IBM Sterling B2B Integrator v5.2.6.x will be reaching End of Support by September 2021, so now is the time for customers on these versions to start planning to upgrade. Staying ahead of security standards and practices is important. So, IBM Sterling B2B Integrator v6.0.x/v6.1.x includes several new security features and enhancements as well as other major tech-stack upgrades. This blog will help you understand what’s new, so you can move forward with confidence.
New security features in IBM Sterling B2B Integrator v6.x
Securing communication between IBM Sterling B2B Integrator and the database by enabling Transport Layer Security (TLS) options – Available with v184.108.40.206 onwards
There are several ways to secure the communication channel between IBM Sterling B2B Integrator and the database during runtime and during the install or upgrade process. See below for details on support for your specific database.
- Support for Oracle TLS during install, upgrade and runtime was added with 220.127.116.11. Details on the requirements and steps, are available here: Configuring SSL in Oracle (ibm.com)
Securing the file with native Pretty Good Privacy (PGP) options – Available with v6.1 onwards
IBM Sterling B2B Integrator provides support for local PGP key management and the ability to perform cryptographic operations with locally generated or external PGP keys. You can perform operations like encryption, decryption, signing and verification using the PGP services provided with the IBM Sterling B2B Integrator application. You can also perform create, read, update and delete operations on PGP keys, either using the dashboard UI or REST APIs exposed for PGP. For more information, please visit: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.1.0/administering/administering/integrator/SI_NativePGP_Intro.html
Security vulnerabilities and fix packs
All the security vulnerabilities for Sterling B2B Integrator can be found at: IBM Sterling B2B Integrator: List of security vulnerabilities (cvedetails.com)
Lightweight Directory Access Protocol (LDAP) adapter configuration to use Secure Sockets Layer (SSL) – Available with v18.104.22.168 onwards
The LDAP adapter can now be configured to use SSL/TLS with Sterling B2B Integrator. You must generate the certificate and the keystore to connect to the LDAP Server over SSL. For detailed instructions, go to: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/security/security/integrator/SI_ConfigLDAP_SSL_TLS_withSI.html
Password policy enhancements – Available with v6.0.2 onwards
The password policies are enhanced with v22.214.171.124 to now support many more password configurations and validations to strengthen and streamline your security operations. Please refer to the link for more details: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.2/security/security/integrator/SI_PwdPolicies.html
Support for Signature Class A and B – Available with v6.0.1 onwards
The Electronic Banking Internet Communication Standard (EBICS) server now supports Signature Class A and B for order authorization. For more information, see Create an Offer and Edit User Permission in the links below: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.1/overview/overview/integrator/EBICS_Create_Offer.html
Security configurations for Docker installation – Available with v6.0.1 onwards
It’s now easier for the end user to define and declare the security parameters for the Docker setup. With v6.0.1, the user can override the security configurations using the setup.cfg file for a Docker installation. For more information, see: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.1/installing/installing/integrator/overriding_security_configurations.html
Major tech-stack upgrades
In addition to staying current with software security standards and practices, it’s also important to comply with highly secure standards in other areas of the technology stack and remain up to date with the latest patches/fixes. Following are the major new upgrades to the Operating System, Database and other tech-stack elements to help strengthen your security operations.
- Linux OS: 1, RHEL 7.2, RHEL8, CentOS7, CentOS8, Linux System z
- Databases: DB2 – 11.5, MSSQL – 2019, Oracle – 18c, 19c
- Some critical security stack upgrades: Jetty jars, Spring jars, XML databind jars, 3sp Jars, Jgroups Upgrade
For a complete list of tech-stack upgrades and more details, please visit: https://www.ibm.com/software/reports/compatibility/clarity/osForProduct.html
Get started with upgrades#Featured-area-1#Featured-area-1-home
Start planning for these upgrades now, so you can start taking advantage of these security enhancements. If you have any questions, please get it touch with IBM Support.