Roadmap for configuring Process Federation Server and federated environments
Federated environments accommodate various configuration scenarios. This roadmap guides you through the most common paths for configuring Process Federation Server and federated environments and helps you ensure that the federated environment is secure.
- Quick start
The quick start path provides basic configuration that is suitable for development or test systems. It assumes that the federated process environment has a basic topology without any clustering. It also includes only minimal security configuration, for example, file-based basic user registry for user authentication.
To allow non-secure communication between Process Federation Server and a federated IBM® BPM system version 8.5.7 cumulative fix 2017.03 or later with no certificate exchange, you must enable non-secure HTTP transport using the configureBPMTransportSecurity AdminTask. See configureBPMTransportSecurity command for more details.
- Production
- The production path provides steps for configuring and securing federated environments that are based on clustered topologies.
The following table shows in greater detail the order in which to configure the components in the federated environment and includes an overview of the steps to perform for the configuration. It also has specific information for the two configuration paths. The associated interactive diagram provides an at-a-glance view of the configuration steps and quick links to the relevant topics.
You can use the Process Federation Server validation tool to check certain configuration steps. These steps are indicated by an asterisk (*) in the table. For more information, see Validating the Process Federation Server and federated environment configuration .
Component | Configuration steps | Quick start path | Production path |
---|---|---|---|
1. Configure the federated environment | a. *Configure the Process Federation Server database. | Required | Required |
b. *Set up a common user registry that spans Process Federation Server and
the federated IBM BPM systems. See Configuring a common user registry for federated process server environments. |
File-based basic user registry | LDAP or custom user registry | |
c. *Set up single sign-on (SSO) between Process Portal, Process Federation Server, and the federated IBM BPM systems. | LTPA | LTPA or third-party, for example, IBM Security Access Manager WebSEAL | |
d. Set up IBM HTTP Server or another reverse proxy solution. | N/A | Required | |
e. *Configure the Process Federation Server Elasticsearch service. | Elasticsearch service on Process Federation Server | Elasticsearch service that spans three or more process federation servers. | |
2. Federate IBM BPM systems | a. Enable indexing on each IBM BPM system that is to be federated. | Required | Required |
b. *On Process Federation Server, configure the data source, federated system, and indexing service for each IBM BPM system that is to be federated. | Required | Required | |
3. Configure Process Portal | a. Configure cross-origin resource sharing (CORS). | Required | Required if browser traffic does not go through a common reverse proxy server layer |
b. Configure endpoint URLs on the IBM BPM server that hosts Process Portal. | Required | Required | |
4. Configure secure communications (SSL) | a. *Configure secure inbound communication to Process Federation Server. See Securing inbound communications to Process Federation Server . |
Required. Note: Process Federation Server is
configured for inbound communication by default.
|
Required for secure communication |
b. *Configure secure outbound communication
between Process Federation Server and
each federated IBM BPM system. See Securing outbound communications between Process Federation Server and federated IBM BPM systems. |
Optional for outbound communication between Process Federation Server and REST services on federated IBM BPM systems. | Required for secure communication | |
c. Configure secure communication between Elasticsearch
nodes. See Securing communication between Elasticsearch service nodes. |
Not applicable because the quick-start path has only one Elasticsearch node | Required for secure communication | |
d. *Configure secure communication between Process Federation Server and
LDAP. See Securing communications between Process Federation Server and LDAP. |
N/A | Required for secure communication | |
e. *Configure secure communication between Process Federation Server and
the database on each of the federated IBM BPM systems. See Configuring secure database access in federated IBM BPM environments. |
Optional | Required for secure communication | |
f. Configure secure communication between Process Portal and Process Federation Server See Securing SSL communications between client applications and Process Federation Server. |
Required Note: Process Federation Server is
configured for inbound communication by default.
|
Required for secure communication |