DMZ Secure Proxy Server for IBM WebSphere Application Server administration options

The DMZ Secure Proxy Server for IBM® WebSphere® Application Server is administered differently than the WebSphere proxy server. The DMZ Secure Proxy Server for IBM WebSphere Application Server is a separate binary installed in the DMZ. Installing the DMZ Secure Proxy Server for IBM WebSphere Application Server in the DMZ requires that administration be managed differently for security reasons. Several administrative options are available for administering the DMZ Secure Proxy Server for IBM WebSphere Application Server to provide different levels of balance between security and usability.

The most secure way to administer the DMZ Secure Proxy Server for IBM WebSphere Application Server is locally using the wsadmin tool. The DMZ Secure Proxy Server for IBM WebSphere Application Server does not have web container. Therefore, local administration can only be done via the command line. Using the wsadmin commands locally to manage the DMZ Secure Proxy Server for IBM WebSphere Application Server is the most secure option available because it does not require any external listening ports to be opened.

The DMZ Secure Proxy Server for IBM WebSphere Application Server configurations can also be managed within the network deployment application server cell and then imported locally using the wsadmin commands. The configurations are maintained inside the cell as configuration only profiles. The profiles are registered with the Admin Agent and are then managed using the administrative console. After you implement any changes to the profile, you export the configuration to a configuration archive (CAR) file using the exportProxyProfile or exportProxyServer wsadmin commands. After you transmit the CAR file to the local DMZ Secure Proxy Server for IBM WebSphere Application Server installation using ftp, the CAR file is imported using the importProxyProfile or importProxyServer wsadmin commands. This option is also considered to be local administration.

Note: Due to security reasons, the number of listening ports on the secure proxy is minimized. You might not be able to manage, start, stop the secure proxy from the admin agent or the job manager remotely when admin security is enabled.



Related concepts
WebSphere DMZ Secure Proxy Server for IBM WebSphere Application Server
DMZ Secure Proxy Server for IBM WebSphere Application Server start up user permissions
DMZ Secure Proxy Server for IBM WebSphere Application Server routing considerations
Error handling security considerations for the DMZ Secure Proxy Server for IBM WebSphere Application Server
Administrative agent
Job manager
Related tasks
Administering jobs in a flexible management environment using wsadmin scripting
Tuning the security properties for the DMZ Secure Proxy Server for IBM WebSphere Application Server
Related reference
ConfigArchiveOperations command group for the AdminTask object using wsadmin scripting
ProxyManagement command group for the AdminTask object
Concept topic Concept topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 3:08:41 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-zos&topic=csecspxyadm
File name: csec_spxy_adm.html