Managing Security in IBM AD

By default, the IBM AD server and client components connect to each other in an unencrypted mode. However, TLS protocol is also supported.

The TLS protocol is a client or server cryptographic protocol. It is based on the earlier Secure Sockets Layer (SSL) specifications that are developed by Netscape Corporation for securing communications that use Transmission Control Protocol/Internet Protocol (TCP/IP) sockets. The TLS and SSL protocols are designed to run at the application level. Therefore, typically, an application must be designed and coded to use TLS/SSL protection.

Important: Only TLS 1.2 is supported. To make sure that AD server and client components can work with TLS properly, you must update the TLS to 1.2.
To configure IBM® AD to use secure communications between its server and client components, complete the following steps:
  1. Prepare files for enabling secure communication.
  2. Enable Hypertext transfer protocol secure (HTTPS) for IBM AD File Service, IBM AD Search Service, IBM AD Mainframe Projects Service, IBM AD Cross Applications Service, IBM AD Manual Resolutions Service, IBM AD WebSphere® Liberty Profile Service, and Authentication Server (DEX). For more information, see Securing Access on IBM AD Services Endpoints.
  3. Set up IBM AD Zookeeper to run in the mixed mode. For more information, see Activate the IBM AD ZooKeeper Server to use certificates.
  4. Configure IBM AD Batch Server and Graph Database Server. For more information, see STEP 9. Configuring IBM AD Batch Server.
  5. Enable the encryption channel between IBM AD Build Client and IBM AD Zookeeper. For more information, see Activate IBM AD Build Client to use certificates.
  6. Enable the encryption channel between IBM AD Analyze Client and IBM AD Zookeeper. For more information, see Enabling encryption channel between IBM AD Analyze Client and IBM AD ZooKeeper.