We help IT Professionals succeed at work.

TMG to IBM Security Access manager for Web reverse proxy migration

Hi I’m hoping someone can help me with the below.

We are currently running IBM Security Access manager for Web 8.0.1.0 as a reverse proxy which is supposed to be a replacement for our Microsoft TMG proxy. We have never used this product before so apologies if this is a very basic question.

Currently we have multiple “short” domains URL which we use for our mobile users. The short URL are then redirected by the current TMG proxy to the real log URL e.g. my.xyz.com redirects to my.longdomainname.com/xyz/portal

On TMG we achieved this by creating a deny rule and it redirected the shot URL to the long URL, can someone let me know how to achieve this through ISAM?

Thanks
Comment
Watch Question

Top Expert 2015

Commented:
Popular name for facility you look for is called Permalink.
Kevin TurnbullIT Manager

Author

Commented:
Hi Gheist

Thanks for your response but how would you implement this in  IBM Security Access manager for Web (ISAM)?

thanks
bbaoIT Consultant

Commented:
a bit interested in why TMG is to be replaced by a ISAM?
Top Expert 2015

Commented:
You can implement permalinks (aka redirects) on websphere (or more accurately in webapp)
Kevin TurnbullIT Manager

Author

Commented:
thanks for your reply's

@bbao
Microsoft has discontinued TMG and as we were only using it as a reverse proxy we decided to go for ISAM

@Gheist
an I correct in thinking you would do this through the HTTP Transformation Rules?
Top Expert 2015

Commented:
via servlet-mapping in web.xml
btanExec Consultant
Distinguished Expert 2019

Commented:
indeed using transformation
The HTTP requests and responses received by WebSEAL are expressed as XML objects and can be manipulated using XSL transformations.

You can use XSLT rules to represent the changes that you want to apply to the HTTP requests and responses as they pass through WebSEAL. WebSEAL uses the following two inputs for the HTTP transformations:

An XML representation of the HTTP request or HTTP response.
An XSLT that determines how the request or response is modified.
The output from the transformation is an XML document that outlines the changes required to the HTTP request or HTTP response.
http://www-01.ibm.com/support/knowledgecenter/SSPREK_7.0.0/com.ibm.isam.doc_70/ameb_appl_guide/concept/con_http_transform_rules.html?lang=en

Do check out the scenario examples too
http://www-01.ibm.com/support/knowledgecenter/SSPREK_7.0.0/com.ibm.isam.doc_70/ameb_appl_guide/concept/con_http_trans_scen.html?lang=en-us

For more details, see "HTTP transformations" in "Web Reverse Proxy Configuration" for ISAM for web (ver Version 8.0.0.4) http://www-01.ibm.com/support/docview.wss?uid=swg27042988&aid=4
Kevin TurnbullIT Manager

Author

Commented:
thanks Btan, will look into this and get back to you
bbaoIT Consultant

Commented:
> Microsoft has discontinued TMG and as we were only using it as a reverse proxy we decided to go for ISAM

in my understanding to your scenario, i reckon a discontinued product does not mean its life cycle has to be ended from production especially its purpose is limited to a single or few roles. just a personal opinion.
btanExec Consultant
Distinguished Expert 2019

Commented:
Do see likewise as well - in fact ref to TMG EOL,
Microsoft announced the Forefront TMG 2010 product will be discontinued. Microsoft will continue to provide mainstream support for TMG until April 14, 2015, and extended support until April 14, 2020. The Forefront TMG 2010 Web Protection Services (WPS) will be discontinued on December 31, 2015. Beginning on January 1, 2016, Web Protection Service (URL filtering) will cease to function and the Microsoft Reputation Service (MRS) will be shutdown permanently. Virus and malicious software scanning and the Network Inspection System (NIS) will continue to operate but will no longer receive updates.
It is still good to plan early if the backend is undergoing some timely tech refresh but if does not break existing business, then go into more time to plan out and even co-existence for period to eventually tide over to new systems if there is...otherwise some may just continue as-is since it ain't broken btu the security gaps if any can have some repercussion ... down the business road. MS proposed the next taker but it may not be a 1 to 1 mapping for UAG to TMG though
Looking ahead, Forefront Unified Access Gateway (UAG) 2010 and Forefront Identify Manager (FIM) 2010 R2 both have current roadmaps and will continue to be developed, although it is likely that they will not continue under the Forefront brand name.
http://tmgblog.richardhicks.com/2012/09/12/forefront-tmg-2010-end-of-life-statement/
Kevin TurnbullIT Manager

Author

Commented:
Hi Btan

would you have an example of the syntax I should be using as I cant seem to get it working

thanks
Exec Consultant
Distinguished Expert 2019
Commented:
May have to see if this "Scenario 5: Providing a response to a known HTTP request" can be reuse in your context. http://www-01.ibm.com/support/knowledgecenter/SSPREK_7.0.0/com.ibm.isam.doc_70/ameb_appl_guide/concept/con_http_trans_scenario5.html?lang=en

See also the "Replacing the HTTP response" as to how to manage WebSEAL upon it receiving an HTTPResponseChange document with action="replace" as a result of an HTTP Request or Response modification.
http://www-01.ibm.com/support/knowledgecenter/SSPREK_7.0.0/com.ibm.isam.doc_70/ameb_appl_guide/concept/con_http_trans_replace_rsp.html?lang=en