Security considerations for Design Management

You can take actions to ensure that your installation is secure, customize your security settings, and set up user access controls. You can also ensure that you know about any security limitations that you might encounter with this application.

Enabling security during installation

The Design Management Server has several installable components that are classified as desktop components and server-based components. During the installation process, few options relate directly to security. However, before and after the installation, you can perform configuration steps to enhance the security of the Design Management applications:
  • The Design Management Server runs on WebSphere® Application Server, among other application servers. Follow general instructions for enhancing the security of your WebSphere Application Server deployment. You should always use Secure Sockets Layer (SSL) HTTPS connections to the Design Management Server from the browser, because user login credentials are passed over this connection. SSL encrypts all data that is passed over an HTTPS connection. The documentation for Jazz™ Team Server provides instructions on how to set up SSL and install a custom certificate.
  • The desktop components of Design Management consist of two extensions: one for IBM® Rational® Software Architect and the other for IBM Rational Rhapsody®. To make these extensions work, you must make database connections from the extensions to the Design Management Server.

During installation, Design Management security is enabled by default and all security is provided through the Jazz Team Server. When you install Design Management Server, you do not have the option of setting different levels of security, but you are presented with different levels of access, depending on the Design Management license, project membership, and project roles.

Design Management runs on an application server. If you use Apache Tomcat, basic security is enabled by default; however, if you use WebSphere Application Server, you must explicitly configure a security mode, usually through Lightweight Directory Access Protocol (LDAP). WebSphere Application Server has explicit LDAP settings, and during the installation of the Jazz Team Server, the initialization of the main administrator user ID enables the LDAP server to be configured. Security between the web client and server is handled through the standard HTTPS secure protocol.

With the exception of the Apache Derby database, external databases require a password for the database administrator that is defined when the connection to that database is specified during the Jazz Team Server setup process. Verification is possible by running the Jazz Team Server diagnostics.

All security settings apply to silent installations as well.

Enabling secure communication between multiple applications

Applications such as Design Management that are installed on the same Jazz Team Server use the same authentication mechanism (OAuth protocol); access controls are standard capabilities that are provided by the Jazz Team Server.

Single sign-on and a common user ID and password are handled by using delegated authentication to a common set of user IDs and passwords that are provided by the Jazz Team Server.

Ports, protocols, and services

When an application requires an internal ID, the application uses a standard formatted internal ID that is common to all applications running on the Jazz Team Server. For example, for Design Management, the internal ID that is common to all applications is the dm_user internal user and the Design Management application internal license.

The Design Management application uses the standard HTTPS secure protocol.

Customizing your security settings

A Design Management user ID is specified when the user account is created, and the default assigned password is the same as the user ID. You can use the Jazz Team Server administration pages to change user IDs and related passwords.

If you encounter problems, error messages typically provide a description of the issue and might also contain an explanation and suggested user actions. The Jazz Team Server and the Design Management Server log files contain more detailed information about the error.

Setting up user roles and access

With the proper permissions, you can create and delete user IDs by using the Jazz Team Server administration pages. When a project area is created, user IDs can be designated as members of that project and be assigned roles; however, only a project administrator can perform these actions. When you set up user roles and access for the Configuration Management Application server, access restrictions are added at the configuration space level (each Design Management project belongs to one configuration space) to restrict users from creating and modifying configurations in that space. Also, on the Configuration Management Application server, an administrator can specify access controls for users on each configuration, if necessary.

Privacy policy considerations

This software offering does not use cookies or other technologies to collect personally identifiable information. For additional information about cookies, see the Notices topic.


Feedback