With IBM® WebSphere® DataPower® XC10 Appliance,
you can control access to both the appliance itself and the data grid data that is being
held on the appliance.
Appliance security
Some of the key features
that make the appliance a secure foundation are:
- The appliance is contained in a tamper resistant case
- There is an intrusion detection switch in the chassis that is
continuously monitored. If the switch is triggered, the appliance
does not start. The appliance must be returned to IBM before the appliance can be started again.
Additional elements, such as the tamper-resistant screws on the case
are also included to discourage opening the case. The design of the
appliance ensures that you can access the customer replaceable items
from the rear of the appliance without opening the case.
- There is no access to the operating system through a shell
- There is no command shell in the operating system of the appliance.
By design, no command interpreters are included on the appliance to
reduce security vulnerabilities. There is only one operating system
user ID on the appliance. You cannot externally log on to the appliance
with a user ID, because there is no shell available.
- No user provided logic can be run on the appliance
- The appliance does not provide any ability for a user to upload
an executable script or code. The only exception to this statement
is a system firmware update, in which you can run a script to install
updated firmware on the appliance. These system updates are signed
by the firmware manufacturer as a precaution. No user provided untrusted
software can be run on the appliance.
Data grid security
You
can control access to the information that is contained in your data grids. If you do not enable
security on your data grid,
any application can access the information in the data grid. You can enable security
in general on a data grid,
to allow anyone that has a user account and password on the appliance
to access the data grid. You
can also restrict access to a set of users or user groups by enabling
authorization on the data grid.
Transport Layer Security (TLS)
You
can use TLS to secure the data grids and user interface by configuring
a keystore, truststore, and certificate alias. TLS settings apply
to all appliances in the collective.
Users and user groups
You can define permissions
for users and user groups both for the appliance administration and
the data grid security.