DMZ Secure Proxy Server for IBM WebSphere Application Server

You can use the DMZ Secure Proxy Server for IBM® WebSphere® Application Server to provide a secure platform for your proxy server.

The DMZ Secure Proxy Server for IBM WebSphere Application Server installation enables you to install your proxy server in the demilitarized zone (DMZ), while reducing the security risk that might occur if you choose to install an application server in the DMZ to host a proxy server. The risk is reduced by removing any functionality from the application server that is not required to host the proxy servers, but that could pose a security risk. Installing the secure proxy server in the DMZ rather than the secured zone presents new security challenges. However, the secure proxy server is equipped with capabilities to provide protection from these challenges.

The following capabilities are available to increase the security of the DMZ Secure Proxy Server for IBM WebSphere Application Server and to determine the level of security to assign.
When creating the DMZ Secure Proxy Server for IBM WebSphere Application Server, you can choose any of the default security levels: High, Medium or Low.
Important: The High DMZ security level cannot be used for SIP proxy servers because static routing cannot be used for the SIP proxy server.

In addition to these predefined settings, you can customize the settings for your requirements. If you choose to customize the settings, your DMZ Secure Proxy Server for IBM WebSphere Application Server is still be assigned a qualitative categorization of your security level called the current security level. Each custom setting has been assigned a value of High, Medium or Low. The current security level is equal to the value of the least secure setting being used. To achieve a current security level of High, only settings assigned the high value can be configured. To achieve a current security level of Medium, only settings with values of High or Medium can be used. A current security level of Low is used if any settings that are assigned the value of Low are set.

An additional change to enhance the protection for the DMZ Secure Proxy Server for IBM WebSphere Application Server is the switch from a Java Development Kit (JDK) to a Java Runtime Environment (JRE). Switching from a JDK to a JRE removes the inclusion of a compiler on the installation. This change is beneficial because the compiler might be used for malicious purposes in the event of a security breach.

No JRE currently is available for i5/OS® systems; therefore, a JDK is used. For protection against this type of threat you can manually remove the tools.jar file from the JDK installation root.




Related tasks
Configuring a DMZ Secure Proxy Server using the administrative console
Setting up the proxy server
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 5, 2014 9:49:51 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-mp&topic=cjpx_secpxdmz
File name: cjpx_secpxdmz.html