You can create a DMZ Secure Proxy Server for IBM® WebSphere® Application Server inside of
a network deployment cell using the administrative console of an administrative agent. You can then
export the secure proxy server to a node in the demilitarized zone (DMZ) into which you can then
import the configuration. After the secure proxy server is created on a node in the DMZ,
administration can be done locally or it can be done using the Job Manager console.
Deprecated feature: DMZ Secure Proxy Server is
deprecated. As an alternative, consider using IBM HTTP Server,
the Web Server Plug-ins.
For more information, see
Deprecated
features.
Before you begin
Before you begin, complete these tasks.
- Review the information on selecting a front end for your WebSphere Application Server topology. This topic helps you determine whether you
should set up a web server plug-in, a proxy server, or a secure proxy server to provide session
affinity, failover support, and workload balancing for your WebSphere Application Server topology.
- Install the DMZ Secure Proxy Server for IBM WebSphere Application Server code.
See the
information on installing the DMZ Secure Proxy Server for IBM WebSphere Application Server image
for more details.
- Create a secure proxy server (configuration-only) profile on a network-deployment installation
using either the Profile Management Tool or the manageprofiles command.
Read
about creating secure proxy profiles for more information on creating the profile using the Profile
Management Tool.
- Create an administrative agent profile on the network-deployment installation using either the
Profile Management Tool or the manageprofiles command.
See the page about
creating management profiles with administrative agents for more details.
About this task
The DMZ Secure Proxy Server for IBM WebSphere Application Server does
not contain a web container and therefore does not have an administrative
console. Secure proxy server configurations can also be managed within
a network deployment application server cell and then imported locally
into the DMZ Secure Proxy Server for IBM WebSphere Application Server using
wsadmin commands. The configurations are created and maintained inside
the network deployment application server cell as configuration-only
profiles. The profiles are registered with the administrative agent
and are then managed using the administrative console. You configure
the secure proxy server profile in the network deployment application
server cell, export the configuration to a configuration archive (CAR)
file using the exportProxyProfile or exportProxyServer wsadmin
command, transmit the CAR file to the local secure proxy server installation
using FTP, and import the configuration into the DMZ Secure Proxy Server for IBM WebSphere Application Server using
the importProxyProfile or importProxyServer wsadmin
command. You then repeat the process if any changes are made to the
secure proxy server configuration.
Procedure
- Start an administrative agent on a network-deployment installation.
- Register the secure proxy (configuration-only) profile
with the administrative agent using the registerNode command.
- Restart the administrative agent.
-
When the administrative agent prompts you with a list of the nodes that it manages, select the
node from the secure proxy (configuration-only) profile.
- From the administrative console of the administrative agent,
select .
- Click New to access the Proxy Server
Creation wizard.
- Select the DMZ Secure Proxy Server for IBM WebSphere Application Server node.
- Complete the steps in the wizard to create a new secure
proxy server.
This new secure proxy server will only
be used as a configuration. It cannot be started inside of the cell.
- Set the sipClusterCellName custom
property to be the cell name that contains the configured cluster
of SIP containers.
This step applies to the SIP proxy only,
and not to the HTTP server. For more information about how to set
this custom property, see the information on SIP proxy server custom
properties in this documentation.
- Save the configuration.
- Using the wsadmin tool, connect to the secure proxy server
profile.
- Export your configuration to be used inside of the DMZ;
you can export the entire profile or export the server.
- Using FTP, transfer the configuration archive to the local
secure proxy server node.
- Start the wsadmin tool on the secure proxy server profile.
- Import the entire profile, or import the server.
- Use the importProxyProfile command to import
the profile. In the following example, the existing secure proxy server
in the profile is replaced with the server in the imported proxy profile;
for example:
AdminTask.importProxyProfile(['-archive', 'c\myCell.car', '-deleteExistingServers', 'true'])
AdminTask.importProxyProfile(['-archive', '/myCell.car', '-deleteExistingServers', 'true'])
- Use the importProxyServer command to import
the server. In the following example, the existing secure proxy server
is replaced with the imported proxy server; for example:
AdminTask.importProxyServer('[-archive c:\myServer.ear -nodeInArchive node1 -serverInArchive proxy1
-deleteExistingServer true]')
AdminTask.importProxyServer('[-archive /myServer.ear -nodeInArchive node1 -serverInArchive proxy1
-deleteExistingServer true]')
- Save the configuration changes.
Use the following command example to save your configuration
changes:
AdminConfig.save()
Results
Successful completion of this procedure results in deployment
of the DMZ Secure Proxy Server for IBM WebSphere Application Server on
a node in the DMZ.
What to do next
You can now start and begin to use your DMZ Secure Proxy Server for IBM WebSphere Application Server.