Sun Microsystems Portal Server 6 2005Q1 Скачать руководство пользователя страница 103 | Manualshive

Страница: 103 / 192

background image

Designing Portal Security Strategies

Chapter 5

Creating Your Portal Design

103

•

Minimize the size of the operating environment installation

. When installing

a Sun server in an environment that is exposed to the Internet, or any untrusted
network, reduce the Solaris installation to the minimum number of packages
necessary to support the applications to be hosted. Achieving minimization in
services, libraries, and applications helps increase security by reducing the
number of subsystems that must be maintained.

The Solaris™ Security Toolkit software provides a flexible and extensible
mechanism to minimize, harden, and secure Solaris Operating Environment
systems. The primary goal behind the development of this toolkit is to simplify
and automate the process of securing Solaris systems. Please see:

http://www.sun.com/software/security/jass/

•

Track and monitor file system changes

. Within systems that require inclusion

of security, a file change control and audit tool is indispensable as it tracks
changes in files and detects possible intrusion. You can use a product such as
Tripwire for Servers, or Solaris Fingerprint Database (available from SunSolve
Online).

Using Platform Security

Usually you install Portal Servers in a trusted network. However, even in this
secure environment, security of these servers requires special attention.

UNIX User Installation

You can install and configure Portal Server to run under three different UNIX
users:

•

root

. This is the default option. All Portal Server components are installed and

configured to run as the system superuser. Some security implications arise
from this configuration:

❍

An application bug can be exploited to gain

root

access to the system.

❍

You need

root

access to modify some of the templates. This raises

potential security concerns as this responsibility is typically delegated to
non-system administrators who can pose a threat to the system.

•

User

nobody

. You can install Portal Server as the user

nobody

(uid 60001). This

can improve the security of the system, because the user

nobody

does not have

any privileges and cannot create, read, or modify the system files. This feature
prevents user

nobody

from using Portal Server to gain access to system files

and break into the system.

«
...
101
102
103
104
105
...
»

Содержание Portal Server 6 2005Q1

Страница 1: ...Sun Java System Portal Server 6 Deployment Planning Guide 2005Q1 Sun Microsystems Inc 4150 Network Circle Santa Clara CA 95054 U S A Part No 817 7697...

Страница 2: ...ms Inc d tient les droits de propri t intellectuels relatifs la technologie incorpor e dans le produit qui est d crit dans ce document En particulier et ce sans limitation ces droits de propri t intel...

Страница 3: ...sing Sun Resources Online 18 Contacting Sun Technical Support 18 Related Third Party Web Site References 18 Sun Welcomes Your Comments 19 Chapter 1 Portal Server Architecture 21 What is a Portal 21 Ty...

Страница 4: ...ion 39 Gateway and SSL Support 39 Gateway Access Control 40 Gateway Logging 41 Using Accelerators with the Gateway 41 Netlet 41 Static and Dynamic Port Applications 41 Netlet and Application Integrati...

Страница 5: ...77 Chapter 5 Creating Your Portal Design 79 Portal Design Approach 79 Overview of High Level Portal Design 80 Overview of Low Level Portal Design 81 Logical Portal Architecture 81 Portal Server and Sc...

Страница 6: ...alization 123 Content and Design Implementation 123 Integration Design 124 Identity and Directory Structure Design 127 Implementing Single Sign On 128 Portal Desktop Design 128 Client Support 131 Chap...

Страница 7: ...9 Troubleshooting Portal Server 159 UNIX Processes 159 Log Files 160 Recovering the Search Database 160 Working with the Display Profile 160 High CPU Utilization for Portal Server Instance 161 Configu...

Страница 8: ...8 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 9: ...e 5 6 Portal Server and Access Manager on Different Nodes 106 Figure 5 7 Two Portal Servers and One Access Manager 107 Figure 5 8 One Portal Server and Two Access Managers 108 Figure 5 9 Two Portal Se...

Страница 10: ...10 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 11: ...l User 101 Table A 1 Portal Server Directories 139 Table A 2 Portal Server SRA Directories 140 Table B 1 Performance Analysis Tools 143 Table B 2 etc system Options 150 Table B 3 TCP IP Options 150 Ta...

Страница 12: ...12 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 13: ...ver Secure Remote Access is a component of Sun Java Enterprise System a software infrastructure that supports enterprise applications distributed across a network or Internet environment You should be...

Страница 14: ...the intranet Chapter 3 Identifying and Evaluating Your Business and Technical Requirements on page 51 This chapter describes how to analyze your organization s needs and requirements that lead to des...

Страница 15: ...Server software and the Portal Server Secure Remote Access SRA product Appendix E Portal Deployment Worksheets on page 167 This appendix provides various worksheets to help in the deployment process...

Страница 16: ...ese are called class options Do not save the file The file is located in the install dir bin directory Book Title Description Portal Server Administration Guide http docs sun com db doc 817 7691 Descr...

Страница 17: ...7 6257 Portal Server Mobile Access Tag Library Reference http docs sun com doc 817 6260 Other Server Documentation For other server documentation go to the following Directory Server documentation htt...

Страница 18: ...eloper Information http developers sun com prodtech index html Contacting Sun Technical Support If you have technical questions about this product that are not answered in the product documentation go...

Страница 19: ...http docs sun com and click Send Comments In the online form provide the document title and part number The part number is a seven digit or nine digit number that can be found on the title page of th...

Страница 20: ...Sun Welcomes Your Comments 20 Portal Server Secure Remote Access 6 2005Q1 Administration Guide...

Страница 21: ...Portal Server Architecture Identity Management A Typical Portal Server Installation What is a Portal Portals provide the user with a single point of access to a wide variety of content data and servic...

Страница 22: ...ssified as a portal For this reason portals have many different uses and can be classified as one of the following Collaborative Portals Business Intelligence Portals Collaborative Portals Collaborati...

Страница 23: ...d predefined queries and are associated with financial management customer relationship management and supply chain performance management Business intelligence portals also provide access to business...

Страница 24: ...web service remote portlet Publishing and managing content provided by third party applications such as FatWire Sun Java System Portal Server Portal Server is a component of the Sun Java Enterprise Sy...

Страница 25: ...sers receive secure encrypted access to the content and services that users have permission to access SRA is targeted toward enterprises deploying highly secure remote access portals These portals emp...

Страница 26: ...he Portal Server system across the Internet through the single firewall or from a web proxy server that sits behind a firewall Figure 1 1 Portal Server in Open Mode Portal Server in Secure Mode In sec...

Страница 27: ...ion and Portal Desktop reside behind the DMZ in the secured intranet Communication from the client browser to the Gateway is encrypted using HTTP over Secure Sockets Layer SSL Communication from the G...

Страница 28: ...e sign on SSO with any product that also uses the Access Manager SSO mechanism The SSO mechanism uses encoded cookies to maintain session state Another layer of security is provided by SRA It uses HTT...

Страница 29: ...n schema Web Containers Sun Java System Web Server Sun Java System Application Server Enterprise Edition The following web containers can be used in place of the Web Server and Application Server soft...

Страница 30: ...ervers running applications on your intranet Directory Server node The server running Directory Server software You can install Directory Server on a non portal node Other servers These servers such a...

Страница 31: ...packages do not contain WAR or EAR files The packages do contain web xml fragments that are used to construct the Portal Server WAR file at installation time This dynamically constructed file is then...

Страница 32: ...need to install this package on a development system so that they can compile classes that use the API If a component does not export any public Java APIs it would not have this package Compatibility...

Страница 33: ...The portal node portal search node and directory server are hosted on the internal network where users have access to systems and services ranging from individual employee desktop systems to legacy s...

Страница 34: ...Architecture for a Business to Employee Portal Telecommuter Airport Hotel Kiosks Branch Offices Remote Offices Customers Suppliers Behind Firewall Internet DMZ Gateway Gateway Mail Web Server Proxy Ca...

Страница 35: ...igure 1 4 shows a Portal Server deployment with SRA services See Chapter 2 Portal Server Secure Remote Access Architecture for details Figure 1 4 SRA Deployment Gateway Portal Netlet Proxy Application...

Страница 36: ...A Typical Portal Server Installation 36 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 37: ...ts SRA Gateway Netlet Netlet Proxy NetFile Rewriter Rewriter Proxy Proxylet SRA Gateway The SRA Gateway is a standalone Java process that can be considered to be stateless since state information can...

Страница 38: ...users to access the same Gateway extranet users over HTTPS and intranet users over HTTP without the overhead of SSL You can also run the Gateway in chroot environments See the Portal Server Secure Re...

Страница 39: ...c authentication the client prompts for user name and password and sends the information back to the requesting server With the Gateway enabled for HTTP basic authentication it captures the user name...

Страница 40: ...has been established the Gateway continues to receive the incoming requests checks session validity and then forwards the request to the destination web server The Gateway server handles all Netlet tr...

Страница 41: ...t to the intranet applications through the Netlet are controlled by Netlet rules A Netlet applet running on the browser sets up an encrypted TCP IP tunnel between the remote client machine and intrane...

Страница 42: ...el port dynamically Currently FTP and Microsoft Exchange are the only dynamic port applications that Portal Server supports NOTE Although Microsoft Exchange 2000 is supported with Netlet the following...

Страница 43: ...d to the portal site it does prevent unauthorized users from piggybacking on other users s sessions in the following ways Netlet is an application specific VPN and not a general purpose IP router Netl...

Страница 44: ...ple Netlet Proxies behind the second firewall to avoid a single point of failure You could also use a third party proxy to use only one port in the second firewall NetFile NetFile enables remote acces...

Страница 45: ...nnects back to the servlet to get its own configuration such as size locale resource bundle as well as user settings and preferences NetFile obtains the locale information and other user information s...

Страница 46: ...As part of the NetFile service you can configure the Allowed URLs or Denied URLs lists to allow or deny access to servers at the organization role or user level The Denied URLs list takes precedence o...

Страница 47: ...hile working with the shares The ISO 8859 1 encoding is capable of handling most common languages ISO 8859 1 encoding gives NetFile the capability to list files in any language and to transferring fil...

Страница 48: ...d URIs are translated 5 The original URI is replaced with the rewritten URI 6 This process is repeated until the end of the document is reached 7 The resultant Rewriter output is routed to the browser...

Страница 49: ...run on SSL Proxylet establishes a secure channel between the client machine and the Gateway Proxylet uses the JSSE API if the client JVM is 1 4 or higher or if the required jar files reside on the cli...

Страница 50: ...Proxylet 50 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 51: ...gn issues This chapter contains the following sections Business Objectives Technical Goals Mapping Portal Server Features to Your Business Needs Understanding User Behaviors and Patterns Business Obje...

Страница 52: ...rget audience What services or functions will the portal deliver to users How will the target audience benefit from the portal What are the priorities for the portal If you plan to deploy your portal...

Страница 53: ...chitectural solution for your portal The reasons you are offering your portal have a direct affect on how you implement your portal You must define target population performance standards and other fa...

Страница 54: ...across the organization and sometimes outside the organization while accessing content applications and services The challenges include Who is using an application In what capacity do users serve the...

Страница 55: ...user is authenticated the SSO API takes over Each time the authenticated user tries to access a protected page the SSO API determines if the user has the permissions required based on their authentic...

Страница 56: ...ernal DMZ based Gateways SRA core Users achieve remote access through four components Gateway NetFile Netlet Proxylet This component has four parts Gateway Controls communication between the Portal Se...

Страница 57: ...pen only two ports one between the Gateway and the Rewriter Proxy and another between the Gateway and the Portal Server HTTP traffic is now secure between the Gateway and the intranet even if the dest...

Страница 58: ...ses employee productivity improves customer relationships and streamlines business relationships by providing quick and personalized access to content and services Enable users to customize content Po...

Страница 59: ...ome types of channels Users no longer have to search for the information Instead the information finds them Consistent set of tools Users get a set of tools like web based email and calendaring softwa...

Страница 60: ...or existing applications Do you have web traffic analysis figures for an existing portal How many visitor sessions or number of single visitor visits are likely within a predefined period of time Is p...

Страница 61: ...bjectives include the number of users the number of concurrent users at peak load time and their usage pattern in accessing Sun Java System Portal Server You need to determine these two factors Are yo...

Страница 62: ...h This means not just sizing for today s needs but future needs and capacity This includes usual peaks after users return from a break such as a weekend or holiday or if usage is increased over time b...

Страница 63: ...rmance problems See Portal Sizing on page 63 3 Develop and refine the prototype workload that closely simulates the anticipated production environment agreed between you and the portal administrators...

Страница 64: ...lowing metrics for input to the sizing tool Peak Numbers Average Time Between Page Requests Concurrent Users Average Session Time Search Engine Factors Other performance metrics that affect the number...

Страница 65: ...ms are contained on the page Though web server logs record page requests using the log to calculate the average time between requests on a user basis is not feasible To calculate the average time betw...

Страница 66: ...he session time is inversely proportional to the number of logins occurring that is the longer the session duration the fewer logins per second are generated against Portal Server for the same concurr...

Страница 67: ...scans Each function uses different search algorithms and data structures Because differences in search algorithms and data structures increase as the number of search and indexed terms increase the ty...

Страница 68: ...ructure carefully when you use channels that Scrape their content from external sources Access corporate databases which typically have slow response times Provide email content Provide calendar conte...

Страница 69: ...stem capacity Portal Server capacity begins to be impacted when large numbers of users log in As more users login users use more of the available memory and subsequently less memory is available to pr...

Страница 70: ...an application server is to integrate portal providers with Enterprise JavaBeans architecture and other J2EE technology stack constructs such as JDBC and JCA running on the application server These o...

Страница 71: ...ure Use your baseline sizing figure as a reference point Expect variations from your baseline sizing figure Learn from the experience of others Use your own judgement and knowledge Examine other facto...

Страница 72: ...izing estimate A single machine can have one Gateway installation but multiple instances SRA enables you to install multiple Gateways each running multiple instances Your design decisions help you mak...

Страница 73: ...otential users for the secure portal See Concurrent Sessions on page 139 for more information on estimating this number Expected percentage of total users using the Gateway at maximum load Apply a per...

Страница 74: ...teway needs to determine whether the incoming traffic is Netlet traffic or Portal Server traffic Disabling Netlet reduces this overhead since the Gateway assumes that all incoming traffic is either HT...

Страница 75: ...redentials initializing the session and delivering initial content The Measured CPU Performance characteristic associated with the Login Type is the Initial Desktop Display variable Desktop Type Descr...

Страница 76: ...et application byte size The Netlet dynamically determines the block size based on the application that is used Block size determined by Netlet for a Telnet is based on the amount of data transferred...

Страница 77: ...rtal Server and SRA in different domains on the same Sun Enterprise midframe machine The normal CPU and memory requirements that pertain to Portal Server and SRA still apply you would implement the re...

Страница 78: ...SRA Sizing 78 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 79: ...uilding Modules Designing Portal Use Case Scenarios Designing Portal Security Strategies Portal Server and Access Manager on Different Nodes Designing SRA Deployment Scenarios Designing for Localizati...

Страница 80: ...loped the high level design leads toward the creation of the low level design The low level design specifies such items as the physical architecture network infrastucture Portal Desktop channel and co...

Страница 81: ...and feeds Access Manager architecture including the strategy and design of organizations suborganizations roles groups and users which is critical to long term success Integration strategy including...

Страница 82: ...ications web content servers and application servers The Portal Server and Directory Server reside here The logical architecture describes the Portal Desktop look and feel including potential items su...

Страница 83: ...this by planning and sizing to the number of CPUs you need See Chapter 4 Pre Deployment Considerations for more information Horizontal Scaling In horizontal scaling machines are added This also enable...

Страница 84: ...r is that not all systems have the same level of availability requirements Most applications can be categorized into the following three groups Task critical Affects limited number of users not visibl...

Страница 85: ...ility of the system to recover from failures and ways of measuring system availability The degree of high availability depends on your specific organization s fault tolerance requirements and ways of...

Страница 86: ...erver component and redirect requests to other servers In secure mode Gateway components can detect the presence of a failed server component and redirect requests to other servers This is valid as lo...

Страница 87: ...affic is directed to the appropriate servlet Communication occurs between the Authentication service s LDAP module and the LDAP authentication server between the Communications channel servlet and the...

Страница 88: ...sers do not notice this because Portal Server services can rebuild a user context from the user s profile and by using contextual data stored in the request While this statement is generally true for...

Страница 89: ...e A Portal Server building module is a hardware and software construct with limited or no dependencies on shared services A typical deployment uses multiple building modules to achieve optimum perform...

Страница 90: ...nents However in the case of failures user sessions are lost Transparent Failover The system is always available but in addition to NSPOF failover to a backup instance occurs transparently to end user...

Страница 91: ...cessary for Best Effort Deployment Necessary for NSPOF Deployment Necessary for Transparent Failover Deployment Hardware Redundancy Yes Yes Yes Portal Server Building Modules No Yes Yes Multi master C...

Страница 92: ...ume management system which prevents loss of data in case of a disk crash Figure 5 3 shows a small best effort deployment using the building module architecture Figure 5 3 Best Effort Scenario In this...

Страница 93: ...is built on top of the best effort scenario and in addition introduces replication and load balancing Figure 5 4 No Single Point of Failure Example Balancer Portal Server Directory Server Master Repl...

Страница 94: ...u must acquire it separately from a third party vendor Multi master replication MMR takes places between the building modules The changes that occur on each directory are replicated to the other which...

Страница 95: ...refer update requests to both masters SRA follows the same replication and load balancing pattern as Portal Server to achieve NSPOF As such two SRA Gateways and pair of proxies are necessary in this s...

Страница 96: ...balancing is responsible for detecting Portal Server failures and redirecting users requests to a backup Portal Server in the building module Building Module 1 stores sessions in the sessions reposito...

Страница 97: ...ff all outstanding connections that would have to be reestablished Building Module Constraints The constraints on the scalability of building modules are given by the number of LDAP writes resulting f...

Страница 98: ...ossible dedicate a Directory Server instance for the sole use of the Portal Server instances in a building module See Figure 5 2 on page 89 Map the entire directory database indexes and cache in memor...

Страница 99: ...of the project formulate them early on in the project once you have established your requirements When available use cases can provide valuable insight into how the system is to be tested Use cases ar...

Страница 100: ...om High to Medium to Low Context of use Describes the setting or environment in which the use case occurs Scope Describes the conditions and limits of the use case Primary user Describes what kind of...

Страница 101: ...more often than a specified amount of allowed retries access to the intranet should be revoked or limited deactivated until a system administrator reactivates the account In this case the portal user...

Страница 102: ...ironment the Gateway and server configuration the installation of firewalls and user authentication through Directory Server and SSO through Access Manager In addition you can use certificates SSL enc...

Страница 103: ...detects possible intrusion You can use a product such as Tripwire for Servers or Solaris Fingerprint Database available from SunSolve Online Using Platform Security Usually you install Portal Servers...

Страница 104: ...ive tools to provide some additional flexibility These tools provide the mechanisms needed to create a fine grain access control to individual resources such as different UNIX commands For example thi...

Страница 105: ...onal units and sub organizations Authentication API and SPI provides remote access to the full capabilities of the Authentication Service Utility API manages system resources Loggin API and SPI record...

Страница 106: ...s Manager and Portal Server residing on separate nodes Figure 5 6 Portal Server and Access Manager on Different Nodes As a result of this implementation of Portal Server and Access Manager separation...

Страница 107: ...wo Directory Servers where both the Access Manager and the Directory Servers operate in a Java Enterprise System Sun Clustered environment This configuration is ideal when Access Manager and Directory...

Страница 108: ...gers This configuration could be implemented when the Portal Server resides on a high end medium to large server that is 1 to 4 processors with a very wide bandwidth network connection The Access Mana...

Страница 109: ...chitecture shown in Figure 5 9 a redundancy of services exists for each of the product stack therefore most of the unplanned downtime can be minimized or eliminated However the planned downtime is sti...

Страница 110: ...th module com iplanet am service secret AQICxIPLNc0WWQRVlYZN0PnKgyvq3gTU8JA9 REPLACE THIS STRING WITH THE ONE FROM FIRST PORTAL INSTALL 2 In etc opt SUNWam config ums modify the following areas in ser...

Страница 111: ...users For Internet access use 128 bit SSL to provide the best security arrangement and encryption or communication between the user s browser and Portal Server The Gateway Netlet NetFile Netlet Proxy...

Страница 112: ...e Gateway In the second firewall for HTTP or HTTPS traffic the Gateway can communicate directly with internal hosts If security policies do not permit it use SRA proxies between the Gateway and the in...

Страница 113: ...If the client deployment is not going to use Netlet for securely running applications that need to communicate with intranet then use this setup for performance improvement You can extend this config...

Страница 114: ...et Figure 5 12 Proxylet enables users to securely access intranet resources through the Internet without exposing these resources to the client It inherits the transport mode either HTTP or HTTPS from...

Страница 115: ...re Remote Access 6 Administration Guide for details Figure 5 13 Multiple Gateway Instances NOTE Although Figure 5 13 on page 115 shows a 1 to 1 correspondence between the Gateway and the Portal Server...

Страница 116: ...e the Netlet Proxy is within the intranet it can directly contact all the required application hosts without opening multiple ports in the second firewall The traffic between the Gateway in the DMZ an...

Страница 117: ...tal Design 117 Figure 5 14 Netlet and Rewriter Proxies Gateway Gateway NetFile Netlet Client Client NetFile Netlet Portal Server Netlet Proxy Rewriter Proxy Host Host Host Portal Server Netlet Proxy R...

Страница 118: ...to be directly accessible from the DMZ Figure 5 15 shows the Netlet Proxy and Rewriter Proxy on separate nodes Traffic from the Gateway is directed to the separate node which in turn directs the traff...

Страница 119: ...ad balancers provide a failover mechanism for higher availability for redundancy of services on the Portal Servers and Access Managers Figure 5 16 Two Gateways and Netlet Proxy Gateway Gateway NetFile...

Страница 120: ...ure an external SSL device to run in front of the Gateway in open mode It provides the SSL link between the client and SRA For information on accelerators see the Portal Server Secure Remote Access 6...

Страница 121: ...ird party proxy to limit the number of ports in the second firewall to one You can configure the Gateway to use a third party proxy to reach the Rewriter and the Netlet Proxies Figure 5 18 Netlet and...

Страница 122: ...and caching Figure 5 19 illustrates how you can configure a reverse proxy in front of the Gateway to serve both Internet and intranet content to authorized users Whenever the Gateway serves web conten...

Страница 123: ...efault directories See the Portal Server 6 Developer s Guide for more information on localization Content and Design Implementation The Portal Desktop provides the primary end user interface for Porta...

Страница 124: ...on on integration areas that you need to account for in your low level design Creating a Custom Access Manager Service Service Management in Access Manager provides a mechanism for you to define integ...

Страница 125: ...tegration uses the provider API and SRA for secure access SRA is not an integration type on its own Examples include FatWire Interwoven SAP Tarantella Documentum Vignette PeopleSoft Siebel Citrix and...

Страница 126: ...e to which an application integrates in Portal Server can be viewed as follows Shallow integration This integration essentially uses the Portal Server as a launch point The user logs in to the portal...

Страница 127: ...r suborganizations can be nested The depth of the nested structure is not limited Roles are a grouping mechanism designed to be more efficient and easier to use for applications Each role has members...

Страница 128: ...lication coding Additionally you can modify the application to validate against Access Manager directly Standalone Java application In this scenario you modify the application to validate user credent...

Страница 129: ...base and flat file and how frequently the data is updated Finally you need to understand how the business logic is applied for processing the data so that the provider can deliver a personalized chann...

Страница 130: ...ntication service through a Portal Desktop channel This provider enables anonymous Portal Desktop login so that a user can log in directly from the Portal Desktop XMLProvider Transforms an XML documen...

Страница 131: ...he portal The client type is then used to select the portal template and JSP files and the character encoding that is used for output Sun Java System Portal Server Mobile Access 6 3 software extends t...

Страница 132: ...Identity and Directory Structure Design 132 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 133: ...ghly tested your portal and operated it as a trial deployment to test and refine your design Monitoring and Tuning Monitoring and tuning your portal deployment is an ongoing cyclical process in which...

Страница 134: ...and can cause the file system to quickly run out of disk space The ERROR level logs all error conditions and exceptions Documenting the Portal A comprehensive set of documentation on how your portal f...

Страница 135: ...onforms to published performance numbers Establishing a performance baseline helps you to understand infrastructure issues that can severely impact the performance of a production portal Nevertheless...

Страница 136: ...o unnoticed most of the time but any monitoring scripts that measure the performance of the system need to account for the possibility that a full GC might occur Measuring the frequency of full GCs is...

Страница 137: ...a file or to the console and also is used to turn off the logs You must restart the server for changes to take effect Logs are not created until the system detects activity The cache hit ratio displa...

Страница 138: ...udes which channels are accessed how long the channels are accessed and the ability to build a user behavioral pattern of the portal However you can build a Java servlet that would intercept every Por...

Страница 139: ...tallation directory for configuration information etc portal server install root SUNWps Default installation directory for SDK portal server install root SUNWps sdk Temporary files usr tmp Debug files...

Страница 140: ...al server install root SUNWps bin Tag library definitions etc portal server install root SUNWps desktop default tld tld Display profile DTD portal server install root SUNWps dtd psdp dtd Java properti...

Страница 141: ...s stored using the Sun Java System Access Manager Services Management function Access Manager provides the bootstrap configuration file that is needed to find the Sun Java System Directory Server The...

Страница 142: ...Configuration Files 142 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 143: ...addition to performance issues many of these tools can be used to detect other types of bottlenecks at the overall operating system level Many tool descriptions provide sample output suggestions for...

Страница 144: ...a means of smoothing the data by removing spikes that could mislead the result Output mpstat 10 CPU minf mjf xcal intr ithr csw icsw migr smtx srw syscl usr sys wt idl 0 1 0 5529 442 302 419 166 12 1...

Страница 145: ...ee columns represent CPU saturation A well tuned application under full load 0 idle should be within 80 to 90 usr and 20 to 10 sys times respectively A smaller percentage value for sys reflects more t...

Страница 146: ...a bottleneck w Percentage of time transactions are waiting for service queue non empty asvc_t Reports on average response time of active transactions in milliseconds This option is mislabeled asvc_t i...

Страница 147: ...an be calculated using the following equation Bandwidth Used Total number of Packets Polling Interval 10 MTU 1500 default The current MTU for an interface can be found with ifconfig a netstat I hme0 1...

Страница 148: ...network bandwidth Steps that possibly can be taken upgrade to a switched network more network interfaces are a possible solution or upgrade to a higher bandwidth network to accommodate your network tr...

Страница 149: ...referenced in the Solaris Administration Guide ondd set dev tcp tcp_conn_req_max_q value ondd set dev tcp tcp_conn_req_max_q0 value netstat a grep your_hostname wc l Running this command gives a rough...

Страница 150: ...tune_t_flushr autoup controls the amount of memory examined for dirty pages in each invocation and frequency of file system sync operations set autoup value The value of autoup is also used to contro...

Страница 151: ...ore information ndd set dev tcp tcp_keepalive_interv al 900000 The time in milliseconds a TCP connection stays in KEEP ALIVE state Refer to RFC 1122 4 2 2 13 for more information ndd set dev tcp tcp_c...

Страница 152: ...Tuning Parameters for etc system 152 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 153: ...erver The Sun Java System Portal Server product provides support for the following application servers to be used as the web application container in addition to the Java Web Server software Sun Java...

Страница 154: ...ailover of application logic to provide scalability Portal Server and Access Manager are not pure web applications Instead these applications are composed of local files residing on a machine and thre...

Страница 155: ...ents the Enterprise edition supports horizontal scalability and service continuity via a load balancer plug in and cluster management The Enterprise edition also supports session continuity via the Hi...

Страница 156: ...plication you use the name of the cluster not the name of the individual servers After the deployment the web application is identically deployed to all machines in the cluster Session failover in BEA...

Страница 157: ...ation server This is the default installation Server group A server group is a template for creating additional nearly identical copies of an application server configuration This is the equivalent of...

Страница 158: ...Portal Server on an Application Server Cluster 158 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 159: ...eshooting SRA Troubleshooting Portal Server This sections contains troubleshooting information for Sun Java System Portal Server UNIX Processes For the portal to be functioning properly check that the...

Страница 160: ...the Search Database The Search database maintains recoverable transaction logs Thus under normal circumstances you do not have to do anything to recover the database Recovery from errors and transien...

Страница 161: ...l This example reloads the contents of the display profile from the tmp updated_displayxml file High CPU Utilization for Portal Server Instance When using the Cisco Content Services Switch you might s...

Страница 162: ...rver install root SUNWam servers https servername config 2 Edit the server xml file within this directory and add the following lines http proxyHost proxy host http proxyPort proxy port http nonProxyH...

Страница 163: ...ug directory 4 Restart the Gateway from a terminal window gateway install root SUNWps bin gateway n gateway profile name start Introduction to shooter The shooter tool captures all the information tha...

Страница 164: ...ooter The shooter tool includes five files as described below shooter sh This is the main script Run this script after a test or just before starting a test on the SRA installation From portal server...

Страница 165: ...with the rest of the data uniq pl This script is used internally by shooter to find unique lines and their count The advantage over the system uniq script is that it finds non adjacent unique lines GW...

Страница 166: ...Troubleshooting SRA 166 Portal Server 6 2005Q1 Deployment Planning Guide var opt SUNWps debug srapNetFile Netlet var opt SUNWps debug srapNetlet_Gateway hostname_Gateway profile name...

Страница 167: ...l check and elaborate on all that apply Reducing procurement cost Reducing the cost of sharing information with customers suppliers or partners Eliminating the cost of maintaining many point solutions...

Страница 168: ...Questions 1 Who are the stakeholders of this portal 2 Who are the business owners department organization or an individual within your organization who would expose the content or application service...

Страница 169: ...ion to contribute their content or applications for your portal 7 What project management architect and technical implementation resources do you have available to help develop this portal 8 Who sets...

Страница 170: ...department project onetime event Table E 7 Architecture Questions 1 Do you already have an existing architecture strategy Do you have the capabilities to implement a new architecture solution What te...

Страница 171: ...for each major task 9 What is the size of the target user community 10 How many concurrent users 11 What is the range of portal usage 12 What is the geographical distribution of your user base 13 Do...

Страница 172: ...onal requirements Collect technical requirements Summarize technical requirements Confirm technical requirements Prepare combined requirements document Deliver requirements 2 Design Develop Solution A...

Страница 173: ...em Portal Server software and optionally Sun Java System Portal Server Secure Remote Access software install appropriate supporting software Install application server if needed Install other software...

Страница 174: ...and approval of modifications LDAP Directory Setup Confer with stakeholders to establish proper schema Establish modifications for software Establish methods for software modifications Create softwar...

Страница 175: ...ponsibilities Obtain integration test scenarios Review test conditions and acceptance criteria and revise Develop user acceptance test schedule Prepare acceptance test log and update with scenario tes...

Страница 176: ...quired Track test progress Obtain test approval Summarize and communicate results to stakeholders 4 Deployment Production Confirm Approach Review with stakeholders and establish implementation locatio...

Страница 177: ...ents for all personnel Establish training schedules Establish training staff Prepare materials for training Train administrators Train maintenance providers Capture training feedback Incorporate feedb...

Страница 178: ...Portal Design Task List 178 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 179: ...on the same server The sample Portal does not support the Linux platform IBM and BEA web containers are not supported Configuration files deployment and Application Programming Interfaces are the same...

Страница 180: ...Comparison of Solaris and Linux Path Names 180 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 181: ...181 Glossary Refer to the Java Enterprise System Glossary http docs sun com doc 816 6873 for a complete list of terms that are used in this documentation set...

Страница 182: ...182 Portal Server 6 2005Q1 Deployment Planning Guide...

Страница 183: ...ingle sign on 28 Web Agent 128 Access Manager SDK components 105 administration console tasks 28 aggregation description and benefits 59 strategy 129 Allowed URLs and Denied URLs lists Gateway 40 NetF...

Страница 184: ...52 client detection API 131 client support 131 clustering application servers 154 session failover 154 collaborative portals 22 Collaborative services 23 communication links 86 components Access Manag...

Страница 185: ...oubleshooting 160 DTD location 140 extracting 161 location for provider 139 properties 123 reloading 161 DIT 127 DMZ description 82 104 document level security 99 documentation overview 16 documenting...

Страница 186: ...c authentication 39 HTTP proxy configuring 162 HttpSession failover 91 I IBM WebSphere Application Server overview 157 identifying requirements 51 Identity management features and benefits 54 implemen...

Страница 187: ...connections Portal Server 43 multithreading and mpstat 144 NetFile 47 N NetFile access control 46 Allowed URLs or Denied URLs 46 applet 45 components 44 compression 47 compression types 47 initializa...

Страница 188: ...uration files 139 design approach 79 directory structure 139 documenting functions 134 hardware and applications 68 high availability 84 high level design 80 instance and servlets 87 instance descript...

Страница 189: ...database and robot 57 recovering 160 Search Engine description and benefits 57 functions 67 structure 98 search engine sizing factors 66 search NetFile 47 searchURL property 99 secure mode 26 securin...

Страница 190: ...n channel 57 Sudo 104 Sun Cluster software 90 Sun Crypto Accelerator 1000 board 76 Sun Java System Application Server overview 155 SuperAdmin Role 127 support Solaris 18 system availability 84 85 syst...

Страница 191: ...Section W Index 191 VPN 56 VPN client 43 W WAR file 32 and application servers 154 to deploy software 31 web containers supported 153 workload conditions 69 worksheets 167 X XMLProvider 130...

Страница 192: ...Section X 192 Portal Server 6 2005Q1 Deployment Planning Guide...

Отзывы:

Нет отзывов

Похожие инструкции для Portal Server 6 2005Q1

RS232 interface for GT47 embedded apps UART

Бренд: Sony Ericsson Страницы: 14

GigaStudio 3.04

Бренд: Tascam Страницы: 2

Бренд: RTS Страницы: 51

Бренд: Avaya Страницы: 20

ANTI-VIRUS 5.1 - FOR MICROSOFT ISA SERVER

Бренд: KAPERSKY Страницы: 67

ENTERPRISE LINUX WS 2.1 -

Бренд: Red Hat Страницы: 110

Бренд: Emagic Страницы: 256

Бренд: Polycom Страницы: 23

Бренд: EverFocus Страницы: 44

Spectra nTier File Migrator

Бренд: Spectra Logic Страницы: 92

Бренд: Picsel Страницы: 8

SANsurfer FC HBA Manager

Бренд: Qlogic Страницы: 152

Бренд: Quantum Страницы: 16

DEEP FREEZER PROFESSIONAL 5

Бренд: FARONICS Страницы: 31

REGISTRYBOOSTER 2010 - V1

Бренд: UNIBLUE Страницы: 11

Intelligent Vocal Harmony Harmony4

Бренд: TC Electronic Страницы: 21

n52te - Nostromo SpeedPad Game Pad

Бренд: Belkin Страницы: 21

Anti-Virus Free Edition 2011

Бренд: AVG Страницы: 141

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды