Managing Security in IBM AD

By default, the IBM® AD server and client components connect to each other in an unencrypted mode. However, the TLS protocol is also supported.

The TLS protocol is a client or server cryptographic protocol. It is based on the earlier Secure Sockets Layer (SSL) specifications that are developed by Netscape Corporation for securing communications that use Transmission Control Protocol/Internet Protocol (TCP/IP) sockets. The TLS and SSL protocols are designed to run at the application level. Therefore, typically, an application must be designed and coded to use TLS/SSL protection.

Important: Only TLS 1.2 is supported. To make sure that AD server and client components can work with TLS properly, you must update the TLS to 1.2.
To configure IBM AD to use secure communications between its server and client components, complete the following steps:
  1. Prepare files for enabling secure communication.
  2. Enable Hypertext transfer protocol secure (HTTPS) for IBM AD File Service, IBM AD Search Service, IBM AD Mainframe Projects Service, IBM AD Cross Applications Service, IBM AD Manual Resolutions Service, IBM AD WebSphere® Liberty Profile Service, IBM AD Configuration Service, IBM AD Batch Service, IBM AD Graph Database Service, and optional components Authentication Server (DEX) and Build Client if they are installed. For more information, see Securing Access on IBM AD Services Endpoints.
  3. Block the incoming traffic for the non-authenticated port of IBM AD Zookeeper.
  4. Enable the encryption channel between IBM AD Analyze Client and IBM AD Zookeeper. For more information, see Enabling encryption channel between IBM AD Analyze Client and IBM AD ZooKeeper.