Broker 10.5 | webMethods Broker Documentation | Administering webMethods Broker | Managing Broker Security | Access Control Lists | Cluster ACLs
Cluster ACLs
You use cluster ACLs to control which Brokers can join a cluster. When a cluster has an ACL attached, the SSL identity or the basic authentication identity of any Broker attempting to join must be listed on the cluster ACL. If not, the Broker will be denied permission.
Brokers within a cluster that belong to the same Broker Server share the same basic authentication identity or SSL identity as that of their Broker Server. This is because a Broker Server's identity is copied to all of its Brokers in the cluster.
A cluster ACL is shared among all the Brokers in the same cluster. When you change the cluster ACL on a particular Broker, that ACL is automatically propagated to the rest of the cluster.
If you plan on opening the membership of the cluster to additional Brokers, specifying their identities on a cluster ACL is necessary if the enlisting Brokers have identities different than those specified by the ACL. If that is the case:
*Make sure that the Broker Servers of the enlisting Brokers have basic authentication identities or SSL identities.
*Make sure that either basic authentication or SSL is enabled for those Broker Servers.
*Add the basic authentication identities or SSL identities of the Brokers you want to add to the cluster ACL.
For information about configuring cluster ACLs, see About Controlling Which Brokers Can Join a Cluster.