IBM Support

ITM Integration Series: Accessing the TEP console via a reverse proxy server. It can be done!

Technical Blog Post


Abstract

ITM Integration Series: Accessing the TEP console via a reverse proxy server. It can be done!

Body

image

Hi All -

In this specific example we will use the Oracle 1.7 JRE, a browser client and an Apache reverse proxy (which provides a https based URL which is redirected via the junction to the TEP console at a http URL). As there are an array of JREs, reverse proxy and browser combinations it is not possible for IBM to verify and officially support them all, but hopefully these steps will help you along the path of making the successful connection from your browser to the TEP console!


For reference, this configuration has only been tested internally with the IBM WebSeal reverse proxy.

 

As a first step, lets compile a diagram showing the expected communication path. We can then add the necessary configuration changes needed

The following diagram shows the components in the environment and the points of configuration that need to be modified...

 

Configuration Changes

(1) Your first port of call will be the reverse proxy redirct settings. We will need to configure the reverse proxy with the redirect URL to be used and URL of the TEP console.

The TEP console URL should reflect the actual address to be used if launching the TEP directly without the inclusion of the reverse proxy server

e.g. https://myredirect.url.ibm.com:5555/cnp.html is routed to http://1.2.3.4:15200

[where 'myredirect.url.ibm.com' is the address the proxy is expecting for redirection and '1.2.3.4' is the IP address of your TEP server that you would use if logging on directly.

If your TEPS was listening on https then the redirect would be to https:1.2.3.4:15201]

 

(2) Next we will check the applet.html that will be downloaded by the end user's broswer. In the applet.html add the following protocol setting...

(The file can be found under $CANDLEHOME/<interp>/cw on Unix/Linux and under $CANDLEHOME\CNB on Windows)

Add this property to the 'var parameters' section near the bottom of the file...

'tep.connection.protocol': 'http'

[This allows us to establish a http interface between the TEP client and the server instead of the default IIOP connection which the proxy server is not able to handle and redirect.

Again if your TEPS was listening on https the protocol value would be 'https']

 

(3) Please make the following change in the TEPS eWAS virtualhost.xml file.

The file is located in the following directory on the TEPS...


[For Unix/Linux...]
$CANDLEHOME/<aix536>/iw/profiles/ITMProfile/config/cells/ITMCell/virtualhosts.xml  
(where <aix536> is to be replaced with your interp type)


[For Windows..]

$CANDLEHOME\CNPSJ\profiles\ITMProfile\config\cells\ITMCell\virtualhosts.xml

 
Look for the following line in the virtualhosts file. 
<aliases xmi:id="HostAlias_1432149690898" hostname="*" port="15201"/>  

Copy the contents of the line above and paste it directly below. Modify it as follows... 
   
<aliases xmi:id="HostAlias_1432149690899" hostname="*" port="5555"/>

[note the HostAlias value is increased by 1 and the port is set to the redirect port used by the reverse proxy - this change allows the eWAS webserver to accept incoming connections from the reverse proxy server]
   
(4) Once the change is made to the virtualhosts.xml file, recycle the TEPS and try logging on at the following URL

https://myredirect.url.ibm.com:5555/cnp.html


The request to the reverse proxy is made via a https connection. The reverse proxy passes the request onto the TEP server via a http connection.

The TEP console login page is returned to the end user's browser.

 

Remember, this is not an officially supported procedure (i.e. it has not been verified or certified in-house), so the onus will be on you to maintain the changes
(especially to the virtualhosts.xml file) during maintenance changes and upgrades/migrations.
From tests performed in a lab environment the changes are known to be persisted during restarts and reconfigures of the TEP console


Hopefully these steps will help you in configuring a successful connection to your TEP browser client!

 

 

Check out all our other posts and updates:
===============================
Academy Blogs:                   http://ow.ly/Otue0
Academy Videos:                 http://ow.ly/PIKFz
Academy Google+:              http://ow.ly/Dj3nn
Academy Twitter Handle:     http://ow.ly/Dj35c

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

UID

ibm11278268

Page Feedback