Administering Security
Since security is an important aspect of Windchill ESI administration, you need to be familiar with the following security-related topics:
• User account security
• Data security
|
The following section deals primarily with security administration as it relates to the EAI components of Windchill ESI, particularly to the TIBCO BusinessWorks environment. Refer to the section Policy Administration for security information related to Windchill PDMLink.
|
User Account Security
User access to the TIBCO environment is configurable and is controlled via the TIBCO Administrator. As the Windchill ESI administrator, you should determine the TIBCO user security approach that best matches your environment and its requirements. Refer to the TIBCO documentation for further details.
The following sections discuss security considerations for the following:
• Oracle Applications Database user account for Windchill ESI
• TIBCO EMS
|
The Username and password for the ADB 6.3 Adapter to connect to the Oracle Applications database and for TIBCO BusinessWorks to connect to the TIBCO EMS server are provided in the form of global variables. It is possible to obfuscate the password related global variables at design time. To do this open the TIBCO project in designer and change the global variable type as “password” type. Global variable details are provided in the Windchill Enterprise Systems Integration Installation and Configuration - Oracle Applications (Windchill Enterprise Systems Integration Installation und Konfiguration - Oracle Applications) section.
|
Oracle Applications Database User Account for Windchill ESI
Windchill EAI software components access distribution targets such as Oracle Applications instances via the user name (for example, ESISYS) and a password that are specified in the adapter configuration. To establish the security authorizations required by the TIBCO Adapter for Oracle Applications, you need the user name and password to connect to the APPS user (schema) of each distribution target database.
After installing the TIBCO Adapter for Oracle Applications, for each distribution target Oracle instance you must run the create_user_Mods.sql script in Oracle, as described in the Windchill Enterprise Systems Integration Installation and Configuration - Oracle Applications (Windchill Enterprise Systems Integration Installation und Konfiguration - Oracle Applications), to set up the ESISYS database account used by the adapter.
You must also run the common_all_Mods.sql script in Oracle, as described in the Windchill Enterprise Systems Integration Installation and Configuration - Oracle Applications (Windchill Enterprise Systems Integration Installation und Konfiguration - Oracle Applications), to give the grants on the required database objects for the ESISYS user.
To complete the adapter configuration, you must run a series of SQL scripts in Oracle to create the necessary TIBCO intermediate tables, stored procedures, and other Oracle-based TIBCO components. For more information, see the Windchill Enterprise Systems Integration Installation and Configuration - Oracle Applications (Windchill Enterprise Systems Integration Installation und Konfiguration - Oracle Applications).
TIBCO EMS
The TIBCO EMS queues are secured via:
• A server administrator user account
• Client user accounts for both Windchill PDMLink and the ESI BusinessWorks application.
• Required authentication to access the queues
The user account credentials are not obfuscated. Refer to theWindchill Enterprise Systems Integration Installation and Configuration - Oracle Applications (Windchill Enterprise Systems Integration Installation und Konfiguration - Oracle Applications) for details on setting up EMS security measures. As the Windchill ESI administrator, you should be familiar with these measures and may wish to configure alerts or notifications in case there is a security breach.
Data Security
The EAI software components of Windchill ESI do not use an external or third-party database. Most operations occur in memory. Persistence to disk occurs primarily for:
• Check-pointing (state management)
• Writing to log
Windchill ESI does not encrypt data in storage or in transit. You may need to customize the Windchill ESI application to support encryption if your product structure data is particularly sensitive or must traverse unsecured network links.
Refer to the Windchill Enterprise Systems Integration Installation and Configuration - Oracle Applications (Windchill Enterprise Systems Integration Installation und Konfiguration - Oracle Applications) for details on traversing Wide Area Networks (WANs) and firewalls with TIBCO EMS and Rendezvous.