Configure a DMZ Secure Proxy Server for IBM WebSphere Application Server using the administrative console

We can create a DMZ Secure Proxy Server for IBM WebSphere Application Server inside of a network deployment cell using the administrative console of an administrative agent. We can then export the secure proxy server to a node in the demilitarized zone (DMZ) into which we can then import the configuration. After the secure proxy server is created on a node in the DMZ, administration can be done locally or it can be done using the Job Manager console.

Before beginning, complete these tasks.

1. Review the information on selecting a front end for the WAS topology. This topic helps you determine whether you should set up a web server plug-in, a proxy server, or a secure proxy server to provide session affinity, failover support, and workload balancing for the WAS topology.

2. Install the DMZ Secure Proxy Server for IBM WebSphere Application Server code.

   See the information on installing the DMZ Secure Proxy Server for IBM WebSphere Application Server image for more details.

3. Create a secure proxy server (configuration-only) profile on a network-deployment installation using either the Profile Management Tool or the manageprofiles command.

   Read about creating secure proxy profiles for more information on creating the profile using the Profile Management Tool.

4. Create an administrative agent profile on the network-deployment installation using either the Profile Management Tool or the manageprofiles command.

   See the page about creating management profiles with administrative agents for additional details.

The DMZ Secure Proxy Server for IBM WAS does not contain a web container and therefore does not have an administrative console. Secure proxy server configurations can also be managed within a network deployment application server cell and then imported locally into the DMZ Secure Proxy Server for IBM WebSphere Application Server using wsadmin commands. The configurations are created and maintained inside the network deployment application server cell as configuration-only profiles. The profiles are registered with the administrative agent and are then managed using the administrative console. You configure the secure proxy server profile in the network deployment application server cell, export the configuration to a configuration archive (CAR) file using the exportProxyProfile or exportProxyServer wsadmin command, transmit the CAR file to the local secure proxy server installation using FTP, and import the configuration into the DMZ Secure Proxy Server for IBM WebSphere Application Server using the importProxyProfile or importProxyServer wsadmin command. You then repeat the process if any changes are made to the secure proxy server configuration.

1. Start an administrative agent on a network-deployment installation.

2. Register the secure proxy (configuration-only) profile with the administrative agent using the registerNode command.

3. Restart the administrative agent.

4. When the administrative agent prompts you with a list of the nodes that it manges, select the node from the secure proxy (configuration-only) profile.

5. From the administrative console of the administrative agent, select Servers > Server Types > WebSphere proxy servers.

6. Click New to access the Proxy Server Creation wizard.

7. Select the DMZ Secure Proxy Server for IBM WebSphere Application Server node.

8. Complete the steps in the wizard to create a new secure proxy server.

   This new secure proxy server will only be used as a configuration. It cannot be started inside of the cell.

9. Set the sipClusterCellName custom property to be the cell name containing the configured cluster of SIP containers. This step applies to the SIP proxy only, and not to the HTTP server. For more information about how to set this custom property, see the information on SIP proxy server custom properties in this information center.

10. Save the configuration.

11. Use wsadmin.sh, connect to the secure proxy server profile.

12. Export the configuration to be used inside of the DMZ; we can export the entire profile or export the server.

    • To export the profile, run the exportProxyProfile command. For example:
      AdminTask.exportProxyProfile('[-archive "c:/myCell.car"]')

    • To export the server, run the exportProxyServer command. For example:
      AdminTask.exportProxyServer ('[-archive c:\myServer.ear -nodeName node1 -serverName proxy1]')

13. Use FTP, transfer the configuration archive to the local secure proxy server node.

14. Start wsadmin.sh on the secure proxy server profile.

15. Import the entire profile, or import the server.

    • Use the importProxyProfile command to import the profile. In the following example, the existing secure proxy server in the profile is replaced with the server in the imported proxy profile; for example:
      AdminTask.importProxyProfile(['-archive', 'c\myCell.car', '-deleteExistingServers', 'true'])
      AdminTask.importProxyProfile(['-archive', '/myCell.car', '-deleteExistingServers', 'true'])

    • Use the importProxyServer command to import the server. In the following example, the existing secure proxy server is replaced with the imported proxy server; for example:

      AdminTask.importProxyServer('[-archive c:\myServer.ear -nodeInArchive node1 -serverInArchive proxy1
       -deleteExistingServer true]')

      AdminTask.importProxyServer('[-archive /myServer.ear -nodeInArchive node1 -serverInArchive proxy1
       -deleteExistingServer true]')

16. Save the configuration changes.

    Use the following command example to save the configuration changes:

    AdminConfig.save()

Results

Successful completion of this procedure results in deployment of the DMZ Secure Proxy Server for IBM WAS on a node in the DMZ.

What to do next

We can now start and begin to use the DMZ Secure Proxy Server for IBM WebSphere Application Server.

Subtopics

• Configure secure routing for a DMZ Secure Proxy Server for IBM WebSphere Application Server
  We can configure the DMZ Secure Proxy Server for IBM WebSphere Application Server to route requests statically or dynamically.

Related concepts

Select a front end for the WAS topology

WebSphere DMZ Secure Proxy Server for IBM WebSphere Application Server

Related tasks

Install and uninstall the DMZ Secure Proxy Server on distributed operating systems

(iseries) Install and uninstall the DMZ Secure Proxy Server for IBM WAS on IBM i systems

Create management profiles with administrative agents

Create secure proxy profiles

DMZ Secure Proxy Server for IBM WebSphere Application Server administration options

Administer stand-alone nodes using the administrative agent

Administer nodes remotely using the job manager

Configure secure routing for a DMZ Secure Proxy Server for IBM WebSphere Application Server

Start the wsadmin scripting client

startServer command

SIP proxy server custom properties