Chapter 1
Planning the Installation
Before you begin installing your Sun ONE Portal Server software, you must plan your installation carefully. Familiarize yourself with how the installation software is packaged, what the requirements for your system are, and what information you must have so that you can complete the installation successfully.
This chapter contains the following sections:
Sun ONE Portal Server Overview
The Sun ONE Portal Server 6.2 product gives end users a portal Desktop, which provides access to resources and applications. The Sun ONE Portal Server software also provides a search engine infrastructure that enables intranet content to be organized and accessed from the portal Desktop. Additionally, in this release, the Communication Channels are now installed with the Sun ONE Portal Server software. The communication channels consist of mail, calendar, address book, and instant messaging channels.
The Sun ONE Portal Server 6.2 release also offers Secure Remote Access support, which enables remote users to securely access their organization’s network and its services over the Internet. Additionally, it gives your organization a secure Internet portal, providing access to content, applications, and data to any targeted audience--employees, business partners, or the general public.
The Sun ONE Portal Server software also includes data migration tools for sites that are upgrading from previous Sun ONE Portal Server versions.
The layers below the Sun ONE Portal Server software provide functions and services such as web application container (via the Sun ONE Web Server software or the Sun ONE Application Server), user, service and policy management, authentication and single sign-on, administration console (via the Sun ONE ONE Identity Server software), directory schema and data storage (via the Sun ONE Directory Server software), and protocol support (by standard browser software). The Sun ONE Portal Server software is installed separately, and makes use of these services rather than implementing them in the Sun ONE Portal Server software itself.
|
Note
|
The Sun ONE Portal Server is available as a bundled product in the Sun Java Enterprise System. See the Java Enterprise System installation documentation.
|
|
Sun ONE Portal Server Components
The Sun ONE Portal Server is composed of several distinct functional components. These components can be installed on a node with Portal Server (referred to as a Portal Server node) or a node without Portal Server (referred to as a separate node). Table 1-1 lists the installable components, their descriptions, and the nodes on which they can be installed.
Table 1-1 The Sun ONE Portal Server Components
Component
|
Description
|
Node
|
Sun ONE Portal Server
|
Gives end users a portal Desktop, which provides access to resources, applications, and a search engine infrastructure.
Subcomponents include:
- Secure Remote Access Support—this configures the Sun ONE Portal Server to communicate with the gateway, Netlet Proxy, and Rewriter Proxy.
- Sample Portal—This provides the sample Desktop.
- Secure Remote Access Sample
- Migration Tools
|
Portal Server node
|
Gateway
|
This component provides the interface and security barrier between remote user sessions originating from the Internet, and the corporate intranet.
|
Portal Server node, separate node
|
Netlet Proxy
|
This component extends the secure tunnel from the client through the gateway to Netlet Proxy that resides in the intranet. It restricts the number of open ports in a firewall between the demilitarized zone (DMZ) and the intranet.
Netlet Proxy is an optional component. You can choose not to install it, or install it later.
It cannot be installed on a gateway node.
|
Portal Server node, separate node
|
Rewriter Proxy
|
This components extends the secure connection from the gateway to the Portal Server.
Install Rewriter Proxy to redirect HTTP requests to the rewriter Proxy instead of directly to the destination host. Rewriter Proxy, in turn, sends the request to the destination server. If you do not specify a proxy, the gateway component makes a direct connection to intranet computers when a user tries to access one of those intranet computers.
|
Portal Server node, separate node.
|
Installation Guidelines
Consider these guidelines for your installation:
- The Sun ONE Portal Server can be installed on the same machine as Sun ONE Directory Server or on a different machine.
- Use the Java Enterprise System installer to install the Sun ONE Directory Server, a web container, and the Sun ONE Identity Server at the same time or before installing the Sun ONE Portal Server software.
- The machine running Sun ONE Portal Server must be able to access the machine running Sun ONE Directory Server. Any firewalls between the systems must not block connections to the Sun ONE Directory Server port.
|
Note
|
For better performance, you may want to install the Sun ONE Portal Server and the Sun ONE Directory Server on separate machines.
|
|
- The Sun ONE Portal Server must be installed on the same machine as the Sun ONE Identity Server.
Migration Guidelines
Sun ONE Portal Server 6.2 supports migration from iPlanet Portal Server 3.0 Service Pack 3a, Service Pack 4 or Service Pack 5. The migration tools are automatically installed with the Sun ONE Portal Server product.
You can install Sun ONE Portal Server 6.2 on an iPlanet Portal Server 3.0 (Service Pack 3a, Service Pack 4, or Service Pack 5) system for a single-system migration.
For complete migration information see the Sun ONE Portal Server 6.2 Migration Guide.
Upgrade Guidelines
Sun ONE Portal Server 6.2 supports upgrade from Sun ONE Portal Server versions 6.0 and 6.1. The upgrade tools are installed by the Java Enterprise System installer as part of the Sun ONE Portal Server.
For complete upgrade information see the Sun ONE Portal Server 6.2 Migration Guide.
Installation Scenarios
The Sun ONE Portal Server 6.2 product includes support for Secure Remote Access and can be installed in open-portal mode or secure-portal mode.
Open Mode
The Sun ONE Portal Server software can be installed in open mode, that is, without the gateway.
Single Server Installation
Figure 1-1 shows an example installation of the Sun ONE Portal Server, Sun ONE Identity Server, a web container, and Sun ONE Directory Server on a single machine.
Figure 1-1 Single Machine Installation
Multiple Server Installation
Figure 1-2 shows an example installation of the Sun ONE Portal Server, Sun ONE Identity Server, and a web container on multiple machines using Sun ONE Directory Server on another machine.
Figure 1-2
Multiple Machines Installation
Secure Mode
Depending on the end user and system requirements, you can install the gateway, the Netlet Proxy, or the Rewriter Proxy on a single machine with the Portal Server, or you can install them all on separate machines. A single-machine deployment is not generally recommended for production environments.
The Portal Server also supports an installation group that includes multiple gateways communicating with multiple servers. Figure 1-3 shows a diagram of the Portal Server in an installation that contains multiple gateway and server components.
See the Sun ONE Portal, Secure Remote Access 6.2 Deployment Guide for other possible configurations.
Figure 1-3 Multiple Gateway and Server Component Installation
Figure 1-3 shows a sample deployment of Secure Remote Access, consisting of the following components:
- Two clients: Browser 1 and Browser 2.
- Two Gateway hosts: Gateway 1 and Gateway 2. Gateway hosts are in the demilitarized zone (DMZ).
- A load balancer is also present in the DMZ to direct the HTTP and Netlet traffic to the available Gateway host.
- Two installations of the Portal Server with Secure Remote Access: Sun ONE Portal Server 1 and Sun ONE Portal Server 2.
- Sun ONE Portal Server 1 has the Rewriter Proxy installed on it, and Sun ONE Portal Server 2 has both the Rewriter and the Netlet Proxies installed on it.
- There is one application host: Application host 1.
- There are two other hosts: Other host 1 and Other host 2.
HTTP and Netlet requests from Browser 1 and Browser 2 are directed to the load balancer. The load balancer directs this to any available gateway.
The HTTP request from Browser 1 is directed to Gateway 1. This in turns directs the request to the Rewriter Proxy configured on Sun ONE Portal Server 1. In the absence of the Rewriter Proxy, HTTP requests to multiple intranet hosts would result in multiple ports being opened in the firewall. The Rewriter Proxy ensures that only one port is opened in the firewall. The Rewriter Proxy also extends SSL traffic from Gateway to the Portal Server node.
The HTTP request from Browser 2 is directed to the load balancer. This in turn directs the request to Gateway 2. From Gateway 2, the request is passed to Other host 2 through the Rewriter Proxy installed on Sun ONE Portal Server 2.
The Netlet request from Browser 2 is directed to Gateway 2 by the load balancer. Gateway 2 directs the request to the required Application host 2 through Netlet Proxy installed on Sun ONE Portal Server 2.
System Requirements
Before installing the Sun ONE Portal Server software, ensure that your system meets the following requirements.
Operating System Requirements
The Sun ONE Portal Server software requires at least a user distribution of the Solaris 8 Operating System or Solaris 9 Operating System.
Hardware Requirements
For a new installation of the software, your system must meet the following minimal hardware requirements:
Table 1-2 Hardware Requirements
Hardware Component
|
Solaris Requirement
|
Operating System
|
Solaris 8 or Solaris 9 Operating System (SPARC® platforms)
|
CPU
|
Sun SPARC or Solaris Operating System (x86 Platform Edition) workstation
|
RAM
|
512 Mbytes for evaluation install
1.2 Gbytes for deployment
|
Disk Space
|
1 Gbyte for Sun ONE Portal Server and associated applications
|
Required Software Components
The Sun ONE Portal Server
For installing the Sun ONE Portal Server, the following software products are required and must be installed before installing the Portal Server.
- Java 2 SDK (J2SDK) 1.4.1_05
- A web container—The Sun ONE Portal Server can be deployed on the following web containers:
- Sun ONE Application Server 7.0 MU 1
- Sun ONE Web Server 6.1
- BEA WebLogic Server 6.1 (SP5)
- IBM WebSphere® Application Server 4.0.5
- Sun ONE Directory Server 5.2
- Sun ONE Identity Server 6.1
- Sun ONE Administration Server 5.2
Install these software products before installing the Sun ONE Portal Server.
The Gateway
For installing the gateway alone, on a separate node, the following software is required:
The Netlet Proxy
For installing the Netlet Proxy alone, on an independent node, the following software is required:
The Rewriter Proxy
For installing the Rewriter Proxy alone, on an independent node, the following software is required:
Browser Recommendations
The following browsers are supported for administration and for accessing the Sun ONE Portal Server Desktop:
- Internet Explorer 5.5 and 6.0
- Netscape 4.7x or higher.
Sun ONE Portal Server Checklists
The parameters you define during the Sun ONE Portal Server installation depend on the components you choose to install. The following checklists describe the parameters needed for each of the following:
See "Web Container Checklists" for installation information needed for specific web containers.
Depending in the type of installation that you are performing, you might or might not use all the values shown in the following checklists. When using the Java Enterprise System Installer, you can install several component products at the same time, or perform different levels of configuration during install.
If you choose a custom installation or a minimal installation using the Java Enterprise System, you will use the values shown in the following checklist.
If you have performed a minimal installation, you will need to use the Sun ONE Portal Server configurator script to configure your Portal Server installation.
Sun ONE Portal Server And Secure Remote Access
Table 1-3 is a three column table that lists all the values that you might need for a Portal Server installation or post-minimal install configuration. Depending on the type of installation you perform, the values that you use might vary.
Table 1-3 is an example checklist that assumes a web server deployment. If you are deploying on Sun ONE Application Server, BEA WebLogic, or IBM WebSphere Application Server, see the section, "Web Container Checklists," for those web container values.
Table 1-3 Sun ONE Portal Server Installation Checklist
Parameter
|
Default Value
|
Description
|
Installation Directory
|
Component Installation Directory
|
/opt
|
This is the base directory in which the Sun ONE Portal Server software is installed.
|
Deployment Information
|
Deployment Type
|
Sun ONE Web Server
|
The Sun ONE Portal Server can be deployed on the Sun ONE Web Server, Sun ONE Application Server, BEA WebLogic Server, or IBM WebSphere Application Server.
This parameter is needed only if installing the Sun ONE Portal Server.
|
Deployment URI
|
/portal
|
The URI is the space on the web server or application server that the Sun ONE Portal Server uses. By default, content is deployed in portal-server-install-root/SUNWps/web-apps/ Server-Instance/URI where the URI, by default, is /portal.
The value for the deployment URI must have a leading slash and must contain only one slash. However, the deployment URI cannot be a “/” by itself.
|
Web Container Information (Sun ONE Web Server)
|
Installed Directory
|
/opt/SUNWwbsvr
|
This is the base directory in which the Sun ONE Web Server software is installed.
|
Instance
|
host
|
The default is the fully qualified host name. The value is the web server instance you want the Portal Server to use.
The instance name should not contain spaces.
|
Document Root Directory
|
/opt/SUNWwbsvr/docs
|
The directory where static pages are kept. This directory is created during the Sun ONE Identity Server install.
|
Identity Server Information
|
Installed Base Directory
|
/opt
|
This is the base directory in which the Sun ONE Identity Server software is installed.
|
Internal LDAP Authentication User Password
|
|
The Internal LDAP Authentication User Password chosen during the Sun ONE Identity Server installation.
This parameter is needed only when installing the Sun ONE Portal Server.
|
Administrator (amadmin) Password
|
|
The top level administrator (amadmin) password chosen during the Sun ONE Identity Server software installation.
|
Directory Manager DN
|
cn=Directory Manager
|
The LDAP directory manager distinguished name (DN).
|
Directory Manager Password
|
|
The directory manager password chosen during the installation of the Sun ONE Directory Server.
|
Secure Remote Access Information (for configuring Secure Remote Access Support)
|
Gateway Protocol
|
https
|
The Protocol that the gateway will use to communicate. The gateway will communicate using Secure Sockets Layer (SSL).
|
Portal Server Domain
|
portal-server-domain-name
|
The domain name for the machine on which the Sun ONE Portal Server is installed.
|
Gateway Domain
|
gateway-domain-name
|
The domain name of the gateway machine.
|
Gateway Port
|
443
|
The port on which the gateway listens.
|
Gateway Profile Name
|
default
|
This is the gateway profile that the Rewriter Proxy needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway administration console and associate different instances of gateway with different profiles.
Specify the same profile name specified when you installed Sun ONE Portal Server or Secure Remote Access support.
See “Creating a Gateway Profile” in the Sun ONE Portal Server, Secure Remote Access 6.2 Administrator’s Guide.
|
Password Encryption Key
|
|
The value of the encryption key. The encryption key is located in
identity-server-installation-root /SUNWam/lib/AMConfig.properties as the parameter am.encryption.pwd.
|
Log User Password
|
|
This allows administrators with non-root access to look at gateway log files.
|
Retype Password
|
|
Retype to verify password.
|
Gateway
Table 1-4 Gateway Installation Checklist
Parameter
|
Default Value
|
Description
|
Protocol
|
https
|
The protocol that the gateway uses to communicate. The gateway will usually communicate using Secure Sockets Layer (SSL).
|
Host Name
|
host
|
The fully qualified host name of the machine on which the gateway is installed.
|
Subdomain
|
gateway-subdomain-name
|
The subdomain name of the gateway machine.
|
Domain
|
gateway-domain-name
|
The domain name of the gateway machine.
|
IP Address
|
host-ip-address
|
The IP address of the Sun ONE Portal Server machine.
Specify the IP address of the machine on which the Sun ONE Identity Server was installed for the Sun ONE Portal Server.
|
Access Port
|
443
|
The port on which the gateway machine listens.
|
Gateway Profile Name
|
default
|
A gateway profile contains all the information related to gateway configuration, such as the port on which gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway administration console and associate different instances of gateway with different profiles.
Specify the same profile name specified when you installed Sun ONE Portal Server or Secure Remote Access support.
See “Creating a Gateway Profile” in the Sun ONE Portal Server, Secure Remote Access 6.2 Administrator’s Guide for more information
|
Log User Password
|
|
This allows administrators with non-root access to look at gateway log files.
|
Start the gateway after installation
|
Checked
|
The gateway can be started automatically (if this option is checked) or it can be started later.
To start the gateway manually use the following command located in portal-server-install-root/SUNWps/bin:
./gateway -n gateway-profile-name start
|
Certificate Information
|
Organization
|
MyOrganization
|
The name of your organization.
|
Division
|
MyDivision
|
The name of your division.
|
City or Locality
|
MyCity
|
The name of your city or locality
|
State or Province
|
MyState
|
The name of your state
|
Two-Letter Country Code
|
us
|
The two letter country code for your country.
|
Certificate Database Password
|
|
This can be any password you choose.
|
Retype Password
|
|
Retype the password to verify.
|
Netlet Proxy
Table 1-5 Netlet Proxy Installation Checklist
Parameter
|
Default Value
|
Description
|
Host Name
|
hostname
|
The host name of the machine on which you want to install the Netlet Proxy.
|
Subdomain
|
localhost-subdomain-name
|
The sub-domain name of the machine on which the Netlet Proxy is installed.
|
Domain
|
localhost- domain-name
|
The domain name of the machine on which the Netlet Proxy is installed.
|
IP Address
|
host-ip-address
|
The IP address of the Sun ONE Identity Server machine.
Specify the IP address of the machine on which the Sun ONE Identity Server was installed for the Sun ONE Portal Server.
|
Access Port
|
10555
|
The port on which the Netlet Proxy listens.
|
Gateway Profile Name
|
default
|
A gateway profile contains all the information related to gateway configuration, such as the port on which gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway administration console and associate different instances of gateway with different profiles.
Specify the same profile name specified when you installed Sun ONE Portal Server or Secure Remote Access support.
See “Creating a Gateway Profile” in the Sun ONE Portal Server, Secure Remote Access 6.2 Administrator’s Guide for more information.
|
Log User Password
|
|
This allows administrators with non-root access to look at gateway log files.
|
Start Netlet Proxy after installation
|
checked
|
The Netlet Proxy can be started automatically (if this option is checked) or it can be started later. To start the Netlet Proxy manually use the following command located in netlet-proxy-install-root/SUNWps/bin
./netletd -n default start
|
Certificate Information
|
Organization
|
MyOrganization
|
The name of your organization.
|
Division
|
MyDivision
|
The name of your division.
|
City or Locality
|
MyCity
|
The name of your city or locality.
|
State or Province
|
MyState
|
The name of your state or province.
|
Two-letter Country Code
|
us
|
The two-letter country code for your country.
|
Certificate Database Password
|
|
This can be any password you choose.
|
Retype Password
|
|
Retype the password to verify.
|
Rewriter Proxy
Table 1-6 Rewriter Proxy Installation Checklist
Parameter
|
Default Value
|
Description
|
Host Name
|
hostname
|
The host name of the machine on which you want to install the Rewriter Proxy.
|
Subdomain
|
localhost-subdomain-name
|
The sub-domain name of the machine on which the Rewriter Proxy is installed.
|
Domain
|
localhost- domain-name
|
The domain name of the machine on which the Rewriter Proxy is installed.
|
IP Address
|
host-ip-address
|
The IP address of the Sun ONE Identity Server machine.
Specify the IP address of the machine on which the Sun ONE Identity Server was installed for the Sun ONE Portal Server.
|
Access Port
|
10443
|
The port on which the Rewriter Proxy listens.
|
Gateway Profile Name
|
default
|
A gateway profile contains all the information related to gateway configuration, such as the port on which gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway administration console and associate different instances of gateway with different profiles.
Specify the same profile name specified when you installed Sun ONE Portal Server or Secure Remote Access support.
See “Creating a Gateway Profile” in the Sun ONE Portal Server, Secure Remote Access 6.2 Administrator’s Guide for more information.
|
Log User Password
|
|
This allows administrators with non-root access to look at gateway log files.
|
Start the Rewriter Proxy after installation
|
Checked
|
The Rewriter Proxy can be started automatically (if this option is checked) or it can be started manually later.
To start the Rewriter Proxy manually use the following command located in rewriter-proxy--install-root/SUNWps/bin
./rwproxyd -n default start
|
Certificate Information
|
Organization
|
MyOrganization
|
The name of your organization.
|
Division
|
MyDivision
|
The name of your division.
|
City or Locality
|
MyCity
|
The name of your city or locality.
|
State or Province
|
MyState
|
The name of your state or province.
|
Two-letter Country Code
|
us
|
The two-letter country code for your country.
|
Certificate Database Password
|
|
This can be any password you choose.
|
Retype Password
|
|
Retype the password to verify.
|
Web Container Checklists
The Sun ONE Portal Server installation has dependencies on some web container parameters. The following checklists describe the parameters that will be needed during the Sun ONE Portal Server installation process. See the checklist that pertains to the web container on which you are deploying the Sun ONE Portal Server product.
For more information about using the supported application servers with the Sun ONE Portal Server, see the appendix in this guide that pertains to your application server deployment.
Sun ONE Web Server Checklist
Table 1-7 Sun ONE Web Server Values Used During Sun ONE Portal Server Installation
Parameter
|
Default Value
|
Description
|
Installed Directory
|
/opt/SUNWwbsvr
|
The base directory in which the Sun ONE Web Server is installed.
|
Instance
|
host
|
The web server instance you want the Portal Server to use.
The instance name should not contain spaces.
|
Document Root Directory
|
/opt/SUNWwbsvr/docs
|
The directory where static pages are kept. This directory is created during the Sun ONE Identity Server install.
|
Sun ONE Application Server Checklist
Table 1-8 Sun ONE Application Server Values Used During Sun ONE Portal Server Installation
Parameter
|
Default Value
|
Description
|
Installed Directory
|
/opt/SUNWappserver7
|
Directory in which the Sun ONE Application Server is installed.
|
Domain
|
/var/opt/SUNWappserver7/ domains/domain1
|
The Sun ONE Application Server domain contains a set of instances. The domain specified will contain the instance used by the Sun ONE Portal Server. This domain must already be configured.
|
Instance
|
server1
|
The name of the Sun ONE Application Server instance to which the Sun ONE Portal Server will be deployed. This instance must already be configured.
The instance name should not contain spaces.
|
Document Root Directory
|
/var/opt/SUNWappserver7/ domains/domain1/server1/ docroot
|
The directory where static pages are kept. This directory is created during the Sun ONE Identity Server install.
|
Administrator
|
admin
|
The administrator user ID.
|
Administration Port
|
4848
|
The port number of the administration server.
|
Administration Password
|
|
The administration server password.
|
BEA WebLogic Server Checklist
Table 1-9 BEA WebLogic Server Values Used During Sun ONE Portal Server Installation
Parameter
|
Default Value
|
Description
|
Installed Directory
|
/bea/wlserver6.1
|
The directory in which the BEA WebLogic Server software is installed.
|
Domain
|
mydomain
|
The BEA WebLogic Server domain contains a set of instances. The domain specified will contain the instance used by the Sun ONE Portal Server. This domain must already be configured.
|
Instance
|
myserver
|
The name of the BEA WebLogic Server instance to which the Sun ONE Portal Server will be deployed. This instance must already be configured.
The name must not contain a space.
If you are installing Sun ONE Portal Server on an administration server instance this will be the name of the administration server instance. Otherwise it will be the name of the managed server instance.
|
Document Root Directory
|
/bea/wlserver6.1/config/ mydomain/applications/ DefaultWebApp
|
The document root value of DefaultWebApp needs to be deployed to the BEA WebLogic Server instance you are running the Portal Server software on. DefaultWebApp is the default web application, from which is served static content in a BEA WebLogic Server. By default it is only deployed to the domain (mydomain) and the server instance defined or created during the BEA WebLogic Server install. This means that if you create your own BEA WebLogic Server or domain, you need to deploy the DefaultWebApp to it, either by copying the directory to the new server’s deployment directory, or by using the BEA WebLogic Server administration console. See the BEA WebLogic Server documentation for more detail on how to configure a default web application.
|
Administrator
|
system
|
The administrator’s user ID.
|
Administration Password
|
|
The system password.
|
Administration Protocol
|
http
|
Protocol on which the administration server of BEA WebLogic Server runs on.
|
Administration Port
|
7001
|
Port on which the administration server of BEA WebLogic Server is running. If the Sun ONE Portal Server is installed on the BEA WebLogic Server administration server itself, the port on which Portal Server runs and the administration port of BEA WebLogic Server will be the same.
|
IBM WebSphere Application Server Checklist
Table 1-10 IBM WebSphere Application Server Values Used During Sun ONE Portal Server Installation
Parameter
|
Default Value
|
Description
|
Installed Directory
|
/opt/WebSphere/AppServer
|
The directory in which the IBM WebSphere Application Server software is installed.
|
Virtual Host
|
default_host
|
|
Node
|
machine-name
|
|
Instance
|
Default_Server
|
The name of the instance to which the Sun ONE Portal Server will be deployed. This instance must already be configured.
Portal Server cannot be installed into an application server instance or domain whose name contains a dash or a space, for example, Default-Server or Default Server.
For instructions on renaming an instance, see Appendix C, "IBM WebSphere Application Server."
|
Document Root Directory
|
/opt/IBMHTTPD/htdocs/ en_US
|
The directory where static pages are kept. This directory is created during the Sun ONE Identity Server installation.
|