Chapter 1 Introduction to Portal Server Deployment Planning
This chapter provides a brief overview of Sun JavaTM System Portal Server and Sun JavaTM System
Portal Server Secure Remote Access. This chapter introduces the solution life cycle,
which outlines the various steps for planning and designing enterprise software systems.
See the Sun Java Enterprise System
2005Q4 Deployment Planning Guidefor information on basic concepts
and principles of deployment planning and design.
This chapter contains the following sections:
About Portal Server
Portal
Server is a component of the Sun JavaTM Enterprise System technology.
Sun Java Enterprise System technology supports a wide range of enterprise computing
needs, such as creating a secure intranet portal to provide the employees of an enterprise
with secure access to email and in-house business applications.
The Portal Server product is an identity-enabled portal server solution. It
provides all the user, policy, and identity management to enforce security, web application
single sign-on (SSO), and access capabilities to end user communities. In addition,
Portal Server combines portal services, such as personalization, aggregation, security,
integration, and search. Unique capabilities that enable secure remote access to internal
resources and applications round out a complete portal platform for deploying business-to-employee,
business-to-business, and business-to-consumer portals. Sun JavaTM System Portal Server Secure Remote Access (SRA) provides secure remote
access capabilities to access web- and non-web enabled resources.
Each enterprise assesses its own needs and plans its own deployment of Java
Enterprise System technology. The optimal deployment for each enterprise depends on
the type of applications that Java Enterprise System technology supports, the number
of users, the kind of hardware that is available, and other considerations of this
type.
Portal Server is able to work with previously installed software components.
In this case, Portal Server uses the installed software when the software is an appropriate
version.
Portal Server runs
in open mode or secure mode. In secure mode, it uses Secure Remote Access (SRA). The main difference
between an open portal and a secure portal is that the services presented by the open
portal typically reside within the demilitarized zone (DMZ) and not within the secured
intranet. SRA offers browser-based secure access to portal content and services from
any remote browser enabled with Java technology. Integration with Portal Server software
ensures that users receive secure encrypted access to the content and services that
users have permission to access.
SRA is targeted toward enterprises deploying highly secure remote access portals.
These portals emphasize security, protection, and privacy of intranet resources. The
SRA services–Access List, the Gateway, NetFile, Netlet, and Proxylet–
enable users to securely access intranet resources through the Internet without exposing
these resources to the Internet.
Portal Server Features
This section reviews specific technology features with the goal of determining
which technologies are most important for your organization. Review these features
while keeping in mind your organization’s short, mid, and long term plans.
Use the following sections and tables to assess the benefits of the listed features
and determine their relative priority for your organization. This information will
assist you in developing a deployment plan in a timely and cost effective manner.
Note –
In all likelihood, your Java TM Enterprise
System sales representative has previously discussed these topics with you. Thus,
this section serves as a review of that process.
Identity Management
Portal Server uses identity management to control many users spanning a variety
of different roles across the organization and sometimes outside the organization
while accessing content, applications and services. The challenges include: Who is
using an application? In what capacity do users serve the organization or company?
What do users need to do, and what should users be able to access? How can others
help with the administrative work?
Table 1–1 shows the identity management
features and their benefits.
Table 1–1 Identity Management
Features and Benefits
|
Feature
|
Description
|
Benefit
|
|
Directory
service
|
Portal Server uses Access Manager and Directory Server
|
Portal Server uses an LDAP directory for storing user profiles, roles, and identity
information for the purpose of authentication, single sign-on (SSO), delegated administration,
and personalization
Portal Server uses an open schema that can reside in a centralized user directory,
thereby leveraging an enterprise or service provider’s investment in the Sun JavaTM System Access
Manager and Sun JavaTM System Directory Server products.
|
|
User,
policy, and provisioning management
|
Access Manager enables you to manage many users spanning a variety of different
roles across the organization and sometimes outside the organization while accessing
content, applications, and services.
|
Provides a centralized identity management solution for storing and managing
identity information, which is integrated with a policy solution to enforce access
rights, greatly simplifying these challenges. Extends a common identity to handle
new applications, enables applications to share administrative work, and simplifies
tasks normally associated with building these services.
Consolidates management of users and applications. Personalizes content and
service delivery. Simplifies and streamlines information and service access. Reduces
costs associated with managing access and delivery.
Provides secure policy-based access to applications. Ensures secure access as
portal deployments expand beyond employee LAN access.
|
|
Single sign-on (SSO)
|
Access Manager integrates user authentication and single sign-on through an
SSO API. Once the user is authenticated, the SSO API takes over. Each time the authenticated
user tries to access a protected page, the SSO API determines if the user has the
permissions required based on their authentication credentials. If the user is valid,
access to the page is given without additional authentication. If not, the user is
prompted to authenticate again.
|
Enhances user productivity by providing a consistent, centralized mechanism
to manage authentication and single sign-on, while enabling employees, partners and
customers access to content, applications, and services.
|
|
Delegated
administration
|
The Portal Server administration console provides role-based delegated administration
capabilities to different kinds of administrators to manage organizations, users,
policy, roles, channels, and Portal Desktop providers based on the given permissions.
|
Enables IT to delegate portal administrative duties to free up valuable IT resources
and administration.
|
|
Security
|
Provides single sign-on for aggregated applications to the portal.
|
Security is an important functionality in portals. Security can address many
different needs within the portal, including authentication into the portal, encryption
of the communications between the portal and the end user, and authorization of the
content and applications to only users that are allowed access.
|
Secure Remote Access
Table 1–2 shows the Sun Java System
Portal Server Secure Remote Access (SRA) features and their benefits.
Table 1–2 SRA Features and Benefits
|
Feature
|
Description
|
Benefit
|
|
Integrated security
|
Extranet or Virtual Private Network capabilities “on demand” while
providing user, policy, and authentication services. The Gateway component provides
the interface and security barrier between remote user sessions originating from the
Internet, and your corporate intranet.
|
Extends an enterprise’s content, applications, files, and services located
behind firewalls to authorized suppliers, business partners, and employees.
To prevent denial of service attacks, you can use both internal and external
DMZ-based Gateways.
|
|
SRA core
|
Users achieve remote access through four components:
-
Gateway
-
NetFile
-
Netlet
-
Proxylet
|
This component has four parts:
-
Gateway—Controls communication between the Portal Server and
the various Gateway instances.
-
NetFile—Enables remote access and operation of file systems
and directories.
-
Netlet—Ensures secure communication between the Netlet applet
on the client browser, the Gateway, and the application servers.
-
Proxylet—Proxylet sets itself up as a proxy server running on
the client's machine, and modifies the proxy settings of the browser to point to
itself ( also referred to as the local proxy server). The local proxy server (Proxylet)
then proxies all the intranet traffic through the gateway.
|
|
Universal access
|
Enables web browser based universal access with no client software installation
or maintenance necessary.
|
Simplifies the IT administration and maintenance overhead while dramatically
reducing the time and cost of deployment.
|
|
Netlet Proxy
|
Provides an optional component that extends the secure tunnel from the client,
through the Gateway to the Netlet Proxy that resides in the intranet.
|
Restricts the number of open ports in a firewall between the demilitarized zone
(DMZ) and the intranet.
|
|
Rewriter Proxy
|
Redirects HTTP requests to the Rewriter Proxy instead of directly to the destination
host. The Rewriter Proxy in turn sends the request to the destination server.
|
Using the Rewriter Proxy enables secure HTTP traffic between the Gateway and
intranet computers and offers two advantages:
-
If a firewall exists between the Gateway and server, the firewall
needs to open only two ports: one between the Gateway and the Rewriter Proxy, and
another between the Gateway and the Portal Server.
-
HTTP traffic is now secure between the Gateway and the intranet even
if the destination server only supports HTTP protocol (no HTTPS).
|
Search Engine
The Search Engine service is used in the following channels:
-
Subscription channel to summarize the number of hits (relevant information)
that match each profile entry defined by the user for categorized documents and discussions.
-
Discussion channel to individually search contents and rate the importance
for comments.
Table 1–3 lists the search features and
their benefits.
Table 1–3 Search Features and
Benefits
|
Feature
|
Description
|
Benefit
|
|
Search Engine
|
Enables the retrieval of documents based on criteria specified by the end user.
|
Saves users time by providing access to content.
|
|
Categorization
|
Organizes documents into a hierarchy. This categorization is often referred
to as taxonomy.
|
Provides a different view of documents that enables browsing and retrieval.
|
|
Robot
|
The Search Engine robot is an agent that crawls and indexes information across
your intranet or the Internet.
|
Automatically searches and extracts links to resources, describes those resources,
and puts the descriptions in the Search database (also called generation or indexing).
|
|
Discussions
|
A forum for multiple threaded discussions.
|
Contents are individually searchable and importance rating are given for of
all comments
|
|
Subscriptions
|
Enables the user to track new or changed material in different areas of interest.
|
Discussions, search categories, and free-form searches (saved searches) can
be tracked.
|
Personalizing Content
Personalization is the ability to deliver content based on selective criteria
and offer services to a user.
Table 1–4 shows the personalization features
and their benefits.
Table 1–4 Personalization Features
and Benefits
|
Feature
|
Description
|
Benefit
|
|
Deliver content based on user’s role
|
Portal Server includes the ability to automatically choose which applications
users are able to access or to use, based on their role within the organization.
|
Increases employee productivity, improves customer relationships, and streamlines
business relationships by providing quick and personalized access to content and services.
|
|
Enable users to customize content
|
Portal Server enables end users to choose what content they are interested in
seeing. For example, users of a personal finance portal choose the stock quotes they
would like to see when viewing their financial portfolio.
|
The information available in a portal is personalized for each individual. In
addition, users can then customize this information further to their individual tastes.
A portal puts control of the web experience in the hands of the people using the web,
not the web site builders.
|
|
Aggregate and personalize content for multiple users
|
Portal Server enables an enterprise or service provider to aggregate and deliver
personalized content to multiple communities of users simultaneously.
|
This enables a company to deploy multiple portals to multiple audiences from
one product and manage them from a central management console. Also, new content and
services can be added and delivered on demand without the need to restart Portal Server.
All of this saves time and money, and ensures consistency in an IT organization.
|
Aggregation and Integration
One of the most important aspects of a portal is its ability to aggregate and
integrate information, such as applications, services, and content. This functionality
includes the ability to embed non-persistent information, such as stock quotes, through
the portal, and to run applications within, or deliver them through, a portal.
Table 1–5 shows the aggregation and integration
features and their benefits.
Table 1–5 Aggregation Features
and Benefits
|
Feature
|
Description
|
Benefit
|
|
Aggregated
information
|
The Portal Desktop provides the primary end-user interface for Portal Server
and a mechanism for extensible content aggregation through the Provider Application
Programming Interface (PAPI). The Portal Desktop includes a variety of providers that
enable container hierarchy and the basic building blocks for building some types of
channels.
|
Users no longer have to search for the information. Instead, the information
finds them.
|
|
Consistent set of tools
|
Users can use the provided set of tools such as web-based email and calendaring
software that follows them through their entire time at the company.
|
Users do not have to use one tool for one project, another tool for another
location. Also, because these tools all work within the portal framework, the tools
have a consistent look and feel and work similarly, reducing training time.
|
|
Collaboration
|
Portal Server provides control and access to data as a company-wide resource.
|
In many companies, data is seen as being owned by individual departments, instead
of as a company-wide resource. The portal can act as a catalyst for breaking down
these silos and making the data available in a controlled way to the people who need
to use it. This broader, more immediate access can improve collaboration.
|
|
Integration
|
Portal Server enables you to use the Portal Desktop as the sole place for users
to gain access to or launch applications and access data.
|
Integration with existing email, calendar, legacy, or web applications enables
the portal to serve as a unified access point, enabling users—be that employees,
partners, or customers—to access the information users need quickly and easily.
|
About Deployment Planning
Deployment planning is a critical step in the successful implementation of a
Java Enterprise System solution. Each enterprise has its own set of goals, requirements,
and priorities to consider. Successful planning begins with analyzing the goals of
an enterprise and determining the business requirements to meet those goals. The business
requirements must then be converted into technical requirements that can be used as
a basis for designing and implementing a system that can meet the goals of the enterprise.
For information see the Sun Java Enterprise System 2005Q4 Deployment Planning Guide.
Solution Life Cycle
The solution life cycle shown in the following figure depicts the steps in the
planning, design, and implementation of an enterprise software solution based on Java
Enterprise System. The life cycle is a useful tool for keeping a deployment project
on track.
Figure 1–1 Solution Life Cycle
Download this book in PDF (915 KB)