Roadmap for configuring Process Federation Server and federated environments
Federated environments accommodate various configuration scenarios. This roadmap guides you through the most common paths for configuring Process Federation Server and federated environments and helps you ensure that the federated environment is secure.
- Quick start
- The quick start path provides basic configuration that is suitable for development or test
systems. It assumes that the federated process environment has a basic topology without any
clustering. It also includes only minimal security configuration, for example, file-based basic user
registry for user authentication.
To allow non-secure communication between Process Federation Server and a federated IBM BPM system version 8.5.7 cumulative fix 2017.03 or later with no certificate exchange, you must enable non-secure HTTP transport using the configureBPMTransportSecurity AdminTask. See configureBPMTransportSecurity command for more details.
- Production
- The production path provides steps for configuring and securing federated environments that are based on clustered topologies.
The following table shows in greater detail the order in which to configure the components in the federated environment and includes an overview of the steps to perform for the configuration. It also has specific information for the two configuration paths. The associated interactive diagram provides an at-a-glance view of the configuration steps and quick links to the relevant topics.
You can use the Process Federation Server validation tool to check certain configuration steps. These steps are indicated by an asterisk (*) in the table. For more information, see Validating the Process Federation Server and federated environment configuration .
Component | Configuration steps | Quick start path | Production path |
---|---|---|---|
Prerequisite: create a process federation server | Use the ibmProcessFederationServer template to create a server. See Creating a process federation server. | Required | Required |
1. Configure the federated environment | a. *Configure the Process Federation Server database. | Required | Required |
b. *Set up a common user registry that spans Process Federation Server and the federated IBM BPM systems. See Configuring a common user registry for federated process server environments. |
File-based basic user registry | LDAP or custom user registry | |
c. *Set up single sign-on (SSO) between Process Portal, Process Federation Server, and the federated IBM BPM systems. | LTPA | LTPA or third-party, for example, IBM Security Access Manager WebSEAL | |
d. Set up IBM HTTP Server or another reverse proxy solution. | N/A | Required | |
e. *Configure the Process Federation Server Elasticsearch service. | Elasticsearch service on Process Federation Server | Elasticsearch service that spans three or more process federation servers. | |
2. Federate IBM BPM systems | a. Enable indexing on each IBM BPM system that is to be federated. | Required | Required |
b. *On Process Federation Server, configure the data source, federated system, and indexing service for each IBM BPM system that is to be federated. | Required | Required | |
3. Configure Process Portal | a. Configure cross-origin resource sharing (CORS). | Required | Required if browser traffic does not go through a common reverse proxy server layer |
b. Configure endpoint URLs on the IBM BPM server that hosts Process Portal. | Required | Required | |
4. Configure secure communications (SSL) | a. *Configure secure inbound communication to Process Federation Server. See Securing inbound communications to Process Federation Server . |
Required. Note: Process Federation Server is configured for inbound
communication by default.
|
Required for secure communication |
b. *Configure secure outbound communication between Process Federation Server and each federated IBM BPM system. See Securing outbound communications between Process Federation Server and federated IBM BPM systems. |
Optional for outbound communication between Process Federation Server and REST services on federated IBM BPM systems. | Required for secure communication | |
c. Configure secure communication between Elasticsearch nodes. See Securing communication between Elasticsearch service nodes. |
Not applicable because the quick-start path has only one Elasticsearch node | Required for secure communication | |
d. *Configure secure communication between Process Federation Server and LDAP. See Securing communications between Process Federation Server and LDAP. |
N/A | Required for secure communication | |
e. *Configure secure communication between Process Federation Server and the database on each of the
federated IBM BPM systems. See Configuring secure database access in federated IBM BPM environments. |
Optional | Required for secure communication | |
f. Configure secure communication between Process Portal and Process Federation Server See Securing SSL communications between client applications and Process Federation Server. |
Required Note: Process Federation Server is configured for inbound
communication by default.
|
Required for secure communication |