Sun Microsystems 2005Q1 Basic SRA Configuration

Designing SRA Deployment Scenarios

112 Portal Server 6 2005Q1 •Deployment Planning Guide

Basic SRA Configuration

Figure 5-10 shows the most simple configuration possible for SRA. The figure

shows a client browser running NetFile and Netlet. The Gateway is installed on a

separate machine in the DMZ between two firewalls. The Portal Server is located

on a machine beyond the second firewall in the intranet. The other application

hosts that the client accesses are also located beyond the second firewall in the

intranet.

The Gateway is in the DMZ with the external port open in the firewall through

which the client browser communicates with the Gateway. In the second firewall,

for HTTP or HTTPS traffic, the Gateway can communicate directly with internal

hosts. If security policies do not permit it, use SRA proxies between the Gateway

and the internal hosts. For Netlet traffic, the connection is direct from the Gateway

to the destination host.

Without a SRA proxy, the SSL traffic is limited to the Gateway and the traffic is

unencrypted from the Gateway to the internal host (unless the internal host is

running in HTTPS mode). Any internal host to which the Gateway has to initiate a

Netlet connection should be directly accessible from DMZ. This can be a potential

security problem and hence this configuration is recommended only for the

simplest of installations.

Figure 5-10 Basic SRA Configuration

Gateway

Client

Portal

Server

Host

NetFile

Netlet

Netlet traffic

HTTP traffic

Proxylet

Contents

Main Page Contents Page Page Page Page Page List of Figures Page List of Tables Page Preface Before You Read This Book Who Should Read This Book How This Book Is Organized Conventions Used in This Book Typographic Conventions Related Documentation Books in This Documentation Set Other Portal Server Documentation Other Server Documentation Accessing Sun Resources Online Contacting Sun Technical Support Related Third-Party Web Site References Sun Welcomes Your Comments Page Chapter 1 Portal Server Architecture What is a Portal? Types of Portals Collaborative Portals Business Intelligence Portals Portal Server Capabilities Sun Java System Portal Server Secure Remote Access Portal Sever in Open Mode Portal Server in Secure Mode Portal Server Applications Security, Encryption, and Authentication Portal Server Deployment Components Portal Server Architecture Identity Management Portal Server Software Deployment Software Packaging Software Categories Compatibility With Java Software A Typical Portal Server Installation Page Page Page Chapter 2 Portal Server Secure Remote Access Architecture SRA Gateway Multiple Gateway Instances Multiple Portal Server Instances Proxy Configuration Gateway and HTTP Basic Authentication Gateway and SSL Support Gateway Access Control Gateway Logging Using Accelerators with the Gateway Netlet Static and Dynamic Port Applications Page Netlet and Application Integration Split Tunneling Netlet Proxy NetFile Components Initialization Validating Credentials Access Control Security Special Operations NetFile and Multithreading Rewriter Rewriter Proxy Proxylet Page Chapter 3 Identifying and Evaluating Your Business and Technical Requirements Business Objectives Page Technical Goals Mapping Portal Server Features to Your Business Needs Identity Management Table 3 -1 Identity Management Features and Benefits (Continued) SRA Table 3 -2 SRA Features and Benefits Search Engine Table 3 -3 Search Features and Benefits Personalization Aggregation and Integration Table 3 -4 Personalization Features and Benefits Table 3 -3 Search Features and Benefits (Continued) Table 3-5 shows the aggregation and integration features and their benefits. Understanding User Behaviors and Patterns Table 3 -5 Aggregation Features and Benefits Page Chapter 4 Pre-Deployment Considerations Determine Your Tuning Goals Portal Sizing Tips Establish Performance Methodology Portal Sizing Establish Baseline Sizing Figures Peak Numbers Average Time Between Page Requests Concurrent Users Average Session Time Search Engine Factors Portal Desktop Configuration Hardware and Applications Back-End Servers Transaction Time Workload Conditions Customize the Baseline Sizing Figures LDAP Transaction Numbers Application Server Requirements Validate Baseline Sizing Figures Refine Baseline Sizing Figures Validate Your Final Figures SRA Sizing Identifying Gateway Key Performance Requirements Session Characteristics Netlet Usage Characteristics Advanced Gateway Settings Page Configuration Scalability Secure Portal Pilot Measured Numbers SRA Gateway and SSL Hardware Accelerators SRA and Sun Enterprise Midframe Line Page Chapter 5 Creating Your Portal Design Portal Design Approach Overview of High-Level Portal Design Overview of Low-Level Portal Design Logical Portal Architecture Page Portal Server and Scalability Vertical Scaling Horizontal Scaling Portal Server and High Availability System Availability Degrees of High Availability Achieving High Availability for Portal Server Portal Server System Communication Links Page Page Working with Portal Server Building Modules Building Modules and High Availability Scenarios Page Best Effort No Single Point of Failure Page Page Transparent Failover Building Module Constraints Deploying Your Building Module Solution Deployment Guidelines Directory Server Requirements Search Engine Structure Designing Portal Use Case Scenarios Elements of Portal Use Cases Example Use Case: Authenticate Portal User Table 5-2 describes a use case for a portal user to authenticate with the portal. Table 5 -2 Use Case: Authenticate Portal User Designing Portal Security Strategies Securing the Operating Environment Using Platform Security UNIX User Installation Limiting Access Control Using a Demilitarized Zone (DMZ) Portal Server and Access Manager on Different Nodes Page Page Page Page Page Designing SRA Deployment Scenarios Basic SRA Configuration Disable Netlet NetFile Proxylet Multiple Gateway Instances Netlet and Rewriter Proxies NetFile Rewriter Proxy Rewriter Proxy Netlet and Rewriter Proxies on Separate Nodes Using Two Gateways and Netlet Proxy Client NetFile Netlet Using an Accelerator Netlet with 3rd Party Proxy Application Web Server Application Reverse Proxy DMZ Designing for Localization Content and Design Implementation Placement of Static Portal Content Integration Design Creating a Custom Access Manager Service Integrating Applications Independent Software Vendors Integrating Microsoft Exchange Identity and Directory Structure Design Implementing Single Sign-On Portal Desktop Design Choosing and Implementing the Correct Aggregration Strategy Working with Providers Page Client Support Page Chapter 6 The Production Environment Moving to a Production Environment Monitoring and Tuning Documenting the Portal Monitoring Portal Server Memory Consumption and Garbage Collection CPU Utilization Access Manager Cache and Sessions Thread Usage Portal Usage Information Appendix A Installed Product Layout Directories Installed for Portal Server Directories Installed for SRA Configuration Files Page Appendix B Analysis Tools mpstat Output Page iostat Output netstat netstat -I hme0 10 netstat -sP tcp Output Considerations: Consider the following: Tuning Parameters for /etc/system Page Page Appendix C Portal Server and Application Servers Introduction to Application Server Support in Portal Server Portal Server on an Application Server Cluster Overview of Application Server Enterprise Edition Overview of BEA WebLogic Server Clusters Page Overview of IBM WebSphere Application Server Page Appendix D Troubleshooting Your Portal Deployment Troubleshooting Portal Server UNIX Processes Log Files Recovering the Search Database Working with the Display Profile High CPU Utilization for Portal Server Instance Configuring a Sun Java System Portal Server Instance to Use an HTTP Proxy Troubleshooting SRA Debugging the Gateway Introduction to shooter Using shooter shooter.sh gctool.pl memfoot.sh SRA Log Files Page Appendix E Portal Deployment Worksheets Portal Assessment Worksheets Table E -2 Organizational Questions Table E -1 General Questions Table E -3 Business Service-level Expectations Questions Table E -4 Content Management Questions Table E -5 User Management and Security Questions Table E -6 Business Intelligence Questions Table E -7 Architecture Questions Portal Design Task List 2. Design Table E -8 Design Task List (2 of 7) 3. Develop and Integrate Java System Table E -8 Design Task List (3 of 7) Sun Java System Portal Server, Sun Java System Table E -8 Design Task List (4 of 7) Table E -8 Design Task List (5 of 7) 4. Deployment Production Table E -8 Design Task List (6 of 7) Table E -8 Design Task List (7 of 7) Page Appendix F Portal Server on the Linux Platform Limitations Using Linux Comparison of Solaris and Linux Path Names Page Page Page Index SYMBOLS A B C D E F G H I J L M N O P Q R S T U V