How to configure a secure FTL cluster for BE applications

How to configure a secure FTL cluster for BE applications

book

Article ID: KB0072552

calendar_today

Updated On:

Products Versions
TIBCO BusinessEvents Enterprise Edition 6.x

Description

To configure a secure (TLS/SSL) FTL cluster for BE 6.x and later, follow the steps outlined below.

Resolution

First, start FTL with security enabled. For example:
  
 $ cd /opt/tibco/ftl/6.6/samples/ $ . ./setup $ cd scripts $ ./ftlstart --secure ftls1@ip-172-31-30-171.ec2.internal:8585 ftls2@ip-172-31-30-171.ec2.internal:8586 ftls3@ip-172-31-30-171.ec2.internal:8587
This will create a trust file (ftl-trust.pem) under the FTL server working directory (e.g. ~/ftl-server/ftl-trust.pem). This trust file may be used by BE agents that want to connect to the FTL cluster.

To reference the trust file in your BE CDD configuration, go to Cluster > Cluster Management, and select 'Security Enabled' as shown below. Point to the trust file you obtained from the FTL working directory.

be-ftl-security

If your FTL cluster requires a username and password, also configure these cluster-level security options ('FTL User Name' and 'FTL Password').

Finally, set the 'FTL Server URL' CDD setting (again under Cluster > Cluster Management). Specify the https:// protocol:

ftl-server-url

The full value entered in the above screen capture is:
  
 https://ftls1@ip-172-31-30-171.ec2.internal:8585|https://ftls2@ip-172-31-30-171.ec2.internal:8586|https://ftls3@ip-172-31-30-171.ec2.internal:8587
You are now configured to connect to the secure FTL cluster using TLS/SSL.

Note: In addition, you may want to configure security for the Cache Provider as well. For guidance on that, please refer to the following Knowledge articles:
 

Issue/Introduction

Outlines the steps needed to configure a secure FTL cluster for BE applications
Powered by Wolken Software