| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| IIB9: 1 Integration Service - 2 execution groups |
« View previous topic :: View next topic » |
| Author |
Message
|
| akil |
 Posted: Tue Sep 02, 2014 3:08 am Post subject: IIB9: 1 Integration Service - 2 execution groups |
 |
|
Partisan
Joined: 27 May 2014
Posts: 338
Location: Mumbai
|
Hi
I need advice on how to handle the following situation,
We have a single IntegrationService project, with 5 operations.
4 operations are called only by internal systems.
1 operation will be called by external partners.
The security team at the bank insists on deploying a separate execution group for external partners ( this execution group will have only that specific flow deployed that the partner is allowed to call & it will be using a dedicated port ). This is over and above the authentication & authorisation check that is implemented at the ESB. The reason given is the following:
-- user/password can be stolen
-- if the partner gets access to the ESB, (because of a stolen user/password), it will not be able to execute any flow since nothing else but the authorised flow will be vulnerable. This limits the damage.
Given that I am failing at changing the stance of the security team, what options do I have ?
1. Can I deploy the same integration service in 2 flows, and by come configuration disable all but 1 flow in the partner execution group ?
2. Should I split the IntegrationService into 2 (one with 4 operations, and one with 1), and deploy them into separate execution groups?
3. Should I resign?
Regards
Akhilesh
_________________
Regards |
|
| Back to top |
|
 |
| Vitor |
| Posted: Tue Sep 02, 2014 6:15 am Post subject: Re: IIB9: 1 Integration Service - 2 execution groups |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| akil wrote: |
| 1. Can I deploy the same integration service in 2 flows, and by come configuration disable all but 1 flow in the partner execution group ? |
If you're using a level of broker that supports the function and using scripted installs, you can deploy a flow in a stopped state. If either of these 2 conditions are not true, you can't.
| akil wrote: |
| 2. Should I split the IntegrationService into 2 (one with 4 operations, and one with 1), and deploy them into separate execution groups? |
It's an option, and all concerned parties should acknowledge the increase in overhead, code maintenance, etc, etc.
| akil wrote: |
| 3. Should I resign? |
It's always an option but I never give career or personal advice for reasons obvious to anyone familar with my career or personal life.
In terms of my experience with "security requirements" this one is dangerous close to being sensible. The security people concerned must be new & inexpereinced...... 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| akil |
| Posted: Tue Sep 02, 2014 7:06 am Post subject: |
|
|
Partisan
Joined: 27 May 2014
Posts: 338
Location: Mumbai
|
Is there any other way that you would suggest I try?
_________________
Regards |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
