CONFIGURING


Security in a cluster

The ICM supports TLS. The ICM can use the same TLS certificates that the Domino® Web server uses, or you can specify a different set of TLS certificates for the ICM. You configure this on the Server Tasks -> Internet Cluster Manager tab of the Server document. The ICM uses settings on the Ports -> Internet Ports tab of the Server document to determine the TLS protocol version and whether to accept expired certificates.

In addition, normal Domino server and database security are in effect when using the ICM. The ICM, however, does not participate in the security process. When an HTTP client wants to access a database, it sends an anonymous request to the ICM. The ICM responds by telling the client which server to access. The client then redirects its request to the appropriate server. The server then establishes a dialog with the client and uses whatever security measures are in effect on that server to authenticate the user. If you want to protect the ICM itself from unauthorized access, you can secure your network with a firewall or another hardware security system.

Related concepts
Network security
Failover and workload balancing