Subscribe to Our Youtube Channel
Related Manuals for Sun Microsystems Sun Java System 2005Q1 Portal Server 6
Summary of Contents for Sun Microsystems Sun Java System 2005Q1 Portal Server 6
-
Page 1: Portal Server
Sun Java ™ System Portal Server 6 Deployment Planning Guide 2005Q1 Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 817-7697... - Page 2 Copyright © 2005 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés. Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à...
-
Page 3: Table Of Contents
Contents List of Figures ..............9 List of Tables . - Page 4 Portal Server Architecture ............. . . 29 Identity Management .
- Page 5 Personalization ..............58 Aggregation and Integration .
- Page 6 Using Platform Security ............. 103 Using a Demilitarized Zone (DMZ) .
- Page 7 Tuning Parameters for /etc/system ........... . . 150 Appendix C Portal Server and Application Servers .
- Page 8 Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 9: List Of Figures
List of Figures Figure 1-1 Portal Server in Open Mode ..........26 Figure 1-2 Portal Server in Secure Mode . - Page 10 Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 11: List Of Tables
List of Tables Table 1 Typographical Conventions..........15 Table 3-1 Identity Management Features and Benefits . - Page 12 Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 13: Preface
Preface This Administration Guide explains how to plan for and deploy Sun Java™ System Portal Server 6 2005Q1 software. Portal Server Secure Remote Access provides a platform to create portals for your organization’s integrated data, knowledge management, and applications. The Portal Server platform offers a complete infrastructure solution for building and deploying all types of portals, including business-to-business, business-to-employee, and business-to-consumer. -
Page 14: How This Book Is Organized
How This Book Is Organized • Java™ Web Server • JavaServer Pages™ technology • Lightweight Directory Access Protocol (LDAP) • Hypertext Markup Language (HTML) • Extensible Markup Language (XML) How This Book Is Organized Chapters 1 through 5 provide information on Portal Server Secure Remote Access deployment. -
Page 15: Typographic Conventions
How This Book Is Organized Chapter Description Appendix C, “Portal Server This appendix describes the support for application servers. and Application Servers” on page 153 Appendix D, This appendix describes how to troubleshoot the Portal Server “Troubleshooting Your software and the Portal Server Secure Remote Access (SRA) Portal Deployment”... -
Page 16: Related Documentation
Related Documentation Typeface Meaning Examples Read Chapter 6 in the User’s AaBbCc123 Book titles, new terms, words to be (Italic) emphasized. Guide. A placeholder in a command or path These are called class options. name to be replaced with a real name or value. -
Page 17: Other Portal Server Documentation
Related Documentation Book Title Description Portal Server Technical Reference Guide Provides detailed information on the Portal Server technical concepts (such as Display Profile, http://docs.sun.com/db/doc/817-7696 Rewriter), command line utilities, tag libraries (in the software), and files (such as templates and JSPs). This guide serves as a single source for such essential background information. -
Page 18: Accessing Sun Resources Online
Accessing Sun Resources Online • Application Server documentation http://docs.sun.com/coll/s1_asseu3_en • Web Proxy Server documentation http://docs.sun.com/prod/s1.webproxys#hic Accessing Sun Resources Online For product downloads, professional services, patches and support, and additional developer information, go to the following: • Download Center http://wwws.sun.com/software/download/ • Professional Services http://www.sun.com/service/sunps/sunone/index.html •... -
Page 19: Sun Welcomes Your Comments
Sun Welcomes Your Comments Sun Welcomes Your Comments Sun is interested in improving its documentation and welcomes your comments and suggestions. To share your comments, go to and click Send Comments. In http://docs.sun.com the online form, provide the document title and part number. The part number is a seven-digit or nine-digit number that can be found on the title page of the book or at the top of the document. - Page 20 Sun Welcomes Your Comments Portal Server Secure Remote Access 6 2005Q1 • Administration Guide...
-
Page 21: Chapter 1 Portal Server Architecture
Chapter 1 Portal Server Architecture This chapter contains the following sections: • What is a Portal? • Types of Portals • Portal Server Capabilities • Sun Java System Portal Server • Secure Remote Access • Security, Encryption, and Authentication • Portal Server Deployment Components •... -
Page 22: Types Of Portals
Types of Portals Portals serve as a unified access point to web applications. Portals also provide valuable functions like security, search, collaboration, and workflow. A portal delivers integrated content and applications, plus a unified, collaborative workplace. Indeed, portals are the next-generation desktop, delivering e-business applications over the web to all kinds of client devices. -
Page 23: Business Intelligence Portals
Portal Server Capabilities Collaborative services allow users to do the following: • Chat • Organize meetings • Share calendaring information • Define user communities • Participate in net meetings • Share information in discussion groups and on white boards Business Intelligence Portals Business intelligence portals provide executives, managers, and business analysts with access to business intelligence for making business decisions. -
Page 24: Sun Java System Portal Server
Sun Java System Portal Server • Secure access and authorized connectivity, optionally using encryption between the user’s browser and the enterprise • Authentication of users before allowing access to a set of resources that are specific for each user • Support for abstractions that provide the ability to pull content from a variety of sources and aggregate and personalize it into an output format suitable for the user’s device... -
Page 25: Secure Remote Access
Secure Remote Access Each enterprise assesses its own needs and plans its own deployment of Java Enterprise System technology. The optimal deployment for each enterprise depends on the type of applications that Java Enterprise System technology supports, the number of users, the kind of hardware that is available, and other considerations of this type. -
Page 26: Portal Server In Secure Mode
Secure Remote Access If the portal does not contain sensitive information (deploying public information and allowing access to free applications), then responses to access requests by a large number of users is faster than secure mode. Figure 1-1 shows Portal Server configured for open mode. In this figure, Portal Server is installed on a single server behind the firewall. -
Page 27: Figure 1-2 Portal Server In Secure Mode
Secure Remote Access The main advantage of SRA is that only the IP address of the Gateway is published to the Internet. All other services and their IP addresses are hidden and never published to a Domain Name Service (DNS) that is running on the public network (such as the Internet). -
Page 28: Security, Encryption, And Authentication
Security, Encryption, and Authentication You can add additional servers and Gateways for site expansion. You can also configure the components of SRA in various ways based on your business requirements. Security, Encryption, and Authentication Portal Server system security relies on the HTTPS encryption protocol, in addition to UNIX system security, for protecting the Portal Server system software. -
Page 29: Portal Server Architecture
Portal Server Architecture Java Development Kit™ (JDK™)--Java Development Kit software provides the Java run-time environment for all Java software in Portal Server and its underlying components. Portal Server depends on the JDK software in the web container. Network Security Services for Java software Sun Java System Web Server Java API for XML Processing (JAXP), •... -
Page 30: Identity Management
Identity Management • Access Manager node.The server where Access Manager can reside. Access Manager does not have to reside on the same node as Portal Server. • Search node. Optional. The server you use for the Portal Server Search service. You can install the Portal Server Search service on its own server for performance, scalability and availability reasons. -
Page 31: Portal Server Software Deployment
Portal Server Software Deployment • Access Manager console SDK • Authentication daemons that support the web applications See the Access Manager Deployment Planning Guide for more information. Portal Server Software Deployment This section provides information on software deployed on Portal Server.This section provides information on the software packaging mechanism, the software categories within the system, and compatibility with Java software. -
Page 32: Compatibility With Java Software
Portal Server Software Deployment • Static web content. These include static HTML files, images, applet JAR files, and other items that can be served up directly by the web server without using the Web Server container. For Portal Server, these files are also installed in the web server. -
Page 33: A Typical Portal Server Installation
A Typical Portal Server Installation A Typical Portal Server Installation Figure 1-3 on page 34 illustrates some of the components of a portal deployment but does not address the actual physical network design, single points of failure, nor high availability. See Chapter 5, “Creating Your Portal Design”, for more detailed information on portal design. -
Page 34: Figure 1-3 High-Level Architecture For A Business-To-Employee Portal
A Typical Portal Server Installation High-level Architecture for a Business-to-Employee Portal Figure 1-3 Portal Server Gateway Search Telecommuter PCs/ Workstations Proxy/ Desktops Cache Portal Server Directory Airport/Hotel Internet Kiosks Server Server Mail Server Branch Offices Remote Offices Mail Customers/Suppliers Gateway Behind Firewall Legacy Server... -
Page 35: Figure 1-4 Sra Deployment
A Typical Portal Server Installation Figure 1-4 shows a Portal Server deployment with SRA services. See Chapter 2, “Portal Server Secure Remote Access Architecture” for details. Figure 1-4 SRA Deployment Portal Server Rewriter Proxy Gateway Server Client Host Netlet Proxylet Proxy Application Netlet... - Page 36 A Typical Portal Server Installation Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 37: Chapter 2 Portal Server Secure Remote Access Architecture
Chapter 2 Portal Server Secure Remote Access Architecture This chapter describes the Sun Java™ System Portal Server Secure Remote Access (SRA) architecture. You administer the configuration information through the Access Manager administration console. This chapter describes the following SRA components: •... -
Page 38: Multiple Gateway Instances
SRA Gateway • Netlet request. Routes the request (traffic) to the server specified in the Netlet rule that the user clicked in the Portal Desktop. • HTTP(S) traffic. Routes the request to the server as specified by the HTTP header. Upon receiving a response from the server, the Gateway translates the response so that all intranet links within the response work on the extranet. -
Page 39: Proxy Configuration
SRA Gateway NOTE Session stickiness is not required in front of a Gateway (unless you are using Netlet), however performance is improved with session stickiness. On the other hand, session stickiness to the Portal Server instances is enforced by SRA. Proxy Configuration The Gateway uses proxies that are specified in its profile to retrieve contents from various web servers within the intranet and extranet. -
Page 40: Gateway Access Control
SRA Gateway • Mandatory server authentication. The client must authenticate the server. • Optional authentication. The server is configured to authenticate the client. Personal Digital Certificate (PDC) authentication is a mechanism that authenticates a user through SSL client authentication. The Gateway supports PDC authentication with the support of Access Manager authentication modules. -
Page 41: Gateway Logging
Netlet Gateway Logging You can monitor the complete user behavior by enabling logging on the Gateway. The Gateway uses the Access Manager logging API for creating logs. Using Accelerators with the Gateway You can configure accelerators, which are dedicated hardware co-processors, to off-load the SSL functions from a server's CPU. - Page 42 Netlet Dynamic applications agree upon a port for communication as part of the handshake. You can include the destination server port as part of the Netlet rule. The Netlet needs to understand the protocol and examine the data to find the port being used between the client and the server.
-
Page 43: Netlet And Application Integration
Netlet Netlet and Application Integration Netlet works with many third parties such as Graphon, Citrix, and pcAnywhere. Each of these products provides secure access to the user’s Portal Desktop from a remote machine using Netlet. Split Tunneling Split tunneling allows a VPN client to connect to both secure sites and non-secure sites, without having to connect or disconnect the VPN—in this case, the Netlet—connection. -
Page 44: Netlet Proxy
Netlet Proxy Netlet Proxy A Netlet Proxy helps reduce the number of open ports needed in the firewall to connect the Gateway and the destination hosts. For example, consider a configuration where users need Netlet to connect with a large number of Telnet, FTP, and Microsoft Exchange servers within the intranet. Assume that the Gateway is in a DMZ. -
Page 45: Initialization
NetFile • NetFile servlet(s). Two NetFile servlets are present in the web container, one for each kind of NetFile applet. The servlets are responsible for connecting to different types of file systems, carrying out the operations that NetFile is configured to handle, and sending the information back to the applets for display. -
Page 46: Access Control
NetFile Access Control NetFile provides various means of file system access control. You can deny access to users to a particular file system based on the protocol. For example, you can deny a particular user, role, or organization access to file systems that are accessible only over NFS. -
Page 47: Netfile And Multithreading
Rewriter NetFile also enables users to select multiple files and compress them by using GZIP and ZIP compression. Users can select multiple files and send them in a single email as multiple attachments. NetFile also uses the SSO token of Access Manager to access the user’s email settings (such as IMAP server, user name, password, and reply-to address) for sending email. -
Page 48: Rewriter Proxy
Rewriter Proxy according to a Document Type Definition (DTD). Using the generic ruleset that ships with the Rewriter, you can rewrite most URLs (but not all) without any additional rules. You can also associate rulesets with domains for domain-based translations. See the Portal Server Secure Remote Access 6 Administration Guide for more information. -
Page 49: Proxylet
Proxylet NOTE You can run multiple Rewriter Proxies to avoid a single point of failure and achieve load balancing. Proxylet Proxylet is a dynamic proxy server that runs on a client machine. Proxylet redirects a URL to the Gateway. It does this by reading and modifying the proxy settings of the browser on the client machine so that the settings point to the local proxy server or Proxylet. - Page 50 Proxylet Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 51: Chapter 3 Identifying And Evaluating Your Business And Technical Requirements
Chapter 3 Identifying and Evaluating Your Business and Technical Requirements The first step in planning your deployment is identifying your Sun Java™ System Portal Server business and technical requirements.. You need to gather both business and technical requirements before you can address architecture and design issues. - Page 52 Business Objectives The business goals of your portal affect deployment decision. Understand your objectives. If you do not understand your business requirements, you can easily make erroneous assumptions that could affect the accuracy of your deployment estimates. Use these questions to help you identify your business objectives: •...
-
Page 53: Technical Goals
Technical Goals Technical Goals Your technical requirement (often called functional requirement) discuss the details of your organization’s system needs and desired results, and include such factors as: • Performance • Security • Reliability • Expected performance criteria of the portal The technical requirements define all functions required of an architecture and provide guidelines for how each component works and integrates to form an entire system. -
Page 54: Mapping Portal Server Features To Your Business Needs
Mapping Portal Server Features to Your Business Needs Mapping Portal Server Features to Your Business Needs The previous sections posed questions to you about the various areas of the Portal Server system from a high-level perspective of business and technical needs. This section reviews specific technology features with the goal of determining which technologies are most important for your organization. - Page 55 Mapping Portal Server Features to Your Business Needs Identity Management Features and Benefits (Continued) Table 3-1 Feature Description Benefit User, policy, and Access Manager enables you to manage Provides a centralized identity management provisioning many users spanning a variety of different solution for storing and managing identity management roles across the organization and sometimes...
-
Page 56: Sra
Mapping Portal Server Features to Your Business Needs Table 3-2 shows the Sun Java System Portal Server Secure Remote Access (SRA) features and their benefits Table 3-2 SRA Features and Benefits Feature Description Benefit Integrated security Extranet or Virtual Private Network Extends an enterprise’s content, applications, capabilities “on demand”... -
Page 57: Search Engine
Mapping Portal Server Features to Your Business Needs Feature Description Benefit Rewriter Proxy Redirects HTTP requests to the Rewriter Using the Rewriter Proxy enables secure Proxy instead of directly to the destination HTTP traffic between the Gateway and host. The Rewriter Proxy in turn sends the intranet computers and offers two request to the destination server. -
Page 58: Personalization
Mapping Portal Server Features to Your Business Needs Search Features and Benefits (Continued) Table 3-3 Feature Description Benefit Subscriptions Enables the user to track new or changed Discussions, search categories, and free-form material in different areas of interest. searches (saved searches) can be tracked. Personalization Personalization is the ability to deliver content based on selective criteria and offer services to a user. -
Page 59: Understanding User Behaviors And Patterns
Understanding User Behaviors and Patterns Table 3-5 shows the aggregation and integration features and their benefits. Table 3-5 Aggregation Features and Benefits Feature Description Benefit Aggregated The Portal Desktop provides the primary Users no longer have to search for the information end-user interface for Portal Server and a information. - Page 60 Understanding User Behaviors and Patterns • Will users login to the portal at the same time each day? Will they use the portal at work or somewhere else? • Are users in the same time zone or in different time zones? •...
-
Page 61: Chapter 4 Pre-Deployment Considerations
Chapter 4 Pre-Deployment Considerations This chapter contains the following sections: • Determine Your Tuning Goals • Portal Sizing Tips • Establish Performance Methodology • Portal Sizing • SRA Sizing Determine Your Tuning Goals Before tuning you portal, work with portal system administrators and portal developers to set the portal performance objectives based upon the projected requirements of your portal. -
Page 62: Portal Sizing Tips
Portal Sizing Tips time, the number of Portal desktop activity requests, the amount of portal channel usage, acceptable response time for the end-user which is determined by your organization, and an optimal hardware configuration to meet the criteria. Portal Sizing Tips This section contains a few tips to help you in the sizing process. -
Page 63: Portal Sizing
Portal Sizing Setup a controlled environment to minimize the margin of error (defined as less than ten percent variation between identical runs). By knowing the starting data measurement baseline, you can measure the differences in data performance between sample gathering runs. Be sure measurements are taken over an adequate period of time and that you are able to capture and evaluate the results of these tests. -
Page 64: Establish Baseline Sizing Figures
Portal Sizing Establish Baseline Sizing Figures Once you have identified your business and technical requirements, and mapped Portal Server features to your needs, your sizing requirements emerge as you plan your overall Portal Server deployment. Your design decisions help you make accurate estimates regarding Portal Server user sessions and concurrency. - Page 65 Portal Sizing maximum number of concurrent sessions = expected percent of users online * user base To identify the size of the user base or pool of potential users for an enterprise portal, here are some suggestions: • Identify only users who are active. Do not include users who are, for example, away on vacation, or on leave.
- Page 66 Portal Sizing Calculate maximum number of concurrent users after you calculate maximum number of concurrent sessions. To calculate the maximum number of concurrent users, use this formula: concurrent users = number of concurrent sessions / average time between hits For example, consider an intranet Portal Server example of 50,000 users. The number of connected sessions under its peak loads is estimated to be 80% of its registered user base.
- Page 67 Portal Sizing The average size adjusts for variations in sizes of RDs. A collection of long, complex RDs with many indexed terms and a list of short RDs with a few indexed terms require different search times, even if the complex RDs have the same number of RDs.
- Page 68 Portal Sizing Hardware and Applications CPU speed and size of the virtual machine for the Java™ platform (Java™ Virtual Machine or JVM™ software) memory heap affect Portal Server performance. The faster the CPU speed, the higher the throughput. The JVM memory heap size, along with the heap generations tuning parameters, can also affect Portal Server performance.
-
Page 69: Customize The Baseline Sizing Figures
Portal Sizing When you calculate transaction time, size your Portal Server so that processing time under regular or peak load conditions does not exceed your performance requirement threshold and so that you can sustain processing time over time. Workload Conditions Workload conditions are the most predominantly used system and JVM software resources on a system. -
Page 70: Validate Baseline Sizing Figures
Portal Sizing After you have an estimate of your sizing, consider: • LDAP Transaction Numbers • Application Server Requirements LDAP Transaction Numbers Use the following LDAP transaction numbers for an out-of-the-box portal deployment to understand the impact of the service demand on the LDAP master and replicas. -
Page 71: Refine Baseline Sizing Figures
Portal Sizing Use a trial deployment to determine your final sizing estimates. A trial deployment helps you to size back-end integration, to avoid potential bottlenecks with Portal Server operations. Refine Baseline Sizing Figures Your next step is to refine your sizing figure. In this section, you build in the appropriate amount of headroom so that you can deploy a portal site that features scalability, high availability, reliability and good performance. -
Page 72: Validate Your Final Figures
SRA Sizing Maintenance demands Considering these factors enables you to develop a sizing figure that is flexible and enables you to avoid risk when your assumptions regarding your portal change following deployment. The resulting figure ensures that your portal site has the following: •... -
Page 73: Identifying Gateway Key Performance Requirements
SRA Sizing Identifying Gateway Key Performance Requirements Key performance factors are metrics that your technical representative uses as input to an automated sizing tool. The sizing tool calculates the estimated number of Gateway instances your SRA deployment requires. Identifying these key performance factors and giving them to your technical representative is the first step in formulating your baseline sizing figure. - Page 74 SRA Sizing • Session average time This determines how many logins per second that the Gateway must sustain for a given number of concurrent users. Netlet Usage Characteristics Consider the following Netlet characteristics of the Gateway, which can have a impact in calculating the number of Gateway instances: •...
-
Page 75: Advanced Gateway Settings
SRA Sizing Advanced Gateway Settings Use the settings in this section to obtain more accurate results when estimating the number of Gateway instances for your deployment. These advanced Gateway settings are used as input to the automated sizing tool. These are the advanced Gateway settings: •... -
Page 76: Sra Gateway And Ssl Hardware Accelerators
SRA Sizing • Regular-JSP. Describes a configuration of two tabs with seven channels each. • Heavy—JSP. Describes a configuration of three tabs with seventeen channels each. Scalability You can choose between one, two, and four CPUs per Gateway instance. The number of CPUs bound to a Gateway instance determines the number of Gateway instances required for the deployment. -
Page 77: Sra And Sun Enterprise Midframe Line
SRA Sizing See the Portal Server Secure Remote Access 6 Administration Guide for more information on the Sun Crypto Accelerator 1000 board and other accelerators. The Sun Crypto Accelerator 1000 board supports only SSL NOTE handshakes and not symmetric key algorithms. This is not generic to all other cryptographic accelerators. - Page 78 SRA Sizing Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 79: Chapter 5 Creating Your Portal Design
Chapter 5 Creating Your Portal Design This chapter describes how to create your high-level and low-level portal design and provides information on creating specific sections of your design plan. This chapter contains the following sections: • Portal Design Approach • Portal Server and Scalability •... -
Page 80: Overview Of High-Level Portal Design
Portal Design Approach Your high-level portal design communicates the architecture of the system and provides the basis for the low-level design of your solution. Further, the high-level design needs to describe a logical architecture that meets the business and technical needs that you previously established. -
Page 81: Overview Of Low-Level Portal Design
Portal Design Approach Overview of Low-Level Portal Design The low-level design focuses on specifying the processes and standards you use to build your portal solution, and specifying the actual hardware and software components of the solution, including: • The Portal Server complex of servers. •... - Page 82 Portal Design Approach • Usage estimates, which include your assumptions on the total number of registered users, average percentage of registered users logged in per day, average concurrent users that are logged in per day, average login time, average number of content channels that a logged in user has selected, and average number of application channels that a logged in user has selected.
-
Page 83: Portal Server And Scalability
Portal Server and Scalability Portal Server and Scalability Scalability is a system’s ability to accommodate a growing user population, without performance degradation, by the addition of processing resources. The two general means of scaling a system are vertical and horizontal scaling. The subject of this section is the application of scaling techniques to the Portal Server product. -
Page 84: Portal Server And High Availability
Portal Server and High Availability The section “Working with Portal Server Building Modules” on page 89, discusses an approach to a specific type of configuration that provides optimum performance and horizontal scalability. Portal Server and High Availability High Availability ensures that your portal platform is accessible 24 hours a day, seven days a week. -
Page 85: System Availability
Portal Server and High Availability System Availability System availability is often expressed as a percentage of the system uptime. A basic equation to calculate system availability is: Availability = uptime / (uptime + downtime) * 100 For instance, a service level agreement uptime of four digits (99.99 percent) means that in a month the system can be unavailable for about seven hours. -
Page 86: Portal Server System Communication Links
Portal Server System Communication Links • Gateway. A load balancer used with the Gateway detects a failed Gateway component and routes new requests to other Gateways. A load balancer also has the ability to intelligently distribute the workload across the server pool. Routing is restored when the failed Gateway recovers. -
Page 87: Figure 5-1 Portal Server Communication Links
Portal Server System Communication Links Portal Server Communication Links Figure 5-1 Browser Gateway HTTP(s) Authentication Comm Channel Access Manager Search Portal Desktop Service Admin Console Service Service Service (servlet) (servlet) (servlet) (servlet) (servlet) LDAP Module Access Manager Access Manager Access Manager Access Manager SSO SDK Logging SDK... - Page 88 Portal Server System Communication Links • Figure 5-1 on page 87 shows that if the following processes or communication links fail, the portal solution becomes unavailable to end users: Portal Server Instance. Runs in the context of a web container. Components within an instance communicate through the JVM™...
-
Page 89: Working With Portal Server Building Modules
Working with Portal Server Building Modules SRA includes other Java technology processes called Netlet Proxy and Rewriter Proxy. You use these proxies to extend the security perimeter from behind the firewall, and limit the number of holes in the DMZ. You can install these proxies on separate nodes. -
Page 90: Building Modules And High Availability Scenarios
Working with Portal Server Building Modules Building Modules and High Availability Scenarios Portal Server provides three scenarios for high availability: • Best Effort The system is available as long as the hardware does not fail and as long as the Portal Server processes can be restarted by the watchdog process. -
Page 91: Table 5-1 Portal Server High Availability Scenarios
Working with Portal Server Building Modules Table 5-1 summarizes these high availability scenarios along with their supporting techniques. Table 5-1 Portal Server High Availability Scenarios Component Necessary for Best Necessary for NSPOF Necessary for Transparent Requirements Effort Deployment? Deployment? Failover Deployment? Hardware Redundancy Portal Server Building Modules... -
Page 92: Figure 5-3 Best Effort Scenario
Working with Portal Server Building Modules Best Effort In this scenario, you install Portal Server and Directory Server on a single node that has a secured hardware configuration for continuous availability, such as Sun Fire UltraSPARC® III machines. (Securing a Solaris™ Operating Environment system requires that changes be made to its default configuration.) This type of server features full hardware redundancy, including: redundant power supplies, fans, system controllers;... -
Page 93: Figure 5-4 No Single Point Of Failure Example
Working with Portal Server Building Modules No Single Point of Failure Portal Server natively supports the no single point of failure (NSPOF) scenario. NSPOF is built on top of the best effort scenario, and in addition, introduces replication and load balancing. Figure 5-4 No Single Point of Failure Example Building Module 1... - Page 94 Working with Portal Server Building Modules As stated earlier, a building module consists of a a Portal Server instance, a Directory Server master replica for profile reads and a search engine database. As such, at least two building modules are necessary to achieve NSPOF, thereby providing a backup if one of the building modules fails.
- Page 95 Working with Portal Server Building Modules Redundancy is equally important to the directory master so that profile changes through the administration console or the Portal Desktop, along with consumer replication across building modules, can always be maintained. Portal Server and Access Manager support MMR.
-
Page 96: Figure 5-5 Transparent Failover Example Scenario
Working with Portal Server Building Modules Transparent Failover Transparent failover uses the same replication model as the NSPOF scenario but provides additional high availability features, which make the failover to a backup server transparent to end users. Figure 5-5 on page 96 shows a transparent failover scenario. -
Page 97: Building Module Constraints
Working with Portal Server Building Modules The session repository is provided by the application server software. Portal Server is running in an application server. Portal Server supports transparent failover on application servers that support HttpSession failover. See Appendix C, “Portal Server and Application Servers”... - Page 98 Working with Portal Server Building Modules • If you use multiple machines, or if your Portal Server machine is running a large number of instances, use a fast network interconnect. • On servers with more than eight CPUs, create processor sets or domains with either two or four CPUs.
-
Page 99: Designing Portal Use Case Scenarios
Designing Portal Use Case Scenarios • You can install Search on a machine separate from Portal Server, to keep the main server dedicated to portal activity. When you do so, you use the property of the Search provider to point to the second machine searchURL where Search is installed. -
Page 100: Elements Of Portal Use Cases
Designing Portal Use Case Scenarios Use case steps are written in an easy-to-understand structured narrative using the vocabulary of the domain. Use case scenarios are an instance of a use case, representing a single path through the use case. Thus, there may be a scenario for the main flow through the use case and other scenarios for each possible variation of flow through the use case (for example, representing each option). -
Page 101: Example Use Case: Authenticate Portal User
Designing Portal Use Case Scenarios Example Use Case: Authenticate Portal User Table 5-2 describes a use case for a portal user to authenticate with the portal. Table 5-2 Use Case: Authenticate Portal User Item Description Priority Must have. Context of Use Only authenticated users are allowed to gain access to the portal resources. -
Page 102: Designing Portal Security Strategies
Designing Portal Security Strategies Use Case: Authenticate Portal User (Continued) Table 5-2 Item Description Description 1. User enters the portal URL. 2. If the customization parameter [remember login] is set, then automatically login the user and provide a session ID. 3. -
Page 103: Using Platform Security
Designing Portal Security Strategies • Minimize the size of the operating environment installation. When installing a Sun server in an environment that is exposed to the Internet, or any untrusted network, reduce the Solaris installation to the minimum number of packages necessary to support the applications to be hosted. -
Page 104: Using A Demilitarized Zone (Dmz)
Designing Portal Security Strategies The user nobody does not have a password, which prevents a regular user from becoming nobody. Only the superuser can change users without being prompted for a password. Thus, you still need root access to start and stop Portal Server services. -
Page 105: Portal Server And Access Manager On Different Nodes
Portal Server and Access Manager on Different Nodes Portal Server and Access Manager on Different Nodes Portal Server and Access Manager can be located on different nodes. This type of deployment provides the following advantages: • Identity services can be deployed separately from portal services. Portal Server can be one of many applications using identity services. - Page 106 Portal Server and Access Manager on Different Nodes Federation Management API–adds functionality based on the Liberty Alliance Project specifications. Figure 5-6 illustrates Access Manager and Portal Server residing on separate nodes. Figure 5-6 Portal Server and Access Manager on Different Nodes Access Application Manager...
-
Page 107: Figure 5-7 Two Portal Servers And One Access Manager
Portal Server and Access Manager on Different Nodes Figure 5-7 shows two Portal Server instances configured to work with a single Access Manager and two Directory Servers where both the Access Manager and the Directory Servers operate in a Java Enterprise System Sun Clustered environment. -
Page 108: Figure 5-8 One Portal Server And Two Access Managers
Portal Server and Access Manager on Different Nodes Figure 5-8 shows configuration allowing authentication throughput coming from Portal Server to be load-balanced across the two Access Managers. This configuration could be implemented when the Portal Server resides on a high-end medium to large server (that is 1 to 4 processors) with a very wide bandwidth network connection. -
Page 109: Figure 5-9 Two Portal Servers And Two Access Managers
Portal Server and Access Manager on Different Nodes Figure 5-9 shows a configuration for maximum horizontal scalability and higher availability achieved by a horizontal server farm. Two Portals Servers can be fronted with a load balancer for maximum throughput and high availability. Another load balancer can be put between Portal Servers and Access Managers to achieve authentication and policy processes as a load distributor and failover mechanism for higher availability. - Page 110 Portal Server and Access Manager on Different Nodes Modify the following areas in AMConfig.properties to be in sync with the first installed instance of Portal Server and Access Manager servers: #The key that will be used to encrypt and decrypt passwords. am.encryption.pwd=t/vnY9Uqjf12NbFywKuAaaHibwlDFNLO <== REPLACE THIS STRING WITH THE ONE FROM FIRST PORTAL INSTALL /* The following key is the shared secret for application auth module */...
-
Page 111: Designing Sra Deployment Scenarios
Designing SRA Deployment Scenarios Designing SRA Deployment Scenarios The SRA Gateway provides the interface and security barrier between the remote user sessions originating from the Internet and your organization’s intranet. The Gateway serves two main functions: • Provides basic authentication services to incoming user sessions, including establishing identity and allowing or denying access to the platform. -
Page 112: Basic Sra Configuration
Designing SRA Deployment Scenarios Basic SRA Configuration Figure 5-10 shows the most simple configuration possible for SRA. The figure shows a client browser running NetFile and Netlet. The Gateway is installed on a separate machine in the DMZ between two firewalls. The Portal Server is located on a machine beyond the second firewall in the intranet. -
Page 113: Disable Netlet
Designing SRA Deployment Scenarios Disable Netlet Figure 5-11 shows a scenario similar to the basic SRA configuration except that Netlet is disabled. If the client deployment is not going to use Netlet for securely running applications that need to communicate with intranet, then use this setup for performance improvement. -
Page 114: Proxylet
Designing SRA Deployment Scenarios Proxylet Figure 5-12 Proxylet enables users to securely access intranet resources through the Internet without exposing these resources to the client. It inherits the transport mode (either HTTP or HTTPS) from the Gateway. Figure 5-12 Proxylet Client Portal Server... -
Page 115: Multiple Gateway Instances
Designing SRA Deployment Scenarios Multiple Gateway Instances Figure 5-13 shows an extension of the SRA basic configuration. Multiple Gateway instances run on the same machine or multiple machines. You can start multiple Gateway instances with different profiles. See Chapter 2, “Configuring the Gateway,”... -
Page 116: Netlet And Rewriter Proxies
Designing SRA Deployment Scenarios The disadvantage to this configuration is that multiple ports need to be opened in the second firewall for each connection request. This could cause potential security problems. Netlet and Rewriter Proxies Figure 5-14 shows a configuration with a Netlet Proxy and a Rewriter Proxy on the intranet. -
Page 117: Figure 5-14 Netlet And Rewriter Proxies
Designing SRA Deployment Scenarios Netlet and Rewriter Proxies Figure 5-14 Portal Server Host Rewriter Client Proxy Gateway Host NetFile Netlet Host Netlet Proxy Portal Server Host Rewriter Client Proxy Host Gateway NetFile Netlet Host Netlet Proxy Host HTTP traffic Netlet traffic Chapter 5 Creating Your Portal Design... -
Page 118: Netlet And Rewriter Proxies On Separate Nodes
Designing SRA Deployment Scenarios Netlet and Rewriter Proxies on Separate Nodes To reduce the load on the Portal Server node and still provide the same level of security at increased performance, you can install Netlet and Rewriter Proxies on separate nodes. This deployment has an added advantage in that you can use a proxy and shield the Portal Server from the DMZ. -
Page 119: Using Two Gateways And Netlet Proxy
Designing SRA Deployment Scenarios Using Two Gateways and Netlet Proxy Load balancers provide a failover mechanism for higher availability for redundancy of services on the Portal Servers and Access Managers. Figure 5-16 Two Gateways and Netlet Proxy Gateway Client NetFile Netlet HTTP Netlet... -
Page 120: Using An Accelerator
Designing SRA Deployment Scenarios Using an Accelerator You can configure an external SSL device to run in front of the Gateway in open mode. It provides the SSL link between the client and SRA. For information on accelerators, see the Portal Server Secure Remote Access 6 Administration Guide. Figure 5-17 SRA Gateway with External Accelerator Portal... -
Page 121: Netlet With 3Rd Party Proxy
Designing SRA Deployment Scenarios Netlet with 3rd Party Proxy Figure 5-18 illustrates using a third-party proxy to limit the number of ports in the second firewall to one. You can configure the Gateway to use a third-party proxy to reach the Rewriter and the Netlet Proxies. Figure 5-18 Netlet and Third-Party Proxy Portal Server... -
Page 122: Reverse Proxy
Designing SRA Deployment Scenarios Reverse Proxy A proxy server serves Internet content to the intranet, while a reverse proxy serves intranet content to the Internet. Certain deployments of reverse proxy are configured to serve the Internet content to achieve load balancing and caching. Figure 5-19 illustrates how you can configure a reverse proxy in front of the Gateway to serve both Internet and intranet content to authorized users. -
Page 123: Designing For Localization
Designing for Localization Designing for Localization Localization is the process of adapting text and cultural content to a specific audience. Localization can be approached in two different ways: Localization of the entire product into a language that we don’t provide. This is usually done by a professional service organization. -
Page 124: Integration Design
Content and Design Implementation See the Portal Server 6 Developer’s Guide and Portal Server 6 Desktop Customization Guide for more information. Placement of Static Portal Content Place your static portal content in the web-container-install-root /SUNWam/public_html directory or in a subdirectory under the directory (the document root for the web-container-install-root /SUNWam/public_html... - Page 125 Content and Design Implementation • Portlet. Pluggable web component that processes requests and generates content within the context of a portal. In Portal Server software, a portlet is managed by the Portlet Container. Conceptually, a portlet is equivalent to a Provider.
- Page 126 Content and Design Implementation • Portal capability augmentation. This integration enables products to add functionality to Portal Server. Examples include Altio, Bowstreet, rule engines to add group capability, and dynamic standard Portal Desktop and provider contents (HNC). • Integratable portal stack. This integration includes products that replace elements of Portal Server.
-
Page 127: Identity And Directory Structure Design
Identity and Directory Structure Design JavaMail provides a common uniform API for managing mail. It enables service providers to provide a standard interface to their standards based or proprietary messaging systems using Java programming language. Using this API, applications can access message stores and compose and send messages. Identity and Directory Structure Design A major part of implementing your portal involves designing your directory information tree (DIT),. -
Page 128: Implementing Single Sign-On
Identity and Directory Structure Design See the Portal Server 6 Administration Guide, Directory Server Deployment Guide, and the Access Manager Deployment Guide for more information on planning your Access Manager and Directory Server structure. Implementing Single Sign-On Single sign-on (SSO) to Portal Server is managed by Access Manager. SSO provides a user with the ability to use any application that has its access policy managed by Access Manager, if allowed through the policy. - Page 129 Identity and Directory Structure Design Choosing and Implementing the Correct Aggregration Strategy The options for implementing portal channels for speed and scalability include: • Keeping processing functions on back-end systems and application servers, not on the portal server. The portal server needs to optimize getting requests from the user.
- Page 130 Identity and Directory Structure Design To use URLScraperProvider as a file scraper provider, specify the URL as follows: String name="url" value="file://path/filename" This is the best performing provider, in terms of how fast it retrieves content. On the first fetch of content, performance for this provider is usually in the low teen milliseconds.
-
Page 131: Client Support
Identity and Directory Structure Design large amount of processing to display the data in the Portal Desktop. If you use this type of provider, push as much data processing logic to the database as possible. Also, benchmark your portal performance with and without database channels in the user profile. - Page 132 Identity and Directory Structure Design Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 133: Chapter 6 The Production Environment
Chapter 6 The Production Environment This chapter describes how to monitor and tune Sun Java™ System Portal Server software, including the Sun Java System Portal Server Secure Remote Access product. This chapter contains the following sections: • Moving to a Production Environment •... -
Page 134: Documenting The Portal
Moving to a Production Environment • Determine whether your current physical infrastructure is capable of supporting the transaction volume requirement you have defined. Identify services that are the first to max out as you increase the activity to the portal. This indicates the amount of headroom you have as well as identify where to expend your energies. -
Page 135: Monitoring Portal Server
Monitoring Portal Server Monitoring Portal Server This section describes the variables that affect portal performance, as well as the portal monitoring you can perform. Areas to monitor include: • Sun Java System Access Manager • Portal Desktop • Sun Java System Directory Server •... -
Page 136: Cpu Utilization
Monitoring Portal Server Most applications suggest using a larger percentage of the total heap for the new generation, but in the case of Portal Server, using only one eighth the space for the young generation is appropriate, because most memory used by Portal Server is long-lived. -
Page 137: Access Manager Cache And Sessions
Monitoring Portal Server Expect peak loads to be four to eight times higher than the average load, but over short periods of time. Access Manager Cache and Sessions The performance of a portal system is affected to a large extent by the cache hit ratio of the Access Manager cache. -
Page 138: Portal Usage Information
Monitoring Portal Server Portal Usage Information Portal Server does not include a built-in reporting mechanism to monitor portal usage information by portal users. This includes which channels are accessed, how long the channels are accessed, and the ability to build a user behavioral pattern of the portal. -
Page 139: Appendix A Installed Product Layout
Appendix A Installed Product Layout This appendix describes the Sun Java™ System Portal Server directory structure and properties files used to store configuration and operational data. Directories Installed for Portal Server Table A-1 shows the platform-specific directory structures that are installed for Sun Java System Portal Server. -
Page 140: Directories Installed For Sra
Directories Installed for SRA Portal Server Directories (Continued) Table A-1 Description Location HTML template files /etc/portal-server-install-root/SUNWps/desktop/default/ channelname .templat /etc/portal-server-install-root/SUNWps/desktop/default/ JSPchannelname JSP template files portal-server-install-root/SUNWps/bin/ Command-line utilities Tag library definitions /etc/portal-server-install-root/SUNWps/desktop/default/tld/*.tld portal-server-install-root/SUNWps/dtd/psdp.dtd Display profile DTD Java properties files portal-server-install-root/SUNWam/locale Directories Installed for SRA This section describes the Sun Java™... -
Page 141: Configuration Files
Configuration Files Configuration Files All Portal Server and SRA configuration data is stored using the Sun Java System Access Manager Services Management function. Access Manager provides the bootstrap configuration file that is needed to find the Sun Java System Directory Server. - Page 142 Configuration Files Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 143: Appendix B Analysis Tools
Appendix B Analysis Tools The Sun Java™ Enterprsie System and SDK include default setting options to ensure a satisfactory out-of-the-box experience. However these options might not provide optimal performance for your web applications in the Sun Java System Portal Server production environment. This section describes some alternative options and basic tuning techniques. -
Page 144: Mpstat
mpstat Performance Analysis Tools Table B-1 Category Type Name Parameters Usage -a|grep Socket connection hostname|wc-1 count Portal Server on App verbose:gc Garbage collection Server container Tuning Solaris 8 and Solaris 9 /etc/system Various Performance Parameters /etc/rc2.d/ttuni Various TCP kernel tuning ng parameters file parameters mpstat... - Page 145 mpstat What to Look For Note the much higher intr and ithr values for certain CPUs. Solaris will select some CPUs to handle the system interrupts. The CPUs and the number that are chosen depend on the I/O devices attached to the system, the physical location of the devices, and whether interrupts have been disabled on a CPU (psradmin command).
-
Page 146: Iostat
iostat iostat The iostat tool gives statistics on the disk I/O subsystem. The iostat command has many options. More information can be found in the man pages. The following typical options provide information on locating I/O bottlenecks. Output #iostat -xn 10 extended device statistics kr/s kw/s wait actv wsvc_t asvc_t %w %b device... -
Page 147: Netstat
netstat netstat The netstat tool gives statistics on the network subsystem. It can be used to analyze many aspects of the network subsystem, two of which are the TCP/IP kernel module and the interface bandwidth. An overview of both uses follow. netstat -I hme0 10 These netstat options are used to analyze interface bandwidth. - Page 148 netstat • errs - errors. The presence of errors could indicate device errors. If your network is switched, errors indicate that you are nearly consuming the bandwidth capacity of your network. The solution to this problem is to give the system more bandwidth, which can be achieved through more network interfaces or a network bandwidth upgrade.
- Page 149 netstat tcpListenDrop tcpListenDropQ0 tcpHalfOpenDrop tcpOutSackRetrans What to look for • tcpListenDrop - If after several looks at the command output the tcpListenDrop continues to increase, it could indicate a problem with queue size. Considerations: • A possible cause of increasing tcpListenDrop is the application throughput being bottlenecked by the number of executing threads.
-
Page 150: Tuning Parameters For /Etc/System
Tuning Parameters for /etc/system Tuning Parameters for /etc/system Table B-2 is a list of tuning parameters used during the performance /etc/system study. The changes are applied by appending each to the /etc/system file. /etc/system Options Table B-2 /etc/system Option Description set rlim_fd_max=<value>... - Page 151 Tuning Parameters for /etc/system TCP/IP Options Table B-3 TCP/IP Options Description ndd -set /dev/tcp The maximum value of TCP congestion window (cwnd) in bytes. tcp_cwnd_max 65535 ndd -set /dev/tcp The default minimum retransmission timeout (RTO) value in tcp_rexmit_interval_min milliseconds. The calculated RTO for all TCP connections cannot 3000 be lower than this value.
- Page 152 Tuning Parameters for /etc/system Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 153: Appendix C Portal Server And Application Servers
Appendix C Portal Server and Application Servers This appendix provides an overview of the Sun Java™ System Portal Server product and its support for application servers. This appendix contains the following sections: • Introduction to Application Server Support in Portal Server •... -
Page 154: Portal Server On An Application Server Cluster
Portal Server on an Application Server Cluster Running Portal Server on an application server enables you to: • Decouple the portal platform from the application server platform, allowing you to choose the best combination of Portal Server and application server for your organization •... -
Page 155: Overview Of Application Server Enterprise Edition
Portal Server on an Application Server Cluster Deploy the three web applications (portal, amserver, and amconsole) to the cluster. The following sections explain what it means to enable Portal Server to run on an application server cluster. Overview of Application Server Enterprise Edition The Sun Java System Application Server Enterprise Edition 8 provides a robust J2EE platform for the development, deployment, and management of enterprise... - Page 156 Portal Server on an Application Server Cluster See the following documentation for more information: http://edocs.beasys.com/wls/docs61/cluster/index.html You start the Administration Server with the following command: install_dir /config/domain_name/startWeblogic.sh The local server takes its configuration from the file. To start a Managed Server, use the install_dir /config/domain_name/config.xml following command:...
-
Page 157: Overview Of Ibm Websphere Application Server
Portal Server on an Application Server Cluster To install a BEA cluster, your BEA license for each machine participating in the cluster must be a special BEA cluster license. See the BEA documentation for the procedure to get the license and set up a BEA cluster with HttpClusterServlet. Overview of IBM WebSphere Application Server The IBM WebSphere Application Server product uses the following definitions: •... - Page 158 Portal Server on an Application Server Cluster Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 159: Appendix D Troubleshooting Your Portal Deployment
Appendix D Troubleshooting Your Portal Deployment This appendix describes how to troubleshoot the Sun Java™ System Portal Server software and the Sun Java System Portal Server Secure Remote Access (SRA) software. This appendix contains the following sections: • Troubleshooting Portal Server •... -
Page 160: Log Files
Troubleshooting Portal Server ./uxwdog -d portal-server-install-root/SUNWam/servers/https-server/config ns-httpd -d portal-server-install-root/SUNWam/servers/https-server/config Admin Web Server (optional, but usually running): ./uxwdog -d web-container-install-root/SUNWam/servers/https-admserv/config ns-httpd -d web-container-install-root/SUNWam/servers/https-admserv/config Log Files Examine the following log files for errors. Sun Java System Web Server ( errors and access ): web-container-install-root/SUNWam/servers/https-server/logs Sun Java System Directory Server: /var/opt/SUNWam/logs... -
Page 161: High Cpu Utilization For Portal Server Instance
Troubleshooting Portal Server To Extract the Display Profile Login as administrator. Use the dpadmin command to extract the display profile. For example: ./dpadmin list -u "uid=amAdmin,ou=People,o=sesta.com,o=isp" -w password -d "o=sesta.com,o=isp" > /tmp/displayxml This example puts the contents of the display profile into the /tmp/displayxml file. -
Page 162: Configuring A Sun Java System Portal Server Instance To Use An Http Proxy
Troubleshooting SRA Configuring a Sun Java System Portal Server Instance to Use an HTTP Proxy If the Portal Server software is installed on a host that cannot directly access certain portions of the Internet or your intranet, you can receive errors. For example, when using the SampleSimpleWebService provider, you might see the following error when the proxy has not been configured: java.net.UnknownHostException: services.xmethods.net... -
Page 163: Introduction To Shooter
Troubleshooting SRA gateway-install-root/SUNWam/config/ AMConfig-instance-name.properties Set the debug level: com.iplanet.services.debug.level= The debug levels are: - Only serious errors are logged in the debug file. Rewriter usually stops error functioning when such errors occur. - Warning messages are logged. warning - All debug messages are logged. message - No debug messages are logged. -
Page 164: Using Shooter
Troubleshooting SRA • The settings in the Gateway script such as the JVM™ settings including heap usage, and library path • Gateway service settings • Tuning settings in various files used for configuring Sun Java System Access Manager, Sun Java System Directory Server, and Sun Java System Web Server. •... -
Page 165: Sra Log Files
Troubleshooting SRA NOTE Before running gctool , ensure that you include -verbose:gc in the Gateway script in the “CMD” section. The Gateway script resembles the following: -server -verbose:gc -Xms1G -Xmx2G -XX:+OverrideDefaultLibthread -XX:ThreadStackSize=128 -XX:MaxPermSize=128M -XX:PermSize=128M -XX:MaxNewSize=256M -XX:NewSize=256M At the end of the test period, run shooter to collect the output of gctool along with other data. - Page 166 Troubleshooting SRA /var/opt/SUNWps/debug/srapNetFile Netlet: /var/opt/SUNWps/debug/srapNetlet_Gateway-hostname_Gateway-profile-name Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 167: Appendix E Portal Deployment Worksheets
Appendix E Portal Deployment Worksheets This appendix provides worksheets to help with the portal deployment process. This appendix contains the following sections: • Portal Assessment Worksheets • Portal Design Task List Portal Assessment Worksheets Use these worksheets to learn more about your organization’s business needs and potential areas of concern around deploying portals. -
Page 168: Table E-2 Organizational Questions
Portal Assessment Worksheets General Questions Table E-1 2. How many portals does your organization already have? 3. What types are they (business-to-employee, business-to-consumer, business-to-business, ISP)? 4. If you have more than one, do you have a need to reduce the number? Integrate? Federate? 5. -
Page 169: Table E-3 Business Service-Level Expectations Questions
Portal Assessment Worksheets Table E-3 Business Service-level Expectations Questions 1. Are your development projects consistent? Do you manage their risk? 2. How does your development team work with your test, deployment, and operations groups? 3. How many different platforms does your organization currently support? 4. -
Page 170: Table E-5 User Management And Security Questions
Portal Assessment Worksheets Table E-5 User Management and Security Questions 1. How would you segment, categorize, and relate (hierarchically) your user community? 2. What are your current and future security policies? 3. Do various departments own or maintain their private view of the customer? 4. -
Page 171: Portal Design Task List
Portal Design Task List Architecture Questions (Continued) Table E-7 9. What is the size of the target user community? 10. How many concurrent users? 11. What is the range of portal usage? 12. What is the geographical distribution of your user base? 13. - Page 172 Portal Design Task List Design Task List (2 of 7) Table E-8 Major Phases and Tasks Subtasks Project Plan Review • Review pre-implementation • Review business requirements • Review technical requirements • Review architectural documents • Review hardware and infrastructure Coordinate Resources •...
- Page 173 Portal Design Task List Design Task List (3 of 7) Table E-8 Major Phases and Tasks Subtasks Directory Design • Design organizations, suborganizations, roles, and users • Define privileges • Review shared data requirements • Establish data transfer protocols • Create temporary or intermediate tables •...
- Page 174 Portal Design Task List Design Task List (4 of 7) Table E-8 Major Phases and Tasks Subtasks Sun Java System Portal Server, • Review your organization’s requirements and expectations Java System Application Server, and • Establish modifications for software Other Software Modifications •...
- Page 175 Portal Design Task List Design Task List (5 of 7) Table E-8 Major Phases and Tasks Subtasks Reporting • Establish reporting requirements for organization • Create reporting plan • Establish reporting team • Design reports • Create reports • Test reports •...
- Page 176 Portal Design Task List Design Task List (6 of 7) Table E-8 Major Phases and Tasks Subtasks Conduct Integration and System Test • Ensure establishment of integration test environment • Identify test team and assign test scenario ownership • Train team on integration test procedures, roles, and responsibilities •...
- Page 177 Portal Design Task List Design Task List (7 of 7) Table E-8 Major Phases and Tasks Subtasks Training • Confirm organization commitment and expectations • Establish training requirements for all personnel • Establish training schedules • Establish training staff • Prepare materials for training •...
- Page 178 Portal Design Task List Portal Server 6 2005Q1 • Deployment Planning Guide...
-
Page 179: Appendix F Portal Server On The Linux Platform
Appendix F Portal Server on the Linux Platform Sun Java™ System Portal Server supports RedHat 3.0 Linux platform, however, please note the differences between the Solaris and Linux platforms. Limitations Using Linux Please note the following: • Portal Server and Access Manager must reside on the same server. •... - Page 180 Comparison of Solaris and Linux Path Names Portal Server 6 2005Q1 • Deployment Planning Guide...
- Page 181 Glossary Refer to the Java Enterprise System Glossary (http://docs.sun.com/doc/816-6873) for a complete list of terms that are used in this documentation set.
- Page 182 Portal Server 6 2005Q1 • Deployment Planning Guide...
- Page 183 Index SYMBOLS aggregation description and benefits /etc/opt/SUNWps directory strategy /etc/system tuning parameters Allowed URLs and Denied URLs lists /opt/SUNWps directory Gateway NetFile /opt/SUNWps/sdk directory amSDKStats log amSSO log analysis tools anonymous Desktop applets, NetFile accelerators application servers and Gateway 41, clustering access control requirements...
- Page 184 Section B average session time session failover average time between page requests collaborative portals Collaborative services communication links components Access Manager Server NetFile back-end servers Portal Server banner concurrent sessions 64, baseline portal performance analysis concurrent users basic authentication configuration data BEA WebLogic configuration files bottlenecks...
- Page 185 Section E requirements dpadmin command software dp-org.xml file deployment scenarios dp-providers.xml file and SRA dynamic port applications building modules dynamic web applications no single point of failure 111–122 transparent failover designing for integration for localization encryption security strategies 128-bit SRA deployment scenarios 111–122 40-bit use case scenarios...
- Page 186 Section H high availability implementing, single sign-on HTTP and HTTPS independent software vendors, types logging installing, as a regular user multihomed integrating applications multiple instances integration design Netlet traffic interface bandwidth, and netstat overview Internet Explorer page configuration iostat tool performance requirements profile ISP hosting deployment...
- Page 187 Section M and Portal Server failures and Rewriter NetFile and SRA access control with SRA Allowed URLs or Denied URLs locale file applet localization components log files compression and troubleshooting compression types location initialization multithreading logging overview errors Portal Server Desktop Gateway search number of active sessions...
- Page 188 Section O hardware and applications high availability open mode high-level design Outlook client instance and servlets instance description instances logical architecture low-level design mapping features to needs multiple instances with Gateway packaging multiple network connections pcAnywhere nodes 29, 30, PDC authentication open mode peak numbers overview...
- Page 189 Section Q Search Engine description and benefits questions functions business objectives structure techincal goals search engine user behaviors and patterns sizing factors search, NetFile searchURL property secure mode securing the operating environment security rdmgr command NetFile recovering, Search database platform reloading the display profile security strategies requirements, identifying...
- Page 190 Section T patches support tag library definitions Solaris Operating Environment task list minimizing size of installation TCP kernel tuning parameters securing technical goals split tunneling technical requirements and load balancing 86, text mining and NetFile third party proxy and reverse proxy Netlet Proxy and Sun Enterprise Midframe Line third-party applications...
- Page 191 Section W VPN client WAR file and application servers to deploy software web containers supported workload conditions worksheets XMLProvider Index...
- Page 192 Section X Portal Server 6 2005Q1 • Deployment Planning Guide...
Need help?
Do you have a question about the Sun Java System 2005Q1 Portal Server 6 and is the answer not in the manual?
Questions and answers