Sun Microsystems 2005Q1 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Sun Microsystems 2005Q1. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Sun Microsystems 2005Q1 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Sun Microsystems 2005Q1 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Sun Microsystems 2005Q1 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Sun Microsystems 2005Q1
- nom du fabricant et année de fabrication Sun Microsystems 2005Q1
- instructions d'utilisation, de réglage et d’entretien de l'équipement Sun Microsystems 2005Q1
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Sun Microsystems 2005Q1 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Sun Microsystems 2005Q1 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Sun Microsystems en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Sun Microsystems 2005Q1, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Sun Microsystems 2005Q1, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Sun Microsystems 2005Q1. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Sun Java ™ System Portal Server 6 Deployment Planning Guide 2005Q1 Sun Mic rosystem s, Inc. 4150 Network Circle Santa Clara , CA 9505 4 U.S.A. P ar t No: 817-7697[...]

  • Page 2

    Copyri gh t © 20 05 Su n Mi c r osys t ems, I nc. , 41 50 Networ k C ircle, S an t a C la ra, Ca li forni a 9 505 4, U.S. A. Al l r i ghts rese rved. Sun Microsystems , In c. has i nte l le ctual property rights rela ti ng to technolo gy embodied in the pr oduct tha t is described in thi s document. In particular, an d withou t limitation, th ese [...]

  • Page 3

    3 Contents List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Preface . . . . . . . . . . . . . . . .[...]

  • Page 4

    4 Portal S erver 6 20 05Q1 • Deploym ent Plann ing Guid e Portal Ser ver Ar chitecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Iden ti ty Manag eme nt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 5

    Contents 5 Persona lization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Aggrega tion and Inte gration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Underst anding U ser Beha vior[...]

  • Page 6

    6 Portal S erver 6 20 05Q1 • Deploym ent Plann ing Guid e Using Plat form Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Using a Dem ilitariz ed Zone (DMZ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10[...]

  • Page 7

    Contents 7 Tuning Parameters for /etc/ system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Appendix C Portal Server and Applicatio n Server s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Introdu ction to A pplication Server Support in Por tal Server . . . . . . [...]

  • Page 8

    8 Portal S erver 6 20 05Q1 • Deploym ent Plann ing Guid e[...]

  • Page 9

    List of Fi gur es 9 List of Figures Figure 1-1 Porta l Server in Open Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Figure 1-2 Porta l Server in Secu re Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Figure 1-3 High-level Arch it ect u r[...]

  • Page 10

    10 Portal S erver 6 2 005Q1 • Deploy ment Plan ning Gui de[...]

  • Page 11

    List of Tables 11 List of Tables Table 1 Typographi cal Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Table 3-1 Identity Management Feat ures and Benefit s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Table 3-2 SRA Features and Ben efits . . . . . . . . .[...]

  • Page 12

    12 Portal S erver 6 2 005Q1 • Deploy ment Plan ning Gui de[...]

  • Page 13

    13 Preface This Administration Guide explai ns how to plan for and dep loy Sun J ava™ Sy stem Portal Server 6 2005Q1 s oftwa re. Portal Server S ecure Remot e Access provides a platform to create portal s for your organiza tio n’s integrated data, knowl edge managemen t, and appli cations. The Portal Server platfo rm offe rs a comple te infrast[...]

  • Page 14

    How This Book Is Organized 14 Portal Ser ver Secu re Remote Access 6 2005 Q1 • Administr ation Guide •J a v a ™ W e b S e r v e r • JavaServer Pages™ techn ol ogy • Lightwe ight D irectory Access Protocol (LDAP ) • Hypertext Markup Lang uage (HTML) • Extensible Markup Language (XML) How This Book Is Organized Chapters 1 through 5 pr[...]

  • Page 15

    How This Book Is Organized Preface 15 Conventions Us ed in This Book The tables in this section describe the conventions used in this book. Typogra phic Con ventio ns The following table describes the typographic conventions used in this book Ta b l e 1 Typographi cal Convent ions. Appendix C, “P ortal S erver and Appli cation Server s” on page[...]

  • Page 16

    Related Documentation 16 Portal Ser ver Secu re Remote Access 6 2005 Q1 • Administr ation Guide Related Documentation The http://docs.sun.c om web site enab les you to a cce ss S un technical documentatio n o nline. You can brow se the archive or search for a specif ic boo k title or subject. Books in This Do cumentat ion Set The following table [...]

  • Page 17

    Related Documentation Preface 17 Other Portal Server Document ation Other Portal Server books include: • Portal Server Desk top Customiz ation Guide http://docs.sun.com/ doc/817-5318 • Portal Server De velo per' s Guide http://docs.sun.com/ doc/817-5319 • Portal Server Mobile Access Deve loper' s Guide http://docs.sun.com/ doc/817-6[...]

  • Page 18

    Accessing Su n Resources Onlin e 18 Portal Ser ver Secu re Remote Access 6 2005 Q1 • Administratio n Guide • Applicatio n S erver documentat ion http://docs.sun.com/ coll/s1_asseu3_en • Web Proxy Server documentation http://docs.sun.com/ prod/s1.webproxys#hic Accessing Sun Resources Online For product downloads, professional services, patches[...]

  • Page 19

    Sun We lcom es Yo ur C omme n ts Preface 19 Sun W elcomes Yo ur Com ments Sun is interested in impro ving its documen tation and welco mes your comments and sugg estions . To share your comments, go to http://docs.sun.c om and click Send Com ments. In the online form, provide the d ocument title and pa rt number. The part n umber is a seven-digit o[...]

  • Page 20

    Sun Welcom es Your Comme nts 20 Portal Ser ver Secu re Remote Access 6 2005 Q1 • Administratio n Guide[...]

  • Page 21

    21 Chapter 1 Portal Server Architecture This chapter con ta ins the following s ections: • What is a P orta l? • Types of Portals • Portal Server Capabilities • Sun Java System Porta l Server • Secure Remote Access • Security, Encryption, and Authen tica tion • Portal Server Deployment Components • Portal Server Architecture • Ide[...]

  • Page 22

    Types of Portals 22 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Portals se rve as a unifie d acce ss po int to web applica tio ns. Portals a lso provide valuable functio ns like security, search, collabo rati on, and workflow. A porta l delivers integrated cont ent and application s, plus a unified, colla bora tive workplace. Indeed, p[...]

  • Page 23

    Portal Server Capabilities Chapte r 1 Portal Ser ver Archi tecture 23 Collabora tive services allow users to do th e follo wing: •C h a t • Organize meetings • Share calendar in g information • Define user commun ities • Participate in net meetin gs • Sha re in fo rmat ion in di scus sio n gr oups and on whi te b oard s Business Intelli[...]

  • Page 24

    Sun Java System Portal S erver 24 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Secure access and a uth orized connectivit y, optio nally using encry ption between the user’s browser and the enterprise • Authentica tion of users before allowing a ccess to a set of reso urces that are specific for each user • Support for abstrac[...]

  • Page 25

    Secure Remote Acces s Chapte r 1 Portal Ser ver Archi tecture 25 Each enterprise a sse sses its own needs and pla ns its own deplo yment of Java Enterprise System technology. The optimal deployment for each enterprise depends on the type of applications that Java Enterpris e System technolog y supports, the number of users, the kind of hardware tha[...]

  • Page 26

    Secure R emote Access 26 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide If the portal does not contain sensitive informatio n (deploying publi c information and allowing access to free applications), then res ponses to access requests by a large number of users is faster than secure mode. Figure 1-1 shows Portal Server configured for open[...]

  • Page 27

    Secure Remote Acces s Chapte r 1 Portal Ser ver Archi tecture 27 The main advantage of SRA is that only the IP address of the Gateway is published to the Internet. All other services and their IP addresses are hidden an d never published to a Do ma in Name Servi c e (DN S) that is runn ing on the public netwo rk (such as th e Internet). The Gateway[...]

  • Page 28

    Security, Encryption, an d Authentica tion 28 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide You can a dd addition al servers and Gatew ays for site expans ion. You can also configure the components of SRA in various ways based on your business requirements. Security, Encr ypt ion , an d Au the ntica tio n Porta l Serv er sy stem s ecuri [...]

  • Page 29

    Portal Server Ar c hitecture Chapte r 1 Portal Ser ver Archi tecture 29 ❍ Java Deve l opment Ki t™ (JDK™)--Java Development K i t software provides the Java run-time environment for all Ja va software in Portal Server and its underlying components. Portal Server depends on the JDK software in the web conta ine r. ❍ Network Security Services[...]

  • Page 30

    Identity Managem ent 30 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Access Manager node .The server where A ccess Manager can reside. Access Manager does not have to resi de on the same node as Portal Server. • Search node . Optional. The server you use for the Portal Server Search service. You can install the Portal Server Searc[...]

  • Page 31

    Portal Server Sof twar e Deployment Chapte r 1 Portal Ser ver Archi tecture 31 • Access Manager consol e SDK • Authentica tio n daemons th at support the web applica tions See the Access Manag er Deploym en t Planning Guide for more information. Portal Se rver So ftware Deploym ent This section pro vid es inf ormation on sof tware deployed on P[...]

  • Page 32

    Portal S erver Softw are Dep loyment 32 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Static web content . These include static HTML files, images, applet JAR files, and other items that can be served up directly b y the web server with out using the Web Server container. For Por tal Server, these files are also installed in the web [...]

  • Page 33

    A T ypic al Por tal Ser ver Ins tall at ion Chapte r 1 Portal Ser ver Archi tecture 33 A Typical Portal Se rver Inst allat ion Figure 1 -3 on pa ge 3 4 illustrates some of the components of a portal deploym ent but does not address the actual ph ysical network design , single points of failure, nor high avail abi lity. See Chapter 5 , “Creating Y[...]

  • Page 34

    A Typical Portal Ser v er Installation 34 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Figur e 1-3 High-level Archit ecture for a Busines s-to-Employ ee Portal Teleco mmuter Airport/Hot el Kiosks Branch O ffices Remote Offic es Cust omers /Sup plier s Behind Fi rewall Internet DMZ Gateway Gate way Mail Web Server Proxy/ Cache Directory [...]

  • Page 35

    A T ypic al Por tal Ser ver Ins tall at ion Chapte r 1 Portal Ser ver Archi tecture 35 Figure 1-4 shows a Po rtal Server deployment with SRA services. See Chapter 2, “Portal Server Secure R emote Access Architecture ” for details. Figur e 1-4 SRA Deployment Gateway Portal Netle t Proxy App lica tion Host Host App lica tion Server Web Server Rew[...]

  • Page 36

    A Typical Portal Ser v er Installation 36 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide[...]

  • Page 37

    37 Chapter 2 Portal Server Secure Remote Access Architecture This chapter describes the Sun Java™ System Portal Server S ecure Remote Access (SRA) arch itecture. You ad mini ster the c onfigu rat ion in format ion t hrou gh th e Acces s Manag er admi nist rati on co nsol e. This chapter describes th e follow ing SRA components : • SRA Gat eway [...]

  • Page 38

    SRA Gateway 38 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Netlet req u est . Routes the request (traffic) to the server specified in the Netlet rule that the user clicked in the Po rtal Desktop. • HTTP(S) traff ic . Routes the request to the server a s specified by the HTTP header. Upon re ceiving a response from the server, the[...]

  • Page 39

    SRA Gateway Chapter 2 Por tal Server S ecure Remote Access A rchitecture 39 Proxy Confi gur ation The Gateway uses proxies tha t a re specified in its profile to retrieve content s f rom various web servers within the intranet and extranet. You can dedicate proxies for hosts an d DNS subdomain s and domains . Depending on the proxy configuratio n, [...]

  • Page 40

    SRA Gateway 40 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Mandatory server authent ication . The client must authenticate the server. • Optional au thenticat ion . The server is configured to authentica te the clien t. Personal Digit al Certificate ( PDC) authenti cation is a m echanism that authenti cates a user through SSL cli[...]

  • Page 41

    Netlet Chapter 2 Por tal Server S ecure Remote Access A rchitecture 41 Gateway Loggin g You can moni tor the complet e u ser beha vior by enabling logg ing on the Gatewa y. The Gateway uses the Access Ma nager logging A PI f or crea ting logs. Using Acc elera tors with the Ga teway You can configure accelerators, which are dedicated h ardware co-pr[...]

  • Page 42

    Netlet 42 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Dynamic appl icatio ns agree u pon a port fo r commun ication as part of th e handshake. You can include the destination server port as part of the Netlet rule. The Netlet needs to understand the pro toco l and examine the data to find the port being used between the client and the [...]

  • Page 43

    Netlet Chapter 2 Por tal Server S ecure Remote Access A rchitecture 43 Netlet and Application I nte gration Netlet works with many third parties such as Graphon, Citrix, and pcAn ywhere. Each of these products provides secure access to the user’s Portal Desktop from a remote machine usin g Netlet . Split T unneling Split tunneling allows a VPN cl[...]

  • Page 44

    Net let P r oxy 44 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Netlet Prox y A Netlet Proxy helps reduce the number of open ports needed in the firewall to connect the Gateway a nd the destination hosts . For example, consider a configuration where users need Netlet to connect with a large number of Telnet, FTP, and Microsoft Exchan ge[...]

  • Page 45

    NetFile Chapter 2 Por tal Server S ecure Remote Access A rchitecture 45 • NetFile se rvlet(s) . Two NetFile servlets are present in the web container, one for each kind of NetFile applet. The servlet s are responsible for connectin g to different types of file systems, carrying out the o perations that NetFile is configured to hand le, an d se nd[...]

  • Page 46

    NetFile 46 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Access Control NetFile provides various means of file system access control. You can den y access to users to a particular file system ba sed on the protocol. For example, you can deny a particular user, role, or organizati on access to file systems that are accessible only over NF[...]

  • Page 47

    Rewriter Chapter 2 Por tal Server S ecure Remote Access A rchitecture 47 NetFile also enables users to select m ultiple files and compress them by using GZIP and ZIP compres sion. Users can select m ultipl e files and send them in a single email as multipl e attachments. N e tFil e also uses the SSO token of Access Manager to access the user’s em[...]

  • Page 48

    Rewriter Proxy 48 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide according to a Document Type Definition (DTD ). Usin g the generic ruleset that ships with th e Rewriter, you can rewrit e mos t URLs (but not all) wit hout any addition al rules. Yo u can also a ssociate rule se ts with dom ain s for domain- b a sed transl atio ns. S ee the[...]

  • Page 49

    Proxylet Chapter 2 Por tal Server S ecure Remote Access A rchitecture 49 Proxylet Proxylet is a dynamic proxy server that runs on a client machine. Proxylet redirects a URL to the Gat ewa y. It does this by reading and m od ifyi ng the proxy setting s of the browser on the client machine so that the settings point to the local proxy server or Proxy[...]

  • Page 50

    Proxylet 50 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide[...]

  • Page 51

    51 Chapter 3 Identif ying and Eva luating Your Business and Technical Requirements The first step in planning yo ur deployment is id entif ying your Sun Java™ System Portal Server business and tech nica l requirements.. You need to gath er both business and technical requirements before you can a ddress architecture and design iss u es. This chap[...]

  • Page 52

    Business Object ives 52 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide The business goals of your portal affect deployment decision. Under stand your objectives. If you do not understand your business re quirements, you can easily make erroneous assumptions that could affect the accuracy of your deployment estimates. Use these questions t[...]

  • Page 53

    Technical Goal s Chapter 3 Identifying a nd Evalua ting Your Business a nd Techn ical Requir ements 53 Technical Goals Your technical requirement (often called functional requ irement) discuss the details of yo ur organiza tio n’s syste m n eeds and desi red results, an d include such factors a s: •P e r f o r m a n c e •S e c u r i t y • R[...]

  • Page 54

    Mappin g Portal Se rver Feat ures to You r Business Needs 54 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Mapping Por tal Server Feature s to Your Business Needs The previous sections posed questions to you about the various areas o f the Portal Server system from a high-level perspective of business and technical needs. This section re[...]

  • Page 55

    Mapping Portal Ser ver Feat ures to Y our Business N eeds Chapter 3 Identifying a nd Evalua ting Your Business a nd Techn ical Requir ements 55 User, policy, and provisioning management Access Ma nager en ables you to mana ge many users span ning a variety of d ifferent roles across the o rganization and s ometimes outside the organi zation while a[...]

  • Page 56

    Mappin g Portal Se rver Feat ures to You r Business Needs 56 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide SRA Table 3-2 shows the Sun J ava System Porta l Server Secure Rem ote Access (S RA ) features and their ben efits Ta b l e 3 - 2 SRA Feat ures an d B enefi ts Feature Description Benefit Integrated security Extranet or Virtual P r [...]

  • Page 57

    Mapping Portal Ser ver Feat ures to Y our Business N eeds Chapter 3 Identifying a nd Evalua ting Your Business a nd Techn ical Requir ements 57 Search Engine The Search Engine service is us ed in the following cha nnels: • Subscription channel to summarize the number of hits (relevant information) that match each profile entry defined by the user[...]

  • Page 58

    Mappin g Portal Se rver Feat ures to You r Business Needs 58 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Personalizat ion Personalization is the ability to deliver content based on selective criteri a and offer services to a user. Table 3-4 sh ows the per sonalizat ion features and thei r benefits. Aggregation and Integrati on One of t[...]

  • Page 59

    Unde rstanding Use r Behavio rs and P atterns Chapter 3 Identifying a nd Evalua ting Your Business a nd Techn ical Requir ements 59 Table 3-5 shows the aggregation and integration features an d their benefits. Understan ding User Beha viors and Pa ttern s Study the peopl e who will u se your portal. Factors su ch as when users w ill use the portal [...]

  • Page 60

    Underst anding Us er Behavior s and Pa tterns 60 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Will users login to the portal at the same tim e each day? Will they use the portal at w ork or somewh ere else? • Are users in the same time zone or in different time zones? • H o w l o n g d o y o u e x p e ct t he t y p i c a l u s e[...]

  • Page 61

    61 Chapter 4 Pre-Deployment Considerations This chapter contains the following sections: • Det ermin e You r Tuni ng Goa ls • Portal S izing Tips • Establis h Pe rforman ce Method ology • Portal Sizin g • SRA Siz ing Determin e Your Tuning Go als Before tuning you portal, work with portal system administrators and portal developers to set[...]

  • Page 62

    Portal Sizing T ips 62 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide time, the number of Portal desk top activity requests, the amo unt of portal channel usage, accept able respo nse time for the end-user which is determ ined by your organiza tion, and an optima l ha rdware configuration to meet the criteria. Portal Sizing Tips This sec [...]

  • Page 63

    Portal Sizing Chapt er 4 Pre-D e ploy ment Conside ra t ions 63 2. Setup a controlled environment to minimize the margin of error (defined as less than ten percent variation betw een identical runs). By knowing the starting data measurement baseline, you can measure the differences in data performance between sample gathering runs. Be sure measurem[...]

  • Page 64

    Portal Sizing 64 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Estab li s h Ba s e li ne Siz i ng Fi gu re s Once you ha ve i denti fied y our busi ness an d tech nica l req uire ments , and mapped Portal Server features to your need s, your sizing requirements emerge as you plan your overall Portal Server deployment. Your desi gn decisi[...]

  • Page 65

    Portal Sizing Chapt er 4 Pre-D e ploy ment Conside ra t ions 65 maxi mum number of concu rrent sessio ns = expe cted percent of use rs online * user base To identify the size of the user base or pool of potential users for an enterprise portal, here are some suggestion s: • Identify only users who are a ctive. Do not include users who are, for ex[...]

  • Page 66

    Portal Sizing 66 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Calculate maximum nu mber of concurr ent users after you calculate maximum num ber of concur rent s ess ions . To calculate the maximum number of concurrent users, use this formula: conc urrent users = numb er of c oncurr ent se ssions / ave rage t ime be tween hits For examp[...]

  • Page 67

    Portal Sizing Chapt er 4 Pre-D e ploy ment Conside ra t ions 67 The average size a d jus ts for variation s in sizes of RD s. A collecti on of long, complex RDs w ith many indexed terms and a list of short R Ds with a few indexed terms require different search times, even if the complex RDs have the same nu mbe r of RDs. RDs are store d in a h i er[...]

  • Page 68

    Portal Sizing 68 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Hardware an d Applicatio ns CPU speed and size of the virtual machine for the Java™ platform (Java™ Virtual Machine or JVM™ softw are) memory he ap affect Portal Server per formance. The faster the CPU speed, th e higher the throughput. The JVM memory heap si ze, along [...]

  • Page 69

    Portal Sizing Chapt er 4 Pre-D e ploy ment Conside ra t ions 69 When you calcu late transa ction time, si ze your Portal Serve r so that processi ng time under regular or peak load conditions do es not exceed your performance requireme nt threshold and so that you can susta in processing time over time . Workload Con ditions Workload conditions are[...]

  • Page 70

    Portal Sizing 70 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide After you have an estima te of your s izing, co nsider: • LDAP Transaction Numbers • Application S e rver R e qu irements LDAP Tr ansactio n Numb ers Use the follow ing LDAP transactio n numbers for an o ut- of -the-box portal deployment to understa nd the impact of the s[...]

  • Page 71

    Portal Sizing Chapt er 4 Pre-D e ploy ment Conside ra t ions 71 Use a trial de ployment to determine you r final sizi ng estimates . A trial dep loyment helps you to siz e ba ck-end integrati on, to avoid pot entia l bottlenecks wit h Po rtal Server operat ions. Refine Baseli ne Sizing Fi gures Your next step is to refine yo ur sizing figure. In th[...]

  • Page 72

    SRA Sizing 72 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide ❍ Maint enance demands Considering these factors enabl es you to develop a sizing figure that is flexible and enables you to avo id risk w hen your assumpti ons regarding yo ur portal change followi ng d eploym ent. The resulting figure ensu res that your portal sit e has the [...]

  • Page 73

    SRA Sizing Chapt er 4 Pre-D e ploy ment Conside ra t ions 73 Identi fying Gat eway Key Perf ormance Requirements Key performance factors are metrics that your technical representative uses as input to an automa ted sizing tool. The sizing to ol calculates the estimat ed number of Gateway i nstances you r SR A deployment requires. Identifying these [...]

  • Page 74

    SRA Sizing 74 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Ses sio n av erag e ti m e This determin es how many log ins per second th at the Gateway m ust sustain for a give n number of c on current us ers. Netlet Usage Ch a racteristics Consider the followin g Netlet characteristics of the G ateway, which can have a impact in cal c[...]

  • Page 75

    SRA Sizing Chapt er 4 Pre-D e ploy ment Conside ra t ions 75 Advanced Gateway Setti ngs Use the setting s in this secti on to obtain m ore accurate results when estimati ng the number of Gatewa y in stances for you r deployment. These adva nced Gateway settings are used as inpu t to the automated sizin g to ol. These are the ad vanced Gateway setti[...]

  • Page 76

    SRA Sizing 76 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Regular-JSP. Descri bes a co nfigu ration of two tabs w ith seven channels ea ch. • Heavy—JSP. Describes a configuration of three tabs with seventeen channels each. Scal abili ty You can choose between one, two, an d four CPUs per Gateway instance. The number of CPUs bo [...]

  • Page 77

    SRA Sizing Chapt er 4 Pre-D e ploy ment Conside ra t ions 77 See the Portal Se rver Sec ure Remote Ac c ess 6 Ad min istration Guide for more information on the Sun Crypto Accelerator 1 000 board and other accelerato rs. You could use a hardware accelerator on the Netlet Proxy and Rewriter Proxy machine and der ive some performance improvement. SRA[...]

  • Page 78

    SRA Sizing 78 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide[...]

  • Page 79

    79 Chapter 5 Creating Your Portal Design This chapter describes ho w to create your high-level a nd lo w-level portal desi gn and provides i nf orm ation on creating specific secti ons of your desi gn plan. This chapter contains the following sections: • Portal Desig n Approach • Portal Server an d Scalabilit y • Port al Se rver and High Avai[...]

  • Page 80

    Portal D esign Ap proach 80 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Your high-level portal design communicates the architecture of the system and provides the basis for the low-level design o f your solution. Further, the high-level design needs to describe a logical architecture tha t meets the business and technical needs that yo[...]

  • Page 81

    Portal D esign Ap proach Chap ter 5 Creating Your P ortal Desi gn 81 Overview of Low-Level Porta l Design The low- level design f ocuses on speci fying the pro cesses and standards you use to build your portal s olution, and specifying the actual ha rdware and software components of the solution, in cluding: • The Portal Server complex of servers[...]

  • Page 82

    Portal D esign Ap proach 82 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Usage estim at es, which include you r assumption s on the total numb er of registered users, average percentage of registered users logged in per day, average concurrent users tha t a re logged in per day, average login tim e, average number of conten t channe[...]

  • Page 83

    Portal Se rve r and Sc alab i lit y Chap ter 5 Creating Your P ortal Desi gn 83 Portal Server and Scalability Scalability is a system ’s ability to acco mmodate a gro wing user populatio n, without performance degradation, by the ad dition of processing resources. The two general means of scal ing a system are vertical and horizo nta l scaling. T[...]

  • Page 84

    Portal Server and High Availability 84 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide The section “Working wi th Portal Server Buildin g Modules” on page 89 , discus ses an approach to a specific type of configu rati on that provides optim um perfo r mance a nd horiz ontal scalabi lity. Portal Server and High Availability High Availab[...]

  • Page 85

    Port al Se rver and H igh Avai labi li ty Chap ter 5 Creating Your P ortal Desi gn 85 System Avail ability System availability is often expressed as a percentage of the system uptime. A basic equation to calculate sys tem availab ility is: Avai labilit y = up time / (upti me + d owntim e) * 1 00 For in stance, a s ervice level agreemen t uptime of [...]

  • Page 86

    Portal S erver System Comm unication Li nks 86 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Gateway . A load balancer used w ith th e Gateway detects a failed Gateway component and rou tes new requests to other Gatewa ys. A load balancer also has the ability to intelligently distribute th e workload across th e server pool. Routing [...]

  • Page 87

    Portal S erver System Communica tion Link s Chap ter 5 Creating Your P ortal Desi gn 87 Figur e 5-1 Porta l Server C ommunicat ion Links In this figure, the box encloses the Portal Server instance running on Web Server technology. Withi n the instance are five servlets (Au then tication, Access Manager admin istrat ion co nsole, Po rtal Desktop, Co[...]

  • Page 88

    Portal S erver System Comm unication Li nks 88 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • Figure 5-1 on page 87 shows tha t if the follow ing processes or com munication links fail, the po rtal solution becom es unavailable to end users: Port al Server Instance . Runs in the context of a web con tainer. Components w ithin an insta[...]

  • Page 89

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s Chap ter 5 Creating Your P ortal Desi gn 89 SRA includes ot her Java technology pro ces ses ca lled Netlet Proxy and Rewriter Proxy. You use these proxies to extend the security perimeter fro m behind the firewall, a nd lim it the number of holes in th e DM Z. Y ou can install these proxies o n se[...]

  • Page 90

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s 90 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Building Mod ule s and High Avail ab ilit y Sc enarios Portal S erver provides th ree scenarios for high availabil ity: • Best Effort The system is available as long as the hardware does not fail and as long as the Portal Serve r pro c [...]

  • Page 91

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s Chap ter 5 Creating Your P ortal Desi gn 91 Table 5-1 summa rizes these hig h avai lability s cenarios a long with their suppo rting techniques. Ta b l e 5 - 1 Portal Se rver Hig h Availab ilit y Scenari os Component Requireme nts Necessary for Best Effort Deployment? Necessary for NSP OF Deployme[...]

  • Page 92

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s 92 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Best Effo rt In this scenario, you in stall Portal Server and Directory Server on a single no de that has a secured hardware co nf iguration for contin uous availa bility, such as Sun F ire UltraSPARC® III mach ines . (Securing a Solaris[...]

  • Page 93

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s Chap ter 5 Creating Your P ortal Desi gn 93 No Single Poin t of Fail ure Portal Server natively supports the no single po int of failure (NSPO F) scena rio. NSPOF is built on top of the best effort scenario, and in addition, introduces replication and loa d balancin g. Figur e 5-4 No Single Point [...]

  • Page 94

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s 94 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide As stated earlier, a buildin g mo dule consists of a a Po rtal Server instance, a Directory Server master replica fo r profile reads and a search engine database. As such, at least t wo buildin g modules are nece ssary to achieve N SPOF, [...]

  • Page 95

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s Chap ter 5 Creating Your P ortal Desi gn 95 Redundan cy is equally important to the directory master so that profile changes through the ad min istration console or th e Portal Des ktop, along with consumer replication across building modules, ca n always be mainta in ed. Portal Server and Acce ss[...]

  • Page 96

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s 96 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide Transpar ent Failo ver Transparent failover uses the same replication model as the NSPOF scenario but provides additiona l high availa bility features, which m ake the failover to a backup server transparent to end users. Figure 5-5 on pa[...]

  • Page 97

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s Chap ter 5 Creating Your P ortal Desi gn 97 The session repository i s provided by the application server so ftware. Portal Server is running in an application server. Portal Server supports transparen t failover on applicatio n servers that support Ht tpSession failov er. See Append ix C, “P or[...]

  • Page 98

    Working w ith Por tal Se rve r Bu ildi ng Mo dule s 98 Portal S erver 6 2 005Q1 • Depl oyment P lanning Guide • If you use multiple ma ch ines, or if your Portal Server ma chi ne is running a large number of instances, use a fast network interconnect. • On servers wit h more than eight CPU s, create processo r se ts or d o mains with either t[...]

  • Page 99

    Design ing Po rta l Use Case Scen ario s Chap ter 5 Creating Your P ortal Desi gn 99 • You can install Search on a m achine separate from Portal Server , to keep the main server dedicated to portal activity. Wh en you do so, you use the search URL property of the Search provider to point to the second ma chine where Search is insta lled. The Sear[...]

  • Page 100

    Designing Portal Use Case Scenarios 100 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide Use case steps are written in an easy-to-understand structured narrative using the vocabulary of the doma in . Use case scenarios are an instan ce of a use case, represen ting a single path through the use case. Thus, there may be a scenario for the ma[...]

  • Page 101

    Design ing Po rta l Use Case Scen ario s Chapte r 5 Creati ng Your P ortal Des ign 101 Example Use Cas e: Authent ic ate Portal User Table 5-2 describes a use case for a portal user to authenticate with the portal. Ta b l e 5 - 2 Use Case : Aut henticate Portal Use r Item Description Priority Must have. Context o f Us e Only authenti cated users ar[...]

  • Page 102

    Des igni ng Po rta l Se cu ri ty St r ate gies 102 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide Designing Portal Security Strategies Security is the set of hardware, software, practices, and techno lo gies that protect a server and its users from malicious outsiders. In that regard, security protects agai nst u nexpec ted behavi or. Yo[...]

  • Page 103

    Designing P orta l Secu rity St rat egie s Chapte r 5 Creati ng Your P ortal Des ign 103 • Minimize t he size of the o perating env ironment inst allation . When installing a Sun server in an environment that is exposed to th e Internet, or any untrusted network, reduce the Solaris inst allation to the minimu m number of packages necessary to sup[...]

  • Page 104

    Des igni ng Po rta l Se cu ri ty St r ate gies 104 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide The user nobo dy does not ha ve a password, which prevents a regular user from becom ing no bod y. On ly th e sup erus er ca n chan ge u sers w it hout be ing prompted for a passw ord . Thus, you still need root acc ess to star t and stop Po[...]

  • Page 105

    Portal S erver an d Access Mana ger on Di fferent No des Chapte r 5 Creati ng Your P ortal Des ign 105 Portal Ser ver and Access Manage r on Differe nt Nodes Portal Server and Access Man ager can be located on different nodes. This type of deplo yment pr ovid es the f ollow ing adva ntage s: • Identity services can be deployed separately from por[...]

  • Page 106

    Portal S erver an d Access Mana ger on Di fferent No des 106 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide Federation Mana gement API – adds functiona li ty based on the Liberty Allian ce Project specificatio ns. Figure 5-6 illustrates Access Manager an d Portal S erver residing on separa te nodes. Figur e 5-6 Porta l Server and Acc e[...]

  • Page 107

    Portal S erver an d Access Mana ger on Di fferent No des Chapte r 5 Creati ng Your P ortal Des ign 107 Figure 5-7 shows two Portal Server in stances configured to work with a sing le Access Manager and two Directory Servers where both the Access Manager and the Directory Servers operate in a J ava Enterprise System Sun Clustered environment. Th is [...]

  • Page 108

    Portal S erver an d Access Mana ger on Di fferent No des 108 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide Figure 5-8 shows co nfiguration allowing authenti cation throu ghput com ing from Po rtal Se rver to be l oad-balan ced across the two A ccess Mana gers. This configuration could be implemented when the Portal Server resides on a h[...]

  • Page 109

    Portal S erver an d Access Mana ger on Di fferent No des Chapte r 5 Creati ng Your P ortal Des ign 109 Figure 5-9 shows a configura tion for maxim um h orizontal sca lability an d higher availability achieved by a horizonta l server farm. Two Portals Servers can be fronted with a loa d balancer for maximu m throughput a nd high availabili ty. Anoth[...]

  • Page 110

    Portal S erver an d Access Mana ger on Di fferent No des 110 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide 1. Modify the fo llowing ar eas in AMConfig.prop erties to b e i n sy n c w it h t he f ir s t installed ins ta nce of Portal Server and Access Mana ger servers: #The key that w ill be used to encrypt and decrypt pa ssw ords. am.en[...]

  • Page 111

    Designing SRA Dep loyment S cenarios Chapte r 5 Creati ng Your P ortal Des ign 111 Designing SRA De ployment Scenar ios The SRA Gateway provides the interface and security barrier between th e remote user sessions o riginating from the Internet and your orga nization’s intranet. The Gateway s erves two m ain fun ctions: • Provides basic authen [...]

  • Page 112

    Designing SRA Dep loyment S cenarios 112 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide Basic SRA Conf igurati on Figure 5 -10 show s the m ost simple confi gura tion possible for SR A. The f igu re shows a cli ent browser runnin g NetFil e and Netlet. The Gatewa y is installed on a separate machine in the DMZ between two firewalls. The [...]

  • Page 113

    Designing SRA Dep loyment S cenarios Chapte r 5 Creati ng Your P ortal Des ign 113 Disable Net let Figure 5-1 1 shows a scena r io si milar to the basic S RA configuratio n ex ce pt that Netlet is disabled. If the client deplo yment is not going to u se Netlet for securely running appl ica tions that need to com mu nicate with intran et, then u se [...]

  • Page 114

    Designing SRA Dep loyment S cenarios 114 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide Proxylet Figure 5-1 2 Proxylet enables users to securely access intranet resources through th e Internet withou t exposi ng these resources to the cl ient. It inherits the transpor t mo de (either HTTP or HTTPS) from the Gatew ay. Figur e 5-12 Proxyle[...]

  • Page 115

    Designing SRA Dep loyment S cenarios Chapte r 5 Creati ng Your P ortal Des ign 115 Multipl e Gateway Instances Figure 5-1 3 shows an extension of the SRA basic con f igura tion. Multiple Ga tewa y instances run on th e same machine or m ulti ple machines. Yo u can start multiple Gateway instan ces with different profiles. See Chapter 2, “Configur[...]

  • Page 116

    Designing SRA Dep loyment S cenarios 116 Portal Server 6 2005Q1 • Depl oymen t P lan ning Gu ide The disadvantage to this configurat ion is that multip le ports need to be opened in the second firewall for each connection request. This could cause potential security problems. Netlet and Rewriter Proxi es Figure 5-1 4 show s a confi gura tion wi t[...]

  • Page 117

    Designing SRA Dep loyment S cenarios Chapte r 5 Creati ng Your P ortal Des ign 117 Figur e 5-14 Netlet and Rewri ter Proxies Gate w a y Gat ew ay NetF ile Netlet Client Client NetFile Net let P o rt a l Se rv er Netlet Pro x y Rewriter Pro xy Host Host Host P ort a l S e rv e r Netlet Pro x y Rewriter Proxy Host Host Host Host Net let traf fi c HTT[...]

  • Page 118

    Designing SRA Dep loyment S cenarios 118 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Netlet and Rewriter Proxies on Separat e Nodes To reduce the load on the Portal Server node a nd still provide the same level of security at increased performance, you can install Netlet and Rewriter Proxies on separate nodes . This deployment has an ad[...]

  • Page 119

    Designing SRA Dep loyment S cenarios Chapte r 5 Creati ng Your P ortal Des ign 119 Using Two Gatewa ys and Netlet Proxy Load balan cers provide a failover mecha ni sm for higher availabili ty for redundancy of services on the Portal Servers and Acce s s Managers. Figur e 5-16 Two Gate ways a nd Netle t Proxy Gatewa y Gat ewa y NetFile Netlet Client[...]

  • Page 120

    Designing SRA Dep loyment S cenarios 120 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Using an Accele rator You can configure an external S SL device to run in f r on t of the Gateway in open mode. It provides th e SSL link between the client and SR A. For information on accelerators, see the Portal Server Sec ure Remo te Acces s 6 Admin[...]

  • Page 121

    Designing SRA Dep loyment S cenarios Chapte r 5 Creati ng Your P ortal Des ign 121 Netlet with 3rd Party Pro xy Figure 5-1 8 illustrates using a third-party proxy to l imit the number of ports in th e second firewall to on e. You can configure the Gatewa y to use a third-party proxy to reach the Rewriter and the Netlet Proxies. Figur e 5-18 Netlet [...]

  • Page 122

    Designing SRA Dep loyment S cenarios 122 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Reverse Proxy A proxy server serves Internet content to the intranet, while a reverse proxy s erves intranet content to the Internet. Certain deployments of reverse proxy are configured to serve the Internet content to achi eve load balancing and cachin[...]

  • Page 123

    Designing for Localization Chapte r 5 Creati ng Your P ortal Des ign 123 Designing for Localization Localizat ion is the proces s of ada pting text and cultural conten t to a s pecific audience. Localization can be approached in two different ways: 1. Localization of the entire produc t into a langua ge that we don’t provide. This is usually don [...]

  • Page 124

    Conten t and Design Implem entation 124 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide See the Port al Server 6 De velo per’s Guide and Portal Server 6 Desktop Cus tomization Guide for more information. Placem ent of Static Portal Conte nt Place your s tatic port al cont ent in the web-container-install-root /SUNW am/pub lic_ht ml direct[...]

  • Page 125

    Content and Desi gn Implem entation Chapte r 5 Creati ng Your P ortal Des ign 125 • Portlet . Pluggable web component that proces ses requests and generates content within t he context of a port al. In Port al Serve r software, a portlet is managed by the Portl et Container. C oncept ually, a portlet is equivalen t to a Provider. • Portal appli[...]

  • Page 126

    Conten t and Design Implem entation 126 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide • Portal capabilit y augmenta tion . Thi s integr ation en able s produ cts to ad d functionality to Portal Server. Examples include Altio, Bowstreet, rule engines to add group capa bility, and dynamic s tandard Portal Desktop and provi der contents (H[...]

  • Page 127

    Identity and Directory S tructure D esign Chapte r 5 Creati ng Your P ortal Des ign 127 JavaMail provides a com mon uniform API fo r mana ging mail. It enabl es service providers to provide a standard i nterface to their standards based or proprietary messagin g sys tems using Java progra mming lang uage. Using th is API, applicatio ns can access m[...]

  • Page 128

    Identity and Directory S tructure Desig n 128 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide See the Port al Server 6 Admi nistratio n Guid e , Directory S erver Depl oymen t Guid e, and the Access Manage r Deployme nt Guide for more inf ormation on planning your Access Manager and Directory Server structure. Implement ing Single Sign-On S[...]

  • Page 129

    Identity and Directory S tructure D esign Chapte r 5 Creati ng Your P ortal Des ign 129 Choosin g and Impleme n ting the Corr ect Aggregra tion Str ategy The options for im plem enting portal chan nels for speed and scalability in clude: • Keeping proce s sing functi on s on back-end s ystems and app lication server s, not on the portal server. T[...]

  • Page 130

    Identity and Directory S tructure Desig n 130 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide To use URLScr aperProv ider as a file scraper provider, specify the UR L as follows : String na me="url" value ="file:// path / filename " This is the best performing provider, in terms of how fast it retrie ves content. On the [...]

  • Page 131

    Identity and Directory S tructure D esign Chapte r 5 Creati ng Your P ortal Des ign 131 large amount o f processing to display the dat a in the Portal Desktop. If you use this type of provider, push as much data proces sin g logic to the database as possible. Also, benchmark y our portal performance with and w ithout database channels in the us er [...]

  • Page 132

    Identity and Directory S tructure Desig n 132 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide[...]

  • Page 133

    133 Chapter 6 The Production Environment This chapter describes how to monitor and tune Sun Java ™ System Portal Server softwar e, including the Sun J a va System Portal S erver Secure Remote Access product. This chapter contains the following sections: • Moving to a Produc tio n Environment • Monitoring Portal Server Moving to a Pro duction [...]

  • Page 134

    Moving to a Produc tion Envi ronment 134 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide • Determine whether your current physical infrastructure is capable of supporting the trans acti on volum e requi rement y ou have defined. Identify services that are the first to max out as you increase the activity to the porta l. This indicates the[...]

  • Page 135

    Monito ring Por tal Server Chapte r 6 T he Prod uction Envi ronment 135 Monitor ing Port al Server This section describes the variables that affect portal performance, as well as the portal monitoring you can perform. Areas to m onitor include: • Sun Ja va System Acc ess Manager •P o r t a l D e s k t o p • Sun Java Sy stem Direct ory Server [...]

  • Page 136

    Monito ring Port al Server 136 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Most applications sug gest using a larger percentage of the total hea p for the new generation, but in the case of Portal Server, using on ly one eighth the space f or th e young generation is appropriate, because most memory used by Portal Server is long-lived. [...]

  • Page 137

    Monito ring Por tal Server Chapte r 6 T he Prod uction Envi ronment 137 Expect peak lo ads to be fo ur to eight times hig her than the average load, but over short per iods of tim e. Access Manager Cache and Session s The performance of a po rtal system is affected to a la rge extent by the cache hit ratio of the Access Manager cache. This cache is[...]

  • Page 138

    Monito ring Port al Server 138 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Portal Usage Informati on Portal Server does no t include a built-in repo rting mechan ism to monitor port al usage info rmation by po rtal users. This includes wh ich channels are accessed, ho w long the ch annels ar e accessed, an d the ability to build a u ser[...]

  • Page 139

    139 Appendix A Installed Product Layout This appendix describes the Sun Java™ System Portal Server directory structure and properties files used to store configuration and o perational data. Directories Installed for Portal Server Table A-1 shows the platform-specific directory s tructures that are installed for Sun Java System Portal Server . Ta[...]

  • Page 140

    Directories In stalled for S RA 140 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Directories Installed for SR A This section describes the Sun Java™ System Secure R emote Access (SRA) directory structure and configuration files used to store configuration and operational d ata. Table A-2 shows the platform-spe cific directory structure[...]

  • Page 141

    Configuration Files Appen dix A Installed P roduct L ayout 141 Configuration Files All Portal Server an d SRA configurat ion data is st ored usin g the Sun Java System Access Manager Services Man agement function. Access Manager provides the bootstrap configura tion file that is need ed to find th e Sun Java System Directory Server. The platf orm.c[...]

  • Page 142

    Configuration Files 142 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide[...]

  • Page 143

    143 Appendix B Analysis Tools The Sun Java™ Enterprsie System and SDK include default setting options to ensure a satisfactory out-of-the-box experience. However these opt ion s might not provide optimal perform anc e for you r web applicat ion s in the Sun Java System Portal Server production environment. This section describes some alternativ e[...]

  • Page 144

    mpstat 144 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide mpstat Th e mpstat utility is a useful tool to mon itor CPU utilizat ion, especially w ith multithr eaded application s running on multiprocesso r machines, which is a typical configuration for enterprise solutions. Use mpst at with an argument between 5 seco nds to 10 secon ds. An [...]

  • Page 145

    mpsta t Appendix B Anal ys is Tools 145 What to Loo k For No te th e much h igher intr and ithr values for certain CPUs. Solaris wi ll select some CPUs to handle the system interrupts. The CPUs an d the number that are chosen depend on the I/O devices atta ched to the system, the physical locatio n of the devices, and whether interrupts have been d[...]

  • Page 146

    iostat 146 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide iostat The iostat too l gives statistics on the disk I/O subsyst em. The iostat command has many opt ions. More informa tion can be foun d in the man pages. The fol lowing typical optio ns provide informa tion on locatin g I/O bottlenecks . Output #ios tat -x n 10 exten ded de vice [...]

  • Page 147

    netstat Appendix B Anal ys is Tools 147 nets tat The netstat tool gives statisti cs on the network subsy stem . It can be used to analyze many aspects of the netw ork subsystem, two o f which are the TCP /IP kernel module and the interface bandwidth. An overview of both uses follow. netstat -I hme0 10 These netstat options are used to analyze inter[...]

  • Page 148

    netstat 148 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide • errs - errors. The presence o f errors could indicate device err ors. If your network is swi tched, errors indicate that you are nearly consumin g the bandwidth capa city of your network. The solutio n to this problem is to give the system m ore bandwi dth, wh ich can be a chie[...]

  • Page 149

    netstat Appendix B Anal ys is Tools 149 tcp Listen Drop = 0 t cpList enDrop Q0 = 0 tcp HalfOp enDrop = 0 t cpOutS ackRet rans = 56 What to l ook fo r • tcpListenDrop - If after several looks at the co mmand output the tcpListenDrop continu es to increase, it co uld indicate a problem with qu eue size. Considerat ions: • A possible cause of incr[...]

  • Page 150

    Tuni ng Paramet ers for /etc/system 150 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Tuning Para meters fo r /etc/sy stem Table B-2 is a list of /etc /system tuning parameters used during the performance study. The changes are app lied by appendin g each to the /etc/system file. A description of all /etc/syste m parameters can be found i[...]

  • Page 151

    Tuni ng Para me ter s for /etc/system Appendix B Anal ys is Tools 151 ndd -set /dev/tcp tcp_cwnd_max 65535 The maximum value of TCP conge stion win dow (cwnd) in by tes. ndd -set /dev/tcp tcp_rexmit_ interval_min 3000 The default mi nimum retransm ission timeout (RTO) v alue in milli sec onds. The cal culated RTO fo r all TCP conn ections ca nnot b[...]

  • Page 152

    Tuni ng Paramet ers for /etc/system 152 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide[...]

  • Page 153

    153 Appendix C Portal Server and Application Servers This appendix provides an overview of the Sun Java™ System Portal Server product and its support for application servers. This appendix con tains the followi ng sections: • Introduct ion to Appli cation Se rver Support in Portal Server • Portal Server on an Application Server Cluster Intr o[...]

  • Page 154

    Portal S erver on an Applica tion Serve r Cluster 154 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Running Portal Server on an applicatio n server enables you to: • Decouple the portal platform from the application server platform, allowi ng you to choos e the best co mbination of Po rtal Server and applicati on server for your organi [...]

  • Page 155

    Portal Ser ver on an Appl icat ion Serve r Cluster Append ix C Portal Se rver and Applica tion Serve rs 155 2. Deploy the three web applications (portal, amserver, a nd amconsole) to the cluster. The following sections explain wha t it means to enab le Portal Server to run on an applicatio n server cluster. Overview of Applica t ion Se rv er Enterp[...]

  • Page 156

    Portal S erver on an Applica tion Serve r Cluster 156 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide See the following d ocu mentation fo r more info rma tion: http: //edocs.b easys.com/wl s/docs61/clu ster/index.h tml You start th e Admi nistration Server wi th the following com mand: install_dir /con fig/domai n_name/start Weblogic.sh Th[...]

  • Page 157

    Portal Ser ver on an Appl icat ion Serve r Cluster Append ix C Portal Se rver and Applica tion Serve rs 157 To install a BE A clu ster, you r BEA license for each machine partici p ati ng in the cluster must be a special BEA cluster license. See th e BEA documentation for the procedure to get the license and set up a BEA cluster with HttpClu sterSe[...]

  • Page 158

    Portal S erver on an Applica tion Serve r Cluster 158 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide[...]

  • Page 159

    159 Appendix D Troubleshooting Your Portal Deployment This appendix describes how to troubleshoot the Sun Java™ System Portal Se rver software and the Sun Java System Portal Se rver Secure Remote Access (SRA) softwa re. This appendix con tains the followi ng sections: • Troub leshoot ing Port al Se rver • Troub leshoot ing SRA Trouble s hoot [...]

  • Page 160

    Troubl esh oot i ng Porta l Serv er 160 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide ./ux wdog - d port al-server -install-roo t /SUNW am/server s/https- serv er /con fig ns-h ttpd - d port al-server -install-roo t /SUNW am/server s/https- serv er /con fig Admin Web Server (optional, but us ually running): ./ux wdog - d web-cont ainer-in[...]

  • Page 161

    Trouble shooting Portal S erver Append ix D Trouble shooting Your Por tal Depl oyment 161 ➤ To Extract the Display Profil e 1. Login as administrator. 2. Use the dpadm in command to extract the display prof ile. Fo r example: ./dp admin l ist -u "uid= amAdmi n,ou=P eople, o=sest a.com, o=isp" -w passw ord -d " o=sesta .com,o =isp&q[...]

  • Page 162

    Troubl esh oot i ng SRA 162 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Configurin g a Sun Java System Portal Server Instanc e to Use an HTTP Proxy If the P ortal Ser ver soft ware is in stall ed on a ho st th at ca nnot d ire ctly acc ess cer tain portions of the Internet or your intranet, you can receive er rors. For example, when usi[...]

  • Page 163

    Trouble shooting SRA Append ix D Trouble shooting Your Por tal Depl oyment 163 gate way-ins tall-root /SUN Wam/confi g/ AMConfig - instance- name .propert ies 2. Set the debug level: com. iplanet.se rvices.debug .level= The debug levels are: erro r - Only serio us errors are logged in the debug file. R ewriter usu ally stops functioning when such e[...]

  • Page 164

    Troubl esh oot i ng SRA 164 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide • The setting s in th e Gateway script such as the JVM™ settings including h eap usage, and library path • Gateway service settings • Tuning settin gs in various fil es used for configuring Sun Java S ystem Access Manager , Sun Java System Directory Server, [...]

  • Page 165

    Trouble shooting SRA Append ix D Trouble shooting Your Por tal Depl oyment 165 At the end of the test period, run shoot er to collect the output of gcto ol along wi th other da ta. memfoot.sh This script tracks the mem ory footprint of a process. Start this script after sta r tin g the Gateway and allow it to run during the duration of the test. Th[...]

  • Page 166

    Troubl esh oot i ng SRA 166 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide /var /opt/SUNWp s/debug/srap NetFile Netlet: /var /opt/SUNWp s/debug/srap Netlet_ Gate way-hos tname _ Gate way-p rofi le-na me[...]

  • Page 167

    167 Appendix E Portal Deployment Worksheets This appendix provides worksheets to help with the portal deployment process. This appendix con tains the followi ng sections: • Portal Assessm ent Worksh eets • Portal Design Task List Portal Assessment Works heets Use these worksheets to learn more about your organization’ s business needs and pot[...]

  • Page 168

    Portal Assessme nt Worksheets 168 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide 2. How ma ny po rtals does y our organ ization alre ady ha ve? 3. What types a re they (busine ss-to-employee, bu siness-to-consum er, business-to-busi ness, ISP)? 4. If you have more th an one, do you hav e a need to reduce th e number? Integ r ate? Federate?[...]

  • Page 169

    Portal Assess ment Worksheet s Appen dix E Portal Dep loyment Worksheets 169 Ta b l e E - 3 Busines s Service-lev el Expect ations Quest ions 1. Are your develo pment projects co nsistent? Do y ou manage their risk ? 2. How do es yo ur developme nt team work wi th your test, deploy ment, and op eration s groups? 3. How many di fferent platforms doe[...]

  • Page 170

    Portal Assessme nt Worksheets 170 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Ta b l e E - 5 User Mana gement and S ecurity Questions 1. How would you segment, cat egorize, and re late (hierarchically) your u ser community? 2. What are your cu rrent and future s ecurity policies? 3. Do various dep artments own or mai ntain their private[...]

  • Page 171

    Portal De sign Ta sk List Appen dix E Portal Dep loyment Worksheets 171 Portal Design Task List Table E-8 lists the major portal deployment phases and design tasks. Use this task list to help develop your portal project plan. Though these tasks will vary depending on your organization and the scale of ea ch deployment, the worksheet represents the [...]

  • Page 172

    Portal D esign Tas k List 172 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Project Plan Review • Review pre-imp lementation • Review bus iness requirements • Review tec hnical requirements • Review archi tectural doc ument s • Review hardw are and infrastructure Coordinate Res ources • Identify skill s required • Identify r[...]

  • Page 173

    Portal De sign Ta sk List Appen dix E Portal Dep loyment Worksheets 173 Directory Des ign • Design organiz ations, su borganizations, rol es, and users • Define privile ges • Review sha red data requirem ents • Establish d ata trans fer protocols • Create temporary or in termediate tables • Test temporary or interme diate tables • Doc[...]

  • Page 174

    Portal D esign Tas k List 174 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Sun Jav a Syste m Portal Server, Sun Java Syst em A pplication S erv er, and Other Software Modifications • Review you r organization ’ s requirements and expectatio ns • Establish m odifications for s oftware • Establish m ethods for softwa re modificatio[...]

  • Page 175

    Portal De sign Ta sk List Appen dix E Portal Dep loyment Worksheets 175 Reporting • Establ ish rep orting requireme nts for organization • Create reporting pla n • Establish rep orting t eam • Design reports • Create reports • Test reports • Review reports with customer • Provide informa tion and training on report tool Test • Est[...]

  • Page 176

    Portal D esign Tas k List 176 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide Conduct Integrati on and System Test • Ensure establishment of i ntegration test environmen t • Identify test team and assig n test scenario ow nership • Train team on integrati on test procedures, roles, and responsibilitie s • Review and revise integ rat[...]

  • Page 177

    Portal De sign Ta sk List Appen dix E Portal Dep loyment Worksheets 177 Training • Confirm orga nization c ommitment and exp ectations • Establish t ra ining requirements f or all personnel • Establish t raining schedules • Establish t raining staff • Prepare materials for training • Train administrators • Train maintenance p roviders[...]

  • Page 178

    Portal D esign Tas k List 178 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide[...]

  • Page 179

    179 Appendix F Portal Server on the Linux Platform Sun Java™ System Portal Se rver supports RedHat 3.0 Linux platfor m, however, please note the difference s between the Solaris and Linux platforms. Limitati ons Using Linux Please note the fol low ing: • Portal Serve r an d Access Manage r m ust reside on the sa me server. • The sa mple Por t[...]

  • Page 180

    Compari son of So laris an d Linux Path Names 180 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide[...]

  • Page 181

    181 Glossary Refer to the Java Enterprise Sys tem Glossary (http:/ /docs.sun.com/doc/ 816-6873) for a comple te li st of terms t hat ar e used in this do cumen tation set.[...]

  • Page 182

    182 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide[...]

  • Page 183

    183 Index SYMBOLS /et c/opt/S UNWps directory 139 /etc/s ystem t uning pa rameter s 150 /op t/SUNWp s dir e ctor y 139 /op t/SUNWp s/sdk directory 139 A accele rat ors and Ga teway 41 , 76 access control Gatewa y 40 limitin g 104 NetFile 46 Netlet 43 Access Contro l Inst ru ctio ns 127 Access Ma nager admini stration console 28 and Linux 17 9 cache[...]

  • Page 184

    Section B 184 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide averag e sessi on time 66 average time bet ween page request s 65 B back-en d ser vers 68 banne r 82 basel ine po r tal perf orman ce anal y sis 133 bas ic au then ticati on 39 BEA WebLogic 155 bottl enecks and buil ding modules 98 and t uning 133 buildi ng modu les 89 and Direct[...]

  • Page 185

    Section E Index 185 requirements 51 softwar e 31 deploymen t scenarios 92 and S RA 92 building mo du les 92 no si ngle po int o f fail ure 93 SRA 111 – 122 trans parent fail over 96 designing for integra tion 124 for localiz ation 123 secur ity stra tegies 102 SRA deplo y ment scenarios 111 – 12 2 use case scenarios 99 Desktop ty pe 75 direct o[...]

  • Page 186

    Section H 186 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide high availa bility 86 HTTP and HTTPS 38 logging 41 multihomed 38 multiple in stances 38 Netlet t raffic 40 overview 37 page configur at ion 75 performance requiremen ts 73 profile 39 proxies 39 session info rm ation , Gatewa y 40 session st ickiness 39 SSL 39 SSL h ardware accele[...]

  • Page 187

    Section M Index 187 and Portal Ser ve r failur es 94 and Rewriter 49 and S RA 95 with SRA 86 loca le file 14 0 localiz ation 123 log fil es and troubleshootin g 160 locati on 139 SRA 165 logging errors 134 Gatewa y 41 number of a ctive sessions 137 login ty pe 75 LoginPr ovider 130 low-level portal design, ov erview 81 M mem foot.sh script 165 Micr[...]

  • Page 188

    Section O 188 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide O open mode 25 Outlook client 42 P packaging 31 pcAnywhere 52 PDC authenticati on 40 peak numbers 64 performance Access Ma nager cach e and sessions 137 analy si s tools 143 baselin e analysis 135 buildi ng modu les 97 CPU utiliza tion 136 establishi ng m ethodolog y 62 garbage c[...]

  • Page 189

    Section Q Index 189 Q questions busine ss objectives 51 techin cal goal s 53 user beha viors and pa tterns 59 R rdmg r comm a nd 160 recov e ring, Se ar ch data base 160 reloading the display profile 161 requirements, id entifying 51 resou rce bu ndles 123 rever se pr oxy description 122 offloading requests 82 Rewriter load ba lan c ing 49 overview[...]

  • Page 190

    Section T 190 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide patches 18 support 18 Solaris Operating Environm ent minimizi ng size o f install ation 102 secur ing 102 split tu n neling 43 SRA and load balancin g 86 , 95 and NetF ile 46 and revers e proxy 122 and Sun Enterp rise Mid frame Lin e 77 components 37 debugg ing 16 2 direct ory st[...]

  • Page 191

    Section W Index 191 VPN 56 VPN client 43 W WAR file 32 and a pplic ation ser vers 15 4 to deploy softwar e 31 web c onta iners supported 153 work load cond itions 69 works heets 167 X XMLProvider 130[...]

  • Page 192

    Section X 192 Portal Server 6 2005Q1 • Depl oymen t Plan ning Guide[...]