ to a temporary location.
- Edit the configuration file in the temporary location to set the following properties.
Note:
- Set the value for bw.governance.enabled to true to enable the governance agent. If no ActiveMatrix BusinessWorks applications are using TIBCO ActiveMatrix Policy Director to enforce security policies, comment out the property bw.governance.jms.server.url.
- If TIBCO ActiveMatrix Policy Director is already setup, ensure that the JMS server properties specified in the AppSpace configuration file match the JMS server configured in the TIBCO ActiveMatrix Policy Director server. For more information, see Applying Security Policies to TIBCO ActiveMatrix BusinessWorks 6.2 Applications.
# ------------------------------------------------------------------------- # Section: BW Governance Agent & SPM Configuration. The properties in # this section are applicable to Governance Agent and the Governance SPM # EventSubscriber that is executed within a BW AppNode. # ------------------------------------------------------------------------- # Enable or disable the governance agent. This property is optional and # it specifies whether the governance agent should be enabled or disabled # in the AppNode. The supported values are: true or false. The default # value is “false”. bw.governance.enabled=true # BW Governance Agent JMS URL. This property is optional and it is used # to specify the JMS server URL used to communicate with the # TIBCO Policy Director Administrator. If this property is not set, then # the BW Governance agent will not attempt to connect to the JMS server. # The URL is expected to start with 'tcp://' or 'ssl://' and the failover # URLs can be specified as a ',' or '+' separated list. bw.governance.jms.server.url=tcp://localhost:7222 # BW Governance Agent JMS User Name. This property is required if the # Governance Agent JMS URL is specified. bw.governance.jms.server.username=admin # BW Governance Agent JMS User Password. This property is required if the # Governance Agent JMS URL is specified. bw.governance.jms.server.password= # BW Governance Agent JMS SSL connection trust store type. This property # is required if the JMS server protocol is ssl. The supported values are # 'JKS'and 'JCEKS'. The default value is 'JKS' bw.governance.jms.ssl.trust.store.type=JKS # BW Governance Agent JMS SSL connection trust store location. This # property is required if the JMS server protocol is ssl. bw.governance.jms.ssl.trust.store.location= # BW Governance Agent JMS SSL connection trust store password. This # property is required if the JMS server protocol is ssl. The password # may be clear text or supplied as an obfuscated string. bw.governance.jms.ssl.trust.store.password= # BW Governance Agent JMS Connection attempt count. This property is # required if the Governance Agent JMS URL is specified and it specifies # the number of JMS connection attempts the Governance Agent will make. # The default value is '120'. bw.governance.jms.reconnect.attempt.count=120 # BW Governance Agent JMS Connection attempt timeout. This property is # required if the Governance Agent JMS URL is specified and it specifies # the timeout between the attempt to reestablish connection to the JMS # server. The default value is '500'. bw.governance.jms.reconnect.attempt.timeout=500 # BW Governance Agent JMS Connection attempt delay. This property is # required if the Governance Agent JMS URL is specified and it specifies # the delay in milliseconds between attempts to establish reestablish # connection to the JMS server. The default value is '500'. bw.governance.jms.reconnect.attempt.delay=500 # BW Governance Agent JMS receiver queue name. This property is required # if the Governance Agent JMS URL is specified and it specifies receiver # queue name for the governance agent and administrator communication. # The default value is 'queue.bw.governance.agent.bw.default’. bw.governance.jms.queue.receiver.name=queue.governance.agent.bw.default # BW Governance Agent JMS sender queue name. This property is required # if the Governance Agent JMS URL is specified and it specifies the # sender queue name for the governance agent and administrator # communication. It must match the value specified in the Policy Director # Administrator configuration. # The default value is 'governance.de.bw.default’. bw.governance.jms.queue.sender.name=governance.de.bw.default # BW Governance Agent JMS JNDI custom property. This property is optional # and it provides the ability to specify custom property for the # JMS JNDI Initial Context. For example to provide a custom property # called "myProperty" for the JNDI Initial Context, then specify # a property "bw.governance.jms.application.property.myProperty=". #bw.governance.jms.application.property.<UserCustomProperty>=<userValue> # BW Governance Agent Shared Resource lookup. This property is optional # and it provides ability for the Governance Agent to lookup shared # resources. # bw.governance.sr.WSSConfiguration=com.tibco.trinity.runtime.core. # provider.authn.wss
- Restart the AppSpace from the TIBCO ActiveMatrix BusinessWorks agent user interface in TEA.
Copyright © Cloud Software Group, Inc. All rights reserved.