ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahx_5.4.0.1/rzahxagentsecure.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Secure your agent environment" />
<meta name="abstract" content="It is strongly recommended that you use Kerberos user and service principals to authenticate users, agent pools, and agent services to one another on or across a secure platform or distributed platform." />
<meta name="description" content="It is strongly recommended that you use Kerberos user and service principals to authenticate users, agent pools, and agent services to one another on or across a secure platform or distributed platform." />
<meta name="DC.Relation" scheme="URI" content="rzahxagentsetup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahxagentkerberos.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahxagentsecurepref.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahxagentconfigure.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahxagentstartplatform.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahxagentsecure" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Secure your agent environment</title>
</head>
<body id="rzahxagentsecure"><a name="rzahxagentsecure"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Secure your agent environment</h1>
<div><p>It is strongly recommended that you use Kerberos user and service
principals to authenticate users, agent pools, and agent services to one another
on or across a secure platform or distributed platform.</p>
<div class="section"><p>Platform security can be turned on or off. If you choose to run
on or across a platform that has security turned off, anyone can deregister
or modify another person's agent descriptions. Anyone can change the capabilities
or state of any agent. Anyone can remove or answer any requests, even if they
are not their own. Agents can potentially take destructive actions when being
used incorrectly or by the wrong user. To ensure that agents are used the
way they were intended, security features have been added to the infrastructure
of the platform.</p>
<p>When security is turned on, agents and services will
be able to authenticate and authorize every action that is taken on or across
the platform. An agent can only deregister or alter its own agent description,
an agent must authorize all answered requests and capability changes, and
a certain authority level will be required to alter the state of an agent.
The use of an agent can be limited to certain users and locations. When security
is turned on, every action that occurs can be traced back to a known user
so platform authentication and authorization can occur.</p>
<p>If you choose
to secure your agent platform, you can turn security on by changing the Security
property to <span class="uicontrol">Security=on</span> in the <span class="uicontrol">able.preferences</span> file
that defines your platform.</p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzahxagentkerberos.htm">Configure your platform to use Kerberos</a></strong><br />
The intelligent agent platform uses Kerberos principals to authenticate users and services throughout the agent platform. Kerberos protocol, developed by Massachusetts Institute of Technology, allows a principal (a user or service) to prove its identity to another service within an insecure network.</li>
<li class="ulchildlink"><strong><a href="rzahxagentsecurepref.htm">Configure platform security</a></strong><br />
Before you begin, ensure that you have configured your Kerberos key distribution center (KDC).</li>
</ul>

<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahxagentsetup.htm" title="Before you can begin managing your agents with the Intelligent Agents console, you will need to configure your agents and agent services (the agent platform) to run on or across the systems in your environment. A secure environment requires Kerberos and additional platform configuration.">Set up your agent environment</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahxagentstartplatform.htm" title="After you define the agent platform and optionally secure your platform, you will need to start all the Java Virtual Machines associated with your agent services using iSeries CL commands.">Start the agent platform</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzahxagentconfigure.htm" title="Provides a brief overview of the agent platform, and then provides detailed configuration steps for modifying the platform preferences file. Before you begin using the Intelligent Agents console in iSeries Navigator, you first need to configure the agent platform.">Configure your agent platform</a></div>
</div>
</div>
</body>
</html>