Secure Remote Access | Sun Microsystems 2005Q1 manual

Secure Remote Access

Each enterprise assesses its own needs and plans its own deployment of Java Enterprise System technology. The optimal deployment for each enterprise depends on the type of applications that Java Enterprise System technology supports, the number of users, the kind of hardware that is available, and other considerations of this type.

Portal Server is able to work with previously installed software components. In this case, Portal Server uses the installed software when the software is an appropriate version.

Secure Remote Access

Sun Java System Portal Server Secure Remote Access (SRA) offers browser-based secure access to portal content and services from any remote browser enabled with Java technology.

SRA is accessible to users from any Java technology-enabled browser, eliminating the need for client software. Integration with Portal Server software ensures that users receive secure encrypted access to the content and services that users have permission to access.

SRA is targeted toward enterprises deploying highly secure remote access portals. These portals emphasize security, protection, and privacy of intranet resources. The SRA services–Access List, the Gateway, NetFile, Netlet, and Proxylet– enable users to securely access intranet resources through the Internet without exposing these resources to the Internet.

Portal Server runs in open mode and secure mode, that is, either without SRA or with SRA.

Portal Sever in Open Mode

In open mode, Portal Server is installed without SRA. The typical public portal runs without secure access using only the HTTP protocol. Although you can configure Portal Server to use the HTTPS protocol in open mode (either during or after installation), secure remote access is not possible. This means that users cannot access remote file systems and applications.

The main difference between an open portal and a secure portal is that the services presented by the open portal typically reside within the demilitarized zone (DMZ) and not within the secured intranet.

Chapter 1 Portal Server Architecture 25

Image 25

Sun Microsystems 2005Q1 manual Secure Remote Access, Portal Sever in Open Mode

Contents

2005Q1 Portal Server Deployment Planning GuidePage Contents Portal Server Secure Remote Access Architecture Creating Your Portal Design Portal Server 6 2005Q1 Deployment Planning Guide Appendix E Portal Deployment Worksheets 167 Portal Server 6 2005Q1 Deployment Planning Guide List of Figures Portal Server 6 2005Q1 Deployment Planning Guide List of Tables Portal Server 6 2005Q1 Deployment Planning Guide Before You Read This Book Who Should Read This Book Preface Chapter How This Book Is Organized Typographic Conventions Conventions Used in This BookTypographical Conventions Books in This Documentation Set Related Documentation Other Server Documentation Other Portal Server Documentation Accessing Sun Resources Online Sun Welcomes Your Comments Page Portal Server Architecture What is a Portal? Collaborative Portals Types of Portals Business Intelligence Portals Portal Server Capabilities Sun Java System Portal Server Portal Sever in Open Mode Secure Remote Access 1Portal Server in Open Mode Portal Server in Secure Mode Firewall Gateway Internet Portal Server Deployment Components Security, Encryption, and Authentication Portal Server Architecture Identity Management Software Packaging Portal Server Software DeploymentSoftware Categories Compatibility With Java Software Typical Portal Server Installation DMZ 4SRA Deployment Page SRA Gateway Portal Server Secure Remote Access Architecture Multiple Portal Server Instances Multiple Gateway Instances Gateway and Http Basic Authentication Proxy ConfigurationGateway and SSL Support Gateway Access Control Netlet Using Accelerators with the GatewayGateway Logging Static and Dynamic Port Applications Netlet Split Tunneling Netlet and Application Integration NetFile Netlet ProxyComponents Validating Credentials Initialization Security Access ControlSpecial Operations NetFile and Multithreading Rewriter Rewriter Proxy Proxylet Proxylet Portal Server 6 2005Q1 Deployment Planning Guide Business Objectives Business Objectives Technical Goals 1Identity Management Features and Benefits Mapping Portal Server Features to Your Business NeedsIdentity Management SSO SRA 2SRA Features and Benefits Search Engine 3Search Features and Benefits 4Personalization Features and Benefits Search Features and BenefitsPersonalization Aggregation and Integration Understanding User Behaviors and Patterns 5Aggregation Features and Benefits Understanding User Behaviors and Patterns Pre-Deployment Considerations Determine Your Tuning Goals Establish Performance Methodology Portal Sizing Tips See Portal Sizing on Portal Sizing Peak Numbers Establish Baseline Sizing Figures Concurrent Users Average Time Between Page Requests Search Engine Factors Average Session Time TIP Portal Desktop Configuration Back-End Servers Hardware and ApplicationsTransaction Time Workload Conditions Customize the Baseline Sizing Figures Ldap Transaction Numbers Validate Baseline Sizing FiguresApplication Server Requirements Refine Baseline Sizing Figures Validate Your Final Figures SRA Sizing Identifying Gateway Key Performance Requirements Session Characteristics Netlet Usage Characteristics Configuration Advanced Gateway Settings Scalability SRA Gateway and SSL Hardware AcceleratorsSecure Portal Pilot Measured Numbers SRA and Sun Enterprise Midframe Line SRA Sizing Portal Server 6 2005Q1 Deployment Planning Guide Portal Design Approach Creating Your Portal Design Overview of High-Level Portal Design Logical Portal Architecture Overview of Low-Level Portal Design Portal Design Approach Vertical Scaling Portal Server and ScalabilityHorizontal Scaling Portal Server and High Availability Degrees of High Availability System AvailabilityAchieving High Availability for Portal Server Portal Server System Communication Links HTTPs Portal Server System Communication Links 2Portal Server Building Module Architecture Working with Portal Server Building Modules Best Effort Building Modules and High Availability Scenarios Portal Server High Availability Scenarios 3Best Effort Scenario Best Effort No Single Point of Failure Example No Single Point of Failure Working with Portal Server Building Modules Working with Portal Server Building Modules 5Transparent Failover Example Scenario Transparent Failover Building Module Constraints Deploying Your Building Module SolutionDeployment Guidelines Search Engine Structure Directory Server Requirements Designing Portal Use Case Scenarios Elements of Portal Use Cases Use Case Authenticate Portal User Example Use Case Authenticate Portal User Securing the Operating Environment Designing Portal Security Strategies Unix User Installation Using Platform Security Limiting Access Control Using a Demilitarized Zone DMZ Portal Server and Access Manager on Different Nodes SDK 7Two Portal Servers and One Access Manager 8One Portal Server and Two Access Managers 9Two Portal Servers and Two Access Managers Restart amserver services Designing SRA Deployment Scenarios 10Basic SRA Configuration Basic SRA Configuration 11Disable Netlet Disable Netlet 12 Proxylet Proxylet NetFile Gateway Netlet and Rewriter Proxies NetFile Proxies on Separate Nodes Netlet and Rewriter Proxies on Separate Nodes 16Two Gateways and Netlet Proxy Using Two Gateways and Netlet Proxy Accelerator Using an Accelerator Host Netlet with 3rd Party Proxy Reverse Proxy 19Using a Reverse Proxy in Front of the Gateway Designing for Localization Content and Design Implementation Creating a Custom Access Manager Service Placement of Static Portal ContentIntegration Design Integrating Applications Independent Software Vendors Integrating Microsoft Exchange Identity and Directory Structure Design Portal Desktop Design Implementing Single Sign-On Working with Providers Choosing and Implementing the Correct Aggregration Strategy String name=url value=file//path/filename Client Support Page Production Environment Monitoring and TuningMoving to a Production Environment Documenting the Portal Memory Consumption and Garbage Collection Monitoring Portal Server CPU Utilization Thread Usage Access Manager Cache and Sessions Portal Usage Information Directories Installed for Portal Server Installed Product LayoutTable A-1Portal Server Directories Table A-2Portal Server, SRA Directories Directories Installed for SRA Etc/opt/SUNWps Configuration FilesPage Table B-1Performance Analysis Tools Analysis Tools Agrep Socket connection MpstatCount What to Look For Iostat Netstat -I hme0 Netstat Netstat -sP tcp Output Consider the following Etc/system Options Tuning Parameters for /etc/systemTable B-3TCP/IP Options Max Page Introduction to Application Server Support in Portal Server Portal Server and Application Servers Portal Server on an Application Server Cluster Overview of BEA WebLogic Server Clusters Overview of Application Server Enterprise Edition Installdir/config/domainname/startWeblogic.sh Overview of IBM WebSphere Application Server Page Troubleshooting Portal Server Troubleshooting Your Portal DeploymentUnix Processes Log Files Recovering the Search DatabaseWorking with the Display Profile To Extract the Display Profile High CPU Utilization for Portal Server Instance Debugging the Gateway Troubleshooting SRA SRA Introduction to shooter Gctool.pl Shooter.sh Memfoot.sh SRA Log FilesUniq.pl GWDump.class Netlet Portal Assessment Worksheets Portal Deployment WorksheetsTable E-1General Questions Table E-2Organizational Questions Table E-4Content Management Questions Table E-3Business Service-level Expectations Questions Table E-6Business Intelligence Questions Table E-5User Management and Security QuestionsTable E-7Architecture Questions Table E-8 Portal Design Task List Design Task List 2 Table E-8 Develop and Integrate Design Task List 3 Table E-8Design Task List 4 Sun Java System Portal Server, Sun Design Task List 5 Deployment Production Design Task List 6 Design Task List 7 Page Portal Server on the Linux Platform Limitations Using LinuxComparison of Solaris and Linux Path Names Table F-1Comparison of Solaris and Linux Path NamesPage Glossary Portal Server 6 2005Q1 Deployment Planning Guide Index Etc/system tuning parameters 150 /opt/SUNWps directory Section B Dpadmin command Dp-org.xml file Dp-providers.xml file Gctool.pl tool Memfoot.sh script Psdp.dtd file Section Q SRA Section W Section Portal Server 6 2005Q1 Deployment Planning Guide