162 IBM Enterprise Workload Manager
After restarting the managed server, you should be able to log into the Control Center and
check the managed servers in the Monitor section. The managed server that you changed
should be in
active state. You will need to execute this procedure at each managed server
that needs to communicate with the domain manager via a Proxy.
SOCKS and EWLM
If your installation is using a SOCKS server for firewall protection, you must also configure a
firewall broker to allow the managed servers to communicate with the domain manager
through the SOCKS server. The firewall broker does not have to run on a server that is acting
as a managed server. However, it does have to be in the same trusted zone as the managed
servers. There are several configuration parameters that must match when you create and
configure the domain manager, the managed servers, and the firewall broker. If any of the
required parameters are incorrect, the entire communication stream will fail. The firewall
broker image is installed on the managed server as part of the EWLM code in the
<installation_path>/IBM/VE/EWLMMS directory. You can then plan to use the firewall broker
on the managed server itself or distribute it on the appropriate platform.
Table 6-1 is a summary of the different configurations with a SOCKS server and how they
affect the EWLM code, followed by two detailed examples.
Table 6-1 SOCKS server configurations and EWLM set up
In the following discussion, two sample SOCKS server configurations are shown that are
mainly describing different architecture solutions for the security zones.
Figure 6-3 shows the managed servers accessing the domain manager through a SOCKS
server through a firewall broker. In this configuration, the SOCKS server is protecting the
zone where the domain manager is located.
Target installation configuration EWLM configuration
Protecting the connections from the managed
servers to the domain manager using the SOCKS
server
- Need firewall broker.
- Domain manager must be configured to identify firewall broker
using the changeDM command with -fp and -fb parameters.
- Firewall broker must be configured to use SOCKS server using
changeFB command with the -sa and -sp parameters.
Protecting the connections from the domain
manager to the managed servers using the
SOCKS server
EWLM is not affected. It always connects from the managed
servers to the domain manager - EWLM is unaware of and
unaffected by the existence of the SOCKS server.
Protecting the connections from the managed
servers to the domain manager and the
connections from the domain manager to the
managed server (that is, through a DMZ) using
the SOCKS server
- Need firewall broker.
- Firewall broker must be configured to use SOCKS server using the
changeFB command with the -sa and -sp parameters.
- Domain manager must be configured to use SOCKS server using
the changeDM command with the -sa and -sp parameters.
- The domain manager must be configured to identify firewall broker
using changeDM command with the -fp and -fb parameters.
- The domain manager -fb list must use SOCKS tag for this firewall
broker.