Network Deployment (Distributed operating systems), v8.0 > Set up intermediary services > Set up the proxy server > Tune the security properties for the DMZ Secure Proxy Server for IBM WAS
DMZ Secure Proxy Server for IBM WAS administration options
The DMZ Secure Proxy Server for IBM WAS is administered differently than the WebSphere proxy server. The DMZ Secure Proxy Server for IBM WAS is a separate binary installed in the DMZ. Installing the DMZ Secure Proxy Server for IBM WAS in the DMZ requires that administration be managed differently for security reasons. Several administrative options are available for administering the DMZ Secure Proxy Server for IBM WAS to provide different levels of balance between security and usability.
The most secure way to administer the DMZ Secure Proxy Server for IBM WAS is locally using wsadmin. The DMZ Secure Proxy Server for IBM WAS does not have web container. Therefore, local administration can only be done via the command line. Using the wsadmin commands locally to manage the DMZ Secure Proxy Server for IBM WAS is the most secure option available because it does not require any external listening ports to be opened.
The DMZ Secure Proxy Server for IBM WAS configurations can also be managed within the network deployment application server cell and then imported locally using the wsadmin commands. The configurations are maintained inside the cell as configuration only profiles. The profiles are registered with the Admin Agent and are then managed using the admin console. After you implement any changes to the profile, you export the configuration to a configuration archive (CAR) file using the exportProxyProfile or exportProxyServer wsadmin commands. After you transmit the CAR file to the local DMZ Secure Proxy Server for IBM WAS installation using ftp, the CAR file is imported using the importProxyProfile or importProxyServer wsadmin commands. This option is also considered to be local administration.
Due to security reasons, the number of listening ports on the secure proxy is minimized. You might not be able to manage, start, stop the secure proxy from the admin agent or the job manager remotely when admin security is enabled.
WebSphere DMZ Secure Proxy Server for IBM WAS
DMZ Secure Proxy Server for IBM WAS start up user permissions
DMZ Secure Proxy Server for IBM WAS routing considerations
Error handling security considerations for the DMZ Secure Proxy Server for IBM WAS
Administrative agent
Job manager
Administer jobs in a flexible management environment using wsadmin.sh
Tune the security properties for the DMZ Secure Proxy Server for IBM WAS
Related
ConfigArchiveOperations command group using wsadmin.sh
ProxyManagement command group