Configure an appliance reverse proxy instance from an external machine
Use the isamcfg tool to configure an appliance reverse proxy instance from a remote machine. The appliance server and Advanced Access Control servers must be listening for connections on the appropriate management IP addresses and port numbers.
To use the isamcfg tool, we must meet the following conditions:
- Obtain an IBM JRE v6.0 Update 10 or later.
- At least one reverse proxy instance exists on the appliance.
- Configure the com.ibm.security.cmskeystore.CMSProvider in the java.security file, which is in $JAVA_HOME/lib/security, of the IBM JRE. The isamcfg tool uses the ikeycmd command to manipulate key database files. This requires the JRE to have the CMS provider configured in the java.security file.
- Ensure the ikeycmd tool in the $JAVA_HOME/bin is on the system path.
- The reverse proxy instance that we are configuring cannot be on an appliance that is a restricted node in a cluster.
Use this procedure to configure an appliance on a machine that is separate from the Advanced Access Control appliance. Once we download the tool from the Advanced Access Control appliance, we can then use the command shell to configure an existing remote appliance.
The appliance we configure can be one of the following product versions:
- Security Verify Access 9.*
- Security Verify Access for Web 8.*
- Security Web Gateway 7.*
Configure appliance reverse proxy instance:
Steps
- Download the isamcfg.jar from the IBM Security Verify Access appliance with Advanced Access Control activated.
- From the command line, type:
java -jar isamcfg -action config -cfgurl http://isam-appliance-host-url/
- Use the isamcfg tool to complete the configuration.
After completing the configuration, a summary screen displays indicating the configuration is complete.