Ensuring FTL System Security: Tasks for Administrators

TIBCO FTL software includes several components. To ensure security within and among those components, administrators complete this super-task and all its sub-task topics.

Procedure

Applications

  1. Coordinate with application developers to secure application programs.
    FTL application programs are clients of the FTL server. They must use HTTPS to communicate with the FTL server.
    Your role includes coordinating with application developers to ensure that application clients trust the secure FTL server, and that they supply appropriate credentials when they connect to it. See Coordination.
  2. Secure all application transports.
    Application programs must use secure transports to communiate with one another. Your role includes configuring the application and transport definitions in the realm definition so that all relevant transports use only secure transport protocols.
    Use only these transport protocols:
    • Secure Dynamic TCP
    • Secure TCP

Authentication and Authorization

  1. Configure authentication and authorization.
    Your role includes configuring your enterprise authentication and authorization system (such as an LDAP service) with appropriate information to support TIBCO FTL components and application users.
    See Configuring Authentication and Authorization.

FTL Servers

  1. Secure all FTL servers.
    A secure FTL server enforces HTTPS communication whenever it communicates with clients, affiliated FTL servers, and browsers.
    Your role is to supply FTL server command line parameters to secure those client connections.
    See Securing FTL Servers.

TIBCO FTL Component Services

  1. Secure all transport bridges.
    Verify that the transports interconnected by the bridges use only secure transport protocols.
    See Securing Transport Bridges.
  2. Secure all persistence services.
    Configure the persistence clusters so that all relevant transports use only secure transport protocols.
    See Securing Persistence Services.
  3. Secure all eFTL services.
    TIBCO eFTL services must use secure transports to communicate with one another, and with eFTL applications.
    Your role includes these subtasks:
    • Reconfigure the automatically-generated eFTL transport definitions so that all relevant transports use only secure transport protocols.
    • Configure channels with appropriate authorization groups.
    • Coordinate with application developers to ensure that eFTL clients connect to the eFTL services using the secure web sockets protocol (WSS).
    See Securing eFTL Services.
  4. Secure all FTL monitoring services.
    The FTL monitoring gateway (tibmongateway) is a client of the FTL server. It must use HTTPS to communicate with the FTL server.
    Your role includes this subtask:
    • Supply appropriate command line parameters to tibmongateway to secure its connection to the FTL server.