Communication

TCP/IP is used for communication between the Payment Feature Services components.

Examples of the communication that is used by the different components are shown in the following list:
  • Communication between the browser where Control Center is running and the WebSphere® Application Server instances.
  • Communication between the Java™ SE components and WebSphere Application Server. The Java SE components are Business Rules Server, Business Rules Manager, Gateway Server, and Transaction Server.
  • Middleware communication, which includes the following examples:
    • WebSphere Application Server intercommunication.
    • Db2® database access.
    • IBM® MQ messaging access.
  • Communication between the Control Center and the Business Rules Manager, Gateway Server, and Transaction Server to run diagnostic commands on a selected server. This communication uses Java remote method invocation (RMI) and is not encrypted. For example, the execute diagnostic command page uses RMI.
  • Other communication. For example, communication with Cognos® or to your own applications.

Securing the communication

You need to consider encrypting communication when you are concerned that the communication might be intercepted. Depending on your deployment, the components can be either colocated or physically distributed, which can influence whether encryption is necessary or not. Control Center users are normally not colocated, so you probably want to enforce encryption.

For communication that you want to secure, consider the following options:
  • Disable non-secure ports. For example, disable the HTTP ports.
  • Limit your communication protocols to the more secure protocols. For example, disable Secure Sockets Layer (SSL), and perhaps Transport Layer Security (TLS) V1.0.
  • Limit the encryption cipher suites that are allowed to be used.
  • Enforce a network policy that limits the communication on the RMI ports to be between the Control Center and the Business Rules Manager, Gateway Server, and Transaction Server only.
  • For server to server communications, you might want to consider the use of mutual TLS (mTLS). Mutual TLS is also known as client/server authentication.

Configuration properties for communication

Many Payment Feature Services components provide properties that you can use to configure the secure communication with the other components and the middleware. For the Java SE components, often their Java Message Service (JMS), IBM MQ, and database properties include configuration for communication. For more information about component properties, see the related information links.

Additional information

The following topics contain more information about configuring communication security.