WebSphere Application Server Base Edition on Windows on AWS

Amazon EC2 Installation guide

1. Overview

This guide will provide step by step instructions on how to start using the installed products on your AWS EC2 instance.

This AMI contains a ready-to-run WebSphere Base Edition image at the selected version. In order to use this image, you need to launch it with your selected type, and log in using remote desktop to activate (start) the WebSphere servers.

Visit the WebSphere Application Server Base Edition page on the AWS Marketplace

2. Launching an instance

In order to launch IBM WebSphere Application Server (referred as WAS), a few settings need to be configured on the AWS console as follows. The instructions for launching an instance differ depending on where you launch from. Initially you will launch the instance from the AWS Marketplace.

 

  • Select the IBM WebSphere Product based on your requirements in the AWS Marketplace;
  • Click on the link to go to that versions page in AWS Marketplace;
  • Check the ‘Other Versions ‘ link to see other versions available (you can select the actual version later).
  • Under ‘Pricing Details‘ panel select your Region and either Hourly or Yearly fees.
  • Click on the ‘Continue‘, button to go to the ‘1-Click Launch‘ tab on the configuration page;
  • On the ‘Software Pricing‘ panel choose your instance type and pricing type;
  • On the ‘Version‘ panel, select the fix pack version you require;
  • On the ‘Region‘ panel, select the Region you require;
  • On the ‘EC2 Instance Type‘ panel, choose the instance type. The m3.large type or larger is recommended when running IBM WebSphere Application Server Base Edition. Larger instances may be required based on the number of IBM WebSphere application servers, clusters etc required and the expected resource use of each;
  • On the ‘VPC Settings‘ panel Configure the VPC settings to your requirements or leave the defaults;
  • On the ‘Security Group‘ panel, specify the security group. The security group needs to permit to following ports [note that the internal firewall will be configured later to permit only ports used by WebSphere]:
    Port 22 to connect via SSH (enabled by default), 
    
    Port 9061 to reach the IBM WAS Admin Console (Integrated Solutions Console), 
    Port 9060 to reach the IBM WAS AdminAgent Console
    Port 9090 to reach RapidDeploy web console, 
    Port 9080 to reach the DefaultApplication (Snoop Servlet)
    Port 20000 and 20100 to open for RapidDeploy Remote Agent (optional)
     
    • If you don’t already have a security group as above, go to your EC2 Control Panel and select ‘Security Groups‘ under ‘Network & Security
    • Click ‘Create Security Group‘ button
    • To open all ports, Click ‘Add Rule‘.
    • In the ‘Type‘ dropdown, Specify ‘All TCP‘ or your preferred configuration.
    • In the ‘Source‘ dropdown, Specify ‘Anywhere‘ or your preferred configuration.
  • On the ‘Key Pair‘ panel, select a key pair to use. You will need this key later to connect to the instance.
  • Scroll back to the top of the page and click ‘Accept Software Terms and Launch with 1-Click‘.
  • The instance will be launched.
  1. Select the IBM WAS AMI based on your requirements;
  2. Right click on the AMI, or from the drop down menu, choose the ‘Launch’ option;
  3. On the ‘Choose Instance Type‘ tab, choose the instance type. The m3.large type or larger is recommended when running IBM WebSphere Application Server Base Edition. m1.small is the minimal requirement, which will be sufficient to run the instance but the response times may be quite poor. Larger instances may be required based on the number of IBM WebSphere application servers, clusters etc required and the expected resource use of each; Click ‘Next: Configure Instance Details‘.
  4. On the ‘Configure Instance‘ tab Configure the instance to your requirements or leave the defaults. Click ‘Next: Add Storage‘.
  5. On the ‘Add Storage‘ tab, add additional storage as required or leave as default. Click ‘Next: Tag Instance‘.
  6. On the ‘Tag Instance‘ tab, Tag your instance with a suitable name. Click ‘Next: Configure Security Group'.
  7. On the ‘Configure Security Group‘ tab, specify the security group. The security group needs to permit to following ports:
    Port 22 to connect via SSH (enabled by default), 
    
    Port 9061 to reach the IBM WAS Admin Console (Integrated Solutions Console), 
    Port 9060 to reach the IBM WAS AdminAgent Console
    Port 9090 to reach RapidDeploy web console, 
    Port 9080 to reach the DefaultApplication (Snoop Servlet)
    Port 20000 and 20100 to open for RapidDeploy Remote Agent (optional)
     
    • To open all ports, Click ‘Add Rule‘.
    • In the ‘Type‘ dropdown, Specify ‘All TCP‘ or your preferred configuration.
    • In the ‘Source‘ dropdown, Specify ‘Anywhere‘ or your preferred configuration.
  8. Click ‘Review and Launch‘.
  9. Review settings, then click ‘Launch‘.
  10. Add your key pair, Check the ‘Acknowledge key file access’ checkbox and click ‘Launch Instance‘.

 3. Initial login and setup

The IBM WebSphere Application Server Base Edition products are shipped with a base binary installation and the necessary profiles created. On the first login to the instance, you will be placed into a console wizard, which will guide you through the process of starting IBM WAS Base profile(s) and other configuration steps. The following is an overview of the steps you will be guided through to get started with the installed products on the instance:

Once the instance has started up (you can see it by having ” 2/2 checks passed ” in EC2 console).

  1. Log onto the instance using a remote desktop application:
    • From the EC2 console select the instance and click on the “Connect” button,  click on the “Get Password” button, browse and select the key pair .pem file, click on the “Decrypt Password” button, and use the generated password to connect to the instance using the desired remote desktop application.
  2. Wait until a “cmd” window appears. You do not need to start a command window, it will appear once the instance is properly initialised.
  3. This window will ask you if you want to create and start WAS Base Edition server:
    C:\Windows\system32>cd C:\rd\scripts
    
    C:\rd\scripts>PowerShell -Command "Set-ExecutionPolicy Unrestricted"
    
    C:\rd\scripts>PowerShell C:\rd\scripts\initialScript.ps1
    Welcome, this is DevTestCloud Websphere Application Server image first run configuration
    Note that you can rerun this configuration wizard again by executing C:\rd\scripts\firstrunsetup.cmd script
    Configuration steps
    1. Create and Start Websphere application server
    2. Set RapidDeploy framework initial password
    Create and Start Websphere application server? [y/n]:
  4. Type ‘y‘ and hit [return]. You should see the following output. Depending on your instance type, the following output will be displayed over several minutes. Please be patient and wait at leat 30 minutes for the profiles to be created and started:
    Creating and Starting Webpshere application server...
    INSTCONFSUCCESS: Success: Profile AdminAgent now exists. Please consult C:\IBM\WebSphere\AppServer\profiles\AdminAgent\logs\AboutThisProfile.txt for more information about this profile.
    ADMU0116I: Tool information is being logged in file
    C:\IBM\WebSphere\AppServer\profiles\AdminAgent\logs\adminagent\startServer.log
    ADMU0128I: Starting tool with the AdminAgent profile
    ADMU3100I: Reading configuration for server: adminagent
    ADMU3200I: Server launched. Waiting for initialization status.
    ADMU3000I: Server adminagent open for e-business; process id is 2744
    INSTCONFSUCCESS: Success: Profile AppSrv now exists. Please consult C:\IBM\WebSphere\AppServer\profiles\AppSrv\logs\AboutThisProfile.txt for more information about this profile.
    ADMU0116I: Tool information is being logged in file
    C:\IBM\WebSphere\AppServer\profiles\AppSrv\logs\AppServer\startServer.log
    ADMU0128I: Starting tool with the AppSrv profile
    ADMU3100I: Reading configuration for server: AppServer
    ADMU3200I: Server launched. Waiting for initialization status.
    ADMU3000I: Server AppServer open for e-business; process id is 3272
  5. Set the initial password for the RapidDeploy user “mvadmin“. Hit [return] to accept the default of instance ID:
    Configuring password for RapidDeploy default user 'mvadmin'
    Set password for user 'mvadmin'. Submit blank for default value of the instance id: i-06a9000c764988fdb
  6. The correct URLs to access the WebSphere and the RapidDeploy servers are displayed:
    Configuration finished, you may now start using Websphere and RapidDeploy services. You can use WebSphere and RapidDeploy web user interface on:
    WebSphere: ec2-54-221-87-90.compute-1.amazonaws.com:9061/ibm/console
    RapidDeploy: ec2-54-221-87-90.compute-1.amazonaws.com:9090/MidVision
  7. You can log in to the WebSphere console as “wasadmin” using your ‘[instance-id]‘ as password.

IMPORTANT!

Remember you need to have the necessary rules in the Windows firewall to access the WAS Base Edition admin agent and application server ports. In order to do this:

1. Open the tool “Windows Firewall with Advanced Security” in Windows

2. Select “Inbound rules

3. Click on “New Rule...

4. Select “Port” and click “Next

5. Select “TCP” and set the “Specific local ports” to the necessary specific port values, by default it should be something like “9060,9061,9044,9043,9090,9080“, and click “Next

6. You can leave the rest of the values by default on the following windows and assign a memorable name to the rule

4. Accessing the web consoles

4.1 Access the default snoop servlet

Confirm installation. The DefaultApplication Snoop servlet is shipped by default and can be accessed on:
http://[publicip]:9080/snoop

4.2 Access the IBM WebSphere Application Server Admin Console

You should now be able to access the WebSphere admin console at the URL specified below:
http://[publicip]:9061/ibm/console

which will redirect to the secure connection:

https://[publicip]:9044/ibm/console/login.do?action=secure
You can log in to WebSphere console as “wasadmin” using your ‘[instance-id]‘ as password.
 
The admin agent can be accessed on:
http://[publicip]:9060/ibm/console

which will redirect to the secure connection:

https://[publicip]:9043/ibm/console/

You can log in to the admin agent console as “wasadmin” using your ‘[instance-id]‘ as password.

Note that the IBM WAS Base profiles are bounded to the localhost IP address in order to work reliably with the changing hostnames as the instance is restarted. You should not need to change this. However, in case you want to change the bound IP address, there is a script provided in “C:\rd\scripts” to change the configuration by replacing the configured hostnames with the new ip address. The script is called setuphost.ps1. Please refer to IBM documentation for WebSphere Application Server configuration.

4.3 Access the RapidDeploy Web Console

RapidDeploy server and agent will start up automatically when you start your instance. You can access the web console on:

http://[publicip]:9090/MidVision

Note: make sure you have port 9090 open in your Security group when trying to access RapidDeploy web console. You can log in with the administrative user ” mvadmin ” using your ‘[instance-id]‘ as password.

5. Maintaining the installation

The following sections cover some of the activities you might want to perform after the instance has been started.

The IBM WebSphere Application Server Base Admin Console is initially configured so that you can log in to WebSphere console as “wasadmin” using your ‘[instance-id]‘ as password.

You can further configure WebSphere security in the normal way according to your requirements. However you should pay attention to some AWS specifics covered on this page.

Two scripts are provided in the “C:\rd\scripts” folder to start and stop the WAS Base Edition servers. These are named startWas.ps1and stopWas.ps1.

PowerShell C:\rd\scripts\startWAS.ps1
PowerShell C:\rd\scripts\stopWAS.ps1

You will be prompted for the WebSphere username/password you user earlier (Default: wasadmin/[instance-id]) in the pop-up box or (if you cancel out of this box) on the command line.

You can use the WebSphere Base install in three host configurations:

  • Leave as the default ‘localhost
  • Assign to an elastic IP address. You will need to run setuphost.ps1 once to change the address from ‘localhost‘ to the elastic IP address
  • Use dynamically assigned hostname. You will need to run setuphost.ps1 on each restart of the instance

The setuphost.ps1 script provided in “C:\rd\scripts” folder will search and replace for the old host name (localhost) occurrences in all the necessary WAS the configuration files. We recommend leaving ‘localhost‘ default setting or using an elastic IP address to avoid having to run setuphost.ps1 on each restart.

C:\rd\scripts\setuphost.ps1

For security reasons, you will need to change the default password (default value is ‘[instance-id]‘) for user mvadmin. You can change this password at any time by clicking the ‘mvadmin’ drop down in the top right hand corner and clicking ‘Change Password’.

6. Troubleshooting

6.1 Session loss during setup

If you lose the connection to the target instance during the first run setup script execution (e.g. as a result of a network problem), we advise you to delete and recreate the EC2 instance and run the script again.

6.2 Cannot access the IBM WebSphere admin console (ISC)

Check that  the default server is running, and you have correctly opened all the required ports on the firewall, and that your instance was created using a security group definition that allows TCP access to the instance on the required ports.

6.3 Contacting MidVision support

Please visit our support website.