Web Browser client
|
While not formally a component of the reference configuration, the browser
client is included in the architecture diagram to show how users will access
portal services. There are two access scenarios:
-
Access from a trusted network: browser clients (for example,
an organization's employees) connect to portal services over the local network
(or intranet) or from the Internet by using a virtual private network (VPN)
or a similar solution.
-
Access from an unsecured network: Web browser clients (of
a business-to-business or business-to-consumer portal) connect to portal services
over the public Internet. This access scenario is supported by the Secure
Remote Access (SRA) Gateway.
|
Remote client (optional)
|
In addition to browsers, users can use applets that are included with
Portal Server SRA software:
-
Netlet. The Netlet applet runs on the
browser and sets up an encrypted TCP/IP tunnel between the remote client and
intranet applications in the Business Service tier. Netlet listens to and
accepts connections on preconfigured ports, and routes both incoming and outgoing
traffic between the client and the destination server. In this way, Netlet
enables client applications to securely access intranet business service components.
-
Netfile. NetFile is a file manager application
that allows remote access and operation of file systems.
-
Proxylet. Proxylet is a dynamic proxy
server that runs on the browser and redirects a URL to the SRA Gateway. It
does so by reading and modifying the proxy settings of the browser on the
client so that the settings point to the local proxy server or Proxylet. Proxylet
is used to reduce the number of ports that must be opened in a firewall through
which the SRA Gateway(see next item) connects to Internet hosts. It is also
used to minimize or eliminate the dependency on the Rewriter Proxy (see next
item) and Rewriter rulesets.
|
Sun Java System Portal Server Secure Remote Access
(Portal Server SRA)
|
Portal Server SRA provides a gateway service that allows secure connections
over the public Internet to applications and content on an internal intranet,
but only to authorized users. In addition to the SRA Gateway, SRA includes
the following two optional components, depending on your requirements:
-
Netlet Proxy. The Netlet proxy is an
stand-alone Java process that enhances the security between the SRA Gateway
and the intranet by extending the secure tunnel from the client through the
Gateway to the Netlet proxy that resides in the intranet. Netlet packets are
decrypted by the proxy and then sent to their destinations. This mechanism
helps to reduce the number of ports that must be opened in a firewall.
-
Rewriter Proxy. The Rewriter proxy is
a stand-alone Java process that is installed on the intranet. The SRA Gateway
forwards all requests to the Rewriter proxy, which fetches and returns the
content of the request to the Gateway. This mechanism helps to reduce the
number of ports that must be opened in a firewall.
|
Sun Java System Portal Server (Portal Server)
|
Portal Server provides key portal services, such as content aggregation
and personalization, to browser-based clients that are accessing business
applications or services in the Business Service tier.
|
Sun Java System Access Manager (Access Manager)
|
Access Manager provides access management services such as authentication
and role-based authorization for user access to applications and services.
In cases where Access Manager is remote from a local component, Access Manager
SDK provides an interface to the remote Access Manager services.
|
Sun Java System Application Server (Application
Server)
|
Application Server provides the Java Platform, Enterprise Edition (Java
EE) web container that is needed to support web components, such as Portal
Server, Access Manager, portlet applications, and so forth. While a web container
can also be provided by Sun Java System Web Server, the Portal Service on Application Server Cluster reference
configuration uses Application Server.
|
Applications
|
Various kinds of applications provide the content for Portal Server
channels that are accessed by end users. These applications can include email
systems, calendar servers, ERP applications, custom or third-party portlet
applications deployed on a web container, and so forth.
|
Sun Java System Directory Server (Directory Server)
|
Directory Server provides an LDAP repository for storing information
about portal users, such as identity profiles, user credentials, access privileges,
application resource information, and so forth. This information is used by
Access Manager for authentication and authorization and by Portal Server to
build users' portal desktops.
|
Sun Java System Message Queue (Message Queue)
|
Message Queue is a reliable asynchronous messaging service that is used
by Access Manager to write user session state into a replicated session database
and to retrieve such state information when necessary.
|
High Availability Session Store (HADB)
|
HADB provides a data store that makes application data, especially session
state data, available even in the case of failure.
|
Java DB
|
Java DB is the default relational database used by Portal Server to
support community features and selected portal applications.
|