.. include:: ../vars.rst .. _chapter-admin-console: *************************************************************** DDS Security Data Visualization with RTI Administration Console *************************************************************** |RTI_ADMINCONSOLE| is compatible with |RTI_SP|. Configuring security in |ADMINCONSOLE| will allow you to visualize and troubleshoot your DDS Secure system. The security configuration is under :guilabel:`Preferences` > :guilabel:`Security`. There, you can secure |ADMINCONSOLE|’s |DPs| by checking the :guilabel:`Enable Security for specified Domains` checkbox. The security preferences will only apply to the domains listed in the :guilabel:`Domain Filter` field. Note that a :value:`*` in this field will apply security to all domains; you can also use patterns like :value:`2,3` or :value:`8,9-12,23`. After setting the :guilabel:`Domain Filter` to the desired domains where you want to visualize your DDS Secure system, you have to set the security artifacts that |ADMINCONSOLE|’s |DPs| will use, as shown in :numref:`Fields to Configure Authentication in Admin Console`, :numref:`Fields to Configure Access Control in Admin Console`, :numref:`Fields to Configure Cryptography in Admin Console`, :numref:`Fields to Configure Logging in Admin Console`. .. note:: As a prerequisite for using security in |ADMINCONSOLE|, you need to install the |RTI_SP|. For this, you can follow the instructions in the :link_sec_install_guide:`RTI Security Plugins Installation Guide `. :numref:`Security Panel in Admin Console's Preferences` is an example of the values to configure |ADMINCONSOLE| to work with the “Security::SecureAllowAll” profile of Shapes Demo: .. figure:: ../static/admin-console-security-conf.png :width: 100% :alt: Security Panel in Admin Console's Preferences :name: Security Panel in Admin Console's Preferences :align: center Security Panel in |ADMINCONSOLE|’s Preferences The following tables describe the purpose of each field. .. note:: If you are using |ADMINCONSOLE| 5.3.x, make sure to click the :guilabel:`Apply` button. This is critical because the settings won’t be applied if you just click :guilabel:`OK`. .. list-table:: Fields to Configure Authentication in |ADMINCONSOLE| :name: Fields to Configure Authentication in Admin Console :widths: 35 65 :header-rows: 1 :class: longtable * - Field - Description * - :guilabel:`Shared Secret Algorithm` - :required:`Required` The algorithm used to establish a shared secret during authentication, as defined by the :property:`authentication.shared_secret_algorithm` property. For details, see :numref:`RTI Security Plugins Properties for Configuring Authentication`. * - :guilabel:`Identity Certificate Authority` - :required:`Required` Provides |ADMINCONSOLE|’s |DPs| with the Identity CA, as defined by the :property:`dds.sec.auth.identity_ca` property. For details, see :numref:`DDS Security Properties for Configuring Authentication`. * - :guilabel:`Certificate Revocation List` - :required:`Optional` The Identity CA can maintain a certificate revocation list (CRL) with information about digital certificates that have been revoked before their scheduled expiration date and should no longer be trusted. With this field you can provide the CRL to the |ADMINCONSOLE|’s |DPs|, as defined by the :property:`authentication.crl` property. For details, see :numref:`RTI Security Plugins Properties for Configuring Authentication`. * - :guilabel:`Private Key` - :required:`Required` Provides |ADMINCONSOLE|’s |DPs| with a |PrivateKey|, as defined by the :property:`dds.sec.auth.private_key` property. For details, see :numref:`DDS Security Properties for Configuring Authentication`. * - :guilabel:`Identity Certificate` - :required:`Required` Provides |ADMINCONSOLE|’s |DPs| with an |IdentityCert|, as defined by the :property:`dds.sec.auth.identity_certificate` property. For details, see :numref:`DDS Security Properties for Configuring Authentication`. * - :guilabel:`Password` |br| (when :guilabel:`Password required` is checked) - :required:`Only required if the Private Key is encrypted` The password used to decrypt the |PrivateKey|. This field is interpreted as the Base64 encoding of the symmetric key that will be used to decrypt the |PrivateKey|, as defined by the :property:`dds.sec.auth.password` property. If the password is wrong, |ADMINCONSOLE| will fail to create the secure participants and will report multiple errors in the :guilabel:`Console Log`. .. list-table:: Fields to Configure Access Control in |ADMINCONSOLE| :name: Fields to Configure Access Control in Admin Console :widths: 35 65 :header-rows: 1 :class: longtable * - Field - Description * - :guilabel:`Permissions Certificate Authority` - :required:`Required` Provides |ADMINCONSOLE|’s |DPs| with the Permissions CA, as defined by the :property:`dds.sec.access.permissions_ca` property. For details, see :numref:`DDS Security Properties for Configuring Access Control`. * - :guilabel:`Governance Document` - :required:`Required` Provides |ADMINCONSOLE|’s |DPs| with the |GovernanceDoc|, as defined by the :property:`dds.sec.access.governance` property. For details, see :numref:`DDS Security Properties for Configuring Access Control`. * - :guilabel:`Permissions Document` - :required:`Required` Provides |ADMINCONSOLE|’s |DPs| with the |PermissionsDoc|, as defined by the :property:`dds.sec.access.permissions` property. For details, see :numref:`DDS Security Properties for Configuring Access Control`. .. list-table:: Fields to Configure Cryptography in |ADMINCONSOLE| :name: Fields to Configure Cryptography in Admin Console :widths: 35 65 :header-rows: 1 :class: longtable * - Field - Description * - :guilabel:`Encryption Algorithm` - :required:`Required` The algorithm that the Sender uses for the encryption transformation, as defined by the :property:`cryptography.encryption_algorithm` property. For details, see :numref:`RTI Security Plugins Properties for Configuring Cryptography`. .. list-table:: Fields to Configure Logging in |ADMINCONSOLE| :name: Fields to Configure Logging in Admin Console :widths: 35 65 :header-rows: 1 :class: longtable * - Field - Description * - :guilabel:`Security Logging Verbosity (local)` - :required:`Required` The logging verbosity level, as defined by the :property:`logging.verbosity` property. For details, see :numref:`RTI Security Plugins Properties for Configuring Logging`.