B2B Integration

IBM Sterling B2B Integrator v5.2.6.x will be reaching End of Support by September 2021, so now is the time for customers on these versions to start planning to upgrade. Staying ahead of security standards and practices is important. So, IBM Sterling B2B Integrator v6.0.x/v6.1.x includes several new security features and enhancements as well as other major tech-stack upgrades. This blog will help you understand what’s new, so you can move forward with confidence.

New security features in IBM Sterling B2B Integrator v6.x

Securing communication between IBM Sterling B2B Integrator and the database by enabling Transport Layer Security (TLS) options – Available with v6.0.1.0 onwards

There are several ways to secure the communication channel between IBM Sterling B2B Integrator and the database during runtime and during the install or upgrade process. See below for details on support for your specific database.

• Support for TLS for MSSQL during install, upgrade and runtime is provided with 6.0.1.0. More details can be found at: Securing connection using TLS for Microsoft SQL Server (ibm.com)

• Support for Oracle TLS during install, upgrade and runtime was added with 6.0.1.0. Details on the requirements and steps, are available here: Configuring SSL in Oracle (ibm.com)

• Secure communication can also be enabled using DB2. Support is added for runtime, and not for install or upgrade. For more details, please see: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.2/installing/installing/integrator/DB2_SSL_runtime.html

Securing the file with native Pretty Good Privacy (PGP) options – Available with v6.1 onwards

IBM Sterling B2B Integrator provides support for local PGP key management and the ability to perform cryptographic operations with locally generated or external PGP keys. You can perform operations like encryption, decryption, signing and verification using the PGP services provided with the IBM Sterling B2B Integrator application. You can also perform create, read, update and delete operations on PGP keys, either using the dashboard UI or REST APIs exposed for PGP. For more information, please visit: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.1.0/administering/administering/integrator/SI_NativePGP_Intro.html

Security vulnerabilities and fix packs

All the security vulnerabilities for Sterling B2B Integrator can be found at: IBM Sterling B2B Integrator: List of security vulnerabilities (cvedetails.com)

• List of Security Fixes and APARs in 6.0.X.X: https://www.ibm.com/support/pages/fix-list-sterling-b2b-integrator-v60
• List of Security Fixes and APARs in 6.1: https://www.ibm.com/support/pages/node/6335211

Lightweight Directory Access Protocol (LDAP) adapter configuration to use Secure Sockets Layer (SSL) – Available with v6.0.0.0 onwards

The LDAP adapter can now be configured to use SSL/TLS with Sterling B2B Integrator. You must generate the certificate and the keystore to connect to the LDAP Server over SSL. For detailed instructions, go to: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/security/security/integrator/SI_ConfigLDAP_SSL_TLS_withSI.html

Password policy enhancements – Available with v6.0.2 onwards
The password policies are enhanced with v6.0.2.0 to now support many more password configurations and validations to strengthen and streamline your security operations. Please refer to the link for more details: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.2/security/security/integrator/SI_PwdPolicies.html

Support for Signature Class A and B – Available with v6.0.1 onwards
The Electronic Banking Internet Communication Standard (EBICS) server now supports Signature Class A and B for order authorization. For more information, see Create an Offer and Edit User Permission in the links below: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.1/overview/overview/integrator/EBICS_Create_Offer.html

https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.1/overview/overview/integrator/EBICS_Edit_User_Permission.html

Security configurations for Docker installation – Available with v6.0.1 onwards
It’s now easier for the end user to define and declare the security parameters for the Docker setup. With v6.0.1, the user can override the security configurations using the setup.cfg file for a Docker installation. For more information, see: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.1/installing/installing/integrator/overriding_security_configurations.html

Major tech-stack upgrades
In addition to staying current with software security standards and practices, it’s also important to comply with highly secure standards in other areas of the technology stack and remain up to date with the latest patches/fixes. Following are the major new upgrades to the Operating System, Database and other tech-stack elements to help strengthen your security operations.

• Linux OS: 1, RHEL 7.2, RHEL8, CentOS7, CentOS8, Linux System z
• Databases: DB2 – 11.5, MSSQL – 2019, Oracle – 18c, 19c
• Some critical security stack upgrades: Jetty jars, Spring jars, XML databind jars, 3sp Jars, Jgroups Upgrade

For a complete list of tech-stack upgrades and more details, please visit: https://www.ibm.com/software/reports/compatibility/clarity/osForProduct.html

Get started with upgrades
Start planning for these upgrades now, so you can start taking advantage of these security enhancements. If you have any questions, please get it touch with IBM Support.