DMZ Secure Proxy Server for IBM WebSphere Application Server administration options

The DMZ Secure Proxy Server for IBM® WebSphere® Application Server is administered differently than the WebSphere proxy server. The DMZ Secure Proxy Server for IBM WebSphere Application Server is a separate binary installed in the DMZ. Installing the DMZ Secure Proxy Server for IBM WebSphere Application Server in the DMZ requires that administration be managed differently for security reasons. Several administrative options are available for administering the DMZ Secure Proxy Server for IBM WebSphere Application Server to provide different levels of balance between security and usability.

The most secure way to administer the DMZ Secure Proxy Server for IBM WebSphere Application Server is locally using the wsadmin tool. The DMZ Secure Proxy Server for IBM WebSphere Application Server does not have web container therefore local administration can only be done via the command line. Using the wsadmin commands locally to manage the DMZ Secure Proxy Server for IBM WebSphere Application Server is the most secure option available because it does not require any external listening ports to be opened.

The DMZ Secure Proxy Server for IBM WebSphere Application Server configurations can also be managed within the network deployment application server cell and then imported locally using the wsadmin commands. The configurations are maintained inside the cell as configuration only profiles. The profiles are registered with the Admin Agent and are then managed using the administrative console. After you implement any changes to the profile, you export the configuration to an configuration archive (CAR) file using the exportProxyProfile or exportProxyServer wsadmin commands. After you transmit the CAR file to the local DMZ Secure Proxy Server for IBM WebSphere Application Server installation using ftp, the CAR file is imported using the importProxyProfile or importProxyServer wsadmin commands. This option is also considered to be local administration.

The DMZ Secure Proxy Server for IBM WebSphere Application Server can be managed remotely from the Job Manager console. You can create, delete, start, stop and modify the DMZ Secure Proxy Server for IBM WebSphere Application Server configuration using the Job Manager console. However, typically before managing the DMZ Secure Proxy Server for IBM WebSphere Application Server using the Job Manager console, the DMZ Secure Proxy Server for IBM WebSphere Application Servers would be created and configured using one of the other administrative options explained above. Using the Job Manager console is useful for centrally managing multipleDMZ Secure Proxy Server for IBM WebSphere Application Servers but is less secure than the other options because it requires the SOAP connector listener port to be opened for communication with the Job Manager console.




Related concepts
DMZ Secure Proxy Server for IBM WebSphere Application Server
DMZ Secure Proxy Server for IBM WebSphere Application Server start up user permissions
DMZ Secure Proxy Server for IBM WebSphere Application Server routing considerations
Error handling security considerations for the DMZ Secure Proxy Server for IBM WebSphere Application Server
Administrative agent
Job manager
Related tasks
Administering jobs in a flexible management environment using wsadmin scripting
Tuning the security properties for the DMZ Secure Proxy Server for IBM WebSphere Application Server
Related reference
ConfigArchiveOperations command group for the AdminTask object using wsadmin scripting
ProxyManagement command group for the AdminTask object
Concept topic    

Terms of Use | Feedback

Last updated: Oct 21, 2010 7:37:48 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=csecspxyadm
File name: csec_spxy_adm.html