WebSphere WebSphere Application Server Network Deployment, Version 6.0.x Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Lookup table for admin console fields and descriptions

Node groups
New node group
Node group
Node group memberships
Name
Short name
Sysplex name
Description
Custom properties                                                        
You must select at least one node group to perform this action.
An error occurred while deleting node group {0}. Check the logs for more details.
The name of a node group cannot be "Default".
z/OS location service
Node group members
Name
You must select at least one node group member to perform this action
Add node
Node group member
Members
{0}
An error occurred while deleting node group member {0}. Check the logs for more details.
Node group {0} was deleted successfully.

Use this page to create a new node group.  After you create the node group, add node group members by clicking  on the Node groups administrative console page.
Use this page to manage node groups. A node group is a collection of  Application Server nodes.  A node group establishes a boundary for cluster creation.  All cluster members must be on nodes that are members of the same node group.  Nodes that are organized into a node group need enough capabilities in common to ensure that clusters formed across those nodes can host the same application in each cluster member.  A node must be a member of at least one node group and can be a member of more than one node group.  To delete a node group, it must be empty.
Specifies the name of this node group.
Specifies the short name of the node group. This name can contain one to eight characters, which can be alphanumeric characters or the special characters at-sign (@), number sign (#), and ampersand (&); the name cannot start with a numeral.
Specifies the sysplex name of this sysplex node group.
Specifies a description that you define for the node group.
Additional custom properties for this node group that might be configurable.
Use this page to view and configure the location service daemon for this cell.  Changes made to these settings apply to the entire cell and to the location service daemon instance on each node in the cell.
Use this page to view and configure the nodes in this node group.
Specifies the name of this node group member.
Use this page to select the nodes to add to this node group.  The list does not include nodes that are already members of this node group.
Use this page to manage node group members. A node group member is a  Application Server node.
Specifies the number of members or nodes in the node group.

Install New Application
Upload Enterprise Application Archive
Default Application Bindings
Select installation options
Manage Modules
Map modules to servers
Summary
Browse...
Search
Previous
Next
Finish
Cancel
Apply
Reset
Remove
Continue
Enterprise Applications
Modules
Application
Installed applications
Libraries
Location (full path)
Use configuration information in binary
Create MBeans for resources
Reload classes when application files are updated
Polling interval for updated files
Deployment descriptor
Startup order
Application Status
Initial state
Name
Started
Stopped
Server
Enable binary distribution, expansion and cleanup post uninstallation
Launch application before server completes startup
Startup Options
Binary Management
Class Loading and File Update Detection
Application reference validation
The Rollout Update action was cancelled because there is no pending application update.   Perform the Update application action before choosing the Rollout Update action.
Rollout Update
Update
Export
Export DDL
true
false
Module
Application reference
Server specific configurations
URI
Alternate deployment descriptor
Deployment Id
Starting weight
Module server configuration
Server names
Library Reference
Library name
Shared class loader
OK
Look up users or groups
Look up users
Look up groups
Update Authentication Method
Configure Application
State Management
Statistics Provider
Name
Enable
Resource
AppDeployment Options
username
password
verify password
Specify bindings to use
merge new and existing bindings
use new bindings
use existing bindings
(applicable only if using "new" or "merged" bindings)
Generate Default Bindings
Generate defaults
Prefixes:
Do not specify unique prefix for beans
Specify Prefix:
Prefix
Override:
Do not override existing bindings
Override existing bindings
Connection Factory Bindings
Do not default connection factory bindings
Default connection factory bindings:
Specific bindings file
Started
Stopped
Initial state
Export Application EAR files
Export Application DDL files
Uninstall
{0} has been updated. The configuration must be saved before the application can be started.
The application {0} has already been started.
The application {0} has already been stopped.
{0} can not be started because it is installed on a different server.
The server that contains {0} has not been started.
Application {0} on server {1} and node {2} started successfully.
Application {0} started successfully on all the servers in cluster {1}.
Application {0} did not start successfully on all the servers in cluster {1}.  Check log for details.
Application {0} on server {1} and node {2} stopped successfully.
Application {0} stopped successfully on all the servers in cluster {1}.
Application {0} did not stop successfully on all the servers in cluster {1}.  Check log for details.
The operation on {0} did not complete in the expected amount of time. It may have completed successfully. Check the logs for details.
Select at least one application to perform this action.
Select one application only to perform this action.
Select at least one module to perform this action.
Select one module only to perform this action
{0} failed to start. Check the logs for server {1} on node {2} for details.
The application cannot be started on server {0}. Applications can be started on application servers only.  If {0} is an application server, verify that this server has been started.
Specify a file for the corresponding radio button pressed.
The specified file does not exist.
{0} exists but cannot be deleted.
{0} cannot be renamed to {1}.
Specify the context root for the WAR or SIP module.
The EAR file might be corrupt or incomplete.
The specified file is not an EAR, WAR, JAR, or SAR archive.
Browse the local machine or a remote server
Remote file system path
Local file system path
Application name
Context root
Used only for standalone Web modules (.war files) and SIP modules (.sar files)
Application name
Local file system
Remote file system
Specify path
Full path
User ID or password did not match.
"Password" and "Verify Password" are not the same.
Password is null.
User name  is null.
The user entered cannot be added to the RunAsRole as this user or one of the groups that the user belongs to is not mapped to the Role {0} in the users/groups to role mapping. Make sure that either the user or the group the user belongs to is mapped to the role.
The user {0} cannot be deleted from the role {1} since the RunAsRole contains the same user. Delete the user from the RunAsRole first and then remove this user.
The binary files for {0} could not be found in the WorkSpace. The most likely cause for this error is that you are attempting to perform this operation on an application that is not distributed.
Failed to export {0}. Check the server logs for more information.
Failed to extract DDL files for {0}. Check the server logs for more information.
An error occurred while starting {0}. Check the logs for server {1} on node {2} for more information.
An error occurred while stopping {0}. Check the logs for server {1} on node {2} for more information.
No DDL files were found.
Application already exists in the configuration repository.
Specify new.
No server has been selected. Select a server.
No check box has been selected. Select a check box.
Only one checkbox may be selected. Select a single check box.
No authentication data entry is selected. Make a selection from the dropdown list.
No custom login configuration is selected. Make a selection from the dropdown list.
Authorization type must be container to set authorization method.
There are more items remaining.
Search String
limit (number of items)
Generate default bindings and mappings.
Specify prefix to use for generated JNDI names.
Generate default bindings for existing entries and overwrite them.
Bindings for container managed persistence enterprise beans.
Map connection factory resource references to connection factories configured in the environment.
Specifies the virtual host for this Web or SIP module.
Optional location for the pre-defined bindings file.
Preparing for the application update
Preparing for the application installation
Select...
Available:
Selected:
Options
Values
Role:
Installing...
To start the application, first save changes to the master configuration.
Save to Master Configuration
To work with installed applications, click the "Manage Applications" link.
Manage Applications
Not applicable
Start is not a valid operation for {0}.
Stop is not a valid operation for {0}.
Application {0} must be stopped before it can be uninstalled.
Deployment target
Name
Deployed object
Target specific application status
Configurations
Deployment identifier
Starting weight
Deployment target mapping
Target
Clustered targets
Server targets
Configuration
Enabled
Target mappings
{0} was uninstalled successfully.
An error occurred while uninstalling {0}. Check the logs for more details.
This operation is not allowed on an inactive application edition {0}.  To manage application rollouts of editioned applications, use the Edition Control Center.
Click here for more information
No shared libraries are available to be referenced by this application.
No shared libraries are available to be referenced by this application server.
Apply Multiple Mappings
To apply multiple mappings, follow the steps below.
Select one or more check boxes in the table.
Complete mappings and click the "Apply" button.
was.policy file does not exist
Summary of installation options
Application Security Warnings
Provide options to perform the EJB Deploy
Select current backend ID
The following EJBs have already been deployed. It is advisable to redeploy these.
Message Driven Bean listener bindings
Bind listeners for message-driven beans
Provide default data source mapping for modules containing 1.x entity beans
Map default data sources for modules containing 1.x entity beans
Provide default data source mapping for modules containing 2.x entity beans
Map default data sources for modules containing 2.x entity beans
Map data sources for all 1.x CMP beans
Map data sources for all 1.x CMP beans
Map data sources for all 2.x CMP beans
Map data sources for all 2.x CMP beans
Ensure all unprotected 1.x methods have the correct level of protection
Ensure all unprotected 2.x methods have the correct level of protection
EJB Modules
EJB Modules
Instance Pool
Minimum Size
Maximum Size
EJB Module Server Configurations
EJB Modules
EJB Module Server Configuration
Session Bean Configs
Enterprise Bean Configurations
EJB Deployment Options
EJB references
EJB module
Data source
CMP beans
CMP modules
EJB 1.1 CMP bindings:
Do not default bindings for EJB 1.1 CMPs
Default bindings for EJB 1.1 CMPs:
If there are enterprise beans in the application, the EJB deployment process can take several minutes.  Please do not save the configuration until the process completes.
Check the SystemOut.log on the Deployment Manager or server where the application is deployed for specific information about the EJB deployment process as it occurs.
EJB
Enterprise JavaBeans
Activation Specification
No radio button was selected.
No value was chosen for selected radio button.
Login configuration
Specify authentication method:
Authentication method:
None
Use default method (many-to-one mapping)
Use custom login configuration
Use trusted connections (one-to-one mapping)
Name/Value pairs
To set multiple existing resource JNDI names:
Select one or more checkboxes in the table
Select existing resource JNDI name
Click Apply
To modify the Authorization type:
Select either 'container' or 'per application'
To modify Resource Authentication method (if Authorization type is 'container'):
Select either 'none', 'default', or 'custom login configuration'
if 'none' is selected:
if 'default' is selected:
select an authentication data entry from the dropdown menu
if 'custom login configuration' is selected:
select a custom login configuration from the dropdown menu
To edit the properties of the custom login configuration, click Mapping Properties in the table
Authentication data entry
Application login configuration
EJB JNDI names
Provide JNDI names for beans
EJB references
Map EJB references to beans
Resource references
Map resource references to resources
Resource environment entry references
Map resource environment entry references to resources
Security role to user/group mapping
Map security roles to users or groups
User RunAs roles
Map RunAs roles to users
Correct use of system identity
Correct isolation levels for all resource references
J2CActivationSpec to JNDI destination binding
Bind J2C activation specs to destination JNDI names
JNDI name
Ref Binding
Resource authorization:
Authorization type of selected resource is not container managed.
Mapping Properties
Transaction Recommitted
Transaction Serializable
Remove the RunAsUser user name and password from the selected roles.
Specify existing Resource JNDI name:
Specify existing Resource Env Entry JNDI name:
Uncheck
Exclude
Virtual hosts
Map virtual hosts for Web modules
Web modules
Web modules
Web module
Session Management
Prefer WEB-INF Classes
Web module server configurations
Web Module Server Config
Connector Modules
Connector Modules
Connector Modules
Resource Adapter
Session management
Session management properties
WAR class loader policy
Class loader
Class loader
Shared library references
Class loader ID
Class loader order
Classes loaded with parent class loader first
Classes loaded with application class loader first
Class reload options
Virtual Host
Do not use default virtual host name for Web or SIP modules
Use default virtual host name for Web and SIP modules:
Virtual Host:
Host name
Clusters and Servers:
Clustered target
Applications
Enterprise Applications
Install New Application
Applications
Install New Application
Enterprise Applications
Message destination references
Bind message destination references to administered objects
Map JCA resource references to resources
Provide JNDI names for JCA objects
OK
cancel
Remove File
Update a file in an application
Remove a file from an application
Remove a file from a module
Application update failed.
Discard changes to restore the original application.
The application may not be immediately available while being started on all servers.
Application to be updated:
Application update options
Browse the local filesystem
Browse a remote filesystem
Select the type of update action:
Installed application
Select the type of update action:
Replace the entire application
Replace or add a single module
Replace or add a single file
Replace, add, or delete multiple files
Specify the path beginning with the installed application archive file to the module to be replaced or added.
Specify the path beginning with the installed application archive file to the file to be replaced or added.
Update Installed Application
Could not uninstall application {0}.
Could not uninstall module {0}.
Updating...
To work with installed modules, click "Manage Modules."
Manage Modules
{0} was removed successfully.
An error occurred while removing {0}. Check the logs for more details.
{0} was removed successfully.
An error occurred while removing {0}. Check the logs for more details.
The contents of the was.policy file -
Your application contains policy permissions that are in the filter policy. These permissions are security sensitive and can compromise the integrity of the system.
Explanation: WebSphere Application Server attempts to prevent applications from performing security-sensitive operations, like calling the System.exit() method, replacing the Java 2 Security manager, and replacing the Java 2 Security policy. If the application is granted the all permission ( java.security.AllPermission), the Java 2 Security permission checks are effectively disabled, which can compromise the integrity of the system.
User action: Review the application policy, which is located in the EAR/META-INF/was.policy file, remove the security-sensitive permissions and grant the application only the permissions that are required.
Explanation: The implementation of custom permissions can weaken the integrity of the Java 2 Security permission check.
User action: Review the application policy, which is located in the EAR/META-INF/was.policy file and the implementation of custom permissions.
Deployment Mappings
Type
Reference
Link
Bindings
URI of file to remove.
Export before removing file.
Remove Module
Uninstall Application
Click the "OK" button below to remove the following module(s).  If you do not wish to remove the modules, click the "Cancel" button to return to the prior page.
Click the "OK" button below to remove the following application(s).  If you do not wish to remove the applications, click the "Cancel" button to return to the prior page.
Updating Application
No file URI was specified.
No module URI was specified.
Checking if EAR is deployed
off
warn
fail
Mapping Properties
Mapping Properties
URI
Application Resource Warnings
Module
Name
Target
Resource Reference
Type
Resource Assignment
Scope
JNDI
missing
Confirm Application Rollout
You have chosen to rollout your application update.   This action will perform multiple activities in your environment:  it will save all changes made in this session to the master configuration, then synchronize and recycle the cluster members on each node, one node at a time.   Click Yes to rollout the application update, or click No to cancel the Rollout Update action.
If you want to do a rolling update of the application on the cluster(s) on which it is installed, then click Rollout Update.  A rolling update will save all changes made in this session to the master configuration, then synchronize and recycle the cluster members on each node, one node at a time.
Rollout Update
Don't validate
Issue warnings
Stop installation if validation fails
Don't show this Application Rollout confirmation in the future
Rollout Update
Application {0} must be deployed on a cluster to perform Cluster Rollout.
Node {0} does not have autosync disabled, Application Rollout will not be performed.
Application {0} must have Distribute Application enabled for Application Rollout to be performed.
Application Scoped Resources
Yes
Deployed application {0} was not found in the repository.
No application modules were mapped to Web servers. The plug-in configuration file (plugin-cfg.xml) for each Web server is generated based on the application modules which are mapped to it, therefore no Web server will route requests to this application. To change this option, select the Map modules to servers step.
Enable Auto Start
Disable Auto Start
Auto Start
The exception {0} occurred.  Check log for details.
Modules
Modules
Web Module Properties
Enterprise Java Bean Properties
Web Service Properties
SCA Module Properties
Detail Properties
References
Resource references for an application
Module update
Resource binding summary
Startup behavior
Application binaries
Class loading and update detection
Seconds
Class loader for each WAR file in application
Single class loader for application
The field {0}, is required.
{0} should be in the range {1} through {2}.
Description
SIP module
Context Root For Web Modules
Map context roots for Web modules
JSP reload options for web modules
Provide JSP reloading options for Web modules
JSP class path
Provide options to compile JSPs
Environment entries for web modules
Map environment entries for Web modules
Initialize parameters for servlets
Initialize parameters for servlets
Shared Library Mapping for Modules
Map shared libraries
Shared Library Mapping
Reference shared libraries
Remote request dispatcher properties
Allow dispatching includes to remote resources
Allow servicing includes from remote resources
File permissions
Application build level
Set file permissions
Application build version
Available resources
Name
JNDI name
Scope
Description
Resource type
Application scoped resources
The value(s) set on this panel will be ignored because the application is configured to use its binary configuration values.

Specifies a logical name for the application. Application names must be unique within a cell.
Specifies the full path name of the enterprise application binary file. The path name can be an absolute path or can contain a path map variable such as APP_INSTALL_ROOT.
Specifies the application installation binding that contains the module-to-server installation binding.
Specifies a list of server-specific overrides for various module attributes for a given application module. These attributes override the defaults that are specified at the application server level.
Specifies the module to server installation bindings. Each module of an application is bound into an appropriate container (Web or EJB) during application installation.
Specifies a list of libraries (.jar files) that are outside of the .ear file and are used by the application business logic. These libraries are added to the application class path by the run time when the application is enabled.
Specifies whether the application server uses the bindings, extensions, and deployment descriptors located with the application deployment document, the deployment.xml file (default), or those located in the .ear file of the application.
Specifies whether to create MBean files for various resources (such as servlets or JSP files) within an application.
Specifies whether to reload classes when application files are updated.
Specifies the number of seconds to scan the file system of the application for updated files.
Specifies the order in which applications are started. Lower values start earlier.
Specifies the deployment status for the application.
Specifies whether the application is started or stopped when the server starts.
Specifies whether the application is distributed automatically to other nodes on the cell. The default is for automatic distribution.
Specifies whether applications start before the server completes startup. Enabling this setting can prolong server startup time. This setting is not valid for an application that is mapped to an application server that runs on the z/OS platform.
Specifies whether  Application Server examines the application references specified during application installation or updating and, if validation is enabled, warns the users of incorrect references or fails the operation.
The build version in the format that is defined by the application builder.
Specifies the file permissions on application modules and files installed on the file system. Select the permission options you want and click  to set the string, or enter your file permission string directly in the text field.  

Represents deployment of a module onto an application server. Each module deployed onto a server must have configuration information for each server because of differences in hardware capabilities.
Specifies a URI that, when resolved relative to the application URL, gives the location of the archive contents of a module on a file system. The URI must match the URI of a ModuleRef URI in the deployment descriptor of an application if the module is packaged as part of a deployed application (.ear file).
Specifies the altDD URI for a given module.
Specifies the qualified name of an application server.
Specifies the startup priority to give this module compared to other modules during server startup. When the enterprise application contains multiple modules, modules with lower starting weight are started first.
Specifies server-specific overrides for various module attributes for a given application module.  These attributes override the defaults specified at the application server level.
Use this page to view servers on which this module runs.
Use this page to configure library references. Define a library reference for each shared library file that your application uses.
Specifies whether the class loader for the library is shared.
Specifies the name of a shared library defined in the one of the shared library configuration documents.
Specifies whether to look up users or groups.
Use this page to update the authentication method for data sources.
Use this page to configure the application description.
Specifies the state management of the module.
Specifies the statistics provider of the module.
Specifies a module name, which differs from the module JNDI name.
Specifies the runtime state when the application is first started.


Specifies a target application server or server cluster where a deployed application or module can run.
Specifies the name of the J2EE module or application deployed.
Specifies the mapping of this deployed object (application or module) into a target environment (server, cluster, or cluster member).
Specifies the set of configurations defined for this deployed object.
Specifies an identifier for this application deployment. The identifier is incremented if the application is redeployed.
Specifies an integer used by the deployment target to determine whether to start this application before other deployed applications. Applications with lower starting weight are started first.
Use this page to view a mapping of a deployed object, such as an application or module, into a target server or cluster environment. This page displays the status of the enterprise application or module on each server or cluster.
Specifies the target server, cluster, or cluster member onto which to deploy this object.
Specifies whether to load the module onto the deployment target. When enabled, the module is loaded onto the deployment target.
Specifies the resulting security warnings from an analysis of this application.
Specifies the EJB modules that are defined for this application.
Specifies server-specific instance pool overrides for a given bean in a given EJB module.
Specifies minimum pool size in server-specific instance pool overrides for a given bean in a given EJB module.
Specifies maximum pool size in server-specific instance pool overrides for a given bean in a given EJB module.
Session Bean Configuration
Specifies server-specific overrides for session beans in EJB modules.


Stateful Session Bean Configuration
Specifies properties for configuring the behavior of stateful session beans.


Timeout
Specifies the stateful session bean timeout interval in milliseconds
Specifies a list of server-specific overrides for beans in a given EJB module.
Specifies a server-module installation binding for an EJB module.
Contains server-specific configuration overrides for EJB modules.
Specifies the enterprise bean that is defined for this application.
Specifies a server-module installation binding for an enterprise bean.







Use this page to configure an instance of a deployed Web module in the application. This page contains deployment-specific information for a Web module and session management settings.


Specifies the Web modules defined for this application.
Use this page to view the settings of a resource adapter that corresponds to a connector module in the application.
Use this page to view resource adapters that correspond to connector modules in the application. WebSphere Application Server creates a resource adapter for every connector module as a part of application installation. Resource adapters are prerequisites for the creation of connection factories.
Session manager properties specific to this application
Specifies whether there is one class loader for all WAR files in the application or a separate class loader for each WAR file in the application.
Specifies the name of the class loader configuration for this application deployment.
Specifies the library references defined for shared libraries used by this application or server class loader.
Specifies a unique identifier for the class loader.
Specifies whether classes are loaded using the parent class loader before the application class loader.




Use this page to manage installed applications. A single application can be deployed onto multiple servers.
Use this page to view applications installed on this server.
Specify options for installing enterprise applications and modules.
Provides a unique identifier for the application deployment.
Click on the application to download its EAR file.
Click on the file name to download the DDL file.
Use this page to configure the location and distribution of application binary files.
Use this page to configure the reloading of classes when application files are updated.
Resources that can be used to bind to the resource-reference of a bean.  Resources shown here are only those available to that module carrying the bean.  This is determined by the targets to which that module is mapped.  Resources available to a module can come from a hierarchical scope of a bean.  If resources at different scopes have the same JNDI name, the one at the lower scope will override the parent.  The overridden resources are not shown here.
Use this page to configure settings that determine how quickly an application starts compared to other applications and the server.
Use this page to view the resources that are defined by the enhanced EAR within this application.






Specifies whether to display all options and parameters, including those for default bindings. To move to a step, select the step number. After all required steps are completed, go to the Summary step.
Specify the EAR, WAR, JAR, or SAR module to upload and install.


Only installation options that require additional information are displayed.   The default bindings options are not displayed.

All installation options including default bindings are displayed.
Specifies a server cluster to which a deployed application or module can be mapped.
Use this page to configure class loaders.
The following components will be updated.  During application update, the contents of a partial application are merged with the deployed application EAR file.  The contents of the files are not merged with the corresponding file in the application EAR file.
The following components will be updated.  During application update, if the specified file does not exist, it is added.  Otherwise, the current file is replaced.
This action will perform multiple activities in your environment.  It will save all changes made in this session to the master configuration, then synchronize and recycle the cluster members on each node, one node at a time.
This application contains one or more application-scoped resources. Use the  Application Server Toolkit (AST) or the wsadmin tool to view or modify the application-scoped resource configuration.
This panel displays the collection of the modules contained in the application.
The name of an application server, cluster, or cluster member.
Names the configuration for the deployed object on a specific deployment target.
Use this page to configure an enterprise application. Click the links to access pages for further configuring of the application or its modules.
Enables Web application to do cross-JVM dispatching or servicing.


Specifies whether an application can dispatch includes to resources across Web modules in different Java virtual machines in a managed node environment through the standard request dispatcher mechanism.
Specifies whether an application can service an include request from an application.
Map shared libraries to an entire application or per module.



Use this page to configure an enterprise application.  Click the links to access pages for further configuring of the application or its modules.
Choose to generate default bindings and mappings.
Specifies server-specific overrides for session management settings for the Web module that is denoted by the WebModuleDeployment instance.
Setting this flag to True causes classes in the WEB-INF directory to be loaded before any other classes.
Collects configuration settings that are specific to a given server.
Connector modules defined for this application.
Select the file to be removed.
Step {0} - {1} resulted in the following resource warnings.  If Application Resource Validation is set to fail, you will not be able to continue.
SIP module
Use this page to provide listener ports for 2.0 enterprise beans or activation specifications JNDI names that the message-driven bean uses to look up the JMS destination for 2.1 enterprise beans.
Use this page to view the resources that are defined by the enhanced EAR file within this application.

Description
Application profiles
Name
Tasks
Task description
Task name
Last participant support extension
Accept heuristic hazard


Description of the application profile.
An application profile is a set of policies that are applied during the execution of an enterprise bean and a set of tasks that are associated with that profile.
Name of the application profile.
Tasks defined for this application profile.
Tasks for the application profile.
A task defined for the application profile.
Description of the application profile task.
Name of the application profile task.


Use this page to configure settings for last participant support. Last participant support is an extension to the transaction service that enables a single one-phase resource to participate in a two-phase transaction with one or more two-phase resources. Values on this panel are ignored if you select  on the Application binaries panel.
Specifies whether an application accepts the possibility of a heuristic hazard occurring in a two-phase transaction that contains a one-phase resource.

Enabled
Disabled
No associated transports
View associated transports
Transport Channels
Custom Properties
Transport Channel Name
Transport Channel {0} is shared between two or more transport chains.  Changes to {0} will affect multiple network protocol stacks.
The {0} {1} cannot be found on server {2}.
Discrimination weight
Transport Chain
Name
Enabled
Create New Transport Chain
Select a transport chain template
Select a port
Confirm new transport chain creation
No applicable transport chain templates could be found. New transport chain creation aborted.
An unknown, low level error has occurred while preparing the new transport chain wizard.
Transport chain name \"{0}\" is already in use.
An unknown error occurred while validating the new port.
Port name is required.
Port name \"{0}\" is either invalid or non-unique for this server.
Host is required.
Port is required.
Port value of \"{0}\" is invalid.
Port value of \"{0}\" is invalid.  Port values should be between {1} and {2}, inclusive.
Host and port value of \"{0}:{1}\" conflicts with an existing host and port {2}:{3}.
Select a template from which a new transport chain will be created
Transport chain name
Logical name for transport chain. Name must be unique within a server across all transport chains.
Transport chain template
Template from which the new transport chain will be created.
Select a port to which the new transport chain will be bound
Use existing port
Bind the new transport chain to an existing port.
{0} ({1}:{2})
Existing port
Port to which the new transport chain will be bound.
Create a new port
Create a new port and the new transport chain to the new port.
Port name
Unique name for the port.
Host
Host name or IP address to bind to (or * for all interfaces).
Port
Port number to bind to.  Values between 0 and 65535 are valid.  A port number of 0 indicates that the server should pick an available number in the ephemeral port range.
The following is a summary of your selections. Click the Finish button to complete the transport chain creation.
If there are settings you wish to change, click on the Previous button to review the tranport chain settings.
New port {0} will be created for {1}:{2}.
New transport chain \"{0}\" will be created on server \"{1}\" and will be bound to \"{2}\".
Error occurred while creating new port.
New port \"{0}\" created successfully.
Error occurred while creating new transport chain.

Use this page to view and manage the transport channels that are part of a transport chain. A transport channel represents a single layer in a transport chain (network protocol stack). Individual layers can be shared among several transport chains.

Specifies the unique name for a given layer in a network protocol stack.
Specifies the discrimination weight that is used determine the order in which the channels obtain access to the incoming connection in situations where transport channels are shared amongst several transport chains. The transport channel with the lower discrimination weight has the first opportunity to accept the incoming connection.
Use this page to view and manage a transport chain. Transport chains represent network protocol stacks operating within a client or server.
Specifies the unique identifier for this protocol stack. These names must be unique across all of the transport chains on a particular server.
Specifies whether this protocol stack is started with the server.
Use this page to create a new transport chain.

TCP inbound channel ({0})
Host
{0}
Port
{0}
Thread pool
{0}
Port
Maximum open connections
{0}
Inactivity timeout
seconds
{0} seconds
Address exclude list
Address include list
Hostname exclude list
Hostname include list
SSL inbound channel ({0})
SSL configuration
{0}
(Centrally managed)
SSL Configuration
Centrally managed
Specific to this endpoint
(none)
Select SSL Configuration
View centrally managed SSL tree
HTTP inbound channel ({0})
Maximum persistent requests per connection
{0}
Unlimited
Unlimited persistent requests per connection
Specify maximum number of persistent requests
Specify a valid maximum number of persistent requests between {0} and {1}.
Use persistent (keep-alive) connections
Read timeout
seconds
{0} seconds
Write timeout
seconds
{0} seconds
Persistent timeout
seconds
{0} seconds
Enable access and error logging
No configuration could be found for the HTTP logging service and therefore HTTP logging will not occur.
The HTTP logging service has been explicitly disabled and therefore HTTP logging will not occur.
HTTP access logging has been disabled on the HTTP logging service and therefore HTTP access logging will not occur.
HTTP error logging has been disabled on the HTTP logging service and therefore HTTP error logging will not occur.
Although the use of persistent connections is set to enabled, they will be disallowed due to the maximum request persistence parameter being set to {0}.
Persistent Connections
HTTPTunnel inbound channel ({0})
Web container inbound channel ({0})
Write buffer size
bytes
Generic inbound channel ({0})
JAR file
Channel type identifier
Configuration URI
Distribution and Consistency Services inbound channel ({0})
HTTP proxy inbound channel ({0})
SIP container inbound channel ({0})
UDP inbound channel ({0})
Host
{0}
Port
{0}
{0}
Address exclude list
Address include list
Port
SIP inbound channel ({0})
SIP proxy inbound channel ({0})
ORB Service Transport Chains
ORB inbound channel ({0})

Use this page to configure a TCP inbound channel for inbound network traffic.
Specifies the thread pool to use for handling traffic on this channel.
Specifies the port to which this channel is bound.
Specifies the maximum number of connections that can be open at one time on an inbound channel.
Specifies the amount of time, in seconds, that a socket can remain inactive before timing out read or write requests.  Once the initial data is read, this is sometimes overridden by other channels later in the transport chain.
Specifies the list of addresses that are not allowed to make inbound connections on this channel.  IPv4 or IPv6 addresses can be specified. All values in an IPv4 or IPv6 address must be represented by a number or a wildcard (*).
Specifies the list of addresses that are allowed to make inbound connections on this channel.  IPv4 or IPv6 addresses can be specified. All values in an IPv4 or IPv6 address must be represented by a number or a wildcard (*).
Specifies the list of host names that are not allowed to make inbound connections on this channel.  Host names may start with the wildcard character (*), but the wildcard must not appear elsewhere in the address.  For example, *.ibm.com would be valid, but *.ibm.* would not be valid.
Specifies the list of host names that are allowed to make inbound connections on this channel.  Hostnames may start with the wildcard character (*) but the wildcard should not appear elsewhere in the address.  For example, *.ibm.com would be valid however *.ibm.* would not be valid.
Use this page to view and configure a channel for handling the encryption and decryption of data over inbound connections.
Specifies the name of the SSL configuration for this channel to use. SSL settings are used by this channel to negotiate handshakes, decrypt data, and encrypt data on connections created by a client.
Specifies the SSL configuration to use.
Specifies whether to use the SSL configuration scoped for this SSL inbound channel.
Specifies whether you want to use a specific SSL configuration.
Browse the centrally managed SSL configuration tree.
Use this page to configure a channel for handling inbound HTTP requests from a remote client.
Specifies the maximum requests that are allowed on a single HTTP connection. 0 or 1 indicate one single request per connection; a larger number indicates that number of requests per connection.
Specifies unlimited requests per connection.
Specifies the maximum requests that are allowed on a single HTTP connection.
Specifies whether persistent connections (Keep-Alive), rather than connections that close after the request/response exchange, are allowed when sending an outgoing HTTP message. Even if this function is enabled, setting the value for maximum persistent requests to 1 or 0 disables persistent connections.
Specifies the maximum amount of time, in seconds, that the server waits for a read operation on a socket to complete.
Specifies the maximum amount of time, in seconds, that the server waits for a write operation on a socket to complete.
Specifies the maximum amount of  time, in seconds, that the server waits on a socket between client requests. Once this timeout is passed, the connection will be closed.
Specifies if persistent connections will be used.
Specifies whether this channel enables logging of NCSA access information and error messages during connections.
Use this page to view and configure HTTP tunnel transport channels. Inbound connections that are sent through this channel are tunneled over HTTP, allowing intermediates to view this data as the body of an HTTP message instead of in its natural format. This is often used to circumvent protocol-aware firewalls.
Use this page to view and configure an object request broker (ORB) service transport channel. This type of transport channel handles CORBA and RMI/IIOP inbound messages for the ORB Service. It enables clients to make requests and receive responses from servers in a network-distributed environment.
Use this page to view and configure a channel between the HTTP inbound channel and the servlet and JSP engines.
Specifies the amount of content to buffer unless the servlet explicitly calls flush or close on the response or writer output stream.

Specifies the name of the JAR file containing the implementation classes for this channel.
Specifies the unique identifier for this channel implementation within the JAR file.
Specifies the location of additional configuration data for this channel.
Use this page to view and configure a channel for handling inbound distribution and consistency services (DCS) messages.
Use this page to view and configure a transport channel that provides HTTP proxy capabilities.
Use this page to view and configure a transport channel for a session initiation protocol (SIP) servlet container. A SIP container is a Web application server component that invokes the SIP action servlet and that interacts with this action servlet to process SIP requests.
Use this page to view and configure a user datagram protocol (UDP) transport channel.
Specifies the IP addresses that are not allowed to make inbound connections. Use a comma to separate the IPv4 or IPv6 addresses to which you want to deny access on inbound UDP connection requests. All four numeric values in an IPv4 address must be represented by a number or an asterisk.
Specifies the IP addresses that are allowed to make inbound connections. Use a comma to separate the IPv4 or IPv6 addresses to which you want to allow access on inbound UDP connection requests.
Specifies the port to which this channel is bound.
Use this page to view and configure a session initiation protocol (SIP) transport channel.
Use this page to view and configure a SIP proxy channel.

ClassLoaders
All Classloaders
Detail
ClassLoader Display
Classloader Delegation Hierarchy
Classloader Attributes
Search
Table View
Export
Topology
Class Loader Viewer
Classloader Properties
Enterprise Applications Topology
Enterprise Application ({0})
Classes
Table View
Search
Search by Class Name

Search by Path
Class/Package
JAR/Directory
Search!
Class Loader
Attribute
Shared
Classes
Delegation
Classpath
Code Source
Interface
JDK Extension Loader
JDK Application Class Loader
WAS Bootstrap Extension Class Loader
WAS Jar Extension Class Loader
WAS Protection Class Loader
WAS Module - Jar Class Loader
WAS Module - Compound Class Loader
Search
Search Type
Search String
The input fields Search String is required.
View Module Class Loader
View Class Loader (Select Server)
Error Occurred {0}
Class Loader Viewer Service

Displays the class loader hierarchy for an application.
Displays information about the class loaders for this module.

Use this page to see a tree view of the class loader delegation hierarchy.
Use this page to see a tree view of the class loaders and their attributes.
Use this page to search class loaders for specific JAR files, paths, or classes.
Use this page to examine the class loaders visible to a Web module (.war file) or enterprise bean (.ejb file) in an installed enterprise application. This page helps you to determine which class loaders loaded files of a module and to diagnose problems with class loaders.
Use this page to see where modules reside in a topology of enterprise applications. Knowing where a module resides helps you to determine which class loader loaded a module and to diagnose problems with class loaders. To view a class loader, select a module within an enterprise application in the topology.
Use this page to view classes loaded by a class loader.

Use this page to search class loaders for specific information. You can search class loaders for specific strings, specific JAR files, the names of files in a specific directory, or the names of files loaded by a specific class loader. The search is case sensitive.
Use this page to view class loaders having the specified string within a class name.
Use this page to view class loaders by name.
Use this page to view class loaders in the specified path.
Search is not used.
Search type is not used
Search string is not used
Click to view details on the class loaders that loaded this module.
The selected module is running on multiple servers. Select a server to view details on the class loader that loaded the module.
Enable or disable service to keep track of classes loaded


A file name cannot be obtained. These files are usually loaded from {0}.

Show Detail
Core group bridge settings
Core group bridge settings
Core group access points
Peer access points
Access point groups
Access point groups
Access point group
Peer access points
Core group access points
Name
Access points
Select only one access point from the available or selected lists to show the detail.
Create a new access point group
Specify a name
Add core group access points
Add peer access points
Confirm the new access point group
Specify a name for the access point group
Access point group name
Specifies the display name for the access point group.  The name must be unique within the cell.
Move the selected core group access points from the the list on the left to the list on the right by clicking the >> button.
Move the selected peer access points from the the list on the left to the list on the right by clicking the >> button.
Select the core group access points to add to the \"{0}\" access point group.  
Select the peer access points to add to the \"{0}\" access point group.  
To view or edit a core group access point, select one from either list and click Show Detail.
To view or edit a peer access point, select one from either list and click Show Detail.
To create a new core group access point, click New.
To create a new peer access point, click New.
To save your changes, click OK.
Available core group access points:
Core group access points in \"{0}\" :
Available peer access points:
Peer access points in \"{0}\":
A summary of your selections follows. Click Finish to create the access point group.
If changes are required, click Previous to review the access point group settings.
Create new access point group \"{0}\" in cell \"{1}\" with core group access points \"{2}\" and peer access points \"{3}\".
An error occurred when creating the new access point group.
The new access point group \"{0}\" is created successfully.
No wizard form bean is found in the session.
The new access point group name \"{0}\" is not valid.
The new access point group name \"{0}\" must be unique within the cell.
All peer access points in an access point group must be in different cells.
An access point group must have only one core group access point per core group when the access point group also contains peer access points.
Access point groups must contain core group access points. An access point group must contain either one core group access point with one or more peer access points, or multiple core group access points.
An access point group must contain at least two access points. An access point group must contain either one core group access point with one or more peer access points, or multiple core group access points.
An access point group must not contain a peer access point and multiple core group access points. An access point group must contain either one core group access point with one or more peer access points, or multiple core group access points.
An access point group must contain either one core group access point with one or more peer access points, or multiple core group access points.
Core group access points
Specifies the core group access points that are associated with this access point group.
Name
Core group
New core group access point name \"{0}\" is not valid.
New core group access point name \"{0}\" must be unique.
Create new peer access point
Specify the name, cell, core group and core group access point
Specify either a peer port or a proxy peer access point
Confirm the new peer access point
Specify a name for the peer access point
Specifies the display name for the peer access point. This name must match the name that is specified for the core group access point in the other cell configuration.
The new peer access point \"{0}\" is created successfully.
An error occurred when creating the new peer access point.
No wizard form bean is found in the session.
A summary of your selections follows. Click Finish to complete the peer access point creation.
If changes are required, click Previous to review peer access point settings.
Create a new peer access point \"{0}\" in cell \"{1}\" with core group \"{2}\" and port \"{3}\":\"{4}\".
Create a new peer access point \"{0}\" in cell \"{1}\" with core group \"{2}\" and peer port \"{3}\".
Provide a valid name for the host.
Provide a valid integer as the port.
Peer access points
Specifies access points for core groups in other cells.
Name
Cell
Core group
Core group access point
Peer addressability
Must specify valid peer ports or a proxy peer access point.
Use peer ports
Host
Port
Peer ports
Peer port
Specify a valid peer port.
Use a proxy peer access point
Select a proxy peer access point.
Proxy peer access point
The new peer access point name \"{0}\" is not valid.
The new peer access point name \"{0}\" must be unique.
The new peer port name \"{0}\" is not valid.
No peer ports are defined. Define valid peer ports for this peer access point using \"{0}\".
Bridge interfaces
Bridge interfaces provide access to the core group access point.
Node
Core group access point
Server
Transport channel chain
Server
Core group transport type must be set to channel framework for bridge interfaces.

Use this page to configure communication between core groups within the same cell and between core groups in different cells. Within an access point group, you can define core group access points to set up communication between core groups in the same cell, and peer access points to set up communication between core groups in different cells.
Specifies the name of the default access point group for this cell.
Specifies an access point group that supports communication between core groups in different cells must contain only one core group access point with one or more peer access points.  This access point group name must match the name of the access point group in the peer cells.
Use this page to associate core group access points and peer access points with this access point group. Each core group in the cell should be associated with either a core group access point or a peer access point. An access point group that supports communication between core groups in this cell must contain only core group access points. Peer access points are used to establish communication between core groups in different cells. An access point group that supports communication between core groups in different cells must contain only one core group access point with one or more peer access points.
Use this page to associate core group access points and peer access points with this access point group.
Specifies access points for core groups in other cells.
Specifies access points for core groups in this cell.
Specifies the display name for the access point group.  The name must be unique within the cell.
Specifies the core group access points and peer access points that are defined for the access point group. Define core group access points for core groups in this cell.  Define peer access points for core groups in different cells.
Use this page to create a new access point group.
Use this page to select the core group access points that are included in the selected access point group. The core group access point defines the named access point for a core group in this cell.
Specifies the name of a core group access point. The name must be unique within the cell. If this core group access point is referenced in the configuration of a peer access point of another cell, the access point name that is specified in the other cell must match this name.
Specifies the core group that is associated with the core group access point.
Use this page to create a new peer access point
Each peer access point is used to communicate with a core group in another cell. A peer access point corresponds to a core group access point in the other cell.
Specifies the name of a peer access point. The name must be unique within the cell.
Specifies the name of the cell that contains this access point.
Specifies the core group that contains this access point.
Specifies the name of the core group access point in another cell.
Specifies the peer ports used to make the peer access point directly accessible within this access point group. If the peer access point is only reachable  indirectly through another peer access point, a proxy peer access point must be used.
Specifies the ports that can be used to reach the peer access point. A port corresponds to the bridge interface settings of a core group access point in the peer cell.
Specifies the proxy peer access point. A proxy peer access point is another peer access point that can reach the peer access point directly.  The proxy peer access point forwards communications to the peer access point. The proxy peer access point must be a peer access point with defined peer ports.
Use this page to select the bridge interfaces that you want to use to provide access to the core group access point. A bridge interface is a server that is running the core group bridge service, and is defined by a unique combination of node, server, and transport channel chain.
Specifies the node that corresponds to the server.
Specifies the core group access point that is associated with this bridge interface.  A core group bridge service can have only one bridge interface per core group access point.
Specifies the server that is running the core group bridge service.
Specifies the transport channel chain that is used by the core group bridge service for this core group access point.
Specifies the node and the server that contain a bridge interface for the core group access point.

View Deployment Descriptor
Deployment Descriptor
Expand and collapse the application deployment descriptor data to view.
The deployment descriptor could not be read.
The node agent could not be reached in order to view the deployment descriptor. Start the node agent to view the deployment descriptor.
Collapse All
Expand All
View Web application deployment descriptor
View SIP application deployment descriptor

View the Deployment Descriptor

Cluster
WebSphere Environment
Administrative Servers
WorkSpace Exception  {0}.
{1} operation on {0} failed.
{1} operation on {0} failed: {2}
Regenerate encryption key
Regenerates the encryption key for use with Data Encryption Standard (DES) and 3DES encryption. This key is ignored if encryption is not used.
ImmediateStop
Weight must be a positive integer value
Node
Nodes
Cell
Node agents
Deployment manager
Deployment manager
Node agent
Node agents
File transfer service
File synchronization service
File transfer service
File synchronization service
Synchronization interval
Automatic synchronization
Startup synchronization
Publish synchronization
Synchronize application binaries
Exclusions
TCP
UDP
multicast
Restart all Servers on Node
Select the node where the new application server will reside.
Select Node:
The node agent on node {0} is not active
The node agent on node {0} must be started to perform the restart operation. Node agents in stopped state can not be started from the console.
An error occurred while stopping the node agent on node {0}. Check the logs for more details.
An error occurred while restarting the node agent on node {0}. Check the logs for more details.
An error occurred while restarting the server processes on node {0}. Check the logs for more details.
Node {0} was stopped successfully
An error occurred while stopping the server processes on node {0}. Check the logs for details.
The node agent on node {0} is not active. It must be started in order to stop the node.
The node agent on node {0} was stopped successfully
The node agent restart operation on node {0} was initiated successfully.
The server processes on node {0} are now stopped and are being restarted.
The server can not be created because no nodes are available to host the server
The node {1} is not synchronized with the master configuration. This may prevent cluster member {0} from starting correctly.
The node {1} is not synchronized with the master configuration. This may prevent cluster member {0} from stopping correctly.
Config URL
Config URL is a required parameter when security is enabled
In the Config URL parameter, replace WAS_HOME with the directory where the remote WebSphere instance is installed
Retries count
Retry wait time
Backup clusters
Domain bootstrap address
Backup cluster name
Server clusters
Backup Clusters
Cluster members
Description
Prefer local
Servers
Status
Enable failover of transaction log recovery
High availability support for persistent services cannot be enabled because recovery log service configuration is not complete.
Starting
Partially Started
Running
Stopping
Partially Stopped
Stopped
Cluster member
Cluster
Member name
Weight
Unique ID
Configured weight
Runtime weight
Cluster topology
Clusters
Create a new cluster
Enter basic cluster information
Create first cluster member
Create additional cluster members
Summary
Cluster name {0} already exists.
Cluster name is a required field.
There are no nodes available to host a cluster member, but you may create an empty cluster. You may add members to this cluster after you add a node to the cell.
The {1} operation on Cluster {0} has been initiated. It may take several minutes for this operation to complete.
The start operation on cluster {0} has been initiated. It may take several minutes for each cluster member to finish starting.
The stop operation on cluster {0} has been initiated. It may take several minutes for each cluster member to finish stopping.
The ripple start operation on cluster {0} has been initiated. Each cluster member will be stopped and started in sequence. It may take several minutes for this operation to complete.
The immediate stop operation on cluster {0} has been initiated.
Cluster {0} is starting.
Cluster {0} is running.
Cluster {0} is stopping.
Cluster {0} has stopped.
There may be a delay in updating the status.
Mbean for   {0}  is missing.
Cluster name
Prefer local:
wlcID
State
Create new cluster members
Create first cluster member
Create additional cluster members
Summary
Existing server:
Select an existing server to add to this cluster
Do not include an existing server in this cluster
Choose a server from this list:
Weight:
Choose an existing server as a cluster member. A list of servers that are not already part of existing clusters is provided. You can specify the weight for this cluster member.
HTTP ports:
Cluster {0} and all of its cluster members were deleted successfully.
Cluster member {0} will not be started because the Node Agent on node {1} is not active. Cluster members can be started individually from the cluster member collection panel.
Cluster member {0} will not be stopped because the Node Agent on node {1} is not active. Cluster members can be stopped individually from the cluster member collection panel.
Cluster {0} must be in stopped status to be removed.
{0} can not be deleted because there are applications installed on this cluster. Uninstall the applications and try this operation again.
An error occurred while deleting cluster {0}. Check the logs for more details.
An error occurred while deleting cluster member {0}. Check the logs for more details.
Cluster member {0} can not be deleted because it is running.
Cluster member {0} cannot be terminated because the node agent on node {1} is not active.
Core Group
The new cluster could not be created: {0}
The new cluster member could not be created: {0}
The new cluster member could not be created because the existing cluster members are version 5.x and cannot be used as a template.
Application servers
Nodes
{0} is not a valid cluster name. The name can only contain letters, numbers, and certain other characters.
{0} is not a valid name for a cluster member. The name can only contain letters, numbers, and certain other characters.
Weight is required
Weight must be an integer between 0 and 20.
Weight must be an integer
Successfully changed the configured weight for {0}.
Failed to change the configured weight to "{0}" for member {1}: {2}
Successfully changed the runtime weight for {0}.
Failed to change the runtime weight to "{0}" for member {1}: {2}
Make Idle
Add Member
Update Member
There is already a server with the name {0} on the same node, server names must be unique within a node.
You must select at least one cluster member to perform this action.
You must select at least one cluster to perform this action.
Cluster {0} must have at least one member to perform the specified action.
(0..20)
The configuration for cluster {0} has changed. You must save the configuration to the master repository before starting or stopping the cluster.
Clone Template
Clone Type
A cluster member cannot be created on node {0} because the node is at version {1}.x, and there are no version {2}.x server templates or application servers to use as a template.
Cluster Topology
Server cluster
Cluster member templates
Member name is a required field.
A template server must be selected.
Select template:
Default application server template
Choose a server template from this list:
Existing application server
Prefer local enabled
Short name
Unique ID
Short name
Foreign cell
Bootstrap Address
Name
Bounding node group name
(none)
More than one node group bounds the selected node. Node group {0} is chosen by the system.  The bounding node group for the cluster can be changed in the server cluster configuration view.
Export route table
The route table for cluster {0} was exported to file {1}.
Exception {0} occurred while trying to export the route table for cluster {1}.  Check the logs for more details.
An error occurred while trying to export the route table for cluster {0}.  Check the logs for more details.
Delete Cluster
Click the OK button below to delete the following cluster(s). If you do not wish to delete the clusters, click the CANCEL button to return to the prior page.
Backup cluster
Domain bootstrap address
Backup cluster name
Domain bootstrap address
Host
Port
There was an error accessing the MBean for this cluster. If this is a newly defined cluster, you must save the configuration to the master repository before the runtime values can be accessed.
Prefer local. Specifies whether enterprise bean requests will be routed to the node on which the client resides when possible.
Configure HTTP session memory-to-memory replication
Select basis for first cluster member:
Generate unique HTTP ports
Create the member using an application server template.
Create the member using an existing application server as a template.
Create the member by converting an existing application server.
None. Create an empty cluster.
The "Previous" button is not allowed when the cluster already contains cluster members.
Cluster member {0} on node {1} already exists in the list of cluster members.
The "Edit" operation can only be performed on one member at a time.  The first selected member from the list will be edited.
Configuring a cluster and making applications highly available



Use this page to stop the deployment manager from running, and to link to other pages which you can use to define additional properties for the deployment manager. The deployment manager provides a single, central point of administrative control for all elements of the  Application Server distributed cell.
Use this page to manage node agents and application servers on the node that a node agent manages. The node agent process serves as an intermediary between the application servers on the node and the deployment manager. The node agent process runs on every node and is specialized to perform node-specific administration functions, such as server process monitoring, configuration synchronization, file transfer, and request routing.
Specifies the service logic that moves files between this node and the deployment manager
Specifies the service logic that keeps the files synchronized for this node
Use this page to configure the service that transfers files from the deployment manager to the nodes. The file transfer uses the HTTP protocol.
Use this page to configure the file synchronization service. The file synchronization service runs in the deployment manager and node agent. It ensures that configuration changes made to the cell repository are propagated to the appropriate node repositories.
Specifies the number of minutes that elapse between synchronizations. This value is not used if automatic synchronization is disabled.
Specifies whether to synchronize files automatically after a designated interval. When enabled, the node agent contacts the deployment manager every synchronization interval to attempt to synchronize the node configuration repository with the master repository of the deployment manager.
Specifies whether to synchronize configuration files when this node agent starts a server. When enabled, the node agent attempts to synchronize the node configuration with the latest configuration in the master repository before starting an application server.
Specifies whether changes to the configuration settings in the master repository are immediately sent to the servers.  The default synchronization mode is for periodic synchronization, in which nodes periodically wake up and synchronize with the master repository.
Specifies whether to synchronize configuration data in application binary files. When enabled, changes to application binary files at the deployment manager are copied to the nodes on which the applications run.
Specifies files or patterns to exclude during synchronization of configuration data.
Specifies the security settings that enables a remote application server to communicate with the deployment manager. The default value for this field is file:/properties/sas.client.props, where is the root install directory for the remote application server.
Specifies the number of times you want the file transfer service to retry sending or receiving a file after a communication failure occurs.
Specifies the number of seconds that the file transfer service waits before it retries a failed file transfer.


Specifies the backup cluster failover routing information that is used if an entire cluster fails.  
Specifies the address of the host and port for the bootstrap server for the backup cluster.
Specifies a logical name for the backup cluster. The name must be unique among the cluster.
Use this page to change the configuration settings for a cluster. A server cluster consists of a group of application servers. If one of the member servers fails, requests will be routed to other members of the cluster.
Use this page to change the configuration settings for a cluster. A server cluster consists of a group of application servers. If one of the member servers fails, requests will be routed to other members of the cluster. Learn more about this task in a <a href="/ibm/console/navigatorCmd.do?forwardName=guidedactivity.clustering">guided activity<\/a>. A guided activity provides a list of task steps and more general information about the topic.
Specifies routing information to a failover cluster that is used if an entire cluster fails.
Use this page to manage the members of a cluster. A cluster of application servers are managed together and participate in workload management.
Specifies a logical name for the cluster. The name must be unique among clusters within the containing cell.
Specifies whether enterprise bean requests will be routed to the node on which the client resides when possible.

Specifies that the recovery of transactions is allowed to failover from one cluster member to another. Transaction log recovery requires several configuration steps, and this is one of the steps in that process.
Use this page to manage the members of a cluster. A group of servers that are managed together and participate in workload management for a group of applications. Requests to cluster members are rerouted when failures occur.
Use this page to view and manage application servers that belong to a cluster. You can also use this page to change the weight or unique ID of any of the listed application servers.
Use this page to view and manage application servers that belong to a cluster. You can also use this page to change the weight of any of the listed application servers. Learn more about this task in a <a href="/ibm/console/navigatorCmd.do?forwardName=guidedactivity.clustering">guided activity<\/a>. A guided activity provides a list of task steps and more general information about the topic. The configuration of new cluster members is based on a server configuration template that is stored as part of the cluster data. This template is based on the first cluster member and is used to create all subsequent cluster members. Modifications to the configuration of an individual cluster member has no effect on the cluster member template.
Specifies the name of a server in the cluster.
Specifies the amount of work that is directed to the application server. If the weight value for the server is greater than the weight values that are assigned to other servers in the cluster, the server receives a larger share of the cluster workload. On the  platform, weight is used to balance some of the workload types, but others are balanced by the  system.
Specifies a numerical identifier for the application server that is unique within the cluster. The ID is used for affinity.
Use this page to view the list of cluster member templates that exist for this cluster. You may also edit the server properties of a template. If you modify a template, all new cluster members will be created with the server attributes of the modified template, but existing members will not be modified. Typically you will have only one template per cluster. If you have a cluster with mixed version nodes, however, you will have one template per WebSphere version.
Use this page to create a cluster member to represent an application server in a cluster.
Specifies the name of this cluster.
Enable or disable node scoped routing optimization.
The currently registered workload controller (WLC) id for this cluster.
Specifies whether cluster members are stopped, starting, or running.



Use this page to add application servers to a cluster.
Specifies whether the cluster members must be created using either a default template or an existing application server as a model. Each member of a cluster is required to use the same model.
Specifies the name of the new cluster member.
Specifies the node on which this new cluster member is created.
Specifies if a replication entry is created for the new cluster member
Specifies the core group to which this cluster member belongs.
This page displays the list of application server clusters in a tree format.





Specifies the short name of the cluster. This name can contain one to eight uppercase characters, which can be alphanumeric or the special characters at-sign (@), number sign (#), dollar sign ($), or ampersand (&). It cannot start with a numeral. This field only applies to the z/OS platform.
Specifies the cluster member's server specific short name. This name can contain one to eight uppercase characters, which can be alpha-numeric or the special characters, @#$&. It cannot start with a numeric. This field only applies to the  platform.
Specifies the unique ID of this cluster.



Specifies a cell that is not the current one. Some other cell.
Specifies the bootstrap host containing the NamingServer for the foreign domain.
Specifies the name of the foreign domain.  This name will match the name of another domain. This name is specified during product installation.  The name is the name used to identify a node agent that is based upon that node's configuration.


Specifies the name of the node group that bounds this cluster.  Use the node group collection view to add this node to additional node groups.






Use this page to specify a backup cluster. If the entire cluster fails, the backup cluster supplies failover routing information.
Specifies the bootstrap host and port for the deployment manager that contains the backup cluster. In order to utilize the backup cluster function, the host and port must be set, and a core group bridge must be configured.
Specifies a logical name for the backup cluster.
Specifies the cluster designated as the backup.
Specifies the bootstrap host and port for the deployment manager that contains the backup cluster.
Specifies the bootstrap host for the deployment manager of the backup cluster.
Specifies the bootstrap port for the deployment manager of the backup cluster.


Configure HTTP memory-to-memory replication.
The first cluster member determines the server settings for the cluster members. A server configuration template is created from the first member and stored as part of the cluster data. Additional cluster members are copied from this template.
Determines the first cluster member settings.

Dynamic cache service
Disk Cache Settings
entries
seconds
SHARED
NOT_SHARED
Shared
Not shared
The external cache group name \"{0}\" already exists.
Startup state:
Enable service at server startup
Cache size
Default priority
Disk Cache settings
Disk offload:
Enable disk offload
Offload location:
Hash size:
Limit disk cache size in GB
Disk cache size
GB
Limit disk cache size in entries
Disk cache size
entries
Limit disk cache entry size
Disk cache entry size
MB
Performance Settings
Disk cache performance level
High performance and high memory usage
Balanced performance and balanced memory usage
Low performance and low memory usage
Custom
Disk cache cleanup frequency
minutes
Eviction Policy
Disk cache eviction policy
Algorithm
None
Size
Random
High threshold
%
Low threshold
%
The Low threshold value for the Eviction Policy must be less than High threshold value.
Consistency settings
Cache replication:
Enable cache replication
Advanced
External cache groups
Name
Type
External cache group
External cache group members
External cache group member
Address
Adapter bean name
Cache size
Default priority
Disk offload location
Cache instances
Object cache instances
Enable disk offload
Hash size
Push frequency
Replication type
Cache provider
Flush to disk
Use listener context
The object cache instance name \"{0}\" already exists.
The object cache instance JNDI name \"{0}\" already exists.
Cache replication
Cache size
Default priority
Disk offload location
Servlet cache instances
Enable disk offload
Hash size
Push frequency
Replication type
Flush to disk on Stop
Use listener context
The servlet cache instance name \"{0}\" already exists.
The servlet cache instance JNDI name \"{0}\" already exists.
Cache replication
Replicator
Disk Cache settings
Consistency settings
Dependency ID support
Full group replication domain
No full group replication domains are defined.
Create a new replication domain.
Disk Cache Custom Performance Settings
Maximum buffer for cache identifiers per metadata entry
Maximum buffer for dependency identifiers
Maximum buffer for templates

The dynamic cache service consolidates caching activities to improve application performance. By caching the response from servlets, Web services,  Server Pages (JSP) files, and  Application Server commands, the application server does not have to perform the same computations and back-end queries multiple times.
Specifies sets of external caches that are controlled by  Application Server on servers such as   Edge Server and  HTTP Server.
Use cache replication to enable sharing of cache IDs, cache entries, and cache invalidations with other servers in the replication domain.
Enable disk offload to specify that when the cache becomes full, the cache entries are saved to disk. The location is a fully-qualified directory location that is used by the disk offload function. The  option specifies that whenever the server is stopped, the in-memory contents of the cache are moved to disk.
Specifies a positive integer defining the maximum number of entries the cache holds in memory.
Specifies the default priority for cache entries. Lower priority entries are removed from the cache before higher priority entries when the cache is full. The priority for individual cache entries can be changed through the cache policy file. The default value is 1.
Specifies the algorithm for distributing shared cache entries to cooperating dynamic caches that are connected through cache replication.  This value must be set to one of the dynamicCacheReplicationKind values.
Specifies a time interval in seconds, that is used when the replication type is PUSH. The default value is 1.

Enable disk offload to specify that whenever the cache becomes full, cache entries are removed from the cache and saved to disk.
Specifies a directory to use for disk offload.
Set this value to True to have objects that are cached in memory saved to disk when the server is stopped. This value is ignored if  is false.
Enables the limit for the maximum disk cache size, in gigabytes (GB).
Specifies a value for the maximum disk cache size, in gigabytes (GB).
Enables the limit for maximum disk cache size, in number of entries
Specifies a value for the maximum disk cache size, in number of entries.
Specifies a value for the maximum size of an individual cache entry, in megabytes (MB).
Specifies a value for the maximum size of an individual cache entry, in megabytes (MB).
Specifies the level of performance and memory usage of the disk cache.
Specifies the level of performance that is required by the disk cache.
Indicates that all metadata is kept in memory.
Indicates that some metadata is kept in memory. This is the default performance setting;  it provides an optimal balance of performance and memory usage for most users.
Indicates that limited metadata is kept in memory.
Indicates that the administrator will explicitly configure the memory settings that are used to support the above background activity.
Specifies a value for the disk cache cleanup frequency, in minutes. If this value is set to 0, the cleanup runs only at midnight.
Specifies the eviction algorithm and thresholds that the disk cache uses to evict entries
Specifies the eviction algorithm that the disk cache uses to evict entries after the high threshold is reached.
No eviction policy, so the disk cache can grow until it reaches its limit, at which time the dynamic cache service stops writing to disk.
When the disk size reaches a high threshold limit, the disk cache garbage collector wakes up and evicts randomly selected entries on the disk until the size reaches a low threshold limit.
When the disk size reaches a high threshold limit, the disk cache garbage collector wakes up and evicts the largest entries on the disk until the disk size reaches a low threshold limit.
Specifies when the eviction policy is executed.
Specifies when the eviction policy is terminated.

Specifies a hash size when disk offload is enabled. Valid values are powers of 2.  For example, 1, 2, 4, 8, and so on.
Use this page to define sets of external caches that are controlled by  Application Server on Web servers, such as  Edge Server and  HTTP Server.
Members of an external cache group that are controlled by  Application Server.
Specifies a unique name for the external cache group. The external cache group name must match the ExternalCache property that is defined in the servlet or  Server Pages (JSP) cachespec.xml file.
Currently, only shared external cache groups supported.
A single external cache that  Application Server controls.
Specifies the host name and port number of the external cache.  
Specifies the name of a class, which is located on the  Application Server class path, of the adapter between  Application Server and this external cache.
Specifies that dynamic cache service is enabled at the time of server startup.
Enable cache replication to have dynamic cache share cached objects with other servers in the same replication domain.
Specifies a positive integer that defines the maximum number of entries that the cache can hold. Values are usually in the thousands. The minimum value is 100, with no set maximum value. The default value is 2000.
Specifies the default priority for cache entries. Lower priority entries are removed from the cache before higher priority entries when the cache is full. The priority for individual cache entries can be changed through the cache policy file. The default value is 1.
An object cache instance is a location, in addition to the default shared dynamic cache, where  2, Enterprise Edition (J2EE) applications can store, distribute, and share data.  This gives applications greater flexibility and better tuning of the cache resources.   Use the DistributedObjectCache programming interface to access this cache instance.  See the DistributedObjectCache API documentation in the  Application Server Javadoc for more information.
Specifies a directory to use for disk offload.
Enable disk offload to specify that whenever the cache becomes full, cache entries are removed from the cache and saved to disk. The location is a fully-qualified directory location that is used by the disk offload function. The  option specifies that whenever the server is stopped, the contents of the memory cache are moved to disk.  
Specifies a hash size when disk offload is enabled. Valid values are powers of 2.  For example 1, 2, 4, 8, and so on.
Specifies a time interval, in seconds, that is used when the replication type is PUSH. The default value is 1.
Specifies the sharing policy of cached entries across application servers.

Set this value to True to have objects that are cached in memory saved to disk when the server is stopped. This value is ignored if  is set to False.
Set this value to True to have invalidation events sent to registered invalidation listeners that use the  2 Platform, Enterprise Edition (J2EE) context of the listener.
Specifies that the dynamic cache service supports cache entry dependency IDs. Disable this option if you do not need to use dependency IDs. Dependency IDs specify additional cache group identifiers that associate multiple cache entries to the same group identifier in your cache policy.
Use cache replication to enable sharing of cache IDs, cache entries, and cache invalidations with other servers in the replication domain.
A positive integer that defines the maximum number of entries that the cache can hold. Values are usually in the thousands. The minimum value is 100, with no set maximum value. The default value is 2000.
Specifies the default priority for cache entries. Lower priority entries are removed from the cache before higher priority entries when the cache is full. The priority for individual cache entries can be changed through the cache policy file. The default value is 1.
A servlet cache instance is a location, in addition to the default shared dynamic cache, where dynamic cache can store, distribute, and share data.  This gives applications greater flexibility and better tuning of the cache resources.   The  Naming and Directory Interface (JNDI) name specified for the cache instance is mapped to name attribute in the cache-instance tag in the cachespec.xml configuration file.
Specifies a directory to use for disk offload.
Enable disk offload to specify that whenever the cache becomes full, cache entries are removed from the cache and saved to disk. The location is a fully-qualified directory location that is used by the disk offload function. The  option specifies that whenever the server is stopped, the contents of the memory cache are moved to disk.  
Specifies a hash size when disk offload is enabled. Valid values are powers of 2. For example 1, 2, 4, 8, and so on.
A time interval that is specified in seconds and is used when replication type is PUSH. The default value is 1.
Specifies the sharing policy of cached entries across application servers.
Set this value to True to have objects that are cached in memory saved to disk when the server is stopped. This value is ignored if enable disk offload is disabled.
Set this value to True to have invalidation events sent to registered invalidation listeners using the  2 Platform, Enterprise Edition (J2EE) context of the listener.
Configure distributed cache replication settings in order to maintain cache consistency across cache instances on different application servers.
Specifies a replication domain or replicator that is used to replicate information.
The disk cache custom performance settings allow the administrator to explicitly set the memory usage settings of the disk cache.
Specifies a value for the maximum number of cache identifiers that are stored for an individual dependency ID or template in the disk cache metadata in memory.
Specifies a value for the maximum number of dependency identifier buckets in the disk cache metadata in memory.
Specifies a value for the maximum number of template buckets that are in the disk cache metadata in memory.

Environment
Shared Libraries
The variable was not found.
The variable {0} cannot be deleted.
The variable {0} cannot be edited.
Missing required values
The library was not found.
WebSphere Variables
WebSphere Variables
Value
End Point
Host
Port
Transport
address
Properties
External
SSL Enabled
SSL
Property
Name
Value
Description
Optional
Validation Expression
A property with name {0} already exists. You must use a unique property name.
A variable with name {0} already exists. You must use a unique variable name.
Property Set
Properties
Typed Properties
description
Typed Property
Type
Shared Libraries
Classpath
Native Library Path
WebSphere Application Server on IBM.com
http:// www.ibm.com / software / webservers / appserv/
Find product information on IBM.com about the WebSphere software family.  i5/OS information is found on the WebSphere Application Server for i5/OS product Web site.
About your WebSphere Application Server
Access Help:
Build Number:
Build Date:
developerWorks WebSphere
http:// www.ibm.com/ developerworks/ websphere/
Get the latest technical articles, best practices, tutorials and much more in the WebSphere Application Server Zone.
Documentation
http:// www-3.ibm.com / software / webservers / appserv/
For documentation, including articles and PDF files, visit the online information center.
Virtual Hosts
The virtual host was not found.
Error: The virtual host "{0}" already exists.
Error: A host alias with host name "{0}" and port "{1}" already exists.
Changing the settings for this virtual host may affect applications which are currently bound to run on it.  You must manually review the virtual host mappings for each application to ensure that they are correct.
Missing MIME type
Cannot find the MIME entry.
Cannot find the host alias.
Virtual Hosts
Host Aliases
MIME Types
You must select at least one virtual host to perform this action.
MIME Type
Extensions
Host Name
Port
Update global Web server plug-in configuration
An error occurred while updating the Web server plugin configuration. Check the logs for details.
The Web server plug-in configuration was updated successfully.
Update global Web server plug-in configuration
View or download the current Web server plug-in configuration file
Name Space Bindings
String
EJB
CORBA
Indirect
Name
Scope
The binding identifier "{0}" already exists in this scope.
A binding with name in name space "{0}" is already configured in this scope.
The name space binding was not found.
Name Space Bindings
Binding identifier
Name in name space
Binding type
EjbNameSpaceBinding
JNDI name
Server
Node
Server cluster
Single server (Node is required)
Enterprise Bean Location
Specify the location of the enterprise bean by providing the node name.
Specify the location of the enterprise bean.  If the enterprise bean is running in a server cluster, select 'Server Cluster'.  Otherwise, select 'Single Server' and provide the node name.
CORBAObjectNameSpaceBinding
Corbaname URL
Federated context
IndirectLookupNameSpaceBinding
Provider URL
JNDI name
StringNameSpaceBinding
String value
New Name Space Binding
Specify binding type
Specify basic properties
Specify basic properties
Specify basic properties
Specify basic properties
Summary
Specify additional context properties
Enter any additional properties to pass to the javax.naming.InitialContext constructor. Click Apply to add a new property. Select a property already in the list, and click the Edit button to edit it. Select a property already in the list, and click the Delete button to remove it.
Name
Other Context Property
Name
Value
Description
Value
Description
Edit
Property name not set.
Property value not set.
Other Context Properties
Initial context factory name
Other context property name {0} already exists
The node was not found.
One or more domains have no replicators defined.
None of the existing domains have replicators defined.
Node
Custom Properties
Name
Status
Synchronized
Not synchronized
Discovery Protocol
Nodes
Cell
Foreign Cells
Custom Properties
Name
Cell Discovery Protocol
Discovery Address Endpoint Name
Multicast Discovery Address Endpoint Name
UDP
TCP
MULTICAST
Add Node
Remove Node
Force Delete
Add Node
Host
JMX connector port
RMI connector port
Include applications
Include buses
JMX connector type
SOAP
RMI
Deployment manager user name
Deployment manager password
User name
Password
Application server user name
Application server password
Deployment manager user name is a required parameter.
Deployment manager password is a required parameter.
Application server user name is a required parameter.
Application server password is required if an application server name is provided.
Adding node
The new node will not be available in the console until you log in again.
Logout from the WebSphere Administrative Console
Node connection
Starting port
Specify
Use default
Port number
A starting port number is required if you select to specify a node agent starting port.
Options
Removing node
The node will be listed in the console until you log in again.
Host name is a required parameter.
Port is a required parameter.
The add node operation failed. Check the server logs for details.
The add node operation failed because the deployment manager could not connect to the remote server. Check the host name and port values and make sure the server is running.
Return to the node wizard
The deployment manager has initiated the federation of the node on host {0} into the cell. This operation may take several minutes to complete. Check the addNode.log file on {0} for details on this operation. You will need to log into the console again after the operation has completed to see the new node in the console.
The console has not received information on the add operation in a timely manner. The state of the operation is indeterminate. Check the add node log for details.
The deployment manager is removing {0} from the cell. This operation may take several minutes to complete. You will need to log into the console again after the operation has completed to see the node removed from the list of available nodes in the console.
The remove node operation did not complete successfully. Check the remove node and server logs for details.
Failed to remove node {0}. Check the server logs for details.
The remove node operation failed for node {0}. The underlying error is as follows: {1}
The node agent on node {0} is not active. The node can not be removed.
The console has not received information on the remove operation in a timely manner. The state of the operation is indeterminate. Check the remove node log for details.
The add node operation failed because the remote instance could not be located. Check the host and port values and make sure that the remote application server instance is running.
Failed to initiate the synchronization request for node {0}. Check the deployment manager's SystemOut.log and the node agent's SystemOut.log for more error information.
The synchronize operation is not valid for the deployment manager node {0}.
The remove operation is not valid for the deployment manager node {0}.
The stop operation is not valid for the deployment manager node {0}.
The node {0} is already synchronized.
The synchronize operation can not be performed on node {0} because its node agent is not active.
The stop operation is not valid for unmanaged node {0}.
Synchronization operations are not valid for unmanaged node {0}.
Unknown
Synchronize
Synchronize All
Full Resynchronize
Remove Node
Removing a node will cause the node to be immediately removed from the master configuration repository. The changes will not be reflected in your workspace until you login to the console again.
Click the OK button to remove the following nodes, or click the Cancel button to return to the prior page.
The remove node operation can only be performed on one node at a time.
Force delete
The force delete option removes nodes from the master repository that are not removed properly from the cell.  The Remove Node action is preferred to delete a node from the configuration.  If you continue with this operation, you need to uninstall the node or run the remove node utility using the -force option at that node.
Click OK to delete this node.  If you do not want to delete the nodes, click Cancel.
Node {0} cannot be deleted. Verify that the node configuration resources are not locked. Check the deployment manager error log for additional problem determination information.
Environment Services
J2EE Resources
Unknown
Not applicable
No version
Not applicable
Platform Type
Host Name
Add Managed Node
Add Managed Windows Node
Managed node
Unmanaged node
Specify whether to run the node agent as a Windows service.  Click OK to continue with the add node action.  Click cancel to modify add node options.
You specified a password but not a user ID.  If you provide a password, the user ID must also be set.
The passwords that you entered do not match.  Re-enter and confirm the password to use on the node agent service.
Run node agent as Windows service
Confirm password
You must select one node to perform this action.
You must select at least one node to perform this action.
Windows
AIX
HP-UX
Solaris
Linux
OS/400
z/OS
Successfully initiated synchronization of the repository on node {0} with the deployment manager's repository.
Node {0} already exists and can not be created.
Short Name
Short Name
Node Installation Properties
Node Installation Properties
Name
Value
Back


Name
Name
Name
Foreign Cell Bindings
Foreign Cell Bindings
Specify foreign cell name
Foreign cell name
Specify the foreign cell name and create bootstrap endpoint bindings.
Specify bootstrap addresses
Host name
Port
Port value must be a non-negative integer.
Foreign cell name must be specified.
A bootstrap address must be specified.
Host name {0} already has entry for port {1}
Changing the settings for this foreign cell binding may affect applications which are currently bound to run on it.  You must manually review the foreign cell binding used by each application to ensure that they are correct.
Bootstrap addresses
Bootstrap addresses
Host
Port
Error: The foreign cell binding "{0}" already exists.  
Summary
New Foreign Cell Binding
Foreign cell name
Bootstrap bindings
host
port
Warning: The foreign cell binding contains the deprecated bootstrap address, host "{0}" and port "{1}". Refer to the help page for how to migrate this attribute to the current release level.
Foreign Cell Binding can not be found.

Use this page to define substitution variables. Variables specify a level of indirection for some system-defined values, such as file system root directories. Variables have a scope level, which is either server, node, cluster, or cell.  Values at one scope level can differ from values at other levels. When a variable has conflicting scope values, the more granular scope value overrides values at greater scope levels. Therefore, server variables override node variables, which override cluster variables, which override cell variables.
Specifies the symbolic name that represents a physical path or URL root.
Specifies the absolute path that the symbolic name represents.
Specifies an optional description for your administrative records.
Specifies a communication endpoint used by services or runtime components running within a process.
Specifies the IP address, the full domain name system (DNS) host name with a domain name suffix, or the short DNS host name that a Web client uses to request a Web application resource. Web application resources include servlets, JSP, or HTML pages. Host names on the ports can be resolvable names or IP addresses. The server will bind the port to the specific host name or IP address given. That port is accessible through the IP address that resolves from the given host name or IP address. The IP address can be in IPv4 format on all platforms, or in IPv6 format on operating systems on which the server supports IPv6.
Specifies the port configured for the application server to accept Web client requests. You must specify a port value in conjunction with the host name. Valid port values are between 0 and 65535. A port value of 0 causes the system to pick an ephemeral port. Port numbers on the application server can be reused only when the host names resolve to unique IP addresses (such as for multiple network address cards) and there is not a port with the same port number and a wildcard '*' host name.
Use this page to configure server processes that support various transports for IPC. Web client processes connect to the server using one of the supported transports.
Specifies the address for the transport.
Specifies special configuration properties for the transport. Each type of transport can contain custom properties specified by the transport provider. See the documentation for each transport type to determine if there are special transport property names and what the possible values are for each special property.
Specifies whether this transport is for internal or external use.
Specifies whether to protect connections between the Web server plug-in and the application server with Secure Socket Layer (SSL). The default is not to use SSL.
Specifies the Secure Socket Layer (SSL) settings type for connections between the  plug-in and application server. The options include one or more SSL settings defined in the Security Center; for example, DefaultSSLSettings, ORBSSLSettings, or LDAPSSLSettings.
Specifies an arbitrary name-value pair.  The value is a string that can set internal system configuration properties.
Specifies the name (or key) for the property.
Specifies the value paired with the specified name.
Use this page to provide information about the name and value pair.
Specifies an optional attribute that determines whether this property must have a value.
Specifies a value that the administrative console and some host tools use to validate the contents of the value of this property.
Use this page to define a collection of properties for some purpose.
Some runtime components accept a collection of additional properties that can be used for further customization.  See documentation for that runtime component to determine if special properties can be used.
Some runtime components accept a collection of additional properties that can be used for further customization.  See documentation for the runtime component to determine if special properties can be used.
Specifies a custom property value.  Check the runtime component documentation to determine if additional supported custom properties are available.
Specifies the fully qualified Java type for this property, such as java.lang.Integer or java.lang.Byte.
Use this page to define a container-wide shared library that can be used by deployed applications.
The scope of the shared library.  This value indicates the configuration location for the configuration file.
Specifies the name of the shared library
Specifies an optional description for this shared library.
Specifies a class path that contains the JAR files for this library. Press  to separate class path entries. Entries must not contain path separator characters (such as ';' or ':').  Class paths can contain variable (symbolic) names that can be substituted using a variable map.
Specifies an optional path to any native libraries (DLL or SO files) required by this shared library.
Use this page to create a virtual host with a unique set of Web access ports. Such a configuration lets a single host machine resemble multiple host machines. Each virtual host has a logical name and a list of one or more domain name system (DNS) aliases by which it is known.
Specifies a logical name used for configuring Web applications to a particular host name. The default virtual host is suitable for most simple configurations.
Use this page to edit, create, or delete a domain name system (DNS) alias by which the virtual host is known.
Use this page to edit, create, or delete entries in the collection of MIME type extension mappings defined for the virtual host. If MIME entries are not specified at the Web module level, these MIME entries apply.
Use this page to map a MIME type to one or more file extensions.
Specifies a MIME type that maps the associated file name extensions.
Specifies file extensions that map to the MIME type.
Use this page to edit or create a domain name system (DNS) alias by which the virtual host is known. An alias is the combination of DNS host name and a unique port number. A Web client uses the alias to form the URL request of a Web application resource.  Application resources include servlets, JSP files, or HTML pages. For example, the default_host alias is the myhost.newyork.com:9080 portion of http://myhost.newyork.com:9080/servlet/snoop or the myhost.newyork.com:9043 portion of a secure http://myhost.newyork.com:9043/servlet/snoop URL.
Specifies the IP address, the full domain name system (DNS) host name with domain name suffix, the short DNS host name, or an asterisk (*). An asterisk permits any of the other three values as well as the current value of a Dynamic Host Configuration Protocol (DHCP) address in a Web client request for a Web application resource. Web application resources include servlets, JSP files, or HTML pages.
Specifies the port where the virtual host accepts Web client requests. Specify a unique port value in conjunction with the host name to avoid conflicts with other virtual hosts. The port number default is port 80, which is the default Web server port. Assign another value to use the internal HTTP transport capability of the application server, or to use another port that you might have assigned as the Web server port. For example, create a new virtual host and assign port 9085 to serve application resources over the internal HTTP transport of the application server using port 9085.
Click  to update the plug-in configuration file.
Description
Use this page to configure a name binding of a constant string value, an enterprise bean, a CORBA CosNaming Naming Context or CORBA leaf node object, or an object that can be looked up by using JNDI.
Specifies a name that uniquely identifies this configured binding.
Specifies a name for this binding in the name space. It is a simple or compound name relative to the portion of the name space where this binding is configured.
Specifies the type of binding. Options are String, EJB, CORBA, and Indirect.
Specifies the scope of the configured binding. It is the configuration location for the namebindings.xml file.
Use this page to configure a name binding of an enterprise bean home that has already been configured on a server within the cell.
Specifies the enterprise bean JNDI name (the name in the bean bindings, not the java:comp name).
Specifies the name of the cluster or non-clustered server in which the enterprise bean is configured.
Specifies the location of the enterprise bean.
Use this page to configure a name binding of a CORBA home that has already been configured on a server within the cell.
Specifies a CORBA name URL string that identifies where the object is bound in a CosNaming server.
Specifies that the target is a CosNaming context (if checked) or a leaf node object (if not checked).
Use this page to configure a name binding of an object which can be looked up using JNDI.
Specifies the provider URL string needed to obtain a JNDI initial context.
Specifies the name used to look up the target object from the initial context.
Use this page to configure a name binding of a constant string value.
Specifies the string to be bound into the name space.
Use this wizard to configure a new name space binding.
Use this page to manage nodes in the application server environment. A node corresponds to a physical computer system with a distinct IP host address. The following table lists the managed and unmanaged nodes in this cell. The first node is the deployment manager. Add new nodes to the cell and to this list by clicking .
Use this page to specify arbitrary configuration properties for the node, and a string value for each property.
Specifies a logical name for the  node. The name must be unique within the cell.
Specifies the protocol that the node follows to retrieve information from a network.
Use this page to define nodes in this cell
Use this page to set the discovery protocol for an existing cell. A cell is a configuration concept, a way for an administrator to logically associate nodes according to whatever criteria make sense in the  administrator's organizational environment.
The domain holds a collection of foreign domain objects that can be used to access a different domain.
Specifies arbitrary configuration properties that apply to this cell.
Specifies the name of the existing cell.
Specifies the protocol that the cell follows to retrieve information from a network.
Specifies the name of the end point that contains the discovery address.
Specifies the name of the end point that contains the multicast discovery address.
Use this page to identify a standalone application server process that is running. Start the application server, if necessary, or add the node from the command line by running the addNode command from the bin directory of the stopped application server profile.
Specifies the network name of the node to be added to the cell. This value can be an IP address, a domain name server (DNS) name that resolves to an IP address, or the word, localhost, if the application server is running on the same machine as the deployment manager. The application server process must be running at the IP address identified by the host field.
Specifies the port number of the JMX connector on the application server process to be added to the cell. The default SOAP connector port is 8880.
Specifies the port number of the RMI connector on the instance to be added to the cell. By default, this is port 9809.
Specifies whether to copy the applications installed on the remote instance into the cell. Applications with the same name as applications that currently exist in the cell are not copied.
Specifies whether to copy the service integration bus configuration of the remote node into the cell.  If the cell already contains a bus with the same name as any bus at the remote node, the add node command fails.
Specifies the type of JMX connector used to perform the operation
Specifies the user ID and password for the deployment manager which is required since security is enabled at the deployment manager. Enter a valid user ID and password to enable the remote application server process to communicate with the deployment manager.
Specifies the user ID and password for the application server. If security is enabled at the node you are adding, enter a valid user ID and password to enable the deployment manager to communicate with the remote application server process. If security is not enabled at the application server, no entry is required.
Specifies the password for the deployment manager user ID entered previously.
Specifies the password for the application server user ID entered previously.
Specifies required properties for connecting to the application server being federated.
Specifies whether to use the default ports or to start with a specified port number for the node agent process. Additional node agent ports are numbered sequentially after the starting port number.
Specifies whether to copy standalone applications and buses into the federated node.
Use this page to view or change the configuration for an unmanaged node. An unmanaged node is a node defined in the cell topology that does not have a node agent running to manage the process. Unmanaged nodes are typically used to manage Web servers.
Use this page to view or change the configuration for a managed node. A managed node is a node with an application server and a node agent that belongs to a cell.
Specifies the operating system of the platform that this unmanaged node represents.
Specifies the host name of the node being configured.
Use this page to add either a managed or an unmanaged node.
Specifies the creation of a managed node. A managed node contains an application server process that runs within the deployment manager cell. The managed node is associated with a node agent process that maintains the configuration for the node and controls its operation. Choosing this option results in running the add node utility to federate an existing standalone application server.
Specifies the creation of an unmanaged node. An unmanaged node represents a node in the topology that does not have an application server process or a node agent process. Unmanaged nodes are for other server processes, such as Web servers that exist on their own node in the topology.
Use this page to let  Services run the node agent. The service can start or stop the node agent, as well as provide startup and recovery actions.
Specifies that the node agent is to run as a  service.
Specifies a local operating system user ID and password to run the node agent service. If you do not enter a user ID, the service runs by using the local system account. If you provide a user ID, it must have the 'Log on as a service'  logon correct.
Specifies the password for the local operating system user ID to be used to run the node agent service.
Specifies a confirmation password for the user ID.
Specifies the short name of the cell. This name can contain one to eight characters, which can be alphanumeric or the special characters at-sign (@), number sign (#), or ampersand (&); it cannot start with a numeral.
Specifies the short name of the node. This name can contain one to eight characters, which can be alphanumeric or the special characters at-sign (@), number sign (#), or ampersand (&); it cannot start with a numeral.
Use this page to view read-only installation properties for this node. These properties provide information about the capabilities of the node that are collected during product installation time, such as the operating system name, architecture and version, or  Application Server product levels that are installed on the node.
Specifies a unique name (or key) for the property. Applies to nodes at version 6.1 or later.
Specifies the value that is paired with the property name. Applies to nodes at version 6.1 or later.
Specifies an annotation for the property setting. Applies to nodes at version 6.1 or later.
Specifies a list of name-value pairs (property settings) for the indirect lookup name binding. The property settings are passed to the javax.naming.InitialContext constructor used to obtain the initial JNDI context required for the indirect lookup. The property settings apply to nodes at version 6.1 or later.
Specifies the class name of the initial context factory used to obtain a JNDI initial context. If the field is left blank, the initial context factory com.ibm.websphere.naming.WsnInitialContextFactory is used to obtain the initial JNDI context.
Use this page to manage bindings that resolve to the cell root naming context in a foreign cell. Applications in a local cell can look up objects in a foreign cell through a foreign cell binding.

Use this wizard to configure one or more foreign cell bindings. Configure a foreign cell binding for each cell that is accessed by applications in the local cell.
Specifies the name of the other (foreign) cell. The foreign cell and the local cell must have different names.
Specifies a server or cluster in the foreign cell that is used for bootstrapping. Specify an IP address or DNS host name.
Specifies the bootstrap port number for the deployment manager of the host server or cluster.
Use this page to specify a bootstrap address for a foreign cell.
Use this page to specify the addresses to use to bootstrap to a foreign cell. Multiple bootstrap addresses can leverage the failover support provided by clusters. Multiple bootstrap addresses must resolve to members of the same cluster.
Specifies a host for the bootstrap address. Specify an IP address or DNS host name.
Specifies a port number for the bootstrap address.
Use this page to specify context properties for the indirect lookup name binding.  The properties may be standard JNDI properties or properties specific to the initial context factory being used to obtain the initial JNDI context.  The set of properties should not include a provider URL or initial context factory class name.  The property settings are used only by nodes at version 6.1 or later.
Use this page to edit a context property for the indirect lookup name binding.  The property may be a standard JNDI property or a property specific to the initial context factory being used to obtain the initial JNDI context.  The property should not be a provider URL or an initial context factory class name.
Specifies other context property name.
Specifies other context property value.
Specifies other context property description.

Runtime Messages
WebSphere Runtime Messages
Total All Messages:
new
total
Runtime Events
Message Originator
Message
Timestamp
Clear All
Message type
Message
Node name
Server name
Timestamp
Source object type
Message Originator
Explanation
User action
Thread Id
Type of message
Message text as received from the server runtime
Node which fired the event
Server which fired the event
Time when the event was fired
Type of the source object
Originator of the event
Explanation
Recommendation
Java runtime thread ID where the event was encountered
Runtime Warning
Runtime Error
Runtime Information
Message Details
Runtime Events have been disabled by default ("None"). To enable a event level please select from the list. "Error" would enable only Error runtime events. "Warning" would enable both Error and Warning runtime events. Info would enable all runtime events.
Select event level

Use this page to view runtime events that propagate from the server.

Generic servers
Generic servers
Select a node for generic server
Select a generic server template
Specify generic server specific properties
Confirm new generic server
Stop action is not applicable to {0} generic server since it is version 5 generic server.
Create new generic server
New generic server \"{0}\" will be created on node \"{1}\", in a new server process.

Use this page to create a new generic server or view the status of an existing generic server. A generic server is managed in the  administrative domain even though it is not a server that is supplied by the  Application Server product. The generic server can be any server or process that is necessary to support the Application Server environment, including a  server, a C or C++ server or process, a CORBA server, or a Remote Method Invocation (RMI) server.

Core group service
Thread pool
Description
Allow activation
Is alive timer
seconds
Transport buffer size
megabytes
Core group name
All active policy
No operation policy
Operating system managed policy
Operating system cluster name
Operating system resource group name
Core group bridge
Connected core groups
Core groups
Core group settings
Core group
Policies
Preferred server policies
Static policies
Operating system managed policies
All active policies
No operation policies
Custom properties
Core group servers
Name
Description
Number of coordinators
Multicast settings
Multicast port
Multicast group IP start
Multicast group IP end
Channel chain name
Transport type
Channel framework
Unicast
Multicast
Server
Node
Version
Active members
Show servers
Policies
Policy type
Custom properties
Simple criteria
Compound criteria
Name
Description
Policy type
Policy factory
Is alive timer
seconds
Quorum
Policies
Select ...
Core group server
Core group servers
Generic server
Message server
Web server
Custom
Move...
Custom properties
Node
Name
Preferred IP address
Preferred server policy
Preferred servers
Failback
Preferred servers only
Add >>
Remove <<
Move up ^
Move down v
Preferred servers
Preferred coordinator servers
You must select exactly one item to perform this action.
M of N policy
Number of active members
Custom policy
Handler name
One of N policy
Static policy
Static group servers
Match criteria
Simple criteria
Name
Operator
Value
Description
Move
Move selected servers
From core group
To core group
Only one core group is defined. You must create a new core group before you can move the servers.
The servers were successfully moved to core group {0}.
Failed to move server {0}/{1}. {2}
Failed to move cluster {0}. {1}
One or more servers failed to move.
Core group server {0} on node {1} is not stopped. The server should be stopped before it is moved.
Move active server ...
Move active server
Selected active server to move
Move to server
Select ...
{0} must have an activated status to perform this action.
Only one high availability group member is defined. There must be at least two high availability group members before you can move the active server.
The move active server operation from {0} to {1} has been initiated. It may take several minutes for the operation to finish.
Failed to move the active server from {0} to {1}. Cause: {2}
Failed to move the active server. Cause: {0}
Enable
Disable
Balance
Refresh
High availability groups
Name
High availability group
Quorum
Policy
Status
Enable
Disable
Activate
Deactivate
Refresh
Error
OK
Undefined
Idle
Active
Disabled
Group disabled
Activating
Deactivating
Enabling
Disabling
Not enabled
Enabled: has quorum
Enabled: waiting for quorum
Indeterminate
Quorum forced
Group name properties
Number of matches
Buttons
Show groups
Show servers
Calculate groups
You must select at least one high availability group to perform this action.
You must select at least two high availability groups with an OK status to perform this action.
You must select at least one high availability group member to perform this action.
You cannot select more than one high availability group member to perform this action.
Unable to locate the HAManager mBean for core group {0}. {1}
Unable to get high availability groups that match the group name properties {0}. Cause: {1}
Unable to get servers that match the group name properties {0}. Cause: {1}
Unable to get a count of high availablility groups that match the group name properties {0}. Cause: {1}
Unable to get {0} members. Cause: {1}
The enable operation on {0} has been initiated. It may take several minutes for the enable operation to finish.
The disable operation on {0} has been initiated. It may take several minutes for the disable operation to finish.
The activate operation on {0} has been initiated. It may take several minutes for the activate operation to finish.
The deactivate operation on {0} has been initiated. It may take several minutes for the deactivate operation to finish.
The balance operation has been initiated. It may take several minutes for the balance operation to finish.
Could not enable {0}. Cause: {1}
Could not disable {0}. Cause: {1}
Could not activate {0}. Cause: {1}
Could not deactivate {0}. Cause: {1}
Could not balance the high availability groups. Cause: {0}
{0} must have a disabled status to be enabled.
{0} already has a disabled status.
{0} cannot be individually enabled because it has a group disabled status. A high availability group member with a group disabled status can be enabled by enabling the entire high availability group.
{0} must have an idle status to be activated.
{0} must have an activated status to be deactivated.
{0} must have an OK status to perform this action.
Group name properties {0} does not contain valid name and value pairs.
Unable to perform this action because the operation timed out.
{0} is not a valid core group name. The name can only contain letters, numbers, and certain other characters.
A core group with this name already exists. You must use a unique name.
A policy with this name already exists. You must use a unique name.
A match criteria with this name already exists. You must use a unique name.
Cannot delete all match criteria. There must be at least one match criteria defined for a policy.
The policy must have at least one match criteria defined.
Connected core groups are not available.
Unable to display connected core groups.
A core group cannot be deleted; it must be empty and cannot contain any servers.
Core group {0} is an empty core group; the core group must have at least one core group server to perform this action.
None of the core group servers for core group {0} are running; at least one of the core group servers must be running to perform this action.
A static policy must have at least one static group server defined. Click on the static group servers link to define the static members for this policy.

Use this page to specify core group related settings for the application server.
Specifies the thread pool settings for the core group service.
Specifies an optional description for the core group service.
Specifies whether the core group service, also known as the high availability manager service, is started on this process. This service must be enabled for high availability functions such as routing and failover to work properly. By default, this service is enabled.
Specifies whether high availability group members can be activated on this server.
Specifies how frequently, in seconds, the high availability manager checks the health of the active group members on this server. If a group member has failed, this server is restarted.
Specifies the buffer size for the underlying group communication transport. The minimum value is 10.
Specifies the name of the core group that contains this server as a member.
Use this page to define a core group. A core group is a grouping of  Application Server cell processes. A core group can contain standalone servers, cluster members, node agents, and the deployment manager. A core group must contain at least one node agent or the deployment manager. A core group must be empty before it can be deleted. Connected core groups are core groups that can communicate with each other. Access point groups must be defined to establish communication between core groups.
Specifies a policy that automatically activates all group members.
Specifies a policy in which no group members are automatically activated.
Specifies a policy in which group member activation is controlled by an external operating system plug-in.
Specifies the name of a cluster. The cluster definition is operating system specific.
Specifies the name of a resource group. The resource group definition is operating system specific.
Specifies the core group bridge settings for setting up communication between core groups.
Specifies the other core groups that can communicate with this core group. Access point groups must be defined to set up this communication.
Use this page to specify the settings for a core group.
Use this page to set up a list of the policies associated with a core group. The coordinators use these policies to determine which members of a group to activate or deactivate.
Specifies the policies that the coordinators use to determine which core group servers to activate or deactivate.
Specifies additional custom properties for the core group.
Specifies the servers that belong to the core group.
Specifies the name of the core group. Core group names must be unique within a cell.
Specifies an optional description for the core group.
Specifies the number of active coordinators.
Specifies the port to use for multicast.
Specifies the first IP address in a range of multicast IP addresses.
Specifies the last IP address in a range of multicast IP addresses.
Specifies the transport channel chain to use for the channel framework transport type.
Specifies the communication protocol within a core group.
Specifies that channel framework is used for the communication protocol within a core group.
Specifies that unicast is used for the communication protocol within a core group.
Specifies that multicast is used for the communication protocol within a core group.
Use this page to view the servers that are hosting an active high availability group member.
Use this page to view and manage the policies associated with a core group. Coordinators use these policies to determine on which servers the core group members are activated or deactivated.
Specifies additional custom properties for a policy.
Specifies the name of a policy. The name must be unique within the scope of a core group.
Specifies an optional description for the policy.
Specifies a policy type for the policy.
Specifies the fully qualified name of the  interface that serves as a factory for a specific policy type. When an application joins an application group, the active coordinator uses the factory implementation class for creating the policy object that will remain associated with the application group throughout its lifetime. The policy factory class must exist, and the value of the policy factory is fixed depending on the policy type.
Specifies, in seconds, how frequently the high availability manager checks the health of the active group members governed by this policy. If a group member has failed, the server on which the group member resides is restarted.
Specifies whether or not quorum checking is enabled for a high availability group governed by this policy. Using quorum is an advanced function and should not be enabled without first consulting the product documentation.
Specifies the type of policy that you are creating.
Use this page to view and manage the servers that belong to a core group. A core group server can be an application server, a deployment manager, or a node agent that is a member of a high availability core group.
Use this page to specify the settings for a core group server.
Specifies additional custom properties for the core group server.
Specifies the node that contains the core group server.
Specifies the name of the core group server.
Specifies the preferred IP address for the core group server.
Use this page to define an ordered list of preferred servers for the policy. When activating core group members, the policy gives preference to the servers on this list .  Click  or  to adjust the order of the servers in this list.
Specifies an ordered list of preferred core group servers for a policy.
Specifies whether active group members are moved to the most preferred server at any given time.
Specifies whether group members are activated only on servers from the list of preferred servers.
Use this page to set up a list of core group servers on which the coordinators reside.
Use this page to define an M of N policy. This policy activates the specified number of group members.
Specifies the number of group members to activate at startup.
Use this page to define a policy where activation of group members is determined by the specified handler.
Specifies the handler that provides the custom policy implementation.
Use this page to define a One of N policy. This type of policy keeps one group member active at all times.
Use this page to a define a Static policy. This type of policy activates group members on all of the servers in the list.
Use this page to define a list of servers for the policy. Group members are activated only on servers that are contained on this list.
Specifies a list of core group servers for the policy.
Specifies name and value pairs that determine which high availability groups are governed by this policy.
Use this page to define the match criteria for the policy. Match criteria consist of name-value pairs of data, in which the name is a property key and the value is a string value.
Use this page to specify a name-value pair that is used as part of the match criteria for a policy. The name-value pair must match an attribute that is part of the name of the high availability group associated with the policy.
Specifies the name (or key) for the criterion. This name must match the name of an attribute that is part of the name of a high availability group.

Specifies the value that, when paired with the specified name, matches an attribute that is part of the name of a high availability group.
Specifies an optional description for the criterion. You can use this field to document the high availability group the process is associated with, which is useful information in environments with multiple system administrators.
Use this page to move core group servers from one core group to another. <BR><BR>All members of a cluster must belong to the same core group. If you move one or more members of a cluster, all of the other members of that cluster are preselected for you because all of them must be moved.<BR><BR>You must stop a core group server before you move it.
Specifies the core group servers that are moving from the current core group to the specified core group.
Specifies the current core group.
Specifies the core group to which the core group servers will be moved.
Use this page to deactivate the selected server and to activate another server in its place. The policy for a high availability group defines the number of active servers for a core group.
Specifies a high availability group member that will no longer be active.
Specifies a high availability group member that will become active.
Use this page to view a list of the high availability groups defined for a core group. A high availability group is a grouping defined by a component and consists of core group members. Multiple high availability groups can use the same core group member. A policy determines which members, if any, are activated. The table is limited to 100 entries.
Use this page to view the settings for a high availability group.
Use this page to manage the state of members of a high availability group. The page lists the current members of the high availability group.
Specifies the group name properties that are compared against high availability group names and used to identify which high availability groups are of interest. Group name properties consist of comma delimited name and value pairs.
Specifies the number of high availability groups that are returned based on the group name properties.
Button descriptions.

Critical
Error
Warning
Information
Debug
Common
Combined
HTTP error and NCSA access logging
Error log
NCSA Access log
Enable error logging
Error log file path
Error log maximum size
MB
Error log level
Enable access logging
Access log file path
Access log maximum size
MB
NCSA access log format

Specifies the location and name of the file to use when logging the client access information.

Specifies the NCSA format that is used when logging client access information.

Specifies the maximum allowed size of the log file, in megabytes (MB).
Use this page to configure HTTP error and NCSA format access logs.
Specifies whether logging of the inbound client requests occurs. If this function is enabled, the messages are in NCSA format.
Specifies whether logging of various error and debug information occurs.
Specifies the location and name of the file to use when logging the error messages.
Specifies the level of verbosity used while logging messages.
Specifies the maximum allowed size of the log file, in megabytes (MB).

Stateful session bean failover settings
Enable stateful session bean failover using memory to memory replication
Replication settings:
Use replication settings from EJB container
Use application replication settings
Use application or EJB container replication settings
Use EJB module replication settings
This application is installed on one or more application servers that have a version earlier than version 6. Stateful session bean failover is supported on V6 and is ignored on previous versions.

Each EJB container provides a method for stateful session beans to fail over to other servers. This section enables you to specify whether failover occurs for the stateful session beans in this application. You can also override the default replication settings that are configured for the EJB container on the server with values that are specific to this application.
Specifies whether the EJB container attempts failover for the stateful session beans in this application.
Specifies which replication settings to use for this application.
Each EJB container provides a method for stateful session beans to fail over to other servers. This section enables you to specify whether failover occurs for the stateful session beans in this EJB module. You can also override the default replication settings that are configured for this application or the EJB container on the server with values that are specific to this EJB module.
Specifies whether the EJB container attempts failover for the stateful session beans in this EJB module.
Specifies which replication settings to use for this EJB module.

Performance Viewer
Current Activity
View Logs
Logging
Tivoli
Tivoli Performance Viewer Header
Servlet Name
Total Requests
Average Response Time
Total Requests Average Response Time
Time
The server name {0} is not valid.
The node name {0} is not valid.
You must use a browser that supports frames.
Unavailable, nodeagent stopped
Unavailable, PMI not enabled
Unavailable, server stopped
Available
Monitored
Unknown
Performance Data Collection Not Supported
Server
Node
Type
Version
Collection Status
Back to Server List
Start Monitoring
Stop Monitoring
An error occurred while starting monitoring for server {0} on node {1}.
An error occurred while stopping monitoring for server {0} on node {1}.
Select one or more servers you wish to stop monitoring.
Select one or more servers you wish to start monitoring.
Monitoring has started for server {0} on node {1}.
Monitoring has stopped for server {0} on node {1}.
Server {0} cannot be monitored because the nodeagent for node {1} is stopped.
Server {0} on node {1} cannot be monitored because it is stopped.
Server {0} on node {1} cannot be monitored because the Performance Monitoring Service (PMI) is not enabled.
Server {0} on node {1} appears to be active.  TPV may have stopped monitoring after a long period of inactivity.  Restart monitoring for this server.
An error occurred while trying to read the log file {0}, try loading the log file again.
Cannot stop monitoring for server {0} on node {1} because it is not being monitored.
Monitoring has already been started for server {0} on node {1}.
Monitoring has already been stopped for server {0} on node {1}.
The Performance Monitoring MBean is not currently active on the server.  The server may not be running or the Performance Monitoring Infrastructure (PMI) may be disabled.
The Tivoli Performance Viewer MBean is not currently active on the node.  The nodeagent may not be running.
A problem occurred gathering performance data from this server. Check the following:The server you are trying to monitor may be down.Performance data collection (PMI) may be disabled for the server.In an ND environment, the nodeagent must be running for the server you selected.
Try Again
A problem occurred gathering performance data from the server. Make sure the statistics you are viewing are enabled.  You may need to refresh the tree to update the list of currently enabled performance modules.
An error occurred trying to contact the server that you selected.
Error Viewing Server
Performance monitoring is set to None for this server.  You must enable performance monitoring for one or more statistics to view performance data for this server.
Name
Application
Method Calls
Avg Resp Time
Total Time
Total Time
Total Requests
Time
Active Threads
Pool Size
{0} Pool Size
{0} Pool In Use
Throughput
Selected Statistics
Statistics
Time
Values
Refresh
Rewind
Fast Forward
Jump Forward
Play
Stop
Stopped
Playing
Fast Forwarding
End of file has been reached
If you see more or fewer available statistics than expected, check that your PMI level settings are set appropriately.
Reset To Zero
Undo Reset To Zero
Clear Buffer
EJBs Summary Report
EJB Methods Summary Report
Servlets Summary Report
Thread Pool Summary Report
Connection Pool Summary Report
View Graph
View Table
Marker
Show Legend
Hide Legend
An error occurred trying to view the statistics that you had selected.
Error Viewing Statistics
An error occurred clearing the buffer.
An error occurred resetting the buffer.
An SVG Viewer is not installed. Installing the Adobe SVG plug-in is recommended, which provides interactive charting and a performance benefit. Click OK to download the SVG viewer, or click Cancel to show charts in JPEG format.
Statistic Name:
Statistic Description:
Value:
Scaled Value:
Time:
Maximum:
Minimum:
Average:
Current:
View Details
Statistic Details
Time Statistic Details
The details on the point you selected and the statistics that it is an instance of.
Statistic Data Point Details
Deselect
Select
Name
Value
ID
Scale
Scaled Value
Start Logging
Stop Logging
Start/Stop Logging
An error occurred during the attempt to stop logging.
An error occurred during the attempt to start logging.
OK
Cancel
Confirm Stop Logging
User {0} started logging for this server.  By selecting OK, you will be stopping the logging that was started by that user.  Only select OK if you are sure you want logging for this server to stop.
Confirm that you would like to stop logging that was started by another user.
Logging has started for server {0} on node {1}.
Logging has stopped for server {0} on node {1}.
Server Summary
Performance Modules
Advisor
Settings
User
Log
Summary Reports
Servlets
EJBs
EJB Methods
Connection Pool
Thread Pool
View Module(s)
Refresh
A problem occurred building the tree, select refresh to try again.
Logging: On
Logging: Off
Refresh rate:
Buffer size:
View Data As:
User Settings
Data Collection
Refresh Rate
seconds
Performance Monitoring Infrastructure settings
Buffer Size
View Data As
Raw
Change In Value
Rate Of Change
The settings were applied successfully.
An error occurred applying the settings.
Invalid Log Duration
Invalid Max File Size
Invalid Max Number of Files
Apply
Cancel
Tivoli Performance Viewer
A problem occurred attempting to monitor this server.
Performance Modules
Statistic Data
Server Summary
Server Performance Data
Refresh All Advice
Remove Selected Advice
Tivoli Performance Advisor
Title
Title of the advice
Tivoli Performance Advisor
Pool Usage
CPU Usage
Chart generated
Container
Req / sec
Resp time (ms)
Web
EJB
Web Container Thread Pool
ORB Thread Pool
Resource
#
Idle
Busy
Total
Message
Severity
Description
User Action
Detail
Status
Unread
Read
Advice Details
Logging Settings
Logging Output
Duration
minutes
Maximum File Size
MB
Maximum Number of Historical Files
File Name
Enter the name of the logfile where the data will be stored. A timestamp will be added to this name.
Unable to create the specified file {0}
Log Output Format
Apply
Cancel
XML
Binary
An error occurred applying the settings. See the server logs for details.
The logging settings were successfully applied.
View Logged Data
Server File
Specify Path
View the currently active log file created on {0}:{1} :
View Log
Explicit Path to Log File
Browse...
Enter the name of a log file to view.
The file {0} was not found.
There were security problems while uploading this file.
There was a problem uploading the given file, ensure the file is a valid log and that enough space exists on the disk that WebSphere is installed on.
A problem occurred while viewing the selected log file; load this file again.
The log file you are attempting to view is corrupt and cannot be displayed.
Failed to view the log file specified.
Log File
User {0} already started logging for this server.  You may however, choose to stop the logging.
Data points
Next summary report
Initial summary report






Specifies data collection settings for this server.




Specifies the server to monitor with Tivoli Performance Viewer. Select the check box for the servers that you want to monitor, and click Start Monitoring. Click the name of the server to display the activity page.
Use this page to view logged data from Tivoli Performance Viewer.
Select views for this server.
Specifies statistical data for the selected performance modules.
Specifies summary data for this server.
Use this page to view and refresh performance data for the selected server, change user and log settings, and view summary reports and information on specific performance modules.



Describes the advice.









View performance data from a log file that is previously recorded, select server file, specify the path name, and click View log to display the stored data.

Performance Monitoring Infrastructure (PMI)
Currently monitored statistic set
Enable Performance Monitoring Infrastructure (PMI)
Basic
Custom
Extended
All
None
Persist my changes
Unable to access PMI configuration data
Unable to access PMI run-time data
Use sequential counter updates
Counter
Type
Status
Enabled
Disabled
Enabled with synchronization
Enable
Enable with synchronization
Disable
The status of the following counters is already {0}: {1}.
You must select at least one counter to perform this action.
Custom monitoring level

Specifies the statistic set that is currently monitored, and defines which counters are enabled, monitored, and disabled.







Description

Performance and Diagnostic Alerts
Performance and Diagnostic Advisor Configuration
Performance and Diagnostic Advisor Configuration
Performance and Diagnostic Advice configuration
Testing new Advice configuration using custom jsp
Advice Parameters
The Runtime Performance Advisor MBean has not started and there are no runtime settings available.  This is either because the server is not started, or has just been started and the MBean has not fully initialized.
The Advisor was disabled.  For best performance, disable any PMI datapoints no longer required.
The Rule could not be stopped or started because it is not applicable to the current WebSphere configuration.
Enable Performance Monitoring Infrastructure (PMI), and then restart the Application Server {0} if you wish to use Runtime Performance Advisor.
Enable Performance Monitoring Infrastructure (PMI), and then restart the NodeAgent on Node {0} if you wish to use Runtime Performance Advisor.
Enable Performance Monitoring Infrastructure (PMI) and restart both the Application Server {0} and well as the Node Agent on Node {1}.
Advice name
Advice status
Advice applied to component
Performance impact
Advice type
Enable
Performance and Diagnostic Advisor Configuration
Enable Performance and Diagnostic Advisor
Advanced Properties
Disable Advice
Enable Advice
Enable
Disable
none
alerts
all
10 seconds
1 minute
30 minutes
1 hour
8 hours
1
3
0
logLevel, this should not be here.
Enable Performance and Diagnostic Advisor Framework (Runtime Performance Advisor)
Enable automatic heap dump collection
WebSphere admin response enabled
WebSphere admin response level
Debug file response enabled
Debug file response level
MBean notification response enabled
MBean notification response level
Maximum warning sequence
Interval
1
2
3
4
5
6
7
8
9
10
15
20
25
30
50
75
100
true
false
Unknown advice does not apply.
{0} has already been started.
{0} has already been stopped.
Session size advice
Session read/write time advice
Session cache advice
No room for new session advice
Servlet engine unbounded pool advice
Unbounded ORB pool advice
ORB pool advice
Advice does not apply in this environment.
Advice applicable. Enable
Advice applicable. Disable
Advisor warnings
No pmi service attribute.
Minimum CPU For Working System
30%
50%
70%
90%
Session read/write Time advice. Minimum CPU for working system.
Session read/write Size.  Minimum CPU for working system
No Room For New Session advice.  Minimum CPU for working system.
Data Source Pool Minimum and Maximum. Minimum CPU for working system.
ORB pool advice. Minimum CPU for working system.
Servlet engine pool advice. Minimum CPU for working system.
Live session advice. Minimum CPU for working system.
Refresh Iteration
never
every time
every 3rd iteration
every 10th iteration
Session read/write time advice. Refresh iteration
Session Read/Write Size advice. Refresh iteration
No Room For New Session advice. Refresh iteration
Data Source prepared statement discard advice. Refresh iteration
Data Source Pool Minimum and Maximum advice Refresh iteration
Live Session advice Refresh iteration
Calculation Interval
10 seconds
30 seconds
1 minute
2 minutes
3 minutes
4 minutes
5 minutes
10 minutes
30 minutes
1 hour
8 hours
1 day
Live Session advice.  Calculation Interval.
Servlet Engine Unbounded Pool advice.  Calculation Interval.
ORB Unbounded Pool advice.  Calculation Interval.
Servlet Engine Pool advice.  Calculation Interval.
ORB Pool advice.  Calculation Interval.
Minimum Pool Utilization
pool should be fully used
95%
90%
85%
80%
70%
60%
50%
40%
30%
20%
10%
10%
Minimum Pool Utilization
ORB Pool Advice.  Minimum Percent of Pool Used.
Servlet Engine Pool advice.  Minimum Percent of Pool Used.
Percentage Decrease
100%
90%
80%
70%
60%
50%
ORB Pool advice. Suggested decrease of unused threads
Servlet Engine Pool advice.  Suggested decrease of unused threads
Percentage Increase
10%
15%
20%
25%
Percentage Increase for Pool
ORB Pool advice.  Increase Pool Size Percentage
Servlet Engine Pool advice.  Increase Pool Size Percentage
CPU Saturated
if CPU > 75%
if CPU > 80%
if CPU > 85%
if CPU > 90%
if CPU > 95%
Data Source Pool Minimum and Maximum advice CPU Saturated Percentage
ORB Pool advice. CPU Saturated Percentage
Servlet Engine Pool advice. CPU Saturated Percentage
Maximum Pool Utilization
80%
85%
90%
95%
97.5%
100%
Maximum Pool Utilization
ORB Pool advice. High Usage Threshold
Servlet Engine Pool advice. High Usage Threshold
Number of processors
1
2
4
8
12
24
Number of CPUs for servlet engine unbounded pool advice
Number of CPUs for unbounded ORB pool advice
Standard Deviation
1
2
4
6
8
9
10
15
20
25
30
Servlet Engine Pool advice.  The standard deviation allowed for threads in the Web Container thread pool
Orb Pool advice. The standard deviation allowed for threads in the Orb thread pool
Maximum number of threads per processor.
10
20
40
50
80
120
160
200
240
260
300
320
340
Unbounded ORB Pool advice. Too many Threads per CPU
Unbounded servlet engine pool advice too many threads per CPU
Enable
Session read/write time advice
Session size advice
Session cache advice
Prepared statement cache advice
Data source connection pool advice
Unbounded growth of ORB threads advice
Unbounded growth of web container threads advice
ORB thread pool advice
Web container thread pool advice
No room for new session advice
Maximum Session Read Size
Maximum Session Write Size
100 bytes
500 bytes
1 K
5 K
8 K
10 K
16 K
20 K
32 K
40 K
48 K
60 K
64 K
100 K
120 K
128 K
Maximum Discard Rate
any discards
1 every 40 seconds
1 every 20 seconds
1 every 10 seconds
1 every 5 seconds
1 every second
2 every second
5 every second
10 every second
Maximum Session Read Time
Maximum Session Write Time
1 millisecond
5 milliseconds
10 milliseconds
50 milliseconds
100 milliseconds
500 milliseconds
1 second
5 seconds
10 seconds
Memory Leak Rule
Memory Leak Rule Enablement
Memory Leak Rule does not apply
The minimun required free memory in the JVM heap
At least 3 percent of the pool is consistantly free
At least 5 percent of the pool is consistantly free
At least 7 percent of the pool is consistantly free
At least 10 percent of the pool is consistantly free
At least 15 percent of the pool is consistantly free
At least 20 percent of the pool is consistantly free
Minimum required percentage of the heap that is free.
Minimum duration in between interations of the rule
Minimum duration in between interations of the rule
Summary Mechanism
Mean
Maximum
Minimum
Summary mechanism
Number of summaries
3 times
4 times
5 times
10 times
Number of summaries
Historical Mode
Number of raw data points
3 times
4 times
5 times
10 times
Number of raw data points
Anaylze expanding heap
Analyze expanding heap
Keep time statistics
Keep time statistics
Number of decreasing exceptions
3 times
4 times
5 times
10 times
Number of decreasing exceptions
Expanding heap percentage of maxHeap before analysis.
Expanding heap free memory threshold.
Enable debug file
Enable debug file
Heap Dump Status
Heap Dump file names
The number of HeapDumps
1 HeapDump
2 HeapDumps
3 HeapDumps
6 HeapDumps
8 HeapDumps
10 HeapDumps
12 HeapDumps
14 HeapDumps
16 HeapDumps
18 HeapDumps
20 HeapDumps
Maximum HeapDumps on disk
HeapDump policy
Time based policy
Memory based policy
Notification based policy
Heap Dumps are currently not supported for this vendor.
Unknown rule name - could not translate
Session Cache Size with Overflow Disabled
Live Session
Persisted Session Size
Persisted Session Time
Unbounded Pool
Connection Pool Size
Prepared Statement Cache Size
Session Cache Size with Overflow Enabled
Thread Pool
Unbounded Web Container Thread Pool
Bounded Web Container Thread Pool
Unbounded ORB Service Thread Pool
Bounded ORB Service Thread Pool
Jvm Heap Size
Web Container Dynamic Caching
Session Size Without Persistence
Jvm Heap Configuration
Web Container Pool Configuration
ORB Pool Configuration
Connection Pool Configuration
Web Container Dynamic Caching Configuration
Unknown component name - could not translate
Web Container
Web Container Session Manager
Web Container Dynamic Caching
Orb Service
Data Source
Jvm
Testing if average > initial maximum
Testing if current size > (numProcessors * {0})
Analyzing read size
Analyzing write size
Analyzing read time
Analyzing write time
Unknown Operation
Save current advisor settings
Reset Performance and Diagnostic Advisor
Take Multiple HeapDumps
Enable Performance and Diagnostic Advisor Framework
Don't show this enable RPA confirmation in the future
You must select at least one advice name to perform this action.
Execute
Don't execute
Automated generation of Heap Dump files is enabled
Automated Heap Dumps have been disabled according to policy.  This could be because the on disk limit was reached or the desired number of Heap Dumps have already been automatically generated.
Automated generation of Heap Dump files is disabled
The following Heap Dump was generated: {0}
There is currently an automated Heap Dump collection in progress.  {0} more dump(s) will attempted.
There is currently no automated Heap Dump collection in progress.
The next Heap Dump will be taken when the next new notification of suspicous memory activity is received.
The next Heap Dump will attempted to be taken when estimated free memory is less than {0} K.
No suspicous memory activity has been reported and no Heap Dumps have been automatically generated.
The following Heap Dump was manually requested: {0}
##Enable Immediate Advice Framework
Problem Determination. Too Many Connections Diagnosis
Problem Determination.  Out Of Memory Diagnosis
Diagnostic
Performance
Low
Medium
High
Very High
J2C Connection Manager
Connection Error Alert
Connection Low Percent Efficiency Alert
Pool Low Percent Efficiency Alert
Surge Mode Alert
Hung Connection Block Entered/Exited Alert
Pretest Connection block mode entered/exited Diagnostic Alert
connectionWaitTimeout Exceeded Alert
claimVictim Alert
High Pool Load Alert
LTC Nesting Threshold Exceeded Alert
Thread Max Connections exceeded Diagnostic Alert
Serial Reuse Violation Diagnostic Alert
Diagnosing out-of-memory errors and Java heap memory leaks

The Performance and Diagnostic Advisor analyzes PMI data and receives notifications regarding performance and diagnostic information from components. Use this page to specify settings for the  Performance and Diagnostic Advisor. Performance issues can be related to memory leaks in the system. Use the Memory Dump Diagnostic for Java tool, a separate memory leak analysis utility, for detecting memory leaks.
Select the advice that you want to enable or disable.
Configure advice parameters.
Specifies the configuration for the Performance and Diagnostic Advisor framework, comprised of periodic and immediate alerts.  Periodic alerts are generated based upon historical analysis of PMI data. Immediate alerts are initiated by WebSphere Application Server components.
Specifies the configuration for the Performance and Diagnostic Advisor framework.
Specifies whether the Performance and Diagnostic Advisor analyzes system data and component initiated alerts.





















































































Request Metrics
Request Metrics
Filters
Prepare Servers for Request metrics collection
Enable
Application Response Measurement(ARM) agent
Enable
Trace level
None
Hops
Performance_debug
Debug
Request Metrics Filter
Filter Values
Type
Enable
URI
EJB
SOURCE_IP
WEB_SERVICES
JMS
EXTENDED
PMIRM Filter Value
Value
Enable filter
Enable
ARM40
EWLM_ARM
Tivoli_ARM
Standard Logs
Enable
Agent Type
Enable
ARM agent
Enable
ARM transaction factory implementation class name
Enable
Components to be instrumented
Enable
All
Web Services
Enterprise Java Bean
Servlet
JDBC
JMS(JetStream and MQ JMS)
AsynchBeans
Request Metrics Destination
PmiRm Filter Summary
ARM Agent Logging
Value entered does not confirm to any of the IP address formats
Select where you want RM output to go to
All
None
Custom

Request metrics tracks each individual transaction in WebSphere Application Server, recording the response time of the major components such as time in the Web server or in the Enterprise JavaBeans (EJB) container. Use this page to enable request metrics, select the components that are instrumented by request metrics, set trace levels, enable standard logs, enable Application Response Measurement (ARM), specify the type of ARM agent, and specify the ARM transaction factory implementation class name.
Select to view and adjust request metrics filter options.
Select to enable, disable, or customize the request metrics feature.
Enables request metrics to call an underlying ARM agent. To use this feature, ensure that the native libraries of the ARM implementation are present in the <app_server_root>/bin directory, and the ARM API Java archive file is present in the <app_server_root>/lib directory.
Specifies how much trace data to accumulate for a given transaction. Hops generates instrumentation information on process boundaries only. The Performance_debug trace level generates one additional level of instrumentation data, whereas Debug generates detailed instrumentation data.
When filtering is enabled, only requests matching the specified filter generate request metrics data.  Filters exist for source IP address, URI name, EJB method name, JMS parameters, and the Web services parameters.
Specifies a source IP, URI, Web services, JMS, or EJB value based on the type of filter. For example, for URI filters, the value might be .
Specifies the type of request metrics filter.
Select to enable the filter.
Specifies the value of request metrics filter and enablement for the filter type.
Specifies a source IP, URI, Web services, JMS, or EJB value based on the type of filter. For example, for URI filters, the value might be .
Specifies whether this filter is enabled.
Select to generate request metrics correlator logs in the SystemOut.log file for the containers, and the http_plugin.log file for the Web server.
Specifies the type of ARM agent you want to use. If you select the ARM agent option, you must also select a specific ARM agent.
Selecting ARM agent results in calls being made to the currently active ARM agent. To use this feature, ensure that the ARM implementation native libraries are present in <app_server_root>/bin, and the ARM API jar is present in <app_server_root>/lib for each ARM instrumented server.
Specifies the ARM transaction factory implementation class name that is present in the package supplied by your provider. This field is required only in case of an ARM 4.0 agent.
Selects the components that are instrumented by request metrics.
Displays summaries of the enabled filters.

View Portlet Deployment Descriptor
Portlet Deployment Descriptor
Expand and collapse the portlet deployment descriptor data to view.

View the Portlet Deployment Descriptor

Problem Determination
Configuration Validation
Configuration Problems
Logging and Tracing Tasks
Problem Determination
Logging and Tracing
Troubleshooting
Logs and Trace
Configuration Problems
Problem Determination
Server
Node
Type
Status
Diagnostic Trace
JVM Logs
Process Logs
IBM Service Logs
View and modify the properties of the diagnostic trace service.
View and modify the settings for the Java Virtual Machine (JVM) System.out and System.err logs.
View or modify settings for specifying the files to which standard out and standard error streams write.
Configure the IBM service log, also known as the activity log.
General Properties
Logs
Change Log Detail Levels
Display defined logs for the server
View/Change log detail levels
System.out
File Name:
File Formatting
Maximum File Size
MB
Maximum Number of Historical Log Files. Number in range 1 through 50.
System.err
JVM Logs
JVM Logs
Basic (Compatible)
Advanced
Incorrect range. Expected value should look like 250-600.
Add>
View
Refresh
Dump
IBM Service Logs
Process Logs
IBM Service Log
General Properties
Enable service log
WebSphere Configuration Problems
Total Workspace Files
Message Filtering
Log all messages
Log service, warning, error
Log warning, error
Log error
Enable Correlation ID
Process logs
Stdout File Name
Stderr File Name
Maximum Rows
Total Configuration Problems
Filter History
Retain Filter Criteria
Enable Log
Enable Log
Change Log Detail Levels
Logging Specification
off
fatal
severe
warning
audit
info
config
detail
fine
finer
finest
all
Enable Trace
Trace Specification
Trace Output
Trace Output Format
Log Analyzer
Trace Service
Memory Buffer
Dump File Name
The Dump Operation is not valid if output type is not Memory
A filename must be specified for the Dump Operation
Maximum Buffer Size
File Name
File
Maximum File Size
Maximum Number of Historical Files
Diagnostic Trace
All
Debug only
Event only
Entry/Exit only
Debug+Event
Debug+Entry/Exit
Event+Entry/Exit
Components
Level
Specification
thousand entries
Total lines
Log File
Retrieve Lines (eg. 250-600)
Save Trace
Save runtime changes to configuration as well
Enable trace with the following specification
Configuration Problems
Scope
Message
Target Object
Severity
Local URI
Full URI
Validator classname
Configuration Document Validation
Maximum: Validate all documents
High: Validate extracted, parent, and local sibling documents
Medium: Validate extracted and parent documents
Low: Validate extracted documents
None: Do not validate documents
Enable Cross Validation
Cross Validation
Validation Policy
Configuration Information
Configuration Error
Configuration Warning
Log File Rotation
File Size
Maximum Size
MB
Time
Start Time
Repeat Time
hours
Show application print statements
Format print statements
System.out Log Repeat Time
System.err Log Repeat Time
System.out Log Start Time
System.err Log Start Time
System.err Maximum Historical Files
System.out Maximum Historical Files
Installed Application Output
Groups
Components
Modify the trace specification by clicking on the items in the tree.  When finished, click the apply button to save your changes back to the Trace Service page.
Apply
Close
All Components
All Groups
IMPORTANT: To view log events that are below the Detail Level, you must enable the Diagnostic Trace Service.  Log events that are at Detail Level or above can be viewed in the SystemOut log, IBM Service Log (when enabled), or the Diagnostic Trace Service (when enabled).
Trace specification should not be empty and must match registered WebSphere components.
Empty string is not part of logging string grammar
Empty string encountered - remove extra colon
No level=state value pair(s) found at ''{0}''
No component name found at ''{0}''
Missing level=state value pair at ''{0}''
Invalid level=state value pair - ''{0}'' at ''{1}''
Missing state value at ''{0}''
Missing level value at ''{0}''
Invalid level name - ''{0}'' at ''{1}''
Invalid state value - ''{0}'' at ''{1}''
No Logging
Messages Only
All Messages and Traces
Message and Trace Levels
Message Levels
Trace Levels
This file is empty:  {0}
Error while parsing file path.

Use this page to specify how the server handles log records. You can select an application server to enable or disable a system log for that server, specify where log data is stored, and choose a format for log content. You can also specify a log detail level for components and groups of components.
Use this page to select a system log to configure, or to specify a log detail level for components and groups of components. Use log levels to control which events are processed by Java logging.
Specifies the System.out file description.
Specifies the name of the System.out file.
Specifies the format to use to save the System.out file.
Specifies the maximum file size for the System.out file, in megabytes.  The default size is 1 megabyte.
Specifies the number of rotated System.out log files to keep.
Specifies the name of the System.err file.
Specifies the maximum file size for the System.err file, in megabytes.  The default size is 1 megabyte.
Specifies the number of rotated System.err log files to keep.
Use this page to view and modify the settings for the Java virtual machine (JVM) System.out and System.err logs for a managed process. The JVM logs are created by redirecting the System.out and System.err streams of the JVM to independent log files. The System.out log is used to monitor the health of the running application server. The System.err log contains exception stack trace information that is used to perform problem analysis. One set of JVM logs exists for each application server and all of its applications. JVM logs are also created for the deployment manager and each node manager. Changes on the Configuration panel apply when the server is restarted.  Changes on the Runtime panel apply immediately.
Use this page to configure the IBM service log, also known as the activity log. The IBM service log contains both the application server messages that are written to the System.out stream and special messages that contain extended service information that you can  use to analyze problems. One service log exists for all  Java virtual machines (JVMs) on a node, including all application servers and their node agent, if present. A separate activity log is created for a deployment manager in its own logs directory. The IBM Service log is maintained in a binary format. Use the Log Analyzer or Showlog tool to view the IBM service log.
Use this page to view or modify settings to specify the files to which standard out and standard error streams write. The process logs are created by redirecting the standard out and standard error streams of a process to independent log files. Native code writes to the process logs. These logs can also contain information that relates to problems in native code or diagnostic information written by the JVM. One set of process logs is created for each application server and all of its applications. Process logs are also created for the deployment manager and each node manager. Changes on the Configuration panel apply when the server is restarted. Changes on the Runtime panel apply immediately.
Specifies the name of the service or activity log for the application server.
Select this box to create the IBM Service log file to store diagnostic data.
Specifies the file name of the application client module, relative to the top level of the EAR file.
Specifies the maximum size of the service log file in megabytes. The default size is 2 megabytes.
Specifies the classes of messages that are stored in the service log.
Select this box to create a correlation ID.
Use this field on the Configuration tab to specify the name to use for the stdout file. On the Runtime tab, click View to view the stdout file.
Use this field on the Configuration tab to specify the name to use for the stderr file. On the Runtime tab, click View to view the stderr file.



Use log levels to control which events are processed by Java logging. Click Components to specify a log detail level for individual components, or click Groups to specify a log detail level for a predefined group of components. Click a component or group name to select a log detail level. Log detail levels are cumulative; a level near the top of the list includes all the subsequent levels.
Select this box to enable this log.
Use these options to specify logging level details.
View problems that exist in the present configuration.
Select this box to enable the selected trace service.
Use these options to specify tracing details.
Use these options to specify the type of output for the trace to generate.
Use this field to specify the format of the trace output.
Use this page to view and modify the properties of the diagnostic trace service. Diagnostic trace provides detailed information about how the application server components run within this managed process. Changes on the Configuration panel apply when the server is restarted. Changes on the Runtime panel apply immediately.
Display the contents of the given file.
Enable this option to save the current runtime trace specification to the system configuration.






Use these fields to specify the level of validation to perform on configuration documents.

Specifies the policy to use in rotating System.out log files.
Specifies the policy to use in rotating System.err log files.
Specifies whether System.out print statement output is logged and formatted.
Specifies whether System.err print statement output is logged and formatted.

Proxy Servers
On Demand Routers
Name
Short Name
Unique Id
Mode
Run in development mode
Parallel start
Node
There are no nodes that support Proxy Servers in the configuration.  Use the addNode command from the Nodes collection  or from the command line before attempting to create a new Proxy Server. NOTE: The Proxy server is supported only on WebSphere Application Server 6.0.2 ND nodes or higher. WebSphere Application Server 6.0.2 ND nodes must be manually augmented with the Proxy Server for WebSphere install. No manual augmentation is required for WebSphere Application Server 6.1.0 ND nodes or higher.
There are no nodes that support On-Demand Routers in the configuration.  Use the addNode command from the Nodes collection  or from the command line before attempting to create a new On-Demand Router. NOTE: The On-Demand router is supported only on WebSphere XD nodes.
Proxy Servers
Proxy Clusters
On Demand Routers
Proxy Server Properties
You must select at least one proxy server to perform this action
Proxy server
On-Demand router
Proxy servers
Proxy cluster
Proxy clusters
On Demand Router
On Demand router
On Demand routers
On Demand Router cluster
On Demand Router clusters
Proxy clusters
Create a new Proxy server entry
Create a new On-Demand router entry
Select a node
Select a node that corresponds to the Proxy server you want to add.
Select a node that corresponds to the On-Demand router you want to add.
Select node
The node on which the Proxy server will be started.
The node on which the On-Demand router will be started.
Server Name
Using an existing on-demand router as a template will basically copy the configuration for the selected server.
The name specified is invalid, cannot contain special characters.
Specify a name. An empty name is invalid.
The Proxy server is configured to listen on port "{0}" for HTTP requests and port "{1}" for HTTPS requests.
The Proxy server is configured by default to proxy web requests to the applications deployed on Application Servers in the local cell "{0}".  
The On-Demand router is configured to listen on port "{0}" for HTTP requests and port "{1}" for HTTPS requests.
The router is configured by default to proxy web requests to the web applications deployed on the Application Server in the local cell "{0}".  
Select a server template
Select the template that best specifies the attributes of the server you wish to create.
Name
Type
Describe the purpose of this template
Specify server specific properties
Generate Unique Ports.
Generate unique ports
Protocol
Supported protocols
HTTP
SIP
No proxy protocol is selected.
Confirm new server.
The following is a summary of your selections. Click the Finish button to complete the Proxy server creation. If there are settings you wish to change, click on the Previous button to review the server settings.
The following is a summary of your selections. Click the Finish button to complete the On-Demand router creation. If there are settings you wish to change, click on the Previous button to review the server settings.
Summary of actions
New Proxy server "{0}" will be created on node "{1}", in a new server process.
New On-Demand router \"{0}\" will be created on node \"{1}\", in a new server process.
Summary of actions
Summary of actions to be performed based on the input provided
New server "{0}" will be created on node "{1}", in a new server process.
Information
(none)
Select
You may either select an existing On-Demand router as a template for the new one, or use the default On-Demand router template.
Default On-Demand router template
Existing On-Demand router
Using an existing on-demand router as a template will basically copy the configuration for the selected server.
Create a new \"{0}\" entry
Enter Basic Cluster Information
Cluster name
Configuration template for \"{0}\"
Do not include an existing server
Select an existing server to add
Choose a server from the list
Create new clustered servers
Name
Select Node
Generate unique HTTP ports
Select Template
Existing \"{0}\"
Choose a \"{0}\" from this list
Summary \"{0}\"
Confirm
WebSphereContentServerGroup
Peer access point name
Generic Server Clusters
Generic Server Cluster Members
Name
Protocol
Static cache rules
URI Groups
Disable Caching for this URI group.
Default expiration
Last Modified Factor
Remote Ports
Host name or IP address
Port
Protocol
Routing rule
Routing action
Local routing actions
Proxy route actions
Fail route actions
Redirect route actions
Time
URI group
Name
Name of the Virtual Host
Enable this rule
Rewriting rule
Name
URI matching pattern
URI transformation pattern
Rewrite target
Request URL
Response body
Location header
Rewriting rules
From URL pattern
To URL pattern
Header management rule

Name
Header name
Header value
Header operation
Message type
Request
Response
Both
Add
Delete
Update
Proxy Server Properties
On Demand Router Properties
Create a new generic server cluster
Select a name
Select a name for the generic server cluster
Server Name
Add cluster members
Add a cluster member into this cluster
Cluster Name
Host or IP address
Port
Protocol
Confirm new cluster
The cluster \"{0}\" will be created
Create new routing rule
Specify routing criteria and action
Specify routing criteria and action
Routing rule criteria
Virtual Host alias  
URI Group
Enable routing rule by default
Routing Action
Option 1    
Route request to a configured WebSphere cell
WebSphere Cell
Option 2    
Route request to a configured generic server cluster
Generic Cluster
Option 3    
Redirect the client to reissue the request
Redirect URL
Option 4    
Fail the request with a error response
HTTP Error status code
Confirm routing rule
A new routing rule will be created
Proxy Override:
No Overrides
Overrides specific to this cluster
ContentServerGroup
Properties
Exclude list
Caching
SSL Caching
Update URI
Cache Instance Name
Outbound SSL Alias
Connection Pooling
Maximum Connections Per Server
errorPageURL
(none)
Centrally managed
Specific to this endpoint
Select SSL Configuration
Time
Start time
End time
URI Groups
Name
URI pattern
Proxy settings
On Demand Router settings
Resource groups
Generic content server groups
WebSphere content server groups
Plugin Configuration Policy
Header management policy
Properties
Routing policy
Rewriting policy
Static cache policy
URI Groups
HTTP methods disabled
Method name
URI excluded
Enable caching
Cache SSL content
Cache Dynamic Content
Cache Aggressively
Cache update URI
Cache instance name
Out bound SSL alias
Pool Connections to Content Servers
Maximum connections per server
Trust security proxies
Error page URL
Proxy access log
Cache access log
Enable access logging
Access log maximum size
MB
Local access log
SSL alias to use for accepting connections
Enable policy
Enable Web services support
View centrally managed SSL tree
Fail route action
Fail status code
Proxy route action
content server group name
Redirect route action
redirect URL
Routing action
Routing policy
Routing rules
Priority routing rules
Priority routing rule
Properties
Rewriting policy
Rewriting rules
Properties
Static cache policy
Static cache rules
Properties
HTTP
HTTPS
Priority routing rule
Priority
Plugin Config Policy
Properties
Generate Plugin Configuration
Plugin config change script
On
Off
On_Local
None
All
Cell
Node
Server
Header management policy
Header management rules
Properties
Local routing action
Ports
Host
Port
Protocol
Weight
HTTP
HTTPS
HTTP
HTTPS
Content Server Connection:
Caching:
Exclusions:
Logging:
Security:
Proxy Plugin Configuration Policy:
Custom Error Page Policy:
Web Services:
SSL Configuration:
Route:
Generic Server Cluster
Peer Access Point
Failure Status Code
Redirect URL
Local
Trusted security proxies
Server header
Outbound request timeout
Outbound connect timeout
milliseconds
seconds
Error page generation application URI
Headers to forward to Error page Application
HTTP status codes that are to be recognized as errors
Handle remote errors
The specified server name already exists.
The name specified is invalid.
The server \"{0}\" will be deleted from the configuration.
The specified timeout is invalid. Specify a value in the range "{0}" to "{1}".
The URI specified "{0}" is invalid.
The status code "{0}" is invalid.
The status code "{0}" is invalid as it cannot contain anything other than digits or X.
The name of the header "{0}" is invalid.
The name of the server "{0}" is not unique.
The name of the cluster "{0}" is not unique or valid.
The URI group name "{0}" is not unique or valid.
The host name or IP address "{0}" is not valid.
The port or endpoint specified is not valid.
The name "{0}" of the routing rule is not valid or unique.
The URI pattern "{0}" conflicts with pattern "{1}" in a prior rule.
The only supported wild card character in a URI pattern is a *.
A trailing / in a uri pattern implies the wild card * at the end of the pattern.
No virtual host is declared in the rule.
The routing rules "{0}" and "{1} are inconsistent with each other.
The routing rule "{0}" is invalid, it does not specify a failure status code.
The routing rule "{0}" is invalid, it does not specify a valid redirect url.
The routing rule "{0}" is invalid, it does not specify a valid generic cluster.
The routing rule "{0}" is invalid, it does not specify a valid WebSphere cell.
The Generic Server Cluster must be specified.
Proxy server transports
On Demand Router transports
Proxy Cache instance config
On Demand Router Cache instance config
Web Module Proxy Configuration
Enable Proxy
Web Module Transport Protocol
HTTP
HTTPS
Client Protocol
Proxy Settings
HTTP Proxy Server Settings
Proxy-specific settings can only be changed with the wsadmin scripting client when the server is part of a cluster.
Cluster Name
This server is not part of a cluster.
Proxy Cluster Information

A server that acts as an intermediary for HTTP requests that are serviced by application servers or Web servers.  The proxy server acts as a surrogate for the application servers in the enterprise and can enhance the overall experience by providing services such as workload management, cross-cell routing, and other services that offload the application server.
The name of the proxy server.
An optional short name for the server. The name should be eight characters or less.
Specifies a unique identifier for this server.
Specifies which mode to run the proxy server.
Proxy clusters consists of a group of proxy servers.
A proxy cluster consists of a group of proxy servers. A proxy server improves the overall user experience by distributing HTTP requests across the cluster, and makes it scalable.
Create a new proxy server.
Create a new on-demand router.
Select a node on which the proxy server will be created. Pick a  Application Server Version 6.0.2 node for creating the proxy server. Creating a proxy server on any other node creates the server, but the server does not start on the node.
Select a node on which to create the on-demand router. Pick a  Extended Deployment node for creating the router. Creating a router on a non-Extended Deployment node creates the server, but the server does not start unless  Extended Deployment is installed on the node.
Logical name for the .
The selected server configuration becomes the template for other servers in the cluster.
Enter information about the new server.  Click  to add the server to the list of cluster members that will be created for this cluster. Click  to remove a server from the list.
Field to enter a new server name.
A  Application Server content server group represents a  Application Server cell.
The peer access point for this  Application Server cell that is configured through the core group bridge service.
A cluster of generic servers (servers that are not managed by  Application Server, such as Web servers) that host a common set of resources and can be routed to as a unit.

The logical name for the generic server cluster that is used in a routing rule.
The protocol that the proxy server will use when connecting to a cluster member.
The basic rules for caching static content on the proxy server.
The logical name for groups of URI that form a collection that used as a basis for routing requests.
This attribute, if enabled, indicates not to cache the URI group that is associated with this rule.
The default expiration value, in seconds, that is used to determine the validity of cached responses for the URI that is associated with this cache rule.
This attribute derives the cache expiration value for a response if it does not have explicit HTTP expiration headers and when it has a LastModifiedTime header in the response.  
The IP address and ports on which the remote server listens.
The host name or IP address of the node that is hosting the remote server.
The port that is used by the remote content server to listen for requests.
The protocol to use to retrieve requests from this port.
A routing rule identifies how a request that is identified by the virtual host and URI, and arrives at the proxy server is handled through a route action.
The action taken when a request matches this routing rule.
A group of URI patterns that is used to define a set of loosely related web resources.
The name of this routing rule.
A virtual host that is configured using the virtual host service. This virtual host is associated with the proxy server. This attribute is one of the elements in a request that is matched by the proxy server to determine if this rule is activated.
This attribute indicates if the routing rule is enabled in the policy.
This rule defines how to rewrite a specific URL in a request or response.
The name of the rewriting rule.
The URI pattern can have one or more asterisks (*) that are used against the rewrite target to decide when to activate this rule.
The URI pattern with matching asterisks (*) from the uriMatchingPattern that is used to rewrite the target.
The target of the rewriting rule.
A collection of rules that define how to rewrite URLs in a request or response.
The URL pattern can have one or more asterisks (*) that are used against the rewrite target to decide when to activate this rule.
The URL pattern with matching asterisks (*) from the uriMatchingPattern that is used to rewrite the target.
Create a new cluster of servers that are not configured or started by  Application Server.
Provide the endpoint information to connect to this member.
Host name or IP address of the cluster member.
Port that this member is listening for.
The protocol that is used to communicate with this member.
Create new routing rule.
This request is routed to a cell that is pre-configured through the core group bridge service.
This request is routed to a generic cluster that is configured through the generic cluster definition panel.
The client is sent another URL for which to make the request.
URL to send back to the client.
The request has an error response sent to the client.
Port number of the server.
A content server group defines a logical group of servers that are related because they serve the same content (clusters) or they are part of logical administration domain (cells).

List of URI patterns that the proxy server does not accept for this content server group. This value overrides the global setting in the proxy settings field.
Enable caching at the proxy server for this content server group. This value overrides the global setting in the proxy settings field.
Enable content that is secured by Secure Sockets Layer (SSL) to cache at the proxy server. This value overrides the global setting in the proxy settings field.
The URI at a remote server that is used to receive invalidations and provide updates on the proxy cache statistics. This value overrides the global setting in the proxy settings field.
The default cache instance that is configured as a cache store for this content server group at the proxy server. This value overrides the global setting in the proxy settings field.
The default Secure Sockets Layer (SSL) repertoire alias that is configured for making SSL connections to this content server group by the proxy server. This value overrides the global setting in the proxy settings field.
Enable the use of a pool of established connections to servers in this content server group. This value overrides the setting in the proxy settings field.
The maximum number of established, but idle connections that might be in the connection pool for any server in this content server group. This value overrides the global setting in the proxy settings field.
The URI for the custom proxy error page handler. The proxy uses this handler to generate the custom error pages if an error occurs while servicing a request in this content server group. This value overrides the global setting in the proxy settings field.
How to set the SSL configuration from one of several sources.
Use the SSL configuration scoped for this endpoint.
Use a specific SSL configuration.
Use this page to create a group of URI patterns that is used to define a set of loosely-related Web resources.
Specifies the name of this URI group.
Specifies a list of URI patterns. These patterns can include an asterisk (*) as a trailing wildcard character.
These settings describe the advanced attributes and policies that define the behavior of the On Demand Router.
These settings describe the advanced attributes and policies that define the behavior of the proxy server.
The policy that is used to determine how the routing rules that enable a  Application Server plug-in to forward requests to the proxy are generated.
The scope of the proxy for which to generate these routing rules. These might be at a cell scope to include routing rules for all of the proxies in the local cell, or node to indicate that routing rules should be able to route to all of the proxies that are configured at the node and so on.
Custom properties for the server.
The HTTP methods that the proxy server will not forward to the origin server.
Name of the HTTP method.
The list of URI patterns that the proxy server will not forward to the origin server.
With this, the proxy server can cache eligible content from the origin server.
Enable content that is secured by SSL to be cached at the proxy server.
Enable caching of content that is generated by the application server.
Enables caching of responses that might not ordinarily be cached.
The URI at a remote server that is used to receive invalidations and provide updates on the proxy cache statistics.
The default cache instance that is configured as a cache store for the server.
The default Secure Sockets Layer (SSL) repertoire alias that is configured for making SSL connections to the enterprise content servers.
Browse the centrally managed SSL configuration tree.
Enable the use of a pool of established connections to the enterprise content servers.
The maximum number of connected sockets to an application server that will be pooled by the proxy server, to reduce overhead when creating and closing connections to the application server.
Trust the security proxies that forwards the request to the .  Enable this attribute if a trusted intermediary, a security proxy, is fronting this .
The URI for the custom proxy error page handler. The proxy uses this handler to generate the custom error pages. The handler is a servlet, a  Server Pages file, an HTML file, or some Web element that is installed and deployed in a content server group that is accessible to the  from the routing rules. There should be a proxy or local route action associated with this rule.
The location for the HTTP access log (NCSA) that is generated for proxied requests.
The HTTP access log (NCSA) that is generated for requests that are served from the local cache.
The location for the HTTP access log (NCSA) that is generated for responses that are served out of the proxy server (excluding cached responses).
The SSL alias that is configured for accepting connections from clients.
Enable support for Web services, including WS-Addressing.
Enable support for Web services, including WS-Addressing.
This action indicates that the incoming request for this rule failed.
This attribute specifies the HTTP status code to use to indicate the reason for failing the request. This status code is used in the response if no custom error page generation application is defined. If a custom error page generation application can be routed to use a valid proxy or a local route rule, this status code is passed to the application as an argument to generate the error.
This action proxies or forwards the incoming request that matches this rule to one of the content server groups that is configured at the .
This attribute identifies the content server group to which an inbound request matched by the associated routing rule is proxied or forwarded.
The redirect route action redirects the inbound request that is matched by this routing rule to another URL. This action is completed  by sending a redirect in response to this request.
This attribute specifies the URL that the client is redirected to use.
The routing action that is associated with a routing rule. If the rule activates, the  performs the specified action.
The routing policy that is used by the  to decide how to handle requests that arrive at the server.
The routing policy that is used by the proxy server to decide how to handle requests that arrive at the server.
The routing policy that is used by the on-demand router to decide how to handle requests that arrive at the server.
The rewriting policy defines the rewriting rules that are applied by the .
The static caching policy that is defined for this proxy server.
The rules that govern how static, cachable content within the specified URI group is treated.
Custom properties that define the policies for caching content.
The plug-in configuration file is generated automatically by the  , based on the changes in the cells to which it is proxying. This generation policy describes the attributes that are used in generating the plug-in configuration file for a Web server that routes to the proxy.
The scope in which the plug-in configuration generation occurs.
The path to a script that is run after the plug-in configuration is generated. With this script, you can enable post-generation tasks, such as the distribution of the plug-in configuration file.
The local routing action indicates that the request matching this routing rule is served by the local Web applications that are deployed in the cell to which this server belongs.
The host name or IP address of the remote cluster member.
The port number of the server.
The protocol that is used for communicating to the host on the specified port.
The weight given to an endpoint.
The HTTP protocol.
The HTTPS protocol.
The properties that influence the characteristics of the connection to the origin server.
Basic configuration attributes that determine how cachable content is treated at the proxy server.
Configure the properties that describe the requests that should be rejected at the proxy server. Multiple methods may be disabled by entering one method name per line.
Configure the properties that describe the requests that should be rejected at the on-demand router. Multiple methods may be disabled by entering one method name per line.
Configure the location of the NCSA logs that are generated at the proxy server.
Configure the location of the NCSA logs that are generated at the on-demand router.
Additional security options for the proxy server.
Additional security options for the on-demand router.
Configure the policy for generating plug-in configurations that may be used at a Web server to route requests to this server.
Configure the rules that are used by the proxy server to determine when and how to generate custom error pages in response to exception conditions at the proxy or origin server.
Configure the rules used by the on-demand router to determine when and how to generate custom error pages in response to exception conditions at the router or origin server.
This request is routed to a generic cluster that is configured through the generic cluster definition panel.
The proxy server sends an error response to the client.
Redirect the client to reissue the request to the specified URL.
The local routing action indicates that the request matching for this routing rule is served by the local Web applications that are deployed in the cell to which this server belongs.
Configure the host name or IP address of security proxies that are to be trusted.  Trusted intermediaries, such as a secure Web server or security proxy, intercepts requests and may add secure information and credentials before forwarding them to the proxy server. Security information that is forwarded by the configured hosts is trusted by the proxy. Enter one IP address or host name per line.
The server name that is used in HTTP responses.
The number of seconds that the server waits for a response before timing out the request to a content server.
The number of milliseconds that the proxy waits to connect to a server. If this time expires, the proxy will attempt to connect to a different server. If no other available servers exist, the request is timed out. A value of 0 indicates that the proxy uses the kernel timeout value for the operating system.
The URI of the application that is deployed to generate an error response body when an exception condition is detected.
The specified header name and value from the original response are forwarded as query parameters to the error page generation application. Specify one header per line.
The status codes that will cause the proxy to forward the error response to the error page generation application. These status codes are comma-delimited and can use an X as wildcard characters.  For instance, 5XX denotes all status codes between 500 and 599. Specify one status code specification per line.
Indicates if error responses forwarded by the application server are customized.
The inbound transports that are associated with the proxy server.
The inbound transports that associated with the on-demand router.
The cache instance that is associated with the proxy server.
The cache instance that is associated with the on-demand router.
Proxy server configuration settings for this Web module.
Enable proxy server to route requests to this Web module.
Specifies the protocol that the proxy server uses when communicating with this Web module.


Supported protocols: HTTP, SIP

Resources
Custom properties
J2EE resource provider
Factories
Connection factories
CMP connection factories
JMS destinations
JMS connection factories
URLs
Data sources
Mail sessions
Resource environment entries
J2C connection factories
Custom properties
Name
Description
Class path
Native library path
J2EE resource factory
Provider
JMS providers
URL providers
JDBC providers
Mail providers
J2C resource adapters
Resource environment providers
Custom properties
Name
JNDI name
Description
Category
Custom properties
Name
Type
Value
Description
Required
J2EE resource property set
Resource properties
Connection Factory
Connection pool properties
Provider type {0} and provider type {1} cannot safely coexist due to conflicts on the class path. This configuration may cause unpredictable errors at runtime. It is recommended you delete one of the two JDBC providers.
Connection pools
Connection timeout
seconds
Maximum connections
connections
Minimum connections
connections
Reap time
seconds
Unused timeout
seconds
Aged timeout
seconds
Purge policy
EntirePool
FailingConnectionOnly
Resource Provider Ref
Resource provider
JMS providers
URL providers
JDBC providers
Mail providers
J2C resource adapters
Resource environment providers
Class path
Session pool
APPLICATION DEFINED
QUEUE DEFINED
NON PERSISTENT
PERSISTENT
QUEUE DEFINED
APPLICATION DEFINED
SPECIFIED
APPLICATION DEFINED
UNLIMITED
SPECIFIED
JMS
MQ
java.lang.String
java.lang.Boolean
java.lang.Integer
java.lang.Double
java.lang.Byte
java.lang.Short
java.lang.Long
java.lang.Float
Additional Properties for this object will not be available to edit until its general properties are applied by clicking on either Apply or OK.
Scope
Required properties cannot be deleted
Test connection
The test connection operation for data source {0} on server {1} at node {2} was successful.
The test connection operation for data source {0} on server {1} at node {2} was successful with {3} warning(s).
The test connection operation failed for data source {0} on server {1} at node {2} with the following exception: {3}.
The test connection operation for data source {0} was unable to connect to node {1}.  Ensure that the node agent is running and retry the test connection operation.
Changes have been made to the resources configuration for this scope. You must save these changes to the master configuration before performing this action.
Changes have been made to the node, {0}, which have not been synchronized.   You must synchronize these changes to the master configuration before performing this action.
{0} cannot be more than {1} characters in length.
Show built-in resources
URL Providers
URL providers
Stream handler class name
Protocol
URL
URLs
Specification
JMS Providers
V5 Default Messaging
Generic
WebSphere MQ
Resource Environment
Resource Environment Providers
Resource environment providers
Referenceables
Resource environment entries
Referenceables
No resource environment providers have been defined.  You must create a resource environment provider before a resource environment entry can be created.
Referenceables
Factory class name
Class name
CMP connection factories
CMP data source
Mail
Resource Adapters
JDBC
Provider
Create New Provider
Mail Providers
Mail Sessions
Mail transport protocol
Mail store provider
Mail transport host
Mail transport user ID
Mail transport password
Mail from
Mail store host
Mail store user ID
Mail store password
Mail store protocol
JTA enabled
Debug
Enable debug mode
Enable strict Internet address parsing
Mail Providers
Protocol providers
Protocol providers
Protocol
Class name
Class path
Type
STORE
TRANSPORT
Advanced connection pool properties
Number of shared partitions
Number of free pool partitions
Free pool distribution table size
Surge threshold
Surge creation interval
Test connection
Test connection interval
Stuck timer interval
Stuck time
Stuck threshold
Connection pool custom properties
partitions
External initial context factory
External provider URL
JNDI binding mechanism
Generic JMS destinations
Generic JMS destinations
External JNDI Name
Type
Connection pool
Session pools
XA enabled
Enable XA
Generic JMS connection factories
External JNDI name
Type
QUEUE
TOPIC
UNIFIED
QUEUE
TOPIC
WebSphere MQ queue destinations
Persistence
Priority
Specified priority
Expiry
Specified expiry
milliseconds
Base queue name
Base queue manager name
CCSID
Native encoding
Use native encoding
Integer encoding
Decimal encoding
Floating point encoding
Target client
Queue manager host
Queue manager port
Server connection channel name
User ID
Password
WebSphere MQ topic destinations
Persistence
Priority
Specified Priority
Expiry
Specified Expiry
milliseconds
Base topic name
CCSID
Native encoding
Use native encoding
Integer encoding
Decimal encoding
Floating point encoding
Target client
Broker durable subscription queue
Broker CC durable subscription queue
Enable multicast transport
WebSphere MQ connection factories
Queue manager
Host
Port
Channel
Transport type
Model queue definition
Client ID
CCSID
Message retention
Enable message retention
Return methods if quiescing
Enable return methods during shutdown
Local server address
Polling interval
Rescan interval
SSL cipher suite
SSL CRL
SSL peer name
Temporary queue prefix
Use connection pooling
Enable MQ connection pooling
Broker control queue
Broker queue manager
Broker publication queue
Broker subscription queue
Broker CC subscription queue
Broker version
Publish and subscribe cleanup level
Publish and subscribe cleanup interval
Broker message selection
Publish and acknowledgement interval
Sparse broker subscriptions
Enable sparse broker subscriptions
Publish and subscribe status interval
Persistent subscriptions store
Enable multicast transport
Clone support
Enable clone support
Direct Broker authorization type
Proxy host name
Proxy port
WebSphere MQ queue connection factories
Queue manager
Host
Port
Channel
Transport type
Model queue definition
Client ID
CCSID
Messsage retention
Enable message retention
Return methods if quiescing
Enable return methods during shutdown
Local server address
Polling interval
Rescan interval
SSL cipher suite
SSL CRL
SSL peer name
Temporary queue prefix
Use connection pooling
Enable MQ connection pooling
WebSphere MQ topic connection factories
Host
The host name is defined.  This will be used only if the transport type is client connection.
Port
The port number is defined.  This will be used only if the transport type is client connection.
Transport type
Channel
The channel name is defined.  This will be used only if the transport type is client connection.
Queue manager
Broker control queue
Broker queue manager
Broker publication queue
Broker subscription queue
Broker CC subscription queue
Broker version
Model queue definition
Client ID
CCSID
The coded character set identifier is defined.  This will be used only if the transport type is client connection.
Message retention
Enable message retention
Clone support
Enable clone support
Advanced
Basic
Normal
Reversed
Normal
Reversed
IEEENormal
IEEEReversed
S390
Publish and subscribe cleanup level
Publish and subscribe cleanup interval
Broker message selection
Publish and acknowledgement interval
Sparse broker subscriptions
Enable sparse broker subscriptions
Publish and subscribe status interval
Persistent subscriptions store
Enable multicast transport
Direct broker authorization type
Proxy host name
Proxy port
Return methods if quiescing
Enable return methods during shutdown
Local server address
Polling interval
Rescan interval
SSL Cipher suite
SSL CRL
SSL peer name
Use connection pooling
Enable MQ connection pooling
SAFE
ASPROP
NONE
STRONG
QUEUE
BROKER
MIGRATE
BASIC
CERTIFICATE
CLIENT
BROKER
AS CONNECTION FACTORY
DISABLED
NOT USED
NOT RELIABLE
ENABLED IF AVAILABLE
RELIABLE
ENABLED
ENABLED RELIABLE
ENABLED RELIABLE IF AVAILABLE
{0} contains the character '{1}' which is not valid for an MQ name.
WebSphere queue destinations
Queue destinations provided for point-to-point messaging by the internal WebSphere JMS provider.  Use WebSphere Queue Destination administrative objects to manage queue destinations for the internal WebSphere JMS provider. NOTE: The queue name must also be added to the list of queue names in the configuration of the JMS server(s) where the queue is to be hosted.
Node
Persistence
Priority
Specified priority
Expiry
Specified expiry
milliseconds
The Websphere Queue Destination name is too long. A WebSphere Queue Destination name may not be more than 45 characters long.
WebSphere topic destinations
Topic
Persistence
Priority
Specified Priority
Expiry
Specified expiry
milliseconds
WebSphere topic connection factories
Node
Port
Client ID
Clone support
Enable clone support
WebSphere queue connection factories
Node
DIRECT
QUEUED
WebSphere queue connection factories
WebSphere topic connection factories
WebSphere queue destinations
WebSphere topic destinations
WebSphere MQ connection factories
WebSphere MQ queue connection factories
WebSphere MQ topic connection factories
WebSphere MQ queue destinations
WebSphere MQ topic destinations
BINDINGS
CLIENT
DIRECT
MQ Config
WebSphere MQ queue host
Base queue name
Base queue manager name
WebSphere MQ queue
Queue manager host
Queue manager port
Server connection channel name
User ID
Password
Inhibit Put
Inhibit Get
Persistence
Cluster name
Cluster name list
Default binding
Maximum queue depth
Maximum message length
Shareability
Input open option
Message delivery sequence
Backout threshold
Backout requeue name
Harden Get Backout
Default priority
Put Inhibited
Put Allowed
Persistent
Not Persistent
On Open
Not Fixed
Get Inhibited
Get Allowed
Shareable
Not Shareable
Exclusive
Shared
FIFO
Priority
Hardened
Not Hardened

No WMQQueueDefiner MBean found!
The WMQQueueDefiner MBean has encountered an error.
WebSphere MQ Queue Connection Properties
see the scope settings help.
JMS
Provider
JMS providers
Name
Description
Class path
Native library path
External initial context factory
External provider URL
Connection factories
Name
Description
Queue connection factories
Name
Description
Topic connection factories
Name
Description
Queues
Name
Description
Topics
Name
Description
Activation specifications
Name
Description
New
Select JMS resource provider

Select the provider with which to create the {0}. The following providers support the selected resource type and are available at the selected scope.
Connection factory
Queue connection factory
Topic connection factory
Queue
Topic
Activation specification
A JMS provider with the name "{0}" already exists at the selected scope.

Configures the connection factory to correspond with different service providers.  For example, in the case of the Java Message Service (JMS), all of the connections are provided by WebSphere MQ; however, you might want to use a different provider implementation, such as SonicMQ.  Within the same domain, you might define more than one vendor's implementation of a resource; however, within the server, define only one.

CMP connection factories are used by CMP beans to access any back-end store.
J2C connection factories represent a set of connection configuration values.
Properties that might be required for Resource Providers and Resource Factories. For example, most database vendors require additional custom properties for data sources that access the database.
The name of the resource provider.
A description of the resource adapter.
A list of paths or JAR file names which together form the location for the resource provider classes. Class path entries are separated by using the ENTER key and must not contain path separator characters (such as ';' or ':').  Class paths can contain variable (symbolic) names that can be substituted using a variable map.  Check your driver installation notes for specific JAR file names that are required.
An optional path to any native libraries (*.dll, *.so). Native path entries are separated by using the Enter key and must not contain path separator characters (such as ';' or ':').  Native paths can contain variable (symbolic) names that can be substituted using a variable map.
Resource factories represent the resources that are bound within the java:comp namespace.
The provider that created the resource factory.
Properties that might be required for resource providers and resource factories. For example, most database vendors require additional custom properties for data sources that access the database.
The required display name for the resource.
The JNDI name for the resource.
An optional description for the resource.
An optional category string to use when classifying or grouping the resource.
Use this page to specify custom properties that your enterprise information system (EIS) requires for the resource providers and resource factories that you configure. For example, most database vendors require additional custom properties for data sources that access the database.
Specifies the name, or type, of property (for example, PortNumber and ConnectionURL).
Specifies the fully qualified Java type of this property (java.lang.Integer, java.lang.Byte).
Specifies the value that you assign to the property.
Specifies text to describe any bounds or well-defined values for this property.
Specifies if the property is required or not.

Specifies an arbitrary set of properties that can be stored with a resource factory.

An optional set of connection pool settings.
Use this page to set properties that impact the timing of connection management tasks, which can affect the performance of your application. Consider the default values carefully; your application requirements might warrant changing these values.
Specifies the number of seconds that a connection request remains active, after which WebSphere Application Server issues a ConnectionWaitTimeout exception. The application server acts on this value only if you set the maximum pool size property.
Specifies the maximum number of connections to maintain in the pool. If the maximum number of connections is reached and all connections are in use, additional connection requests can remain active for the full time period that you specify in the connection timeout property.
Specifies the minimum number of connections to maintain in the pool.
Specifies the interval, in seconds, between runs of the pool maintenance thread.
Specifies the maximum number of seconds that an idle connection can remain in the pool before being discarded by the maintenance thread.
Specifies the interval, in seconds, after which an unused, aged connection is discarded (regardless of recent activity) by the pool maintenance thread.
Specifies how to purge connections when a stale connection or fatal connection error is detected.


A list of paths or JAR file names that jointly form the location for the resource provider classes.  Class path entries must not contain path separator characters (such as ';' or ':').  Class paths can contain variable (symbolic) names that can be substituted using a variable map.  Check your driver installation notes for specific JAR file names that are required.

Specifies the highest topological level at which application servers can use this resource object.
Use this page to set up URL providers, or factories, which function as conduits for applications to access URL resources. A URL resource is an electronically accessible resource, such as a directory file on a machine in a network, that is represented by a uniform resource locator (URL). Select the default provider to access any URL resource through the HyperText Transfer Protocol (HTTP) or File Transfer Protocol (FTP). Create new providers to access URL resources through different protocols.
Specifies the fully qualified name of a user-defined Java class that extends java.net.URLStreamHandler for a particular URL protocol, such as FTP.
Specifies the protocol that is supported by this stream handler. Protocol examples: NNTP, SMTP, and FTP.
Use this page to configure uniform resource locators (URLs), which point to electronically accessible resources, such as a directory file on a machine in a network or a document stored in a database.
Specifies the complete string that comprises a URL.
Use this page to configure a resource environment provider, which encapsulates the referenceables that convert resource environment entry data into resource objects. These objects can then be accessed by applications.
Use this page to configure a new referenceable, which specifies the factory class that converts data in the Java Naming and Directory Interface (JNDI) name space into a usable resource object. After you define the referenceable, return to the provider page to find the link for configuring  resource environment entries. The resource environment entry provides the necessary data about your resource in the JNDI name space.
Use this page to configure resource environment entries, which are objects that contain information about a resource and represent it in the JNDI name space. Create resource environment entries only after you configure the necessary referenceables.
Specifies the referenceable, which holds the class name of the factory that converts resource data in the JNDI name space into a usable resource object.
Use this page to configure a new referenceable, which specifies the factory class that converts data in the Java Naming and Directory Interface (JNDI) name space into an object that represents your resource to WebSphere Application Server. After you define the referenceable, return to the provider page to find the link for configuring  resource environment entries. The resource environment entry provides the necessary data about your resource in the JNDI name space.
Specifies the javax.naming.ObjectFactory implementation class name that the referenceable represents.
Specifies the Java type to which a referenceable provides access, for binding validation and creating the reference.
Use this page to configure a connection factory that a CMP bean uses to access any back-end datastore.
Specifies the data source that provides database connectivity for a container managed persistence (CMP) bean.
Use this page to create mail sessions, which are collections of properties that define how your application sends mail and accesses the mail store. Configure mail sessions only after you configure the necessary protocol providers.
Specifies the transport protocol to use when sending mail. Actual protocol values are defined in the protocol providers that you configured for the current mail provider.
Specifies the protocol to use when reading mail.
Specifies the server to connect to when sending mail.
   Specifies the user ID to use when the mail transport host requires authentication.
Specifies the password to use when the mail transport host requires authentication.
Specifies the Internet e-mail address that is displayed in messages as the mail originator.
Specifies the mail account host, or domain name.
Specifies the user ID of the mail account.
Specifies the password of the mail account.
Specifies the protocol to use when receiving mail. Actual protocol values are defined in the protocol providers that you configured for the current mail provider.
Specifies if this mail session is enabled for JTA.
Select to print the following data to the  file: interaction between the mail application and the mail servers, as well as the properties of this mail session.
Select to enforce the  syntax rules for parsing Internet addresses when sending mail.  is a specifications document issued by the Internet Architecture Board.
Specifies the mail provider that WebSphere Application Server uses for this mail session.
Use this page to create a mail provider, an object that encapsulates the protocol providers that your mail application requires. Select the built-in mail provider for access to the three default protocol providers: SMTP, IMAP, and POP3. These protocol providers suffice for most applications.
The protocol providers that are defined in the current mail provider.
Use this page to set the properties of a protocol provider, which provides the implementation class for a specific protocol to support communication between your JavaMail application and mail servers. After saving your settings, return to the mail provider page to find the link for configuring mail sessions.
Specifies the protocol that is implemented by this protocol provider.
Specifies the class name of the protocol provider.  The class must be available on the class path.
Specifies the class path to a JAR file that contains implementation classes for this protocol provider.  If more than one JAR file provides the complete implementation , use this page to add an entry for each JAR file that the protocol provider requires.  Create the entries individually; do not use class path separator information.
Specifies the type of mail server that this protocol provider supports: either TRANSPORT or STORE.
Use this page to modify existing partition settings for connection pools, as well as set optional connection management properties that can increase the performance of your application.
Specifies the period of time that the connection manager waits between creating connections during surge mode. The connection manager enforces the surge creation interval until the number of connections in the pool drops below the surge threshold value.
Specifies the number of partitions that are created in each of the shared pools.
Specifies the number of partitions that are created in each of the free pools.
Determines the distribution of hash values in the table that indexes connection usage data. The hash values are used to match connection request credentials with the connections. A free pool distribution table size value that is higher than 1 can increase the efficiency of hash value distribution, to help minimize search collisions within the table. The value of 0 means random distribution.
Specifies the number of connections that can be created before the connection manager activates surge protection. Surge protection is an operating mode that limits connection creation according to a rate that you set through the surge creation interval property. The goal is to prevent overloading of a data source when too many connections are created simultaneously.
Specifies the period of time that the connection manager waits between creating connections while the connection manager operates in surge mode. The connection manager enforces the surge creation interval until the number of connections in the pool drops below the surge threshold value.
Triggers the test of a free pool connection to ensure that it is active before returning the connection to an application.
Specifies the wait interval between accepting new connection requests after a test operation succeeds, but an application fails to get a live connection.
The stuck timer interval determines how often the connection pool checks for stuck connections. A stuck connection is an active connection that is not responding or returning to the connection pool. The default value is 0 seconds.
If the pool appears to be stuck (you have reached the stuck threshold), a resource exception is given to all new connection requests until the pool is unstuck. The stuck time property is the interval, in seconds, allowed for a single active connection to be in use to the backend resource before it is considered to be stuck.
Specifies the maximum number of stuck connections that are allowed to accumulate in a pool before the connection manager rejects new connection requests.
Use this page to set custom properties for the connection pool.
Specifies a JMS provider, which enables asynchronous messaging based on the Java Message Service (JMS). It provides J2EE connection factories to create connections for specific JMS queue or topic destinations. JMS provider administrative objects are used to manage JMS resources for the associated JMS provider.
Specifies the Java class name of the initial context factory for the JMS provider.
Specifies the JMS provider URL for external JNDI lookups.
Specifies the Java class name to be used for namespace binding. Required only for providers with non-standard binding requirements.
A JMS provider enables asynchronous messaging based on the Java Message Service (JMS).  It provides J2EE connection factories to create connections for specific JMS queue or topic destinations. WebSphere JMS provider administrative objects are used to manage JMS resources for the internal WebSphere JMS provider.
A JMS provider enables asynchronous messaging based on the Java Message Service (JMS).  It provides J2EE connection factories to create connections for specific JMS queue or topic destinations. WebSphere MQ JMS provider administrative objects are used to manage JMS resources for WebSphere MQ as the JMS provider.
A list of paths or JAR file names which together form the location for the WebSphere MQ classes. This class path can be changed by modifying the variable map for MQJMS_LIB_ROOT.
An optional path to any native libraries (*.dll, *.so). This native path can be changed by modifying the variable map for MQJMS_LIB_ROOT.
A JMS destination defines the configuration properties of either a queue (for point-to-point messaging) or a topic (for Publish and subscribe messaging) provided by the selected JMS provider.
A Generic JMS  destination defines the configuration properties of either a queue (for point-to-point messaging) or a topic (for Publish and subscribe messaging) provided by the selected generic JMS provider.
The JNDI name that is used to bind the queue into the external name space.
Indicates whether this JMS destination is a QUEUE (for point-to-point) or TOPIC (for pub/sub).
Use this page to create connections to the associated JMS provider for JMS destinations.
Specifies the connection pool settings for JMS. These settings are not used for Generic JMS connection factories.
Specifies an optional set of session pool settings.
Specifies the attribute that indicates whether the JMS provider is XA enabled. This attribute only applies to specialized models of JMSConnectionFactory. It is meaningless for GenericJMSConnectionFactories, as they define such feature enablements through name and value property pairs.
Specifies a JMS connection factory that is used to create connections to the associated JMS provider for JMS destinations. Use this panel to view or change the configuration properties of a JMS connection factory for the selected generic JMS provider.
Specifies the JNDI name that is used to bind the connection factory into the external name space.
Specifies whether this connection factory is for creating JMS queue destinations or JMS topic destinations.
Specifies a JMS queue destination for point-to-point messaging.
Specifies a JMS topic destination for publication and subscription messaging.
Queue destinations provided for point-to-point messaging by the WebSphere MQ JMS provider.  Use WebSphere MQ queue destination administrative objects to manage queue destinations for the WebSphere MQ JMS provider.
Indicates whether all messages sent to the destination are persistent, nonpersistent, or have their persistence defined by the application.
Whether the message priority for this destination is defined by the application or the Specified priority property.
If the priority property is set to specified, you must type the message priority for this queue, using the range 0 through 9.
Indicates whether the expiry timeout for this queue is defined by the application or the Specified expiry property, or whether messages on the queue do not expire (that is, have an unlimited expiry timeout).
If the Expiry timeout property is set to specified, you must type the number of milliseconds (greater than 0) after which messages on this queue expire.
The name of the queue to which messages are sent, on the queue manager specified by the Base queue manager name property.
The name of the WebSphere MQ queue manager to which messages are sent.
The coded character set identifier for use with the WebSphere MQ queue manager.
When this option is enabled, native encoding is used.  When disabled, the settings for integer, decimal and floating point are used.
If native encoding is not enabled, select whether integer encoding is normal or reversed.
If native encoding is not enabled, select whether decimal encoding is normal or reversed.
If native encoding is not enabled, select the type of floating point encoding.
Indicates whether the receiving application is JMS-compliant or is a traditional WebSphere MQ application.
The host name for the queue manager, on which the queue destination is created.
The number of the port used by the queue manager on which this queue is defined.
The name of the channel to use to connect to the queue manager.
The user ID used, with the password property, for authentication when connecting to the queue manager to define the queue destination.
The password, used with the user name property, for authentication when connecting to the queue manager to define the queue destination.
Topic destinations provided for publish and subscribe messaging by the WebSphere MQ JMS provider.  Use WebSphere MQ topic destination administrative objects to manage topic destinations for the WebSphere MQ JMS provider.
Indicates whether all messages sent to the destination are persistent, nonpersistent, or have their persistence defined by the application.
Indicates whether the message priority for this destination is defined by the application or the Specified priority property.
If the priority property is set to specified, you must the message priority for this queue, using the range 0 through 9.
Indicates whether the expiry timeout for this queue is defined by the application or the Specified expiry property, or whether messages on the queue do not expire (that is, have an unlimited expiry timeout).
If the Expiry timeout property is set to specified, you must type the number of milliseconds (greater than 0) after which messages on this queue expire.
The name of the topic to which messages are sent.
The coded character set identifier for use with the WebSphere MQ queue manager.
When this option enabled, native encoding is used.  When disabled, the settings for integer, decimal and floating point are used.
If native encoding is not enabled, select whether integer encoding is normal or reversed.
If native encoding is not enabled, select whether decimal encoding is normal or reversed.
If native encoding is not enabled, select the type of floating point encoding.
Indicates whether the receiving application is JMS-compliant or is a traditional WebSphere MQ application.
The name of the broker queue from which durable subscription messages are retrieved.
Broker connection consumer durable subscription queue name
Indicates whether or not this topic destination uses multicast transport if supported by the connection factory.
A unified JMS connection factory can be used to create JMS connections to both queue and topic destinations.
The name of the WebSphere MQ queue manager for this connection factory. Connections created by this factory connect to that queue manager.
The name of the host on which the WebSphere MQ queue manager runs, for client connection only.
The TCP/IP port number used for connection to the WebSphere MQ queue manager, for client connection only.
The name of the channel used for connection to the WebSphere MQ queue manager, for client connection only.
Indicates whether WebSphere MQ client TCP/IP connection or interprocess bindings connection is to be used to connect to the WebSphere MQ queue manager. Interprocess bindings can only be used to connect to a queue manager on the same physical machine. When using WMQ 5.3 or 64-bit z/OS, there are restrictions that should be taken into consideration when setting this field that are described in the InfoCenter.
The name of the model queue definition that can be used by the queue manager to create temporary queues if a requested queue does not already exist.
The JMS client identifier used for connections to the WebSphere MQ queue manager.
The coded character set identifier for use with the WebSphere MQ queue manager.
Select this check box to specify that unwanted messages are to be left on the queue. Otherwise, unwanted messages are dealt with according to their disposition options.
Indicates that applications return from a method call if the queue manager has entered a controlled shutdown.
The local server address.
The polling interval for connections.
The interval in milliseconds between conducting queue scans to look for messages that have been added in incorrect order.
The cipher suite to use for SSL connection to WebSphere MQ.
A list of zero or more certificate revocation list (CRL) servers used to check for SSL certificate revocation.
A distinguished name skeleton that is used to check the identifying certificate presented by the server at connection time.
The prefix used for dynamic queue naming.
Indicates whether or not to use WebSphere MQ connection pooling.
The name of the broker control queue to which all command messages (except publications and requests to delete publications) are sent.
The name of the WebSphere MQ queue manager that provides the publication and subscription message broker.
The name of the broker input queue that receives all publication messages for the default stream.
The name of the broker queue from which nondurable subscription messages are retrieved.
Broker connection consumer subscription queue
Attribute that indicates which message broker is to be used. Set this to BASIC for the MA0C broker, set to ADVANCED for WMQI and Event Broker.
The level of cleanup provided by the publish and subscribe cleanup utility.
The interval between background executions of the publish and subscribe cleanup utility.
Indicates where broker message selection is done
The interval, in number of messages, between publish requests that require acknowledgement from the broker.
Select this option to enable support for sparse broker subscriptions.
The interval, in milliseconds, between transactions to refresh publish and subscribe status.
Indicates where WebSphere MQ should store persistent data relating to active subscriptions.
Indicates whether or not this topic connection factory uses multicast transport.
Select this check box to enable WebSphere MQ clone support to allow the same durable subscription across topic clones. When enabled, the client ID field is required.
Indicates whether the broker uses basic or certificate-based authentication for direct connections.
Host name of the Web scale proxy host.
Port number of the Web scale proxy port.
A queue connection factory is used to create connections to the associated JMS provider of JMS queue destinations, for point-to-point messaging. Use WebSphere MQ queue connection factory administrative objects to manage queue connection factories for the WebSphere MQ JMS provider.
The name of the WebSphere MQ queue manager for this connection factory. Connections created by this factory connect to that queue manager.
The name of the host on which the WebSphere MQ queue manager runs, for client connection only.
The TCP/IP port number used for connection to the WebSphere MQ queue manager, for client connection only.
The name of the channel used for connection to the WebSphere MQ queue manager, for client connection only.
Indicates whether a WebSphere MQ client TCP/IP connection or an interprocess bindings connection is to be used to connect to the WebSphere MQ queue manager. Interprocess bindings can only be used to connect to a queue manager on the same physical machine.  When using WMQ 5.3 or 64-bit z/OS, there are restrictions that should be taken into consideration when setting this field that are described in the InfoCenter.
The name of the model queue definition that can be used by the queue manager to create temporary queues if a requested queue does not already exist.
The JMS client identifier used for connections to the WebSphere MQ queue manager.
The coded character set identifier for use with the WebSphere MQ queue manager.
Select this check box to specify that unwanted messages are to be left on the queue. Otherwise, unwanted messages are dealt with according to their disposition options.
Indicates that applications return from a method call if the queue manager has entered a controlled shutdown.
The local server address.
The polling interval for connections.
The interval in milliseconds between conducting queue scans to look for messages that have been added in incorrect order.
The cipher suite to use for SSL connection to WebSphere MQ.
A list of zero or more certificate revocation list (CRL) servers used to check for SSL certificate revocation.
A distinguished name skeleton that is used to check the identifying certificate presented by the server at connection time.
The prefix used for dynamic queue naming.
Indicates whether or not to use WebSphere MQ connection pooling.
A topic connection factory is used to create connections to the associated JMS provider of JMS topic destinations, for publish and subscribe messaging.  Use WebSphere MQ topic connection factory administrative objects to manage topic connection factories for the WebSphere MQ JMS provider.
The name of the host on which the WebSphere MQ queue manager runs, for client connection only.
The TCP/IP port number used for connection to the WebSphere MQ queue manager, for client connection only.
Indicates whether a WebSphere MQ client TCP/IP connection or an interprocess bindings connection is to be used to connect to the WebSphere MQ queue manager. Interprocess bindings can only be used to connect to a queue manager on the same physical machine.  When using WMQ 5.3 or 64-bit z/OS, there are restrictions that should be taken into consideration when setting this field that are described in the InfoCenter.
The name of the channel used for connection to the WebSphere MQ queue manager, for client connection only.
The name of the WebSphere MQ queue manager for this connection factory. Connections created by this factory connect to that queue manager.
The name of the broker control queue, to which all command messages (except publications and requests to delete publications) are sent.
The name of the WebSphere MQ queue manager that provides the publish and subscribe message broker.
The name of the broker input queue that receives all publication messages for the default stream.
The name of the broker queue from which nondurable subscription messages are retrieved.
Broker connection consumer subscription queue
Attribute to indicate which message broker is to be used. Set this to BASIC for the MA0C broker, set to ADVANCED for WMQI and Event Broker.
The name of the model queue definition that the broker can use to create dynamic queues for non-default streams if the stream queue does not already exist.
The JMS client identifier used for connections to the WebSphere MQ queue manager. Note: This is needed for durable server side subscriptions.
The coded character set identifier for use with the WebSphere MQ queue manager, for client connection only.
Message retention: Yes or No
Select this check box to enable WebSphere MQ clone support to allow the same durable subscription across topic clones. When enabled, the clientID field is required.
The level of cleanup provided by the publish and subscribe cleanup utility.
The interval between background executions of the publish and subscribe cleanup utility.
Indicates where broker message selection is done
The interval, in number of messages, between publish requests that require acknowledgement from the broker.
Select this option to enable support for sparse broker subscriptions.
The interval, in milliseconds, between transactions to refresh the publish and subscribe status.
Indicates where WebSphere MQ should store persistent data relating to active subscriptions.
Indicates whether or not this topic connection factory uses multicast transport.
Indicates whether the broker uses basic or certificate-based authentication for direct connections.
Host name of the Web scale proxy host.
Port number of the Web scale proxy port.
Indicates that applications return from a method call if the queue manager has entered a controlled shutdown.
The local server address.
The polling interval for connections.
The interval in milliseconds between conducting queue scans to look for messages that have been added in incorrect order.
The cipher suite to use for SSL connection to WebSphere MQ.
A list of zero or more certificate revocation list (CRL) servers used to check for SSL certificate revocation.
A distinguished name skeleton that is used to check the identifying certificate presented by the server at connection time.
Indicates whether or not to use WebSphere MQ connection pooling.
Specifies the queue destinations provided for point-to-point messaging by the internal WebSphere JMS provider. Use WebSphere queue destination administrative objects to manage queue destinations for the internal WebSphere JMS provider.
Specifies the WebSphere node name of the administrative node where the JMS server runs for this connection factory. Connections created by this factory connect to that JMS server.
Specifies whether all messages sent to the destination are persistent, nonpersistent, or have their persistence defined by the application.
Specifies whether the message priority for this destination is defined by the application or the Specified priority property.
Specifies the message priority for this queue. Valid values are between 0 and 9 (0 as the lowest priority and 9 as the highest priority). If the priority property is SPECIFIED, this field is required.
Specifies whether the expiry timeout for this queue is defined by the application or the Specified expiry property, or whether messages on the queue do not expire (that is, have an unlimited expiry timeout).
Specifies the number of milliseconds after which messages on this queue expire. Valid values are any long values greater than zero. This field is required if the expiry timeout property is SPECIFIED.
Specifies the topic destinations for publish and subscribe messaging by the internal WebSphere JMS provider. Use WebSphere topic destination administrative objects to manage topic destinations for the internal WebSphere JMS provider.
Specifies the string value used to identify the topic. It can be in dot notation and include wildcard characters.
Specifies whether all messages sent to the destination are persistent, nonpersistent, or have their persistence defined by the application.
Specifies whether the message priority for this destination is defined by the application or the Specified priority property.
Specifies the priority for the topic when priority is SPECIFIED. Valid values are between 0 and 9 (0 as the lowest priority and 9 as the highest priority).
Specifies whether the expiry timeout for this queue is defined by the application or the Specified expiry property, or whether messages on the queue do not expire (that is, have an unlimited expiry timeout).
Specifies the expiration period for the topic in milliseconds when expiry is SPECIFIED. Valid values are any long values greater than zero.
Specifies a topic connection factory, which is used to create connections to the associated JMS provider of JMS topic destinations for publish and subscribe messaging. Use WebSphere topic connection factory administrative objects to manage topic connection factories for the internal WebSphere JMS provider.
Specifies the WebSphere node name of the administrative node where the JMS server runs for this connection factory. Connections created by this factory connect to that JMS server.
Specifies which of the two ports is to be used in addition to the node (JMS Server). The QUEUED port is for full-function JMS Publish and Subscribe support; the DIRECT port is for nonpersistent, non-transactional, nondurable subscriptions only.
Specifies the JMS client ID. This field is required for durable server-side subscriptions.
Specifies whether clone support is enabled. When enabled, the client ID field is required.
Use this page to create connections to the associated JMS provider of JMS queue destinations for point-to-point messaging. Use WebSphere queue connection factory administrative objects to manage queue connection factories for the internal WebSphere JMS provider.
Specifies the WebSphere node name of the administrative node where the JMS server runs for this connection factory. Connections created by this factory connect to that JMS server.
Use this panel to view or change the configuration properties defined to WebSphere MQ for the selected queue destination.
The name of the queue to which messages are sent, on the queue manager specified by the base queue manager name property.
The name of the WebSphere MQ queue manager to which messages are sent.
A description of the queue, for administrative purposes.
The name of the host for the queue manager on which the queue destination is created.
The number of the port used by the queue manager on which this queue is defined.
The name of the channel to use to connect to the queue manager.
The user ID used, with the password property, for authentication when connecting to the queue manager to define the queue destination.
The password, used with the user name property, for authentication when connecting to the queue manager to define the queue destination.
Indicates whether or not put operations are allowed for this queue.
Indicates whether or not get operations are allowed for this queue.
Indicates whether all messages sent to the destination are persistent, nonpersistent, or have their persistence defined by the application.
The name of the cluster to which the WebSphere MQ queue manager belongs.
The name of the cluster name list to which the WebSphere MQ queue manager belongs.
The default binding to be used when the queue is defined as a cluster queue.
The maximum number of messages allowed on the queue.
The maximum length, in bytes, of messages on this queue.
Indicates whether multiple applications can get messages from this queue.
The default share option for applications opening this queue for input.
The order in which messages are delivered from the queue in response to get requests.
The maximum number of times that a message can be backed out. If this threshold is reached, the message is requeued on the backout queue.
The name of the backout queue to which messages are requeued if they have been backed out more times than the backout threshold.
Indicates whether hardening should be used to ensure that the count of the number of times that a message has been backed out is accurate.
Specifies the default priority of messages put to the queue.
Scope specifies the level at which the resource definition is visible. For detailed information on what scope is and how it works,
A JMS provider enables messaging based on the Java Message Service (JMS). It provides J2EE connection factories to create connections for JMS destinations.
The name of the JMS provider.
A description of the JMS provider.
Only applicable to WebSphere MQ JMS providers. A list of paths or JAR file names which together form the location for the WebSphere MQ classes. This class path can be changed by modifying the variable map for MQJMS_LIB_ROOT.
Only applicable to WebsSpere MQ JMS providers. An optional path to any native libraries (*.dll *.so). This native path can be changed by modifying the variable map for MQJMS_LIB_ROOT.
The name of the connection factory.
A description of the connection factory.
A queue connection factory is used to create connections to the associated JMS provider of the JMS queue destinations, for point-to-point messaging.
The name of the queue connection factory.
A description of the queue connection factory.
A topic connection factory is used to create connections to the associated JMS provider of JMS topic destinations, for publish and subscribe messaging.
The name of the topic connection factory.
A description of the topic connection factory.
A JMS queue is used as a destination for point-to-point messaging.
The name of the queue.
A description of the queue.
A JMS topic is used as a destination for publish/subscribe messaging.
The name of the topic.
A description of the topic.
A JMS activation specification is associated with one or more message-driven beans and provides configuration necessary for them to receive messages.
The name of the activation specification.
A description of the activation specification.

JDBC Providers
JDBC providers
Implementation class name
Modifying the implementation class name will eliminate the ability to create data sources and data sources version 4 from templates.
Select a different driver type.
The JDBC provider object, {0}, was missing a providerType attribute. The system has automatically updated the JDBC provider with the correct providerType attribute.
The JDBC provider object, {0}, is missing a providerType attribute. The system could not automatically update the JDBC provider. The data source wizard will prompt for the provider type when a data source is created for this JDBC provider.
Data sources (WebSphere Application Server V4)
Connection pool properties
Database name
Default user ID
Default password
Connection pool (version 4)
Minimum pool size
connections
Maximum pool size
connections
Connection timeout
seconds
Idle timeout
seconds
Orphan timeout
seconds
Statement cache size
statements
Disable auto connection cleanup
Data sources
Statement cache size
statements
Data store helper class name
Use this data source in container managed persistence (CMP)
The GenericDataStoreHelper class does not contain any error exception mapping, so it may not perform as the application expects.
The classpath attribute contains a variable that begins with a dollar sign ($). Verify that this variable is defined, by clicking Environment > WebSphere Variables, for each physical machine that the Java Database Connectivity (JDBC) provider is used on.
The WebSphere variable, {0} could not be resolved.
The data source was successfully created, but the wizard was unable to populate the custom properties. You will need to create the properties required for the data source.
Show all data source properties
Create a data source
Enter basic data source information
Select JDBC provider
Enter database specific properties for the data source
Summary
Create new JDBC provider
Select an existing JDBC provider
Data Sources
Create new JDBC provider
Enter database class path information
Summary
Create new JDBC provider
Enter database class path information
Create a new JDBC Provider
JDBC provider name
Enter basic data source information
Enter database specific properties for the data source
Summary
database type
provider type
implementation type
Directory location for "{0}" which is saved as WebSphere variable {1}
Directory location which is saved as WebSphere variable {0}
Select a component-managed authentication alias. The selected authentication alias will also be set as the XA recovery authentication alias if your JDBC Provider supports XA. If you choose to create a new J2C authentication alias, the wizard will be canceled.
'Select...' is not a valid selection. Choose a different entry in the list.
Show deprecated drivers...
Hide deprecated drivers...
Component-managed authentication alias and XA recovery authentication alias
Deprecated
The provider type you have chosen is not supported by the current node version. Choose a different provider type.
Database type
Provider type
Implementation type
User-defined
Connection pool data source
XA data source
Common and required data source properties
Database name
Server name
Driver type
Port number
ifxIFXHOST
Informix lock mode wait
URL
The value for the field, URL, is invalid. Formats such as "jdbc:oracle:thin:@localhost:1521:sample" for a thin driver or "jdbc:oracle:oci8:@sample" for a thick driver are valid.
No data source properties are marked required because the data source was created using WebSphere Application Server V5.x. Use the '{0}' link to configure the properties.
The resource property, {0}, already exists and duplicate properties are not allowed. If this property does not show up in the list, you can see all properties by setting a preference on the collection.
Container-managed authentication
Select a data store helper class
Data store helper classes provided by WebSphere Application Server
Specify a user-defined data store helper
Enter a package-qualified data store helper class name
WebSphere Application Server data source properties
Enable multithreaded access detection
Enable JMS one-phase optimization support
Pretest SQL string
Use database connection pooling instead of WebSphere Application Server connection pooling
Enable database reauthentication
Validate existing pooled connections
Retry interval
seconds
Connection validation properties
The property, {0}, has been deprecated due to the new property, {1}.  It can now be found under the link, WebSphere Application Server data source properties, as {2}.
You have checked the {0} checkbox which now overrides some deprecated custom properties. To avoid runtime warnings, click on the Custom properties link on the Data source settings page, and delete the {1}, {2}, and {3} properties.
You have deprecated custom properties set that will cause runtime warnings. To avoid the warnings, delete the dbFailOverEnabled, connRetriesDuringDBFailover, and connRetryIntervalDuringDBFailover properties.
Validate new connections
Number of retries
Error detection model
Use JDBC event listening model
Use WebSphere Application Server exception mapping model
The administrative console could not update the resource property, "errorDetectionModel", because the command executed to create the data source failed to create the property.
Validation options
Validation by JDBC driver
Timeout
Validation by SQL query (deprecated in V7)
Query
Advanced DB2 features
Optimize for get/use/close/connection pattern
Propagate client identity using Trusted Context
Disabled
Enabled with authentication
Enabled without authentication
The property, '{0}', cannot be defined as a custom property. To configure {0}, navigate to the 'DB2 advanced features' panel from the data source panel.
The property, '{0}', can no longer be defined as a custom property. To configure the get/use/close/connection pattern, navigate to the 'DB2 advanced features' panel from the data source panel.
DB2 Universal data store helper
DB2 for iSeries data store helper
DB2 data store helper
Cloudscape Network Server data store helper
Cloudscape data store helper
Derby Network Server data store helper
Derby data store helper
Informix data store helper
Sybase data store helper
Oracle9i and prior data store helper
Oracle10g data store helper
DataDirect ConnectJDBC data store helper
WebSphere Branded ConnectJDBC data store helper
Generic data store helper
Resource Adapters
BASIC_PASSWORD
KERBEROS
None
J2C activation specification
J2C activation specifications
JNDI name
Name
Description
Message listener type
Authentication alias
Destination JNDI name
Select an existing destination JNDI name
Available administered object JNDI names
Specify (user-defined destination JNDI name)
Enter JNDI name
J2C activation specification custom properties
Select...
This activation specification {0} contains required custom properties.  Specify these properties on the J2C activation specification custom properties panel or as activation configuration properties in the deployment descriptor of the associated message-driven bean.
J2C administered object
J2C administered objects
J2C administered objects custom properties
JNDI Name
Name
Description
Administered object class
Advanced connection factory properties
Manage cached handles
Transaction context logging
Log missing transaction context
Advanced connection factory
Detect programming model violations
If 'Detect programming model violations' is checked then 'Manage cached handles' must also be checked.
J2C connection factory
Authentication preference
Authentication preference (deprecated in V6.0, use resource reference authentication settings instead)
This field is deprecated in 6.0.  The specification of a login configuration on the component resource reference when res-auth is Container determines the authentication mechanism. In the absence of login configuration information on the resource reference, this field can be used to specify which of the authentication mechanisms that are defined for the corresponding resource adapter applies to this connection factory.  For example, if two auth mechanism entries have been defined for a resource adapter, KerbV5 and Basic Password, this will specify one of those two types.  If the auth mechanism preference specified is not an available auth mechanism on the corresponding resource adapter, it is ignored.  Default=BASIC PASSWORD
Name
Description
Connection factory interface
Authentication alias for XA recovery
Use component-managed authentication alias
Specify:
Category
JNDI name
Component-managed authentication alias
Container-managed authentication alias
Container-managed authentication alias (deprecated in V6.0, use resource reference authentication settings instead)
This field is deprecated in 6.0. The specification of a login configuration and associated properties on the component resource reference determines the container-managed authentication strategy when the res-auth value is Container.  If the 'DefaultPrincipalMapping' login configuration is used, the associated property will be a container-managed authentication alias.  This field will be used only in the absence of a loginConfiguration on the component resource reference. See related item J2EE Connector Architecture (J2C) authentication data entries to define a new alias.
Mapping-configuration alias
Mapping-configuration alias (deprecated in V6.0, use resource reference authentication settings instead)
This field is deprecated in 6.0. The specification of a login configuration and associated properties on the component resource reference determines the container-managed authentication strategy when the res-auth value is Container.  This field will be used only in the absence of a loginConfiguration on the component resource reference.
Resource adapters
Archive path
Native path
Class path
Name
Name is a required field.
A resource adapter already exists in this scope with name "{0}". Change the name to be unique.
Scope
Description
High-availability
You are attempting to configure a resource adapter at the cell level. For this to work on all nodes in the cell, the installed RAR file must exist on each node, and the archive paths must be identical.
Choose an archive path from the list of installed RARs (recommended)
List of installed RAR files
Specify the archive path of an installed RAR
The archive path is a required field.
Thread pool alias
Install RAR File
Node
Errors occurred during installation of the RAR file. Refer to the log files on node {0} for more information.{1}
Resource adapters cannot be created on the deployment manager node. Select a different node.
The specified file is not a valid RAR archive.
Specify a RAR file.
The file was not found.
Install RAR
The RAR file that you are attempting to install has been found in the configuration for node {0} in the following location: {1}. The RAR file will be overwritten if you continue.
Exception caught while extracting the RAR information: {0}. It is recommended you continue with the RAR install, because it may succeed despite this error.
Failed to create a new resource adapter on node {0} because the node agent is not running.
Failed to create a new resource adapter on node {0} because the mbean {1} was not found.
Failed to create a new resource adapter because there are no node agents running in the cell. Start any of the node agents and try again.
Failed to create a new resource adapter because none of the node agents are running for cluster {0}. Start one of the cluster's node agents and try again.
Failed to transfer the rar from {0} to {1} on node {2}.
Unable to populate this panel with the information from the RAR file because the version of node {0} is prior to 6.1. If you do not enter values on this panel, the values will be defaulted from the deployment descriptor in the RAR file. You may edit the values after the resource adapter is installed.
Advanced resource adapter properties
Enlist this resource adapter with the HA manager
Endpoint failover
Resource adapter instance failover
Restrict the JVM to allow only one instance of the resource adapter
JCA lifecycle management
Running object scope
Name (JNDI name)
Manage state...
Pause
Resume
Pause operation successful for {0}
Pause operation failed for {0} : {1}
Resume operation successful for {0}
Resume operation failed for {0} : {1}
Active
Paused
Stopped
Mixed
Not accessed
Request failed
Error
A WebSphere Application Server Version 4 data source cannot be created in this scope because there are no eligible JDBC providers available in this scope. Select a different scope or create a JDBC provider in this scope before trying again.
A {0} cannot be created in this scope because there are no eligible resource adapters to use as the provider in this scope. Select a different scope or create a resource adapter in this scope before trying again.
Resource adapter
Update a resource adapter
Select the type of RAR update
Select a new RAR file
Configure new resource properties
Summary
Update RAR
Quick update of binaries (Skip step 3)
Update binaries and configuration properties
Install a new version of the RAR
Path to new resource adapter
The following RARs will be updated:
Existing resources
Selected resource information
Resource type:
Scope:
Corresponding RAR:
Edit resource properties
New resource name
New custom properties
Reset to default
Apply to all
RARs to be upgraded:
RARs to be installed:
Existing resource adapters
New resource adapters
Type of update
Resource
The following resources will be updated:
The following new resources will be created:



Use this page to edit properties of a JDBC provider. The JDBC provider object encapsulates the specific JDBC driver implementation class for access to the specific vendor database of your environment.
Use this page to edit properties of a JDBC provider. The JDBC provider object encapsulates the specific JDBC driver implementation class for access to the specific vendor database of your environment. Learn more about this task in a <a href="/ibm/console/navigatorCmd.do?forwardName=guidedactivity.resource">guided activity<\/a>. A guided activity provides a list of task steps and more general information about the topic.
Specifies the  class name of the JDBC driver's data source implementation. You can specify either a javax.sql.XADataSource or javax.sql.ConnectionPoolDataSource implementation class name.

Use this page to configure a  Application Server Version 4 data source that uses the previous connection manager architecture. All EJB1.x modules must use this data source.
Use this page to edit the default values of optional connection pool properties that are used by a  Application Server Version 4 data source.
Specifies the name of the database to which your  Application Server Version 4 data source instance must get a connection.
Specifies the user ID for connecting to the database.
Specifies the password for connecting to the database.

Use this page to set properties that can be used by the connection pool manager to potentially maximize the performance of your application. Consider the default values carefully; your application requirements might warrant changing these values.
Specifies the minimum number of connections to maintain in the pool.
Specifies the maximum number of connections to maintain in the pool. If the maximum number of connections is reached and all connections are in use, additional requests for connections can wait up to the number of seconds that you specify in the connection timeout value.
Specifies the number of seconds that a connection request remains active, after which  Application Server issues a ConnectionWaitTimeout exception. The application server acts on this value only if you set the maximum pool size property.
Specifies the maximum number of seconds that an idle (unallocated) connection can remain in the pool before being removed to free resources.
Specifies the maximum number of seconds that an application can hold a connection, without using it, before the pool manager returns the connection to the pool.
Specifies the maximum number of prepared statements to cache per connection for the data source.
Specifies whether the connection pooling software automatically closes connections from the data source at the end of a transaction. Set this property if you want to maintain and reuse the same connection across multiple transactions.

Use this page to edit the settings of a data source that is associated with your selected JDBC provider. The data source object supplies your application with connections for accessing the database.
Use this page to edit the settings of a data source that is associated with your selected JDBC provider. The data source object supplies your application with connections for accessing the database. Learn more about this task in a <a href="/ibm/console/navigatorCmd.do?forwardName=guidedactivity.resource">guided activity<\/a>. A guided activity provides a list of task steps and more general information about the topic.
Specifies the number of cachable statements per connection.  Application Server optimizes the processing of prepared statements and callable statements by caching those that are not being used in an active connection. Both statement types help maximize the performance of transactions between your application and datastore; caching the statements makes them more readily available.
Specifies the data store helper class, an interface through which a data source is triggered by a database to perform functions specific to that database vendor.
Specifies that this data source is used for container-managed persistence (CMP) of enterprise beans. This option triggers creation of a CMP connection factory, which corresponds to this data source, for the relational resource adapter.

This property corresponds to the required database attribute, .  
Specifies the name of the database to which this data source connects. This property corresponds with the database name property in the data source class.
Specifies the name of the server to which the data source connects. This property corresponds with the server name property in the data source class.
Specifies the JDBC connectivity type of the data source. This property corresponds with the driver type property in the data source class. If you want to use the type 4 JDBC driver, set the value to 4. If you want to use the type 2 JDBC driver, set the value to 2. On the  platform, a driver type of 2 uses RRS and supports two-phase commit processing.
Specifies the port number on which the database server listens. This property corresponds with the port number property in the data source class.
Specifies the physical machine name of the server hosting the  instance. A host name or IP address can be entered. An IPv6 address may also be entered if the host database supports it.
Specifies the connection wait time for obtaining a lock in the database. By default,  throws an exception when it cannot acquire a lock, rather than wait for the current owner of the lock to release it. To modify this behavior, set this property to the number of seconds to wait for a lock. The default is 2 seconds. Any negative value translates into an unlimited wait time.
Specifies the URL of the database from which the data source obtains connections, such as  for thin driver and  for thick driver.
By default, this panel lists the optional and less frequently used custom properties because the common and required properties are listed on the data source detail panel. Selecting this option causes all data source custom properties to be shown on this panel. This option does not affect what is displayed on the data source detail panel.


Use this page to set  Application Server connection management-specific properties that affect a connection pool.
Specifies whether to detect multithreaded access to a connection and the corresponding statements, result sets, and metaData objects.
Specifies whether JMS gets optimized connections from this data source. This option prevents JDBC applications from getting connections.
Specifies the SQL statement that the application server uses for pretesting either an existing pooled connection or the first requested connection to a database.
Triggers the application server to disable the  connection pooling mechanism and use  connection pooling in its place. This option applies only to .
Specifies whether to activate re-authentication of connections. This option requires implementation of the  method on the data store helper class for the JDBC provider that supports this data source.
Specifies whether the connection manager tests the validity of pooled connections before returning them to applications.
Specifies, after the first pretest operation fails, the frequency for retesting an existing pooled connection.

Specifies whether the connection manager tests the initial connection to a database.
Specifies, after the first test operation fails, the number of times you want to retest the initial connection to a database.
Specifies, after the first test operation fails, the frequency for retesting the initial connection to a database.
Use these settings to activate and configure the pretest operation for either an existing pooled connection or a new connection to a database.
The error detection model determines how fatal connection and statement errors are detected, including which type of exceptions are raised to the application. The exception mapping setting is not compliant with JDBC 4.0 and above, but is still available for applications coded according to that model.
The application server registers standard JDBC event listeners to detect fatal connection and statement errors. The application server does not override exceptions thrown by the JDBC driver with exceptions defined in the error map of the Data Store Helper.
The application server uses the error mapping facility defined in the Data Store Helper to detect fatal connection and statement errors. The application server overrides exceptions thrown by the JDBC driver with exceptions defined in the error map of the Data Store Helper. This setting is not compliant with JDBC 4.0 and above, but might be necessary for applications written according to the WebSphere Application Server exception mapping model.
Select this radio button if your database does not support JDBC 4.0 or greater or you want to validate connections by executing an SQL query on the database.
Select this radio button if you want the JDBC driver to validate the connections. The JDBC provider must support JDBC 4.0 or greater to use this option.
Specifies the timeout in seconds for testing connections (either new or pooled by the application server) to the database. If the timeout expires before validating then the connection is considered unusable. If retries are configured, the full value of the timeout applies to each retry. A value of 0 indicates the JDBC driver does not impose a timeout on validation attempts. This data source attribute applies to JDBC 4.0 drivers and above.


Advanced DB2 features
Trusted context ensures that an end user's database identity is used when WebSphere performs database requests on behalf of that end user.
Disable propagation of client identity using trusted context.
Authenticate the end user with a security token prior to processing any database requests.
Verify the end user's identity without authenticating a security token prior to processing any database requests.
The get/use/close/connection pattern allows WebSphere connection pooling to share connections that are already in use. This optimization pattern allows one connection to be used many times during a transaction with different connection properties. Connections can only be shared if they have are using the same username and therefore the username connection property cannot be changed. The resulting behavior is that XA transactions will be avoided.







Use this page to configure a J2C activation specification, which is used by the resource adapter when configuring a specific endpoint instance. Each application that configures one or more endpoints must specify the resource adapter that sends messages to the endpoint, and it must use the activation specification to provide the configuration properties for processing the inbound message.
Specifies the activation specification definitions for the resource adapter.
Specifies the JNDI name for the J2C activation specification instance.
Specifies the display name of the J2C activation specification instance.
Specifies an optional description of the J2C activation specification instance.
Specifies the message listener type this activation specification uses. The list of available classes is provided by the resource adapter.
Specifies the alias used to bind the J2C activation specification to an authentication alias (configured through the security JAAS screens). This alias is used to access the user name and password that are set on the configured J2C activation specification.
Specifies the destination JNDI name that is used to bind a configured destination queue or topic (normally a J2C administered object) to the configured J2C activation specification. Use this field only if the type of the destination property on the J2C activation specification is considered a complex type (such as ).
Specifies any additional properties that may be required by the resource adapter for an activation specification.

Use this page to configure J2C administered objects (AOs), which are provided by resource adapters. Some messaging styles might need applications to use special administered objects for sending and synchronously receiving messages (through connection objects using messaging style-specific APIs). It is also possible that AOs might be used to perform transformations on an asynchronously received message in a message provider-specific way. You can access administered objects by a component by using either a  or a  (preferred).
Specifies the administered objects for the resource adapter.
Specifies any additional properties that a resource adapter may require for an administered object.
Specifies the JNDI name under which this administered object is bound.
Specifies the name of the J2C administered object instance.
Specifies the description of the J2C administered object instance.
For new objects, the list of available classes is provided by the resource adapter. After you create the administered object, you cannot modify this value.

Use this page to set optional properties for a connection factory.
Specifies whether the container tracks cached handles, which are connection handles that an application component holds active across transaction and method boundaries. Use this property for debugging purposes.
Specifies whether the container issues an entry to the activity log when an application obtains a connection without a transaction context.
Use this page to set optional properties for a connection factory.
Specifies whether the container tracks connection handle usage patterns. Before you activate this property, select the Cached handles setting, which is a prerequisite.
Use this page to create a connection factory for use with the resource adapter. The connection factory is a collection of configuration values that define a  Application Server connection to your Enterprise Information System (EIS). The connection pool manager uses these properties as directions for allocating connections during runtime. You can configure multiple connection factories for each resource adapter.
Specifies the fully qualified class name of the connection factory interfaces that are supported by the resource adapter.
Specifies the alias that the connection factory uses to authenticate with the EIS for transaction recovery.
Specifies the JNDI name for the connection factory, including any naming sub-contexts. To make important resource reference data for this connection factory available to the connection management runtime library, enter the JNDI name as an indirect JNDI name. An indirect JNDI name begins with the prefix of .
Specifies an authentication alias for use when the component resource reference  value is Application. See Related Items -> J2EE Connector Architecture (J2C) authentication data entries to define a new alias.
References authentication data for container-managed sign-on to the resource. See related item J2EE Connector Architecture (J2C) authentication data entries to define a new alias.
Specifies the JAAS login configuration from the security-JAAS configuration panel to map the user identity and credentials to a resource principal and credentials that are required to open a connection to the back-end server.
Use this page to manage resource adapters, which provide the fundamental interface for connecting applications to an Enterprise Information System (EIS). The  Relational Resource Adapter is embedded within the product to provide access to relational databases. To access another type of EIS, use this page to install a standalone resource adapter archive (RAR) file. You can configure multiple resource adapters for each installed RAR file.
Specifies the highest topological level at which application servers can use this adapter.
Specifies the name of the resource adapter. If you do not set this property,  Application Server uses the display name in the deployment descriptor.
Specifies the path where the RAR file is to be installed. If you do not set this property, the application server extracts the RAR file to the absolute path that is represented by the variable CONNECTOR_INSTALL_ROOT.
Specifies the path to the installed RAR file that contains the module for this resource adapter.

Specifies the name of a thread pool that is part of the server configuration for this resource adapter. Set this property only if the resource adapter uses the work manager service. If you input a thread pool name that does not exist in the server configuration,  Application Server uses the name DEFAULT.
Use this page to install a RAR file in one of two ways. You can either upload a RAR file from the local file system, or specify an existing RAR file on a server. The RAR file must be installed at the node level, and you can select the node below.
Prompts  Application Server to browse the local machine or a remote server.
Specify a RAR file to upload, or an existing RAR file.
Choose the local path if the RAR file resides on the same machine as the browser. Choose the server path if the RAR file resides on any of the nodes in your cell context.
Specifies the node on which the RAR file will be extracted and installed. A resource adapter will be configured at this scope.


Use this page to manage advanced resource adapter properties.
Selection of this checkbox is not recommended without first consulting the product documentation. Checking this box prevents more than one resource adapter JavaBean instance with the same resource adapter implementation class name from existing in the same JVM. This is an extremely restrictive environment. For example, if two applications have embedded the same resource adapter, only the first application to start will be able to access resources through its embedded resource adapter. If a standalone resource adapter is configured for a single instance then no applications which embed that same resource adapter will be able to access resources.
Selection of this checkbox is not recommended without first consulting the product documentation for the resource adapter, because this checkbox requires the resource adapter to support high availability of inbound messaging. This value is ignored on z/OS.
Endpoint failover allows only one resource adapter in an HA group at a time to receive messages across multiple servers. The result is that only one resource adapter can have endpoints active at a time.
Resource adapter instance failover allows only one resource adapter in an HA group at a time to be started across multiple servers. The result is that only one runtime resource adapter instance may exist at a time.



Use this page to perform J2EE Connector Architecture (JCA) Lifecycle operations on Version 6.0.2-compatible MBeans that correspond to the resources of your previous selection. An MBean is listed for each running server that is in the scope of the configured resource. Pause or resume only those MBeans that are in the active state. Pausing an MBean halts outbound communication to the back end. This action also affects all applications that use the resource on the selected server.



Specifies the name for referencing this data source in administrative tasks.
Specifies the JNDI name for the new data source.
Click to create a new JDBC provider for this data source.
Click to select an existing JDBC provider from a drop-down list.
Set the basic configuration values of a data source for association with your JDBC provider. A data source supplies the physical connections between the application server and the database.
Requirement: Use the Data sources ( Application Server V4) console pages if your applications are based on the Enterprise  (EJB) 1.0 specification or the  Servlet 2.2 specification.
Specify a JDBC provider to support this data source.
Set these database-specific properties, which are required by the database vendor JDBC driver to support the connections that are managed through this data source.
Specifies the full path name of the files . Do not use trailing slash file separators.
Set the basic configuration values of a JDBC provider, which encapsulates the specific vendor JDBC driver implementation classes that are required to access the database. The wizard fills in the name and the description fields, but you can type different values.
Set the environment variables that represent the JDBC driver class files, which  Application Server uses to define your JDBC provider. This wizard page displays the file names; you supply only the directory locations of the files. Use complete directory paths when you type the JDBC driver file locations. For example: /home/db2inst1/sqllib/java on . If a value is specified for you, you may click Next to accept the value.
Specify a component-managed authentication alias if the application contains code for authenticating connections with the database. The component-managed authentication method is indicated in the application deployment descriptor as res-auth = Application. If you define a new alias, you must restart this wizard. You can edit authentication settings after you finish creating the data source. Note: If this data source supports two-phase commit transactions, the product uses this value for the XA recovery authentication alias as well.
To configure your user-defined JDBC provider, specify the full path names of the JDBC driver class files that you installed. Type the file path names as the values of the  variables that are displayed in the field. Do not use path separator characters (such as ';' or ': '). Use Enter to separate your class path entries.
For your user-defined data source, specify the properties that are required by the database vendor JDBC driver. If this wizard page does not prompt you for all of the necessary properties, configure them later as custom properties in the administrative console. The datastore helper class field generally displays a default value that is appropriate for your driver type. However, for some driver installations,  Application Server supplies only a generic datastore helper class name. You must type a specific value. Otherwise, set the datastore helper class after you exit the wizard; go to the settings page for this new data source in the administrative console.
A list of paths or JAR file names that, together, form the location for the resource provider classes.
Select User-Defined from the drop-down list if you do not see your database type. Consult your database documentation for the JDBC class files and data source properties that are necessary to access the database. You must type that data in the wizard pages that follow.
You can select the Show Deprecated option as an alternative to the specific provider type choices. If you cannot find your provider in the deprecation list, then select User-Defined from the database type list. This selection triggers the wizard to guide you through steps for configuring a user-defined JDBC provider.
Select Connection Pool Data Source if your application does not require connections that support two-phase commit transactions. Select XA Data Source if your application requires two-phase commit transactions. Some provider types do not support both transaction types.
Specifies any native libraries (*.dll, *.so) that the JDBC provider might require to function properly on your  Application Server platform. Type the full file path names.
The selected JDBC provider is missing a provider type. Without a provider type, the system will not be able to create a data source.










Use this wizard to update a resource adapter
Displays the list of resources that will be updated.
The new resource name is the name for the resource that will be created based on the selected resource.
Displays a list of new custom properties for the selected resource. Enter a value in the table to set the new property.
Select this option if the target RAR does not have any new custom properties. This option will only overlay the binaries. Any new custom properties will not be added to the configuration resources.
Select this option if the target RAR or it's factories have new custom properties and you do not wish to make a copy of the old configuration.
Select this option if you want to make a copy of the existing RAR configuration. This option will create a new copy of the RAR and it's factories. You will have the option to set the name of the new resources. You will also have the option to enable/disable the old configuration or use both the old and the new configuration at the same time.
A new resource will be created for each resource shown in the existing resources list. Use this section to set the name and any new custom properties for each of the new resources. Click 'Apply' to save your changes.
Use the following table to set the new custom properties for the selected resource. Click 'Apply' to save your changes.

Object pool managers
Custom object pools
Pool class name
Pool implementation class name
Schedulers
Data source JNDI name
Work manager JNDI name
Poll interval
seconds
Table prefix
Data source alias
Verify tables
Create tables
Drop tables
Verify tables
Tables for scheduler {0} verified successfully.
Tables for scheduler {0} failed verification. Cause: {1}
Create tables
Tables for scheduler {0} created successfully.
Tables for scheduler {0} already exist. The database was not updated.
Tables for scheduler {0} failed to create. Cause: {1}
Drop tables
Tables for scheduler {0} dropped successfully.
Tables for scheduler {0} do not exist in the database. The database was not updated.
Tables for scheduler {0} failed to drop. Cause: {1}
Unable to locate the SchedulerConfiguration MBean for this server. This error most likely occurred because the server is not running.
Use administration roles
Specifies a list of aliases for the scheduler to use to access the data source.
Timer managers
Number of timer threads
Asynchronous beans
Thread pool properties
Manage work managers
Work managers
Distributable
Growable
Maximum number of threads
Minimum number of threads
Number of alarm threads
Service names
Thread Priority
priority
Block
Fail
Work request queue full action
Work request queue size
work objects
Work timeout
milliseconds
Daemon transaction class
Default transaction class
WorkArea
Application Profiling Service (deprecated)
Internationalization
Security
z/OS WLM Service Class


Specifies an object pool manager that manages custom object pools that application servers use.
Specifies custom object pools for object pool managers. Custom object pools are optional.
Specifies that you register custom object pool interfaces and implementation classes. With this registration, you can set custom properties when you create pooled objects.
Specifies the fully qualified class name of the objects that are stored in the custom object pool.
Specifies the fully qualified class name of the implementation class for the custom object pool.




Specifies scheduler resources that the server uses. Schedulers are persistent and transactional timer services that can run business logic. Each scheduler  runs tasks independently and has a programming interface accessible from J2EE applications using the  Naming and  Directory Interface (JNDI). You can also manage schedulers using a  Management Extensions (JMX) MBean. See the scheduler documentation in the information center for details on how to configure and use schedulers.
Specifies the name of the data source where persistent tasks are stored.
Specifies the JNDI name of the work manager, which is used to manage the number of tasks that can run concurrently with the scheduler. The work manager also can limit the amount of J2EE context applied to the task.
Specifies the interval, in seconds, that a scheduler polls the database. The default value is appropriate for most applications.
Specifies the string prefix to affix to the scheduler tables. Multiple independent schedulers can share the same database if each scheduler specifies a different prefix string.
Specifies the alias for the user name and password that are used to access the data source.
Specifies that when this option and global security are both enabled, the user administration roles are enforced when the scheduler JMX commands or APIs are used to create and modify tasks. If this option is not enabled, all the users can create and modify tasks.


Specifies that a timer manager enables applications to schedule future timer notifications and to receive timer notification callbacks to application-specified listeners within a  2 Platform, Enterprise Edition (J2EE) environment. The timer manager binds to the  Naming and Directory Interface (JNDI) name space.
Specifies a list of services to make available to this timer manager.
Specifies the maximum number of threads that are used for timers.


Specifies a work manager that contains a pool of threads bound into JNDI.
Specifies whether the scheduled work object started with this work manager can be distributed to other cluster members.
Specifies whether the number of threads in this work manager can be increased.
Specifies the maximum number of threads available in this work manager.
Specifies the minimum number of threads available in this work manager.
Specifies the desired maximum number of threads used for alarms. The default value is 2.
Specifies the priority of the threads available in this work manager.
Specifies the action taken when the thread pool is exhausted, and the work request queue is full. This action starts when you submit non-daemon work to the work manager. The default value is Block.
Specifies the size of the work request queue. The work request queue is a buffer that holds scheduled work objects. The thread pool gets work from this queue. If you do not specify a value, the queue size is managed automatically. Note that large values might consume significant system resources.
Specifies the number of milliseconds to wait before a scheduled work object is released. If not specified, the timeout is disabled.
Specifies the transaction class that is used for the Work Load Manager Service workload classification of daemon work.
Specifies the transaction class that is used for the Work Load Manager Service workload classification of non-daemon work that is not already associated with a service class.
Specifies a list of services to make available to this work manager.





Application logins
J2C authentication data
System logins
seconds
minutes
hours
days
weeks
bits
Update run time
Set Order
Move Up
Move Down
Options
Values
Add >>
<< Remove
Add >
REQUIRED
REQUISITE
SUFFICIENT
OPTIONAL
You cannot delete the following default login modules: {0}
{0} is a default login module and cannot be deleted.
Select
JAAS login module classname
WebSphere Application Server receives propagated security attributes within the Common Secure Interoperability Version 2 (CSIv2) authorization token only if the active authentication mechanism is Lightweight Third Party Authentication (LTPA).
WebSphere Application Server propagates security attributes within the Common Secure Interoperability Version 2 (CSIv2) authorization token only if the active authentication mechanism is Lightweight Third Party Authentication (LTPA).
When you select Security attribute propagation, also select Enable global security.
DefaultSSLSettings
Specifies which Secure Sockets Layer (SSL) configuration in the repertoire to use.
Never
Supported
Required
TCP/IP
SSL-required
SSL-supported
When the Certificate map mode value is not EXACT_DN, you must specify the certificate filter.
EXACT_DN
CERTIFICATE_FILTER
SAS
CSI
CSI and SAS
Specify extent of protection
Specify keystore password
Select user repository
Configure user repository
Summary
The administrative user name does not exist in the file-based repository. To create the user, the password and confirm password fields are required.
Because SAF authorization is enabled on this host, no user repository configuration is required.
Bus client
Bus to WebSphere MQ
Bus to Bus
Get certificate aliases
New SSSL Configuration
New JSSE Configuration
None
Supported
Required
Strong
Medium
Weak
Custom
Update selected ciphers
Add >>
<< Remove
SSL_TLS
SSL
SSLv2
SSLv3
TLS
TLSv1
Predefined JSSE provider
IBMJSSE
IBMJSSEFIPS
New from template
Exchange signers...
Exchange personal certificates...
Add >>
X509 V1
X509 V2
X509 V3
1024
512
Retrieve signer information
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Predefined JSSE provider
Select provider
Custom JSSE provider
Custom provider
IBMJSSE
IBMJSSEFIPS
SSL_TLS
SSL
SSLv2
SSLv3
TLS
TLSv1
Add >>
<< Remove
SAF user ID and password
Kerberos
SAF user ID and password
Kerberos
z/SAS authentication
Default
ASIS
NOFAIL
NONE
The configuration contains multiple versions of WebSphere Application Server. These changes apply to the version 6.1 servers only.
Only a user with administrator privileges can view this configuration.
The Lightweight Third Party Authentication (LTPA) password is not set. Validation failed.
The Lightweight Third Party Authentication (LTPA) keys generated are null. Validation failed.
The server user ID is not specified. Enter a server user ID for the active user registry.
The server password is not specified. Enter a server password for the active user registry.
The server user ID or password is not specified. Enter a server user ID and password for the active user registry or select to use the automatically generated server identity on the realm panel.
The class name for the standalone custom registry is not specified. Enter a class name for the standalone custom registry.
The host name for the standalone Lightweight Directory Access Protocol (LDAP) registry is not specified. Enter a host name for the standalone LDAP registry.
Single signon (SSO) is disabled. When Lightweight Third Party Authentication (LTPA) is the authentication mechanism, SSO is typically required to support Web applications that use FormLogin. The WebSphere Application Server administrative console uses FormLogin. If you save this configuration, you cannot use the administrative console to manage or configure WebSphere Application Server. Do not save this configuration unless you are sure that you understand the consequences.
The domain name for single signon is not defined. The Web browser defaults the domain name to the host name that runs the Web application. Single signon is restricted to the application server host name and does not work with other application server host names in the domain.
The Lightweight Directory Access Protocol (LDAP) directory server requires that you select the Ignore case for authorization option. Enable the Ignore case for authorization option and retry.
There is no user in the active user registry defined as an administrator in console users. There must be at least one valid administrator in order to access the console with administrative security enabled.
The Primary administrative user name does not exist in the user repository.
You must supply the primary administrative user name on the active registry or realm panels to enable security.
The attempt to add the administrative user as a console user was not successful.
An error occurred attempting to add the administrative user as a console user: {0}
Validation failed for user {0}. Retry the validation.
WebSphere Application Server does not support the Lightweight Third Party Authentication (LTPA) authentication mechanism with the Standalone local operating system.
The user registry is null. Check the registry properties.
Authentication failed for user: {0}. Try again.
The authentication cache timeout must be greater than or equal to 30 seconds.
If the Restrict access to local resources option is not enabled, the Java virtual machine (JVM) system resources are not protected. For example, applications can read and write to files on file systems, listen to sockets, exit the Application Server process, and so on. However, by enabling the Restrict access to local resources option, applications might fail to run if the required permissions are not granted to the applications.
When security is enabled, Java 2 security is automatically enabled to provide additional security for Java virtual machine (JVM) system resources. Verify that your applications are Java 2 security ready. If not, the applications might fail to run.
The security configuration is enabled or modified in a Network Deployment environment. The following steps need to be followed so that all the processes in this environment have the same security run-time settings: 1) Verify that all nodes are synchronized with these security configuration changes before stopping these processes. 2) If any node agents are currently stopped, issue a manual syncNode command before starting that node agent. 3) Stop all of the processes in the entire cell, including the deployment manager, node agents, and Application Servers. 4) Restart all of the processes in the cell; restart the deployment manager and node agents first, then Application Servers.
The Standalone local operating system registry is not supported for non-root users. Validation failed.
The Standalone local operating system registry is supported only when the cell is configured on a single machine or when you use a Windows domain controller.
After you configure or modify the federated repositories configuration, save the configuration, restart the server, and enable administrative security with the new federated repository configuration.
The collection already includes the built-in repository.
The built-in repository configuration cannot be modified.
The built-in repository cannot be removed.
When you remove the built-in repository from the administrative realm, verify that atleast one user in another member repository is a console user with administrative rights. Otherwise, you must disable security to regain access to the administrative console.
No supported database types are found.
No supported directory types are found.
The configuration for this repository type cannot be modified.
The realm must contain at least one repository.
The following error occurred while updating the failover server configuration. However, the Lightweight Directory Access Protocol (LDAP) configuration is successfully created or updated:
The password does not match the value in the confirm password field.
The export file name is required to export Lightweight Third Party Authentication (LTPA) keys.
The keys were successfully exported to the file {0}.
The keys were successfully imported from the file {0}.
Lightweight Third Party Authentication (LTPA) keys cannot be exported unless the current configuration changes are saved.
The Lightweight Third Party Authentication (LTPA) password is required.
The file name does not exist for importing Lightweight Third Party Authentication (LTPA) keys.
The key and trust file names and passwords are required when you are not using a cryptographic token.
A duplicate alias name exists. You must use a unique alias name.
A duplicate name already exists. You must use a unique name.
All the fields are required when you enable cryptographic token support.
The library file, indicated in the Library File field, was not found.
The library file cannot be opened. Either the password or the value of the com.ibm.ssl.tokenSlot property is not valid. Click Security > Secure communications. Under Configuration settings, click Manage endpoint security configurations and trust zones > SSL_configuration_name. Under Related items, click SSL configurations. Under Additional properties, click Custom Properties. Click com.ibm.ssl.tokenSlot and enter a valid value in the Value field.
Access Web applications with a complete host and domain name in the Web address (for example http://myhost.austin.ibm.com:9060/ibm/console) because single signon (SSO) is enabled and a domain is specified.
The server has generated new Lightweight Third Party Authentication (LTPA) keys because of an LTPA password change.
You cannot export or distribute Lightweight Third Party Authentication (LTPA) keys until you save the current LTPA configuration changes.
A custom Secure Sockets Layer (SSL) provider is required.
Protocol and Cipher suites values have been changed to match the specified protocol.
Values are not defined for the cryptographic token. For cryptographic hardware support to function properly, you must provide cryptographic token information.
The server did not find the key file, which was indicated in the Key file name field.
The key file type, indicated in the Key file format field, is not valid.
The key file cannot be opened because the key file password is not valid.
The server did not find the trust file, which was indicated in the Trust file name field.
The trust file type, indicated in the Trust file format field, is not valid.
The trust file cannot be opened because the trust file password is not valid.
The value of the com.ibm.ssl.keyStoreServerAlias property is not valid. Click Security > SSL > SSL_Setting. Under Additional Properties, click Custom Properties. Click com.ibm.ssl.keyStoreServerAlias and enter a valid value in the Value field.
The value of the com.ibm.ssl.keyStoreClientAlias property is not valid. Click Security > SSL > SSL_Setting. Under Additional Properties, click Custom Properties. Click com.ibm.ssl.keyStoreClientAlias and enter a valid value in the Value field.
You must select two key stores to perform this action.
You must click the Get certificate aliases button to retrieve the certificate aliases for the selected key store.
You must click the Get certificate aliases button to retrieve the certificate aliases for the selected SSL configuration.
The key ring name is required.
The user registry type that you selected for Lightweight Directory Access Protocol (LDAP) does not support the Tivoli Access Manager for authentication.
The settings on this panel are not validated until this registry is selected as the Active user registry on the Secure administration, applications, and infrastructure panel and security is enabled.
After changing the active user registry settings, click Apply on the Secure administration, applications, and infrastructure panel.
Server security is not in effect until global security is enabled.
The security policy is set to use only FIPS-approved cryptographic algorithms. However, at least one Secure Sockets Layer (SSL) configuration is not in compliance with FIPS standards, and therefore has been altered.
A call to the server to retrieve the cipher options failed.  Check the logs for more information.
An exception occurred creating a new security.xml file and security extent in context {0}
If any of the fields are changed, save the configuration and then stop and restart the server.
When you select the Restrict access to resource authentication data option, verify that any Java 2 Platform, Enterprise Edition (J2EE) applications that use the WSPrincipalMappingLoginModule implementation directly in the Java Authentication and Authorization Service (JAAS) login are granted the accessRuntimeClasses WebSphereRuntimePermission.
The user registry type that you selected for Lightweight Directory Access Protocol (LDAP) requires that you select the Ignore case for authorization option. This Ignore case for authorization value is set automatically in the configuration information.
Select the Perform a nested group search option only if the LDAP server does not support recursive server-side searches.
The test connection operation for LDAP host {0} on port {1} was successful.
A SSL configuration is required. If none are available in the list, select SSL Configurations under Related Items in order to create a SSL configuration.
A key store is required. If none are available in the list, select Key stores under Related Items to create a key store.
A trust store is required. If none are available in the list, select Key stores under Related Items to create a key store that is used as a trust store.
A certificate alias is required. If none are available in the list, select a SSLConfiguration from the SSL configuration list and click the Get certificate aliases button.
A certificate alias is required. If none are available in the list, select a key store from the key store list and click the Get certificate aliases button.
At least one key set is required to be selected. If none are available in the list, select the Key Sets link in order to create a key set.
A key set group is required to be selected. If none are available in the list, select the Key set groups link in order to create a key set group.
A notification is required to be selected. If none are available in the list, select the Notifications link in order to create a notification.
The e-mail address specified is not valid. All e-mail addresses must contain the @ symbol.
A schedule is required to be selected. If none are available in the list, select the Schedules link in order to create a schedule.
The valid range for hour when P.M. is selected is 0 - 12.
An error occurred creating the key store: {0}
No certificates were exchanged because none were added to the signer list.
An error occurred creating the key set: {0}
An error occurred creating the key set group: {0}
An error occurred creating the dynamic SSL configuration: {0}
An error occurred deleting {0}: {1}
Validation failed: {0}
Enablement of security failed: {0}
A name and value are required when defining a custom property.
Custom property names must be unique.
You must select one and only one personal certificate to perform this action.
You must have at least two personal certificates defined in the list to perform this action.
You must select one and only one personal certificate request to perform this action.
You must select one and only one signer certificate to perform this action.
You must retrieve the signer information from the port by clicking on the Retrieve signer information button.
You must retrieve the signer information from the port by clicking on the Retrieve signer informtaion button before saving the signer certificate.
You cannot use the local operating system as a defined realm if you have both z/OS and non-z/OS nodes.
The expiration notification threshold must be at least {0} days greater than the expiration checking interval in order to allow sufficient response time to the notifications.
{0}
SECG0001E: Cannot find SecurityAdmin MBean. The exception is {0}.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0002E: An exception occurred in ConnectToRuntime when the server checked the password for user: {0}. The exception is {1}.
CMSG0001
This exception can occur when the configured user registry cannot be contacted to perform authentication. The user registry might be configured correctly. However, check the user registry configuration and also verify that if you are using a local OS user registry, the user name that the WebSphere Application Server process is using has the right privileges to contact the registry application programming interfaces (APIs) (On UNIX systems, the server has the root privilege and on Windows systems the server has the "Act as part of operating system" privilege).
SECG0003E: An exception occurred in ConnectToRuntime when generating Lightweight Third Party Authentication (LTPA) keys. The exception is {0}.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0004E: An exception occurred when importing Lightweight Third Party Authentication (LTPA) keys: The exception is {0}.
Unable to import specified Lightweight Third Party Authentication (LTPA) keys. The most likely cause is the password is not valid and cannot decrypt the importing keys.
Verify that the password matches the Lightweight Third Party Authentication (LTPA) keys. This password must exactly match the password that is used to generate the keys on the originating server. If the password is unknown, \
SECG0005E: An exception occurred when exporting Lightweight Third Party Authentication (LTPA) keys: The exception is {0}.
Unable to get the Lightweight Third Party Authentication (LTPA) keys from the server.
Regenerate the keys and try the operation again. If the problem persists, see the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0006E: An exception occurred in ConnectToRuntime when retrieving the realm. The exception is {0}.
Unable to get the realm for the active user registry.
Verify that the user registry configuration is correct. If you are using a Local OS user registry, verify that the process running WebSphere Application Server can access the registry application programming interfaces(APIs) (On UNIX systems, the user has root privilege and on Windows systems the user  has "Act as part of operating system" privilege).
SECG0007E: An exception occurred when exporting the Java Authentication and Authorization Service (JAAS) configuration: {0}.
Unable to update the Java Authentication and Authorization Service (JAAS) run time.
Retry the operation after a few minutes. If the problem persists, contact IBM support for assistance.
SECG0008E: A SecurityAdmin MBean was not found for the object {0}: returning null.
The administrative service factory was unable to locate an MBean for the object name in the message.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0009E: The Security object was not found in the Java Authentication and Authorization Service (JAAS) run time update.
A security.xml file was not found in the resource set.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0010E: An exception occurred retrieving the security object: {0}.
A security.xml file was not found in the resource set.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0011E: The Security object was not found in extent in changeLdapDirType().
A security.xml file was not found in the resource set or the Security object was not found in the security.xml file.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0012W: An exception occurred retrieving the contents of the LdapConfig.nlsprops file: {0}.
LdapConfig.nlsprops is unavailable.  The file might not exist or the current user might not have the read access.
If the server process is not owned by the root user, or a user with administrator privileges on Windows systems, verify that the user who owns the process on which the server is running has the proper access privileges on all of the server files. See the ldapConfig.nlsprops to check the permissions.  If the problem persists, see the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0013W: An exception occurred closing the LdapConfig.nlsprops file: {0}.
Unable to close the LdapConfig.nlsprops file.  This exception is usually caused by file contention.
CMSG0002
SECG0014W: An exception occurred retrieving the contents of the LdapConfig.nlsprops file: {0}.
LdapConfig.nlsprops is unavailable. The file might not exist or the current user might not have read access.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0015W: A Lightweight Directory Access Protocol (LDAP) search filter entry was not found in the security.xml file in the LDAP User Registry section.
A Lightweight Directory Access Protocol (LDAP) search filter was not available.
Add the new Lightweight Directory Access Protocol (LDAP) search filter entry through the administrative console. To add the entry, click Security > Secure administration, application, and infrastructure. Under User account repository, select Standalone LDAP registry and click Configure. Under Additional Properties, click Advanced LDAP Settings. If the problem persists, contact IBM support for assistance.
SECG0016E: An exception occurred while importing the Lightweight Third Party Authentication (LTPA) keys: {0}.
The server was unable to import the specified Lightweight Third Party Authentication (LTPA) keys.
Verify that the Lightweight Third Party Authentication (LTPA) keys are available in the specified location.  If the problem persists, see the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0017E: An exception occurred while exporting the Lightweight Third Party Authentication (LTPA) keys: {0}.
The server was unable to export the Lightweight Third Party Authentication (LTPA) keys to the specified location. The user might not have write access to the target directory.
Verify that the user has write access to the location specified. If the problem persists, see the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0018E: An exception occurred while extracting the resource {0}: {1}.
A security.xml file was not found in the resource set.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0019E: An exception occurred while loading the resource {0}: {1}.
A security.xml file was not found in the resource set.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0020E: An exception occurred while creating a new security.xml file and security extent in context {0}: {1}.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0021E: An exception occurred while validating security configuration values: {0}.
Improper values might be specified in the field.
Verify that the proper value was entered. If the problem persists, contact IBM support for assistance.
SECG0022E: An exception occurred while setting the Lightweight Directory Access Protocol (LDAP) security configuration values: {0}.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0023E: An exception occurred while creating a new security.xml file and security extent in context {0}: {1}.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0024W: The security.xml file was not available in the context {0}.
A security.xml file was not found in the resource set.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0025E: An exception occurred while loading the security object in the context {0}: {1}.
A security.xml file was not found in the resource set.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0026E: An exception occurred while setting up the detail form for server security: {0}.
Errors might exist in the security.xml file.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0027E: The Ignore case option is required for the Lightweight Directory Access Protocol (LDAP) directory type {0}.
Select the Ignore case option for the LDAP directory type selected.
Enable the Ignore case for autorization option in the administrative console. Click Security > Secure administration, application, and infrastructure. Under User account repository, select Standalone LDAP registry and click Configure. Select the Ignore case for authorization option.
SECG0028E: The Registry object does not exist.
An internal error has occurred. The security configuration file might be corrupted.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0029E: The Lightweight Third Party Authentication (LTPA) object does not exist.
An internal error has occurred. The security configuration file might be corrupted.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0030E: The Lightweight Third Party Authentication (LTPA) password is missing.
A Lightweight Third Party Authentication (LTPA) password is needed to generate LTPA keys.
Verify that the Lightweight Third Party Authentication (LTPA) password is set. Expand Security > Global security > Authentication mechanisms. Click LTPA, and make sure that a value is present in the password field. If the password is already set, see the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0031E: The Lightweight Third Party Authentication (LTPA) keys are missing.
The server cannot find the Lightweight Third Party Authentication (LTPA) keys.
Verify that the Lightweight Third Party Authentication (LTPA) password is set. Expand Security > Global security > Authentication mechanisms. Click LTPA, and make sure that a value is present in the password field. Check for other possible exceptions. If the problem persists, see the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0032E: The Lightweight Directory Access Protocol (LDAP) directory type is missing.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0033E: The Lightweight Directory Access Protocol (LDAP) search filter object does not exist.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0034E: The Lightweight Directory Access Protocol (LDAP) host name is missing.
The Lightweight Directory Access Protocol (LDAP) host name, which is required to connect to the LDAP server, is missing.
Verify that the Lightweight Directory Access Protocol (LDAP) host name exists in the LDAP configuration. Click Security > Secure administration, application, and infrastructure. Under User account repository, select Standalone LDAP registry and click Configure. Make sure that the host name has a valid value. If the value is valid, see the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0035E: The custom user registry class name is missing.
The server cannot retrieve the custom user registry implementation file name.
Verify that the custom user registry implementation class name exists in the custom user registry configuration. Click Security > Secure administration, application, and infrastructure. Under User account repository, select Standalone Custom registry and click Configure. Make sure that the Custom registry class name field has a valid value. If the class name exists, see the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0036E: The server cannot find the SecurityAdmin MBean.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0037E: An exception occurred in ConnectToRuntime when checking the Secure Sockets Layer (SSL) key file: The exception is {0}.
The server is unable to validate the Secure Sockets Layer (SSL) key file information.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0038E: An exception occurred in ConnectToRuntime when checking the Secure Sockets Layer (SSL) trust file: The exception is {0}.
The server is unable to validate the Secure Sockets Layer (SSL) trust file information.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0039E: An exception occurred in ConnectToRuntime when checking the cryptographic token library file: The exception is {0}.
The server is unable to validate the cryptographic token library file information.
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG0040E: Exception occured while retrieving the cipher list from the getSecureSocketLayerCipherList method of the SecurityAdmin MBean
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.

Authorization
Authentication
Inbound
Outbound
Security
Associations
Confirm password
Confirms the password that is provided in the Password field.

JAAS login modules
Each entry in the login configuration must contain at least one login module. However, you can define more than one login module for a login configuration. If you define more than one login module for a login configuration, they are processed in the order that they are defined.
Custom properties
These custom properties define module options that are in a space-separated list of login module-specific values. These values are passed directly to the underlying login modules. Options are defined by the login module and control the behavior within the module. For example, a login module might define options to support debugging or testing capabilities. To specify the debugging option in the configuration, use the following key and value pairing: debug=true. Separate the key and value by an equal sign. Note that there is not a limit to the number of options that you can define for a login module.
Module class name
Specifies the class name of the given login module.
Proxy class name
Specifies the proxy class name of the given login module.
Use login module proxy
Select this option to use an application server-defined login module proxy class that delegates calls to the real login module, which is defined in the Module class name field. Use the proxy when this login configuration is used by a version of the application server that contains a Software Development Kit (SDK) version prior to 1.4.2.
Authentication strategy
Specifies the behavior as the authentication process proceeds through the stack of login modules.
Module order
The order of the given login module.
JAAS configuration entry
Defines login configurations that are used by  Authentication and Authorization Service (JAAS). Do not remove the ClientContainer, DefaultPrincipalMapping, and WSLogin login configurations because other applications might use them. If these configurations are removed, other applications might fail.
Defines login configurations that are used by  Authentication and Authorization Service (JAAS).
JAAS login modules
Each entry in the login configuration must contain at least one login module. However, you can define more than one login module for a login configuration. If more than one login module is defined for a login configuration, the login modules are processed in the order in which they are defined.
Alias
Specifies the alias name for the  Authentication and Authorization Service (JAAS) login.
JAAS Authentication Data
Specifies a list of user identities and passwords for  2 connector security to use.
Alias
Specifies the name of the authentication data entry.
User ID
Specifies the  2 Connector (J2C) authentication data user ID.
Password
Specifies the password to use for the target enterprise information system (EIS).
Description
Specifies an optional description for the authentication data entry. For example, this authentication data entry is used to connect to .
JAAS Configuration

Entries
Specifies a list of login modules of the type javax.security.auth.login.AppConfigurationEntry.
JAAS login module order
Specifies the  Authentication and Authorization Service (JAAS) login module order.
JAAS login module search order
Specifies the  Authentication and Authorization Service (JAAS) login module search order.

Authentication mechanisms and expiration
Encrypts authentication information so that the application server can send the data from one server to another in a secure manner. The encryption of authentication information that is exchanged between servers involves the LTPA mechanism.
Key generation
Authentication data is encrypted and decrypted by using keys that are kept in one or more key stores.
Key set group
Specifies groups of public, private, and shared keys. These key groups enable the application server to manage multiple sets of Lightweight Third Party Authentication keys.
Password
Specifies the password that is used to encrypt and decrypt the Lightweight Third Party Authentication (LTPA) keys.
Confirm password
Confirms the password that is used to encrypt and decrypt the LTPA keys.

Click Generate keys to generate new Lightweight Third Party Authentication (LTPA) keys, if necessary, after backing up the server and turning on security. Click Save on the administrative console to save the new keys and the password in the repository. The LTPA keys are used to encrypt and decrypt the LTPA tokens.
Authentication expiration
Authentication information persists in the system for a limited amount of time before it expires and must be refreshed.
Timeout value for forwarded credentials between servers
Forwarded credentials expire after this specified period of time. This value should be greater than the authentication cache time out.
Cross-cell single sign-on
Single sign-on across cells can be provided by sharing keys and passwords. To share the keys and password, log on to one cell, specify a key file, and click Export keys. Then, log on to the other cell, specify the key file, and click Import keys.

Click Import keys to import Lightweight Third Party Authentication (LTPA) keys that were previously exported from another cell into a file. Click Save on the administrative console to save the imported keys and the password in the repository. To support single sign-on (SSO) across multiple domains (cells) in the application server, share LTPA keys and a password across the domains.

Click Export keys to export Lightweight Third Party Authentication (LTPA) keys into a file. To support single sign-on (SSO) across multiple domains (cells) in the application server, share LTPA keys and a password across the domains.
Fully qualified key file name
Specifies the name of the file that is used when importing or exporting keys. Enter the file name and then click either Import Keys or Export Keys. The imported keys are used after the configuration is saved.
Internal server ID
Specifies the identity that is used for internal process communication.
Use SWAM: No authenticated communication between servers
Unauthenticated credentials are forwarded between servers. This option is deprecated. For further information, see the extended helps using the question mark (?) at the top of the panel.


Login configuration
Specifies the type of login configuration that is used for inbound authentication. To add custom processing, click Secure administration, applications and infrastructure > Java Authentication and Authorization Service > System login.
Security attribute propagation
Accepts a Common Secure Interoperability Version 2 (CSIv2) authorization token that contains the subject objects, security context tokens, or both.

Login configuration
Specifies the type of login configuration that is used for outbound processing. To add custom processing, click Secure administration, applications and infrastructure > Java Authentication and Authorization Service > System login.
Custom outbound mapping
Invokes the outbound login configuration, specified previously, whenever you need a custom login module to map or perform other functions before the outbound call. Also, the outbound login configuration is invoked whenever you enable security attribute propagation.
Security attribute propagation
Accepts a Common Secure Interoperability Version 2 (CSIv2) authorization token that contains the subject objects, security context tokens, or both.
Trusted target realms
Specifies a list of trusted target realms that are separated by the pipe (|) symbol.
Stateful sessions
When enabled, stateful sessions are established for secure association between the client and the server.
Trusted identities
Specifies a pipe (|)-separated list of server identities, which are trusted to perform identity assertion to this server.
CSI authentication
CSI transport
SAS transport
CSIv2 inbound authentication
Use this panel to specify authentication settings for requests that are received by the server using the Object Management Group (OMG) Common Secure Interoperability (CSI) authentication protocol.
CSIv2 outbound authentication
Use this panel to specify authentication settings for requests that are sent by the server using the Object Management Group (OMG) Common Secure Interoperability (CSI) authentication protocol.
CSIv2 inbound transport
Use this panel to specify transport settings for connections that are accepted by this server using the Object Management Group (OMG) Common Secure Interoperability (CSI) authentication protocol.
WebSphere for z/OS Version 6.1 uses the channel framework for the IIOP inbound transport. For managing SSL configurations, it is recommended to use the centrally managed SSL configuration panel. Select Security -> SSL certificate and key management -> Manage endpoint security configurations. To make a direct selection of an SSL alias for a particular SSL Channel, select Servers -> Application Servers -> server_name -> Container Services -> ORB Service -> ORB Service Transport Chains.
CSIv2 outbound transport
Use this panel to specify transport settings for connections that are initiated by the server using the Object Management Group (OMG) Common Secure Interoperability (CSI) authentication protocol.
SAS inbound transport
Use this panel to specify transport settings for connections that are accepted by the server using the IBM Secure Association Service (SAS) authentication protocol.
SAS outbound transport
Use this panel to specify transport settings for connections that are initiated by the server using the IBM Secure Association Service (SAS) authentication protocol.
SSL settings
z/OS SSL settings
Specifies a list of predefined Secure Sockets Layer (SSL) settings for inbound connections. Configure these settings on the SSL panel by clicking Secure communications on the administrative console.
Specifies a list of predefined Secure Sockets Layer (SSL) settings for outbound connections. Configure these settings on the SSL panel by clicking Secure Communications on the administrative console.
Specifies a list of predefined Secure Sockets Layer (SSL) settings for inbound connections. Configure these settings on the SSL panel by clicking Secure Communications on the administrative console.
Specifies a list of predefined Secure Sockets Layer (SSL) settings for outbound connections. Configure these settings on the SSL panel that is located by clicking Secure Communications on the administrative console.
Specifies which type of listener port is opened for inbound requests. For more information, see the extended helps by clicking the question mark (?) in the upper-right corner of the panel.
Specifies which type of listener port is opened for connections with downstream servers. For more information, see the extended helps by clicking the question mark (?) in the upper-right corner of the panel.
Basic authentication
Specifies whether clients communicating with this server must specify a user ID and password for any method request. For more information, see the extended help file by clicking the question mark (?) in the upper-right corner of the panel.
Specifies whether basic authentication is used to authenticate with a downstream server. For more information, see the extended help file by clicking the question mark (?) in the upper-right corner of the panel.
Client certificate authentication
Specifies whether clients connecting to this server must authenticate using Secure Sockets Layer (SSL) client certificates before invoking a method. For more information, see the extended help file by clicking the question mark (?) in the upper-right corner of the panel.
Specifies whether to use Secure Sockets Layer (SSL) client certificates to authenticate to downstream servers. For more information, see the extended help file by clicking the question mark (?) in the upper-right corner of the panel.
Identity assertion
When you enable identity assertion, this server permits an upstream server to assert a client identity. The upstream server has already authenticated the identity as a method of authentication to this downstream server.
When you enable identity assertion, this server can assert received client identities. These client identities are authenticated on this server to downstream servers as a method of authentication. The downstream server does not re-authenticate the asserted identity because it trusts this server. List the principal of this server in the trusted principal list for the downstream server.
Use server trusted identity
Uses the server identity to establish trust with the target server. The server identity is specified on the Specify user identity for interoperability panel of the enabled repository.
Specify an alternative trusted identity
Specifies an alternative trusted identity that is used to establish trust with the target server.
Trusted identity
Specifies a trusted user identity that is used during identity assertion.
Password
Specifies the password that is used with the trusted identity
Stateful sessions
Specifies a comma-separated list of server user identities that are trusted to perform identity assertion to this server.

User registry
Specifies a registry that maintains subjects, or users and groups, for the system.
Custom properties
Specifies a set of arbitrary configuration properties for the user registry whose names are specific to a given type of pluggable user registry.
Version 6.1 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository. However, if you are adding a Version 5.0.x or 6.0.x node to a Version 6.1 cell, you must ensure that the Version 5.x or Version 6.0.x server identity and password are defined in the repository for this cell. For the  and  platforms, you do not need to enter a server identity and password.
Server user identity
Version 6.1 distinguishes between the user identities for administrators who manage the environment and server identities for authenticating server to server communications. In most cases, server identities are automatically generated and are not stored in a repository. However, if you are adding a Version 5.0.x or 6.0.x node to a Version 6.1 cell, you must ensure that the Version 5.x or Version 6.0.x server identity and password are defined in the repository for this cell.
Automatically generated server identity
Enables the application server to generate the server identity that is used for internal process communication.
Server identity that is stored in the repository
Specifies a user ID in the repository that is used for internal process communication.
User identity for the z/OS started task
Specifies the user identity that is associated with the  started task. Each controller and server can have its own identity.
Server user ID or administrative user on a Version 6.0.x node
Specifies the user ID that is used to run the application server for security purposes. This option does not apply to the  or  platforms.
Password
Specifies the password that corresponds to the server identity. This option does not apply to the  or  platforms.
Realm
Specifies the name of the user registry.
Limit
Specifies the maximum number of entries that are expected when the Application Server retrieves user and group information from the user registry. Refine the search criterion when too many entries result from the search.
Ignore case for authorization
Ignore case for authorization
Specifies that a case-insensitive authorization check is performed.
Specifies that a case-insensitive authorization check is performed. This option applies to the Lightweight Directory Access Protocol (LDAP) and System Authorization Facility (SAF)-managed user registries.
Local operating system
Specifies the registry for the local operating system of the application server. When security is enabled and you change any of these properties, go to the Security > Secure administration, applications, and infrastructure. Click Apply or OK to validate the changes.
Specifies the registry for the local operating system of the application server.
Standalone LDAP registry
Uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups reside in an external LDAP directory. When security is enabled and any of these properties are changed, go to Security > Secure administration, applications, and infrastructure panel. Click Apply or OK to validate the changes.
Uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups reside in an external LDAP directory.

Advanced LDAP settings
Specifies the filter clauses for searching user, group, and other information in the Lightweight Directory Access Protocol (LDAP) user registry. When security is enabled and any of these properties are changed, go to the Security > Secure administration, applications, and infrastructure panel. Click Apply or OK to validate the changes.
Hosts
Specifies the host port of the Lightweight Directory Access Protocol (LDAP) server. The default port number is 389.
Type of LDAP server
Specifies the type of Lightweight Directory Access Protocol (LDAP) server that you are connecting to the Application Server.










IBM Tivoli Directory Server Version 4
IBM Tivoli Directory Server Version 5.1
IBM Tivoli Directory Server Version 5.2
IBM Tivoli Directory Server Version 6
z/OS Integrated Security Services LDAP Server
IBM Lotus Domino Version 5
IBM Lotus Domino Version 6
IBM Lotus Domino Version 6.5
Novell Directory Services
Microsoft Windows 2000 Server Active Directory
Microsoft Windows Server 2003 Active Directory
Microsoft Active Directory Application Mode

SSL Settings
Specifies the settings for the Secure Sockets Layer (SSL) protocol.
SSL enabled
Specifies whether secure socket communications is enabled with the Lightweight Directory Access Protocol (LDAP) server. When this option is selected, LDAP Secure Sockets Layer (SSL) settings are used, if specified.
Centrally managed
Specifies that the selection of a Secure Sockets Layer (SSL) configuration is based upon the outbound topology view for the  Naming and Directory Interface (JNDI) (LDAP) protocol.
Use specific SSL alias
Specifies which Secure Sockets Layer (SSL) configuration to use for Lightweight Directory Access Protocol (LDAP).
Base distinguished name (DN)
Specifies the base distinguished name of the directory service, which indicates the starting point for Lightweight Directory Access Protocol (LDAP) searches in the directory service. For example, ou=Rochester, o=IBM, c=us.
Bind distinguished name (DN)
Specifies the distinguished name for the application server, which is used to bind to the directory service.
Bind password
Specifies the password for the application server, which is used to bind to the directory service.
Search timeout
Specifies the timeout value, in seconds, for a Lightweight Directory Access Protocol (LDAP) server to respond before canceling a request.
Monitor interval
Specifies the time interval, in minutes, to monitor the responsiveness of Lightweight Directory Access Protocol (LDAP) servers.
Reuse connection
Specifies, by default, that the application server reuses the Lightweight Directory Access Protocol (LDAP) connection.
Use Tivoli Access Manager for account policies
Select this option to indicate that  Access Manager uses its password and account policies for authentication. This option requires that you have previously installed the  Access Manager server.
Host
Specifies the Lightweight Directory Access Protocol (LDAP) server host name. This host name is either an IP address or a domain name service (DNS) name.
Port
Specifies the Lightweight Directory Access Protocol (LDAP) server port.
Advanced Lightweight Directory Access Protocol (LDAP) user registry settings
Specify advanced Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups reside in an external LDAP directory. When security is enabled and any of these advanced settings are changed, go to the Security > Secure administration, applications, and infrastructure panel. Click Apply or OK to validate the changes.
User filter
Specifies a Lightweight Directory Access Protocol (LDAP) filter clause for searching the user registry for users.
Group Filter
Specifies a Lightweight Directory Access Protocol (LDAP) filter clause for searching the user registry for groups.
User ID map
Specifies a Lightweight Directory Access Protocol (LDAP) filter that maps the short name of a user to an LDAP entry.
Group ID map
Specifies a Lightweight Directory Access Protocol (LDAP) filter that maps the short name of a group to an LDAP entry.
Group member ID map
Specifies a Lightweight Directory Access Protocol (LDAP) filter that identifies user to group memberships.
Perform a nested group search
Specifies whether to perform a recursive nested group search. Select this option only if the Lightweight Directory Access Protocol (LDAP) server does not support recursive server-side searches.
Certificate map mode
Specifies whether to map X.509 certificates into a Lightweight Directory Access Protocol (LDAP) directory by EXACT_DN or CERTIFICATE_FILTER. Specify CERTIFICATE_FILTER to use the specified certificate filter for the mapping.
Certificate filter
If you specify the certificate map mode, use this property to specify the Lightweight Directory Access Protocol (LDAP) filter, which maps attributes in the client certificate to entries in LDAP.
Standalone custom registry
Specifies a custom registry that implements the UserRegistry interface in the com.ibm.websphere.security package. For backward compatibility, the application server also supports a custom registry that implements the CustomRegistry interface in the com.ibm.websphere.security package. When security is enabled and any of the properties on this panel are changed, go to the Security > Secure administration, applications, and infrastructure panel. Click Apply or OK to validate the changes.
Specifies a custom registry that implements the UserRegistry interface in the com.ibm.websphere.security package.
Custom registry class name
Specifies a dot-separated class name that implements the UserRegistry interface in the com.ibm.websphere.security package.


Repository
none defined
New


Federated repositories
By federating repositories, identities stored in multiple repositories can be managed in a single, virtual realm. The realm can consist of identities in the file-based repository that is built into the system, in one or more external repositories, or in both the built-in repository and one or more external repositories.
Realm name
Specifies the name of the realm.
Repositories in the realm:
Add Base entry to Realm...
Use built-in repository
Remove
Base entry
Repository identifier
Specifies a unique identifier for the repository. This identifier uniquely identifies the repository within the cell.
Repository type
Specifies the repository type.
Host server


Administrative user password
When the realm includes the built-in repository, the primary administrative user account is stored in it. Apply a password to this account to enable security. After security is enabled, you can manage this account with Users and Groups in the administrative console.
Specifies the password of the administrative user who manages the application server resources and user accounts.
Password
Specifies the password of the administrative user who manages the application server resources and user accounts.
Confirm password
Confirms the password of the administrative user who manages the application server resources and user accounts.


Property extension repository
The properties of repository entries can be extended by using a database to associate additional properties with the entries. Supply a valid data source, a direct connection configuration, or both. The system first tries to connect by way of the data source. If the data source is not available, then the system uses the direct access configuration.
Specifies the property extension repository that is used to extend the properties of repository entries.
Data source name
Specifies the  Naming and Directory Interface (JNDI) name of the data source used to access the property extension repository.
Database type
Specifies the type of database that is used for the property extension repository.







JDBC driver
Specifies the  Database Connectivity (JDBC) driver that is used to access the property extension repository, for example, com.ibm.db2.jdbc.app.DB2Driver.
Database URL
Specifies the Web address for the property extension repository.
Database administrator user name
Specifies the user name of the database administrator that is used to access the property extension repository.
Password
Specifies the password that is used to enable the database administrator to access the property extension repository.
Entity retrieval limit
Specifies the maximum number of entities that the system can retrieve from the property extension repository with a single database query.



Entry mapping repository
A database can be used to manage several aspects of federated repositories, such as preventing entry identifier collisions, maintaining references to identities whose identifiers might change, using multiple repositories for additional identities, and improving performance. Supply a valid data source, a direct connection configuration, or both. The system first tries to connect by way of the data source. If the data source is not available, then the system uses the direct access configuration.
Specifies the entry mapping repository used to manage several aspects of federated repositories.
Data source name
Specifies the  Naming and Directory Interface (JNDI) name of the data source that is used to access the entry mapping repository.
Database type
Specifies the type of database that is used for the entry mapping repository.
JDBC driver
Specifies the  Database Connectivity (JDBC) driver that is used to access the entry mapping repository, for example, com.ibm.db2.jdbc.app.DB2Driver.
Database URL
Specifies the Web address for the entry mapping repository.
Database administrator user name
Specifies the user name of the database administrator that is used to access the entry mapping repository.
Password
Specifies the password that is used to enable the database administrator to access the entry mapping repository.
Specify the following values to directly access the database:


Repository reference
Specifies a set of identity entries in a repository that are referenced by a base entry into the directory information tree. If multiple repositories are included in the same realm, it might be necessary to define an additional distinguished name that uniquely identifies this set of entries within the realm.
Specifies a set of identity entries in a repository that are referenced by a base entry into the directory information tree.
Repository identifier
Specifies a list of the available Lightweight Directory Access Protocol (LDAP) repositories.
Add Repository...
Distinguished name of a base entry that uniquely identifies this set of entries in the realm
Specifies the Lightweight Directory Access Protocol (LDAP) distinguished name (DN) that uniquely identifies this set of entries in the realm.
Distinguished name of a base entry in this repository
Specifies the Lightweight Directory Access Protocol (LDAP) distinguished name (DN) of the base entry within the repository. This entry and its descendents are mapped to the subtree that is identified by the unique base name entry field.


Manage repositories
Repositories that are configured in the system are listed in the following table. You can add or delete external repositories.
Specifies a list of repositories that are configured in the system.
Repository identifier
Specifies a unique identifier for the repository. This identifier uniquely identifies the repository within the cell.
Repository type
Specifies the repository type, such as File or LDAP.
Host server
Host server description
Repository configuration


Supported entity types
Use this page to configure entity types that are supported by the member repositories.
Entity type
Specifies the entity type name.
Base entry for the default parent
Specifies a base entry as the default parent.
Relative Distinguished Name properties
Specifies the relative distinguished name () properties for the specified entity type.


LDAP entity types
Use this page to list entity types that are supported by the member repositories or to select an entity type to view or change its configuration properties.


Custom properties
Custom properties description


Performance
Opening new network connections to the LDAP server, establishing a new JNDI context, or accessing the LDAP server over the network might impact performance. Initialization impacts to performance are minimized by adding opened connections and contexts to internally maintained pools and reusing them. Minimize the impact to performance by maintaining internal caches of retrieved data.
Specifies configuration settings used to improve performance.
Limit search time
Specifies whether to limit the time for a Lightweight Directory Access Protocol (LDAP) server to respond before stopping a search request.

Specifies the time in milliseconds for a Lightweight Directory Access Protocol (LDAP) server to respond before stopping a search request.

Limit search returns
Specifies whether to limit the number of entries that are returned in a search result.

Specifies the maximum number of entries that are returned in a search result.

Use connection pooling
Specifies whether to utilize the connection pooling function, which is provided in the Software Development Kit (SDK).
Context pool
Specifies whether context pooling is enabled to the Lightweight Directory Access Protocol (LDAP) server. To improve performance, use the context pool in combination with connection pooling.
Enable context pool
Specifies whether context pooling is enabled to the Lightweight Directory Access Protocol (LDAP) server. To improve performance, use the context pool in combination with connection pooling.
Initial size
Specifies the number of context instances in the pool when the pool is initially created by the Lightweight Directory Access Protocol (LDAP) repository.

Preferred size
Specifies the preferred number of context instances that the context pool maintains. Both in-use and idle context instances contribute to this number.

Maximum size
Specifies the maximum number of context instances that can be maintained concurrently by the context pool. Both in-use and idle context instances contribute to this number.

Context pool times out
Specifies whether the context pool times out and removes idle context instances.

Specifies the number of seconds for the context pool to time out and remove idle context instances.

Caches
Caches description
Cache the attributes
Specifies whether to cache the attributes that are returned from the Lightweight Directory Access Protocol (LDAP) server.


Cache size
Specifies the maximum size of the cache.

Cache times out
Specifies whether the cache times out after the specified number of seconds.
Specifies the maximum number of seconds the cached attributes can stay in the cache.

Cache the search results
Specifies whether to cache the search results that are returned from the Lightweight Directory Access Protocol (LDAP) server.

Specifies the maximum number of seconds the cached search results can stay in the cache.



Group attribute definition
Use this page to specify the name of the group membership attribute. Every Lightweight Directory Access Protocol (LDAP) entry includes this attribute to indicate the groups to which this entry belongs.
Specifies the name of the group membership attribute.
Name of group membership attribute
Specifies the name of the group membership attribute.
Scope of group membership attribute
Specifies the scope of the group membership attribute.






Member attributes
Use this page to manage Lightweight Directory Access Protocol (LDAP) member attributes.


Dynamic member attributes
Use this page to manage Lightweight Directory Access Protocol (LDAP) dynamic member attributes.
Name
Scope
Object class


Name of member attribute
Specifies the name of the member attribute in Lightweight Directory Access Protocol (LDAP), for example, member or uniqueMember.
Object class
Specifies the object class of the group that uses this member attribute. If this field is not defined, this member attribute applies to all group object classes.
Scope
Specifies the scope of the member attribute.
Direct - Contains only immediate members of the group without members of subgroups
Nested - Contains direct members and members nested within subgroups of this group
All - Contains all direct, nested, and dynamic members


Name of dynamic member attribute
Specifies the name of the attribute that defines the filter for dynamic group members in Lightweight Directory Access Protocol (LDAP), for example, memberURL.
Dynamic object class
Specifies the object class of the group that contains this dynamic member attribute, for example, groupOfURLs. If this property is not defined, the dynamic member attribute applies to all group object classes.


Entity type
Specifies the entity type.
Search filter
Specifies the Lightweight Directory Access Protocol (LDAP) search filter that is used to search this entity type. If a search filter is not specified, the object classes are used as the search filter.
Search bases
Specifies the search bases that are used to search this entity type.
Object classes
Specifies the object classes that are mapped to this entity type. Lightweight Directory Access Protocol (LDAP) entries that contain one or more of the object classes belong to this entity type.
Object classes for creation
Object classes for creation description


LDAP repository configuration
Specifies the configuration for secure access to a Lightweight Directory Access Protocol (LDAP) repository with optional failover servers.
LDAP attribute used as the repository identifier
LDAP attribute description
LDAP server
LDAP server description
Directory type
Specifies the type of Lightweight Directory Access Protocol (LDAP) server to which you connect.
Primary host name
Specifies the host name of the primary Lightweight Directory Access Protocol (LDAP) server. This host name is either an IP address or a domain name service (DNS) name.
Port
Specifies the Lightweight Directory Access Protocol (LDAP) server port.
Support referrals to other LDAP servers
Specifies how referrals that are encountered by the Lightweight Directory Access Protocol (LDAP) server are handled.



Failover server used when primary is not available:
Add
Failover server
Failover host name
Specifies the host name of the failover Lightweight Directory Access Protocol (LDAP) server.
Port
Specifies the port of the failover Lightweight Directory Access Protocol (LDAP) server.
Security
Security description
Bind distinguished name
Specifies the distinguished name for the application server to use when binding to the Lightweight Directory Access Protocol (LDAP) repository.
Bind password
Specifies the password for the application server to use when binding to the Lightweight Directory Access Protocol (LDAP) repository.
Login properties
Specifies the property names to use to log into the application server. This field takes multiple login properties, delimited by a semicolon (;). For example, uid;mail.
Require SSL communications
Specifies whether secure socket communication is enabled to the Lightweight Directory Access Protocol (LDAP) server. When enabled, the Secure Sockets Layer (SSL) settings for LDAP are used, if specified.
Centrally managed
Specifies that the selection of a Secure Sockets Layer (SSL) configuration is based upon the outbound topology view for the  Naming and Directory Interface (JNDI) platform.
View
View description
Specific to this endpoint
Indicates a specific Secure Sockets Layer (SSL) configuration that is associated with this endpoint.
SSL configuration name description
Add...
Add SSLConfig description
Certificate mapping
Specifies whether to map X.509 certificates into a Lightweight Directory Access Protocol (LDAP) directory by exact distinguished name or certificate filter. Specify the certificate filter to use the specified filter for the mapping.
Certificate filter
Specifies the filter certificate mapping property for the Lightweight Directory Access Protocol (LDAP) filter. The filter is used to map attributes in the client certificate to entries within the LDAP repository.
Authentication level
Specifies the level of security to use when authenticating to the Lightweight Directory Access Protocol (LDAP) server.








Custom properties
Specifies arbitrary name and value pairs of data. The name is a property key and the value is a string value that can be used to set internal system configuration properties.
Specifies arbitrary name and value pairs of data. The name is a property key and the value is a string value that can be used to set internal system configuration properties.
Specifies an arbitrary name and value pair of data. The name is a property key and the value is a string value that can be used to set internal system configuration properties.
Name
Specifies the name of the property.
Value
Specifies a string value that can be used to set this property.
Description
Specifies an optional description for this property value.
Required
Indicates whether this property is required to have a value.
Validation expression
The administrative console or other tools use this expression to validate the value of this property.

Secure administration, applications, and infrastructure
The application serving environment is completely secured when administration is restricted. The applications and the infrastructure that supports the administration and applications also are secured.

Launches a wizard to configure the basic security settings.

Generates and displays a report of the current security settings.

The title of the security configuration report.

Specifies the host name on which the report is generated.

Specifies the time when the report was generated.
Administrative security

Enable administrative security
Enables administrative security for this application server domain.
Console users and groups
Link to user and group management
Application security
Settings for applications
Enable application security
Enables application-level security unless the option is overridden at the server level.
Java 2 security
Settings for the security infrastructure
User account repository
User repository selection and configuration
Current realm definition
Specifies the current setting for the active user repository. This field is read-only.
Available realm definitions
Specifies the available repositories.
Set as current
Specifies that the application server saves the currently selected repository as the active registry when you click Apply.

Launches the user registry panel, which is based upon the currently selected registry.
Use Java 2 security to restrict application access to local resources
Specifies whether to enable  2 security. If  2 security is enabled and an application requires more  2 security permissions than are granted in the default policy, then the application might fail to run properly.
Warn if applications are granted custom permissions
Specifies that a warning is issued during application installation if an application requires a  2 security permission that normally is not granted to an application.
Restrict access to resource authentication data
Restricts application access to sensitive  Connector Architecture (JCA) mapping authentication data.
Authentication
Specifies the configuration settings that are related to authentication.
Use domain-qualified user names
Specifies that user names that are returned by methods, such as the getUserPrincipal() method, are qualified with the security domain in which they reside.
Web security
Specifies the security configuration settings that are related to Web resources.
General settings
Specifies the settings for Web authentication.
RMI/IIOP security
Specifies the inbound and outbound settings for Remote Method Invocation over the Internet Inter-ORB Protocol (RMI/IIOP).
Java Authentication and Authorization Service

Authorization

Authorization providers
Specifies whether to use the default authorization configuration or an external authorization provider.
Active authentication mechanism
Specifies the active authentication mechanism that is used when you enable security.
Simple WebSphere Authentication Mechanism (SWAM)
Lightweight Third Party Authentication (LTPA)
Custom
Authentication mechanisms
Specifies a list of authentication mechanisms that are configured in the system. Only one authentication mechanism can be active in the system at a time.
SWAM authentication mechanism
LTPA authentication mechanism
Custom authentication mechanism
Web authentication
Specifies the settings for Web authentication.
Web security - General settings
Specifies the general settings for Web authentication.
Federated repositories
Specifies the configuration for a registry of users that is defined in the system. User registry configuration is required when you enable the security configuration. The local operating system is the default type of registry.
Realm definition
Specifies the active user registry when you enable security. The LDAP or custom user registry is required when running as a  non-root user or running in a multi-node environment.
Federated repositories
Manages identities in a single, virtual realm that are stored in multiple repositories.
Authentication configuration

JAAS - Application logins
Specifies a list of  Authentication and Authorization Service (JAAS) login configurations that the application code can use including enterprise beans,  ServerPages (JSP) files, servlets, and resource adapters.
CSI
Specifies the configuration for the Object Management Group (OMG) Common Secure Interoperability version 2 (CSIv2) security protocol.
SAS
Specifies the configuration for the  Secure Authentication Service (SAS) security protocol that is used to communicate with  Application Server versions 3.x and 4.x. The SAS protocol is not supported by  Application Server Version 6.1, but is available for previous versions in a cell.
SSL configurations
Specifies a list of Secure Sockets Layer (SSL) configurations.
JAAS - System logins
Specifies a list of  Authentication and Authorization Service (JAAS) login configurations that are used by system resources including the authentication mechanism, principal mapping, and credential mapping.
JAAS - J2C authentication data
Specifies a list of user identities and passwords for  2 Connector security to use.
Default SSL settings
Applies the default SSL configuration to the entire administrative domain.
Authorization table implementation

Role-based authorization
Specifies a list of system components that use the generalized role-based authorization for access control.
Use the local security server
Specifies whether an application server uses a local instance of the security server or uses the security server in the node agent on the local node, on a remote node, or in the cell manager. The order is specific for the security server.
Use domain-qualified user identities
Specifies that user names that are returned by methods, such as the getUserPrincipal() method, are qualified with the security domain in which they reside.
Enable administrative security
Enables administrative security for this application server domain.
Authentication cache timeout
Specifies the period of time after which the cached authentication data is not valid. The value that is specified in minutes and seconds is converted to seconds in the configuration.
Warn if application permissions conflict with restrictions
Specifies that a warning is issued during application installation if an application requires a  2 security permission that normally is not granted to an application.
Active RMI/IIOP authentication protocol
Specifies the active security authentication protocol when you enable security.
Use the Federal Information Processing Standard (FIPS)
Enables the Federal Information Processing Standard (FIPS)-compliant cryptographic engine.
Use Java 2 security to restrict application access to local resources
Specifies whether to enable  2 security. If  2 security is enabled and an application requires more  2 security permissions than are granted in the default policy, then the application might fail to run properly.
Include restricted access to back-end server login data
Enable this option to restrict application access to sensitive  Connector Architecture (JCA) mapping authentication data.

Configure security
Secure the application serving environment
This wizard assists you in securing your application serving environment. The application serving infrastructure can store administrative users and passwords or can use an existing registry with stored administrative users, application users, or both.
If you are using an existing registry such as the local operating system, LDAP, or a custom registry, you need the following information:
Configuration information to connect to the existing registry
An existing user name in the registry to act as the primary administrative user
At a minimum, this task provides for secure administration. However, administrative security alone does not provide full security. In most environments, it is recommended that you also enable application and resource security.
Capabilities such as single sign-on require the transmission of authentication data between servers. Encryption keys are secured with a password in a key store.
The user account repository stores users and group names that are used for authentication and authorization. The default repository is built into the application serving system and can be federated with one or more external Lightweight Directory Access Protocol (LDAP) repositories. You can also select a standalone external repository.
A secure, file-based user repository is built into the system for storing administrative users or environments with a small number of users. The file-based user repository can be federated with one or more external LDAP repositories. If this is the first time security has been enabled using this repository, provide a new user name and password to act as an administrator. If security was previously enabled using this repository, provide the name of a user with administrator privileges that is in the built-in repository.
Note: Use this panel to configure a federated repository with a built-in, file-based repository in the realm. To configure a federated repository with a non file-based repository in the realm, you must use the User accounts repository section on the Secure administration, applications, and infrastructure panel.
The repository stores users and group names that are used for authentication and authorization. The application server infrastructure can register users and groups. If security was previously enabled using this repository, provide the name of a user with administrator privileges that is in the repository.
You can specify the local operating system user and group definitions as the repository. If security was previously enabled using this repository, provide the name of a user with administrator privileges that is in the repository.
Custom repositories, such as a database repository, require the definition of a  class to access the database. If security was previously enabled using this repository, provide the name of a user with administrator privileges that is in the repository.
Custom repositories often require that you specify one or more properties that are specific to the repository implementation.
Summary
Displays the list of values that are selected during the wizard and are used to enable security.

Primary administrative user name
Specifies the name of the user with administrative privileges that is defined in the registry
Password
Specifies the password of the administrative user who manages the application server resources and user accounts.
User repository

Web authentication behavior
Web authentication behavior
Authenticate only when the URI is protected
The application server challenges the Web client to provide authentication data when the Web client accesses a Uniform Resource Identifier (URI) that is protected by a  2 Platform, Enterprise Edition (J2EE) role. The authenticated identity is only available when the Web client accesses a protected URI.
Use available authentication data when an unprotected URI is accessed
The Web client can access validated authenticated data that it previously could not access. This option enables the Web client to call the getRemoteUser, isUserInRole, and getUserPrincipal methods to retrieve an authenticated identity from an unprotected Uniform Resource Identifier (URI). However, this option does not challenge the Web client to provide authenticated data if the Web client accesses an unprotected URI without authenticated data.
Authenticate when any URI is accessed
The Web client must provide authentication data regardless of whether the URI is protected.
Default to basic authentication when certificate authentication for the HTTPS client fails
When the required HTTPS client certificate authentication fails, the application server uses the basic authentication method to challenge the Web client to provide a user ID and password.
single sign-on (SSO)
Specifies the configuration values for single sign-on.
Requires SSL
Specifies that single sign-on (SSO) is enabled only when requests are made over HTTPS Secure Sockets Layer (SSL) connections.
Domain name
Specifies the domain name (ibm.com, for example) that contains a set of hosts to which the single sign-on applies.
Enabled
Specifies that single sign-on is enabled. Web applications that use  2 Platform, Enterprise Edition (J2EE) FormLogin-style login pages require single sign-on enablement.
Interoperability Mode
Specifies that an interoperable cookie is sent to the browser to support back-level servers.
Web inbound security attribute propagation
When Web inbound security attribution propagation is enabled, security attributes are propagated to front-end application servers. When this option is disabled, the single sign-on (SSO) token is used to login and recreate the Subject from the user registry.
Interceptors
Specifies the trust information for reverse proxy servers.
Custom properties
Specifies arbitrary name and value pairs of data. The name is a property key and the value is a string value that is used to set internal system configuration properties.
Interceptor class name
Selects the trust association interceptor class name.
Trust association
Enables trust association. Trust association is used to connect reversed proxy servers to the application server.
Interceptors
Specifies a list of trust association interceptor implementations.
Enable trust association
Enables trust association.


External authorization providers
Specifies whether to use the default authorization configuration or an external authorization provider. The external providers must be based on the  Authorization Contract for Containers (JACC) specification to handle the  2 Platform, Enterprise Edition (J2EE) authorization. Do not modify any settings on the authorization provider panels unless you have configured an external security provider as a JACC authorization provider.
Specifies whether to use the default authorization configuration or an external authorization provider.
Authorization
Select the external authorization option when you intend to use an external security provider only, such as the  Access Manager, to handle J2EE authorization using JACC. For default authorization, do not modify the settings on these panels. For external authorization, see the help page for more information.
External authorization using a JACC provider
Default authorization
System Authorization Facility (SAF) authorization
External JACC provider
Specifies the implementation details for the external  Authorization Contract for Containers (JACC) provider.
Name
Specifies the name of the  Authorization Contract for Containers (JACC) provider.
Description
Specifies the optional description for the  Authorization Contract for Container (JACC) provider.
Policy class name
Specifies the class name of an implementation class that represents the javax.security.jacc.policy.provider property according to the specification. Use a dot-separated name. The class file must reside in the class path of each application server process.
Policy configuration factory class name
Specifies the class name of an implementation class that represents the javax.security.jacc.PolicyConfigurationFactory.provider property. Use a dot-separated name. The class file must reside in the class path of each application server process.
Role configuration factory class name
Specifies the class name of an implementation class that implements the com.ibm.wsspi.security.authorization.RoleConfigurationFactory interface. Use a dot-separated name. The class file must reside in the class path of each application server  process. For more information on this interface, see the application server documentation.
Provider initialization class name
Specifies the class name of an implementation class that implements the com.ibm.wsspi.security.authorization.IntializeJACCProvider interface. This class is called at the start of application server processes. The custom properties that you define for this provider are passed to the implementation class. Use a dot-separated name. The class file must reside in the class path of each application server process.
Requires the EJB arguments policy context handler for access decisions
Specifies whether the policy providers require the EJB Arguments Policy Context Handler to make access decisions. Because this option has an impact on performance, do not set it unless it is required by the provider.
Supports dynamic module updates
Specifies whether the provider can support dynamic changes to the Web modules. For more information, see the extended helps by clicking the question mark (?) in the upper-right corner of the panel.

SSL certificate and key management

Manages endpoint security configurations, trust zones, and certificate expiration.
SSL configurations
The Secure Sockets Layer (SSL) protocol provides secure communications between remote server processes or endpoints. SSL security can be used for establishing communications inbound to and outbound from an endpoint. To establish secure communications, a certificate and an SSL configuration must be specified for the endpoint.
In previous versions of this product, it was necessary to manually configure each endpoint for Secure Sockets Layer (SSL). In this version, you can define a single configuration for the entire application-serving environment. This capability enables you to centrally manage secure communications. In addition, trust zones can be established in multiple node environments by overriding the default, cell-level SSL configuration.
If you have migrated a secured environment to this version using the migration utilities, the old Secure Sockets Layer (SSL) configurations are restored for the various endpoints. However, it is necessary for you to re-configure SSL to take advantage of the centralized management capability.
Provides secure communications between remote server processes or endpoints. Secure Sockets Layer (SSL) security can be used for establishing communications inbound to and outbound from an endpoint.
Configuration settings
Use the United States Federal Information Processing Standard (FIPS) algorithms. Note: This option requires the TLS handshake protocol, which some browsers do not enable by default.
Specifies the Federal Information Processing Standard (FIPS)-compliant  cryptography engine is enabled.
Dynamically update the run time when SSL configuration changes occur
Specifies that all of the Secure Sockets Layer (SSL)-related attributes that change should be read from the configuration dynamically after they have been saved and then used for new connections. To not impact customers, it is recommended that changes to production servers be made during off-peak periods.
Base64-encoded ASCII data
Binary DER data
Manage certificate expiration
Configures the certificate expiration monitor.
Configures the certificate expiration monitor.

Expiration notification threshold
Specifies a threshold number of days during which the application warns specified individuals that a certificate is about to expire. For example, when the expiration monitor is run and the threshold is 30 days, if the current date is 30 days or less from the certificate expiration date, the certificate is flagged for notification. The application server can be configured to provide certification expiration notification through either e-mail or the message log file.
Automatically replace expiring self-signed certificates
Specifies a new self-signed certificate be generated using the same certificate information if the expiration notification threshold is reached. The old certificate is replaced and uses the same alias. All old signers are managed by the key store configuration are also replaced. The system only replaces self-signed certificates.
Delete expiring certificates and signers after replacement
Specifies whether to completely remove old, self-signed certificates from the key store during a replace operation or leave them there under a renamed
alias. If an old certificate is not deleted, the system renames the alias so that the new certificate can use the old alias, which might be referenced elsewhere in the configuration.

Enable checking
Specifies the certificate monitor is active and will run as scheduled.
Next start date
Specifies the date for the next scheduled check. This allows the deployment manager to be stopped and restarted without resetting the date.
Expiration checking

Scheduled time of day to check for expired certificates
Specifies the scheduled time that the system checks for expired certificates.
Check by calendar
Specifies that you want to schedule a specific day of the week on which the expiration monitor runs. For example, it might run on Sunday.
Check by number of days
Specifies that you want to schedule a specific number of days between each run of the expiration monitor.
Expiration check notification
Specifies the notification type when an expiration monitor runs. This notification can be indicated in e-mail or in the message log file.
SSL configurations
Defines a list of Secure Sockets Layer (SSL) configurations.
Defines Secure Sockets Layer (SSL) configurations.
Name
Specifies the unique name of the Secure Sockets Layer (SSL) configuration within the management scope in which it resides. For ways to programmatically access the properties that are configured for this SSL configuration, see the com.ibm.websphere.ssl.JSSEHelper application programming interface (API).
Keyring name
Specifies the name of the keyring for the System SSL configuration. This field implies the keystore and trust store.
Trust store name
Specifies a reference to a specific trust store used by  Secure Sockets Extension (JSSE). The trust store holds signer certificates that validate the trust of certificates sent by remote connections during an Secure Sockets Layer (SSL) handshake.
Keystore name
Specifies a reference to a specific key store. The key store holds personal certificates that represent the identity of one side of a connection. The public key of this personal certificate is sent to the other side of the connection to establish trust during the handshake. The remote side of the connection needs the root certificate authority (CA) certificate or self-signed public key (signer) to be in the trust store to validate this personal certificate.
Default server certificate alias
Specifies the certificate alias that is used as the identity for this Secure Sockets Layer (SSL) configuration if one has not been specified elsewhere.
Default client certificate alias
Specifies the description for a client certificate alias
Management scope
Specifies the scope where this Secure Sockets Layer (SSL) configuration is visible. For example, if you choose a specific node, then the configuration is only visible on that node and any servers that are part of that node.
Centrally managed
Specifies that the selection of a Secure Sockets Layer (SSL) configuration is based upon the outbound topology view for the  Naming and Directory Interface (JNDI) (LDAP) protocol.
Use specific SSL alias
Specifies which Secure Sockets Layer (SSL) configuration to use for Lightweight Directory Access Protocol (LDAP).
Key ring name
The name of the System Authorization Facility (SAF) keyring that contains public keys and perhaps private keys.
V3 timeout
Specifies the SSL v3 timeout value. The valid range is 1-86400.
Type
Specifies the type of the Secure Sockets Layer (SSL).
SSL configuration - cell level
Defines a list of Secure Sockets Layer (SSL) configurations at the cell level.
Quality of protection (QoP) settings
Specifies the security level, ciphers, and mutual authentication settings.
Specifies the security level, ciphers, and mutual authentication settings.
Client authentication
Specifies whether Secure Sockets Layer (SSL) client authentication should be requested if the SSL connection is used for the server side of the connection. If None is selected, the server does not request that a client certificate be sent during the handshake. If Supported is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake might still succeed. If Required is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake fails.
Cipher suite settings
Cipher suites
Specifies the ciphers that are used during the Secure Sockets Layer (SSL) handshake.
Cipher suite groups
Specifies the various cipher suite groups that can be chosen depending upon the security needs. The stronger the cipher suite strength, the better the security. However, the strong cipher suite strength can result in performance consequences.
Cipher suite selection
Specifies the list of ciphers in Selected ciphers field that is used during the Secure Sockets Layer (SSL) handshake.
Supported ciphers
Selected ciphers
Specifies the ciphers that are effective when the configuration is saved. These ciphers are used to negotiate with the remote side of the connection during the handshake. A common cipher needs to be selected or the handshake fails.
Protocol
Specifies the SSL handshake protocol. Typically, this is SSL_TLS, which supports all handshake protocols except for SSLv2 on the server side. When FIPS is enabled, TLS automatically is used regardless of this setting.
Provider
Specifies a package that implements a subset of the cryptography aspects for the  security application programming interface (API). This value is a  Secure Sockets Extension (JSSE) provider name that is listed in the java.security file. Note that cipher suites and protocol values depend upon the provider.
Trust and key managers
Defines trust and key managers for the selected SSL configuration.
Defines trust and key managers for the selected SSL configuration.
Default trust manager
Specifies the default trust manager, which is typically the IbmX509 trust manager by the IBMJSSE2 provider. The other default trust manager is IbmPKIX, which can be selected when certificate revocation checks should be made using the X509Certificate CRL distribution list. The IbmPKIX trust manager does not perform as well as the IbmX509 trust manager.
Additional ordered trust managers
Specifies additional trust managers that are used in the order shown for this Secure Sockets Layer (SSL) configuration.
Key manager
Specifies the key manager that is used for this Secure Sockets Layer (SSL) configuration.
Trust managers
Defines the implementation settings for the trust manager. A trust manager is a class that is invoked during an Secure Sockets Layer (SSL) handshake to make trust decisions about the remote end point. A default trust manager is used to validate the signature and expiration of the certificate. Custom trust managers can be plugged in to perform an extended certificate and host name check.
Defines the implementation settings for the trust manager.
Name
Specifies the name of the trust manager. This name is used as a selection in the SSL configuration panel.
Implementation settings
Specifies the implementation settings for this trust manager.
Standard
Specifies that the trust manager selection is available from a  provider that is installed in the java.security file. This provider might be shipped by the  Secure Sockets Extension (JSSE) or might be a custom provider that implements the javax.net.ssl.X509TrustManager interface.

Specifies that the trust manager selection is based upon a custom implementation class that implements the javax.net.ssl.X509TrustManager interface and, optionally, the com.ibm.wsspi.ssl.TrustManagerExtendedInfo interface to obtain additional connection information that is not otherwise available.
Class name
Specifies the name of the key manager implementation class. This class implements javax.net.ssl.X509TrustManager interface and, optionally, the com.ibm.wsspi.ssl.TrustManagerExtendedInfo interface.
Provider
Specifies the provider name that has an implementation of the javax.net.ssl.X509TrustManager interface. This provider is typically set to IBMJSSE2.
Algorithm
Specifies the algorithm name of the trust manager that is implemented by the selected provider.
Key managers
Specifies the implementation settings for key managers. A key manager is invoked during a Secure Sockets Layer (SSL) handshake to determine which certificate alias is used. The default key manager (WSX509KeyManager) performs alias selection. If more advanced function is desired, define a custom key manager  on the Secure communications > Manage endpoint security configurations panel.
Specifies the implementation settings for key managers.
Name
Specifies the name of the key manager, which you can select on the SSL configuration panel.
Implementation settings
Specifies the implementation settings for this key manager.
Standard
Specifies that the key manager selection that is available from a  provider that is installed in the java.security file. This provider might be shipped by  Secure Sockets Extension (JSSE) or be a custom provider that implements an X509KeyManager interface.

Specifies that the key manager selection that is based on a custom implementation class. The class implements the javax.net.ssl.X509KeyManager interface and optionally the com.ibm.wsspi.ssl.KeyManagerExtendedInfo interface to obtain additional connection information that is not otherwise available.
Class name
Specifies the name of the key manager implementation class.
Provider
Specifies the provider name that has an implementation of an X509KeyManager interface. This provider is typically set to IBMJSSE2.
Algorithm
Specifies the algorithm name of the key manager that is implemented by the selected provider.
Key stores and certificates
Defines KeyStore types, including cryptography, , CMS, , and all TrustStore types.
Defines KeyStore types, including cryptography, , CMS, , and all TrustStore types.
Name
Specifies the unique name that is used to identify the key store. This name is typically scoped by the ManagementScope scopeName and based upon the location of the key store. The name must be unique within the existing key store collection.
Path
Specifies the location of the key store file in the format needed by the key store type. This file can be a DLL for cryptographic devices or a filename or file URL for file-based key stores. It can be a SAF keyring URL for  keyrings.
Enable cryptographic operations on hardware device
Specifies whether a hardware cryptographic device is used for cryptographic operations only. Operations that require login are not supported when using this option.
Password
Change password
Specifies the password used to protect the KeyStore. For the default KeyStores (names ending in DefaultKeyStore or DefaultTrustStore), the password is WebAS. This default password must be changed.
Type
Specifies the implementation for key store management. This value defines the tool that operates on this key store type.

Specifies one of the predefined key store types.

Enables the selection of a key store type. The key store type determines how the certificate information is stored. For hardware cryptographic tokens, the key store type is IBMPKCS11Impl. On the  platform, the key store type is JCE4758KS.

Specifies a custom type of key store file.
Custom key store class name

Remotely managed
Specifies whether the key store is remotely managed, which means that a remote MBean call is needed to update the key store based on the host name specified in the host list field. Most hardware cryptographic token devices are remotely managed. If a key store is marked remotely managed, list the host name of the server where the device is installed in the Host list field.
Host list
Specifies a host (or list of hosts) to contact to perform the key store operation. Multiple hosts may be listed, separated by a | character, but updates are not guaranteed to be atomic. This means that if a key store on one host could not be reached, the key store on another host in the list will be updated anyway, and therefore would contain differences. They are not guaranteed to stay in sync with each other.
File-based key store
Specifies whether the keystore type is file-based or process-based. Process-based key stores require MBean calls for updates.
Read only
Specifies whether the application server can write to the key store. If not, certain operations cannot be performed, such as creating or importing certificates.
Initialize at startup
Specifies whether the key store needs to be initialized before it can be used for cryptographic operations. If enabled, the key store is initialized at server start up.
Stash password to file
Indicates whether to copy the password to a file. This option applies to Cryptographic Message Syntax (CMS) key store types only.
Exchange signers
Extract a Personal Certificate from one key store and add it to another key store as a Signer Certificate.
Signers to exchange
Specifies the trusted (signer) certificates that are selected for the exchange. The key store personal certificates and trust store signer certificates that are listed currently are stored in the two specified key stores.
{0} personal certificates
Specifies the personal certificates that are currently stored in the specified key store.
{0} signers
Specifies the trusted (signer) certificates that are currently stored in the specified key store.
Personal certificates
Manages personal certificates.
Manages personal certificates.
Create a self-signed certificate
Enables the application server to create a new self-signed certificate.
Receive a certificate from a certificate authority
Enables the application server to receive a certificate authority (CA)-generated certificate from a file to complete a certificate request.
Replace
Replaces a self-signed certificate with another self-signed certificate that contains the same information, but with a new expiration period. The signer from the old certificate that is contained in any managed key store in the cell is replaced by the signer from the new certificate.
Extract
Extracts a certificate from the key store that will be added to another key store as a trusted certificate (signer).
Import
Imports a certificate, including the private key, from a key store file.
Export
Exports a certificate, including the private key, to a specified key store file.
Self-signed
Creates a new self-signed certificate.
Expiration
Specifies the expiration date of the signer certificate for validation purposes.
Alias
Specifies the alias that the personal certificate is referenced by in the key store.
Version
Specifies the version of the personal certificate. Valid versions include X509 V3, X509 V2, or X509 V1. It is recommended that you use X509 V3 certificates.
Key size
Specifies the key size of the private key that is used by the personal certificate.
Common name
Specifies the common name portion of the distinguished name (DN). It is recommended this name is the host name of the machine where the certificate resides. In some cases, the common name is used to login during Secure Sockets Layer (SSL) certificate authentication, so this name might be used as a user ID for a local operating system registry in some cases.
Validity period
Specifies the length, in days, when the certificate is valid. The default is 365 days.
Organization
Specifies the organization portion of the distinguished name.
Organization unit
Specifies the organization unit portion of the distinguished name. This is an optional value.
Locality
Specifies the locality portion of the distinguished name. This is an optional value.
State/Province
Specifies the state portion of the distinguished name. This is an optional value.
Zip code
Specifies the zip code portion of the distinguished name. This is an optional value.
Country or region
Specifies the country portion of the distinguished name.
Issued to
Specifies the distinguished name of the entity that requested the certificate.
Issued by
Specifies the distinguished name of the entity that issues the certificate. This name is the same as the issued to distinguished name when the personal certificate is self-signed.
Serial number
Specifies the certificate serial number that is generated by the issuer of the certificate.
Fingerprint (SHA digest)
Specifies the SHA hash of the personal certificate, which can be used to verify that the certificate has not been altered when it is used in a remote connection.
Signature algorithm
Specifies the algorithm that is used to sign the certificate.
Receive certificate from CA
Receive your personal certificate from the certificate authority (CA) to replace the temporary certificate associated with the public/private keys in the certificate request that is stored in the key store.
Certificate file name
Specifies the file name that contains the certificate that is generated by the certificate authority.
Path
Specifies the fully qualified path of the certificate file.
Data type
Specifies the format of the file that is either Base64 encoded ASCII data or Binary DER data.
Replace certificate
Replaces a certificate with a new certificate. Also replaces signer certificates.
Old certificate
Specifies the certificate that you want to have replaced.
Replace with
Specifies the certificate that replaces the old certificate.
Delete old certificate after replacement
Specifies whether you want to delete the old certificate and all associated signer certificates after the new certificate replaces it. If you do not replace the old personal certificate, it might get a new alias name.
Delete old signers
Specifies whether you want to delete the old signer certificates that are associated with the old certificate after the new signer certificates replace them. If you do not delete the old signer certificates, they might get a new alias name.
Extract certificate
Extracts a certificate from the key store to be added to another key store as a trusted certificate (signer).
Certificate file name
Specifies the file name that contains the extracted certificate.
Path
Specifies the fully qualified path for the certificate file.
Data type
Specifies the format of the file that is either Base64 encoded ASCII data or Binary DER data.
Certificate alias to extract
Displays the name of the certificate that you selected for extraction on the previous panel.
Import certificates from a key file
Imports a certificate, including the private key, from a key store file.
Key file name
Specifies the key store file name that contains the certificate to import.
Path
Specifies the fully qualified path of the key store file, not including the key store file name. The key store to import from must be located on the physical machine where the administrative server process is running (for example, AdminConsole, wsadmin connection).
Type
Specifies the type of key store file. The valid types are listed in the menu.
Key file password
Specifies the password that is used to access the key store file.
Get key file aliases
Certificate alias to import
Specifies the certificate alias within the specified key file name, which is specified in the Key file name field, that you want to import into the current key store.
Imported certificate alias
Specifies the new alias that you want the certificate to be named in the current key store.
Export certificates to a key file
Exports a certificate, including the private key, to a specified key store file.
Key file name
Specifies the key store file name into which the exported certificate is added. If the key store filename already exists, the exported certificate will be added. If the key store filename does not already exist, one will be created, and the exported certificate will be added.
Path
Specifies the fully qualified path of the key store file, not including the key store file name.
Type
Specifies the type of key store file, as listed in the menu.
Key file password
Specifies the password that is used to access the key store file.
Certificate alias to export
Displays the name of the certificate that you selected to export on the previous panel.
Signer certificates
Manages signer certificates in key stores.
Manages signer certificates in key stores.
Add
Extract
Add from managed port
Retrieve from port
Add signer certificate
Adds a signer certificate to a key store.
File name
Specifies the file name where the encoded signer certificate is located.
Path
Specifies the fully qualified path where the signer certificate file name is located, not including the file name.
Data type
Specifies the format of the file that is either Base64 encoded ASCII data or Binary DER data.
Alias
Specifies the alias that this signer certificate is referenced by in the key store.
Version
Specifies the version of the personal certificate. Valid versions include X509 V3, X509 V2, or X509 V1.
Key size
Specifies the key size of the public key that is used by the signer certificate.
Serial number
Specifies the certificate serial number that is generated by the issuer of the certificate.
Validity period
Specifies the begin and end dates of the certificate.
Issued to
Specifies the distinguished name of the entity that requested the certificate.
Issued by
Specifies the distinguished name of the entity that issued the certificate. This name is the same as the issued to distinguished name when the signer certificate is self-signed.
Fingerprint (SHA digest)
Specifies the SHA hash of the certificate. This hash can be used to verify the certificate hash at another location such as the client side of a connection.
Signature algorithm
Specifies the algorithm that is used to sign the certificate.
Extract signer certificate
Extracts a signer certificate from a personal certificate to a file.
File name
Specifies the file name where the extracted signer certificate is placed.
Path
Specifies the location of the signer certificate file.
Data type
Specifies the format of the file that is either Base64 encoded ASCII data or Binary DER data.
Retrieve from port
Makes a test connection to a Secure Sockets Layer (SSL) port and retrieves the signer from the server during the handshake.
Host
Specifies the host name to which you connect when attempting to retrieve the signer certificate from the Secure Sockets Layer (SSL) port.
Port
Specifies the Secure Sockets Layer (SSL) port to which you connect when attempting to retrieve the signer certificate.
SSL configuration for outbound connection
Specifies the Secure Sockets Layer (SSL) configuration that is used to connect to the previously specified SSL port. This configuration is also the SSL configuration that contains the signer after retrieval. This SSL configuration does not need to have the trusted certificate for the SSL port as it is retrieved during validation and presented here.
Alias
Specifies the certificate alias name that you want to reference the signer in the key store, which is specified in the SSL configuration.
Retrieved signer information
Specifies the signer certificate information if the information is retrieved from the remote host and port.
Personal certificate requests
Manages personal certificate requests, which are temporary place holders for certificates that will be signed by a certificate authority (CA).
Manages personal certificate requests, which are temporary place holders for certificates that will be signed by a certificate authority (CA).
Extract
Certificate information
File for certificate request
Specifies the fully qualified file name from which the certificate request is exported. This portion of the certificate request can be given to the certificate authority (CA) to generate the real certificate. After the real certificate is generated, you can perform an Receive from CA from the personal certificate collection view.
Path
Specifies the location of the requested personal certificate.
Key label
Specifies the alias that represents the personal certificate request in the key store.
Key size
Specifies the size of the keys that are generated.
Common name
Specifies the name of the entity that the certificate represents. This common name can represent a person, company, or machine. For Web sites, the common name is frequently the DNS host name where the server resides.
Organization
Specifies the organization portion of the distinguished name.
Organizational unit
Specifies the organization unit portion of the distinguished name. This is an optional value.
Locality
Specifies the locality portion of the distinguished name. This is an optional value.
State or province
Specifies the state portion of the distinguished name. This is an optional value.
Zip code
Specifies the zip code portion of the distinguished name. This is an optional value.
Country or region
Specifies the country portion of the distinguished name.
Requested by
Specifies the Subject distinguished name (DN) that represents the identity of the certificate request.
Fingerprint (SHA digest)
Specifies the SHA hash of the signer certificate. This hash can be used to verify the certificate hash at the target location.
Signature algorithm
Specifies the algorithm that is used to sign the certificate.
Extract certificate request
Extracts a certificate request and puts it in a file which can later be sent to a certificate authority (CA).
File name
Specifies the file name where the extracted certificate request is placed.
Path
Specifies the location of the requested personal certificate to be extracted.

Manage endpoint security configurations
Displays Secure Sockets Layer (SSL) configurations for selected scopes, such as a cell, node, server, or cluster.
Displays Secure Sockets Layer (SSL) configurations for selected scopes, such as a cell, node, server, or cluster.
Name
Specifies the name of Secure Sockets Layer (SSL) configuration scope, which is derived from a selected object in the hierarchy
Direction
Specifies the direction to which the Secure Sockets Layer (SSL) configuration applies. Inbound refers to any listener port. Outbound refers to outbound end point connections.


Inherited SSL configuration
Specifies the inherited Secure Sockets Layer (SSL) configuration information that is used if none is specified at this scope.
Inherited SSL configuration name
Specifies the name of the Secure Sockets Layer (SSL) configuration that is inherited from a higher level scope.
Inherited certificate alias
Specifies the certificate alias that is inherited from a higher-level scope. This field displays for server and node groups within the object hierarchy.
Specific SSL configuration for this endpoint
Specifies a specific Secure Sockets Layer (SSL) configuration that is associated with this endpoint.
Override inherited values
Specifies the Secure Sockets Layer (SSL) configuration to be used for this scope and any lower scopes that have not already designated an SSL configuration. This field displays for server and node groups within the object hierarchy. This field displays for server and node groups within the object hierarchy.
SSL configuration
Specifies the Secure Sockets Layer (SSL) configuration that is used by requests at this scope.


Certificate alias in key store
Specifies the certificate to use in the key store.
Scopes
Dynamic outbound endpoint SSL configurations
Dynamic endpoint configuration scopes represent an association between an Secure Sockets Layer (SSL) configuration and target protocol, host, and port. When an outbound connection is attempted, this association is verified ahead of the SSL configuration scope association. Based on the protocol,host,port target, the outbound SSL configuration might be different than the default that is specified in the SSL scope configuration.
Specifies the dynamic endpoint configuration scopes, which represent an association between an Secure Sockets Layer (SSL) configuration and target protocol, host, and port.
Name
Specifies a unique name for the dynamic endpoint configuration.
Description
Specifies text that describes the purpose of this dynamic selection criteria.
Connection information
Specifies the set of target protocol, host, port for the outbound request in the form protocol,host,port.
Add connection information
Specifies select information in the form protocol,host,port for the outbound connection. Multiple selection criteria can be entered. An asterisk (*) can be used to mean all protocols, hosts, or ports for any field.
SSL configuration
Specifies the Secure Sockets Layer (SSL) configuration that is used by requests at this scope when a match occurs for the given selection criteria.
Certificate alias
Specifies the certificate alias that is used as the identity for the connection.

Key sets
Manages key sets that control key instances of the same type for use in cryptographic operations.
Manages key sets that control key instances of the same type for use in cryptographic operations.
Key set name
Specifies the key set name that is used to select the key set from a key set group and from run-time application programming interfaces (API).
Key alias prefix name
Specifies the prefix for the key alias when a new key is generated and stored in a key store. The rest of the key alias comes from the key reference version number. For example, if the alias prefix is mykey and the key reference version is 2, then the key store references the key using alias mykey_2. If the key reference already has a specified alias for a key that exists in the key store, then this field is ignored.
Key password
Specifies the password that is used to protect the key in the key store. If a password is specified in the key reference as well, this password is ignored. This password is used for keys that are generated by a key generator class.
Key generator class name
Specifies the class name that generates keys. If the class implements com.ibm.websphere.crypto.KeyGenerator, then a getKey() method should return a java.security.Key object that is set in the key store using the setKey method without a certificate chain. If the class implements com.ibm.websphere.crypto.KeyPairGenerator, then a getKeyPair() method should return a com.ibm.websphere.crypto.KeyPair object containing either a java.security.PublicKey and java.security.PrivateKey or a java.security.cert.Certificate[] and a java.security.PrivateKey. The key generator class and the KeySetHelper API should know the details of the keys that are generated.
Maximum number of keys referenced
Specifies the maximum number of key instances that are returned when keys from this key set are requested. The oldest key reference gets removed whenever a new key reference gets generated once the maximum has been reached.
Generates key pair
Specifies that a key references a key pair instead of a key. The key pair contains both a public key and a private key.
Delete key references that are beyond the maximum number of keys
Specifies that the keys are deleted from the keystore at the same time that the key reference is deleted. The server deletes the older key references as the Maximum number of keys referenced value is exceeded.
Key store
Specifies the key store that contains the keys for storage, retrieval, or both.
Active key history
Manages key alias references in key stores.
Manages key alias references in key stores.
Add key alias reference
Generate key
Add key alias reference
Adds a reference to a key that already exists in a key store. If a key generation class is configured, the references are added automatically during generation and they do not need to be added manually.
Alias reference
Specifies the name of the alias as it appears in the key store.
Password
Specifies the key password to get access to the key. This password is enforced by the key store for that specific key. If the key does not have a password, this field can be left blank.
Key set groups
Manages groups of public, private, and shared keys that enable the application server to control multiple sets of Lightweight Third Party Authentication (LTPA) keys.
Manages groups of public, private, and shared keys that enable the application server to control multiple sets of Lightweight Third Party Authentication (LTPA) keys.
Generate keys
Key set group name
Specifies the name of key set group used. This name can be referenced using the com.ibm.websphere.crypto.KeySetHelper API to retrieve the managed keys from an application.
Key generation
Automatically generate keys
Specifies that the keys are generated automatically on a schedule. When a new key is generated, the security.xml file is updated and saved by the runtime to track the key reference version. This can cause save conflicts when updating the same file from admin applications.
Scheduled time for generation
Specifies the scheduled time when the system generates selected key set group or groups. You can specify the scheduled time in hours and minutes; specify either A.M. or P.M., or specify 24-hour.
Generate on a specific day
Specifies whether to have the generation occur on a specific day of the week. It is best to auto-generate keys during a low peak day.
Generate at an interval
Generates keys at the specified frequency regardless of the day of the week on which generation occurs.

Specifies a set of key instances of the same type for use in cryptographic operations.
Schedules
Specifies the generic schedule definitions that are used in certificate expiration monitors and key set groups.
Specifies the generic schedule definitions that are used in certificate expiration monitors and key set groups.
Schedule name
Specifies the name of the schedule.
Weekday
Specifies the day of the week on which the expiration monitor will run if the Check on a specific day option is selected.
Repeat interval
Specifies the period of time between each schedule time to check for expired certificates or the interval between schedule checks.



Notifications
Specifies the generic notification definitions that are used in certificate expiration monitors.
Specifies the generic notification definitions that are used in certificate expiration monitors.
Notification name
Specifies the name of the notification configuration.
Message log
Specifies that this configuration intends to log certificate expiration information to the message log file.
E-mail notification
Specifies that this configuration intends to send the certificate expiration information in an e-mail to the e-mail list.
E-mail sent to notification list
Specifies that this configuration intends to send certificate expiration information in an e-mail to the e-mail list.
E-mail address to add
Specifies the e-mail address to receive the notification. You must specify the SMTP server for each e-mail address. If an e-mail address is not specified, by default the application server assumes that the SMTP server is called smtp-server.
Outgoing mail (SMTP) server
Specifies the SMTP server to be used with the e-mail address. If none is specified, the e-mail realm will be used.
List of e-mail addresses
Defines a list of e-mail addresses that will receive notification.
Secure Sockets Layer
Specifies the configuration settings that are related to the Secure Sockets Layer (SSL) protocol.
Cryptographic token
Specifies information about the cryptographic tokens that is related to Secure Sockets Layer (SSL) support.
Custom properties
Provides the arbitrary name and value pairs for data. The name is a property key and the value is a string value that you can use to set internal system configuration properties.
Key file
Defines a file that contains public keys and might contain private keys.
Key file name
Provides the fully qualified path to the key file that contains public keys and might contain private keys.
Key file password
Specifies the password that is used to access the key file.
Key file format
Specifies the format of the key file. For more secure key files, use the JCEK format.
Trust file
Specifies a file that contains public keys.
Trust file name
Provides the fully qualified path to a trust file that contains the public keys.
Trust file password
Specifies the password that is used to access the trust file.
Trust file format
Specifies the format of the trust file. For more secure key files, use the JCEK format.
Client authentication
Specifies the whether Secure Sockets Layer (SSL) client authentication should be requested if the SSL connection is used for the server side of the connection. If None is selected, the server does not request a client certificate be sent during the handshake. If Supported is selected, the server requests that a client certificate be sent. If the client does not have a certificate, the handshake might still succeed. If Required is selected, the server requests that a client certificate be sent. If the client does not have a certificate the handshake fails.
Security level
Specifies one of the pre-configured security levels. High, which is the default, specifies 128-bit ciphers; medium specifies 40-bit ciphers; and low specifies digital signing ciphers only without encryption.
Cipher suites
Specifies the list of ciphers that are used during the Secure Sockets Layer (SSL) handshake.
Cryptographic token
Enables and disables cryptographic hardware support.
Provider
Specifies which  Secure Sockets Extension (JSSE) provider is used. The only predefined JSSE provider is IBMJSSE2. When United States Federal Information Processing standard (FIPS) option is enabled, this provider uses IBMJCEFIPS for the Secure Sockets Layer (SSL) encryption and signing.
Predefined JSSE provider
Specifies one of the predefined JSSE providers. IBMJSSE is the only predefined JSSE provider that is supported on the  platform. IBMJSSEFIPS is the Federal Information Processing Standard (FIPS)-approved version of the IBMJSSE provider.
Custom JSSE provider
Specifies a custom provider. For a custom provider, you first must enter the cipher suites by clicking Secure communication > Manage endpoint security configurations > connection_type. Under Related Items, click SSL configurations > configuration_name. Under Additional properties, click Quality of protection (QoP) settings.
Protocol
Specifies the Secure Sockets Layer (SSL) handshake protocol. This protocol is typically SSL_TLS, which supports all handshake protocols except for SSLv2 on the server side. When United States Federal Information Processing standard (FIPS) option is enabled, TLS is automatically used regardless of this setting.
Cipher suite groups
Specifies the various cipher suite groups that can be chosen depending upon your security needs. The stronger the cipher suite strength, the better the security but with performance consequences.
Selected ciphers
Specifies the ciphers that are effective when the configuration is saved. These ciphers are used to negotiate with the remote side of the connection during the handshake. A common cipher needs to be selected or the handshake fails.
Key ring name
Specifies the name of the System Authorization Facility (SAF) keyring that contains public keys and perhaps private keys.
V3 timeout value
Specifies the SSL v3 timeout value. The valid range is 1-86400.


z/OS Additional Settings

Specifies additional authentication settings for requests that are received by this server using the OMG Common Secure Interoperability (CSI) authentication protocol.
Client authentication type
Specifies the type of client authentication that is supported for inbound requests.
SAF identity assertion
Specifies that this server permits a trusted upstream server to assert client identities in the form of System Authorization Facility (SAF) user names.
Distinguished name identity assertion
Specifies that this server permits a trusted upstream server to assert client identities in the form of distinguished names.
Certificate identity assertion
Specifies that this server permits a trusted upstream server to assert client identities in the form of X.509 certificates.
z/OS additional settings

Specifies authentication settings for requests that are sent by this server using the OMG Common Secure Interoperability (CSI) authentication protocol.
Client authentication type
Specifies the type of client authentication that is supported for outbound requests.
z/SAS authentication



This panel specifies authentication settings for requests that are received and sent by this server using the  Secure Authentication Services (z/SAS) authentication protocol.
Basic authentication
Specifies that clients to this server can provide a System Authorization Facility (SAF)-managed user ID and password over a Secure Sockets Layer (SSL) connection. This option requires an Secure Sockets Layer (SSL) settings selection.
Client certificate
Specifies that clients to this server can authenticate using Secure Sockets Layer (SSL) client certificates. The digital certificate that is provided by the client must convert to a System Authorization Facility (SAF)-managed user identity. This option requires a Secure Sockets Layer (SSL) settings selection.
Kerberos
Specifies that this security mechanism uses Secure Sockets Layer (SSL) to establish the client trust in the server. The client authenticates to the server using Kerberos. The Kerberos identity must convert to a System Authorization Facility (SAF)-managed user identity. This option requires that an SSL transport for the IIOP layer be selected.
User ID and password
Specifies that clients can connect to this server with the System Authorization Facility (SAF) user ID and password without requiring that the information is sent over an Secure Sockets Layer (SSL) session.
User ID passticket
Specifies that clients or other servers on the same sysplex can connect to this server with a one-time use credential that represents the System Authorization Facility (SAF)-managed user identity.
Identity assertion inbound
Specifies that inbound requests can be accepted using System Authorization Facility (SAF)-managed user identities that are forwarded by a trusted  application server. Trust is established by receiving the server digital certificate from the sending server. This option is available only if the client certificates option is supported. This option requires an Secure Sockets Layer (SSL) settings selection.
Identity assertion outbound
Specifies the outbound requests that can be accepted using System Authorization Facility (SAF)-managed user identities that are forwarded by a trusted  application server. Trust is established by sending the server digital certificate to the receiving server. This option is available only if client certificates option is supported. This option requires an Secure Sockets Layer (SSL) settings selection.
Support unauthenticated clients
Specifies that the server accepts IIOP requests without any authentication information. If enabled, the security.remote.identity property must be specified to indicate which user identity to associate with requests from a remote server. This property must be specified if another mechanism is not chosen.
SSL settings
Specifies a list of predefined Secure Sockets Layer (SSL) settings for connections. These settings are configured on the Secure communications panels.
z/OS security options

Specifies the global security options for the  platform.
Remote identity
Specifies the System Authorization Facility (SAF)-managed user identity that is associated with unauthenticated clients that make requests of this server from another system.
Local identity
The System Authorization Facility (SAF) user ID that is associated with unauthenticated clients that make requests of this server from the same system.
Enable application server and z/OS thread identity synchronization
Specifies that application servers can process the syncToOSThread option for application components that specify it.
z/OS security options
Configure additional server-level security options for the  platform
Enable the connection manager RunAs thread identity
Sets the  identity associated with the  2 Platform, Enterprise Edition (J2EE) identity on the execution thread. Local JCA connectors may honor the MVS identity for authentication and authorization when an application requests a connection.
Click the  link under Additional Properties to configure the System Authorization Facility (SAF).
SAF authorization options
Configures System Authorization Facility (SAF) authorization properties.
Unauthenticated user ID
Specifies the  user identity that is used to represent unauthenticated callers when SAF authorization is enabled.
SAF profile mapper
Specifies the name of SAF EJBRole profile to which a  2 Platform, Enterprise Edition role name is mapped. The name that you specify implements the com.ibm.websphere.security.SAFRoleMapper interface.
Enable SAF authorization
Use SAF EJBROLE profiles for user to role authorization for both J2EE applications and the Role-based authorization requests (naming and administration) that are associated with the application server run time.
Enable SAF delegation
Specifies that the SAF EJBROLE profiles determine the user ID used for the security role "run as". The information in the application deployment descriptors is ignored.
Suppress authorization failed messages from the z/OS security product
Suppresses the ICH4081 authorization failed messages issued by the z/OS security product when performing security role authorization.
SMF audit record strategy
Determines when an audit record is written to the System Management Facility (SMF). On each authorization call,  or an equivalent SAF-based product, can write an audit record to SMF with the result of the authorization check.

Server security
Security settings can be defined for specific servers and for the entire cell. Server-specific settings take precedence over cell settings.
Defines the security settings for specific servers and for the entire cell. Server-specific settings take precedence over cell settings.
Security settings for this server override the cell settings
Security settings for this server override the cell settings
RMI/IIOP security for this server overrides the cell settings
RMI/IIOP security for this server overrides the cell settings
SAS security for this server overrides the cell settings
SAS security for this server overrides the cell settings.

Servers
Servers
Application servers
Version 5 JMS servers
Status
Started
Stopped
Unavailable
JMX Error:Attribute not found
Type
Process Id
State
Manage Local Server
Manage Transactions
Local Id
Status
Global Id
Manage Transactions
There are no active transactions running on server.
Mbean of type {0} is not found.
operation {0} on mbean of type {1} failed.
ORB Service
Server
Custom Services
Server Components
Server Components
Extensions
Started
Stopped
Service
context
Components
Servers
Custom Properties
Enable service at server startup
Custom Services
prerequisiteServices
External Configuration URL
Classname
Display Name
Description
Classpath
Thread Pool
Minimum Size
Maximum Size
Is Growable
Thread Pools
Name
Description
Custom Properties
BASIC
ADVANCED
Service Context
Services
Custom Services
Component
Custom Properties
parentComponent
ServerComponents
components
ServerComponents
server
Agent
State Management
Statistics Provider
Name
START
STOP
StateManageable
managedObject
ServiceContexts
Initial State
StatisticsProvider
managedObject
ServiceContexts
specification
Extension
name
configURI
Server Component
Name
Administration Services
JMX connectors
Custom properties
JMX connectors
HTTPConnector
JMSConnector
RMIConnector
SOAPConnector
Type
Java Process Definition
jvmEntries
Process Definition
Process Execution
Process Logs
Environment Entries
Monitoring Policy
Executable name
Executable arguments
Working directory
Process Execution
Process Priority
UMASK
Run As User
Run As Group
Run In Process Group
Output Redirect
stdin Filename
stdout Filename
stderr Filename
Java Virtual Machine
Custom Properties
Classpath
Boot Classpath
Verbose class loading
Verbose garbage collection
Verbose JNI
Initial Heap Size
Maximum Heap Size
Run HProf
HProf Arguments
Debug Mode
Debug arguments
Generic JVM arguments
Executable JAR file name
Disable JIT
Operating system name
MonitoringPolicy
Maximum startup attempts
attempts
Ping interval
seconds
Ping timeout
seconds
Ping initial timeout
seconds
Automatic restart
Node restart state
JAVA_CLASS
EXECUTABLE_JAR
STOPPED
RUNNING
PREVIOUS
Version 5 JMS servers
Security Port Endpoint
Description
Number of threads
Queue names
You must select at least one JMS Server to perform this action.
JMSServer cannot be started since Embedded Messaging was not installed on node {0}.
JMSTransport
Service Type
threads
Thread inactivity timeout
milliseconds
Allow thread allocation beyond maximum thread size
ORB Service
interceptors
plugins
lsdConnection
Thread Pool
ssl
Request timeout
seconds
Request retries count
retries
Request retries delay
milliseconds
Connection cache maximum
connections
Connection cache minimum
connections
ORB tracing
Locate request timeout
Force tunnel
WHEN REQUIRED
ALWAYS
NEVER
Tunnel agent URL
Pass by reference
externalConfigURL
ORBPlugin
name
Interceptor
name
LSDConnection
endPoint
mode
NONE
IMPLICIT_CLIENT
EXPLICIT_CLIENT
PROVIDER
Error Stream Redirect
Output Stream Redirect
Cluster Name
modelId
Stream Redirect
File Name
Rollover Type
Max Number Of Backup Files
Rollover Size
Base Hour
Rollover Period
Format Writes
Message Format Kind
Suppress Writes
Suppress Stack Trace
Managed Object
State Management
Statistics Provider
Stopping Server
The server is running the administration application.
If you stop the server, you will be logged out of the current HTTP session and will no longer be able to use this instance of the administrative console.
Start the server again to use the administrative console. If security is enabled, your browser may be able to login next time without being prompted provided the LTPA cookie is still valid.  Since the LTPA cookie is for single-signon (multi-server use), it is not removed from your browser during admin console logout.
Good Bye
Thanks for using the WebSphere administrative console.
Partial Stop
Partial Start
Stopping
Starting
Ports
Port
Port Name
Well-known Port
User-defined Port
User-defined Port name
Select Port name
Specify Port name
Port with name {0} already exists in the configuration.
One or more virtual hosts match the previous host name and port combination of "{0}:{1}" and do not match the new combination of "{2}:{3}." You might need to update the host aliases.
Port number 0 is not valid for this End Point.
Transport Details
System Message Server
Product Information
Components
Extensions
e-Fixes
Product Name
ID
Version
Build Date
Build Level
Build Version
Build Date
Component Name
Spec Version
Extension Name
e-Fix ID
Build Version
Build Date
Components
Pre-reqs
Co-reqs
PTFs
PTF ID
Products
Product Report
History Report
None
Users with accessibility needs can click on the image to obtain status.
Portlet container
Portlet container
Enable portlet fragment cache
Maximum event processes
Node
Cell name
Node name
Administration Service
JMX Connectors
HTTPConnectors
JMSConnectors
RMIConnectors
SOAPConnectors
Preferred connector
HTTPConnector
JMSConnector
RMIConnector
SOAPConnector
Extension MBean Providers
Repository Service
Standalone
ExtensionMBean
descriptorURI
type
Repository Service
Lock timeout
minutes
Audit Enabled
Extension MBean Providers
extensionMBeans
Classpath
Description
Name
Change Log Detail Levels
Logging and Tracing
IBM Service Logs
Diagnostic Trace Service
Debugging Service
Debugging Service
JVM debug port
JVM debug arguments
Debug class filters
BSF debug port
BSF logging level
Add>
0-No logging
1-some logging
2-more logging
3-a lot of logging
DebugService JVMdebugArgs were changed to sync it with DebugService debugPort specified.
DebugService JVMdebugPort was changed to sync it with JVM debugargs port specified with address.
Transaction Service
Transaction log directory
Total transaction lifetime timeout
seconds
Async response timeout
seconds
Client inactivity timeout
seconds
Enable logging for heuristic reporting
Enable file locking
Enable protocol security
Secure WS-TX Transport Chain
Transaction log directory
Total transaction lifetime timeout
seconds
Async response timeout
seconds
Client inactivity timeout
seconds
HTTP proxy prefix
HTTPS proxy prefix
Network partition detection period
Heuristic retry limit
retries
Heuristic retry wait
seconds
Heuristic completion direction
COMMIT
ROLLBACK
MANUAL
Manual transactions - Review
Retry transactions - Review
Heuristic transactions - Review
Imported prepared transactions - Review
Transactions needing manual completion
Transactions retrying resources
Transactions with heuristic outcome
Heuristic outcome
Transactions imported and prepared
Commit
Roll back
Clear
transaction
Transaction resources
Resource
Check the Transactions with heuristic outcome page for any heuristic outcomes.
Installed Applications
Application servers
Name
locationServiceDaemon
applicationServerServices
Transaction Service
Web container
EJB container
id
Classloader policy
Class loading mode
Application
Module
Single
Multiple
Parent first
Application first
ApplicationContainer
Message Listener Service
Listener Ports
Thread Pool
Name
Description
Listener Ports
Description
Connection factory JNDI name
Destination JNDI name
Maximum sessions
Maximum retries
Maximum messages
Started
Connection factory JNDI name
Destination JNDI name
Maximum sessions
Maximum retries
Maximum messages
You must select at least one listener port to perform this action.
Listener port {0} started successfully.
Listener port {0} could not be started.
Listener port {0} stopped successfully.
Listener port {0} could not be stopped.
Create a new application server
Select a node
Select a server template
Specify server specific properties
Confirm new server
Name
Type
System
User Defined
Select the node that corresponds to the server you wish to create.
Core Group
Core Group Name. Name must be unique within cell.
Templates...
Server Templates
Platform
Version
Select a server
Select a server from which you can create a template.
Create new server template
Server Name
You must select a server from which you can create a template.
You must select a template for this operation.
You must select at least one template to perform this action.
Edit
Select node
View more information about this step
The node that is selected on this step will determine the server processes available from which to choose on the next step.
Logical name for server. Name must be unique within node.
Select template
Existing application server
Using an existing application server as a template will copy the configuration for the selected server.
Default application server template
The template version and node version must match.
No matching template found for this node.
Server Name is required.
{0} exists within node {1}.
The server name {0} is invalid. Only alphanumeric characters are allowed.
Map Applications
Map Applications from existing server template
This option only applies when you select "Existing application server" as your template.When selected, applications which were previously installed and mapped to run on the source server will be automatically mapped to run in the new server as well, and any previous binding information (such as users and groups assignments) will be retained.This is different from installing the same application binaries into the new server with a different application name. In that case, a separate copy of binding information for the application would be maintained.
Generate Unique Ports
Generates unique port numbers for every transport that is defined in the source server, so that the resulting server that is created will not have transports which conflict with the original server or any other servers defined on the same node.
HTTP Ports
Server name
The following is a summary of your selections. Click the Finish button to complete the application server creation.
If there are settings you wish to change, click on the Previous button to review server settings.
The following actions will be completed.
New application server \"{0}\" will be created on node \"{1}\", in a new server process.
Possible issues caused by this action.
Ensure that the node \"{0}\" has enough memory to support several processes. If it does not have enough memory, performance will be poor.
New server is created successfully.
Modify variables, resources, and other server configuration settings, such as message broker queue names before running the newly created server.
make sure that HTTP ports are unique for the node before starting server.
Error occured while creating new server.
{0} has already been started
The server configuration for {0} has changed. You must save the configuration to the master repository before starting the server.
You must select at least one application server to perform this action.
{0} has not been started.
An error occurred while stopping {0}. Check the error logs for more information.
If the server still does not start, consider using the terminate option.
{0} server started successfully.
View JVM logs
for further details.
{0} server could not be started.
{0} server could not be restarted.
{0} server stopped successfully.
{0} server restarted successfully.
Stop all servers to be deleted.
Delete Server
Click the OK button below to delete the following server(s). If you do not wish to delete the servers, click the Cancel button to return to the prior  page.
An error occurred while deleting the server.  {0}.  Try to delete the server again. If the error persists,  see the problem determination on the WebSphere Application Server Support Web page on http://www.ibm.com/software/webservers/appserv/was/support/."
createmq could not be run so the JMSServer will not be able to start.
deleteemq operation failed.
System could not contact process to shut down server.Make sure that server is shut down before deleting it.
If you change either the run-as user or the run-as group field, save and synchronize the changes while your node agent is running, before you restart the node agent and change the user file permissions.
There are no nodes that support servers in the configuration. Use the addNode command from the Nodes collection  or from the command line before attempting to create a new server.
Application Server
Confirm stop
Do not show this message again.
Stop server
This option stops applicable servers and all of the applications that run on them.
This action is applicable to the following servers.
This action is not applicable to the following servers.
Server status feedback
Server status provides information about events that occur while the server stops.
Server stop initiated.
Progressing server stop.
Server stop complete.
Immediately stop server
This option stops applicable servers without stopping applications on them and can result in data loss.
Terminate server
This action terminates server process and can result in data loss.
Show confirmation for stop command
Show confirmation for immediate stop command
Show confirmation for terminate command
  
When enabled, the last confirmation criteria entered will be retained. When the user returns to this collection, the page will initially use the retained confirmation criteria to display the collection.
Include cluster members in the collection
When enabled, the collection will include application servers that belong to a server cluster.
Error retrieving cluster name
Server cannot be stopped because the node agent for server {0} on node {1} is not active.
Server cannot be started because the node agent for server {0} on node {1} is not active.
Stop immediate action is not applicable since server {0} is on distributed version 5 node.
Terminate action is not applicable since server {0} is on distributed version 5 node.
Dynamic Cache Service
EJB cache settings
Cleanup interval
milliseconds
Cache size
buckets
EJB container
Passivation directory
Inactive pool cleanup interval
Default data source JNDI name
Enable stateful session bean failover using
memory-to-memory replication
Replication domains are defined, but the memory to memory settings have not been selected.
A reference to a deleted replication domain, \"{0}\", was detected. This reference can cause application failures. You must either click Apply or OK to have this reference removed for you, or you must redefine the replication domain.
The reference to the invalid replication domain was deleted.
Stateful session bean failover has been enabled for you because you configured memory-to-memory replication. Press OK or Apply to accept this change to the EJB settings.
Web container
transports
sessionAffinityTimeout
sessionAffinityFailoverServer
defaultVirtualHostName
enableServletCaching
ROW_SIZE_4KB
ROW_SIZE_8KB
ROW_SIZE_16KB
ROW_SIZE_32KB
Custom tuning parameters
invalidationSchedule
usingMultiRowSchema
maxInMemorySessionCount
allowOverflow
scheduleInvalidation
writeInterval
invalidationTimeout
END_OF_SERVLET_SERVICE
MANUAL_UPDATE
TIME_BASED_WRITE
ONLY_UPDATED_ATTRIBUTES
ALL_SESSION_ATTRIBUTES
InvalidationSchedule
firstHour
secondHour
NONE
DATABASE
DATA_REPLICATION
Session tracking mechanism:
Session management
Custom tuning parameters
Overflow:
Allow overflow
Maximum in-memory session count:
Session timeout:
No timeout
Set timeout
minutes
Enable SSL ID tracking
Enable cookies
Enable URL rewriting
Enable protocol switch rewriting
sessions
Modify...
Cookie settings
Distributed environment settings
Serialize session access:
Allow serial access
Maximum wait time
seconds
Session access on timeout
Allow access on timeout
Override session management
Overwrite
Security integration
Enable
Cookies
Secure cookies
Restrict cookies to HTTPS sessions
Cookie domain
Cookie maximum age
Cookie path
Cookie name
Current browser session
Set maximum age
seconds
Distributed sessions
Modify...
Advanced...
None
Database
Supported for Web container only.
Memory-to-memory replication
Internal messaging domain:
Database settings
Datasource JNDI name:
User ID:
Password:
Confirm password:
DB2 row size:
Table space name:
Multi row schema
Use multi row schema
The passwords do not match. Re-enter both password fields.
Tuning parameters
Tuning level:
Very high (optimize for performance)
High
Medium
Low (optimize for failover)
Custom settings
Modify...
All session attributes
Only updated attributes
End of servlet service
Manual update
seconds
Time based:
Specifies distributed sessions cleanup schedule
First time of day (0-23):
Second time of day (0-23):
Write frequency
Write contents
Schedule sessions cleanup:
HTTP transport
Web containers
Web container
Web container
Thread pool
Session management
HTTP transports
Web container transport chains
You cannot delete the primary HTTP transport for a z/OS server.
Default virtual host:
Servlet caching
Enable servlet caching
Limit pool size
Maximum pool size
Disable servlet request and response pooling
Transports and Chains have been detected! The transports have been changed to use a new model. Use the migration utilities to migrate the transports to the new model.
The transports have been changed to use a new model.  Use the migration utilities to migrate the transports to the new model.
Transports and Chains have been detected! This ThreadPool configuration applies only to the old transport definitions and not the channel chains. Use the migration utilities to migrate the transports to the new model in order to configure a consolidated threadpool.
This ThreadPool configuration applies only to the Transports that currently exist in the configuration, and not to any Webcontainer Chains that may be created. Use the migration utilities to migrate the transports to the new model.
Portlet caching has been disabled since servlet caching was disabled.
Host
Port
Enable SSL
Name Server
bootstrapServerAddress
Servers
Performance Monitoring Service
Performance Monitoring Service
Initial specification level
PMI Modules
Monitoring Level
Specifications
Unable to detect performance monitoring settings, ensure that performance monitoring service is enabled for this server.
The setting for this module was not valid.
Enter either N (None), L (Low), M (Medium), H (High), or X (Maximum).
None - All modules below set to "N" (None).
Standard - All modules below set to "H" (High)
Custom - Modify, add or remove the modules from the below list.
EJB timer service settings
Scheduler Type
Use internal EJB timer service scheduler instance
Use custom scheduler instance
Scheduler JNDI name
Data source JNDI name
Data source alias
Table prefix
Poll interval
seconds
Number of timer threads
Server Instance
Server Instance
Multiple Instances Enabled
Minimum Number of Instances
Maximum Number of Instances
When the {0} checkbox is selected, the fields {1} and {2} are required.
Invalid value specified for the {0} field.  The value should be either zero, which means that an unlimited number of instances can be activated, or greater than or equal to the value specified for the {1} field.
Maximum transaction timeout
seconds
startCommand
startCommandArgs
stopCommand
stopCommandArgs
terminateCommand
terminateCommandArgs
processType
Executable target type
Executable target
Short Name
Short Name of this server(alphanumeric,national @#& 1-8 characters).
Server Specific Short Name
Server Generic Short Name
The server specific short name is not valid
The server generic short name is not valid
Immediate Stop
Terminate
View server logs for further details.
{0} server process could not be terminated.
Short Name
Unique Id
Run in development mode
Parallel start
Server-specific Application Settings
New action invalid: the server already has the maximum number of HTTP transports allowed.
Enable/disable SSL action invalid: the two HTTP transports cannot both be defined as SSL enabled or SSL disabled.
The port number of the bootstrap and the orb listener must be the same.  The change made to the port mumber in this view has caused the port number to change for both the bootstrap and the orb listener.
You must specify a jobname in the start command arguments of the servant process definition before saving the changes.
You must specify a jobname in the start command arguments of the servant and adjunct process definitions before saving the changes.
Access to internal server classes
Allow
Restrict
Container Services
Business Process Services
Server Infrastructure
Java and Process Management
Administration
Messaging
{0} should be an integer in the range {1} through {2}.
Run in 64 bit JVM mode
Due to the change of the Java virtual machine (JVM) mode from 64 bits to 31 bits, the maximum heap size of the JVM for this server has been reset to 2147483647.
Due to the change of the Java virtual machine (JVM) mode from 32 bits to 64 bits, the maximum heap size of the JVM for this server can be increased to 18446744073709551615.
Thread Pool Settings
thread pool settings
System thread pool named ORB.thread.pool was created in your local configuration.
Use the {0} directly associated with the ORB service.
Use the {0} settings associated with the Thread Pool Manager (recommended).
The session management changes apply to both the SIP container and the Web container.
Server {0} did not start in required amount of time, check logs for details
Server {0} did not restart in required amount of time, check logs for details

Specifies the status of the application server. The server is either in Stopped (a red arrow) or Started (a green arrow) state.
Specifies the short name for the server. This name is also used as the JOBNAME for the server.  The default value for this field is BBOSXXX, where XXX is the first free number in the cell that can be used to create a unique short name. For example, if default values are already used for two other servers in the cell, BBOS003 is the next default value that is assigned.
Specifies the short name for the server that is converted into the cluster short name if the server becomes a cluster member. The default value for this field is BBOSXXX where XXX is the first free number in the cell that can be used to create a unique short name. For example, if default values are already used for another servers in the cell, BBOS002 is the next default value that is assigned.
Specifies the type of server.
Specifies the native operating system process ID for this server.
Specifies the run time state for this server.
Specifies settings for the transactions that are active on the application server.
Specifies settings for the object request broker service.
Specifies the context name for the model context for this server. The context name supports the concept of configuration value inheritance. If the configuration value is not set in the Server context, the runtime environment consults the model identified in the modeled property (if any) for the setting.
Specifies the custom service classes that run within this server and their configuration properties.
Specifies additional runtime components that are configurable.
Specifies the configuration settings for a service that runs within the application server.
Specifies the context or environment in which the service runs.
Specifies additional custom properties that you can configure for this service.
Specifies whether or not the server attempts to start the specified service when the server starts.
Specifies an extension point for configuration data for plug-in services. This field enables you to add custom code that runs during process initialization.
Specifies a list of references to other custom services that are defined in this process. During its initialization process, this custom service waits for these other custom services to be initialized.
Specifies the URL for a custom service configuration file.
Specifies the class name of the service implementation. This class must implement the Custom Service interface.
Specifies the name of the service.
Specifies a description of the custom service.
Specifies the class path used to locate the classes and JAR files for this service.
Use this page to specify a thread pool for the server to use. A thread pool enables server components to reuse threads instead of creating new threads at run time. Creating new threads is typically a time and resource intensive operation.
Settings for the server-defined thread pool named ORB.thread.pool.
Settings for the thread pool directly associated with the ORB
service.

Specifies the minimum number of threads to allow in the pool.
Specifies the maximum number of threads to allow in the pool.
Specifies the number of milliseconds of inactivity that should elapse before a thread is reclaimed.
Specifies whether the number of threads can increase beyond the maximum size configured for the thread pool.
Specifies the thread pools defined for this server.
Specifies a name for the new thread pool. The name must be unique within the server and is used to reference the thread pool in other places in the configuration.
Specifies an arbitrary descriptive text for the thread pool.
Specifies additional custom properties for this thread pool. Some components use custom configuration properties that can be defined here.
Specifies the context or environment in which a service runs.
Specifies the services that are provided by the container to components executing within the context of the container.  The types of services provided by a container are restricted depending on the type of container based upon a comparison of the scope of the service with the scope of the container.
Specifies a process containing remotely callable components.  A server represents the configuration information of a component that can run independently of a parent component in its own process (like a service).  Multiple servers can run within the JVM.
Specifies additional custom properties for this runtime component. Some components use custom configuration properties that can be defined here.
Specifies a larger runtime component that contains these configuration settings.
Specifies additional runtime components that are configurable.
A process, or a set of processes that act as a single logical process, running on a node that provides services and resources to applications through the containers and services that are running within it.

Specifies whether or not the server can control the state of the managed resource, that is, start and stop it.
Specifies whether or not the managed resource can generate performance metrics.
Specifies the name of the managed object that represents this live object.  This managed object name acts as one component of a calculated hierarchical name that can be used with a management agent process to locate the operational control interface for the live object at run time.
Specifies configuration settings for managed objects that have a life cycle (start, stop, etc.).
Specifies the object that can be started or stopped.
Specifies the execution state requested when the server is first started.
Specifies the component execution state requested when the server is first started.
Specifies configuration settings for managed objects which provide statistical information, such as performance data.
Specifies the object that provides performance metrics.
Specifies a specification string that is used to specify performance monitoring settings for the managed object.



This page provides access to configuration settings related to specific types of server functionality, such as application server, JMS server, and name server settings. Depending on the primary type of a server, the list of server components that are configured for the server might vary.
Specifies the name of the server.
Specifies settings for administration facility for this server, such as administrative communication protocol settings and timeout settings.
Use this page to view and change the configuration for  Management Extensions (JMX) connectors. Connectors provide a communication channel between  Application Server managed processes based on a specific communications protocol.
Specifies arbitrary configuration properties that apply to this JMX connector.
Specifies a JMX connector that supports the HTTP communications protocol.
Specifies a JMS resource.
Specifies a JMX connector that supports the Remote Method Invocation (RMI) communications protocol.
Specifies a JMX connector that supports the Simple Object Access Protocol (SOAP) communications protocol.
Specifies the type of the JMX connector.
Specifies whether or not the  processes require additional information to be passed to the  virtual machine when the process is created.
Specifies a  list of configurations for  virtual machines associated with this server.
Use this page to configure a process definition. A process definition defines the command line information necessary to start or initialize a process.
Specifies properties, such as RunAs permissions, Umask, and process priority, that control how the operating system process runs, .
Specifies a set of properties that control how the process native input and output streams are directed.
Specifies settings that are added to the runtime environment for the process.
Specifies properties that control how the process is monitored by the node agent.
Specifies the executable name of the process.
Specifies executable commands that run when the process starts.
Specifies the file system directory in which the process will run.
Use this page to configure additional process execution settings. These settings are not used on the Microsoft  platform.
Specifies the operating system priority for the process. Only root users can change the value specified in this field.
Specifies the user mask under which the process runs (the file-mode permission mask).
Specifies the user name under which the process runs.
Specifies the group that the process belongs to and under which the process runs.
Specifies a process for a specific process group. The value specified in this field can be used for such things as processor partitioning. For example, a system administrator can assign a process group to run on 6 of 12 processors. The default value 0 (zero) indicates that the process is not assigned to any specific group.
Specifies the names of the files to which standard in, out, and err streams are redirected.
Specifies the file to which input and output for standard streams are redirected.
Specifies the file to which the standard output stream is directed. The file name can include a symbolic path name defined in the variable entries.
Specifies the file to which the standard error stream is directed. The file name can include a symbolic path name defined in the variable entries.
Use this page to configure advanced  virtual machine settings.
Specifies  system properties that are set in memory for this JVM.
Specifies whether or not the JVM can control the state of the managed resource. In other words, start and stop it.
Specifies the standard class path in which the  virtual machine looks for classes.
Specifies bootstrap classes and resources for a JVM. This option is only available for JVMs that support bootstrap classes and resources. You might separate multiple paths by a colon (:) or semicolon (;), depending on operating system of the node.
Specifies whether to use verbose debug output for class loading. The default is not to enable verbose class loading.
Specifies whether to use verbose debug output for garbage collection. The default is not to enable verbose garbage collection.
Specifies whether to use verbose debug output for native method invocation. The default is not to enable verbose JNI.
Specifies the initial heap size available to the JVM (in megabytes).
Specifies the maximum heap size available to the JVM, in megabytes.
Specifies whether to use HProf profiler support. To use another profiler, specify the custom settings for the profiler using the HProf Arguments setting.  The default is not to enable HProf profiler support.
Specifies command-line profiler arguments to pass to the  virtual machine that starts the application server process. You can specify arguments when HProf profiler support is enabled.
Specifies whether to use the JVM debug output. The default is not to enable debug mode support.
Specifies command-line debug arguments to pass to the  virtual machine that starts the application server process. You can specify arguments when Debug Mode is enabled.
Specifies additional command line arguments for the JVM.
Specifies a full path name for an executable JAR file that the  virtual machine uses.
Specifies whether or not you want the Just-In-Time (JIT) compiler for the JVM disabled.
Specifies JVM settings for a given operating system. When started, the process uses the JVM settings for the operating system of the node.
Use this page to configure policy settings for performance monitoring of the application server.
Specifies the maximum number of times to attempt to start the application server before giving up.
Specifies the frequency of communication attempts between the parent process, such as the node agent, and the process it has spawned, such as an application server. Adjust this value based on your requirements for restarting failed servers. Decreasing the value detects failures sooner; increasing the value reduces the frequency of pings, reducing system overhead.
Specifies the interval after which no response from the monitored process is assumed to indicate that it is faulty.
Specifies the maximum time in seconds for the server to finish initialization. After this time elapses, the administrative server attempts to restart the server.
Specifies whether the process should restart automatically if it fails. The default is to restart the process automatically.
Specifies the processing state attained if the autoRestart option is enabled.  The options are: STOPPED, RUNNING, PREVIOUS. The default is STOPPED.
Use this page to view or change the configuration properties of the selected JMS server. The JMS functions on a node within the  Application Server administration domain are served by the JMS server on that node.
Specifies the TCP/IP port number of the listener port that is used internally by the JMS server.
Specifies a description of the JMS server, for administrative purposes.
Specifies the number of concurrent threads that can be used by the Pub/Sub matching engine.
Specifies the names of queues hosted by this JMS server.

Specifies the service type.
Use this page to configure the object request broker (ORB).
Specifies a list of interceptors that the ORB calls during every IIOP request.
Specifies a list of plug-ins that the ORB calls during ORB initialization.
Specifies the reference to the Location Service Daemon that the ORB uses to resolve indirect IORs.
Specifies the thread pool settings for the ORB.
Specifies the Secure Sockets Layer (SSL) settings for the server.
Specifies the number of seconds that the ORB waits before timing out on a request message.
Specifies the number of times that the ORB attempts to send a request if a server fails. Retrying sometimes enables recovery from transient network failures.
Specifies the number of milliseconds between request retries.
Specifies the largest number of connections that can occupy the connection cache for a service.
Specifies the smallest number of connections that can occupy the connection cache for a service.
Specifies whether tracing of ORB GIOP messages occurs. This setting is ignored if ORB tracing is not enabled.
Specifies the number of seconds the ORB waits before timing out on a LocateRequest message.
Specifies how the client ORB attempts to use HTTP tunneling.
Specifies the URL of the servlet used to support HTTP tunneling. This field is only required if the Force tunnel field is set to ALWAYS or WHEN REQUIRED. Otherwise, the ORB ignores the value specified for this field.
Specifies whether the ORB is to pass parameters by reference instead of by value. If the parameters are passed by reference, a copy operation is bypassed. Enable this function with caution, because unexpected behavior might occur.

Click to specify additional custom properties. You can add ORB custom properties. However, it is strongly recommended that you do not modify or delete any of the default values set during product installation unless directed to do so by IBM support personnel.
Specifies a custom code that is specified to extend the ORB.  A plug-in captures the class that contains the custom logic.  During server initialization, the server takes the name of the plug-in and prefaces that name with com.ibm.CORBA.ORBPluginClass.XXX.
Specifies the unqualified class name of the plug-in to load and initialize.
Specifies the interceptors that the ORB invokes during every IIOP request.
Specifies the class name for the interceptor.
Specifies the properties for connecting to a location service daemon (LSD).  An LSD is a server, listening on a fixed port, that processes requests to locate persistent object references and redirects clients to the appropriate application server.  See the LocationServiceDaemonServer server for LSD server process configuration.

Specifies the location service daemon's mode.
Specifies the stream redirection settings for System.err.
Specifies the stream redirection settings for System.out.
Specifies the cluster name if the server is part of a cluster.

Specifies settings for redirecting standard  IO streams.
Specifies the name of the file to which the stream should be redirected.
Specifies the type of rollover algorithm that is in effect.
Specifies the number of archive files.
Specifies the size, in megabytes, for size-based rollover.
Specifies the hours at which time-based rollover starts.
Specifies the time-based rollover period.
Specifies whether write operations are formatted like log entries.
Specifies the desired format for messages. Valid values include basic and advanced. Default is basic.
Specifies whether writes to this stream should be suppressed.
Specifies if stack traces in the messages should be replaced by the exception message only. Default is false (no suppression).
Specifies the configuration representation for an object that an agent process can manage.
Specifies whether the managed resource can generate performance metrics.
Specifies the TCP/IP ports this server uses for connections.

Specifies the name by which the port is known for administrative purposes.
Specifies the product information for this installation of  Application Server.
Specifies the components that are installed on the current system.
Specifies the extensions that are installed on the current system.
Specifies the service updates that are installed on the current system.
Specifies the PTFs that are installed on the current system.
Specifies a detailed product information report for the current state of the system.
Specifies a detailed historical report of the product information.
Specifies the node name for the node agent server.
Specifies the name of the cell in which this server is running.
Specifies the name of the node in which this server is running.
Specifies the service logic that controls all administrative function within the managed process.
Specifies the connectors that provide a communication channel between  managed processes based on a specific communications protocol.
Specifies the preferred JMX Connector type. Available options, such as SOAPConnector or RMIConnector, are defined using the JMX Connectors page.
Specifies a list of the libraries that contain elements that support the ExtensionMBean mechanism for extending the admin service with additional JMX MBeans.
Specifies the configuration data for the repository service.
Specifies whether the server process is a participant in a Network Deployment cell or not. If true, the server does not participate in distributed administration. If false, the server participates in the Network Deployment system.
Use this page to identify the location of the MBean metadata.
Specifies the location of the MBean descriptor file relative to the provider class path.
Specifies the type to use for registering this MBean. The type must match the type that is declared in the MBean descriptor file.
Use this page to view and change the service logic for the configuration repository.
Specifies the number of minutes that  must elapse before a lock on a repository that has not been manually unlocked is automatically unlocked.
Specifies whether to audit repository updates in the log file.
Use this page to view and change the configuration for  Management Extensions (JMX) extension MBean providers. Each MBean provider is a library that contains an implementation of a JMX MBean and its MBean Extensible Markup Language (XML) descriptor file. Use the library to extend the  managed resources in the core administrative console.
Specifies MBean definitions that are not included with  Application Server.
Specifies the class path that contains the provider library where the MBean descriptor is located. The class loader needs this information to load and parse the extension MBean XML descriptor file.
Specifies arbitrary descriptive text for the Extension MBean Provider configuration. Use this field to provide text that helps identify the provider configuration.
Specifies a name to be used to identify the extension MBean provider library.
Specifies the logging and trace settings for this server.
Specifies the settings for the IBM service log, also known as the activity log.
Use this page to view and modify the properties for the diagnostic trace service.
Specifies the settings for the debugging service, to be used in conjunction with a workspace debugging client application.
Specifies a model of the attributes needed for debugging a JVM and various components, such as the BSF manager.
Specifies the port that the JVM will listen on for debug connections.
Specifies the debug argument string used to start the JVM in debug mode.
Specifies an array of classes to filter out during debugging.   When running in step by step mode the debugger will not stop in classes that match a filter entry.
Specifies the port used to start the BSF debug manager with listening on.
Specifies the level of logging the BSF debug manager provides.
Use this page to specify settings for the transaction service. The transaction service is a server runtime component that can coordinate updates to multiple resource managers to ensure atomic updates of data. Transactions are started and ended by applications or the container in which the applications are deployed.
Specifies the name of a directory for this server where the transaction service stores log files for recovery.
The default maximum time, in seconds, allowed for a transaction that is started on this server before the transaction service initiates timeout completion. Any transaction that does not begin completion processing before this timeout occurs is rolled back.
Specifies the amount of time, in seconds, that the server waits for responses to WS-AT protocol messages.
Specifies the maximum duration, in seconds, between transactional requests from a remote client. Any period of client inactivity that exceeds this timeout results in the transaction being rolled back in this application server.
Specifies whether the application server logs about-to-commit-one-phase-resource events from transactions that involve both a one-phase commit resource and two-phase commit resources.
Specifies whether the use of file locks is enabled when opening the transaction service recovery log.
Specifies whether the secure exchange of transaction service protocol messages is enabled.
Specifies the transport chain for WS-TX protocol messages when server security is enabled.
Specifies the name of a directory for this server where the transaction service stores log files for recovery.
Specifies the default maximum time, in seconds, allowed for transactions started on this server to complete. Any such transactions that do not complete before this timeout occurs are rolled back.
Specifies the amount of time, in seconds, that the server waits for an inbound Web Services Atomic Transaction (WS-AT) protocol response before resending the previous WS-AT protocol message.
Specifies the maximum duration, in seconds, between transactional requests from a remote client. Any period of client inactivity that exceeds this timeout results in the transaction being rolled back in this application server.
Specifies the number of seconds to check the recovery log for another server, after network problems prevent communication, before trying peer recovery for that server.
Specifies the number of times that the application server retries a completion signal, such as commit or rollback. Retries occur after a transient exception from a resource manager or remote partner, or if the configured asynchronous response timeout expires before all Web Services Atomic Transaction (WS-AT) partners have responded.
Specifies the number of seconds that the application server waits before retrying a completion signal, such as commit or rollback, after a transient exception from a resource manager or remote partner.
Specifies the prefix used by WS-AtomicTransaction and WS-BusinessActivity requests that are sent through an intermediary node using the HTTP protocol.
Specifies the prefix used by WS-AtomicTransaction and WS-BusinessActivity requests that are sent through an intermediary node using the HTTPS protocol.

Specifies the direction that is used to complete a transaction that has a heuristic outcome; either the application server commits or rolls back the transaction, or depends on manual completion by the administrator.
Specifies the number of transactions that await manual completion by an administrator.
Specifies the number of transactions with some resources being retried.
Specifies the number of transactions that have completed heuristically.
Specifies the number of transactions that are imported and prepared but not yet committed.
Use this page to review transactions that need manual completion.
Use this page to review transactions with resources being retried.
Use this page to review transactions that completed with a heuristic outcome.
Use this page to review transactions that have been imported and prepared but not yet committed.
Specifies the resources that are used by the transaction.
Use this page to manage applications that are installed into this server.
Use this page to view a list of the application servers in your environment and the status of each of these servers. You can also use this page to change the status of a specific application server.
Use this page to configure an application server. An application server is a server that provides services required to run enterprise applications.
Specifies the display name for the server.

Use this page to configure application server services.
Specifies settings for the transaction service, as well as manage active transaction locks.
Specifies the thread pool and dynamic cache settings for the container. Also, specify session manager settings such as persistence and tuning parameters, and HTTP transport settings.
Use this page to specify the cache and data source information for the EJB container.
A server can be assigned a unique identifier.
Specifies whether there is one class loader for all applications (Single) or a separate class loader for each application (Multiple).
Specifies the class loading mode when the application class loader policy is Single.

Use this page to configure the message listener service. This service provides the message-driven bean (MDB) listening process, in which message-driven beans are deployed against listener ports that define the JMS destination to listen upon. These listener ports are defined within this service along with settings for its thread pool.
Specifies the message listener ports configured in the administrative domain.
Specifies the message listener service MDB thread pool settings
Specifies the name by which the message listener service is known for administrative purposes.
Specifies the message listener service is an extension to the JMS functions of the JMS provider.  It provides a listener manager that controls and monitors one or more JMS listeners, which each monitor a JMS destination on behalf of a deployed message-driven bean.
Specifies the name of the listener port
Use this page to configure listener ports upon which message-driven beans listen for messages. Each port specifies the JMS connection factory and JMS destination that a message-driven bean, deployed against that port, listens upon.
Specifies a description of the listener port, for administrative purposes
Specifies the JNDI name for the JMS connection factory to be used by the listener port; for example, jms/connFactory1.
Specifies the JNDI name for the destination to be used by the listener port; for example, jms/destn1.
Specifies the maximum number of concurrent JMS server sessions that are used by a listener to process messages, in the range 1 through 2147483647.
Specifies the maximum number of times that the listener tries to deliver a message before the listener is stopped, in the range 0 through 2147483647.
Specifies the maximum number of messages that the listener can process in one JMS server session, in the range 0 through 2147483647.
Specifies the execution state of listener port
Specifies the JNDI name for JMS connection factory to be used by the listener thread.
Specifies the JNDI name for JMS destination to be used by the listener thread.
Specifies the maximum number of concurrent JMS server sessions used by a listener to process messages, in the range 1 through 2147483647.
Specifies the maximum number of times that the listener tries to deliver a message before the listener is stopped, in the range 0 through 2147483647.
Specifies the maximum number of messages that the listener can process in one JMS server session, in the range 0 through 2147483647.
Use this page to create a new application server.
Description
Use this page to create an application server template. Server templates are copies of server configuration data that can be used as a starting point for creating servers.
Use this page to specify a name and description for the new server template you are creating. The new template will be created based on the configuration of the selected server.
Specifies the name of the server from which you are creating the template.
Specifies the name of the template you are creating.
Specifies a description of the template you are creating.
Use this page to configure the dynamic cache service of this server.
Use this page to configure the cache. Each EJB container maintains a cache of bean instances for ready access.
Specifies the interval at which the container attempts to remove unused items from the cache in order to reduce the total number of items to the value of the cache size.
Specifies the number of buckets in the active instance list within the EJB container.
Specifies that an EJB container is a component of a J2EE application server that provides runtime services to EJB modules that can be deployed within it.
Specifies the directory into which the container saves the persistent state of passivated stateful session beans.
Specifies the interval at which the container examines the pools of available bean instances to determine if some instances can be deleted to reduce memory usage.
Specifies the JNDI name of a data source to use if no data source has been specified during application deployment. This setting is not applicable for EJB 2.x-compliant CMP beans.
Specifies whether the EJB container attempts failover for stateful session beans.
Use this page to configure a Web container handles clients requests for Web Application resources such as, but not limited to, servlets and JSP files. The Web container creates servlet instances, loads and unloads servlets, creates and manages request and response objects, and performs other tasks for managing the components of a Web Application effectively. An application server contains only one Web container, or none. The Web server plug-ins, provided by the  Application Server product, give Web servers the capability to pass resource requests to the  Application Server Web container.
Use this page to view a list of transports that are defined for the Web container.
Specifies the thread pool settings for the Web container
Specifies the time period after which the Web container can switch the HTTP session affinity for requests to a different server instance. In certain situations, this switching can improve load balancing performance.    Default: 0  Range: 0-MAX_INT
Specifies the name of a server within the server group to which affinity requests are routed, instead of using random server selection. When WLM is utilized and a server of a server group is down, WLM normally routes requests with affinity to the down server to another random server within the server group.

Specifies the virtual host that is used as the default host for Web applications.  This virtual host specification can be overridden during application installation.
Specifies whether servlet caching is enabled. If portlet caching is enabled, this option is disabled whenever servlet caching is disabled. Disabling servlet caching automatically disables portlet fragment caching.
Specifies that the web container should limit the number of servlet request and response objects that are pooled by the web container. The default size is false, which would mean no limit.
Specifies the maximum number of number of servlet request and response objects that are pooled and reused by the web container. If the maximum pool size specified is 0, the web container will disable pooling of the servlet request and response objects, resulting in new objects being created for each request. If the pool size specified is greater than 0, the maximum number of pooled objects will be reused. If there are no more objects available in the pool, the web container will create new objects to process subsequent requests. Possible values are 0 to MAXINT.

Use this page to specify tuning parameters for session management.
Specifies the two hours of a day at which invalidator process goes to the database to clean up the invalidated persistent sessions. Specify the times at which activity to the site is minimum. The purpose of this to reduce the activity to the sessions database. With this option on, the number of updates to the database which are required to keep HTTP sessions alive are reduced. If this field is not enabled, the invalidator process runs every few minutes to remove invalidated HTTP sessions.
Specifies whether to place each instance of application data in a separate row in the database, allowing larger amounts of data to be stored per session. This can yield better performance in certain usage scenarios.  True - Place each instance of application data in a separate row of the database   False - Allow instances of application data to be placed in the same row
Specifies the maximum number of sessions to maintain in memory.
Specifies whether to allow the number of sessions in memory to exceed the value specified for In-memory Session Count.  If true is specified, overflow is allowed.  If false is specified, the number of sessions in memory is limited to the number specified for In-memory Session Count.
Specifies when to clean the invalid sessions from persistent store.
Specifies when the session is written to the persistent store.
Specifies, in seconds, how often the session data is written to the database when the write frequency is specified as TIME_BASED_WRITE,  The value must be a positive integer in the range from 5 to 9999. When configured, the InvalidationTimeout setting should, at a minimum, be twice as large as the write interval.
Specifies whether or not only updated attributes should be written to the persistent store or all of the session attributes should be written to the persistent store, whether or not they have changed. If you specify only updated attributes, only the updated attributes will be written to the persistent store  If you specify all session attributes, all attributes are written to the persistent store.
Specifies the time interval a session is allowed to go unused before it will no longer be considered valid.  -1 specifies that the session will not be invalidated.  This value is used as a default when the session timeout is not specified in a web application's deployment descriptor.  To preserve performance, the invalidation timer is not accurate to the second. It is safe to assume that the timer is accurate to within two minutes.  When write frequency is time-based, this value should be minimally twice as large as write interval.
Specifies the two hours of a day at which invalidator process goes to the database to clean up the invalidated persistent sessions. Specify the times at which activity to the site is minimum. The purpose of this is to reduce the activity to the sessions database. With this option on, the number of updates to the database which are required to keep  HTTP sessions alive are reduced. If this field is not enabled, the invalidator process runs every few minutes to remove invalidated HTTP sessions.
Specifies the first hour during which the invalid sessions are cleared from the external location. This value must be a positive integer between 0 and 23. This is valid only when schedule invalidation is enabled.
Specifies the second hour during which the invalid sessions are cleared from the external location. This value must be a positive integer between 0 and 23. This parameter is valid only when schedule invalidation is enabled.

Specifies tuning parameters in a distributed environment.
Use this page to configure session manager properties to control the behavior of Hypertext Transfer Protocol (HTTP) session support.  These settings apply to both the SIP container and the Web container.
Specifies a mechanism for HTTP session management.
Specifies whether to allow the number of sessions in memory to exceed the value specified for maximum in-memory session count. This feature is valid only in nonpersistent sessions mode.
Specifies the maximum number of sessions to maintain in memory.
Specifies how long a session is allowed to go unused before it is considered not valid.   Specify either  or . If you choose to set the timeout, the value must be at least two minutes, specified in minutes.
Specifies sessions persistence type.
Specifies whether to prohibit concurrent session access in a given server (JVM).
Specifies, in seconds,  the maximum amount of time a servlet request waits on an HTTP session before continuing execution.
Specifies whether the servlet is run normally or ended abnormally in the event of a timeout. If this field is selected, the servlet runs normally. If the field is not selected, the servlet ends abnormally and error logs are generated.
Specifies whether this session manager settings are used for the current module. Default is to use session manager settings defined on the parent object.
Specifies whether security integration is enabled. When security integration is enabled, the session manager associates the identity of users with their HTTP sessions.

Use this page to specify cookie settings for Hypertext Transfer Protocol (HTTP) session management.
Specifies a name for the cookie that is used for session management. This name must be unique. The servlet specification requires this name to be JSESSIONID. However, for flexibility, this value is configurable.
Specifies whether session cookies include the secure field. Enabling this feature restricts the exchange of cookies to HTTPS sessions.
Specifies the value of the domain field of a session tracking cookie. This value dictates to the browser whether to send a cookie to particular servers. For example, if you specify a particular domain, session cookies are only sent to hosts in that domain. The default domain is the server.
Specifies the amount of time that the cookie lives on the client browser. This value corresponds to the time to live (TTL) value described in the cookie specification.
Specifies whether the cookie is sent to the URI requested based on the path. Specify any string representing a path on the server. A slash (/) indicates root directory.   Specify a value to restrict the paths to which the cookie is sent. By restricting paths, you can keep the cookie from being sent to certain URLs on the server. If you specify the root directory, the cookie is sent no matter which path on the given server is accessed.


Use this page to specify how session data is saved in a distributed environment.  The SIP container uses only memory-to-memory replication for distributed sessions.


Use this page to specify your database settings.
Specifies the JNDI name of the data source from which the session manager obtains the database connections.
Specifies the user ID for database access.
Specifies the password required for database access.
Specifies the password a second time to ensure it recorded correctly.
Specifies the table space page size configured for the sessions table, if using a  database. Possible values are 4, 8, 16, and 32 kilobytes (K). The default row size is 4K.
Specifies the table space name used for the sessions table.
Specifies whether to place each instance of application data in a separate row in the database.
Use this page to select the session manager tuning options for managing session data in a distributed environment.  These tuning options apply to the Web container only.
Click to configure the predefined session manager tuning settings that affect performance.
Specifies when to clean the invalid sessions from external location.
Use this page to configure an HTTP transport for communicating requests to the Web container.
Click to configure the Web container
Click to configure the session manager that is associated with this Web container and the SIP container.
Click to configure the HTTP transports associated with this Web container.
Click to configure transport channel service chains that lead to this Web container.

Specifies the default virtual host for this server.
Specifies whether servlet caching is enabled.
Specifies whether servlet request and response pooling is disabled.

Specifies the host IP address to which to bind for the transport.
Specifies the port to bind for the transport. Specify a port number between 1 and 65535. The port number must be unique for each application server instance on a given machine.
Use this page to configure a naming service provider for the application server.
Specifies the bootstrap server address, which is the endpoint for the bootstrap server of the name server. An endpoint includes a host name and port number. Naming clients specify a bootstrap server host and port to obtain an initial naming context from the associated name server.
Use this page to configure performance monitoring, including enabling performance monitoring, selecting the PMI module and setting monitoring levels.
Use this page to configure Performance Monitoring Infrastructure (PMI)
Specifies a Performance Monitoring Infrastructure (PMI) specification string that stores PMI specification levels for all components in the server.Levels N,L,M,H,X represent None,Low,Medium,High,Maximum respectively.
Use this page to configure and manage the EJB timer service for a specific EJB container.

Specifies the scheduler for the EJB timer service to use.
Specifies a scheduler for the timer service to use.
Specifies a previously configured scheduler for the timer service to use.
Specifies the JNDI name of a scheduler instance to use for managing and persisting EJB timers.
Specifies the name of the data source where persistent EJB timers are stored.
Specifies the alias for the user name and password that are used to access the data source.
Specifies the prefix string that prefaces the scheduler tables. Multiple independent schedulers can share the same database if each scheduler specifies a different prefix string.
Specifies the interval, in seconds, in which the scheduler polls the database for expiring EJB timers.
Specifies the desired maximum number of threads used for timers.
Use this page to configure servers that might dynamically have more than one servant process (such as on ).
Use this page to configure servers that might dynamically have more than one servant process (such as on ).
Specifies whether multiple server instance feature is enabled for this server.  This setting is ignored on platforms that do not include multiple server instance support.  An example of where this is typically enabled is
Specifies the minimum number of server instances that can be created dynamically.
Specifies the maximum number of server instances that can be created dynamically.
Specifies the maximum time to complete, in seconds, for transactions that run in this server. This value should be greater than or equal to the total transaction timeout.
Specifies the command to start the process.
Specifies the arguments for the command to start the process.
Specifies the command to stop the process.
Specifies the arguments for the stop command.
Specifies the command that to end the process.
Specifies the arguments for the command to end the process.
Specifies the type of server process (Control or Servant).
Specifies whether a  class name or the name of an executable JAR file will be used as the executable target of this  process.
Specifies the name of the executable target (a  class (containing a main() method, or the name of an executable JAR file), depending on the executable target type.
Specifies the short name of the server. This name can contain one to eight characters, which can be alphanumeric or the special characters at-sign (@), number sign (#), or ampersand (&); it cannot start with a numeral.
Specifies the unique identifier for this server.
Specifies whether to speed the startup of the application server during development. Do not enable this setting on production or Version 5 servers.
Specifies whether to start the server on multiple threads. Enabling this function might shorten startup time.
Specifies whether to run the application server in 64-bit JVM mode.  Enabling this field allows the JVM heap to grow larger than 2 gigabytes.  The com.ibm.vm.bitmode API is available to applications that need to determine which bit mode the server is running in.

Determines whether the ORB will use thread pool settings from the server defined thread pool (named ORB.thread.pool) or the thread pool attribute of the ORB object.  Using the named thread pool ORB.thread.pool is the recommended method.  Usage of the thread pool settings specific to the ORB object is deprecated.

Specifies the settings for the portlet container for this server.
Select to enable the portlet fragment cache.
Specifies the maximum number of process event calls that can be issued per request.
Use this page to configure the portlet container.

ActivitySession service
Default timeout
seconds
Application profiling service
5.x compatibility mode
Compensation service
Recovery log directory
Recovery log file size
MB
Compensation handler retry limit
retries
Compensation handler retry interval
seconds
Internationalization Service
Object pool service
Scheduler service
Startup beans service
Work area service
Maximum receive size
Maximum send size
bytes
Work area partition service
Bidirectional
Description
Deferred attribute serialization
Work area partitions
A work area partition with this name already exists.
Enable Web service propagation
Work manager service


Use this page to configure the properties of the ActivitySession service. The ActivitySession service is a unit-of-work service to coordinate one-phase resources or to extend the activation and passivation of an enterprise bean.
Specifies the default timeout for an activity session. A server automatically completes an activity session if a remote client has failed to complete the activity session within this time period.


Specifies the application profiling service that controls the scope and propagation of task names. This value also manages the association of tasks, application profiles, and the policies that are configured within application profiles.
Specifies that J2EE 1.3 applications that use application profiling run exactly as they did in Version 5 and later releases, when set to True. Operation in this mode might cause unexpected deadlocks during database access. Also, tasks do not propagate on remote invocations between J2EE 1.3 and J2EE 1.4 applications. This behavior might result in using unexpected access intent policies and performance degradation, if the applications that are configured with application profiling are installed on the server. When set to False, J2EE 1.3 applications that use application profiling run with the same constraints as J2EE 1.4 applications. In this mode, tasks are established only when a new unit of work begins. The complete unit of work runs under no more than one task. Support for J2EE 1.3 applications that operate with Version 5.x compatibility mode set to True is deprecated as of the Version 6 release. The default value is True.


Use this page to manage the compensation service. The compensation service supports server-level configuration for compensation enablement and logging.
Specifies a directory path that, if set, overrides the location where the compensation service stores log files for recovery of this server.
Specifies the maximum megabyte size of the recovery log file that the compensation service uses for recovery data. The default value is 5 megabytes.
Specifies the maximum number of times that the compensation service retries a compensation handler.
Specifies the time interval, in seconds, that the compensation service waits before retrying a compensation handler.


An internationalized application can be configured to interact with users from different regions in culturally appropriate ways. The internationalization service enables you to configure and manage an internationalization context for an application for which components are distributed across the enterprise.


Many Java objects can be created once, used, and then reused. The object pool service manages object pool resources used by the application server.


Schedulers enable J2EE application tasks to run at a requested time.


Startup beans are session beans that run business logic through the invocation of start and stop methods when applications start and stop. If the startup beans service is disabled, the automatic invocation of the start and stop methods does not occur for deployed startup beans when the parent application starts or stops. This service is disabled by default. Enable this service only when you want to use startup beans.


Use this page to manage the work area service.  The work area service manages the scope and implicit propagation of the application context.
Specifies the maximum size of data that can be received within a single work area.
Specifies the maximum size of data that can be sent within a single work area.
Specifies that the work area partition service supports the definition of custom work area partitions.
Specifies that, when enabled, the bidirectional attribute permits applications to modify a work area context imported by a J2EE request. The modified properties are propagated back to the requestor environment. This option is disabled by default.
Specifies the description of the given partition.
Specifies that, by default, the work area service serializes attributes when they are set into a work area and deserializes the attributes when they are retrieved from a work area. Enabling this option defers attribute serialization until the work area is propagated on a remote invocation. The work area service caches both the serialized and the deserialized form of each attribute for optimal performance. This option is disabled by default.
Use this page to configure a work area partition and isolated work area functionality.
Specifies whether the server attempts to start the specified partition when the server starts.
Specifies the name of the work area partition to be created. The name must be unique, as it helps to retrieve the partition.
Specifies additional custom properties for this partition that are configurable.
Specifies whether the work area is propagated on Web service requests.


Specifies the work manager service that manages work manager resources used by a given server.

SIP container
milliseconds
bytes
messages
messages per second
SIP Container Settings
Custom properties

SIP container
Configure the SIP container.
SIP container
A SIP container handles clients requests for SIP application resources such as, but not limited to, servlets and JSP files. The SIP container creates servlet instances, loads and unloads servlets, creates and manages request and response objects, and performs other tasks for managing the components of a SIP application effectively. An application server contains only one SIP container, or none. The Web server plug-ins, provided by the WebSphere Application Server product, gives Web servers the capability to pass resource requests to the WebSphere Application Server Web container.
SIP container transport chains
Transport channel service chains that lead to the SIP container.
Use SIP proxy for external domains
When true, the SIP container assumes the existence of the SIP proxy running on another server process and, therefore, delegates routing of outbound traffic to that component.
Maximum application sessions
The maximum number of SIP application sessions that the container manages. When the maximum has been reached, no new SIP conversations are started.
Maximum messages per averaging period
Sets the maximum amount of SIP messages per averaging period.
Maximum dispatch queue size
Limits the size of the internal dispatch queue. Above this size, the queue is considered overloaded. When the internal queue reaches the overloaded state, incoming UDP packets are dropped until the queue exits the overloaded state. Limiting the queue size enables better recovery from the situation in which the CPU is used by other processes or threads (for example, garbage collection) and prevents the container from reaching out-of-memory conditions. Setting the value to 0 gives an unlimited queue size.
Enable maximum response time
Maximum response time
The maximum acceptable response time in milliseconds for an application. After this parameter has been exceeded, the container notifies the clustering framework that it is unavailable.
Averaging period
The time period in milliseconds over which averages are calculated.
Statistic update rate
The interval at which the container calculates averages and publishes statistics to PMI.
Thread pool
The thread pool to use for the SIP container.

A domain with name {0} already exists. You must use a unique domain name.
SIP Proxy Server Settings
MB
seconds
To
From
Request URI
Source Address
Destination Address
METHOD
INVITE
REGISTER
REFER
SUBSCRIBE
PUBLISH
MESSAGE
OPTIONS
INFO
Select a SIP method message or message condition template
Configure a SIP method message or message condition
Confirm a method message or message condition creation
New SIP method message condition \"{0}\" will be created within the SIP routing rule.
New SIP message condition \"{0}\" will be created within the SIP routing rule.
An error occurred while creating a new SIP method message condition.
A error occurred while creating a new SIP message condition.
New SIP method message condition \"{0}\" created successfully.
New SIP message condition \"{0}\" created successfully.
Enable
Disable
Enabled
Disabled
Custom properties
No more than one method condition is allowed on any single routing rule.  No more than one To, From, Request URI, Source and Destination Address is allowed on any single routing rule.  Conditions are AND'd together and rules are Or'd together.  Therefore, a single rule with multiple method conditions or multiple To fields would never find a match.

SIP proxy server transports
The inbound transports that are associated with the SIP proxy server.
SIP proxy settings
These settings describe the advanced attributes and policies that define the behavior of the SIP proxy server.
SIP proxy settings
These settings describe the advanced attributes and policies that define the behavior of the SIP proxy server.

The properties that influence the characteristics of the connection to the origin server.
Default cluster
Default cluster
Enable SSL
Enables and disables outbound SSL transport.
SSL alias to use for accepting connections
The SSL alias configured for accepting connections from clients.
Outbound SSL alias
Refers to the SSL repertoire for the outbound SSL transport.
Inactivity timeout
The inactivity timeout value is needed to ensure that connections don't stay open indefinitely.
none

Configure the properties that describe the requests to be rejected at the proxy server. Multiple methods may be disabled by entering one method name per line.
Exclude URI group
URIs listed in this field will be rejected by the proxy.  Range: List of valid SIP URI delimited by a newline.

Configure the SIP infrastructure to use IP sprayer; set the attributes in the IP sprayer configuration grouping to match the host name and port settings that are used by an external IP sprayer device.
Enable TCP sprayer
Enables and disables SIP outbound request rewriting so that the SIP proxy can operate behind an IP sprayer.
TCP host
The host of the external IP sprayer device that accepts the TCP protocol.
TCP port
The port of the external IP sprayer device that accepts the TCP protocol.
Enable SSL sprayer
Enables and disables SIP outbound request rewriting so that the SIP proxy can operate behind an IP sprayer.
SSL host
The host of the external IP sprayer device that accepts the SSL protocol.
SSL port
The port of the external IP sprayer device that accepts the SSL protocol.
Enable UDP sprayer
Enables and disables SIP outbound request rewriting so that the SIP proxy can operate behind an IP sprayer.
UDP host
The host of the external IP sprayer device that accepts the UDP protocol.
UDP port
The port of the external IP sprayer device that accepts the UDP protocol.

Configure the location of the log that is generated by the SIP proxy server.
Enable access logging
Enables and disables access logging.
Access log maximum size
The maximum size in megabytes of the access log before it rolls over.
Proxy access log
The location of the SIP proxy access log.

Configuration attributes that help secure the proxy server
Trusted security proxies
Configure the host name or IP address of the security proxies to trust.  Trusted intermediaries, such as a secure Web server or security proxy, intercept requests and might add secure information and credentials before forwarding them to the proxy server. Security information that is forwarded by the configured hosts is trusted by the proxy. Enter one IP address or host name per line.
Routing rules
Routing rules provide a method to direct SIP traffic to specific clusters.
Routing rules
Routing rules provide a method to direct SIP traffic to specific clusters.
Order
The order column represents the order in which the rules are evaluated. Order is critical because a SIP message might match more than one rule.
Cluster
Name of the cluster to which the rule routes SIP traffic.
Enabled
Specifies whether the rule is enabled and considered for evaluation.
Conditions
A concatenated list of conditions associated with the rule.
Routing rule
A routing rule maps SIP requests that match the conditions to the selected cluster.
Cluster
The name of the cluster to which the rule directs SIP requests.
Enabled
A rule to remove from consideration, without requiring that it is deleted.
Conditions
A concatenated list of conditions that are associated with the rule.
Conditions
Conditions determine which SIP messages match the rule.
Conditions
Conditions determine which SIP messages match the rule.  Multiple conditions are combined using a logical AND.
Type
Specifies which aspect of  a SIP message the condition applies to.
Value
The value that is compared to the aspect of the SIP message, which is indicated by type.
Condition
A condition applies to a specific aspect of a SIP message.
Method condition


Create new SIP method message or message condition

Select a SIP message condition template from which a new SIP message condition is created within the current SIP routing rule.
SIP method message or message condition template
A new SIP message condition will be created within the current SIP routing rule.
SIP Method Message Condition
Contains the predefined method types that are used when the condition type is Method.  Range: INVITE, REGISTER, REFER, SUBSCRIBE, UNSUBSCRIBE, PUBLISH, MESSAGE, OPTIONS, INFO.
SIP message condition
Five condition types: To, From, Request URI, Source Address and Destination Address.  To, From and Request URI are all derived from the SIP message header. Source and Destination Address are derived from the transport layer.  Range: To, From, Request URI, Source Address, and Destination Address.

Select a message method from which new SIP method message conditions are created within the current SIP routing rule.
Select a message type and enter a message value to create a new SIP message condition within the current SIP routing rule.
Select a method type.

Select a message type.

Enter a message value.


A summary of your selections follows. Click Finish to complete the SIP method message condition creation in the current SIP routing rule.
If you want to change any settings, click Previous to review the SIP method message condition.
A summary of your selections follows. Click Finish to complete the SIP message condition creation in the current SIP routing rule.
If you want to change any settings, click Previous to review the SIP message condition.

Condition type: Method
Condition type: Other
Type:
Condition value:

SIP routing rules order
Routing rules provide a method to direct SIP traffic to specific clusters.
SIP routing rules order
Specifies the SIP routing rule order, in which to direct SIP traffic to specific clusters.

Cluster
The name of the cluster to which the rule directs SIP requests.
Conditions
A concatenation of the list of conditions that are associated with the rule.
Enabled
Specifies whether the rule is enabled and considered for evaluation.
External domains
Through external domains, the SIP proxy can locate SIP services that are not known to DNS.
External domains
Through external domains, the SIP proxy can locate SIP services that are not known to DNS.
External domain
External domain
Domain
The SIP domain that is mapped to the protocol, host, and port that are specified in the related fields on this panel.
Distinguished name
The name that is associated with the external domain. Used when SSL client authentication is enabled to limit connections from an external domain.
Protocol
The protocol to use to make the SIP connection that is associated with the domain. The three possible values are: TCP, UDP, and TLS.
TCP
TLS
UDP
Host
The host to use to make the SIP connection that is associated with the domain.
Port
The port to use to make the SIP connection that is associated with the domain.
SIP module proxy configuration
The proxy server configuration settings for this SIP module.

Task Management
Notifications
Notification E-mail Parameters
E-mail Addresses
SMTP Port Number
SMTP Host Name
SMTP User ID
SMTP Password
Enable Notifications
Unable to update the Notification Parameters: {0}.
Add >>
<< Remove
Current E-mail Addresses
E-mail Address
Test E-mail
The transport host name is required.
The port number is out of range. The valid range is 1 - 64767.
The e-mail address format is not valid.
Test e-mail successfully submitted to the SMTP server.
Test e-mail was not submitted to one or more of the recipients.  Please verify that the e-mail addresses are accurate.
Test e-mail was not submitted due to connection problems to SMTP server.  Please see logs for additional detail.
Test e-mail was not submitted.  Please see logs for additional detail.
Test e-mail was not submitted due to authentication problems.  Please verify user name and password are accurate and see logs for additional details.

These parameters are used when sending e-mail notifications of tasks.
Specifies the list of e-mail addresses to send e-mail to when notifications are enabled.
Specifies the SMTP port number to connect to when sending mail.
Specifies the SMTP server to connect to when sending mail.
Specifies the user ID to use when the SMTP mail server host requires authentication.
SMTP specifies the password to use when the SMTP mail server host requires authentication.
Specifies whether or not e-mail notifications are enabled.

Runtime Tasks
Runtime Tasks
Task ID
Task ID
Originated Time
Submitter
Severity
State
Task Explanation
Action
Task Targets
Target Context
Target Object
Target Type
Severity
Target Monitors
Monitors
General Task Properties
Situation description
Explore the data used to diagnose the situation
Show additional task detail information
Submit
Non-Planned
Planned-Executing
Planned-Preview
Planned-Approval
Planned-Manual
Task Types
Accept
Deny
Close
Preview
Commit
Rollback
Fatal
Critical
Severe
Minor
Warning
Harmless
Information
Failed
Completed with errors
Completed
Unknown
New
Renewed
Expired
Denied
Suppressed
In progress
In progress preview
Previewed
In progress commit
In progress rollback
Closed
Succeeded
Cell
Application
Cluster
Node Group
Dynamic Cluster
Node
Server
Service Class
Health Class
Core Group
Unknown
View {0} chart for {1}.
View {0} chart for {1}.
View log files for {0}.
View configuration for {0}.
Action plan to resolve the situation
Step {0}
Keep Alive
The action plan expires at {0}.
Modify attribute {0} on {1} from {2} to {3}.
Invoke {0}({1}) on MBean {2} with parameters ({3}).
Execute the command AdminTask.{0}{1} {2}{3}.
View Concurrent Requests chart for {0}.
View Throughput chart for {0}.
View Avg. Response Times chart for {0}.
View Avg. Wait Times chart for {0}.
View Avg. Service Times chart for {0}.
View Avg. Queue Length chart for {0}.
View Avg. Drop Rate chart for {0}.
View Avg. Relative Performance for {0}.
View Used Memory chart for {0}.
View CPU Utilization chart for {0}.
View Total Requests chart for {0}.
View Percentile Response Time chart for {0}.
View Up Time chart for {0}.
none
Concurrent Requests
Avg. Throughput
Avg. Response Times (ms)
Avg. Wait Times in queue (ms)
Avg. Service Times (ms)
Avg. Queue Length
Avg. Drop Rate
Avg. Relative Performance
Seats Allocated
Concurrency Requests
Speed Factor
Work Value
Projected Objective Value
Observed Objective Value
Used Memory (KB)
CPU Utilization
Total Requests
Percentile Response Time
Up Time (sec)
Show Me

All
Active Tasks
Terminated Tasks
Expired Tasks
All Tasks
Apply Action
Start server {0} on node {1}.
Stop server {0} on node {1}.
Start cluster {0}.
Stop cluster {0}.
Take thread dump of server {0} on node {1}.
Capture logs of server {0} on node {1}.
Task demonstration






Web servers
Name
Description
General Properties
Web servers
Name
Status
Generate Plug-in
Propagate Plug-in
Manage keys and certificates
Copy to Web server key store directory
View
Edit
Refresh
You must select at least one Web server to perform this action.
Web server {0} is not started.
An error occurred while stopping Web server {0}. Check the error logs.
Windows Service name {0} on {1} Web server could not be stopped.
{0} is already started.
Web server {0} could not be started.
Windows Service name {0} on {1} Web server could not be started.
The node agent or IBM HTTP Server administration server on node {0} is not active.
Could not make a connection to the node agent or IBM HTTP Server administration server on node {0}.
Could not make a connection to the IBM HTTP Administration server on node {0}.
Authentication failure on access to the IBM HTTP Administration server on node {0}. Check Remote Administration Server Username and Password Properties.
The Remote Administration Server property Username or Password used for Authentication to the IBM HTTP Administration server is blank.
Could not execute request. Error processing Mbean.
View the Web server logs
for details.
An error occurred while updating the Web server plugin configuration for server {0}. Check the logs for details.
The Web server plugin configuration was updated successfully for server {0}.
An error occurred while propagating the Web server plugin configuration for server {0}. Check the logs for details.
The Web server plugin configuration was propagated successfully for server {0}.
{0} Request for Web server {1} is not supported for Web server type {2}.
Web server name
Type
Use SSL
Host name
Port
Web server installation location
Log file name
Configuration file name
Service name
Web server Instance Name
Platform Type
Windows
AIX
HP-UX
Solaris
Linux
OS/400
z/OS
Platform
Specify a platform that corresponds to the host machine operating system of a Web server.
Edit
Remote Web server management
State
Log file
Configuration File
IHS
"Web server type has changed from IHS to non IHS, admin authorization and service fields have been reset."
"Web server type has changed from non-IHS to IHS, fill in IHS administration server fields if you wish to connect to IHS admin server."
Log file
Retrieved lines:
Retrieve lines (eg. 250-600)
Access log file name
Error log file name
View
View
A problem was encountered transferring the designated file.  Make sure the file exists and has correct access permissions.
Configuration file
Retrieved lines:
Retrieve lines (for example, 250-600)
Custom properties
Name
Value
Description
Property
Remote Web server management
Host name
Port
Use SSL
Username
Password
Specify the Web server name, type, host name and platform.
Select a node for the Web server and select the Web server type
Select a Web server template
Select a Web server template
Enter the properties for the new Web server
Enter the properties for the new Web server
Confirm new Web server
Confirm new Web server
Create new Web server definition
Select a node that corresponds to the Web server you want to add.
Select node
View more information about this step.
The node that you select on this step will determine the server processes available for the next step.
Name of the application server to associate with this Web server entry.
Select template
Server name
Server name is required.
Web server type  {0} is not supported on platform for selected node.
The Web server name {0} is invalid. Only alphanumeric characters are allowed.
The Web server hostname {0} is invalid. Only alphanumeric characters are allowed.
Enter the Web server properties.
Type
The Web server vendor type.
Host name
The Web server host name.
Port
The Web server port.
Web server installation location
The Web server installation location (Required for IBM HTTP Server ONLY).
The Web server installation location is not valid for this node's platform, "{0}". Web server install location must be fully qualified.
The Web server configuration file is not valid for this node's platform, "{0}". Web server configuration file must be fully qualified.
The plugin-in installation location is not valid for this node's platform, "{0}". Plugin-in install location must be fully qualified.
IBM HTTP Server
SUNJAVASYSTEM
APACHE
IIS
DOMINO
HTTPSERVER_ZOS
IBM HTTP Server
Sun Java System Web Server
Apache HTTP Server
Microsoft Internet Information Services (IIS)
Domino Web IBM HTTP Server
HTTP Server for zOS
Web server Type
Not applicable
Web server  type {0} not supported on platform {1}.
Service name
Enter Plugin property
Web server Instance Name
Use SSL
Use the HTTPS protocol to communicate with the Web server. The default is HTTP.
Existing Web server
Using an existing application server as a template will copy the configuration for the selected server.
Default Web server template
Clear filter value
Show/Hide filter
Enter the IBM Administration Server properties.
Host name
The host name for the administration server running with the Web server. This is typically the same host name as the Web server.
Administration Server Port
The administration server port.
Username
The administration user ID to use for administration authorization. This is typically set up using the htpasswd script on the Web server.
Password
The administration password to use with the Username. This is typically set up using the htpasswd script on the Web server.
Confirm password
Re-enter the administration password for verification.
The administration password does not match the value in the confirm password field.
The following is a summary of your selections. Click the Finish button to complete the Web server creation.
If there are settings you wish to change, click on Previous button to review the server settings.
The following actions will be completed
New Web server entry \"{0}\" will be created on node \"{1}\"\nPlatform Type \"{2}\"\nPlug-in Install Root \"{3}\".
New Web server entry "{0}" will be created on node "{1}"\nPlatform Type "{2}"\nWeb server install root "{3}"\nPlug-in Install Root "{4}".
New Web server entry \"{0}\" will be created on hostname \"{1}\"\nPlatform Type \"{2}\"\nPlug-in Install Root \"{3}\".
New Web server entry "{0}" will be created on hostname "{1}"\nPlatform Type "{2}"\nWeb server install root "{3}"\nPlug-in Install Root "{4}".
Possible issues caused by this action
Ensure that the node \"{0}\" has enough memory to support several processes. If it does not have enough memory, performance will be poor.
A new Web server entry was created successfully.
Specify a Web server name, type, host name and platform.
Server name
Server name is required.
Web server {0} exists within node {1}.
Web server {0} exists on hostname {1} within node {2}.
Host name is required.
Web server type {0} is not supported on platform
Select the template that corresponds to the server that you want to create.
Logical name for server. Name must be unique within node.
Template Name
Type
Description
State
Process Id
Cell Name
Node Name
Plug-in properties
Plug-in installation location
Plug-in configuration file name
Automatically generate the plug-in configuration file
Automatically propagate plug-in configuration file
Ignore DNS failures during Web server startup
Refresh configuration interval
seconds
Plug-in logging:
Log file name
Log level
Repository copy of Web server plug-in files:
Plug-in key store file name
Web server copy of Web server plug-in files:
Plug-in configuration directory and file name
Plug-in key store directory and file name
Application mapping to the Web server
Web server application mapping.
All
None
Trace
Stats
Warn
Error
Debug
Detail
Request and Response
Caching
Request Routing
Custom Properties
Plug-in log file name
Plug-in configuration file
Plug-in log file
Caching
Enable Edge Side Include (ESI) processing to cache the responses
Enable invalidation monitor to receive notifications
Maximum cache size
KB
Request routing
Load balancing option
Retry interval
seconds
Maximum size of request content
No Limit
Set Limit
KBytes
Maximum buffer size used when reading the HTTP request content
Remove special headers
Clone separator change
Round Robin
Random
Request and response
Maximum chunk size used when reading the HTTP response body
KB
Enable the Nagle Algorithm for connections to the Application Server
Chunk HTTP response to the client
Accept content for all requests
Virtual host matching:
physical
logical
Physically using the port specified in the request
Logically using the port number from the host header
Application server port preference
Host header
Web server port
Enable the Nagle Algorithm for the Microsoft IIS Web server
Priority used by the Microsoft IIS Web server when loading the plug-in
High
Medium
Low
Web server plug-in properties
Server Role
Connection timeout
seconds
Read/Write timeout
seconds
Maximum number of connections that can be handled by the application server
Use maximum number of connections
Maximum number of connections
Use connection timeout
Use read/write timeout
connections
Use extended handshake to check whether Application Server is running
Send the header "100 Continue" before sending the request content
Primary
Backup
Web server plug-in configuration service
Enable automated Web server configuration processing
Security enabled virtual host
Name-based or IP-based virtual host
Specifies the creation a new virtual host with security enabled. This wizard will gather key store, self signed certificate, and virtual host information.  When complete key store files and a modified configuration file will be propagated to Web server machine and after a restart secure pages can be served through IBM HTTP Server.  After completion of this wizard, key store and certificate management including progagation of key store and stash files can be completed through the console.
Specifies the creation of a name-based or IP-based virtual host.   Name-based virtual hosts allow multiple websites with hostnames to be associated with one IP address.  IP-based virtual hosts allow multiple websites to be run with different IP address or ports.
New Web server virtual host
Use this page to create a new SSL or non SSL virtual host.
Create new security enabled virtual host
Create new security enabled virtual host
Specify key store properties
Specify virtual host properties
Confirm new security enabled virtual host
A key store file with a self signed certificate will be created in the WebSphere repository and propagated to target Web server machine upon completion of this wizard.  Web server key store management and propagation to target Web server machine can be done through WebSphere console at a later time.
Specifies the name of the key store file.  This will be the name that represents the key store file in the WebSphere repository.  The physical file will be created in the WebSphere configuration repository under the Web server in which it was created.  The name of that file will be <key store filename>.kdb.
Specifies the directory on the Web server machine for the key store file and key store stash file.
Specifies password for key store file.
Verify  password for key store file.
Key store file name
Target key store directory
Key store password
Verify key store password
Specify virtual host properties
Specifies the full IP address that a client uses to access the Web server.  Use 0.0.0.0 for the default host. To listen on all IP interfaces, use * in this field.  A full hostname can also be used but not recommended.
Specifies the port for the Web server to accept incoming requests.  Valid port values are between 0 and 65535.
Server name of virtual host
Document root of virtual host
Additional virtual host directives
IP Address
Port
Server Name
Document Root
Additional Virtual Host directives
Specify optional security directives
Specify key store certificate label.  This is used to identify self signed certificate that will be created.  This is also used to specify the certificate the Web server will use to serve secure pages.
Client authentication
Additional security directives
Certificate alias
Client authentication
Additional Security directives
The following is a summary of your selections. Click the Finish button to complete the security enabled virtual host creation.
If there are settings you wish to change, click on Previous button to review the virtual host settings.
Configuration settings
Use this page to view or modify global settings for IBM HTTP Server.
Global Directives
Web Server Virtual Hosts
Use this page to view or modify virtual hosts settings for IBM HTTP Server.
Global Directives
Use this page to view or modify global directives for IBM HTTP Server.
Server name
Specifies the hostname and port the Web server uses to identify itself.
Listen ports
Specifies the ports the Web server will listen on.  This list includes ports defined specifically for virtual hosts.  Enter one listen statement per line.
Document root
Specifies the main directory where the Web server will serve web pages.
Key store name
Specifies the name of the key store in the WebSphere repository.  This key store exists in the WebSphere repository and can be managed through the console.  Only one key store can be defined per Web server instance.  Use certificate alias to select a specific certificate for use in the global scope or in a virtual host.  To create a key store file, run the virtual host wizard and select security enabled virtual host.
Target key store directory and file name
Specifies the directory and file name for the key store on target Web server machine.  This will also be the entry in the configuration file for IBM HTTP Server Keyfile directive.  
SSL Version 2 timeout
Specifies the timeout for SSL version 2 IDs in seconds in range from 1 to 100 seconds.
SSL Version 3 timeout
Specifies the timeout for SSL version 3 IDs in range from 1 to 86400 seconds.
seconds
Key store certificate alias
Specifies the certificate to use in the key store for global security.
Client authentication
Client authentication
Global security directives
Global security settings
Global scope security activation
Global scope security activation
Web server virtual hosts
Web server virtual hosts description.
Use this page to create a Web server virtual host.  A virtual host allows multiple web sites to run under one Web server instance.  Virtual hosts can be named-based or IP-based.   A name-based virtual hosts allows multiple websites with different hostnames to run on one IP address.   An IP-based website uses different IP addresses to run multiple web sites.  Security can be enabled on an IP-based virtual host but cannot be enabled on a name-based virtual host.
Web server Virtual Host
IP Address:Port
Security Enabled
Server name
Specifies the hostname for the virtual host.
Document root
Specifies the directory where the specified virtual host will serve web pages.
Key store certificate alias
Specifies the certificate to use in the key store for this virtual host.
Client authentication
Client authentication
IP address
Specifies the full IP address that a client uses to access the Web server.  Use 0.0.0.0 for the default host. To listen on all IP interfaces, use * in this field.  A full hostname can also be used but not recommended.  IP Version 6 IP addresses can also be entered in bracket format example: [2001:db8::a00:20ff:fea7:ccea]
Port
Specifies the port for the Web server to accept incoming requests.  Valid port values are between 1 and 65535.
Virtual host security activation
Virtual host security activation
Security enabled
Specifies whether to enable security for this virtual host.
Key store
Key store
Target key store directory
Specifies the directory and file name for the key store on target Web server machine.  This will also be the entry in the configuration file for IBM HTTP Server Keyfile directive.  
Key store settings
Key store settings
Keyfile is set in global scope.
A port must be defined if you specify * for the IP address.
A problem was encountered transferring the IBM HTTP Server configuration file.  Make sure the file exists and has correct access permissions.  The latest IBM HTTP Server configuration file must be obtained before updates can be completed.
Could not make a connection to the node agent or IBM HTTP Server administration server on node {0}.  The latest IBM HTTP Server configuration file must be obtained before updates can be completed.
The password does not match the value in the confirm password field.
New security enabled virtual host {0} will be created on server {1}.
The modified IBM HTTP Server configuration file will be propagated to Web server machine.
The newly created key store files {0}.kdb and {0}.sth with self signed certificate will be propagated from WebSphere repository to target Web server location {1}.
Repository information must be saved after finishing this wizard if you wish to manage and propagate newly created key store.
New security enabled virtual host has successfully been created.  Restart the Web server for changes to take effect.
Failed to create new security enabled virtual host.  Configuration files have not been updated and key store files have not been created.
A virtual host with specified IP Address and port alreadys exists for this Web server.
A problem was enountered transferring file {0} to directory {1}.  Could not make a connection to the node agent or IBM HTTP Server administration server on node {2}.
A problem was encountered transferring file {0} to directory {1} on node {2}.  Make sure the directory  and file exists and has correct access permissions for file transfer.
Changes have been made to the IBM HTTP Server configuration file.  A local copy has been saved to {0}.  You can propagate the configuration file directly to the target Web server machine.
Previous configuration changes have been detected and are currently loaded.  These changes have not been propagated to target Web server machine.  These previous changes were saved to {0}.You can either propagate these saved changes directly to the target Web server machine or discard these changes and load the configuration file from the target Web server machine.
Configuration file has been successfully propagated to target machine.   Restart the Web server for changes to take effect.
Current configuration settings have been discarded and Web server configuration file has been loaded from target machine.
Click the OK button below to delete the following virtual host(s). If you do not wish to delete the virtual hosts, click the CANCEL button to return to the prior  page.
Name based virtual host
Check this box if you wish this virtual host to be a name based virtual host.  A NameVirtualHost directive will be added if this is checked.
A key store file has already been defined for this Web server.   A certificate can be selected below to run for this virtual host.  If no certificate is selected, the default certificate for the key database will be used.
Keystore files {0}.kdb and {0}.sth in directory {1} have successfully been propagated to target WebServer location {2} and {3}.  The webserver must be restarted for changes to take effect.
Cannot manage or copy key store file because no key store has been defined.  To define a key store,  run the new virtual host wizard and select security enabled virtual host.
Cannot copy key store file because no target key store directory and file name been defined.  A target key store file and directory value can be defined on the global settings page.
Web Server type change
Use this page to fill in required properties when changing the Web Server type to IHS.   These fields can be adjusted later on the Web Server detail page.


Use this page to view a list of the installed Web servers.
Specifies the names of the installed Web servers.

Use this page to configure a Web server that provides HTTP and HTTPS support to application servers.
Specifies the logical name for the Web server.  The name must be unique within the cell.
Specifies the type of Web server.
Specifies whether to use the HTTPS secure protocol. If you leave this option blank, the default protocol is HTTP, which is not secure.
Specifies the host name on which the Web server is installed.
Specifies the port from which the Web server is accessed.
Specifies the path to where the Web server is installed (Required for  HTTP Server ONLY).
Specifies the relative path to the Web server log file.
Specifies the relative path to the Web server configuration file.
Specifies the   operating system service name of the Web server.
Specifies the instance name of the Web server.
Specifies the Web server  platform type.
Use this page to configure the properties of a remote Web server.
Use this page to view or modify settings for the log file.
Use this page to view or modify settings for the configuration file.

Use this page to view the Web server log file(s).
Specifies the path to the Web server access log file.
Specifies the path to the Web server error log file.

Use this page to view or modify the contents of the Web server configuration file.

Custom properties description.
Specifies an arbitrary name and value pair, where the name is a property key and the value is a string value to use for setting the internal system configuration properties.
Specifies the name, or key, for the property.
Specifies the value for which the name is paired.
Specifies information about the name and value pair.

Use this page to configure the  HTTP Server administration server for a Web server. These properties are required for a Web server that is not installed on the same machine as the  Application server.
Specifies the host name of the  HTTP Server administration server .
Specifies the administration server port.
Specifies whether to use the HTTPS secure protocol. If you leave this option blank, the default protocol is HTTP, which is not secure.
Specifies the authentication user ID for the administration server.
Specifies the authentication password for the administration server.

Use this page to create a new Web server.

Specifies the native operating system process ID for this Web server.
Specifies the name of the cell on which this Web server runs.
Specifies the name of the node on which this Web server runs.
Specifies the runtime execution state for this Web server.


Use this page to configure a Web server plug-in. The plug-in passes HTTP requests from a Web server to  Application Servers.
Specifies the fully qualified path for the location of the plug-in configuration file.
Specifies the name of the plug-in configuration file.
Specifies the content of the file.
Specifies whether the Web server plug-in configuration file automatically regenerates whenever related settings change.  The Web server plug-in configuration service must be enabled for this setting to take effect.
Specifies whether the Web server plug-in configuration file is automatically propagated to this Web server whenever the plug-in regenerates. The Web server plug-in configuration service must be enabled for this setting to take effect.
Specifies whether DNS errors are ignored during the Web server startup process.
Specifies how frequently, in seconds, the plug-in configuration reloads.
Specifies the fully qualified path of the Web server copy of the Web server plug-in configuration file. This path is the name of the file and its location on the machine where the Web server is running.
Specifies the fully qualified path of the Web server copy of the database file that contains your security key rings. This path is the name of the file and its location on the machine where the Web server is running.
Specifies the logging settings for a Web server plug-in.
Specifies the name of the log file on the Web server to which plug-in messages are written.
Specifies the level of messages that are sent to the log file. If  is selected, all of the steps in the request process are logged in detail. If  is selected, the server that is chosen for each request and other load balancing information relating to request handling are logged. If  is selected, all of the warning and error messages that result from abnormal request processing are logged. If  is selected, only error messages that result from abnormal request processing are logged.
Click to configure request and response optimization properties for a Web server plug-in.
Click to configure caching properties for a Web server plug-in.
Click to configure request routing properties for a Web server plug-in.
Click to configure additional custom properties for a Web server plug-in.
Click to display details about the Web server plug-in files that are stored inside the repository.
Specifies the name of the key store file on the Web server that the Web server plug-in uses for HTTPS requests.Click to display details about the Web server plug-in files that are stored on the Web server host system.
Use this page to configure caching properties for a Web server plug-in.
Specifies whether Edge Side Include (ESI) processing is enabled to cache the HTTP responses.
Specifies whether the plug-in can receive invalidations from the application server.
Specifies the maximum size of the cache, in 1KB units. The default maximum size of the cache is 1 MB. If the cache is full, the first entry to be evicted from the cache is the entry that is closest to expiring.

Use this page to configure request routing properties for a Webs server plug-in. These properties apply to all requests the Web server routes to application servers.
Specifies the load balancing option that the plug-in is using.
Specifies how long, in seconds, the plug-in should wait before checking to see if changes have been made to the configuration file.
Specifies the maximum number of bytes an HTTP request can contain in order for the plug-in to attempt to send it to an application server. If a request is received that is larger than the specified maximum size, the plug-in issues an error message containing an HTTP response code. By default, there is no maximum size limit.
Specifies whether the plug-in adds special headers to a request before it is forwarded to an application server. By default, the plug-in will remove any special headers from incoming requests before adding these headers. Setting this attribute to false introduces a potential security exposure because special headers are not removed from incoming requests.
Specifies whether the plug-in uses the plus sign (+) to separate the clone IDs that are used for session affinity. Normally the plug-in uses the colon (:). However, some pervasive devices can not handle the colon character. If this attribute is used to change the separation character, the application server's configurations must also be changed such that the application server also uses the plus sign to separate clone IDs.
Specifies the maximum size of post data that the Web server plug-in expects in a request.


Use this page to configure request and response optimization properties for a Web server plug-in.
Specifies the maximum chunk size, in KB, that the plug-in uses when reading the body portion of the HTTP response.
Specifies whether the user wants to disable the Nagle algorithm for the connection between the plug-in and the application server.
Specifies whether the plug-in chunks responses to the client if the header  is present in the response.  This attribute only applies to the following Web servers:  Internet Information Services (IIS) Web servers,  System Web servers, and  Web servers. The  HTTP Server for distributed platforms automatically handles the chunking of the response to the client.
Specifies whether clients can include content in POST, PUT, GET, and HEAD requests when a Content-Length or Transfer-encoding header is contained in the request header. It can be set to true if content is to be expected and read for all requests. By default, content is to be expected and read for POST and PUT requests only.
Specifies how virtual host matching is performed. Matching can be performed physically using the port specified in the request, or the plug-in can logically use the port number from the host header.
Specifies that virtual host matching is performed physically using the port specified in the request.
Specifies that the plug-in is logically using the port number from the host header.
Specifies the port number the Application server uses in building URI's for a sendRedirect call.  The port number can be the port number from the host header of the HTTP request, or the port number that the Web server received the request on.

Specifies whether the Nagle algorithm for the  Internet Information Services (IIS) Web server is enabled. When this field is not selected, the Nagle algorithm is disabled.
Specifies the priority the  Internet Information Services (IIS) Web server uses when loading the plug-in.

Use this page to configure application server properties for a Web Server plug-in.
Specifies the role of the Web server
Specifies the connection timeout settings. If  is selected, the plug-in performs nonblocking connections with the application server. If  is selected, you must specify a value in the  field. Specify a value of 0, if you want the plug-in to perform a blocking connection. Specify a value greater than 0, if you want the plug-in to wait the specified number for seconds to perform a successful connection. If a connection does not occur after that time interval, the plug-in marks the server unavailable and sends the request to another application server defined in the cluster.
Specifies the maximum number of pending connections that can be queued for an Application Server through a Web server process at any point in time.
Specifies whether the plug-in performs handshaking with the application server to ensure that it is running before sending the request to that application server. This attribute should be selected if a proxy firewall is between the plug-in and the application server because it enables the plug-in to redirect client requests if that application server is down.
Specifies whether the HTTP 1.1  header is sent to an application server before the content of a request is sent to that application server.

Use this page to automatically generate the plug-in configuration file whenever the Web server environment changes.
Specifies whether the Web server plug-in configuration service is enabled.Select this property to overrides TCP connection time-outs.

Publish the WSDL file
Get the name of the Server that hosts the web service
Provide options to perform the WebServices deployment
WebServices deployment options
This module is not Web services enabled.
None
This module is not configured to support client access to Web services or the client bind file was not found.
Web services implementation scope
Web services implementation scope
Port
Web Service
URI
Scope
Web services client bindings
Web services client bindings
Web Service
URI
WSDL Filename
Preferred Port Mappings
Port Information
Edit...
Use default
Preferred port mappings
Port Type
Preferred Ports
None
Provide HTTP endpoint URL information
Provide HTTP endpoint URL information
Specify URL prefixes for Web services:
Select default HTTP URL prefix
Select custom HTTP URL prefix
Virtual Host
Server
Modules
HTTP URL prefix
JMS URL prefix
Neither radio button was selected for the The Virtual host and Server group whose Apply button was clicked
No module checkboxes were selected for the The Virtual host and Server group whose Apply button was clicked
Publish WSDL zip files
The WSDL zip files cannot be published when unsaved changes, other warnings, or error conditions exist.
This application has no Web services enabled modules that are accessible through HTTP
This application has no Web services enabled modules that are accessible through JMS or directly as EJBs
This application has no Web Services enabled modules
Cluster
Modules with only JMS Routers
Modules assigned to
Provide JMS and EJB endpoint URL information
Provide JMS and EJB Endpoint URL Information
Partial URL
Provide Web services endpoint URL information for SOAP/JMS and EJB bindings
Provide endpoint URL information for Web services accessed with JMS or EJB bindings
Publish WSDL files
Provide Web services endpoint URL information for SOAP/JMS and EJB bindings
WSWS4001E: The SOAP address should have the form http|https://host:port. An improperly formatted SOAP address was supplied for Module {0}. The incorrect SOAP address is {1}.
The user input is incorrect for the SOAP address.
Provide the correct SOAP address.
WSWS4002E: The router module for module {0} could not be found.
The application has not been properly enabled for Web services. A Web services-enabled EJB module does not have the required router WAR module.
Properly enable the application for Web services.
WSWS4003E: The router module for EJB module {0} is {1}.  The router module's web.xml file is missing a URL pattern for port component {2}  
The router module is not configured correctly.
Configure the router module correctly.
WSWS4004E: The wsdl-file {1} for module {0} was not found in the module.
The module is not configured correctly.
Configure the module correctly.
WSWS4005E: An exception occurred while adding URL prefixes to the published WSDL file.  The exception is {0}
The explanation is provided by the exception.
Respond to the action provided by the exception.
WSWS4006E: WSWS406E the JMS URL prefix {0} is not correctly formatted.  The JMS URL prefix must start with jms:/[queue|topic]?, and the destination and connectionFactory must not contain java:comp
The user input for the JMS URL prefix is incorrect.
Provide the JMS URL prefix in the correct format.
WSWS4007E: Can not retrieve application metadata for application{1}, exception:{0}      
This indicates a programming error has occurred.
Report the error.
WSWS4008E: Error: {0}
Error.
CMSG0002
WSWS4009E: The Web service binding file, {1}, does not contain a {0} element.
The binding file does not contain expected elements.
Fix the bindings file.
WSWS4010E: An error occurred initializing the WSDL zip files.  Check the log for more information.
An error can occur when creating and writing temporary WSDL zip files.
Check the log for more information.
WSWS4011E: An error occurred preparing or initializing one or more of the follwing WSDL zip file names: {0}
An error can occur when creating and writing temporary WSDL zip files.
CMSG0002
WSWS4012E: The WSDL zip file contains no ports.  Check the log for more information.
The WSDL file does not contain port information.
Check the log for more information.
WSWS4050E: Transform error occurred: {0}
An error occurred while attempting to perform XSL transform on the deployment descriptor.
Check the nested exception for details.
WSWS4051E: This application might not contain the Web services deployment descriptor information you need.
The workspace returned a null pointer for the input stream to the deployment descriptor.
Check the application installation.
WSWS4052E: No input stream obtained for the deployment descriptor.
The workspace returned a null pointer for the input stream to the deployment descriptor.
Check the application installation.
WSWS4053E: Could not load deployment descriptor through the user workspace.  Exception: {0}
The deployment descriptor could not be accessed for processing.
Check the nested exception for details.
WSWS4054E: Unable to transform.  No resource type specified to transform.  
The view request did not specify what type of resource this was.  For example, an application descriptor or EJB descriptor.
Check the installation of this resource to insure it is properly installed.
WSWS4055E: No output stream obtained for the deployment descriptor.
Transformer returns a null pointer for the output stream to the deployment descriptor.
Check the application installation.
WSWS4056E: A SAX parser exception occurred.
Transformer catches a SAX parser exception.
Check the application installation.
WSWS4057E: A SAX parser configuration exception occurred.
Transformer catches a SAX parser configuration exception.
Check the application installation.
View Web services server deployment descriptor extension
View Web services client deployment descriptor extension
View Web services server deployment descriptor
Web services server deployment descriptor
Web services deployment descriptor Extension
Unknown resource type
Port information
Port
Overridden Endpoint URL
Overridden Binding Namespace
Request Timeout (seconds)
Request timeout must be a nonnegative integer.
Overridden endpoint must be a URL.
The binding namespace cannot be overridden if the endpoint URL is not overridden.
Port Information for Web service {0}
Port Information for Web service {0}, EJB {1}
Web Services Properties


Specifies the scope value.
The scope value determines when a new instance of a service implementation is created for the Web service ports in a module.  When the scope value is set to ,   the same instance of the implementation is used for all requests on the application.  When the scope value is set to ,  the same instance is used for all requests on each session.  When the scope value is set to , a new instance is created for every request.

Specifies the WSDL file name, preferred port mappings and port information of a Web service client.
The Web service WSDL file name, preferred port mappings and port information are defined by the client bindings. The relative path can be specified in the module of a compatible WSDL file.  The actual URL that you can use for a Web service request is located in the WSDL file.  This is needed only if the original WSDL file did not contain a URL or when a different URL is needed.  For a service endpoint with multiple ports defined, a preferred port mapping specifies the default port to use for a port type.  A timeout, an overridden endpoint URL, and an overridden binding name space can be set in the port information.

When the getPort method is called with only the Service Endpoint Interface, a preferred port specifies the port to return for a service endpoint that has multiple ports defined.  The port type identifies the Service Endpoint Interface.

Specifies Web services endpoint URL information for SOAP over HTTP bindings
Specifies Web services endpoint URL information for SOAP over HTTP bindings. You can select a default prefix or you can enter a custom prefix. Click Apply to copy the selected prefix to selected modules.  This information is used to define the endpoints in a published WSDL file.
Click on the file name to download a zip file that contains the application's published WSDL files.

Specifies Web services endpoint URL information for SOAP over JMS and EJB bindings
Specifies endpoint URL information for Web services accessed using SOAP over JMS ports, or directly as enterprise beans.  This field also specifies a URL prefix for JMS ports and enterprise beans.  This information is used to define the endpoints in published WSDL files.
Specifies Publish WSDL files for Web services-enabled modules.
View the extension to the Web services server deployment descriptor.
View the extension to the Web services client deployment descriptor.
View the Web services server deployment descriptor.
Expand and collapse the Web services server deployment descriptor to view the data.
Expand and collapse the extension of the Web services deployment descriptor  to view the data.
Check the log or nest exception for details.

Specifies a request timeout, an overridden endpoint URL, and an overridden binding name space that can be set for a port.  The timeout determines how many seconds to wait for a request. A value of zero disables the timeout.  The current endpoint and binding name space can be overridden.

Web services
Trust anchors
Certificate store
LDAP certificate store
Collection certificate store
Key locators
Trusted ID evaluators
Login mappings
An exception occurred when WebSphere Application Server created a new ws-security.xml file and wssecurity extent in context {0}
If you use the token value type, you must specify the token type URI and the token type local name.
An authentication method and a callback handler are required.
If you use the BasicAuth method, you must specify a user ID and a password.
The trusted ID evaluator name and the trusted ID evaluator class name are required.
An existing evaluator definition is required.
The encryption information name, the key locator reference, and the data encryption algorithm are required.
A signature method is required.
You must specify either the signing key information or the certificate path information, but not both.
If you select Trust anchor, you must specify the trust anchor and the certificate store.
If you specify a key name, you also must specify the key locator reference.
If you use a key locator, you must specify the key name and the key locator reference.
If you use a key locator mapping, you must specify the key locator reference and the key name reference.
If you specify the key information, you must specify the key information name and the key information reference.
If you specify the key store, you must specify the key store password and the key store path.
To specify the key store, you must specify either the key store configuration name or the combination of key store password and key store path, but not both.
If you select the Predefined key store radio button, you must select a key store config name.
If you specify the token, you must specify the token name and the token reference.
A key locator mapping is required for generator configurations.
The selected key name reference is not defined for the selected key locator reference. The list of key name references has been updated with the possible values.
A collection certificate store must include at least one X.509 certificate or Certificate revocation list.
Your application might have Web services security enabled. If Web services security is enabled, go to the Enterprise Application Management panels (click Applications > Enterprise applications) and configure the binding information for Web services security. The binding information for Web services security is not collected during application deployment. If the binding information is not properly configured, your application might not start properly or might be unusable.
A trust anchor with this name already exists. You must use a unique trust anchor name.
A collection certificate store with this name already exists. You must use a unique collection certificate store name.
A key locator with this name already exists. You must use a unique key locator name.
A trusted ID evaluator with this name already exists. You must use a unique trusted ID evaluator name.
A login mapping with this authentication method already exists. You must use a unique login mapping authentication method.
Encryption information with this name already exists. You must use a unique encryption information name.
An algorithm URI with this algorithm and type already exists. You must use a unique algorithm and type.
A signing information with this name already exists. You must use a unique signing information name.
A key information with this name already exists. You must use a unique key information name.
A token generator with this name already exists. You must use a unique token generator name.
A token consumer with this name already exists. You must use a unique token consumer name.
An algorithm mapping with this factory engine class already exists. You must use a unique algorithm mapping factory engine class.
A key with this name already exists. You must use a unique key name.
A property with this name already exists. You must use a unique property name.
An X.509 certificate with this certificate path already exists. You must use a unique certificate path.
A certificate revocation list with this certificate revocation list path already exists. You must use a unique certificate revocation list path.
A key information reference with this name already exists. You must use a unique name.
A part reference with this part name already exists. You must use a unique part name.
A transform with this transform name already exists. You must use a unique transform name.
Validation of the binding information failed. You must examine the binding information for inconsistencies in the Web services security deployment descriptors.
Validation of the server binding information failed. You must examine the binding information for inconsistencies in the Web services security deployment descriptors.
Validation of the client binding information failed. You must examine the binding information for inconsistencies in the Web services security deployment descriptors.
Validation of the response sender information failed. You must examine the binding information for inconsistencies in the Web services security deployment descriptors.
Validation of the response receiver information failed. You must examine the binding information for inconsistencies in the Web services security deployment descriptors.
Validation of the request sender information failed. You must examine the binding information for inconsistencies in the Web services security deployment descriptors.
Validation of the request receiver information failed. You must examine the binding information for inconsistencies in the Web services security deployment descriptors.
The run time failed to update the binding configuration information from the repository. Verify the configuration settings. An invalid configuration might cause the update to fail. Restart the server for the changes to take effect.
Nonce is not supported for authentication methods other than BasicAuth.
All fields are required.
User name expiration is required when Add timestamp is selected.
Calculation method, Encoding method, and Value type values are required when the type of key information is Key identifier.
Value type values are required when the type of key information is Security token reference.
If cryptographic operations on a hardware device is selected, a cryptographic hardware configuration name must be specified.
A call to the server to retrieve the algorithm list failed.  Check logs for more information.
SECG1000E: An exception occurred loading the resource {0}: {1}.
A ws-security.xml file was not found in the resource set.
CMSG0002
SECG1001W: The ws-security.xml file was not available in the context {0}.
A ws-security.xml file was not found in the resource context.
CMSG0002
SECG1002E: Cannot find WebServicesSecurityAlgorithmHelper MBean. The exception is {0}.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG1003E: The server cannot find the WebServicesSecurityAlgorithmHelper MBean.
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
SECG1004E: Exception occured while retrieving algorithm list from the WebServicesSecurityAlgorithmHelper MBean
CMSG0001
See the problem determination information on the WebSphere Application Server Support Web page: http://www.ibm.com/software/webservers/appserv/was/support.
(none)
Centrally managed
SSL configuration
Specific to this Web service port
View centrally managed SSL tree
Specific SSL configurations - cell level

Default bindings for Web services security
Specifies a default binding for Web services security. If a Web services archive does not have its own binding, the application server uses the default binding. Otherwise, the application server uses the binding in the archive.
Default generator bindings
Default consumer bindings
Default generator
Web services: Default bindings for Web services security
Specifies a default binding for Web services security. If a Web services archive does not have its own binding, the application server uses the default binding. Otherwise, the application server uses the binding in the archive.
Web services: Server security bindings
Specifies the server-side binding configuration for Web services security.
Web services: Client security bindings
Specifies the client-side binding configuration for Web services security.
Component
Specifies the name of the component that contains the Web service.
Web service
Specifies the name of the Web service.
Port
Specifies the port number of the Web service.





Use defaults
Specifies whether to use the default binding information. When this option is enabled, Web services security uses the default binding information instead of the custom binding information that is defined here.
Required properties
Additional properties
Web services security properties
Properties
Specifies additional properties for the configuration.
Property name
Specifies the name of the property.
Property value
Specifies the value of the property.
Nonce

Specifies the timeout value for the nonce that is cached on the server. Nonce is a randomly generated value.
Distributed nonce caching
Enables distributed caching for nonce by using a data replication service (DRS).
Cryptographic hardware
Enable cryptographic operations on hardware device
Enables the hardware cryptographic device to run cryptographic operations.
Cryptographic hardware configuration name
Specifies the name of the cryptographic hardware device configuration.
Trust anchors
Specifies a list of keystore configurations that contain root-trusted certificates. These configurations are used for certificate path validation of the incoming X.509-formatted security tokens. You must create the keystore using the key tool utility. Do not use the key management utility because it does not create a keystore with the expected format.
Trust anchor name
Specifies the unique name that is used to identify a trust anchor.
Keystore path
Specifies the location of the keystore file.
Keystore type
Specifies the type of keystore file.
LDAP certificate store
Specifies the Lightweight Directory Access Protocol (LDAP) server that contains the untrusted, intermediate certificate entries. This LDAP server is used as the certificate store for the certificate path validation of incoming X.509-formatted security tokens.
Certificate store name
Specifies the string label of the certificate store.
Certificate store provider
Specifies the provider name for the certificate store implementation.
LDAP server
Specifies the host name for the Lightweight Directory Access Protocol (LDAP) server.
LDAP port
Specifies the port number for the Lightweight Directory Access Protocol (LDAP) server.
LDAP server properties
Specifies additional properties for the Lightweight Directory Access Protocol (LDAP) server.
Collection certificate store
Specifies a list of untrusted, intermediate certificate files. This collection certificate store is used for certificate path validation of incoming X.509-formatted security tokens. The root-trusted certificates are specified in the Trust anchors panel.
Certificate store name
Specifies the unique name of the certificate store.
Certificate store provider
Specifies the provider name of the certificate store implementation.
X.509 certificates
Specifies a list of X.509 certificates.
X.509 certificate path
Specifies the path to the X.509 certificate file.
Certificate revocation list
Specifies a list of certificate revocations to check the validity of the certificate.
Certificate revocation list path
Specifies the path to the certificate revocation list file.
Key locators
Specifies a list of key locator configurations that retrieve the key for signature and encryption. You can customize a key locator class to retrieve keys from other types of repositories. The default implementation retrieves keys from a keystore.
Key locator name
Specifies the unique name that is used to identify the key locator definition.
Key locator class name
Specifies the name of the key locator implementation class. The key locator must implement the com.ibm.wsspi.wssecurity.config.KeyLocator class.
Password
Specifies the password for the keystore file. This field is optional if the key locator does not use a keystore.
Path
Specifies the path to the keystore file. This field is optional if the key locator does not use a keystore.
Type
Specifies the type of keystore file. This field is optional if the key locator does not use a keystore.
Keys
Specifies a list of key entries in the keystore with string labels. You do not need to list all of the certificate entries as keys. Instead, the distinguished name (DN) of the certificate is used as the search key.
Key name
Specifies the string label of the key. The key locator uses this name to search for the key.
Key alias
Specifies the alias of the key in the keystore.
Key password
Specifies the password for the key.
Trusted ID evaluators
Specifies a list of trusted identity (ID) evaluators that determine whether the identity-asserting authority is trusted. You can use trusted ID evaluators for backward compatibility with Version 5 applications. However, it is recommended that you use a login module instead.
Trusted ID evaluator name
Specifies the unique name that is used to identify a trusted ID evaluator configuration.
Trusted ID evaluator class name
Specifies the name of the implementation class for the trusted ID evaluator. The trusted ID evaluator must implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator class.




Trusted ID evaluator reference
Specifies the name of the Trusted ID evaluator that is used.
Login mappings
Specifies a list of configurations for validating security tokens within incoming messages.
Login mapping name
Specifies the string label for the login mapping.
Authentication method
Specifies the method that is used for authentication. You can use any string, but the string must match the <AuthMethod> element in the server-level configuration. The following words are reserved and have special meanings: BasicAuth generates the <UsernameToken> element with both a user name and a password; IDAssertion generates the <UsernameToken> element only with a user name; Signature uses the distinguished name (DN) of the signer; and LTPA validates a token.
JAAS configuration name
Specifies the name of the  Authentication and Authorization Service (JAAS) login configuration.
Token type URI
Specifies the namespace URI, which denotes the type of security token that is accepted. If binary security tokens are accepted, the value denotes the valueType attribute in the <BinarySecurityToken> element. If XML tokens are accepted, the value denotes the top-level element name of the XML token. If the reserved words are specified in the Authentication method field that is previously defined, this field is ignored.
Token type local name
Specifies the local name that denotes the type of the security token that is accepted. If binary security tokens are accepted, the value denotes the valueType attribute in the <BinarySecurityToken> element. If XML tokens are accepted, the value denotes the top-level element name of the XML token. If the reserved words are specified in the Authentication method field that is previously defined, this field is ignored.
Callback handler factory class name
Specifies the name of the callback handler factory implementation class. This value implements the com.ibm.wsspi.wssecurity.auth.callback.CallbackHandlerFactory class.
Callback handler factory properties
Specifies additional properties for the callback handler factory.
Make SOAP message available
Description
Nonce maximum age
Specifies the time before the nonce time stamp expires. Nonce is a randomly generated value.
Nonce clock skew
Specifies the clock skew value to consider when the application server checks the currency of the message. Nonce is a randomly generated value.
Algorithm mappings
Specifies a list of URI algorithms for XML digital signature or XML encryption that are mapped to an algorithm factory engine class. Algorithm mappings enable service providers to plug in other cryptographic algorithms.
Algorithm factory engine class
Specifies the class name of the algorithm factory engine implementation.
Algorithm URI
Specifies the algorithm URI for XML digital signature or XML encryption.
Algorithm URI
Specifies the algorithm URI for the selected type.
Algorithm type
Specifies the usage type of this algorithm.




Key information
Specifies the related configuration that is needed to generate the key for XML digital signature or XML encryption.
Key information name
Specifies the unique name that is used to identify the key information definition.
Key information type
Specifies the type of <KeyInfo> element.





Key information class name
Specifies the name of the key information implementation class.
Calculation method
Namespace URI
Specifies the namespace URI part of the Qname that represents the calculation method. This URI is needed when the key information type is Key identifier.
Local name
Specifies the local name part of the Qname that represents the calculation method.
Encoding method
Namespace URI
Specifies the name space URI part of the Qname that represents the encoding method. This URI is needed when the key information type is Key identifier.
Local name
Specifies the local name part of the Qname that represents the encoding method.
Value type
Namespace URI
Specifies the namespace URI part of the Qname that represents the value type. This URI is needed when the key information type is Key identifier or Security token reference.
Local name
Specifies the local name part of the Qname that represents the value type.
Key information reference
References key information elements that are needed for encryption or signing.
Name
Specifies the unique name that is used to identify the key information reference.
Key information reference
Specifies the name of the <KeyInfo> element.
Key locator mapping
Specifies the mapping to the key locator element.
Key locator reference
Specifies the name of the key locator that is used in this <KeyInfo> element.
Key name reference
Specifies the key name that is used in this <KeyInfo> element.

Keystore
OR
None
Specifies that no keystore is defined.
Predefined keystore
Specifies that a predefined keystore be defined.
Keystore configuration name
Specifies the name of the keystore configuration.
User-defined keystore
Specifies that a user-defined keystore be defined.
Path
Specifies the location of the keystore file.
Password
Specifies the password for the keystore file.
Type
Specifies the type of keystore file that is JKS, JCEKS, PKCS11KS (PKCS11), or PKCS12KS (PKCS12).




Key token
Specifies references to either TokenConsumer or TokenGenerator.
Token reference name
Specifies the name of the token reference that is used in this <KeyInfo> element.
Token reference
Refers to the name of either the token generator for generating the token or the token consumer.
Part references
Specifies a reference to the message parts for XML digital signature and XML encryption that are defined in the deployment descriptors. In addition, the digest method can be specified for the message parts.
Part name
Specifies the unique name that is used to identify the reference definition.
Part reference name
Refers to the message part for signature or encryption in the deployment descriptors.
Digest method algorithm
Specifies the cryptographic algorithm that is used to generate the message digest.
Digest method properties
Specifies additional properties for the configuration.
Transforms
Specifies the transform algorithm that is used for processing parts of the message. These message parts are specified in the Part references panel.
Transform name
Specifies the unique name that is used to identify the transform definition.
Transform algorithm
Specifies the algorithm of the transform.
Value type
Specifies the unique type identifier of the token.
Name
Specifies the name of the valueType attribute.
Local name
Specifies the local name of the token.
URI
Specifies the token URI.
JAAS configuration
Specifies the name of the JAAS configuration that is defined in the JAAS Login panel.
JAAS configuration name
Specifies the name of the JAAS system or the name of the application login configuration.
Callback handler
Specifies the parameters for the callback handler that are used for generating the token. Because you can plug in a custom callback handler, you must specify the implementation class name. The application server provides options for identity assertion, basic authentication, and the keystore that are passed to the callback handler implementation.
Callback handler class name
Specifies the name of the callback handler implementation class. The callback handler must implement the javax.security.auth.callback.CallbackHandler class.
Identity assertion
Use identity assertion
Explicitly declares the use of the identity assertion in the token generator component.
Use RunAs identity
Explicitly declares the use of the RunAs identity assertion in the token generator component.
Basic authentication
User ID
Specifies the default user ID that is passed to the constructor of the callback handler.
Password
Specifies the default password that is passed to the constructor of the callback handler.
Token consumers
Specifies the parameters for the token consumer. The information is used only on the consumer side to process the security token. Because you can plug in a custom token consumer, you must specify a  class name.
Token consumer name
Specifies the unique name that is used to identify the token consumer definition.
Token consumer class name
Specifies the name of the token consumer implementation class. The token consumer must implement the com.ibm.wsspi.wssecurity.token.TokenConsumerComponent class.
Username token
Verify nonce
Specifies the processing verification of the nonce.
Verify timestamp
Specifies the processing verification of the timestamp.
Token generators
Specifies the parameters for the token generator. The information is used only on the generator side to generate the security token. Because you can plug in a custom token generator, you must specify a  class name.
Token generator name
Specifies the unique name that is used to identify the token generator definition.
Token generator class name
Specifies the name of the token generator implementation class. The token generator must implement the com.ibm.wsspi.wssecurity.token.TokenGeneratorComponent class.
Username token
Add nonce
Specifies to add <Nonce> under the <UsernameToken> element in the UsernameTokenGenerator.
Add timestamp
Specifies to add <Created> under the <UsernameToken> element in the UsernameTokenGenerator.
User name expiration
Specifies the expiration date of the username token.



Request receiver binding
Specifies the binding configuration to receive request messages for Web services security.
Response sender binding
Specifies the binding configuration to send response messages for Web services security.
Request sender binding
Specifies the binding configuration to send request messages for Web services security.
Response receiver binding
Specifies the binding configuration to receive response messages for Web services security.
Request consumer (receiver) binding
Specifies the binding configuration for the request consumer. You can define how to process the security requirements and the constraints that are defined in the deployment descriptor. If you do not define the binding, the application server uses the default binding at either the server level or the cell level.
Response generator (sender) binding
Specifies the binding configuration for the response generator. You can define how to process the security requirements and the constraints that are defined in the deployment descriptor. If you do not define the binding, the application server uses the default binding at either the server level or the cell level.
Request generator (sender) binding
Specifies the binding configuration for the request generator. You can define how to process the security requirements and the constraints that are defined in the deployment descriptor. If you do not define the binding, the application server uses the default binding at either the server level or the cell level.
Response consumer (receiver) binding
Specifies the binding configuration for the response consumer. You can define how to process the security requirements and the constraints that are defined in the deployment descriptor. If you do not define the binding, the application server uses the default binding at either the server level or the cell level.
Web services security namespace
Specifies the namespace that is used by Web services security to send a request. However, this field configures only the name space value and does not enforce the semantics of the specification that is related to the namespace. Web services security uses the processing semantic only in draft 13 of the OASIS specification.
Signing information
Specifies the configuration for the signing parameters. You also can use these parameters for X.509 certificate validation when the authentication method is IDAssertion and the ID type is X509Certificate in the server-level configuration. In such cases, only fill in the Certificate path field.
Specifies the configuration for the signing parameters.
Signing information name
Specifies the unique name for the signing information.
Signature method
Specifies the algorithm URI of the signature method.
Canonicalization method
Specifies the algorithm URI of the canonicalization method.
Digest method
Specifies the algorithm URI of the digest method.
Signing key
Specifies the key information that is used for signing.
Key name
Specifies the string label of the key. This name is resolved to the actual key by the specified key locator.
Key locator reference
Specifies the reference to the name of the key locator.
Certificate path
Specifies the settings for the certificate path validation. When the Trust any option is specified, this validation is skipped and all of the incoming certificates are trusted.



Trust anchor
Specifies a reference to the name of the trust anchor.
Certificate store
Specifies a reference to the name of the certificate store.

Signing key information
Canonicalization method properties
Specifies additional properties for the configuration.
Signature method properties
Specifies additional properties for the signature algorithm.
Key information signature type
Specifies the type of signature. The type of signature specifies how to sign the key that is used for signature or encryption.


Key information signature properties
Specifies additional properties for the configuration.
Encryption information
Specifies the configuration for the XML encryption and decryption parameters. If the data and key encryption algorithms are specified, the application server only accepts elements that are encrypted with those algorithms.
Encryption information name
Specifies the unique name for the encryption information.
Key locator reference
Specifies a reference to the name of the key locator that is being used.
Encryption key name
Specifies the name of the key. This name is resolved to the actual key that is being used by the specified key locator.
Key encryption algorithm
Specifies the algorithm URI of the key encryption method.
Data encryption algorithm
Specifies the algorithm URI of the data encryption method.
Key encryption algorithm properties
Specifies additional properties for the configuration.
Data encryption algorithm properties
Specifies additional properties for the configuration.


Encryption key information
Login binding
Specifies the configuration that is used for sending the security tokens within the messages.
Specifies the configuration that is used by the sender to generate security tokens in the message. Four predefined authentication methods are available: BasicAuth generates the <UsernameToken> element with both a user name and a password; ID assertion generates the <UsernameToken> element only with a user name; Signature uses the distinguished name (DN) of the signer; and LTPA uses the <BinarySecurityToken> element from the invocation credential or generates the token from BasicAuth data. You also can define a custom authentication method.
Login binding name
Specifies the string label for the login binding.
Authentication method
Specifies the method of authentication. You can use any string, but the string must match the <AuthMethod> element in the service-level configuration. The following four words are reserved and have special meanings: BasicAuth generates the <UsernameToken> element with both a user name and a password; IDAssertion generates the <UsernameToken> element only with a user name; Signature uses the distinguished name (DN) of the signer; and LTPA validates a token.



Callback handler
Specifies the name of the callback handler implementation class. This value must implement the javax.security.auth.callback.CallbackHandler interface and must have a constructor whose signature is (String defaultId, char[] defaultPass, java.util.Map properties).
Token type URI
Specifies the namespace URI that denotes the type of the security token that is accepted. If binary security tokens are accepted, the value denotes the valueType attribute in the <BinarySecurityToken> element. If XML tokens are accepted, the value denotes the top-level element name of the XML token. If the reserved words are specified in the Authentication method field that is previously defined, this field is ignored.
Token type local name
Specifies the local name that denotes the type of security token accepted. If binary security tokens are accepted, the value denotes the valueType attribute in the <BinarySecurityToken> element. If XML tokens are accepted, the value denotes the top-level element name of the XML token. If the reserved words are specified in the Authentication method field that is previously defined, this field is ignored.
Basic authentication user ID
Specifies the default user ID that is passed to the constructor of the callback handler.
Basic authentication password
Specifies the default password that is passed to the constructor of the callback handler.


HTTP basic authentication
The basic authentication method for the HTTP transport.
Basic authentication ID
Specifies the user ID for the HTTP basic authentication that is used for this port. You also can configure HTTP SSL basic authentication by enabling HTTP SSL configuration.
Basic authentication password
Specifies the password for HTTP basic authentication using this port.
HTTP SSL configuration
Specifies the alias of the Secure Sockets Layer (SSL) configuration for the HTTP transport.
HTTP SSL enabled
Specifies whether secure socket communications is enabled for the HTTP transport using this port. When this option is enabled, the application server uses the HTTP SSL configuration setting.
HTTP SSL configuration
Specifies the Secure Sockets Layer (SSL) configuration to use with the HTTP transport for this port. This configuration is used if the specific option is selected.
Allow the SSL definition that is used for this Web service port to be centrally managed or specify an SSL configuration.
Collection of Secure Sockets Layer (SSL) configuration definitions for this cell.  One of these definitions can be used as the specific SSL configuration for this Web service port.
Browse the centrally managed SSL configuration tree.

z/OS native processes
z/OS configuration of JMS native processes
JMS native process on z/OS
JMS queue manager
Command prefix
z/OS additional settings
z/OS additional settings
z/OS additional settings
Network quality of service
None
Host
URI
HOSTURI
TCLASS
Transaction class mapping
z/OS additional settings
z/OS additional settings
z/OS additional settings
ORB listener keep alive
ORB SSL listener keep alive
Workload manager timeout
Workload profile
ISOLATE
IOBOUND
CPUBOUND
LONGWAIT
z/OS location service
z/OS location service daemon
Job name
Host name
Port
SSL port
SSL settings
ICSF
ICSF
ICSF
Timeout
Encryption cryptographic key
Listening IP name
Daemon IP name
Start command


Specifies the native process properties of the  Message Service (JMS) integral provider.
Specifies the name of the  Message Service (JMS) queue manager.
Specifies the subsystem command prefix of the  Message Service (JMS) queue manager.

Use this page to view and modify  additional settings for the Web container.
Specifies the network quality of service.  Specify one of the following values: HOST, URI, HOST URI, or TCLASS.
Specifies the name of the transaction Class file.

Use this page to view and modify  additional settings for the Object Request Broker (ORB).
Specifies the maximum time in seconds that an idle IIOP session remains connected.  The value range is 0 - 2147040, where 0 means no connection timeout.
Specifies the maximum time in seconds that an idle IIOP SSL session remains connected.  The value range is 0 - 2147040, where 0 means no connection timeout.
Specifies the maximum time, in seconds, that a request can be queued awaiting dispatch to a servant process.  The value range is 0 - 2147040, where 0 means no timeout.
Specifies the server workload profile: ISOLATE, IOBOUND, CPUBOUND, or LONGWAIT.
Use this page to specify the configuration settings for the location service daemon for this cell.  Changes made to these settings apply to the entire cell and to the location service daemon instance on each node in the cell.
Specifies the  job name of the location service daemon.
Specifies the host name to use when contacting the location service daemon.
Specifies the port location on which the service daemon listens for Remote Method Invocation and Internet Inter-ORB (RMI/IIOP) requests.
Specifies the port location on which the service daemon listens for encrypted Remote Method Invocation and Internet Inter-ORB (RMI/IIOP) requests.
Specifies a list of predefined Secure Sockets Layer (SSL) settings for connections.  These settings are configured at the SSL repertoire panel.
Use this page to configure ICSF. ICSF requires that the Cryptographic Coprocessor Facility (CCF) of the  processor is enabled and active.  The encryption keys are stored in the Cryptographic Key Data Set (CKDS) that is encrypted with the Triple DES master key of the  system.
Specifies the time period, in minutes, that a Lightweight Third Party Authentication (LTPA) token expires.  Set this time period longer than the cache timeout value that is configured in the Global Security panel.
Specifies the label of the cryptographic key that is used for Web applications, and for administrative security when using the SOAP HTTP connector.
Specifies the IP name that the location service daemon listens on.  The IP name must resolve to a single IP address or be a dynamic VIPA (DVIPA).
Specifies the IP name that clients use to access Enterprise  (EJB) and CORBA components on servers that belong to the sysplex node group that is served by this location service daemon.  The IP name must resolve to a single IP address or be a dynamic VIPA (DVIPA).
Specifies the command string that is used by servers to autostart the location service daemon.


Reference topic

Terms of Use | Feedback

Last updated: 15 Mar 2007
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.pmc.nd.doc\share\auto_help_was_entities.html

© Copyright IBM Corporation 2004, 2007. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)