Can the WebSphere Virtual Enterprise deployment manager be in the demilitarized zone?

Technote (FAQ)


Question

Can the WebSphere Virtual Enterprise deployment manager be in the demilitarized zone?

Cause

The WebSphere Virtual Enterprise Best Practices Redbook indicates that "On demand routers (ODR) should not be placed (neither supported nor recommended) in a DMZ because the ODR requires complex communication between autonomic managers, application servers, and deployment managers...". This statement refers to WebSphere Application Server Network Deployment V8.5, and to topologies that contain nodes augmented with WebSphere Virtual Enterprise V6.1.1, and later versions.

Answer

The WebSphere Virtual Enterprise deployment manager can be in the demilitarized zone, if you meet specific configuration requirements:

WebSphere Application Server Network Deployment V8.5, as well as WebSphere Virtual Enterprise V6.1.1.x, and later versions, rely on the the Service Overlay Network (SON) communication layer. If the communication between processes is restricted or isolated by firewalls, the SON communication can be inadvertently blocked. Blocked SON communication can cause several issues, because SON is part of several product core features.

If you use firewalls to divide your topology, ensure that you meet the following requirements:

  1. The following ports must remain open (bi-directionally) for TCP and UDP protocols:
    OVERLAY_UDP_LISTENER_ADDRESS
    OVERLAY_TCP_LISTENER_ADDRESS
    XD_AGENT_PORT

  2. The ephemeral port range must remain open for UDP traffic between all processes. The overlay uses an ephemeral UDP port as source port when sending UDP messages. Ephemeral port ranges are defined based on your operating system, and the range can be restricted.

    For more information, go to:
    http://pic.dhe.ibm.com/infocenter/wveinfo/v7r0/topic/com.ibm.websphere.virtualenterprise.doc/reference/reference.html

    To verify whether these ports are set already, confirm that the deployment manager serverindex.xml file content is similar to:

    <specialEndpoints xmi:id="NamedEndPoint_1269363042020"
    endPointName="OVERLAY_UDP_LISTENER_ADDRESS">
    <endPoint xmi:id="EndPoint_1269363042020" host="*" port="16410"/>

    <specialEndpoints xmi:id="NamedEndPoint_1269363042021"
    endPointName="OVERLAY_TCP_LISTENER_ADDRESS">
    <endPoint xmi:id="EndPoint_1269363042021" host="*" port="16409"/>

    <specialEndpoints xmi:id="NamedEndPoint_1269363042017"
    endPointName="XDAGENT_PORT">
    <endPoint xmi:id="EndPoint_1269363042017" host="*" port="16413"/>

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Virtual Enterprise

Software version:

7.0

Operating system(s):

AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Reference #:

1613797

Modified date:

2013-10-04

Translate my page

Machine Translation

Content navigation