Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Portal Server 6 2005Q4 Deployment Planning Guide 

Chapter 1
Portal Server Architecture

This chapter contains the following sections:

What is a Portal?

Portals provide the user with a single point of access to a wide variety of content, data, and services throughout an enterprise. The content displayed through portal providers, channels, and portlets on the portal page can be personalized based on user preferences, user role or department within an organization, site design, and marketing campaigns for customers as end-users.

Portals serve as a unified access point to web applications. Portals also provide valuable functions like security, search, collaboration, and workflow. A portal delivers integrated content and applications, plus a unified, collaborative workplace. Indeed, portals are the next-generation desktop, delivering e-business applications over the web to all kinds of client devices. A complete portal solution should provide users with access to everything users need to get their tasks done—any time, anywhere, in a secure manner.

Types of Portals

With many new portal products being announced, the marketplace has become very confusing. Indeed, any product or application that provides a web interface to business content could be classified as a portal. For this reason portals have many different uses and can be classified as one of the following:

Collaborative Portals

Collaborative portals help business users organize, find, and share unstructured office content—for example, e-mail, discussion group material, office documents, forms, memos, meeting minutes, web documents, and some support for live feeds. Collaborative portals differ from Internet and intranet portals not only in supporting a wider range of information, but also by providing a set of content management and collaborative services.

Content management services include the following:

Collaborative portals are mainly used internally as a corporate facility.

Collaborative services allow users to do the following:

Business Intelligence Portals

Business intelligence portals provide executives, managers, and business analysts with access to business intelligence for making business decisions. This type of portal typically indexes business intelligence reports, analyses, and predefined queries, and are associated with financial management, customer relationship management, and supply chain performance management. Business intelligence portals also provide access to business intelligence tools (reporting, OLAP, data mining), packaged analytic applications, alerting, publishing and subscribing. Peoplesoft is a typical vendor provider of business intelligence types of portal.

Types of business intelligence portals include:

Portal Server Capabilities

Sun Java™ System Portal Server 6 2005Q4 software provides the following capabilities to your organization:

Sun Java System Portal Server

Portal Server is a component of the Sun Java™ Enterprise System technology. Sun Java Enterprise System technology supports a wide range of enterprise computing needs, such as creating a secure intranet portal to provide the employees of an enterprise with secure access to email and in-house business applications.

The Portal Server product is an identity-enabled portal server solution. It provides all the user, policy, and identity management to enforce security, web application single sign-on (SSO), and access capabilities to end user communities. In addition, Portal Server combines portal services, such as personalization, aggregation, security, integration, and search. Unique capabilities that enable secure remote access to internal resources and applications round out a complete portal platform for deploying business-to-employee, business-to-business, and business-to-consumer portals. The Sun Java System Portal Server Secure Remote Access (SRA) provides additional secure remote access capabilities to access web- and non-web enabled resources.

Each enterprise assesses its own needs and plans its own deployment of Java Enterprise System technology. The optimal deployment for each enterprise depends on the type of applications that Java Enterprise System technology supports, the number of users, the kind of hardware that is available, and other considerations of this type.

Portal Server is able to work with previously installed software components. In this case, Portal Server uses the installed software when the software is an appropriate version.

Secure Remote Access

Sun Java System Portal Server Secure Remote Access (SRA) offers browser-based secure access to portal content and services from any remote browser enabled with Java technology.

SRA is accessible to users from any Java technology-enabled browser, eliminating the need for client software. Integration with Portal Server software ensures that users receive secure encrypted access to the content and services that users have permission to access.

SRA is targeted toward enterprises deploying highly secure remote access portals. These portals emphasize security, protection, and privacy of intranet resources. The SRA services–Access List, the Gateway, NetFile, Netlet, and Proxylet– enable users to securely access intranet resources through the Internet without exposing these resources to the Internet.

Portal Server runs in open mode and secure mode, that is, either without SRA or with SRA.

Portal Sever in Open Mode

In open mode, Portal Server is installed without SRA. The typical public portal runs without secure access using only the HTTP protocol. Although you can configure Portal Server to use the HTTPS protocol in open mode (either during or after installation), secure remote access is not possible. This means that users cannot access remote file systems and applications.

The main difference between an open portal and a secure portal is that the services presented by the open portal typically reside within the demilitarized zone (DMZ) and not within the secured intranet.

If the portal does not contain sensitive information (deploying public information and allowing access to free applications), then responses to access requests by a large number of users is faster than secure mode.

Figure 1-1 shows Portal Server configured for open mode. In this figure, Portal Server is installed on a single server behind the firewall. Multiple clients access the Portal Server system across the Internet through the single firewall, or from a web proxy server that sits behind a firewall.


You can provide secure access to users of web-enabled resources by running Portal Server in open mode with the HTTPS protocol. However, without SRA, you cannot provide secure remote access to file systems or TCP/IP applications.

Figure 1-1  Portal Server in Open Mode

Portral Server without the Gateway

Portal Server in Secure Mode

In secure mode, Portal Server is installed with SRA. Secure mode provides users with secure remote access to required intranet file systems and applications.

The main advantage of SRA is that only the IP address of the Gateway is published to the Internet. All other services and their IP addresses are hidden and never published to a Domain Name Service (DNS) that is running on the public network (such as the Internet).

The Gateway resides in the demilitarized zone (DMZ). The Gateway provides a single secure access point to all intranet URLs and applications, thus reducing the number of ports to be opened in the firewall. All other Sun Java System services such as Session, Authentication, and Portal Desktop, reside behind the DMZ in the secured intranet. Communication from the client browser to the Gateway is encrypted using HTTP over Secure Sockets Layer (SSL). Communication from the Gateway to the server and intranet resources can be either HTTP or HTTPS.

Figure 1-2 shows Portal Server installed with SRA. SSL is used to encrypt the connection between the client and the Gateway over the Internet. SSL can also be used to encrypt the connection between the Gateway and the Portal Server system. The presence of a Gateway between the intranet and the Internet extends the secure path between the client and the Portal Server system.

Figure 1-2  Portal Server in Secure Mode

Portal Server with the Gateway

You can add additional servers and Gateways for site expansion. You can also configure the components of SRA in various ways based on your business requirements.

Security, Encryption, and Authentication

Portal Server system security relies on the HTTPS encryption protocol, in addition to UNIX system security, for protecting the Portal Server system software.

Security is provided by the web container, which you can configure to use SSL, if desired. Portal Server also supports SSL for authentication and end-user registration. By enabling SSL certificates on the web server, the Portal Desktop and other web applications can also be accessed securely. You can use the Access Manager policy to enforce URL-based access policy.

Portal Server depends on the authentication service provided by Sun Java System Access Manager and supports single sign-on (SSO) with any product that also uses the Access Manager SSO mechanism. The SSO mechanism uses encoded cookies to maintain session state.

Another layer of security is provided by SRA. It uses HTTPS by default for connecting the client browser to the intranet. The Gateway uses Rewriter to enable all intranet web sites to be accessed without exposing them directly to the Internet. The Gateway also provides URL-based access policy enforcement without having to modify the web servers being accessed.

Communication from the Gateway to the server and intranet resources can be HTTPS or HTTP. Communication within the Portal Server system, for example between web applications and the directory server, does not use encryption by default, but it can be configured to use SSL.

Portal Server Deployment Components

Portal Server deployment consists of the following components:


See the Portal Server 6 Release Notes for specific versions of products supported by Portal Server.

Portal Server Architecture

Usually, but not always, you deploy Portal Server software on the following different portal nodes (servers) that work together to implement the portal:

Identity Management

Portal Server uses the Access Manager to control many users spanning a variety of different roles across the organization and sometimes outside the organization while accessing content, applications and services. The challenges include: Who is using an application? In what capacity do users serve the organization or company? What do users need to do, and what should users be able to access? How can others help with the administrative work?

Access Manager software consists of the following components:

See the Access Manager Deployment Planning Guide for more information.

Portal Server Software Deployment

This section provides information on software deployed on Portal Server.This section provides information on the software packaging mechanism, the software categories within the system, and compatibility with Java software.

Software Packaging

Portal Server uses a “dynamic WAR file” approach to deploy software to the system. Portal Server is installed using Solaris™ packages, which consist of individual files that comprise web applications, for example, JAR, JSP, template, and HTML files. The packages do not contain WAR or EAR files. The packages do contain web.xml fragments that are used to construct the Portal Server WAR file at installation time. This dynamically constructed file is then deployed to the web application container. As additional packages are added to the system, for example, for localization, the web application file is rebuilt and redeployed.


The WAR file packaging and deployment mechanism is for use only by Portal Server products. Customer modifications to the WAR file or any files used to build it are currently not supported.

Software Categories

Portal Server distinguishes between the following kinds of software that it installs onto the Portal Server node:

A Typical Portal Server Installation

Figure 1-3 illustrates some of the components of a portal deployment but does not address the actual physical network design, single points of failure, nor high availability. See Chapter 5, "Creating Your Portal Design", for more detailed information on portal design.

This illustration shows the high-level architecture of a typical installation at a company site for a business-to-employee portal. In this figure, the Gateway is hosted in the company’s DMZ along with other systems accessible from the Internet, including proxy/cache servers, web servers, and mail Gateways. The portal node, portal search node, and directory server, are hosted on the internal network where users have access to systems and services ranging from individual employee desktop systems to legacy systems.


If you are designing an ISP hosting deployment, which hosts separate Portal Server instances for business customers who each want their own portal, contact your Sun Java System representative. Portal Server requires customizations to provide ISP hosting functionality.

In Figure 1-3, users on the Internet access the Gateway from a browser. The Gateway connects the user to the IP address and port for the portal users are attempting to access. For example, a B2B portal would usually allow access to only port 443, the HTTPS port. Depending on the authorized use, the Gateway forwards requests to the portal node, or directly to the service on the enterprise internal network.

Figure 1-3  High-level Architecture for a Business-to-Employee Portal

This figure shows various components used by Portal Server

Figure 1-4 shows a Portal Server deployment with SRA services. See Chapter 2, "Portal Server Secure Remote Access Architecture" for details.

Figure 1-4  SRA Deployment

Netlet using a third party proxy to limit number of ports in the second firewall.

Previous      Contents      Index      Next     

Part No: 819-4155.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.