Skip to Main Content
Digital Business Automation Ideas


This is an IBM Automation portal for Digital Business Automation products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Please use the following category to raise ideas for these offerings for all environments (traditional on premises, containers, on cloud):
  • Cloud Pak for Business Automation - including Business Automation Studio and App Designer, Business Automation Insights

  • Business Automation Workflow (BAW) - including BAW, Business Process Manager, Workstream Services, Business Performance Center, Advanced Case Management

  • Content Services - FileNet Content Manager

  • Content Services - Content Manager OnDemand

  • Content Services - Daeja Virtual Viewer

  • Content Services - Navigator

  • Content Services - Content Collector for Email, Sharepoint, Files

  • Content Services - Content Collector for SAP

  • Content Services - Enterprise Records

  • Content Services - Content Manager (CM8)

  • Datacap

  • Automation Document Processing

  • Automation Decision Services (ADS)

  • Operational Decision Manager

  • Robotic Process Automation

  • Robotic Process Automation with Automation Anywhere

  • Blueworks Live

  • Business Automation Manager Open Edition

  • IBM Process Mining


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Planned for future release
Created by Guest
Created on Oct 20, 2023

Allow securing IBM Automation Foundation Kafka routes by customer-provided certificates

Customer is on 21.0.3 version and soon planning to upgrade to 24.0.0 version , in this case IAF will be replaced by CPfs. Need to check if asked problem will be resolved or not after upgrade ?

...................................

Customer is using a CP4BA cluster and a standalone ODM embedded in Cloudera. The standalone ODM sends events to CP4BA Business Automation Insights via the IBM Automation Foundation (IAF) Kafka route exposed by CP4BA. The default security mechanism for IAF Kafka instance uses a self-signed certificate and this is breaking the security audit rules for the customer which requires all communications to be protected by the certificates signed by customer's own root and intermediate CA chain.

The only currently supported mechanism in CP4BA to secure the IAF Kafka route by customer-provided certificate requires configuration of a custom Issuer for IBM Certificate Manager framework to dynamically generate a leaf cert protecting Kafka endpoint. However this mechanism is not acceptable to the customer either as such custom Issuer would need to be configured as an instance of the Intertim CA including private key for Interim CA so it can generate and sign leaf certificates on demand. The customer security rules do not allow deploying private keys for Interim CA in CP4BA environments.

The ask is to enable a configuration option in AutomationBase CR or similar to specify a customer-provided leaf certificate alreafy issued and signed by customer CA chain, similar to how custom certs are specified via a secret in all other Cloud pak endpoints

Idea priority High
  • Guest
    Reply
    |
    Jan 24, 2024

    The customer is on CP4BA 21.0.3

  • Admin
    Gyanendra S Rathor
    Reply
    |
    Jan 24, 2024

    Thank you for sharing insights into your current environment, leveraging CP4BA in conjunction with a standalone ODM embedded in Cloudera. To ensure we align our support and future enhancements effectively, could you kindly provide details regarding the specific version of CP4BA you are currently utilizing?