Network Deployment (Distributed operating systems), v8.0 > Set up intermediary services > Set up the proxy server


WebSphere DMZ Secure Proxy Server for IBM WAS

The DMZ Secure Proxy Server for IBM WAS can be used to provide a secure platform for your proxy server.

The DMZ Secure Proxy Server for IBM WAS installation enables you to install your proxy server in the demilitarized zone (DMZ), while reducing the security risk that might occur if you choose to install an application server in the DMZ to host a proxy server. The risk is reduced by removing any functionality from the application server that is not required to host the proxy servers, but that can pose a security risk. Installing the secure proxy server in the DMZ rather than the secured zone presents new security challenges. However, the secure proxy server is equipped with capabilities to provide protection from these challenges.

The following capabilities are available to harden the security of the DMZ Secure Proxy Server for IBM WAS and to determine the level of security to assign.

When creating the DMZ Secure Proxy Server for IBM WAS, you can choose any of the default security levels: High, Medium or Low.

The High DMZ security level cannot be used for SIP proxy servers, because static routing cannot be used for the SIP proxy server.

In addition to these predefined settings, you can customize the settings to better serve your requirements. If you choose to customize the settings, your DMZ Secure Proxy Server for IBM WAS is assigned a qualitative categorization of the security level called the current security level. Each custom setting has been assigned a value of High, Medium or Low. The current security level is equal to the value of the least secure setting being used.

To achieve a current security level of High, only settings assigned the high value can be configured.

To achieve a current security level of Medium, only settings with values of High or Medium can be used. A current security level of Low is used if any settings that are assigned the value of Low are set.

An additional change to enhance the protection for the DMZ Secure Proxy Server for IBM WAS is the switch from a Java Development Kit (JDK) to a Java Runtime Environment (JRE). Switching from a JDK to a JRE removes the inclusion of a compiler on the installation. This change is beneficial because the compiler can possibly be used for malicious purposes in the event of a security breach.
Configure a DMZ Secure Proxy Server for IBM WAS
Set up the proxy server

+

Search Tips   |   Advanced Search