Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Portal Server Secure Remote Access 6 2005Q1 Administration Guide 

Chapter 11
Configuring Netlet

This chapter describes how to configure Netlet attributes from the Sun Java™ System Access Manager administration console.

Note

Click Help at the top right corner of the Access Manager administration console, and click SRA Help for a quick reference on all the SRA attributes.

All the attributes that can be configured at the organization level can also be configured at the user level. See the Access Manager Administration Guide for more information on organization, role and user level attributes.

To configure Netlet attributes, follow these steps to configure attributes at the organization level:

  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. From here, you can perform the following tasks:

Assign Netlet Service to a User

  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name.

    5. The selected organization name is reflected as the location in the top left corner of the admin console.

  5. Select Users from the View drop-down list for the selected organization.
  6. Click the arrow next to the required user in the left pane.
  7. Select Services from the View drop-down list for this user, if the Netlet service is not already available for this user
  8. Click Add.
  9. Select Netlet from the Available Services list.
  10. Click Save
  11. The Netlet attributes can be modified by selecting Netlet service from the View drop-down list for this user.

Add a Netlet Rule

You can add or create Netlet rules at a global level in the Identity Management tab of the Access Manager administration console. These rules are inherited by any new organization that you create.

You can also create new rules or modify existing rules at the organization, role, or user levels.

    To Add a Netlet Rule
  1. Log in to the Access Manager administration console as administrator.
  2. Choose the Identity Management tab.
  3. Choose the Organization for which you want to create the rule.
  4. Select Services from the View drop-down list.
  5. Click the arrow next to Netlet under SRA Configuration.

    6. The Netlet page is displayed in the right pane.

  6. Click Add in the Netlet Rules field.

    7. The Add Netlet Rule page is displayed. All the fields of the rule are populated with sample values that you can change as required.

  7. Type a unique name for the rule in the Rule Name field.
  8. Specify the required ciphers. Select Default to retain the default encryption cipher. Select Other to choose from the list of available ciphers.

    9. See To Specify the Default Cipher for details on the default cipher.

  9. Type the URL to the application to be invoked in the URL field.
  10. Select the Download Applet checkbox if an applet needs to be downloaded. Type the applet details in the format local-port:server-host:server-port in the associated edit box.

    11. Note

    Specify a unique local port for each rule.

    You need to specify the applet details only if the applet needs to be downloaded from a host other than the Portal Server host. The edit box is disabled if you do not select the checkbox. For more information see Downloading an Applet From a Remote Host.

  11. Select the Extend Session checkbox to ensure that the Portal Server session time is extended while the Netlet session corresponding to this rule is running.
  12. Type the local port on which Netlet listens in the Local Port field.

    13. For an FTP rule, the local port value must be 30021.

  13. Type an entry in the Destination Host(s) field.

    14. For a static rule, enter the host name of the target machine for the Netlet connection.

    For a dynamic rule, enter "TARGET".

  14. Type the port on the target host in the Target Port(s) field.
  15. Click Add to List to reflect the last three entries in the Map Local Port to Destination Server Port fields.
  16. Click OK.

    17. The rule is saved and you are returned to the Netlet page. The new rule name displays in the Netlet Rules list.

Modify an Existing Netlet Rule

You can modify existing rules at the organization, role, or user levels from the Identity Management tab in the administration console. These rules are inherited by any new organization that you create.

    To Modify a Netlet Rule
  1. Log in to the Access Manager administration console as administrator.
  2. Choose the Identity Management tab.
  3. Choose the Organization for which you want to modify the rule.
  4. Select Services from the View drop-down list.
  5. Click the arrow next to Netlet under SRA Configuration.

    6. The Netlet page is displayed in the right pane.

  6. Select the checkbox next to the rule that you want to modify.

    7. The Edit Netlet Rule page is displayed.

  7. Make changes as required and click Save.

    8. The modified rule is saved and you are returned to the Netlet page.

Delete a Netlet Rule

You can delete Netlet rules at a global level in the Identity Management tab of the administration console.

    To Delete a Netlet Rule
  1. Log in to the Access Manager administration console as administrator.
  2. Choose the Identity Management tab.
  3. Choose the Organization for which you want to delete the rule.
  4. Click the arrow next to Netlet under SRA Configuration.

    5. The Netlet page is displayed in the right pane.

  5. Select the checkbox next to the rule that you want to delete from the Netlet Rules list.
  6. Click Delete.

    7. The selected rule is removed from the Netlet Rules list.

    Note

    This section describes the configuration of all the attributes at the organization level.

Specify the Default Encryption Cipher

You need to specify the default cipher for the Netlet rules. This is useful when using existing rules that did not include the cipher as a part of the rule. This is a mandatory field. See Backward Compatibility.

    To Specify the Default Cipher
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Default Native VM Cipher or Default Java Plugin Cipher field and select the required cipher from the drop-down list. See Supported Ciphers for a list of supported ciphers.

  8. Click Save to record the change.

Assign the Default Loopback Port

This attribute specifies the port to be used on the local machine when applets are downloaded through Netlet. The default value of 58000 is used unless the value is overridden in the Netlet rules.

    To Assign the Default Loopback Port
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Default Loopback Port field and type the desired port number.
  8. Click Save to record the change.

Enable Reauthentication for Connections

Enable this option if you want the user to enter the Netlet password each time a Netlet connection needs to be established. If you enable this option, the warning popup for connections is not displayed on the user’s desktop. See Display Warning Popup for Connections for details.

Enabling this option allows the user to change the reauthentication password using the Netlet channel edit option. The initial password is srap-Netlet by default.

    To Enable Reauthentication for Connections
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Reauthenticate for Connections field and select the option.
  8. Click Save to record the change.

Display Warning Popup for Connections

This attribute displays a warning popup dialog box on the user’s desktop when someone is trying to connect to Netlet through the listen port and the user is running an application using Netlet. If you do not want the popup to appear on the user’s desktop, deselect this attribute.

    To Enable the Warning Popup for Connections
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the "location" in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Select the Display Warning Popup for Connections checkbox to enable the warning popup.
  8. Click Save to record the change.

Enable the Display Checkbox in Port Warning Dialog

This attribute displays a checkbox in the warning popup on the users desktop when Netlet tries to connect to the destination host through a freely available port on the local machine, if its enabled in the administration console. This checkbox gives the user the option to enable or disable the popup, by checking or unchecking it accordingly on the desktop.

You can allow the user to suppress this warning popup by disabling the Display Checkbox in Port Warning Dialog option in the administration console.

    To Allow the User to Suppress the Port Warning Dialog
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Display Checkbox in Port Warning Dialog field and uncheck the box.
  8. Click Save to record the change.

Set the Keep Alive Interval

If the client is connecting to the Gateway through a web proxy, then idle Netlet connections are disconnected due to proxy time out. To prevent this, give a value less than the proxy time-out for this parameter.

    To Set the Keep Alive Interval
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Keep Alive Interval (in minutes) field, and type the required time interval.
  8. Click Save to record the change.

Set the Terminate Netlet at Portal Logout Option

Enable this option if you want to ensure that all connections are terminated when a user logs out of the Portal Server. This ensures greater security. This option is enabled by default.

Disable this option to ensure that live Netlet connections are operational even after the user has logged out of the Portal Server desktop.

Note

Disabling this option does not allow the user to make new Netlet connections after logging out of the Portal Server. Only existing connections are preserved.

    To Set the Terminate Netlet at Portal Logout Option
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Terminate Netlet at Portal Logout field and select or deselect the checkbox as required.
  8. Click Save to record the change.

    9. See also Running Netlet in a Sun Ray Environment.

Define Access to Netlet Rules

You can define access to specific Netlet rules for certain organizations, roles or users.

    To Define Access to Netlet Rules
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Access to Netlet Rules field.
  8. Type the name of the rule that you want to make available for the selected organization in the Access to Netlet Rules field.

    9. An asterisk (*) in this field indicates that all the defined Netlet rules are available for the selected organization.

  9. Click Add.

    10. The specified rule is added to the Access to Netlet Rules list.

  10. Repeat steps 7, 8 and 9 for each Netlet rule that you want to make available.
  11. Click Save to record the change.

Deny Access to Netlet Rules

You can deny access to specific Netlet rules for certain organizations, roles or users.

    To Deny Access to Netlet Rules
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Deny Netlet Rules field.
  8. Type the name of the rule to which you want to deny access for the selected organization in the Deny Netlet Rules field.

    9. An asterisk (*) in this field indicates that all the defined Netlet rules are denied access for the selected organization.

  9. Click Add.

    10. The specified rule is added to the Deny Netlet Rules list.

  10. Repeat steps 7, 8 and 9 for each Netlet rule for which you want to deny access.
  11. Click Save to record the change.

Allow Access to Hosts

You can define access to specific hosts for certain organizations, roles or users. This enables you to allow access to certain hosts. For example, you can set up the Allow list with five hosts to which the user can telnet.

    To Allow Access to Hosts
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Allowed Hosts field.
  8. Type the name of the host for which you want to allow access in the Allow Hosts field.

    9. An asterisk (*) in this field indicates that all the hosts in the specified domain are accessible. For example, if you specify *.sesta.com, all the Netlet targets within the sesta.com domain can be executed by the user. You can also specify a wild card IP address such as xxx.xxx.xxx.*.

  9. Click Add.

    10. The specified host is added to the Allowed Hosts list.

  10. Repeat steps 7 and 8 for each host that you want to make available.
  11. Click Save to record the change.

Deny Access to Hosts

You can deny access to specific hosts within an organization. Specify the host for which you want to deny access in the Denied Hosts list.

    To Deny Access to Hosts
  1. Log in to the Access Manager administration console as administrator.
  2. Select the Identity Management tab.
  3. Select Organizations from the View drop-down list.
  4. Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
  5. Select Services from the View drop-down list.
  6. Click the arrow next to Netlet under SRA Configuration.

    7. The Netlet page is displayed in the right pane.

  7. Scroll to the Denied Hosts field.
  8. Type the name of the host for which you want to deny access in the Denied Hosts field.

    9. An asterisk (*) in this field indicates that the user is denied access to all the hosts within the selected organization. For example, to deny access to all the hosts in the organization sesta, type *.sesta.com in the Denied Hosts field.

    To deny access to a specific host, specify the fully qualified name. For example, to deny access to a host abc, type abc.sesta.com.

  9. Click Add.

    10. The specified domain is added to the Access to Domains list.

  10. Repeat steps 7 and 8 for each domain that you want to make available.
  11. Click Save to record the change.

Proxy Configuration

The following attributes can be configured at the user level:

If you do not specify these values in the administration console and Netlet is unable to determine the browser proxy setting, the user is asked for this information when a connection is being established through Netlet for the first time. This information is stored and used for future connections by the user.

Netlet fails to determine the browser proxy setting in the following scenarios:

In both these cases, Netlet may not be able to determine the browser settings, and hence the user is asked to supply the following information:



Previous      Contents      Index      Next     

Part No: 817-7693.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.