About SIMULIA Execution Engine Security

The SIMULIA Execution Engine is a distributed computing infrastructure with a wide range of security features implemented at different levels, at different points in the infrastructure, and using different operating system and middleware facilities. This section describes how an administrator can use some of these features to secure the overall computing environment.

The SIMULIA Execution Engine administrator can pick and choose which features to implement and can add features over time to improve the security of the system. It might be desirable to start with an open system for prototyping or proof-of-concept implementations and then apply more security features as the needs of your organization dictate. It is important for the SIMULIA Execution Engine administrator to read and understand the significance of each security feature to decide if it is appropriate for a specific environment.

Some aspects of SIMULIA Execution Engine security are provided by the native operating systems (such as file access security), some are provided by database and application server middleware, and some are built into the SIMULIA Execution Engine system itself. Some basic knowledge of all of these areas is necessary to make a determination of which features should be applied in a given environment. In addition, a basic understanding of the security tools provided by those systems is also essential to configure and deploy SIMULIA Execution Engine security features. This section provides step-by-step instructions for activating these security features, as well as a discussion of the systems involved, which will aid the SIMULIA Execution Engine administrator in determining the proper configuration for a specific computing environment.

Some security features described in this section interact with other SIMULIA Execution Engine features or have prerequisites. Such interactions and prerequisites are described in each section as appropriate.

About Database Security

Regardless of which SIMULIA Execution Engine security features are used, the SIMULIA Execution Engine database is always protected by the application server and database middleware layers.

This arrangement is shown in the figure below.

SIMULIA Execution Engine Architecture

The only access to the database is via the WebSphere application server. The application server is configured with the proper credentials to access the database and maintains the only secure connection with the database. The database is not directly exposed to any SIMULIA Execution Engine user. The SIMULIA Execution Engine does not support direct database connections, but it does not prevent them if the database administrator has given such access using tools outside of the SIMULIA Execution Engine.

About the Open (Non-secure) Configuration Option

The default installation of the SIMULIA Execution Engine provides an open environment. In this type of environment, no security is provided and user access is not controlled via user names and passwords.

Most other security features of the SIMULIA Execution Engine are disabled or ineffective in this mode. For example, although Access Control Lists can be defined, the control lists are not useful since all users share a single user ID. Furthermore, SIMULIA Execution Engine Federation (B2B) features will not function in this open configuration. This mode of operation is useful to verify correct operation of the system during a new installation or for prototyping and proof-of-concept environments.

Following the procedures described in About Configuring WebSphere will produce this type of environment. Any user with physical network access to the SIMULIA Execution Engine can perform any function on the SIMULIA Execution Engine or SIMULIA Execution Engine stations. Administrators should be aware that no credentials are required to access the SIMULIA Execution Engine and execute models, update the SIMULIA Execution Engine library, use the Dashboard or WebDashboard applications, or start or stop stations. In this configuration the application server makes no attempt to authenticate users who log on to the SIMULIA Execution Engine, and all users are considered to have the same user ID (“<anonymous>”). Any user that can achieve a physical network connection with the SIMULIA Execution Engine can perform these tasks.

About Federation Security

Security configuration for the SIMULIA Execution Engine Federation feature is described in About Federation Security in the SIMULIA Execution Engine Federation (B2B) Guide.