Use the Administration Thin Client

With the Administration Thin Client, we can run wsadmin.sh or a standalone administrative Java program with only a couple of JAR files. This reduces the amount of time that it takes for wsadmin.sh to start and improved performance. This information should be used to set up JMX client programs.

Verify that the IBM Software Development Kit (SDK) is installed on the Administration Thin Client. IBM recommends that you use the same IBM SDK as the server that it will connect to in the administrative Thin Client environment.

Important: The Administration Thin Client is supported for the IBM SDKs. It is also supported for the corresponding Oracle Java Development Kit (JDK) with the same major version, provided that:

• The client administration application uses only the SOAP connector.

• The client administration application uses the com.ibm.websphere.management.AdminClientFactory API to get the JMX client.

: We cannot run a thin administrative client with the -conntype NONE option.

We cannot use the Administration Thin Client to manage feature packs nor deploy application artifacts that are specific to feature packs.

The Administration Thin Client does not support the installation of SIP Application Archive (SAR) files or editing applications that use an external Java Authorization Contract for Containers (JACC) provider, such as the Tivoli Access Manager.

The Administrative Thin Client does not support passing the Kerberos token to a server. It only supports basic authentication, which passes the user ID and password.

The Administration Thin Client does not support co-existence with other thin clients.

The Administration Thin Client on the z/OS platform does not use localcomm.

For tracing and logging information for the Administration Thin Client, see Enable trace on client and stand-alone applications.

1. Make the Administration Thin Client JAR files available by copying com.ibm.ws.admin.clientXXX.jar from a WAS environment to an environment outside of WAS, for example, c:\MyThinClient. The com.ibm.ws.admin.client_8.5.0.jar Administration Thin Client JAR file is located in one of the following locations:

   • The AppServer/runtimes directory.

   • The AppClient/runtimes directory, if you optionally selected the Administration Thin Client when you installed the application client.

2. Use the Administration Thin Client JAR files to compile and test administration client programs. For Java applications, we can compile and run the JAR files within a standard Java 2 Platform, Standard Edition environment. For more information, see the Compiling an administration application using the Thin Administration Client topic.

3. Copy the messages directory from the app_server_root/properties directory to the C:\MyThinClient\properties directory.

4. If security is turned on, we also need the following files:

   • Copy the com.ibm.ws.security.crypto.jar file from either the AppServer/plugins directory or the AppClient/plugins directory and put it in the C:\MyThinClient directory.

   • For the IPC connector, optionally copy the ipc.client.props file from the AppServer\profiles\profileName/properties or the AppClient\properties directory and put it in the C:\MyThinClient\properties directory. Alternatively, we can set the properties in the ipc.client.props file programmatically in the Java code.

   • For the SOAP connector, optionally copy the soap.client.props file from the AppServer\profiles\profileName\properties directory and put it in the C:\MyThinClient\properties directory. Then, enable the client security by setting the com.ibm.CORBA.securityEnabled property to true. Alternatively, we can set the properties in the soap.client.props file programmatically in the Java code.

   • If we are using RMI or JSR160RMI connectors, copy the sas.client.props file from the AppServer/profiles/profileName/properties directory and put it in the C:\MyThinClient\properties directory.

     If there is a firewall in the installation and the application client uses RMI to receive notifications, you might get a RemoteException error after trying to deploy an application. A notifications listener with RMI does not work across a firewall because it requires a listener port on the client listening for notifications. This listener port is not directly accessible when the server tries to send notifications back to the client port. Instead of RMI, use a SOAP connector, which polls for notifications.

   • Copy the wsjaas_client.conf files from either the AppServer\profiles\profileName/properties directory or the AppClient/properties directory, and put them in the C:\MyThinClient\properties directory.

   • Copy or generate ssl.client.props from either the AppServer\profiles\profileName/properties directory or the AppClient/properties directory and put it in the C:\MyThinClient\properties directory. : This file contains the user.root property. We must modify the value to the thin client directory, for example, C:\MyThinClient.

   • For the IBM SDK, copy the key.p12 and trust.p12 files from AppServer\profiles\profileName\etc directory and put it to C:\MyThinClient\etc directory. To complete this task, copy the file to the thin client directory or run a script to generate the file. For more information, see the following topics:

     • ssl.client.props client configuration file

     • Interoperating with previous product versions

     • retrieveSigners command

     • Secure installation for client signer retrieval in SSL

   • For the Sun JDK, change the following properties in ssl.client.props so that it uses JKS key and truststores and Sun Microsystems implementations on the key and trust managers:

     com.ibm.ssl.alias=DefaultSSLSettings
     com.ibm.ssl.protocol=SSL
     com.ibm.ssl.securityLevel=HIGH
     com.ibm.ssl.trustManager=SunX509
     com.ibm.ssl.keyManager=SunX509
     com.ibm.ssl.contextProvider=SunJSSE
     com.ibm.ssl.enableSignerExchangePrompt=gui
      # Keystore information com.ibm.ssl.keyStoreName=ClientDefaultKeyStore
     com.ibm.ssl.keyStore=${user.root}/etc/keystore.jks
     com.ibm.ssl.keyStorePassword=keystore_password
     com.ibm.ssl.keyStoreType=JKS
     com.ibm.ssl.keyStoreProvider=SUN
     com.ibm.ssl.keyStoreFileBased=true
      # Truststore information com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
     com.ibm.ssl.trustStore=${user.root}/etc/truststore.jks
     com.ibm.ssl.trustStorePassword=truststore_password
     com.ibm.ssl.trustStoreType=JKS
     com.ibm.ssl.trustStoreProvider=SUN
     com.ibm.ssl.trustStoreFileBased=true

5. Launch the Administration Thin Client or run wsadmin.sh remotely in a Java 2 Platform, Standard Edition environment. To launch the administration application, use the following sample launch scripts:

   For the Oracle JDK, set the com.ibm.websphere.thinclient JVM property to true.
   

   set WAS_HOME=c:\MyThinClient  set USER_INSTALL_ROOT=%WAS_HOME%  set JAVA_HOME=location_of_the_JRE_file   @REM C_PATH is the class path.  Add to it as needed.  set C_PATH=%WAS_HOME%\com.ibm.ws.admin.client_8.5.0.jar;%WAS_HOME%\com.ibm.ws.security.crypto.jar  set SOAPURL=-Dcom.ibm.SOAP.ConfigURL=%WAS_HOME%\properties\soap.client.props   set TC=-Dcom.ibm.websphere.thinclient=true
    if exist %JAVA_HOME%\bin\java.exe (     set JAVA_EXE=%JAVA_HOME%\bin\java  ) else (     set JAVA_EXE=%JAVA_HOME%\jre\bin\java  )   %JAVA_EXE%  -classpath "%C_PATH%" %TC% -Duser.install.root=%USER_INSTALL_ROOT%  -Dcom.ibm.SSL.ConfigURL=file:%WAS_HOME%/properties/ssl.client.props %SOAPURL% your_class_file

   
   

   (iseries)

   (zos)

   #!/bin/bash WAS_HOME=/MyThinClient  USER_INSTALL_ROOT=${WAS_HOME}
   JAVA_HOME=location_of_the_JRE_file
    # C_PATH is the class path.  Add to it as needed.  C_PATH=${WAS_HOME}/com.ibm.ws.admin.client_8.5.0.jar:${WAS_HOME}/com.ibm.ws.security.crypto.jar  SOAPURL=-Dcom.ibm.SOAP.ConfigURL=${WAS_HOME}/properties/soap.client.props   TC=-Dcom.ibm.websphere.thinclient=true
    if [[ -f ${JAVA_HOME}/bin/java ]]; then    JAVA_EXE="${JAVA_HOME}/bin/java"
   else
      JAVA_EXE="${JAVA_HOME}/jre/bin/java"
   fi
    ${JAVA_EXE}  -classpath "${C_PATH}" $TC -Duser.install.root=${USER_INSTALL_ROOT}  -Dcom.ibm.SSL.ConfigURL=file:${WAS_HOME}/properties/ssl.client.props ${SOAPURL} your_class_file

Subtopics

• Compiling an administration application using the Thin Administration Client
  Use wsadmin.sh to use the thin administrative client to compile an application.

• Run wsadmin.sh remotely in a Java 2 Platform, Standard Edition environment
  The thin administrative client adds JAR files that support administrative client functions that we can use with IBM Developer Kits For the Java Platform.

• Auditing invocations of wsadmin.sh
  Run the following wsadmin scripts as part of the environment setup: create the cluster definition, create data sources and JMS object configuration, or install one or more EAR files that comprise the hosted software on the application server. Each of the scripts, wsadmin and non-wsadmin, need to support the ability to capture a log of the activity performed when you run the script.

• Directory conventions
  References in product information to app_server_root, profile_root, and other directories imply specific default directory locations. Become familiar with the conventions in use for WebSphere Application Server.

Related concepts

Secure installation for client signer retrieval in SSL

Related tasks

Interoperating with previous product versions

Use wsadmin scripting

Enable trace on client and stand-alone applications

Start the wsadmin scripting client

ssl.client.props client configuration file

retrieveSigners command

Related information:

IBM WebSphere Developer Technical Journal: System Administration for WebSphere Application Server V5 -- Part 3