TMG to IBM Security Access manager for Web reverse proxy migration

Hi I’m hoping someone can help me with the below.

We are currently running IBM Security Access manager for Web 8.0.1.0 as a reverse proxy which is supposed to be a replacement for our Microsoft TMG proxy. We have never used this product before so apologies if this is a very basic question.

Currently we have multiple “short” domains URL which we use for our mobile users. The short URL are then redirected by the current TMG proxy to the real log URL e.g. my.xyz.com redirects to my.longdomainname.com/xyz/portal

On TMG we achieved this by creating a deny rule and it redirected the shot URL to the long URL, can someone let me know how to achieve this through ISAM?

Thanks
Kevin TurnbullIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
Popular name for facility you look for is called Permalink.
0
Kevin TurnbullIT ManagerAuthor Commented:
Hi Gheist

Thanks for your response but how would you implement this in  IBM Security Access manager for Web (ISAM)?

thanks
0
bbaoIT ConsultantCommented:
a bit interested in why TMG is to be replaced by a ISAM?
0
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

gheistCommented:
You can implement permalinks (aka redirects) on websphere (or more accurately in webapp)
0
Kevin TurnbullIT ManagerAuthor Commented:
thanks for your reply's

@bbao
Microsoft has discontinued TMG and as we were only using it as a reverse proxy we decided to go for ISAM

@Gheist
an I correct in thinking you would do this through the HTTP Transformation Rules?
0
gheistCommented:
via servlet-mapping in web.xml
0
btanExec ConsultantCommented:
indeed using transformation
The HTTP requests and responses received by WebSEAL are expressed as XML objects and can be manipulated using XSL transformations.

You can use XSLT rules to represent the changes that you want to apply to the HTTP requests and responses as they pass through WebSEAL. WebSEAL uses the following two inputs for the HTTP transformations:

An XML representation of the HTTP request or HTTP response.
An XSLT that determines how the request or response is modified.
The output from the transformation is an XML document that outlines the changes required to the HTTP request or HTTP response.
http://www-01.ibm.com/support/knowledgecenter/SSPREK_7.0.0/com.ibm.isam.doc_70/ameb_appl_guide/concept/con_http_transform_rules.html?lang=en

Do check out the scenario examples too
http://www-01.ibm.com/support/knowledgecenter/SSPREK_7.0.0/com.ibm.isam.doc_70/ameb_appl_guide/concept/con_http_trans_scen.html?lang=en-us

For more details, see "HTTP transformations" in "Web Reverse Proxy Configuration" for ISAM for web (ver Version 8.0.0.4) http://www-01.ibm.com/support/docview.wss?uid=swg27042988&aid=4
0
Kevin TurnbullIT ManagerAuthor Commented:
thanks Btan, will look into this and get back to you
0
bbaoIT ConsultantCommented:
> Microsoft has discontinued TMG and as we were only using it as a reverse proxy we decided to go for ISAM

in my understanding to your scenario, i reckon a discontinued product does not mean its life cycle has to be ended from production especially its purpose is limited to a single or few roles. just a personal opinion.
0
btanExec ConsultantCommented:
Do see likewise as well - in fact ref to TMG EOL,
Microsoft announced the Forefront TMG 2010 product will be discontinued. Microsoft will continue to provide mainstream support for TMG until April 14, 2015, and extended support until April 14, 2020. The Forefront TMG 2010 Web Protection Services (WPS) will be discontinued on December 31, 2015. Beginning on January 1, 2016, Web Protection Service (URL filtering) will cease to function and the Microsoft Reputation Service (MRS) will be shutdown permanently. Virus and malicious software scanning and the Network Inspection System (NIS) will continue to operate but will no longer receive updates.
It is still good to plan early if the backend is undergoing some timely tech refresh but if does not break existing business, then go into more time to plan out and even co-existence for period to eventually tide over to new systems if there is...otherwise some may just continue as-is since it ain't broken btu the security gaps if any can have some repercussion ... down the business road. MS proposed the next taker but it may not be a 1 to 1 mapping for UAG to TMG though
Looking ahead, Forefront Unified Access Gateway (UAG) 2010 and Forefront Identify Manager (FIM) 2010 R2 both have current roadmaps and will continue to be developed, although it is likely that they will not continue under the Forefront brand name.
http://tmgblog.richardhicks.com/2012/09/12/forefront-tmg-2010-end-of-life-statement/
0
Kevin TurnbullIT ManagerAuthor Commented:
Hi Btan

would you have an example of the syntax I should be using as I cant seem to get it working

thanks
0
btanExec ConsultantCommented:
May have to see if this "Scenario 5: Providing a response to a known HTTP request" can be reuse in your context. http://www-01.ibm.com/support/knowledgecenter/SSPREK_7.0.0/com.ibm.isam.doc_70/ameb_appl_guide/concept/con_http_trans_scenario5.html?lang=en

See also the "Replacing the HTTP response" as to how to manage WebSEAL upon it receiving an HTTPResponseChange document with action="replace" as a result of an HTTP Request or Response modification.
http://www-01.ibm.com/support/knowledgecenter/SSPREK_7.0.0/com.ibm.isam.doc_70/ameb_appl_guide/concept/con_http_trans_replace_rsp.html?lang=en
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.