Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster
Logical Architecture of the Reference Configuration
A logical architecture shows
the software components (and the interactions between them) that are needed
to provide a specific set of services to end users.
An analysis of the reference
configuration's functional requirements and quality-of-service requirements
(which specify the required performance, availability, scalability, security,
and serviceability) is the basis for determining the main Java ES software
components that are needed to meet these requirements. In most cases, these
components interact with or are dependent upon other, secondary software components.
For information about Java ES components, the services they provide, and interdependencies
between those components, see the Sun Java Enterprise System 5 Update 1 Technical Overview.
The following sections describe the Java ES components that are
used in the portal service reference configuration, their roles within the
reference configuration, and the interactions between them:
Logical Architecture Diagram
The various components that are needed to meet the reference configuration
requirements depend on their functions as distributed infrastructure services
or their roles within a tiered application framework. In other words, the
various components represent two views or dimensions that define a logical
architecture: the logical tier dimension and the distributed infrastructure
services dimension. These dimensions are described in the Sun Java Enterprise System 5 Update 1 Technical Overview.
The positioning of reference configuration components in such a two-dimensional
framework is shown in the following logical architecture diagram. Components
are placed within a horizontal dimension that represents standard logical
tiers and within a vertical dimension that represents infrastructure service
dependency levels. The positioning of a component in this matrix helps describe
the role that the component plays in the logical architecture.
For example, Access Manager is a component that is used by presentation
and business service tier components to provide security and policy infrastructure
services. However, Application Server is a component that is used by presentation
and business service tier components to provide distributed runtime services.
Figure 2–1 Logical Architecture of the Reference Configuration
A description of the tiers shown in Figure 2–1 is provided in the following table.
Table 2–1 Logical Tiers in the Architecture
Diagram
Tier
|
Description
|
Client
|
In the Client tier are applications that are used by users to access
portal services. In this reference configuration, the only client applications
that are used are a browser and a stand-alone Java client.
|
Access
|
This tier enables remote users to securely access their organization's
network and its services over the Internet. The Access tier acts as a communication
relay between the Client tier and the Presentation tier, and includes the
Portal Server Secure Remote Access components needed to securely access portal
services from the Internet.
|
Presentation
|
This tier provides aggregation and presentation capabilities that enable
users to access relevant information and personalize their desktop to best
meet their needs. In addition, this tier provides community, collaboration,
content, and knowledge management capabilities. This tier is implemented
using Portal Server software.
|
Business Service
|
This tier contains the back-end services that are aggregated and presented
to users by services in the Presentation tier. Examples of applications that
might reside in this tier include: email systems, calendar servers, and Enterprise
Resource Planning (ERP) applications (SAP, PeopleSoft, Siebel, and so forth.).
Also, this tier contains portlets and application components that are deployed
in a web container or application server.
|
Data
|
This tier provides a permanent repository that business services can
use to store persistent information. This tier includes Directory Server (used
by Access Manager and Portal Server to store user profiles) and Java DB (used
to store application data). High Availability Session Store (HADB), which
is used to store portlet session state, is placed in the Presentation tier
to indicate its functional relationship to Portal Server.
|
Software Components in the Logical Architecture
While Figure 2–1 is indicative
of the role of the different components within the reference configuration's
logical architecture, the following table describes more precisely the purpose
of each component.
Table 2–2 Software Components in the Logical
Architecture
Component
|
Component's Role in the Architecture
|
Web Browser client
|
While not formally a component of the reference configuration, the browser
client is included in the architecture diagram to show how users will access
portal services. There are two access scenarios:
-
Access from a trusted network: browser clients (for example,
an organization's employees) connect to portal services over the local network
(or intranet) or from the Internet by using a virtual private network (VPN)
or a similar solution.
-
Access from an unsecured network: Web browser clients (of
a business-to-business or business-to-consumer portal) connect to portal services
over the public Internet. This access scenario is supported by the Secure
Remote Access (SRA) Gateway.
|
Remote client (optional)
|
In addition to browsers, users can use applets that are included with
Portal Server SRA software:
-
Netlet. The Netlet applet runs on the
browser and sets up an encrypted TCP/IP tunnel between the remote client and
intranet applications in the Business Service tier. Netlet listens to and
accepts connections on preconfigured ports, and routes both incoming and outgoing
traffic between the client and the destination server. In this way, Netlet
enables client applications to securely access intranet business service components.
-
Netfile. NetFile is a file manager application
that allows remote access and operation of file systems.
-
Proxylet. Proxylet is a dynamic proxy
server that runs on the browser and redirects a URL to the SRA Gateway. It
does so by reading and modifying the proxy settings of the browser on the
client so that the settings point to the local proxy server or Proxylet. Proxylet
is used to reduce the number of ports that must be opened in a firewall through
which the SRA Gateway(see next item) connects to Internet hosts. It is also
used to minimize or eliminate the dependency on the Rewriter Proxy (see next
item) and Rewriter rulesets.
|
Sun Java System Portal Server Secure Remote Access
(Portal Server SRA)
|
Portal Server SRA provides a gateway service that allows secure connections
over the public Internet to applications and content on an internal intranet,
but only to authorized users. In addition to the SRA Gateway, SRA includes
the following two optional components, depending on your requirements:
-
Netlet Proxy. The Netlet proxy is an
stand-alone Java process that enhances the security between the SRA Gateway
and the intranet by extending the secure tunnel from the client through the
Gateway to the Netlet proxy that resides in the intranet. Netlet packets are
decrypted by the proxy and then sent to their destinations. This mechanism
helps to reduce the number of ports that must be opened in a firewall.
-
Rewriter Proxy. The Rewriter proxy is
a stand-alone Java process that is installed on the intranet. The SRA Gateway
forwards all requests to the Rewriter proxy, which fetches and returns the
content of the request to the Gateway. This mechanism helps to reduce the
number of ports that must be opened in a firewall.
|
Sun Java System Portal Server (Portal Server)
|
Portal Server provides key portal services, such as content aggregation
and personalization, to browser-based clients that are accessing business
applications or services in the Business Service tier.
|
Sun Java System Access Manager (Access Manager)
|
Access Manager provides access management services such as authentication
and role-based authorization for user access to applications and services.
In cases where Access Manager is remote from a local component, Access Manager
SDK provides an interface to the remote Access Manager services.
|
Sun Java System Application Server (Application
Server)
|
Application Server provides the Java Platform, Enterprise Edition (Java
EE) web container that is needed to support web components, such as Portal
Server, Access Manager, portlet applications, and so forth. While a web container
can also be provided by Sun Java System Web Server, the Portal Service on Application Server Cluster reference
configuration uses Application Server.
|
Applications
|
Various kinds of applications provide the content for Portal Server
channels that are accessed by end users. These applications can include email
systems, calendar servers, ERP applications, custom or third-party portlet
applications deployed on a web container, and so forth.
|
Sun Java System Directory Server (Directory Server)
|
Directory Server provides an LDAP repository for storing information
about portal users, such as identity profiles, user credentials, access privileges,
application resource information, and so forth. This information is used by
Access Manager for authentication and authorization and by Portal Server to
build users' portal desktops.
|
Sun Java System Message Queue (Message Queue)
|
Message Queue is a reliable asynchronous messaging service that is used
by Access Manager to write user session state into a replicated session database
and to retrieve such state information when necessary.
|
High Availability Session Store (HADB)
|
HADB provides a data store that makes application data, especially session
state data, available even in the case of failure.
|
Java DB
|
Java DB is the default relational database used by Portal Server to
support community features and selected portal applications.
|
Interactions Between Reference Configuration Components
To design a logical architecture, you must understand the software dependencies
and interactions between the various components that are listed in Table 2–2. These interactions can be somewhat
complicated and difficult to illustrate in a single diagram such as Figure 2–1. The main interactions between
components in the reference configuration are therefore described briefly
in the table below, in the context of typical portal service operations.
Two access scenarios are incorporated into the following table:
Table 2–3 Interactions Between Reference Configuration
Components
Step
|
What Happens
|
1
|
The user starts a browser and opens the portal service or SRA Gateway
service URL, depending on the access scenario being used.
|
2
|
If portal services are accessed directly, Portal Server returns the
anonymous desktop, which includes the login channel. If portal services are
accessed through the SRA Gateway, the Gateway redirects the user request to
Access Manager. Access Manager returns the login page (by way of the Gateway).
|
3
|
The user logs in by typing a user ID and password in the appropriate
form and clicking Login.
|
4
|
Access Manager interacts with Directory Server to retrieve the user's
profile, which contains authentication, authorization, and application-specific
information.
|
5
|
Access Manager authenticates the user's ID and password against the
LDAP directory information and creates a session object.
|
6
|
When the user has been authenticated, Access Manager returns a session
cookie to the user's browser and redirects the browser to Portal Server.
|
|
Portal Server uses the session cookie to interact with Access Manager
to access information in the user's profile (cached by Access Manager). Portal
Server uses the information to build the user's personalized portal desktop.
Portal Server returns the desktop to the user's browser (by way of the Gateway).
|
7
|
The user reviews his or her portal desktop, and clicks a portal channel.
|
8
|
Portal Server interacts with Access Manager to validate the status of
the user session. Access Manager authorizes the channel content that is being
requested by the user.
|
9
|
When appropriate, Portal Server creates a portlet session and returns
channel content to the user's browser.
|
10
|
The user logs out or the session times out.
|
11
|
Portal Server closes the portlet session, if any, and Access Manager
deletes the user's session object.
|
The understanding of component interactions represented in the logical
architecture can be used later in the design process when you estimate the
load on different components for sizing purposes and when you create a network
connectivity specification.