This post is part of the IBM BPM Security Hardening series.
The first rule of secure communications here is that no end user should ever reach a BPM application server directly. While earlier versions of IBM BPM required end users (at least developers using Process Designer) to access a BPM server via multiple protocols. There was HTTP traffic, EJB traffic and JMS traffic. This is no longer the case as of IBM BPM V8.5.0.1 and later. HTTPS is the only required protocol so all traffic can pass through a web server in a demilitarized zone – matching the first rule in the WebSphere Application Server hardening guide.
The first rule of secure communications here is that no end user should ever reach a BPM application server directly. While earlier versions of IBM BPM required end users (at least developers using Process Designer) to access a BPM server via multiple protocols. There was HTTP traffic, EJB traffic and JMS traffic. This is no longer the case as of IBM BPM V8.5.0.1 and later. HTTPS is the only required protocol so all traffic can pass through a web server in a demilitarized zone – matching the first rule in the WebSphere Application Server hardening guide.
No comments:
Post a Comment