Summary: Enabling security for Grid Service Agent, Manager and Container.
Enabling Security GigaSpaces security is enabled by setting a system property. Append the following system property to EXT_JAVA_OPTIONS in setenv script.
-Dcom.gs.security.enabled=true
This property affects the GSA, GSM, GSC. Actually it affects also a standalone PU instance (with a space). Grid Service Agent Grid Service Agent The Grid Service Agent (GSA) acts as a process manager that can spawn and manage Service Grid processes (GSM, GSC, etc.). When GSA is secured, a spawned GSM/GSC will also be secured. To start, kill, restart a process you need Manage Grid privileges. Grid Service Manager Grid Service Manager The Grid Service Manager (GSM) is responsible for managing Processing Units and Grid Service Containers. The GSM accepts deployment and un-deployment requests of Processing Units, and provisions them to GSCs. To deploy, un-deploy you need Provision PU privileges. A secured GSM can only connect to another secured GSM. This means that a Processing Unit managed by a secured GSM can be recoverable upon failover only by another secured GSM. Grid Service Container Grid Service Container A Grid Service Container (GSC) is a container which hosts deployed Processing Unit Instances, and reports its status to the GSM. In general, operations on the GSC are routed to the managing GSM of the processing unit. To scale up/down, relocate, restart PU instance, destroy PU instance you need Manage PU privileges. A secured GSC can only connect to a secured GSM. This means that a Processing Unit managed by a secured GSM can only be provisioned to a secured GSC. Note: Security of a GSC does not enforce any security on the deployed Processing Unit. i.e., a secured GSC can contain a Processing unit with a non-secured space, and a non-secured GSC can contain a Processing Unit with a secured space. |