Secure Communication Channels for Various Components
ActiveMatrix® Service Grid is partitioned across many components. You can secure the corresponding communication channels during the initial configuration (while configuring the ActiveMatrix Service Grid setup using the TIBCO Configuration Tool) or secure them later (using the ActiveMatrix Administrator GUI).
ActiveMatrix Service Grid components communicate with each other and with third-party applications over several communication protocols. The following diagram illustrates the components and communication protocols.
By default, some communication channels are not secure but they can be secured by configuring the channels to use the Secure Sockets Layer (SSL) protocol.
You can specify the SSL configuration of the communication channels at different times in the lifecycle of component deployment. The following tables list the entities that can be configured using the TIBCO Configuration Tool, ActiveMatrix Administrator UI and CLI, and TIBCO Business Studio™ - BPM Edition. The tables also list the entities that can be upgraded, downgraded, or updated using the TIBCO Configuration Tool, ActiveMatrix Administrator UI and CLI, and TIBCO Business Studio - BPM Edition. The key column in the table refers to the numbers in the diagram.
Key | Channel | Initial Configuration | Upgrade, Downgrade, or Change Configuration |
---|---|---|---|
1 | Administrator server (external HTTP port) - Web and CLI clients | When creating the Administrator server in the TIBCO Configuration Tool. | Upgrade or downgrade: Administrator CLI
Change SSL configuration: Administrator CLI |
2 | Administrator server (internal HTTP port) - hosts and nodes | When creating the Administrator server in the TIBCO Configuration Tool. | Upgrade or downgrade: Administrator web UI or CLI
Change SSL configuration: Administrator web UI or CLI |
3 | Administrator server - Enterprise Message Service server
(Notification Server and Messaging Bus) | When creating the Administrator server in the TIBCO Configuration Tool. | Upgrade or downgrade: Administrator web UI or CLI
Change SSL configuration: Administrator web UI or CLI |
4 | TIBCO Host instance - TIBCO Enterprise Message Service | When creating the Administrator server or TIBCO Host instance in the TIBCO Configuration Tool. | Upgrade or downgrade: Administrator CLI
Change SSL configuration: Administrator CLI |
5 | Administrator server - external database and LDAP servers | When creating the Administrator server in TIBCO Configuration Tool. | Change SSL configuration: Administrator CLI |
6 | Administrator server - hosts and nodes (management) | When creating Administrator in the TIBCO Configuration Tool. | Upgrade: Administrator web UI or CLI
Change SSL configuration: Administrator CLI |
7 | Administrator -UDDI server | Manually import the UDDI server certificate into the Administrator server trust store using keytool.
Enable secure communication in Administrator web UI or CLI. | Same procedure as initial configuration |
8 | Administrator server (external HTTP port) - TIBCO Business Studio - BPM Edition | Administrator - When creating an Administrator server in TIBCO Configuration Tool.
TIBCO Business Studio - BPM Edition - When you connect to an administrator. | Administrator Upgrade or downgrade: Administrator CLI
Change SSL configuration: Administrator CLI |
9 | Resource instances (JDBC, JMS, SMTP, LDAP, HTTP) - external servers | Administrator web UI or CLI | Administrator web UI or CLI |