Its possible to configure ISAM to listen on more than one network interface, more than one IP, and more than one set of ports. The easiest way to configure this, is in the LMI under the configuration settings for an individual reverse proxy instance:
There are settings for:
- The IP to listen on. This must be an application interface as defined in the LMI.
- The HTTP Port
- The HTTPS Port
- The “Web HTTP Port” which is the port that ISAM processes the request as though it came from that port. Useful when port translation might be happening in your network.
https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.2/com.ibm.isam.doc/wrp_stza_ref/reference/ref_wb_http_port.html?view=kc - The “Web HTTP Protocol” the protocol that ISAM processes the request as though it connected on. Useful when you want to make ISAM believe it was connected to securely even though it might have come in to ISAM as HTTP. For example where you have SSL Termination at a load balancer.
https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.2/com.ibm.isam.doc/wrp_stza_ref/reference/ref_wb_http_proto.html - The certificate label to present.
- Whether you want to configure Client Certs.
- How many worker threads to dedicate.
- Secondary Port – is a capability linked to this technote:
http://www-01.ibm.com/support/docview.wss?uid=swg21983582 - Whether to always negotiate TLS, related to the setting above.
The settings are all maintained in the config file under the [interfaces] stanza.
[interfaces] interface1 = network-interface=192.168.42.138;http-port=82;https-port=446;web-http-port=1234;web-http-protocol=https;certificate-label=WebSEAL-Test-Only;accept-client-certs=never;worker-threads=300 ;secondary-port=321 ;always-neg-tls=yes
Philip Nye 