Securing your environment
To provide a secure environment for IBM® Business Monitor, you must enable both administrative security and application security. Use the Security Configuration Wizard in the WebSphere® Application Server administrative console to enable or change security for IBM Business Monitor.
The security configuration of IBM Business Monitor must match the configuration of other servers that participate in the same single sign-on domain; for example, Business Space powered by WebSphere, WebSphere Portal, and Process Server.
IBM Business Monitor uses long security names (for example, LDAP DN) if security is enabled, and it uses a short name if security is disabled. Therefore, any configuration made under one setting will not be visible under the other. Use the WebSphere Portal configuration wizard to change security settings for WebSphere Portal.
- You can configure access to monitor models using Monitor Data Security in the administrative console.
- You can configure a more fine-grained form of access by filtering
the data that users and groups can view.
- You can limit which instances of a model context are available to the users and groups by setting up a security filter. The security filter is applied to all instance, KPI, and cube queries.
- You can limit access to specific monitor objects by setting up security rules. You can set up security rules to apply to metrics, dimensions, measures, KPIs, and alerts.
IBM Business Monitor supports LDAP configured under Federated Repositories, and now also supports a standalone LDAP configuration.
If you are not using WebSphere Portal, you can use a file-based repository. WebSphere Portal must be able to share a user registry with the IBM Business Monitor server, meaning that only LDAP server registry or custom user registry is supported.
Additionally, you must configure CEI security. You can use method-level declarative security to access CEI functions. Detailed information is provided in a related link below.
For more information about securing applications and the environment for WebSphere Application Server, see the Security section of the WebSphere Application Server Information Center. A related link is provided.
Detailed information on the configurations are provided in the following topics:
- Configuring server security
Server security configuration starts with the Global security page. Global security represents the administrative security and the default security configuration that is effective for all applications running in the environment. Security domains can be defined to override and customize the security policies for applications. - Viewing the status of security properties
You can view the status of security properties for IBM Business Monitor from a central location in the administrative console. You can also access the administrative pages for configuring WebSphere administrative security, WebSphere application security, IBM Business Monitor data security, LTPA, and single sign-on (SSO) from the IBM Business Monitor security console page. - Configuring user registries
The user registry stores information that is used to authenticate users using basic authentication. You must configure WebSphere Application Server to use the user registry in your environment. Your choice of user registry is also an essential consideration when planning your monitoring environment. - Securing the database environment
You can enhance the operational security of your databases during the installation using either DB2®, Oracle, or Microsoft SQL Server. You can complete the installation without giving database users who are associated with the application server administrative privileges. - Enabling security for WebSphere Portal
WebSphere Portal uses the security mechanism provided by WebSphere Application Server. - Configuring IBM Cognos BI security
The IBM Cognos® Business Intelligence service requires a database for its content store repository. You can enhance security by creating a database user for IBM Cognos BI only. - Configuring data security
Using the administrative console, you can configure security for your monitor models by setting data access permissions. - Configuring fine-grained security
You secure access to monitor models by adding users to resource groups (as described in "Configuring data security"). After providing access at the monitor model level, you can provide a more fine-grained form of data security by granting access to users and groups at the monitor context instance level or the monitor context object level. - Considerations when enabling security in a network deployment environment
This section contains information that you need to know when enabling security in a network deployment environment.
