Security Scenarios

Setting up a clustered environment requires that you consider two security scenarios. The first scenario is out-of-box security that is used when you first set up the cluster environment where the deployment manager is not configured for security. The second scenario is when an existing deployment manager is already configured for security before a node joins the cell.

Out-of-box security

The first scenario is when the default Virtual Member Manager (VMM) file-based repository security is used on both the HCL nodes and the deployment manager. When the HCL node is federated into the deployment manager cell, the node's security settings are replaced with the deployment manager security settings. Before you federate the first node into the cell, the required administrative group and administrative user (wpsadmins and wpsadmin) must be defined in the deployment manager's security repository. Otherwise, the HCL administrators group and administrative user are lost when you federate the node into the deployment manager.

After you set up the cluster, you can modify the security settings of the cell. You can use WebSphere® Integrated Solutions Console to modify security in the cell. However, use the HCL security tasks to change cell security to ensure that the security configuration settings for WebSphere Application Server and HCL are identical.
Note: Using the WebSphere Integrated Solutions Console to configure or update the out-of-box security is NOT supported in a stand-alone environment. This option is only supported in a clustered environment that uses the Deployment Manager WebSphere Integrated Solutions Console.

Modified security with Virtual Member Manager (VMM) federated

The second scenario is when the existing deployment manager default security was modified before the first HCL node joined the cell. HCL supports the capability of using two different sets of administrative user ID and password credentials when you federate a HCL node into a cell. One set is for the HCL node authentication and one set is for deployment manager authentication. It is not necessary to define a common administrative user ID before HCL joins the cell. If the deployment manager cell is using federated VMM with extra repositories, the security settings on the portal node are replaced with the modified deployment manager VMM federated security settings. The original stand-alone environment security settings are preserved and revert to the original settings if you remove the node from the cluster.