In WAS v7, customers have access to a DMZ-hardened version of the proxy server. This server ships on a separate installer that contains a subset of the full WAS ND installation. It contains a few notable differences from the ND install that make it suitable for installation in a DMZ:
- No JDK: The secure proxy utilizes only the JRE, so no compiler is available in the DMZ.
- Fewer Listening Ports: The security proxy can be configured to have as few as two listening ports (HTTP and HTTPS).
- Slimmer set of jars: Since the proxy does not require certain functionality (e.g. web container, EJB container, web services, etc.), jars containing this function are omitted from the install for security and memory footprint purposes.
- Slimmer set of active services: The secure proxy utilizes runtime provisioning (new in v7) to start only the required services. Services like JNDI, application install, and ORB are not started.
The DMZ Secure Proxy Server is a nice upgrade over the IHS plug-in and Edge Proxy in terms of feature set, scalability, performance, and WAS integration and I am very excited to see customers begin reaping the benefits of deploying it.
2 comments:
Is it true that this feature is only available to WAS ND and not base?
Yes, both the DMZ Secure Proxy Server and the original WebSphere Proxy Server are only available in WAS ND. Many of the value-add functions of the proxy server are only applicable in an ND environment (e.g. load balancing, HA), and thus it is only available in ND as well.
-Aaron
Post a Comment