|
| |
| Sun Java System Communications Services 6 2005Q1 Deployment Planning Guide | |
Chapter 27
Understanding Communications Express Pre-Installation ConsiderationsThis chapter describes considerations you need to think about before installing Communications Express.
This chapter contains the following sections:
Communications Express Installation ConsiderationsBefore installing Communications Express, consider the following planning aspects:
- Delegated Administrator requires that you install Access Manager and the web container (either Web Server or Application Server) on the same host.
- You can deploy Communications Express and Access Manager in both SSL and non-SSL modes, either on the same or a different web container.
- Due to a JavaScript security dependency, you must install Communications Express and Messenger Express on the same host, or Communications Express and Messaging Express Multiplexor on same host (in a multi-tiered environment).
- You can plan for a distributed deployment in which Directory Server, Messaging Server, Calendar Server, and Access Manager are installed on separate hosts.
- If you are using Calendar Server hosted domains, you enable Communications Express support for hosted domains during the configuration phase.
- You can configure Communications Express for SSL or non-SSL. If you configure SSL, you can choose between having Communications Express clients use SSL only for authentication, or to use SSL for the entire session.
Requirements for Using S/MIME with Communications Express MailCommunications Express Mail now includes the security advantages of the Secure/Multipurpose Internet Mail Extension (S/MIME). Communications Express Mail users who are set up to use S/MIME can exchange signed or encrypted messages with other Communications Express Mail users, and with users of the Microsoft Outlook mail system or other mail clients that support S/MIME.
General Requirements for S/MIME
The signature and encryption features of S/MIME are available to a Communications Express Mail user only after:
- A private and public key pair are issued with a certificate in standard X.509 format. The certificate assures other mail users that the keys really belong to the person who uses them. Keys and their certificate are issued from within your organization or purchased from a third-party vendor. Regardless of how the keys and certificate are issued, the issuing organization is referred to as a certificate authority (CA).
- The private-public key pair, with its certificate, are properly stored electronically in a local key store or distributed to end users on common access cards (CACs), referred to as smart cards.
- All public keys and certificates are stored to an LDAP directory, accessible by Directory Server. This is referred to as publishing the public keys to make them available to other mail users who are creating S/MIME messages.
- Card reading devices are properly installed on the client machines when private-public key pairs and their certificates are stored on smart cards.
- All the necessary platform software is installed on the client machines where Communications Express Mail is accessed.
- All the necessary Sun Microsystems software is installed and configured for S/MIME.
- The Communications Express Mail user is set up to use the Sun Microsystems mail system. This includes giving the user permission to use the S/MIME features.
Concepts You Should Know Before Deploying S/MIME
Before you deploy your mail system for S/MIME, be sure you are familiar with these concepts:
- Basic administrative procedures of your platform
- Structure and use of an LDAP directory
- Addition or modification of entries in an LDAP directory
- Configuration process for Sun Java System Directory Server
- Concepts and purpose of the following:
- Secure Socket Layer (SSL) for a secured communications line
- Digitally signed email messages
- Encrypted email messages
- Local key store of a browser
- Smart cards and the software and hardware to use them
- Private-public key pairs and their certificates
- Certificate authorities (CA)
- Verifying keys and their certificates
- Certificate revocation list (CRL)
Where to Go for More Communications Express InformationTo install and configure Communications Express, see the instructions in the Sun Java Systems Communications Express Administration Guide:
To administer S/MIME, see the Administering S/MIME for Communications Express Mail chapter in the Sun Java Systems Messaging Server Administration Guide: