Enabling secure transport for ActiveSpaces

After configuring the Spotfire Servers in the cluster, you must enable ActiveSpaces to use secure transport for communication between the servers.

Prerequisites

You have configured each Spotfire Server in the cluster to use ActiveSpaces; see Configuring a server cluster with ActiveSpaces (Windows) or Configuring a server cluster with ActiveSpaces (Linux).

For additional information on this procedure, see the ActiveSpaces documentation.
For general information about Spotfire Server clusters, see Clustered server deployments.
Note: Steps 1 - 3 are performed on only one server in the cluster.

Procedure

  1. On one of the servers in the cluster, open a command window and then open the ActiveSpaces command-line interface (CLI) by entering the following commands:
    cd ActiveSpaces installation dir/as/2.2/bin
    as-admin
  2. In the ActiveSpaces CLI, enter the following command:
    as-admin> create security_policy policy_name "as-policy" policy_file 
    "as-policy.txt" encrypt false
    Note: Do not change the policy name or the policy file name because they are referenced in the Spotfire Server configuration and are immutable.
  3. Edit the policy file that you created in the previous step:
    1. Under the "discovery" attribute of the metaspace_access policy key, list all the members of the cluster.
    2. Change the metaspace name.
      The edited section of the policy file will look similar to this:
      metaspace_access=metaspace=spotfire;discovery=tcp:
      //10.97.184.60:5701;10.97.184.65:5701
    3. To use traditional, TLS-like transport protection, specify transport_security=integrity. For information on additional options, see the ActiveSpaces documentation.
  4. Copy this generated as-policy.txt file to each of the clustered Spotfire Servers, to the folder where the keystore file is located. Typically, the keystore file is located here: <server installation dir>/nm/trust.
  5. Start all of the servers.
  6. To validate ActiveSpaces, execute the following commands in the ActiveSpaces CLI.
    1. Create a security token by entering the following command:
      as-admin> create security_token domain_name "AS-DOMAIN" policy_file "C:/tibco/tss/version/nm/trust/as-policy.txt" token_file "C:/tibco/tss/version/nm/trust/mytoken.txt"
    2. Connect to the metaspace with the security token by entering the following command, where the discovery parameter points to one of the Spotfire Servers in the cluster:
      as-admin> connect security_token "C:/tibco/tss/version/nm/trust/mytoken.txt" name "spotfire" discovery "tcp://10.97.120.65:5701"
  7. To list the members of the cluster, enter the following command:
    as-admin> show members