IBM WebSphere DataPower XC10 Appliance security overview

With IBM® WebSphere® DataPower® XC10 Appliance, you can control access to both the appliance itself and the data grid data that is being held on the appliance.

Appliance security

Some of the key features that make the appliance a secure foundation are:
The appliance is contained in a tamper resistant case
There is an intrusion detection switch in the chassis that is continuously monitored. If the switch is triggered, the appliance does not start. The appliance must be returned to IBM before the appliance can be started again. Additional elements, such as the tamper-resistant screws on the case are also included to discourage opening the case. The design of the appliance ensures that you can access the customer replaceable items from the rear of the appliance without opening the case.
There is no access to the operating system through a shell
There is no command shell in the operating system of the appliance. By design, no command interpreters are included on the appliance to reduce security vulnerabilities. There is only one operating system user ID on the appliance. You cannot externally log on to the appliance with a user ID, because there is no shell available.
No user provided logic can be run on the appliance
The appliance does not provide any ability for a user to upload an executable script or code. The only exception to this statement is a system firmware update, in which you can run a script to install updated firmware on the appliance. These system updates are signed by the firmware manufacturer as a precaution. No user provided untrusted software can be run on the appliance.

Data grid security

You can control access to the information that is contained in your data grids. If you do not enable security on your data grid, any application can access the information in the data grid. You can enable security in general on a data grid, to allow anyone that has a user account and password on the appliance to access the data grid. You can also restrict access to a set of users or user groups by enabling authorization on the data grid.

Transport Layer Security (TLS)

You can use TLS to secure the data grids and user interface by configuring a keystore, truststore, and certificate alias. TLS settings apply to all appliances in the collective.

Users and user groups

You can define permissions for users and user groups both for the appliance administration and the data grid security.