You can create a DMZ Secure Proxy Server inside of
a network deployment cell by using the administrative console of an administrative agent. You can
then export the secure proxy server to a node in the demilitarized zone (DMZ) into which you can
import the configuration. After the secure proxy server is created on a node in the DMZ,
administration can be done locally or by using the Job Manager console.
![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
Before you begin
Complete the following tasks:
- Review the information on selecting a front end for your DMZ Secure Proxy Server topology. Determine whether you should
set up a web server plug-in, a proxy server, or a secure proxy server to provide session affinity,
failover support, and workload balancing for your DMZ Secure Proxy Server topology.
- Install the DMZ Secure Proxy Server code.
See the
information on installing the DMZ Secure Proxy Server image
for more details.
- Create a secure proxy server (configuration-only) profile on a network-deployment installation
by using either the Profile Management Tool or the manageprofiles command.
Read about creating secure proxy profiles for more information on creating the profile by using
the Profile Management Tool.
- Create an administrative agent profile on the network-deployment installation by using either
the Profile Management Tool or the manageprofiles command.
See the page about
creating management profiles with administrative agents for more details.
About this task
The DMZ Secure Proxy Server for IBM® WebSphere® Application Server does not
contain a web container and does not have an administrative console. Secure proxy server
configurations can also be managed within a network deployment application server cell and then
imported locally into the DMZ Secure Proxy Server by using
wsadmin commands. The configurations are created and maintained inside the network deployment
application server cell as configuration-only profiles. The profiles are registered with the
administrative agent and are then managed by using the administrative console. You configure the
secure proxy server profile in the network deployment application server cell, export the
configuration to a configuration archive (CAR) file by using the
exportProxyProfile or exportProxyServer wsadmin command,
transmit the CAR file to the local secure proxy server installation by using FTP, and import the
configuration into the DMZ Secure Proxy Server by using the
importProxyProfile or importProxyServer wsadmin command. You
then repeat the process if any changes are made to the secure proxy server configuration.
Procedure
- Start an administrative agent on a network-deployment installation.
- Register the secure proxy (configuration-only) profile with the administrative agent by using
the registerNode command.
- Restart the administrative agent.
- When the administrative agent prompts you with a list of the nodes that it manages, select the
node from the secure proxy (configuration-only) profile.
- From the administrative console of the administrative agent, select .
- Click New to access the Proxy Server Creation wizard.
- Select the DMZ Secure Proxy Server for IBM WebSphere Application Server
node.
- Complete the steps in the wizard to create a new secure proxy server.
This new secure proxy server is only used as a configuration. It cannot be started inside of the
cell.
- Set the sipClusterCellName custom property to be the cell name that
contains the configured cluster of SIP containers. This step applies to the SIP proxy only, and not to the HTTP server. For more information
about how to set this custom property, see the information on SIP proxy server custom properties in
the product documentation.
- Save the configuration.
- Using the wsadmin tool, connect to the secure proxy server profile.
- Export your configuration to be used inside of the DMZ; you can export the entire profile or
export the server.
- Using FTP, transfer the configuration archive to the local secure proxy server node.
- Start the wsadmin tool on the secure proxy server profile.
- Import the entire profile, or import the server.
- Use the importProxyProfile command to import the profile. In the following
example, the existing secure proxy server in the profile is replaced with the server in the imported
proxy profile; for example:
![[Windows]](../images/windows.gif)
AdminTask.importProxyProfile(['-archive', 'c\myCell.car', '-deleteExistingServers', 'true'])
![[Linux]](../images/linux.gif)
![[Solaris]](../images/solaris.gif)
![[AIX]](../images/aixlogo.gif)
![[HP-UX]](../images/hpux.gif)
![[IBM i]](../images/iseries.gif)
![[z/OS]](../images/ngzos.gif)
AdminTask.importProxyProfile(['-archive', '/myCell.car', '-deleteExistingServers', 'true'])
- Use the importProxyServer command to import the server. In the following
example, the existing secure proxy server is replaced with the imported proxy server; for example:
![[Windows]](../images/windows.gif)
AdminTask.importProxyServer('[-archive c:\myServer.ear -nodeInArchive node1 -serverInArchive proxy1
-deleteExistingServer true]')
![[Linux]](../images/linux.gif)
![[Solaris]](../images/solaris.gif)
![[AIX]](../images/aixlogo.gif)
![[HP-UX]](../images/hpux.gif)
![[IBM i]](../images/iseries.gif)
![[z/OS]](../images/ngzos.gif)
AdminTask.importProxyServer('[-archive /myServer.ear -nodeInArchive node1 -serverInArchive proxy1
-deleteExistingServer true]')
- Save the configuration changes.
Use the following command example to save your configuration
changes:
AdminConfig.save()