IBM WebSphere Application Server Base Edition

Windows Azure Installation and Support guide

This guide will provide step by step instructions how to start using the installed products on your Azure instance.

1. Launching an instance

In order to launch IBM WebSphere Application Server (referred as WAS), a few settings need to be configured on the Azure console as follows:
  1. Open new Azure Virtual Machine wizard;
  2. Select the IBM WAS Azure image based on your requirements from gallery;
  3. Choose VM name, size, Authentication user and credentials. The Standard A2/medium type or larger is recommended when running IBM WebSphere Application Server Base with a Deployment Manager and Node Agent profile on the same instance . Basic A2 is the minimal requirement, which will be sufficient to run only one Node Agent or Deployment Manager profile. Larger instances may be required based on the number of IBM WebSphere application servers, clusters etc required and the expected resource use of each;
  4. Define cloud service DNS name, Regions and open endpoint ports.
Port 22 to connect via SSH (enabled by default), 

Port 9060 to reach the IBM WAS administration Web Application (Integrated Solutions Console), 
Port 9061 to reach the IBM WAS AdminAgent Console
Port 9090 to reach RapidDeploy web console, 
Port 9080 to reach the DefaultApplication (Snoop Servlet)
Port 20000 and 20100 to open for RapidDeploy Remote Agent (optional)

2. Getting started with RapidDeploy and IBM WebSphere using the setup wizard (

2.1 Initial configuration

The IBM WebSphere Application Server Network Deployment Edition products are shipped with a base binary installation, without having any profiles created. On the first login to the instance, you will be placed into a console wizard, which will guide you through the process of creating IBM WebSphere Network Deployment profile(s). The following is an overview of the steps you will be guided through to create the required profiles on the instance:
  1. Log onto the instance via SSH with your Azure user and credentials.
  2. Once the admin user is logged in, please log in as the  ‘midvision’ user via the command 'sudo su - midvision'.
  3. You are placed in a setup wizard.
  4. Choose whether to start IBM WAS profiles
  5. Set initial password for RapidDeploy user "mvadmin"
  6. Choose which ports to open on Red Hat Linux firewall.
All inputs asking for specific data can be left as blank just by hitting [return], which will pick the default value displayed at the end of the question. Once the product is started and configured, you can reach it by default on http://[publicip]:9060/ibm/console and log in unauthorized. Note that the IBM WAS Base profiles are bound to localhost ip address in order to work reliably with the changing hostnames.

2.1.1 Changing RapidDeploy initial password

For security reasons, you will need to change the default password (default value is 'mvadmin') for user mvadmin. This will be requested the first time only when you log in to the instance.

2.1.2 Opening firewall ports

You can open the necessary ports quickly using the setup wizard. Port 9090 will be automatically opened for RapidDeploy web console, also the IBM WebSphere web console port will be opened if Deployment manager profile is created through the wizard. Further ports on the Red Hat Linux firewall can be opened by typing port numbers. There is an option to open all ports used by IBM WebSphere services, by entering 'process' input. Alternatively, you can choose to open all ports on the instance by entering 'all' input. If you are creating a distributed cell over multiple nodes, we strongly recommend you don’t try to estimate which ports should be opened, but select the ‘process’ option, which will open all the required ports to ensure node agent synchronisation will work correctly. Port opening options:
  • <port number> - Open this port. Multiple ports can be entered, separated by pressing the ‘[return]’ key.
  •  ‘process’           - Open all WebSphere ports for all WebSphere processes detected on the instance. 
  • all’                    - Open all ports on the instance (effectively remove the firewall). 
  • exit’                  - Exit the port opening script.

2.2 WebSphere

2.2.1 Admin Console

The WebSphere Application Server Base Edition products are shipped with the default profiles created, can be used out of the box. Once the product is started, you can reach it on http://[publicip]:9060/ibm/console and log in unauthorized. Please refer to IBM documentation for WebSphere Application Server configuration. The AdminAgent can be accessed on http://[publicip]:9061/ibm/console

2.2.2 DefaultApplication Snoop Servlet

The DefaultApplication Snoop servlet is shipped by default and can be accessed on http://[publicip]:9080/snoop

2.3 RapidDeploy

RapidDeploy server and agent will start up automatically when you start your instance. You can access the web console on http://[publicip]:9090/MidVision Note: make sure you have port 9090 open in your Security group when trying to access RapidDeploy web console. For the first time, you can set the password for the default username "mvadmin". You can prevent auto starting RapidDeploy on instance startup by removing it from the system chkconfig list. 
[midvision@ ] sudo chkconfig --del rapiddeploy

3. Accessing the instance via SSH, files, scripts, technical info

3.1 Logging into the instance

Once the instance has started up (you can see it by having "Running" status in Azure console), you can connect to the instance via any SSH client. You can log in to your instance with provisioned Azure username  and the credentials which can be based on password or certificate file.

3.2 Users

  • azureuser: This is the provisioned Azure user. The username can vary due to can be customised. It is permitted to use all SUDO rights. To switch to the midvision user, type "sudo su - midvision".
  • midvision: This is the midvision user, You can log in as any other user without using passwords. E.g: "su wasadmin". To switch to the root user, type "sudo su". If you want to switch back to root user, type "exit", this will take you back to the previous user session.
  • root: This is the superuser in linux systems. You can log in as any other user without using passwords. E.g: "su -azureuser", "su wasadmin", "su midvisionIf you want to switch back to root user, type "exit", this will take you back to the previous user session.
  • wasadmin:  This user does not have SUDO rights. If you want to switch back to root user, type "exit", this will take you back to the previous user session.
  • mbadmin:   This user does not have SUDO rights. If you want to switch back to root user, type "exit", this will take you back to the previous user session.

3.3 Provided post-install scripts

Scripts are provided in the midvision home directory, as detailed in the following sections:

3.3.1 Opening CentOS Linux firewall with the script

CentOS instances are shipped with a firewall by default to protect your machine. For security reasons, the instance is only accessible via SSH (port 22) at first, so further ports can be opened on the firewall as needed. You will need to open all the ports in this internal firewall, which you have open in your Security group. There is a script placed in the user home of midvision (/home/midvision), which is also the starting location when logged in. You will need to be the root user to run this script. Example usage:
[midvision@ ] sudo ./ 9090 
Open firewall port 9090 iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

3.3.2 Open IBM WebSphere ports with the script

This script is run as part of the first run setup to open DeploymentManager and Node Agent ports if the ‘process’ option is specified. This script should be run if the firewall is active and you create any new IBM WebSphere application servers, clusters, node agents etc that need to be accessed from outside the instance. The script will find and open any necessary firewall ports to ensure the WebSphere JVM’s can be accessed from outside the instance. Run the script on all instances hosting the new application servers or clusters.

3.4 Starting and stopping RapidDeploy manually

To restart RapidDeploy manually from the filesystem, use the rapiddeploy linux service. The RapidDeploy version is 3.4.9. RapidDeploy home is located at /var/rd/midvision Example usage:
  [midvision@ ] sudo service rapiddeploy start [midvision@ ] sudo service rapiddeploy stop 
The RapidDeploy server uses an in-memory database, so your RapidDeploy framework needs to be shut down properly to save your work. This happens when the instance is stopping or when calling the stop service manually from the command line. Note that on instance restart, unsaved data will be lost.

3.5 Files used for DevTestCloud services

There are a few scripts and other files in midvision and root users home directory, which will need to remain unchanged in order to keep the provided scripts working. Files are placed under /root/WAS_install are required to create the IBM WebSphere profiles. There are a set of scripts in midvision home directory. Those scripts are executed when logging into the instance controlled by .bash_profile, but you can also execute them manually whenever they are needed. There are some hidden files used as well,

.firstrun indicates that the setup wizard has already ran once,

.dontask indicates that the user will not be prompted again for running the setuphost script (if chosen not to ask again),

.host file is needed to determine the previously bound hostname to WebSphere service.

4.0 Troubleshooting

4.1 Session loss during setup

If you lose your SSH connection to the target instance during the first run setup script execution (e.g. as a result of a network problem), we advise you to delete and recreate the Azure instance and run the script again.

4.2 Profile startup exceptions

If the profile fails to start with the ${PROFILE_HOME}/bin/, or the ${USER_HOME}/ commands, check that you are running as the root user, either by being in a root shell, or by prepending ‘sudo’ to the start command.

4.3 Cannot access the IBM WebSphere admin console (ISC)

Check that  the deployment manager is running, and you have correctly opened all the required ports on the firewall, and that your instance was created using a security group definition that allows TCP access to the instance on the required ports.

4.4 Contacting MidVision support

Please visit our website at