Planning for secure proxy administrative agents

A secure proxy administrative agent provides a single interface to administer multiple secure proxy servers.

About this task

An administrative agent can monitor and control multiple servers on one or more nodes. By using a single interface to administer your servers, you reduce the overhead of running administrative services in every server.

Use the WebSphere Customization Tools or the zpmt command and the customization jobs that they generate to configure a secure proxy administrative agent on z/OS. The secure proxy administrative agent does not run an administrative console application; instead, it accepts commands through scripting or from a job manager with which it is registered. The administrative agent must run on the same z/OS system as the secure proxy servers that it manages, and it must use the same SAF configuration group as the servers to be managed.

After the administrative agent is up and running, you can use the following commands to register and unregister a secure proxy server node with the administrative agent:
  • registerNode

    Run the registerNode command to register a node with the administrative agent. When you run the command, the standalone node is converted into a node that the administrative agent manages. The administrative agent and the node being registered must be on the same system. You can only run the command on an unfederated node. If the command is run on a federated node, the command exits with an error.

    Any node registered with the administrative agent automatically becomes eligible to register with the job manager.

  • deregisterNode

    Use the deregisterNode command to deregister a node from an administrative agent so that you can use the node standalone or register the node with another administrative agent. The node must have been previously registered with the administrative agent. When you deregister a node, the node configuration is retained but is marked as not registered with the administrative agent.

An administrative agent can register any of the profiles that it manages with a job manager.

For more information, read the "Administering nodes using the administrative agent" article in the information center.

Restrictions: If global security is enabled, the following restrictions apply to the administrative agent:
  • - From the administrative console:
    • You will not see the status of the proxy servers.
    • You will not be able to start or stop the proxy servers. Use the command-line tools instead.
    • You cannot use runtime tabs to make changes to the running proxy servers.
  • From scripting, you will not be able to use the AdminControl scripting object to make changes to the proxy servers.
Caution: Keep your environment secure. Do not disable administrative security to work around the restrictions.

Procedure

  1. Print a copy of the customization worksheet.
  2. Fill out the worksheet as described in z/OS customization variables: Secure proxy administrative agents.
  3. Save the worksheet for use during secure proxy administrative agent customization.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 6, 2014 2:33:37 AM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=tins_planningspaa
File name: tins_planningspaa.html