WebSphere V7 Security Schulung: Enhanced security topics and configuration
This three-day instructor-led course covers security topics that are critical for advanced application server security configuration for WebSphere Application Server V7. The course begins with a general discussion of the three major parts of global security: administrative security, application security, and Java 2 security. Students use security domains to configure cell-wide access. They then configure fine-grained security to the administrative console and configure application security by defining security constraints and security roles for a web application. Students also learn about the implications of application security by mapping special subjects and user groups to security roles. This course presents the core concepts of federated repositories. Students create a federated repository using a file-based repository and add a Lightweight Directory Access Protocol (LDAP) server to the configuration. They secure the connection between the application server and the LDAP server, and learn to configure and manage a Virtual Machine Manager (VMM) security connection feature that allows the VMM to function either with or without all of its repositories available. Secure Sockets Layer (SSL) is covered through extensive discussions about encryption technologies, digital signatures, the SSL handshake, and certificates. The course also provides additional information on SSL in the cell, including cell default trust stores, node keystores, plug-in keystores, certification expiration, and auto replacement. Lab exercises demonstrate both SSL configuration within the application server and the configuration of SSL between the application server and DB2 database. Students also configure cross cell single signon between two cells. Students also learn how to harden the security of their application server environment by identifying areas that should be addressed in production environments. These areas include hardening the web server, configuring TAIs, protecting configuration files and private keys, using administrative roles, encrypting various links, and improving SSL configuration. Students learn how to use tracing and logs to determine authentication and authorization failures, and how to identify and resolve SSL connection problems by diagnosing log information. Finally, students learn about the performance cost of security features in the application server, including core J2EE, messaging, and web services. A hands-on exercise on performance tuning lets students discuss techniques and trade-offs for tuning the security performance of the runtime environment.
