To enable server security, you must configure the Rational®
DOORS® database
server to use secure connections.
Before you begin
If these components are not installed, install them:
Verify that your certificates are valid and not expired. You can use a
sample set of certificates to validate your configuration, but do not use
them for production.
The Rational
DOORS clients, interoperation server, and database server must use the
correct server host name. For example, when you use the sample
certificates, the server host name must be specified as IBMEDSERV and the
clients must connect to the server by using that host name.
Note: You
do not need to use the sample certificates that are provided with Rational
DOORS. However, if you use another certificate, you must use the
-keyDB and -certName
parameters for the client, interoperation server, and database
server.
About this task
Follow this procedure to enable server security for the platform where your
server is installed. When you start the
Rational
DOORS database server and use the
-serverSecurityEnable
switch, the option is persistent, so the server security is enabled when you
restart. On subsequent restarts, you can omit that switch.
Procedure
- To start the servers on a Windows system, follow these steps:
- If you are not using Rational
DOORS Web Access, start the Active MQ broker. Otherwise, skip to the next
step. To start the broker, enter broker.start.bat,
which is in the root directory of the Rational
DOORS Web Access installation.
- Start the Rational
DOORS database server, enabling server security by entering the
-serverSecurityEnable command-line argument.
- Define the ActiveMQ broker host name and port by using the
-serverSecurityBrokerHost HOST and
-serverSecurityBrokerPort PORT
parameters. If you are running the Rational
DOORS database server in console mode, enter a command in this
format:
doorsd.exe -debug -s "C:\example\data" -p
36700 -serverhostname IBMEDSERV -secure ON
-serverSecurityBrokerHost IBMEDSERV -serverSecurityBrokerPort
61616 -serverSecurityEnable
where
Switch |
Parameter |
Description |
-serverdata |
"C:\example\data" |
The path to the data files
|
-portnumber |
36700 |
The port number to connect to the server
|
-serverhostname |
IBMEDSERV |
The name of the Rational
DOORS database server
|
-secure |
ON |
A switch that must be set to on for security to be
enabled.
|
-serverSecurityBrokerHost |
IBMEDSERV |
The server name or IP address of the server that is
hosting the ActiveMQ broker
|
-serverSecurityBrokerPort |
61616 (the default) |
The port number to connect with the ActiveMQ
broker
|
-serverSecurityEnable |
|
The switch that enables server security
|
The Rational
DOORS database server installs as a Windows service. By default, the secure mode and server
security options are disabled.
- If you want to enable the service for the secure mode and server
security options, follow these steps:
- Stop the Rational
DOORS database server service.
- Open the Properties window for the Rational
DOORS database server service.
- Enter the correct parameters in the Start
parameters field. For example:
-serverdata "C:\example\data" -portnumber 36700
-serverhostname IBMEDSERV -secure ON -serverSecurityBrokerHost IBMEDSERV -serverSecurityBrokerPort
61616 -serverSecurityEnable
- Start the service: in the Properties
window, click Start. The parameters are
discarded when the window is closed.
- If you are not using Rational
DOORS Web Access, start the Rational
DOORS interoperation server. Otherwise, skip to the next step. This server
is the same binary as the Rational
DOORS client. For example:
doors.exe -interop -data 36677@IBMEDSERV
-brokerHost IBMEDSERV -brokerPort 61616
where
Switch |
Parameter |
Description |
-interop |
|
The command to start the client as an interoperation
server
|
-data |
36700@IBMEDSERV |
The port number and name of the Rational
DOORS database server
|
-brokerHost |
IBMEDSERV |
The name of the server that is hosting the broker
|
-brokerPort |
61616 |
The port number of the broker
|
Note: If the Rational
DOORS database server is running as a Windows service, after you restart Windows, you must restart
the broker and the interoperation server.
- If the database is configured to use IBM®
Rational Directory Server, existing users must be signed. To sign existing users, log in to a
Rational
DOORS client as an administrator. From the edit DXL interface, enter this
command: signTdsUsers().
- To start the servers on a Linux system, follow these steps:
- If you are not using Rational
DOORS Web
Access, start the broker. Otherwise, skip to the next step. To start the broker, enter
broker.start.sh, which is in the root directory of the Rational
DOORS Web
Access installation.
- Start the Rational
DOORS database server and use the -serverSecurityEnable
command-line switch to enable security.
- Define the broker host and port by using the
-serverSecurityBrokerHost HOST and
-serverSecurityBrokerPort PORT
parameters. For example: doorsd -s $DOORSHOME/data -p 36700
-serverhostname IBMEDSERV -secure ON -serverSecurityBrokerHost
IBMEDSERV -serverSecurityBrokerPort 61616
-serverSecurityEnable
where
Switch |
Parameter |
Description |
-serverdata |
$DOORSHOME/data |
The path to the data files
|
-portnumber |
36700 |
The port number to connect to the server
|
-serverhostname |
IBMEDSERV |
The name of the Rational
DOORS database server
|
-secure |
ON |
A switch that must be set to on for security to be
enabled
|
-serverSecurityBrokerHost |
IBMEDSERV |
The server name or IP address of the server that is
hosting the ActiveMQ broker
|
-serverSecurityBrokerPort |
61616 |
The port number to connect with the ActiveMQ
broker
|
-serverSecurityEnable |
|
The switch that enables server security
|
- If you are not using Rational
DOORS Web Access, start the interoperation server. Otherwise, skip to the
next step. The interoperation server command is in
$DOORSHOME/bin. For example:
doors -interop -data 36677@IBMEDSERV
-brokerHost IBMEDSERV -brokerPort 61616
where
Switch |
Parameter |
Description |
-interop |
|
The command to start the client as an interoperation
server
|
-data |
36700@IBMEDSERV |
The port number and name of the Rational
DOORS database server
|
-brokerHost |
IBMEDSERV |
The name of the server that is hosting the ActiveMQ
broker
|
-brokerPort |
61616 |
The port number of the ActiveMQ broker
|
- If the database is configured to use IBM
Rational Directory Server, existing users must be signed. To sign existing users, log in to a
Rational
DOORS client as the administrator. From the edit DXL interface, enter this
command: signTdsUsers().
What to do next
When the Rational
DOORS database server is installed, it does
not have a password, so anyone can manage the server. To control who manages your
database server, you can set a password with the database server administration
tool. For more information see Setting the database server
password
When you enable server security, the default authentication method is to enter your
user name and password. You can change the authentication method by using a dbadmin
command-line switch, -sssAuthenticationMode. When you change the
authentication method, you do not need to restart the Rational
DOORS database server. For more information, see Changing the authentication method.
If you want to disable server security, use the
-serverSecurityDisable switch. For example, enter doorsd.exe -debug
-serverdata "C:\example\data" -portnumber 36700 -serverSecurityDisable.