Sun Microsystems Portal Server 6 2005Q1 Planning Manual Download Page 102 | Manualshive

Page: 102 / 192

background image

Designing Portal Security Strategies

102

Portal Server 6 2005Q1 • Deployment Planning Guide

Designing Portal Security Strategies

Security is the set of hardware, software, practices, and technologies that protect a
server and its users from malicious outsiders. In that regard, security protects
against unexpected behavior.

You need to address security globally and include people and processes as well as
products and technologies. Unfortunately, too many organizations rely solely on
firewall technology as their only security strategy. These organizations do not
realize that many attacks come from employees, not outsiders. Therefore, you need
to consider additional tools and processes when creating a secure portal
environment.

Operating Portal Server in a secure environment involves making certain changes
to the Solaris™ Operating Environment, the Gateway and server configuration, the
installation of firewalls, and user authentication through Directory Server and SSO
through Access Manager. In addition, you can use certificates, SSL encryption, and
group and domain access.

Securing the Operating Environment

Reduce potential risk of security breaches in the operating environment by
performing the following, often termed “system hardening:”

Description

1.

User enters the portal URL.

2.

If the customization parameter [remember login] is set, then automatically
login the user and provide a session ID.

3.

If first time user, prompt for LDAP user ID and password.

4.

User enters previously assigned user ID and password.

5.

Information is passed to Access Manager for validation.

6.

If authentication passes, assign session ID and continue.

7.

If authentication fails, display error message, return user to login page;
decrement remaining attempts; if pre-set attempts exceed limit, notify user
and lock out the account.

Table 5-2

Use Case: Authenticate Portal User (Continued)

Item

Description

«
...
100
101
102
103
104
...
»

Summary of Contents for Portal Server 6 2005Q1

Page 1: ...Sun Java System Portal Server 6 Deployment Planning Guide 2005Q1 Sun Microsystems Inc 4150 Network Circle Santa Clara CA 95054 U S A Part No 817 7697...

Page 2: ...ms Inc d tient les droits de propri t intellectuels relatifs la technologie incorpor e dans le produit qui est d crit dans ce document En particulier et ce sans limitation ces droits de propri t intel...

Page 3: ...sing Sun Resources Online 18 Contacting Sun Technical Support 18 Related Third Party Web Site References 18 Sun Welcomes Your Comments 19 Chapter 1 Portal Server Architecture 21 What is a Portal 21 Ty...

Page 4: ...ion 39 Gateway and SSL Support 39 Gateway Access Control 40 Gateway Logging 41 Using Accelerators with the Gateway 41 Netlet 41 Static and Dynamic Port Applications 41 Netlet and Application Integrati...

Page 5: ...77 Chapter 5 Creating Your Portal Design 79 Portal Design Approach 79 Overview of High Level Portal Design 80 Overview of Low Level Portal Design 81 Logical Portal Architecture 81 Portal Server and Sc...

Page 6: ...alization 123 Content and Design Implementation 123 Integration Design 124 Identity and Directory Structure Design 127 Implementing Single Sign On 128 Portal Desktop Design 128 Client Support 131 Chap...

Page 7: ...9 Troubleshooting Portal Server 159 UNIX Processes 159 Log Files 160 Recovering the Search Database 160 Working with the Display Profile 160 High CPU Utilization for Portal Server Instance 161 Configu...

Page 8: ...8 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 9: ...e 5 6 Portal Server and Access Manager on Different Nodes 106 Figure 5 7 Two Portal Servers and One Access Manager 107 Figure 5 8 One Portal Server and Two Access Managers 108 Figure 5 9 Two Portal Se...

Page 10: ...10 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 11: ...l User 101 Table A 1 Portal Server Directories 139 Table A 2 Portal Server SRA Directories 140 Table B 1 Performance Analysis Tools 143 Table B 2 etc system Options 150 Table B 3 TCP IP Options 150 Ta...

Page 12: ...12 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 13: ...ver Secure Remote Access is a component of Sun Java Enterprise System a software infrastructure that supports enterprise applications distributed across a network or Internet environment You should be...

Page 14: ...the intranet Chapter 3 Identifying and Evaluating Your Business and Technical Requirements on page 51 This chapter describes how to analyze your organization s needs and requirements that lead to des...

Page 15: ...Server software and the Portal Server Secure Remote Access SRA product Appendix E Portal Deployment Worksheets on page 167 This appendix provides various worksheets to help in the deployment process...

Page 16: ...ese are called class options Do not save the file The file is located in the install dir bin directory Book Title Description Portal Server Administration Guide http docs sun com db doc 817 7691 Descr...

Page 17: ...7 6257 Portal Server Mobile Access Tag Library Reference http docs sun com doc 817 6260 Other Server Documentation For other server documentation go to the following Directory Server documentation htt...

Page 18: ...eloper Information http developers sun com prodtech index html Contacting Sun Technical Support If you have technical questions about this product that are not answered in the product documentation go...

Page 19: ...http docs sun com and click Send Comments In the online form provide the document title and part number The part number is a seven digit or nine digit number that can be found on the title page of th...

Page 20: ...Sun Welcomes Your Comments 20 Portal Server Secure Remote Access 6 2005Q1 Administration Guide...

Page 21: ...Portal Server Architecture Identity Management A Typical Portal Server Installation What is a Portal Portals provide the user with a single point of access to a wide variety of content data and servic...

Page 22: ...ssified as a portal For this reason portals have many different uses and can be classified as one of the following Collaborative Portals Business Intelligence Portals Collaborative Portals Collaborati...

Page 23: ...d predefined queries and are associated with financial management customer relationship management and supply chain performance management Business intelligence portals also provide access to business...

Page 24: ...web service remote portlet Publishing and managing content provided by third party applications such as FatWire Sun Java System Portal Server Portal Server is a component of the Sun Java Enterprise Sy...

Page 25: ...sers receive secure encrypted access to the content and services that users have permission to access SRA is targeted toward enterprises deploying highly secure remote access portals These portals emp...

Page 26: ...he Portal Server system across the Internet through the single firewall or from a web proxy server that sits behind a firewall Figure 1 1 Portal Server in Open Mode Portal Server in Secure Mode In sec...

Page 27: ...ion and Portal Desktop reside behind the DMZ in the secured intranet Communication from the client browser to the Gateway is encrypted using HTTP over Secure Sockets Layer SSL Communication from the G...

Page 28: ...e sign on SSO with any product that also uses the Access Manager SSO mechanism The SSO mechanism uses encoded cookies to maintain session state Another layer of security is provided by SRA It uses HTT...

Page 29: ...n schema Web Containers Sun Java System Web Server Sun Java System Application Server Enterprise Edition The following web containers can be used in place of the Web Server and Application Server soft...

Page 30: ...ervers running applications on your intranet Directory Server node The server running Directory Server software You can install Directory Server on a non portal node Other servers These servers such a...

Page 31: ...packages do not contain WAR or EAR files The packages do contain web xml fragments that are used to construct the Portal Server WAR file at installation time This dynamically constructed file is then...

Page 32: ...need to install this package on a development system so that they can compile classes that use the API If a component does not export any public Java APIs it would not have this package Compatibility...

Page 33: ...The portal node portal search node and directory server are hosted on the internal network where users have access to systems and services ranging from individual employee desktop systems to legacy s...

Page 34: ...Architecture for a Business to Employee Portal Telecommuter Airport Hotel Kiosks Branch Offices Remote Offices Customers Suppliers Behind Firewall Internet DMZ Gateway Gateway Mail Web Server Proxy Ca...

Page 35: ...igure 1 4 shows a Portal Server deployment with SRA services See Chapter 2 Portal Server Secure Remote Access Architecture for details Figure 1 4 SRA Deployment Gateway Portal Netlet Proxy Application...

Page 36: ...A Typical Portal Server Installation 36 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 37: ...ts SRA Gateway Netlet Netlet Proxy NetFile Rewriter Rewriter Proxy Proxylet SRA Gateway The SRA Gateway is a standalone Java process that can be considered to be stateless since state information can...

Page 38: ...users to access the same Gateway extranet users over HTTPS and intranet users over HTTP without the overhead of SSL You can also run the Gateway in chroot environments See the Portal Server Secure Re...

Page 39: ...c authentication the client prompts for user name and password and sends the information back to the requesting server With the Gateway enabled for HTTP basic authentication it captures the user name...

Page 40: ...has been established the Gateway continues to receive the incoming requests checks session validity and then forwards the request to the destination web server The Gateway server handles all Netlet tr...

Page 41: ...t to the intranet applications through the Netlet are controlled by Netlet rules A Netlet applet running on the browser sets up an encrypted TCP IP tunnel between the remote client machine and intrane...

Page 42: ...el port dynamically Currently FTP and Microsoft Exchange are the only dynamic port applications that Portal Server supports NOTE Although Microsoft Exchange 2000 is supported with Netlet the following...

Page 43: ...d to the portal site it does prevent unauthorized users from piggybacking on other users s sessions in the following ways Netlet is an application specific VPN and not a general purpose IP router Netl...

Page 44: ...ple Netlet Proxies behind the second firewall to avoid a single point of failure You could also use a third party proxy to use only one port in the second firewall NetFile NetFile enables remote acces...

Page 45: ...nnects back to the servlet to get its own configuration such as size locale resource bundle as well as user settings and preferences NetFile obtains the locale information and other user information s...

Page 46: ...As part of the NetFile service you can configure the Allowed URLs or Denied URLs lists to allow or deny access to servers at the organization role or user level The Denied URLs list takes precedence o...

Page 47: ...hile working with the shares The ISO 8859 1 encoding is capable of handling most common languages ISO 8859 1 encoding gives NetFile the capability to list files in any language and to transferring fil...

Page 48: ...d URIs are translated 5 The original URI is replaced with the rewritten URI 6 This process is repeated until the end of the document is reached 7 The resultant Rewriter output is routed to the browser...

Page 49: ...run on SSL Proxylet establishes a secure channel between the client machine and the Gateway Proxylet uses the JSSE API if the client JVM is 1 4 or higher or if the required jar files reside on the cli...

Page 50: ...Proxylet 50 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 51: ...gn issues This chapter contains the following sections Business Objectives Technical Goals Mapping Portal Server Features to Your Business Needs Understanding User Behaviors and Patterns Business Obje...

Page 52: ...rget audience What services or functions will the portal deliver to users How will the target audience benefit from the portal What are the priorities for the portal If you plan to deploy your portal...

Page 53: ...chitectural solution for your portal The reasons you are offering your portal have a direct affect on how you implement your portal You must define target population performance standards and other fa...

Page 54: ...across the organization and sometimes outside the organization while accessing content applications and services The challenges include Who is using an application In what capacity do users serve the...

Page 55: ...user is authenticated the SSO API takes over Each time the authenticated user tries to access a protected page the SSO API determines if the user has the permissions required based on their authentic...

Page 56: ...ernal DMZ based Gateways SRA core Users achieve remote access through four components Gateway NetFile Netlet Proxylet This component has four parts Gateway Controls communication between the Portal Se...

Page 57: ...pen only two ports one between the Gateway and the Rewriter Proxy and another between the Gateway and the Portal Server HTTP traffic is now secure between the Gateway and the intranet even if the dest...

Page 58: ...ses employee productivity improves customer relationships and streamlines business relationships by providing quick and personalized access to content and services Enable users to customize content Po...

Page 59: ...ome types of channels Users no longer have to search for the information Instead the information finds them Consistent set of tools Users get a set of tools like web based email and calendaring softwa...

Page 60: ...or existing applications Do you have web traffic analysis figures for an existing portal How many visitor sessions or number of single visitor visits are likely within a predefined period of time Is p...

Page 61: ...bjectives include the number of users the number of concurrent users at peak load time and their usage pattern in accessing Sun Java System Portal Server You need to determine these two factors Are yo...

Page 62: ...h This means not just sizing for today s needs but future needs and capacity This includes usual peaks after users return from a break such as a weekend or holiday or if usage is increased over time b...

Page 63: ...rmance problems See Portal Sizing on page 63 3 Develop and refine the prototype workload that closely simulates the anticipated production environment agreed between you and the portal administrators...

Page 64: ...lowing metrics for input to the sizing tool Peak Numbers Average Time Between Page Requests Concurrent Users Average Session Time Search Engine Factors Other performance metrics that affect the number...

Page 65: ...ms are contained on the page Though web server logs record page requests using the log to calculate the average time between requests on a user basis is not feasible To calculate the average time betw...

Page 66: ...he session time is inversely proportional to the number of logins occurring that is the longer the session duration the fewer logins per second are generated against Portal Server for the same concurr...

Page 67: ...scans Each function uses different search algorithms and data structures Because differences in search algorithms and data structures increase as the number of search and indexed terms increase the ty...

Page 68: ...ructure carefully when you use channels that Scrape their content from external sources Access corporate databases which typically have slow response times Provide email content Provide calendar conte...

Page 69: ...stem capacity Portal Server capacity begins to be impacted when large numbers of users log in As more users login users use more of the available memory and subsequently less memory is available to pr...

Page 70: ...an application server is to integrate portal providers with Enterprise JavaBeans architecture and other J2EE technology stack constructs such as JDBC and JCA running on the application server These o...

Page 71: ...ure Use your baseline sizing figure as a reference point Expect variations from your baseline sizing figure Learn from the experience of others Use your own judgement and knowledge Examine other facto...

Page 72: ...izing estimate A single machine can have one Gateway installation but multiple instances SRA enables you to install multiple Gateways each running multiple instances Your design decisions help you mak...

Page 73: ...otential users for the secure portal See Concurrent Sessions on page 139 for more information on estimating this number Expected percentage of total users using the Gateway at maximum load Apply a per...

Page 74: ...teway needs to determine whether the incoming traffic is Netlet traffic or Portal Server traffic Disabling Netlet reduces this overhead since the Gateway assumes that all incoming traffic is either HT...

Page 75: ...redentials initializing the session and delivering initial content The Measured CPU Performance characteristic associated with the Login Type is the Initial Desktop Display variable Desktop Type Descr...

Page 76: ...et application byte size The Netlet dynamically determines the block size based on the application that is used Block size determined by Netlet for a Telnet is based on the amount of data transferred...

Page 77: ...rtal Server and SRA in different domains on the same Sun Enterprise midframe machine The normal CPU and memory requirements that pertain to Portal Server and SRA still apply you would implement the re...

Page 78: ...SRA Sizing 78 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 79: ...uilding Modules Designing Portal Use Case Scenarios Designing Portal Security Strategies Portal Server and Access Manager on Different Nodes Designing SRA Deployment Scenarios Designing for Localizati...

Page 80: ...loped the high level design leads toward the creation of the low level design The low level design specifies such items as the physical architecture network infrastucture Portal Desktop channel and co...

Page 81: ...and feeds Access Manager architecture including the strategy and design of organizations suborganizations roles groups and users which is critical to long term success Integration strategy including...

Page 82: ...ications web content servers and application servers The Portal Server and Directory Server reside here The logical architecture describes the Portal Desktop look and feel including potential items su...

Page 83: ...this by planning and sizing to the number of CPUs you need See Chapter 4 Pre Deployment Considerations for more information Horizontal Scaling In horizontal scaling machines are added This also enable...

Page 84: ...r is that not all systems have the same level of availability requirements Most applications can be categorized into the following three groups Task critical Affects limited number of users not visibl...

Page 85: ...ility of the system to recover from failures and ways of measuring system availability The degree of high availability depends on your specific organization s fault tolerance requirements and ways of...

Page 86: ...erver component and redirect requests to other servers In secure mode Gateway components can detect the presence of a failed server component and redirect requests to other servers This is valid as lo...

Page 87: ...affic is directed to the appropriate servlet Communication occurs between the Authentication service s LDAP module and the LDAP authentication server between the Communications channel servlet and the...

Page 88: ...sers do not notice this because Portal Server services can rebuild a user context from the user s profile and by using contextual data stored in the request While this statement is generally true for...

Page 89: ...e A Portal Server building module is a hardware and software construct with limited or no dependencies on shared services A typical deployment uses multiple building modules to achieve optimum perform...

Page 90: ...nents However in the case of failures user sessions are lost Transparent Failover The system is always available but in addition to NSPOF failover to a backup instance occurs transparently to end user...

Page 91: ...cessary for Best Effort Deployment Necessary for NSPOF Deployment Necessary for Transparent Failover Deployment Hardware Redundancy Yes Yes Yes Portal Server Building Modules No Yes Yes Multi master C...

Page 92: ...ume management system which prevents loss of data in case of a disk crash Figure 5 3 shows a small best effort deployment using the building module architecture Figure 5 3 Best Effort Scenario In this...

Page 93: ...is built on top of the best effort scenario and in addition introduces replication and load balancing Figure 5 4 No Single Point of Failure Example Balancer Portal Server Directory Server Master Repl...

Page 94: ...u must acquire it separately from a third party vendor Multi master replication MMR takes places between the building modules The changes that occur on each directory are replicated to the other which...

Page 95: ...refer update requests to both masters SRA follows the same replication and load balancing pattern as Portal Server to achieve NSPOF As such two SRA Gateways and pair of proxies are necessary in this s...

Page 96: ...balancing is responsible for detecting Portal Server failures and redirecting users requests to a backup Portal Server in the building module Building Module 1 stores sessions in the sessions reposito...

Page 97: ...ff all outstanding connections that would have to be reestablished Building Module Constraints The constraints on the scalability of building modules are given by the number of LDAP writes resulting f...

Page 98: ...ossible dedicate a Directory Server instance for the sole use of the Portal Server instances in a building module See Figure 5 2 on page 89 Map the entire directory database indexes and cache in memor...

Page 99: ...of the project formulate them early on in the project once you have established your requirements When available use cases can provide valuable insight into how the system is to be tested Use cases ar...

Page 100: ...om High to Medium to Low Context of use Describes the setting or environment in which the use case occurs Scope Describes the conditions and limits of the use case Primary user Describes what kind of...

Page 101: ...more often than a specified amount of allowed retries access to the intranet should be revoked or limited deactivated until a system administrator reactivates the account In this case the portal user...

Page 102: ...ironment the Gateway and server configuration the installation of firewalls and user authentication through Directory Server and SSO through Access Manager In addition you can use certificates SSL enc...

Page 103: ...detects possible intrusion You can use a product such as Tripwire for Servers or Solaris Fingerprint Database available from SunSolve Online Using Platform Security Usually you install Portal Servers...

Page 104: ...ive tools to provide some additional flexibility These tools provide the mechanisms needed to create a fine grain access control to individual resources such as different UNIX commands For example thi...

Page 105: ...onal units and sub organizations Authentication API and SPI provides remote access to the full capabilities of the Authentication Service Utility API manages system resources Loggin API and SPI record...

Page 106: ...s Manager and Portal Server residing on separate nodes Figure 5 6 Portal Server and Access Manager on Different Nodes As a result of this implementation of Portal Server and Access Manager separation...

Page 107: ...wo Directory Servers where both the Access Manager and the Directory Servers operate in a Java Enterprise System Sun Clustered environment This configuration is ideal when Access Manager and Directory...

Page 108: ...gers This configuration could be implemented when the Portal Server resides on a high end medium to large server that is 1 to 4 processors with a very wide bandwidth network connection The Access Mana...

Page 109: ...chitecture shown in Figure 5 9 a redundancy of services exists for each of the product stack therefore most of the unplanned downtime can be minimized or eliminated However the planned downtime is sti...

Page 110: ...th module com iplanet am service secret AQICxIPLNc0WWQRVlYZN0PnKgyvq3gTU8JA9 REPLACE THIS STRING WITH THE ONE FROM FIRST PORTAL INSTALL 2 In etc opt SUNWam config ums modify the following areas in ser...

Page 111: ...users For Internet access use 128 bit SSL to provide the best security arrangement and encryption or communication between the user s browser and Portal Server The Gateway Netlet NetFile Netlet Proxy...

Page 112: ...e Gateway In the second firewall for HTTP or HTTPS traffic the Gateway can communicate directly with internal hosts If security policies do not permit it use SRA proxies between the Gateway and the in...

Page 113: ...If the client deployment is not going to use Netlet for securely running applications that need to communicate with intranet then use this setup for performance improvement You can extend this config...

Page 114: ...et Figure 5 12 Proxylet enables users to securely access intranet resources through the Internet without exposing these resources to the client It inherits the transport mode either HTTP or HTTPS from...

Page 115: ...re Remote Access 6 Administration Guide for details Figure 5 13 Multiple Gateway Instances NOTE Although Figure 5 13 on page 115 shows a 1 to 1 correspondence between the Gateway and the Portal Server...

Page 116: ...e the Netlet Proxy is within the intranet it can directly contact all the required application hosts without opening multiple ports in the second firewall The traffic between the Gateway in the DMZ an...

Page 117: ...tal Design 117 Figure 5 14 Netlet and Rewriter Proxies Gateway Gateway NetFile Netlet Client Client NetFile Netlet Portal Server Netlet Proxy Rewriter Proxy Host Host Host Portal Server Netlet Proxy R...

Page 118: ...to be directly accessible from the DMZ Figure 5 15 shows the Netlet Proxy and Rewriter Proxy on separate nodes Traffic from the Gateway is directed to the separate node which in turn directs the traff...

Page 119: ...ad balancers provide a failover mechanism for higher availability for redundancy of services on the Portal Servers and Access Managers Figure 5 16 Two Gateways and Netlet Proxy Gateway Gateway NetFile...

Page 120: ...ure an external SSL device to run in front of the Gateway in open mode It provides the SSL link between the client and SRA For information on accelerators see the Portal Server Secure Remote Access 6...

Page 121: ...ird party proxy to limit the number of ports in the second firewall to one You can configure the Gateway to use a third party proxy to reach the Rewriter and the Netlet Proxies Figure 5 18 Netlet and...

Page 122: ...and caching Figure 5 19 illustrates how you can configure a reverse proxy in front of the Gateway to serve both Internet and intranet content to authorized users Whenever the Gateway serves web conten...

Page 123: ...efault directories See the Portal Server 6 Developer s Guide for more information on localization Content and Design Implementation The Portal Desktop provides the primary end user interface for Porta...

Page 124: ...on on integration areas that you need to account for in your low level design Creating a Custom Access Manager Service Service Management in Access Manager provides a mechanism for you to define integ...

Page 125: ...tegration uses the provider API and SRA for secure access SRA is not an integration type on its own Examples include FatWire Interwoven SAP Tarantella Documentum Vignette PeopleSoft Siebel Citrix and...

Page 126: ...e to which an application integrates in Portal Server can be viewed as follows Shallow integration This integration essentially uses the Portal Server as a launch point The user logs in to the portal...

Page 127: ...r suborganizations can be nested The depth of the nested structure is not limited Roles are a grouping mechanism designed to be more efficient and easier to use for applications Each role has members...

Page 128: ...lication coding Additionally you can modify the application to validate against Access Manager directly Standalone Java application In this scenario you modify the application to validate user credent...

Page 129: ...base and flat file and how frequently the data is updated Finally you need to understand how the business logic is applied for processing the data so that the provider can deliver a personalized chann...

Page 130: ...ntication service through a Portal Desktop channel This provider enables anonymous Portal Desktop login so that a user can log in directly from the Portal Desktop XMLProvider Transforms an XML documen...

Page 131: ...he portal The client type is then used to select the portal template and JSP files and the character encoding that is used for output Sun Java System Portal Server Mobile Access 6 3 software extends t...

Page 132: ...Identity and Directory Structure Design 132 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 133: ...ghly tested your portal and operated it as a trial deployment to test and refine your design Monitoring and Tuning Monitoring and tuning your portal deployment is an ongoing cyclical process in which...

Page 134: ...and can cause the file system to quickly run out of disk space The ERROR level logs all error conditions and exceptions Documenting the Portal A comprehensive set of documentation on how your portal f...

Page 135: ...onforms to published performance numbers Establishing a performance baseline helps you to understand infrastructure issues that can severely impact the performance of a production portal Nevertheless...

Page 136: ...o unnoticed most of the time but any monitoring scripts that measure the performance of the system need to account for the possibility that a full GC might occur Measuring the frequency of full GCs is...

Page 137: ...a file or to the console and also is used to turn off the logs You must restart the server for changes to take effect Logs are not created until the system detects activity The cache hit ratio displa...

Page 138: ...udes which channels are accessed how long the channels are accessed and the ability to build a user behavioral pattern of the portal However you can build a Java servlet that would intercept every Por...

Page 139: ...tallation directory for configuration information etc portal server install root SUNWps Default installation directory for SDK portal server install root SUNWps sdk Temporary files usr tmp Debug files...

Page 140: ...al server install root SUNWps bin Tag library definitions etc portal server install root SUNWps desktop default tld tld Display profile DTD portal server install root SUNWps dtd psdp dtd Java properti...

Page 141: ...s stored using the Sun Java System Access Manager Services Management function Access Manager provides the bootstrap configuration file that is needed to find the Sun Java System Directory Server The...

Page 142: ...Configuration Files 142 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 143: ...addition to performance issues many of these tools can be used to detect other types of bottlenecks at the overall operating system level Many tool descriptions provide sample output suggestions for...

Page 144: ...a means of smoothing the data by removing spikes that could mislead the result Output mpstat 10 CPU minf mjf xcal intr ithr csw icsw migr smtx srw syscl usr sys wt idl 0 1 0 5529 442 302 419 166 12 1...

Page 145: ...ee columns represent CPU saturation A well tuned application under full load 0 idle should be within 80 to 90 usr and 20 to 10 sys times respectively A smaller percentage value for sys reflects more t...

Page 146: ...a bottleneck w Percentage of time transactions are waiting for service queue non empty asvc_t Reports on average response time of active transactions in milliseconds This option is mislabeled asvc_t i...

Page 147: ...an be calculated using the following equation Bandwidth Used Total number of Packets Polling Interval 10 MTU 1500 default The current MTU for an interface can be found with ifconfig a netstat I hme0 1...

Page 148: ...network bandwidth Steps that possibly can be taken upgrade to a switched network more network interfaces are a possible solution or upgrade to a higher bandwidth network to accommodate your network tr...

Page 149: ...referenced in the Solaris Administration Guide ondd set dev tcp tcp_conn_req_max_q value ondd set dev tcp tcp_conn_req_max_q0 value netstat a grep your_hostname wc l Running this command gives a rough...

Page 150: ...tune_t_flushr autoup controls the amount of memory examined for dirty pages in each invocation and frequency of file system sync operations set autoup value The value of autoup is also used to contro...

Page 151: ...ore information ndd set dev tcp tcp_keepalive_interv al 900000 The time in milliseconds a TCP connection stays in KEEP ALIVE state Refer to RFC 1122 4 2 2 13 for more information ndd set dev tcp tcp_c...

Page 152: ...Tuning Parameters for etc system 152 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 153: ...erver The Sun Java System Portal Server product provides support for the following application servers to be used as the web application container in addition to the Java Web Server software Sun Java...

Page 154: ...ailover of application logic to provide scalability Portal Server and Access Manager are not pure web applications Instead these applications are composed of local files residing on a machine and thre...

Page 155: ...ents the Enterprise edition supports horizontal scalability and service continuity via a load balancer plug in and cluster management The Enterprise edition also supports session continuity via the Hi...

Page 156: ...plication you use the name of the cluster not the name of the individual servers After the deployment the web application is identically deployed to all machines in the cluster Session failover in BEA...

Page 157: ...ation server This is the default installation Server group A server group is a template for creating additional nearly identical copies of an application server configuration This is the equivalent of...

Page 158: ...Portal Server on an Application Server Cluster 158 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 159: ...eshooting SRA Troubleshooting Portal Server This sections contains troubleshooting information for Sun Java System Portal Server UNIX Processes For the portal to be functioning properly check that the...

Page 160: ...the Search Database The Search database maintains recoverable transaction logs Thus under normal circumstances you do not have to do anything to recover the database Recovery from errors and transien...

Page 161: ...l This example reloads the contents of the display profile from the tmp updated_displayxml file High CPU Utilization for Portal Server Instance When using the Cisco Content Services Switch you might s...

Page 162: ...rver install root SUNWam servers https servername config 2 Edit the server xml file within this directory and add the following lines http proxyHost proxy host http proxyPort proxy port http nonProxyH...

Page 163: ...ug directory 4 Restart the Gateway from a terminal window gateway install root SUNWps bin gateway n gateway profile name start Introduction to shooter The shooter tool captures all the information tha...

Page 164: ...ooter The shooter tool includes five files as described below shooter sh This is the main script Run this script after a test or just before starting a test on the SRA installation From portal server...

Page 165: ...with the rest of the data uniq pl This script is used internally by shooter to find unique lines and their count The advantage over the system uniq script is that it finds non adjacent unique lines GW...

Page 166: ...Troubleshooting SRA 166 Portal Server 6 2005Q1 Deployment Planning Guide var opt SUNWps debug srapNetFile Netlet var opt SUNWps debug srapNetlet_Gateway hostname_Gateway profile name...

Page 167: ...l check and elaborate on all that apply Reducing procurement cost Reducing the cost of sharing information with customers suppliers or partners Eliminating the cost of maintaining many point solutions...

Page 168: ...Questions 1 Who are the stakeholders of this portal 2 Who are the business owners department organization or an individual within your organization who would expose the content or application service...

Page 169: ...ion to contribute their content or applications for your portal 7 What project management architect and technical implementation resources do you have available to help develop this portal 8 Who sets...

Page 170: ...department project onetime event Table E 7 Architecture Questions 1 Do you already have an existing architecture strategy Do you have the capabilities to implement a new architecture solution What te...

Page 171: ...for each major task 9 What is the size of the target user community 10 How many concurrent users 11 What is the range of portal usage 12 What is the geographical distribution of your user base 13 Do...

Page 172: ...onal requirements Collect technical requirements Summarize technical requirements Confirm technical requirements Prepare combined requirements document Deliver requirements 2 Design Develop Solution A...

Page 173: ...em Portal Server software and optionally Sun Java System Portal Server Secure Remote Access software install appropriate supporting software Install application server if needed Install other software...

Page 174: ...and approval of modifications LDAP Directory Setup Confer with stakeholders to establish proper schema Establish modifications for software Establish methods for software modifications Create softwar...

Page 175: ...ponsibilities Obtain integration test scenarios Review test conditions and acceptance criteria and revise Develop user acceptance test schedule Prepare acceptance test log and update with scenario tes...

Page 176: ...quired Track test progress Obtain test approval Summarize and communicate results to stakeholders 4 Deployment Production Confirm Approach Review with stakeholders and establish implementation locatio...

Page 177: ...ents for all personnel Establish training schedules Establish training staff Prepare materials for training Train administrators Train maintenance providers Capture training feedback Incorporate feedb...

Page 178: ...Portal Design Task List 178 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 179: ...on the same server The sample Portal does not support the Linux platform IBM and BEA web containers are not supported Configuration files deployment and Application Programming Interfaces are the same...

Page 180: ...Comparison of Solaris and Linux Path Names 180 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 181: ...181 Glossary Refer to the Java Enterprise System Glossary http docs sun com doc 816 6873 for a complete list of terms that are used in this documentation set...

Page 182: ...182 Portal Server 6 2005Q1 Deployment Planning Guide...

Page 183: ...ingle sign on 28 Web Agent 128 Access Manager SDK components 105 administration console tasks 28 aggregation description and benefits 59 strategy 129 Allowed URLs and Denied URLs lists Gateway 40 NetF...

Page 184: ...52 client detection API 131 client support 131 clustering application servers 154 session failover 154 collaborative portals 22 Collaborative services 23 communication links 86 components Access Manag...

Page 185: ...oubleshooting 160 DTD location 140 extracting 161 location for provider 139 properties 123 reloading 161 DIT 127 DMZ description 82 104 document level security 99 documentation overview 16 documenting...

Page 186: ...c authentication 39 HTTP proxy configuring 162 HttpSession failover 91 I IBM WebSphere Application Server overview 157 identifying requirements 51 Identity management features and benefits 54 implemen...

Page 187: ...connections Portal Server 43 multithreading and mpstat 144 NetFile 47 N NetFile access control 46 Allowed URLs or Denied URLs 46 applet 45 components 44 compression 47 compression types 47 initializa...

Page 188: ...uration files 139 design approach 79 directory structure 139 documenting functions 134 hardware and applications 68 high availability 84 high level design 80 instance and servlets 87 instance descript...

Page 189: ...database and robot 57 recovering 160 Search Engine description and benefits 57 functions 67 structure 98 search engine sizing factors 66 search NetFile 47 searchURL property 99 secure mode 26 securin...

Page 190: ...n channel 57 Sudo 104 Sun Cluster software 90 Sun Crypto Accelerator 1000 board 76 Sun Java System Application Server overview 155 SuperAdmin Role 127 support Solaris 18 system availability 84 85 syst...

Page 191: ...Section W Index 191 VPN 56 VPN client 43 W WAR file 32 and application servers 154 to deploy software 31 web containers supported 153 workload conditions 69 worksheets 167 X XMLProvider 130...

Page 192: ...Section X 192 Portal Server 6 2005Q1 Deployment Planning Guide...

Reviews:

No comments

Related manuals for Portal Server 6 2005Q1

Brand: DAVIS Pages: 20

Brand: IBM Pages: 25

ENTERPRISE VIRTUALIZATION FOR DESKTOPS

Brand: Red Hat Pages: 14

SimNow Simulator 4.4.5

Brand: AMD Pages: 269

MPX NATIVE REVERB PLUG-IN

Brand: Lexicon Pages: 24

BlackArmor WS 110

Brand: Seagate Pages: 2

Brand: Pioneer Pages: 28

Brand: Pioneer Pages: 28

Brand: Ulead Pages: 60

Remote Client 4.0.1

Brand: Q-See Pages: 72

Brand: Packet8 Pages: 43

PowerVideo Plus

Brand: EverFocus Pages: 80

Brand: Yamaha Pages: 8

DREAMWEAVER 8-GETTING STARTED WITH...

Brand: MACROMEDIA Pages: 326

FLASH 8-EXTENDING FLASH

Brand: MACROMEDIA Pages: 554

FLASH MX 2004-LEARNING FLASH

Brand: MACROMEDIA Pages: 122

Image Acquisition Software

Brand: National Instruments Pages: 68

850DP - Phaser Color Solid Ink Printer

Brand: Xerox Pages: 33

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands