Setting up a Secure Data Grid

Procedure
1. To configure a secure data grid in one command, create a .tibdg configuration file that can be passed to the tibdg administration tool.
2. In the .tibdg file, when defining the data grid, set encrypted_connections=all as shown in the following code snippet:

   grid create copyset_size=2 encrypted_connections=all grid1

   This property forces all internal grid communication and all client-to-proxy communication to use TIBCO FTL secure TCP transports.
3. Configure the firewall to open ports for client-to-proxy communication.
   For each proxy that is listening for client connections, configure proxy_client_listen_port to the preferred port to which the proxy must bind and listen. Example:

   proxy create proxy_client_listen_port=7771 p_01

   You can use other optional configuration options in the proxy that help configure the specific host interface. For example, you can use the proxy_client_listen_subnet_mask configuration option to configure network interfaces. You can specify this option at the data grid and proxy level to control the network interface to which the proxy binds when listening for connections from clients. For details, see "Configure Network Interfaces" in TIBCO ActiveSpaces® - Enterprise Edition Administration.
4. Run the tibdg tool by providing the following command-line options:
   • A completed .tibdg configuration file
   • A trust file

   The following command is an example of running the tibdg tool:

   >tibdg -r https://host1:8085 -s /home/youruser/as/init/grid1/grid1.tibdg --trust-file /home/youruser/as/grid1/ftl-trust.pem

   Warning: If you do not provide the trust file as a command-line option, the command fails when communicating with a secure TIBCO FTL server.

tibdgkeeper -r "https://host1:8085|https://host2:8185|https://host3:8285" --trust-file /home/youruser/as/grid1/ftl-trust.pem -g grid1 -n k_1