Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java(TM) System Administration Server 5 2004Q2 Administration Guide 

Chapter 2
Introduction to Sun Java System Server Console

This chapter shows you how to log in to, customize, and use Sun Java System Server Console. It contains the following sections:

Starting Server Console and Logging In

Server Console is a stand-alone Java application that works in conjunction with an instance of Directory Server and an instance of Administration Server on your network. Typically, you log in to Server Console using a server administrator account, for example “admin”. If the instance of Administration Server that you are logging in to requires client authentication, you are prompted to present a client certificate. This certificate is used to create a secure channel of communication between Server Console and the instance of Administration Server. This section describes login procedures for both cases.

Starting Server Console

Enter basedir/usr/sbin/mpsadmserver startconsole [arguments] where basedir is the base directory where you installed the packages (by default package contents are placed under /), and arguments are any of the optional command-line arguments listed in Table 2-1.

Table 2-1  startconsole Command Line Arguments

Argument

What it Does

-a adminURL

Specifies a base URL for the instance of Administration Server to use such as http://server.example.com:1389.

-f fileName

Captures errors and system messages to fileName.

-h

Displays a usage message explaining command-line options.

-l languageCode

Specifies which language this version of Server Console should use.

Supported values for languageCode are:

  • de (German)
  • en (English)
  • es (Spanish)
  • fr (French)
  • ja (Japanese)
  • ko (Korean)
  • zh_TW (Traditional Chinese)

-u userID

Specifies the user logging in to Server Console.

-w password

Specifies the password for the user entered with the -u argument.

-x extraOptions

Specifies that you want to use extra options.

Supported values for extraOptions are nowinpos and nologo. If you specify the nologo option, the Sun Java System Server Console splash screen is not displayed. If you specify the nowinpos option, the Server Console window is placed in the upper left corner of the screen. To specify both options, separate them with a comma.

Logging In to Server Console With a User Name and Password

The following procedure explains how to log in to Server Console with a user name and password only. If you are logging in to an instance of Administration Server that requires you to present a client certificate, see Logging In to Server Console Using Client Authentication

To Log in to Server Console With a User Name and Password

  1. Start Server Console.

    2. For more information, see Starting Server Console.

  2. In the Server Console Login dialog box, enter your user ID, password, and the URL for the instance of Administration Server you want to access.

    3. When specifying an Administration Server URL, you can use a host name and port number or IP address and port number. You do not need to include http:// or use a fully qualified domain name, but you must include the Administration Server port number.

    Figure 2-1  Sun Java System Server Console Login
    You may login to local and remote Administration Servers.

  3. Click OK.

    4. The user ID and password you use to log in determine which servers and server operations you can access through Server Console. See Overview of Access Control for more information.

    Tip

    Server Console remembers the last five Administration URLs entered. To use one of these URLs, select it from the drop-down list in the Administration URL field.

Logging In to Server Console Using Client Authentication

When logging in to an instance of Administration Server that has been configured to require client authentication, you enter your user name and password, and then present a client certificate. This certificate is used by the instance of Administration Server to establish an SSL-enabled connection with Server Console. For more information on this process, known as the Secure Sockets Layer (SSL) handshake, see Appendix B, "Introduction to SSL."

The client certificates that Server Console presents to an instance of Administration Server are stored in Mozilla certificate database format. New and existing certificates are not recognized by Administration Server unless they are stored in this format. For initial setup of client authentication, store certificates in the Netscape Navigator browser. After initial setup certificates can be stored in other browser certificate databases. For more information about Netscape Navigator certificate database format and certificate storage see To Set Up Client Authentication for Users.

Depending on which types of certificates the instance of Administration Server is configured to accept, you might be able to use an existing certificate, or you might need to request a new one. You can use Mozilla to request and install client certificates.

This section tells you how to do the following:

For more information on configuring an instance of Administration Server to require client authentication, see Chapter 9, "Using SSL and TLS with Sun Java System Servers."

To Request and Install a New Client Certificate

  1. Go to the web site for a certificate authority (CA) that is trusted by the instance of Administration Server that you want to establish a secure connection with.
  2. Follow the CA’s instructions to request and install a client certificate.

    3. Note

    If you already have a client certificate that is acceptable to the instance of Administration Server you use, you do not need to request and install a new certificate.

To Make Your Client Certificate Available to Server Console

  1. From the system prompt, go to your .mozilla account, which is usually under .mozilla/username/string.slt/. For example, .mozilla/bjensen/string.slt/.
  2. Copy the key3.db, cert8.db, and secmod.db files to the .mcc subdirectory of your home directory.

    3. These files are the certificate database files that Server Console uses during client authentication. These files are only used by Server Console. Administration Server creates and uses its own certificate database files.

To Establish a Secure Connection With an Instance of Administration Server

  1. Start Server Console.

    2. For more information, see Starting Server Console.

  2. In the Server Console Login dialog box, enter your user ID, password, and the URL for the secure instance of Administration Server you want to access.

    3. When specifying an Administration Server URL, you can use a host name and port number or IP address and port number. Make sure to include https:// and the Administration Server port number in the URL.

    Figure 2-2  Secure Sun Java System Server Console Login
    You may login securely to local and remote Administration Servers.

  3. Click OK.

    4. The user ID and password you use to log in determine which servers and server operations you can access through Server Console. See Overview of Access Control for more information.

  4. In the Password Entry dialog box, enter the password for the Administration Server certificate database (this is the same as the password for your Mozilla certificate database), and then click OK.
  5. In the “Select a Certificate” dialog box, select your client certificate from the drop-down list, and then click OK.

    6. Server Console presents this certificate to the instance of Administration Server. If the instance of Administration Server is configured to accept certificates from your CA, your user name and password are authenticated, and you see the Administration Server interface. Otherwise, you are prompted to select a different certificate.

A Tour of Server Console

After you log in to an Administration Server instance, you see the Server Console interface. This section introduces the graphical elements of this interface and explains the basic concepts you need to understand before managing Sun Java System servers with Server Console.

Server Console Menus

The main Server Console window shown in Figure 2-3 has five menus: Console, Edit, View, Object, and Help. Table 2-2 summarizes what these menus are used for.

Table 2-2  Sun Java System Server Console’s Menus and What You Can Do With Them

Menu

What It Lets You Do

Console

Add and remove items from the navigation tree.

Edit

Set general Server Console preferences.

View

Change the appearance of the main Server Console window.

Object

Perform tasks related to resources such as administration domains, server groups, and servers.

Help

Obtain online assistance while using Server Console.

Other Sun Java System products may have additional menus or use these menus differently. For more information, see the documentation for each product.

Figure 2-3  Main Sun Java System Server Console Window

The figure shows the parts of the graphical server console.

Server Console Tabs

The main Server Console window (shown in Figure 2-3) has two tabs: “Servers and Applications” and “Users and Groups.” The Servers and Applications tab contains a navigation tree and an information panel. The Users and Groups tab has an interface that you can use to manage entries in the user directory. The Users and Groups tab is discussed in Chapter 4, "Managing Users and Groups From the Console."

The Servers and Applications Tab

The Servers and Applications tab consists of a navigation tree and an information panel. The navigation tree represents a Sun Java System topology. A topology is a hierarchical representation of all the resources, or objects (such as servers, applications, and hosts), that are registered in a configuration directory. You use the navigation tree to navigate to the resource you want to work with.

One type of resource in a topology is an administration domain. An administration domain is a collection of host systems and servers that share a user directory.

A number of server groups can exist within an administration domain. A server group consists of one or more servers that are managed by a common instance of Administration Server and that share a server root folder. The individual servers in a server group are instances of server software that provide specific services such as directory database services, messaging, and publishing.

Figure 2-3 shows a sample navigation tree. In this example, the example.com administration domain includes three hosts. If the administration domain grows, an administrator can install additional server groups on these hosts.

On the right-hand side of the Servers and Applications tab is the information panel. When you select an administration domain, host, server group, or server instance in the navigation tree, this panel displays detailed information about it. Depending on the selected resource, you can edit all or some of these details.

For information on modifying administration domain settings, see To Modify an Administration Domain. For information on modifying host, server group, and instance information, see Modifying Host, Server Group, and Instance Information.

The Administration Domain

An administration domain is a group of Sun Java System server products that share a user directory for data management and authentication. A company might want to create separate administration domains for each of its business sites. Each of these domains could include the host computers used only by that business site.

Before you can create a new administration domain, you must be a member of the Configuration Administrators group. If you are not a member of this group, you must ask your Configuration Administrator to add you to it. For instructions on adding a user to the Configuration Administrators group, see To Add Users to the Configuration Administrators Group.

To Create an Administration Domain

  1. Open Server Console.
  2. From the Console menu, choose Create Administration Domain.
  3. In the Create Administration Domain dialog box, enter domain information:

    4. Domain Name. Enter a name that helps you identify this domain. This can be a fully qualified domain name such as example.com or a descriptive title such as East Coast Sales.

    User Directory Host. Specify the host machine on which the user directory for this domain is located. Use the fully qualified domain name. For example, east.example.com.

    User Directory Port. Enter the port number for the user directory you specified above.

    Secure Connection. Check this box if you want to connect to the user directory using SSL. If you select this option, make sure that the user directory port you have entered is already enabled for SSL communication.

    Directory Subtree. Enter the base DN of the user subtree in the directory. Example: dc=example,dc=com

    Bind DN. Enter the distinguished name for a user who has full access permission to the user directory. Example: uid=jdoe,ou=people, dc=example,dc=com.

    Bind Password. Enter the password for the user specified by the Bind DN.

    Owner DN. Enter the distinguished name for the user who has administrative control over this domain. By default, your DN is entered.

  4. Click OK.

    5. If you have changed the User Directory option or the Secure Connection option, you must restart the server for the change to take effect.

To Modify an Administration Domain

  1. In the Server Console navigation tree, select the domain you want to modify, then click the Edit button in the server information panel.
  2. Modify domain information as necessary:

    3. Domain Name. Enter the name of the domain as you want it to appear in the navigation tree.

    Description (Optional). Enter a text string that helps you identify this domain.

    User Directory Host and Port. Specify the location of the user directory using the host computer’s fully qualified domain name and port number. You can enter more than one user directory location separated by spaces. This is useful when you use multiple directories to allow users to log in if a primary Directory Server is inaccessible. Example:

    east.example.com:389 west.example.com:389

    See User Authentication and Directory Failover Support for more information.

    All host computers specified in the User Directory Host and Port field must have the same settings for the following fields:

    Secure Connection. Check this box if the new user directory port is already enabled for SSL communication.

    User Directory Subtree. Enter the base DN of the user information in the new user directory. Example: dc=example,dc=com

    Bind DN. Enter the distinguished name for a user who has full access permission to the new user directory. Example: uid=jdoe,ou=people, dc=example,dc=com.

    Bind Password. Enter the password for the user specified by the Bind DN.

    Caution

    These settings affect all servers in the domain. If you make changes here, you must restart all servers in the domain.

  3. Click OK.

To Remove an Administration Domain

  1. Open Server Console.
  2. Remove all server instances from the administration domain that you want to remove.

    3. For more information on removing server instances, see Removing a Server Instance.

  3. Select the administration domain that you want to remove.
  4. From the Console menu, choose Remove Administration Domain.
  5. Click OK.

Customizing Server Console

This section tells you how to specify where to store display settings as well as how to change the appearance of Server Console to meet your specific needs. It explains the following:

In addition, you can change Server Console’s appearance by applying access control instructions to user interface elements. This procedure is discussed in Chapter 8, "Access Control."

Storing Display Settings

When you exit Server Console, any display changes made during the session are saved. This includes changes to window size or position; banner bar, status bar, or navigation tree visibility; and fonts.

You can store these display settings on the network or on your local disk. If, at any time, you want the settings reset to what they were when you installed Server Console, you can do so.

To Change Where Display Settings Are Stored

  1. In Server Console, from the Edit menu, choose Preferences.
  2. Click the Settings tab.
  3. Specify where you want to save your display settings:

    4. In your configuration directory. Select this option if you want to be able to use your settings no matter where you are when you log in to Server Console. This option is useful if you frequently “roam” between a number of similar workstations at your business site. No matter what workstation you’re using, when you log in to Server Console you can use your preset display preferences.

    On your computer’s hard disk. Select this option if you want to be able to use different display settings depending upon the individual workstation you’re using. This option is useful when you use one workstation at work and a dissimilar system, such as a laptop computer, at home. The settings for the workstation are stored and used on the workstation. The settings for the laptop are stored and used on the laptop.

  4. Click OK.

To Reset Display Settings to Their Default Values

  1. In Server Console, from the Edit menu, choose Preferences.
  2. Click the Settings tab.
  3. Click the Restore Defaults button to revert to the default display settings.
  4. Click OK.

Setting Display Fonts

You can specify which fonts Server Console should use for different screen elements. If you use more than one computer system to administer servers, you can save different sets of font preferences, or profiles, for use on each system.

To Create a Font Profile

  1. In the main Server Console window, from the Edit menu, choose Preferences.
  2. Click the Fonts tab.
  3. Click Save As, enter a name for this profile, and then click OK.
  4. In the Screen Element column, click a screen element that you want to change the font for.

    5. The Font column contains samples of the fonts that are currently associated with the listed screen elements.

  5. Click Change Font.

    6. The Select Font dialog box appears.

  6. In the Select Font dialog box, make your font selections:

    7. Font. Choose the font face you want to use for this element.

    Size. Choose a size for the selected font face.

    Bold. Select this option to display the font in bold.

    Italic. Select this option to display the font in italics.

    Sample. This frame displays sample type using the current settings.

  7. Click OK to close the Select Font dialog box.
  8. If you want to set fonts for additional screen elements, repeat steps 4 through 7.
  9. Click OK to save the profile.

To Edit an Existing Font Profile

  1. In the main Server Console window, from the Edit menu, choose Preferences.
  2. Click the Fonts tab.
  3. Select the font profile to edit.

    4. From the Font Profile drop-down list, choose a profile. If the list is grayed out, no profiles are available.

  4. Make the desired changes to the font profile.
  5. Click OK to save the profile.

To Rename a Font Profile

  1. In the main Server Console window, from the Edit menu, choose Preferences.
  2. Click the Fonts tab.
  3. Select the font profile to rename.

    4. From the Font Profile drop-down list, choose a profile. If the list is grayed out, no profiles are available.

  4. Click Save As, enter the new name for this profile, and then click OK.

    5. A new profile with the name you specified appears in the Font Profile drop-down list. The original profile is still listed.

  5. From the Font Profile drop-down list, select the original font profile.
  6. Click Remove, and then confirm the deletion.
  7. Click OK to save the renamed profile.

Customizing the Main Window

You can specify which elements of the main Server Console window you want to see.

To Customize the Main Window

Select or deselect items in the View menu.

Selecting a menu item displays it and deselecting an item hides it. You can show or hide the following screen elements:

Creating Custom Views of the Navigation Tree

You can create custom views of the navigation tree. Custom views are useful when you want to see the resources that you access routinely, and hide resources that you access infrequently.

When creating a custom view, you can specify whether the view is public or private. A public view is visible to any user who logs in to Server Console. A private view is visible only to the person who created it.

To Create a Custom View of the Navigation Tree

  1. From the View menu, choose Custom View Configuration, then click New.
  2. Choose whether the new view is public or private, then click OK.

    3. By default, a public view is visible to all users of Server Console, but you can restrict access to it using access control instructions (ACIs). For more information, see To Set Access Permissions for a Public View.

    A private view is only visible to you. You cannot apply ACIs to it.

  3. Use the Edit View window shown in Figure 2-5 to customize the tree.
  4. Click OK when you have finished adding resources.

In the example that follows, an administrator has created a view named Directory Servers that includes instances of Directory Server and their hosts.

Figure 2-5  Customized Navigation Tree

The figure shows customization of a navigation tree view.

Working With Custom Views

You can create multiple views to suit your needs, and can switch to the Custom View required for a specific task or choose the Default View to see all the servers in the navigation tree.

When you install Server Console, a Custom View is configured for you. This view displays server instances grouped by type; it does not include administration domains, hosts, or server groups.

To Switch to a Custom View

Choose the desired custom view from the drop-down list on the Servers and Applications tab. To return to the default view, choose Default View from the drop-down list.

To Edit a Custom View

  1. From the View menu, choose Custom View Configuration.
  2. Select a Custom View from the list and click Edit.
  3. Make any necessary changes to the Custom View.
  4. Click OK.

To Rename a Custom View

  1. From the View menu, choose Custom View Configuration.
  2. Choose a Custom View from the list and click Edit.
  3. In the Edit View window, position the cursor in the text field, then type the new name for your Custom View.
  4. Click OK.

To Set Access Permissions for a Public View

  1. From the View menu, choose Custom View Configuration.
  2. Choose a public Custom View from the list and click Access.
  3. Specify the ACI you want to use, or create a new ACI:
    • If you want to use an existing Access Control Instruction (ACI), select it and click OK.
    • If you want to create a new ACI, click New, and then follow the directions for creating a new ACI under Using the ACI Manager and ACI Editor.
  4. Click OK when you have finished setting access permissions.

For more information on setting Access Permissions and creating Access Control Instructions, see Chapter 8, "Access Control."

To Delete a Custom View

  1. From the View menu, choose Custom View Configuration.
  2. Choose a Custom View from the list and click Delete.
  3. Click Yes to confirm the deletion.



Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.