DMZ Secure Proxy Server installation information

DMZ Secure Proxy Server installation information

Installation requirements, examples, and other information for installing and uninstalling the DMZ Secure Proxy Server for IBM WebSphere Application Server. DMZ Secure Proxy Server for IBM WAS delivers a high performance reverse proxy capability that can be used at the edge of the network to route, load balance, and improve response times for requests to web resources.

About the DMZ Secure Proxy Server
Requirements
Repositories and offering IDs
Installation examples
Usage notes
Uninstallation examples

About the DMZ Secure Proxy Server

The DMZ Secure Proxy Server for IBM WAS enables us to install your proxy server in the demilitarized zone (DMZ), while reducing the security risk that might occur if we choose to install an application server in the DMZ to host a proxy server. The risk is reduced by removing any functionality from the application server that is not required to host the proxy servers, but that can pose a security risk.

Before installing the DMZ Secure Proxy Server, plan your topology and determine where to install each component. The DMZ Secure Proxy Server is typically installed on a separate machine from WAS. For information about planning administrative topologies, see Planning to install WAS.

Requirements

In addition to the following requirements, the system might require other prerequisites so that we can install WAS offerings. For more information, see Prepare the operating system for product installation.

For transitioning users: IBM SDK is no longer embedded with the DMZ Secure Proxy Server for WAS. The Java SDK is available as a separate offering that must be installed when we install the DMZ Secure Proxy Server.IBM SDK, v8 is the Java SDK version for WAS v9.0.trns
The DMZ Secure Proxy Server requires up to 350 MB of disk space.

Repositories and offering IDs

To install the DMZ Secure Proxy Server from the online service repository, use the following repository URL with Installation Manager:
http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90
When we use the command line or response files to install, uninstall, or otherwise modify the DMZ Secure Proxy Server, specify the main offering ID. We can also add a comma-separated list of optional features to install.
Offering ID Optional feature IDs Default features
DMZ Secure Proxy Server for IBM WAS
com.ibm.websphere.NDDMZ.v90
core.feature: DMZ Secure Proxy Server for IBM WAS
This feature must be specified to specify the following optional subfeature:

thinclient: Standalone thin clients and resource adapters

No default features
For a complete list of product repositories and offering IDs, see Online product repositories for WAS offerings and WAS product offerings for supported operating systems.

Installation examples

All WAS offerings are installed using IBM Installation Manager. For step-by-step instructions for installing product offerings, see Install the product offerings.

(Dist) Important: Because IBM SDK Java Technology Edition is no longer embedded with the product, specify both the DMZ Secure Proxy Server offering ID (com.ibm.websphere.NDDMZ.v90) and the IBM Java SDK offering ID (com.ibm.java.jdk.v8). The DMZ Secure Proxy Server cannot be installed without a Java SDK.
Command-line examples
For step-by-step instructions for installing using the command line, see Install the product offerings using the command line.

(Windows)
imcl.exe install com.ibm.websphere.NDDMZ.v90 com.ibm.java.jdk.v8
  -repositories http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90 
  -installationDirectory "C:\IBM\WebSphere\AppServer"
  -sharedResourcesDirectory "C:\IBM\IMShared"
  -preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts'/>=false
  -secureStorageFile C:\IM\credential.store -masterPasswordFile C:\IM\master_password.txt
  -log installv9dmz.xml
  -acceptLicense
  -showProgress
(Linux)
./imcl install com.ibm.websphere.NDDMZ.v90 com.ibm.java.jdk.v8
  -repositories http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90 
  -installationDirectory /opt/IBM/WebSphere/AppServer
  -sharedResourcesDirectory /opt/IBM/IMShared
  -preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false
  -secureStorageFile /var/IM/credential.store -masterPasswordFile /var/IM/master_password.txt
  -log installv9dmz.xml
  -acceptLicense
  -showProgress
(iSeries)
./imcl install com.ibm.websphere.NDDMZ.v90
  -repositories https://downloads.mycorp.com:8080/WAS_90_repository
  -installationDirectory /QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ
  -properties was.install.os400.profile.location=/QIBM/UserData/WebSphere/AppServer/V9/NDDMZ
  -sharedResourcesDirectory /QIBM/UserData/InstallationManager/IMShared
  -secureStorageFile $HOME/WASFiles/temp/credential.store
  -acceptLicense
  -showProgress
Response file example
For step-by-step instructions for installing using a response file, see Install the product offerings using response files.

(Windows)
<?xml version="1.0" encoding="UTF-8"?>
<agent-input clean="true" temporary="true">
<server>
<repository location="http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90" />
</server>
<install modify='false'>
<offering id='com.ibm.websphere.NDDMZ.v90' 
  profile='DMZ Secure Proxy Server for IBM WAS V9.0' 
  features='core.feature,thinclient' installFixes='none'/>
<offering id='com.ibm.java.jdk.v8'
  profile='DMZ Secure Proxy Server for IBM WAS V9.0'
  features='com.ibm.sdk.8'/>
</install>
<profile id='DMZ Secure Proxy Server for IBM WAS V9.0' 
  installLocation='C:\IBM\WebSphere\AppServer'>
<data key='eclipseLocation' value='C:\IBM\WebSphere\AppServer'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.nl' value='en'/>
</profile>
</agent-input>
(iSeries)
<?xml version="1.0" encoding="UTF-8"?>
<agent-input>
<server>
  <repository location='http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90'/>
</server>
<profile id='DMZ Secure Proxy Server for IBM WAS V9.0' installLocation='/QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ'>
  <data key='eclipseLocation' value='/QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ'/>
  <data key='was.install.os400.profile.location' value='/QIBM/UserData/WebSphere/AppServer/V9/NDDMZ'/>
  <data key='user.import.profile' value='false'/>
  <data key='cic.selector.nl' value='en'/>
</profile>
<install modify='false'>
  <offering profile='DMZ Secure Proxy Server for IBM WAS V9.0' features='core.feature,thinclient' id='com.ibm.websphere.NDDMZ.v90'/>
</install>
<preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/QIBM/UserData/InstallationManager/IMShared'/>
<preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.readTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
<preference name='offering.service.repositories.areUsed' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
<preference name='http.ntlm.auth.kind' value='NTLM'/>
<preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
<preference name='PassportAdvantageIsEnabled' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
</agent-input>
Usage notes

The versionInfo and historyInfo commands return version and history information for the DMZ Secure Proxy Server based on all of the installation, uninstallation, update, and rollback activities performed on the system.

After installing the DMZ Secure Proxy Server, we can create a secure proxy server profile using the manageprofiles command. On AIX, Linux, and Windows, we can also use the Profile Management Tool.

manageprofiles command for creating a secure proxy server profile. The example is based on the following assumptions:

Security is to be enabled.
The system host name is myhost.abc.com.
The DMZ Secure Proxy Server is installed at the default location.
The administrative user name is wasadmin.
The password is password.

(Windows)
manageprofiles -create
  -portsFile "C:\IBM\WebSphere\AppServer_1\profileTemplates\secureproxy\actions\portsUpdate\portdef.props"
  -serverName proxy1
  -nodeName myhost
  -hostName myhost.abc.com
  -cellName myhost 
  -adminUserName wasadmin
  -adminPassword password
  -templatePath "C:\IBM\WebSphere\AppServer_1\profileTemplates\secureproxy"
  -enableAdminSecurity true   -profileName SecureProxySrv01
(iSeries)
manageprofiles -create
  -portsFile /QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ/profileTemplates/secureproxy/actions/portsUpdate/portdef.props
  -serverName proxy1
  -nodeName myhost
  -hostName myhost.abc.com
  -cellName myhost 
  -adminUserName wasadmin
  -adminPassword password
  -templatePath /QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ/profileTemplates/secureproxy
  -enableAdminSecurity true   -profileName SecureProxySrv01
Uninstallation examples

All WAS offerings are uninstalled using IBM Installation Manager. For step-by-step instructions for uninstalling product offerings, see Uninstall the product offerings.

IBM SDK (com.ibm.java.jdk.v8) must be uninstalled at the same time that you uninstall the product offering..
Command-line examples
For step-by-step instructions for uninstalling using the command line, see Uninstall the product offerings using the command line.

(Windows)
imcl.exe uninstall com.ibm.websphere.NDDMZ.v90 com.ibm.java.jdk.v8
  -installationDirectory "C:\IBM\WebSphere\AppServer"
(HPUX) (Linux) (Solaris)
./imcl uninstall com.ibm.websphere.NDDMZ.v90 com.ibm.java.jdk.v8
  -installationDirectory /opt/IBM/WebSphere/AppServer
(iSeries)
./imcl uninstall com.ibm.websphere.NDDMZ.v90
  -installationDirectory /QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ
Response file example
For step-by-step instructions for uninstalling using a response file, see Uninstall the product offerings using response files.

(Windows)
<?xml version="1.0" encoding="UTF-8"?>
<agent-input clean='true' temporary='true'>
<uninstall modify='false'>
<offering id='com.ibm.websphere.NDDMZ.v90' 
  profile='DMZ Secure Proxy Server for IBM WAS V9.0'/>
<offering id='com.ibm.java.jdk.v8' 
  profile='DMZ Secure Proxy Server for IBM WAS V9.0' />
</uninstall>
<profile id='DMZ Secure Proxy Server for IBM WAS V9.0' 
  installLocation='C:\IBM\WebSphere\AppServer'>
<data key='eclipseLocation' value='C:\IBM\WebSphere\AppServer'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.nl' value='en'/>
</profile>
</agent-input>
(iSeries)
<?xml version="1.0" encoding="UTF-8"?>
<agent-input clean='true' temporary='true'>
<uninstall modify='false'>
<offering id='com.ibm.websphere.NDDMZ.v90' 
  profile='DMZ Secure Proxy Server for IBM WAS V9.0'/>
</uninstall>
<profile id='DMZ Secure Proxy Server for IBM WAS V9.0' 
  installLocation='/QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ'>
  <data key='eclipseLocation' value='/QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ'/>
  <data key='was.install.os400.profile.location' value='/QIBM/UserData/WebSphere/AppServer/V9/NDDMZ'/>
  <data key='user.import.profile' value='false'/>
  <data key='cic.selector.nl' value='en'/>
</profile>
</profile>
</agent-input>
Related:

WAS product offerings for supported operating systems
Online product repositories for WAS offerings
Install the product offerings on distributed operating systems using the GUI
Install the product offerings using the command line
Install the product offerings using response files
Uninstall the product offerings
Supported hardware and software website