On-demand target portal access for internet users
A reverse proxy, in a DMZ, can be configured to provide access for Internet users to the on-demand portal that is on the IBM® BigFix® Remote Control server in the intranet. The reverse proxy must not allow access to other sections of the IBM BigFix Remote Control server, but only to the on-demand portal.
IBM BigFix Remote Control provides an integrated reverse proxy for ease of deployment and configuration. The IBM BigFix Remote Control broker component includes limited proxy functions. The integrated reverse proxy means that a broker environment can be deployed with IBM BigFix Remote Control components only. No third-party components are required. The reverse proxy supports both HTTP and HTTPS and also supports combining HTTP and HTTPS. For example, the broker URL can be configured with HTTP protocol and the server URL in the broker properties file can be configured with HTTPS. The target user enters an HTTP on-demand URL that contains the broker host name. The reverse proxy accepts this request and uses the defined HTTPS server URL to retrieve the on-demand portal page from the server. The proxy can be used to access the on-demand portal only, it cannot be configured as a general-purpose reverse proxy. It was not designed for scalability. For deployments where heavy usage is expected, you can use an off-the-shelf reverse HTTP proxy. You can also host a custom on-demand portal on your own internet website.
Reverse proxy limitations:
- The broker supports only HTTP 1.0 and 1.1. HTTP requests with other versions result in HTTP 505 Version not supported.
- The broker supports only TLS 1.0.
- The reverse proxy cannot be used as a general-purpose reverse proxy server.
- The reverse proxy cannot be used to publish other parts of the IBM BigFix Remote Control server to the Internet. For example, the reverse proxy cannot be configured to allow targets to register or users to log in.