Setting up a Secure Data Grid

Prerequisites

Ensure that a secure TIBCO FTL server is running.

Procedure

  1. To configure a secure data grid in one command, pass the .tibdg configuration file to the tibdg administration tool.
  2. In the .tibdg file, when creating the data grid, set encrypted_connections=all as shown in the following code snippet: 
    grid create copyset_size=2 encrypted_connections=all grid1
    This property forces all internal grid communication and all client-to-proxy communication to use TIBCO FTL secure TCP transports.
  3. Configure the firewall to open ports for client-to-proxy communication.
    For each proxy that is listening for client connections, configure the proxy_client_listen_port to the preferred port that the proxy must bind to and listen on. Example: 
    proxy create proxy_client_listen_port=7771 p_01
    You can use other optional configuration options in the proxy that help configure specific host interface. For example, you can use the proxy_client_listen_subnet_mask configuration option to configure network interfaces. You can specify this option at both the data grid and proxy level to control which network interface the proxy binds to when listening for connections from clients. For details, see "Configure Network Interfaces" in TIBCO ActiveSpaces Administration .
  4. Run the tibdg tool by providing the following command-line options:
    • A completed .tibdg configuration file
    • A trust file
    The following command is an example of running the tibdg tool: 
    >tibdg -r https://host1:8085 -s /home/youruser/as/init/grid1/grid1.tibdg --trust-file /home/youruser/as/grid1/ftl-trust.pem
    Warning: If you do not provide the trust file as a command-line option, the command fails when communicating with a secure TIBCO FTL server.

What to do next

After the data grid has been successfully configured in the TIBCO FTL server, you can start the tibdgkeeper, tibdgproxy, and tibdgnode processes. Ensure that you provide the appropriate trust file on the command-line as follows with the --trust-file option. 
tibdgkeeper -r "https://host1:8085|https://host2:8185|https://host3:8285" --trust-file /home/youruser/as/grid1/ftl-trust.pem -g grid1 -n k_1