Securing Transport Bridges

To secure a transport bridge process, complete this task.

Prerequisites

All realm servers must be secure.

The enterprise authentication system must define user names and associate them with appropriate FTL authorization groups.

Procedure

  1. Verify that the transports interconnected by the bridge use only secure network transport protocols.
    Use only these transport protocols:
    • Secure Dynamic TCP
    • Secure TCP

Example Command Line 

tibbridge --realmserver https://rs-host:7000
          --password-file bridge1-creds.txt
          --trust.file ftl-trust.pem

  1. Connect only to secure realm servers using HTTPS.
    Specify HTTPS as the protocol in the URL value of the --realmserver parameter on the transport bridge command line.
  2. Arrange authentication credentials.
    The bridge service authenticates itself to the realm server using a user name and password pair.

    Supply the location of the bridge process' credentials as the value of the --password-file parameter on the transport bridge command line. Ensure that this file is protected from unauthorized access.

    The user name in the file must be in the authorization group ftl.

    For file syntax and other details, see "Transport Bridge Executable Reference" in TIBCO FTL Administration.

  3. Arrange trust in the realm servers.
    Arrange access to a copy of the realm server trust file.

    Supply the file location as the value of the --trust.file parameter on the transport bridge command line.

    For further details, see "Trust File" in TIBCO FTL Administration.