444 Enterprise Business Portals with IBM Tivoli Access Manager
򐂰 PKI: The PKI infrastructure is necessary to support encryption of MQSeries
messages, strong authentication for representatives, and signing of
transactions.
򐂰 Access Manager for Business Integration: Access Manager for Business
Integration is used to provide encryption functionality transparent for the
MQSeries applications.
17.5 Implementation architecture
The implementation architecture is depicted in Figure 17-10 on page 445. The
dotted lines indicate the authentication and authorization verification of Access
Manager for Business Integration towards the Access Manager authorization
engine. The local operating system is no longer used to authorize access to
MQSeries queues. All messages in ABBCs environment can now be encrypted
totally transparently for the application and without any need to implement
additional software modules.
Chapter 17. Backend integration 445
Figure 17-10 Proposed component model for integrated back-end systems
The main design decisions are:
򐂰 Access to MQSeries queues is protected by Access Manager for Business
Integration using the Access Manager authorization engine. Certificates of
internal users are also stored in the IPlanet directory.
򐂰 Messages between the intranet and internal production network are
encrypted by Access Manager for Business Integration.
򐂰 Access to Siebel applications is protected by WebSEAL. Additionally
WebSEAL is configured to provide single sign-on. Internet users and internal
users need only a single user ID and password to access applications in
ABBCs production environment.
򐂰 Different authentication methods are supported by WebSEAL. Among others,
digital certificates can be used to authenticate users. Certificates are stored in
the IPlanet Directory. An external certificate authority (CA) is not involved. Up
to now, only representatives of ABBC are required to have a certificate.
Intranet
Internal Production Network (core)
External
Application
Server
(BEA WLS)
Clearing System Account System Statement System
Centralized
Reconciliation
System
MQM
ABBC Siebel
Applications
MQM+AM/BI MQM+AM/BI
MQM+AM/BI
Authorization
Database
Web Server +
Siebel Web
Engine
External
Web
SEAL
Internet
DMZ
CDAS
IPlanet
Directory
Authorization
Engine
Middleware
Server
(MQ Integrator)
MQM+AM/BI
MQM+AM/BI
Internal
Application
Server
(BEA WLS)
MQM+AM/BI

Get Enterprise Business Portals with IBM Tivoli Access Manager now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.