Security Considerations
As part of planning aWindchill ESI installation process, it is important to review your security needs and assess them against the following security features provided by Windchill ESI.
Authentication to SAP Systems
TIBCO accesses the SAP distribution target through the user name (ESISYS) and a password specified in the adapter instance deployment configuration. This user name is configured in the distribution target at implementation time. In other words,Windchill ESI does not support dynamic logon to the ERP distribution target. The ERP distribution target logon information for the adapter is also specified at the time of implementation.
Authentication to TIBCO EMS queues
The following lists features related to TIBCO EMS Queues security:
• Windchill ESI uses the out-of-the-box security capabilities provided by TIBCO EMS.
• Each JMS queue is secured. Specifying which users are allowed to access the queue and what functions they are allowed to perform on the queue are performed at installation and configuration time.
• Two client user accounts are configured in the EMS server: a user from Windchill and a user from TIBCO BusinessWorks.Windchill ESI does not use dynamic (message level) authentication to the JMS queues.
• The EMS shared configuration in TIBCO BusinessWorks, which describes the EMS connection and is used to authenticate to the EMS server, is set at implementation time and is not obfuscated.
Other Features
The following lists other security features related to TIBCO components:
• User access to the TIBCO environment can be configured and is controlled though the TIBCO BusinessWorks Administrator. No TIBCO roles, such as distinctions between developers and administrators, are initially defined by Windchill ESI. For further details, refer to the TIBCO Administrator User’s Guide.
• Repositories are set as read-only during run-time.
• Windchill Enterprise Systems Integration transfers theWindchill PDMLink UserID to SAP in cases where the SAP API accommodates the information. This is simply a non-functional, free-text attribute and the EAI software components and the SAP target system do not perform any validations on this information.
• Messages are not encrypted.
• LDAP integration is not supported.