Secure Communication Channels for Various Components

TIBCO ActiveMatrix Service Grid is partitioned across many components. You can secure the corresponding communication channels during the initial configuration (while configuring the ActiveMatrix setup using TIBCO Configuration Tool) or secure them later (using ActiveMatrix Administrator GUI).

ActiveMatrix components communicate with each other and with third-party applications over several communication protocols. The following diagram illustrates the components and communication protocols.

By default, some communication channels are not secure but they can be secured by configuring the channels to use the Secure Sockets Layer (SSL) protocol.

You can specify the SSL configuration of the communication channels at different times in the lifecycle of component deployment. The following tables list the entites that can be configured using the TIBCO Configuration Tool, ActiveMatrix Administrator UI and CLI, and TIBCO Business Studio. The tables also list the entities that can be upgraded, downgraded, or updated using the TIBCO Configuration Tool, ActiveMatrix Administrator UI and CLI, and TIBCO Business Studio. The Key column in the tables refers to the numbers in the diagram.
Key Channel Initial Configuration Upgrade, Downgrade, or Change Configuration
1 Administrator server (external HTTP port) - web and CLI clients When creating the Administrator server in TIBCO Configuration Tool. Upgrade or downgrade: Administrator CLI

Change SSL configuration: Administrator CLI

2 Administrator server (internal HTTP port) - hosts and nodes When creating the Administrator server in TIBCO Configuration Tool. Upgrade or downgrade: Administrator web UI or CLI

Change SSL configuration: Administrator web UI or CLI

3 Administrator server - Enterprise Message Service server

(Notification Server and Messaging Bus)

When creating the Administrator server in TIBCO Configuration Tool. Upgrade or downgrade: Administrator web UI or CLI

Change SSL configuration: Administrator web UI or CLI

4 TIBCO Host instance - TIBCO Enterprise Message Service When creating the Administrator server or TIBCO Host instance in TIBCO Configuration Tool. Upgrade or downgrade: Administrator CLI

Change SSL configuration: Administrator CLI

5 Administrator server - external database and LDAP servers When creating the Administrator server in TIBCO Configuration Tool. Change SSL configuration: Administrator CLI
6

Administrator server - hosts and nodes (management)

When creating Administrator in TIBCO Configuration Tool. Upgrade: Administrator web UI or CLI

Change SSL configuration: Administrator CLI

7 Administrator -UDDI server Manually import the UDDI server certificate into the Administrator server trust store using keytool.

Enable secure communication in Administrator web UI or CLI.

Same procedure as initial configuration
8 Administrator server (external HTTP port) - TIBCO Business Studio Administrator - When creating Administrator server in TIBCO Configuration Tool.

TIBCO Business Studio - When you connect to Administrator.

Administrator Upgrade or downgrade: Administrator CLI

Change SSL configuration: Administrator CLI

9 Resource instances (JDBC, JMS, SMTP, LDAP, HTTP) - external servers Administrator web UI or CLI Administrator web UI or CLI