To enable server security, you must configure the Rational®
DOORS® database server to use secure
connections.
Before you begin
If these components are not installed, install them:
Verify your certificates are valid and not expired. A sample set of certificates
can be used to validate your configuration but these should not be used for
production.
The Rational DOORS clients, interoperation server, and database server must use the correct server
host name. For example, when you use the sample certificates, the server host name
must be specified as IBMEDSERV and the clients must connect to the server by using
that host name.
Note: You do not need to use the sample certificates that are
provided with Rational DOORS. However, if you use another certificate, you must use the
-keyDB and -certName parameters for
the client, interoperation server, and database server.
About this task
uFollow this procedure to enable server security for the platform where your server
is installed. When you start the
Rational DOORS database server and use the
-serverSecurityEnable switch, the
option is persistent, so the server security is enabled when you restart. On subsequent
restarts, you can omit that switch.
Procedure
- To start the servers on a UNIX system, follow these steps:
- If you are not using Rational DOORS Web Access, follow these steps. Otherwise, skip to the next
step.
- Enter configure-festival.sh, which sets
the appropriate permissions on the files in the directory
structure and installs the JRE.
- Start the broker by entering
broker.start.sh, which is in the root
directory of the Rational
DOORS Web Access
installation.
- Start the Rational
DOORS database server,
and use the -serverSecurityEnable
command-line switch to enable security.
- Define the broker host and port by using the
-serverSecurityBrokerHost HOST and
-serverSecurityBrokerPort PORT
parameters. For example:
doorsd -s $DOORSHOME/data -p
36700 -serverhostname IBMEDSERV -secure ON
-serverSecurityBrokerHost IBMEDSERV
-serverSecurityBrokerPort 61616
-serverSecurityEnable
where
Switch |
Parameter |
Description |
-s |
$DOORSHOME/data |
The path to the data files
|
-p |
36700 |
The port number to connect to the
server
|
-serverhostname |
IBMEDSERV |
The name of the Rational
DOORS
database server
|
-secure |
ON |
A switch that must be set to on for
security to be enabled
|
-serverSecurity
BrokerHost |
IBMEDSERV |
The server name or IP address of the server
that is hosting the ActiveMQ broker
|
-serverSecurity
BrokerPort |
61616 |
The port number to connect with the
ActiveMQ broker
|
-serverSecurity
Enable |
|
The switch that enables server security
|
- If you are not using Rational DOORS Web Access, start the interoperation server. Otherwise, skip to the
next step. The interoperation server command is in
$DOORSHOME/bin. For example:
doors -interop -d 36677@IBMEDSERV
-brokerHost IBMEDSERV -brokerPort 61616
where
Switch |
Parameter |
Description |
-interop |
|
The command to start the client as an interoperation
server
|
-data |
36700@IBMEDSERV |
The port number and name of the Rational
DOORS
database server
|
-brokerHost |
IBMEDSERV |
The name of the server that is hosting the ActiveMQ
broker
|
-brokerPort |
61616 |
The port number of the ActiveMQ broker
|
- If the database is configured to use the IBM® Rational Directory Server, existing users must be signed. To sign existing users, log in to a
Rational DOORS client as the administrator. From the edit DXL interface, enter this
command: signTdsUsers().
- To start the servers on a Windows system, follow these steps:
- If you are not using Rational DOORS Web Access, start the Active MQ broker. Otherwise, skip to the next
step. To start the broker, run broker.start.bat,
which is in the root directory of the Rational
DOORS Web Access
installation.
- Start the Rational
DOORS database server,
enabling server security by entering the
-serverSecurityEnable command-line
argument.
- Define the ActiveMQ broker host name and port by using the
-serverSecurityBrokerHost HOST and
-serverSecurityBrokerPort PORT
parameters. If you are running the Rational
DOORS database server
in console mode, enter a command in this
format:
doorsd.exe -debug -s
"C:\example\data" -p 36700 -serverhostname IBMEDSERV
-secure ON -serverSecurityBrokerHost IBMEDSERV
-serverSecurityBrokerPort 61616
-serverSecurityEnable
where
Switch |
Parameter |
Description |
-s |
"C:\example\data" |
The path to the data files
|
-p |
36700 |
The port number to connect to the
server
|
-serverhostname |
IBMEDSERV |
The name of the Rational
DOORS
database server
|
-secure |
ON |
A switch that must be set to on for
security to be enabled.
|
-serverSecurity
BrokerHost |
IBMEDSERV |
The server name or IP address of the server
that is hosting the ActiveMQ broker
|
-serverSecurity
BrokerPort |
61616 (the default) |
The port number to connect with the
ActiveMQ broker
|
-serverSecurity
Enable |
|
The switch that enables server security
|
The Rational DOORS database server installs as a Windows service. By default, the secure mode and server
security options are disabled.
- If you want to enable the service for the secure mode and
server security options, follow these steps:
- Stop the Rational
DOORS database
server service.
- Open the Properties window for
the Rational
DOORS database
server service.
- Enter the correct parameters in the Start
parameters field. For
example:
-s "C:\example\data" -p
36700 -serverhostname IBMEDSERV -secure ON
-serverSecurityBrokerHost IBMEDSERV
-serverSecurityBrokerPort 61616
-serverSecurityEnable
- Start the service. Click Start in the
Properties window. The parameters are
discarded when the window is closed.
- If you are not using Rational DOORS Web Access, start the Rational
DOORS interoperation server.
Otherwise, skip to the next step. This server is the same binary as the
Rational
DOORS client. For example:
doors.exe -interop -d 36677@IBMEDSERV
-brokerHost IBMEDSERV -brokerPort 61616
where
Switch |
Parameter |
Description |
-interop |
|
The command to start the client as an interoperation
server
|
-data |
36700@IBMEDSERV |
The port number and name of the Rational
DOORS
database server
|
-brokerHost |
IBMEDSERV |
The name of the server that is hosting the broker
|
-brokerPort |
61616 |
The port number of the broker
|
Note: If the Rational
DOORS database server is
running as a Windows
service, after you restart Windows, you must restart the broker and the
interoperation server.
- If the database is configured to use the IBM Rational Directory Server, existing users must be signed. To sign existing users, log in to a
Rational DOORS client as an administrator. From the edit DXL interface, enter this
command: signTdsUsers().
What to do next
When you enable server security, the default authentication method is to enter your
user name and password. You can change the authentication method by using a dbadmin
command-line switch, -sssAuthenticationMode. When you change the
authentication method, you do not need to restart the Rational DOORS database
server. For more information, see changing the authentication method.
If you want to disable server security, use the
-serverSecurityDisable switch. For example, enter
doorsd.exe -debug -s "C:\example\data" -p 36700
-serverSecurityDisable.