Overview of ActiveSpaces Security

TIBCO ActiveSpaces allows you to secure the information stored in the data grid by protecting both transport data and stored data. TIBCO ActiveSpaces security is provided for metaspaces that use TCP for discovery.

TIBCO ActiveSpaces security provides the following security features:

  • Transport security
  • Data encryption
  • Authentication, Authorization and Accounting (AAA)

With TIBCO ActiveSpaces security you can:

  • Encrypt information stored in the data grid
  • Encrypt data stored in shared-nothing persistence stores
  • Secure data during transmission within the data grid
  • Prevent unauthorized access to data in the grid
  • Prevent unauthorized recovery of persisted data
  • Restrict user access to metaspaces, spaces, or data within a space
  • Trace and log security related actions

If you want to apply the same security settings to more than one metaspace, you can associate the same security domain with multiple metaspaces. However, only one security domain can be associated with each metaspace. See Metaspace Access List for more information on associating metaspaces with security domains.

To utilize security within a metaspace, one or more nodes in the metaspace are initialized as a security domain controller for the metaspace. A security domain controller enforces the security domain's defined behavior for a metaspace. A security domain controller can be the manager of a metaspace or just a member of a metaspace. See Security Domain Controllers for more information

Nodes in the metaspace that request security services from the security domain controllers are called security domain requestors. Similar to security domain controllers, a security domain requestor can be a manager of a metaspace or a member of a metaspace. These security components allow you to set up a secured ActiveSpaces cluster.

Figure 3 shows the two node types in the TIBCO ActiveSpaces security architecture.

TIBCO ActiveSpaces Security Architecture

The two node types in the ActiveSpaces security architecture are:

  • Security Domain Controllers - TIBCO ActiveSpaces nodes that are dedicated to enforcing a security domain's defined security behavior for a metaspace associated with the security domain. Security domain controllers are the only discovery nodes in a metaspace.

    For more information, see Security Domain Controllers.

  • Security Domain Requestors - Nodes that require access to the data in the data grid, such as a seeder or a leech, and which need to be authorized by a controller. Requestors can never be used a discovery nodes.

For more information, see Security Domain Requestors.