Secure Communication Channels
The ActiveMatrix platform is partitioned across many components. You can secure the corresponding communication channels during the initial configuration or later.
ActiveMatrix components communicate with each other and with third-party applications over several communication protocols. Communication Channels illustrates the components and communication protocols.
By default, the communication channels are not secure. To secure them, you can configure the channels to use the Secure Sockets Layer (SSL) protocol. SSL is a cryptographic protocol that provides security and data integrity for communications over TCP/IP networks.
- A client requests a secure connection from an SSL-enabled server requesting a secure connection.
- The server sends back its identification in the form of a digital certificate.
The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key.
You can specify the SSL configuration of the communication channels at different times in the life cycle of a deployment. The table below lists how to perform the initial SSL configuration and how to upgrade, downgrade, and change the configuration of each channel. The Key column in the table refers to the numbers in the diagram above.
Key | Channel | Initial Configuration | Upgrade, Downgrade, or Change Configuration |
---|---|---|---|
1 | Administrator server (external HTTP port) - web and CLI clients | When creating the Administrator server in TIBCO Configuration Tool. | Upgrade or downgrade: Administrator CLI
Change SSL configuration: Administrator CLI |
2 | Administrator server (internal HTTP port) - hosts and nodes | When creating the Administrator server in TIBCO Configuration Tool. | Upgrade or downgrade: Administrator web UI or CLI
Change SSL configuration: Administrator web UI or CLI |
3 | Administrator server - Enterprise Message Service server
(Notification Server and Messaging Bus) |
When creating the Administrator server in TIBCO Configuration Tool. | Upgrade or downgrade: Administrator web UI or CLI
Change SSL configuration: Administrator web UI or CLI |
4 | TIBCO Host instance - TIBCO Enterprise Message Service | When creating the Administrator server or TIBCO Host instance in TIBCO Configuration Tool. | Upgrade or downgrade: Administrator CLI
Change SSL configuration: Administrator CLI |
5 | Administrator server - external database and LDAP servers | When creating the Administrator server in TIBCO Configuration Tool. | Change SSL configuration: Administrator CLI |
6 |
Administrator server - hosts and nodes (management) |
When creating Administrator in TIBCO Configuration Tool. | Upgrade: Administrator web UI or CLI
Change SSL configuration: Administrator CLI |
7 | Administrator -UDDI server | Manually import the UDDI server certificate into the Administrator server trust store using keytool.
Enable secure communication in Administrator web UI or CLI. |
Same procedure as initial configuration |
8 | Administrator server (external HTTP port) - TIBCO Business Studio | Administrator - When creating Administrator server in TIBCO Configuration Tool.
TIBCO Business Studio - When you connect to Administrator. |
Administrator Upgrade or downgrade: Administrator CLI
Change SSL configuration: Administrator CLI |
9 | Resource instances (JDBC, JMS, SMTP, LDAP, HTTP) - external servers | Administrator web UI or CLI | Administrator web UI or CLI |