Enabling Transport Encryption on a Data Grid

Prerequisites

ActiveSpaces transport encryption is based on the transport encryption of TIBCO FTL. If the computer on which you run the TIBCO FTL server has multiple network interface cards, ensure that the host name is mapped to the IP address that you use to start your TIBCO FTL server. Otherwise, the certificate generated by the TIBCO FTL server might use one of the other available IP addresses. As a result of the IP address mismatch, ActiveSpaces processes would not be able to connect to the realm service.

Procedure

  1. Generate a trust file by using a TIBCO FTL server. For instructions, see "Securing FTL Servers" in TIBCO FTL Administration.
  2. Supply copies of the keystore file and trust file to every TIBCO FTL server.
  3. Supply a copy of the trust file to locations that can be accessed by any of the data grid's processes and client processes.
  4. Configure the TIBCO FTL servers to use TLS security in their configuration files. 
    globals:
        tls.secure: <keystore_password>
  5. Start the TIBCO FTL Servers. 
    tibftlserver -c <config_file> -n <server_name>
  6. After the secure realm services have been started, create the data grid configuration by using the encrypted_connections option and set its value to all. 
    grid create copyset_size=1 statekeeper_count=3 encrypted_connections=all mygrid
  7. Define the component processes of your data grid. See Defining a Data Grid.
Related concepts