[AIX Solaris HP-UX Linux Windows][IBM i]

DMZ Secure Proxy Server installation information

Installation requirements, examples, and other information for installing and uninstalling the DMZ Secure Proxy Server for IBM® WebSphere® Application Server. DMZ Secure Proxy Server for IBM WebSphere Application Server delivers a high performance reverse proxy capability that can be used at the edge of the network to route, load balance, and improve response times for requests to web resources.

About the DMZ Secure Proxy Server

The DMZ Secure Proxy Server for IBM WebSphere Application Server enables you to install your proxy server in the demilitarized zone (DMZ), while reducing the security risk that might occur if you choose to install an application server in the DMZ to host a proxy server. The risk is reduced by removing any functionality from the application server that is not required to host the proxy servers, but that can pose a security risk.

Before you install the DMZ Secure Proxy Server, plan your topology and determine where to install each component. The DMZ Secure Proxy Server is typically installed on a separate machine from WebSphere Application Server. For information about planning administrative topologies, see Planning to install WebSphere Application Server.

Requirements

In addition to the following requirements, your system might require other prerequisites so that you can install WebSphere Application Server offerings. For more information, see Preparing the operating system for product installation.

  • For transitioning users For transitioning users: IBM SDK, Java™ Technology Edition is no longer embedded with the DMZ Secure Proxy Server for WebSphere Application Server. The Java SDK is available as a separate offering that must be installed when you install the DMZ Secure Proxy Server.IBM SDK, Java Technology Edition, Version 8 is the Java SDK version for WebSphere Application Server Version 9.0.trns
  • The DMZ Secure Proxy Server requires up to 350 MB of disk space.

Repositories and offering IDs

To install the DMZ Secure Proxy Server from the online service repository, use the following repository URL with Installation Manager:
http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90
When you use the command line or response files to install, uninstall, or otherwise modify the DMZ Secure Proxy Server, specify the main offering ID. You can also add a comma-separated list of optional features to install.
Table 1. Offering and optional feature IDs
Offering ID Optional feature IDs Default features
DMZ Secure Proxy Server for IBM WebSphere Application Server
com.ibm.websphere.NDDMZ.v90
  • core.feature: DMZ Secure Proxy Server for IBM WebSphere Application Server
    This feature must be specified to specify the following optional subfeature:
    • thinclient: Standalone thin clients and resource adapters
No default features

For a complete list of product repositories and offering IDs, see Online product repositories for WebSphere Application Server offerings and WebSphere Application Server product offerings for supported operating systems.

Installation examples

All WebSphere Application Server offerings are installed by using IBM Installation Manager. For step-by-step instructions for installing product offerings, see Installing the product offerings.

[AIX Solaris HP-UX Linux Windows]Important: Because IBM SDK Java Technology Edition is no longer embedded with the product, you must specify both the DMZ Secure Proxy Server offering ID (com.ibm.websphere.NDDMZ.v90) and the IBM Java SDK offering ID (com.ibm.java.jdk.v8). The DMZ Secure Proxy Server cannot be installed without a Java SDK.
Command-line examples

For step-by-step instructions for installing by using the command line, see Installing the product offerings by using the command line.

[Windows]
imcl.exe install com.ibm.websphere.NDDMZ.v90 com.ibm.java.jdk.v8
  -repositories http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90 
  -installationDirectory "C:\Program Files\IBM\WebSphere\AppServer"
  -sharedResourcesDirectory "C:\Program Files\IBM\IMShared"
  -preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false
  -secureStorageFile C:\IM\credential.store -masterPasswordFile C:\IM\master_password.txt
  -log installv9dmz.xml
  -acceptLicense
  -showProgress
[Linux]
./imcl install com.ibm.websphere.NDDMZ.v90 com.ibm.java.jdk.v8
  -repositories http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90 
  -installationDirectory /opt/IBM/WebSphere/AppServer
  -sharedResourcesDirectory /opt/IBM/IMShared
  -preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false
  -secureStorageFile /var/IM/credential.store -masterPasswordFile /var/IM/master_password.txt
  -log installv9dmz.xml
  -acceptLicense
  -showProgress
[IBM i]
./imcl install com.ibm.websphere.NDDMZ.v90
  -repositories https://downloads.mycorp.com:8080/WAS_90_repository
  -installationDirectory /QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ
  -properties was.install.os400.profile.location=/QIBM/UserData/WebSphere/AppServer/V9/NDDMZ
  -sharedResourcesDirectory /QIBM/UserData/InstallationManager/IMShared
  -secureStorageFile $HOME/WASFiles/temp/credential.store
  -acceptLicense
  -showProgress
Response file example

For step-by-step instructions for installing by using a response file, see Installing the product offerings by using response files.

[Windows]
<?xml version="1.0" encoding="UTF-8"?>
<agent-input clean="true" temporary="true">
<server>
<repository location="http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90" />
</server>
<install modify='false'>
<offering id='com.ibm.websphere.NDDMZ.v90' 
  profile='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0' 
  features='core.feature,thinclient' installFixes='none'/>
<offering id='com.ibm.java.jdk.v8'
  profile='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0'
  features='com.ibm.sdk.8'/>
</install>
<profile id='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0' 
  installLocation='C:\Program Files\IBM\WebSphere\AppServer'>
<data key='eclipseLocation' value='C:\Program Files\IBM\WebSphere\AppServer'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.nl' value='en'/>
</profile>
</agent-input>
[IBM i]
<?xml version="1.0" encoding="UTF-8"?>
<agent-input>
<server>
  <repository location='http://www.ibm.com/software/repositorymanager/com.ibm.websphere.NDDMZ.v90'/>
</server>
<profile id='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0' installLocation='/QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ'>
  <data key='eclipseLocation' value='/QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ'/>
  <data key='was.install.os400.profile.location' value='/QIBM/UserData/WebSphere/AppServer/V9/NDDMZ'/>
  <data key='user.import.profile' value='false'/>
  <data key='cic.selector.nl' value='en'/>
</profile>
<install modify='false'>
  <offering profile='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0' features='core.feature,thinclient' id='com.ibm.websphere.NDDMZ.v90'/>
</install>
<preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/QIBM/UserData/InstallationManager/IMShared'/>
<preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.readTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
<preference name='offering.service.repositories.areUsed' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
<preference name='http.ntlm.auth.kind' value='NTLM'/>
<preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
<preference name='PassportAdvantageIsEnabled' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
</agent-input>

Usage notes

The versionInfo and historyInfo commands return version and history information for the DMZ Secure Proxy Server based on all of the installation, uninstallation, update, and rollback activities performed on the system.

After you install the DMZ Secure Proxy Server, you can create a secure proxy server profile using the manageprofiles command. On AIX, Linux, and Windows, you can also use the Profile Management Tool.

The following example shows a manageprofiles command for creating a secure proxy server profile. The example is based on the following assumptions:
  • Security is to be enabled.
  • The system host name is myhost.abc.com.
  • The DMZ Secure Proxy Server is installed at the default location.
  • The administrative user name is wasadmin.
  • The password is password.
[Windows]
manageprofiles -create
  -portsFile "C:\Program Files\IBM\WebSphere\AppServer_1\profileTemplates\secureproxy\actions\portsUpdate\portdef.props"
  -serverName proxy1
  -nodeName myhost
  -hostName myhost.abc.com
  -cellName myhost 
  -adminUserName wasadmin
  -adminPassword password
  -templatePath "C:\Program Files\IBM\WebSphere\AppServer_1\profileTemplates\secureproxy"
  -enableAdminSecurity true
  -profileName SecureProxySrv01
[IBM i]
manageprofiles -create
  -portsFile /QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ/profileTemplates/secureproxy/actions/portsUpdate/portdef.props
  -serverName proxy1
  -nodeName myhost
  -hostName myhost.abc.com
  -cellName myhost 
  -adminUserName wasadmin
  -adminPassword password
  -templatePath /QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ/profileTemplates/secureproxy
  -enableAdminSecurity true
  -profileName SecureProxySrv01

Uninstallation examples

All WebSphere Application Server offerings are uninstalled by using IBM Installation Manager. For step-by-step instructions for uninstalling product offerings, see Uninstalling the product offerings.

Avoid trouble Avoid trouble: IBM SDK, Java Technology Edition (com.ibm.java.jdk.v8) must be uninstalled at the same time that you uninstall the product offering. gotcha
Command-line examples

For step-by-step instructions for uninstalling by using the command line, see Uninstalling the product offerings by using the command line.

[Windows]
imcl.exe uninstall com.ibm.websphere.NDDMZ.v90 com.ibm.java.jdk.v8
  -installationDirectory "C:\Program Files\IBM\WebSphere\AppServer"
[HP-UX][Linux][Solaris]
./imcl uninstall com.ibm.websphere.NDDMZ.v90 com.ibm.java.jdk.v8
  -installationDirectory /opt/IBM/WebSphere/AppServer
[IBM i]
./imcl uninstall com.ibm.websphere.NDDMZ.v90
  -installationDirectory /QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ
Response file example

For step-by-step instructions for uninstalling by using a response file, see Uninstalling the product offerings by using response files.

[Windows]
<?xml version="1.0" encoding="UTF-8"?>
<agent-input clean='true' temporary='true'>
<uninstall modify='false'>
<offering id='com.ibm.websphere.NDDMZ.v90' 
  profile='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0'/>
<offering id='com.ibm.java.jdk.v8' 
  profile='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0' />
</uninstall>
<profile id='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0' 
  installLocation='C:\Program Files\IBM\WebSphere\AppServer'>
<data key='eclipseLocation' value='C:\Program Files\IBM\WebSphere\AppServer'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.nl' value='en'/>
</profile>
</agent-input>
[IBM i]
<?xml version="1.0" encoding="UTF-8"?>
<agent-input clean='true' temporary='true'>
<uninstall modify='false'>
<offering id='com.ibm.websphere.NDDMZ.v90' 
  profile='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0'/>
</uninstall>
<profile id='DMZ Secure Proxy Server for IBM WebSphere Application Server V9.0' 
  installLocation='/QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ'>
  <data key='eclipseLocation' value='/QIBM/ProdData/WebSphere/AppServer/V9/NDDMZ'/>
  <data key='was.install.os400.profile.location' value='/QIBM/UserData/WebSphere/AppServer/V9/NDDMZ'/>
  <data key='user.import.profile' value='false'/>
  <data key='cic.selector.nl' value='en'/>
</profile>
</profile>
</agent-input>

Icon that indicates the type of topic Reference topic



Timestamp icon Last updated: March 5, 2017 23:55
File name: rins_dmz_info.html