Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Directory Proxy Server 5 2004Q2 Administration Guide 

Chapter 4
Introducing Directory Proxy Server Console

After installing Directory Proxy Server, you first configure it to function with your directory deployment, and then on, closely monitor its activities. In administering Directory Proxy Server, you perform server-specific tasks such as starting, stopping, and restarting the server; creating groups; setting up the server to identify certain events and execute appropriate actions; changing configuration; performing any routine server maintenance tasks; and monitoring logs.

To enable you to accomplish these server-specific tasks quickly and easily, Directory Proxy Server provides GUI-based administration tools, called the Directory Proxy Server Console and Directory Proxy Server Configuration Editor Console, both of which are accessible from within the Console. This chapter provides an overview of both Sun Java System and Directory Proxy Server consoles.

The chapter has the following sections:


Getting Started With Sun Java System Server Console

The Sun Java System Server Console is a stand-alone Java application that provides a GUI-based front end to all network resources registered in an organization's configuration directory. This unified administration interface simplifies network administration by supplying access points to all Sun Java System version 5.x server instances installed across a network. Similarly, it simplifies basic user and group management by providing a unified administration interface to the user directory.

Figure 4-1 shows the "Servers and Applications" tab of the Sun Java System Server Console with a Directory Proxy Server instance selected.

Figure 4-1 Sun Java System Server Console: Servers and Applications Tab

Sun Java System Server Console: Servers and Applications tab.

Servers and Applications Tab

For any given instance of the Sun Java System Server Console, the limits of the network it can administer are defined by the set of resources whose configuration information is stored in the same configuration directory—that is, the maximum set of hosts and servers that can be monitored from the Sun Java System Server Console. The super administrator (the person who manages the configuration directory) can set access permissions on all network resources registered in the configuration directory. Thus, for a given administrator using the Sun Java System Server Console, the actual number of visible hosts and servers may be fewer, depending on the access permissions set by the super administrator.

The "Servers and Applications" tab displays all servers registered in a particular configuration directory, giving you a consolidated view of all the server software and resources under your control. What you control is determined by the access permissions the super administrator has set up for you.

From this view, you can perform tasks across arbitrary groups or a cluster of servers in a single operation. In other words, you can use the "Servers and Applications" tab to manage a single server or multiple servers that are installed on different ports on one machine. Also, you can access individual server consoles (or administration interfaces) by double-clicking the icons for the corresponding server instance entries (SIEs).

You can accomplish various Directory Proxy Server-specific tasks from the "Servers and Applications" tab:

Users and Groups Tab

The "Users and Groups" tab (shown in Figure 4-2) manages user accounts, group lists, and access control information for individual users and groups. All applications registered within the Sun Java System Server Console framework share core user and group information in the user directory, which typically is a global directory for corporate wide user data.

Figure 4-2 Sun Java System Server Console: Users and Groups Tab

Sun Java System Server Console: Users and Groups tab.

From this tab, you can perform the following user- and group-specific tasks:

Sun Java System Administration Server

Sun Java System Administration Server is a web-based (HTTP) server that enables you to configure all your Sun Java System servers, including Directory Proxy Server, via the Sun Java System Server Console. Administration Server (and the configuration directory) must be running before you can configure any of these servers. Administration Server is included with all the Sun Java System servers and is installed when you install your first server in a server group. A server group refers to servers that are installed in a server root directory and that are managed by a single instance of Administration Server.

You access Administration Server by entering its URL in the Sun Java System Server Console login screen as described in Logging In to the Sun Java System Server Console. This URL is based on the computer hostname and the port number you chose when you installed Directory Proxy Server. The format for the URL looks like this: http://<machine_name>.<your_domain>.<domain>:<port>

Whenever you try to gain access to Administration Server, you will be prompted to authenticate yourself to the configuration directory by entering your user ID and password. These are the administrator user name and password that you specified when you installed Directory Proxy Server (or the first server in the server group) and Administration Server on your computer. Once Administration Server is running, you can use the Sun Java System Server Console to administer all servers in that group, including Directory Proxy Server.

For complete details about Administration Server, see Managing Servers with Sun Java System Server Console. To locate an online version of this book in your Directory Proxy Server installation, open this file: <server-root>/manual/en/admin/ag/contents.htm

Starting the Administration Server

The Directory Proxy Server installation program automatically starts the instance of Administration Server that you identified during installation for monitoring Directory Proxy Server. If you stopped Administration Server after Directory Proxy Server installation, you must start it before you can administer Directory Proxy Server from the Directory Proxy Server Console.

You can start Administration Server from the command line.

All the above-mentioned methods start Administration Server at the port number you specified during installation. Once the server is running, you can use the Sun Java System Server Console to access Directory Proxy Server.

Stopping Administration Server

It is good security practice to shut down the Administration Server when you are not using it. This minimizes the chances of someone else changing your configuration. You can shut down the server from the Sun Java System Server Console, or the command line.


Accessing the Directory Proxy Server Consoles

To perform any of the Directory Proxy Server-administration tasks from the Directory Proxy Server consoles, you need to open it first.

Logging In to the Sun Java System Server Console

You can launch and use the Sun Java System Server Console only when the corresponding configuration directory and Administration Server are running. If the servers are not running, go to the command line and start them. For information on starting Administration Server from the command line, see Starting the Administration Server. For information on starting the configuration directory, check the Sun Java System Directory Server documentation.

When you launch the Sun Java System Server Console, it displays a login window. You are required to authenticate to the configuration directory by entering your administrator's ID, your password, and the URL (including the port number) of the Administration Server representing a server group to which you have access. You cannot use the Sun Java System Server Console without having access privileges to at least one server group on your network.

To Log In to the Sun Java System Server Console
  1. Open the Sun Java System Server Console application by using the appropriate option:
  2. For local access on a UNIX machine, at the command-line prompt, enter the following line: <server-root>/start-console

    The Sun Java System Server Console Login window appears.

  3. Authenticate yourself to the configuration directory.
  4. User ID. Type the administrator ID you specified when you installed Administration Server on your machine. You installed Administration Server either when you installed your first Sun Java System server or as a part of Directory Proxy Server installation.

    Password. Type the administrator password that you specified when you installed Administration Server on your computer during Directory Proxy Server installation.

    Administration URL. This field should show the URL to Administration Server. If it doesn't or if it doesn't have the URL of Administration Server that you want, type the URL in this field. The URL is based on the computer host name and the Administration Server port number you chose when you installed Directory Proxy Server. Use this format:

    http://<machine_name>.<your_domain>.<domain>:<port_number>

    For example, if your domain name is sun and you installed Administration Server on a host machine called myHost and specified port number 12345, the URL would look like this: http://myHost.sun.com:12345

  5. Click OK.
  6. The Sun Java System Server Console appears with a list of all the servers and resources under your control.

    Figure 4-3 Sun Java System Server Console: Accessing Directory Proxy Server
    Sun Java System Server Console listing all Servers and Applications under your control.

Opening the Appropriate Directory Proxy Server Console

In the Sun Java System Server Console, you will notice that there are two entries for Directory Proxy Server, one for the Directory Proxy Server instance node and another for the Directory Proxy Server Configurations node. The Directory Proxy Server instance node corresponds to the Directory Proxy Server instance and the Directory Proxy Server Configurations node corresponds to the configuration shared by multiple Directory Proxy Server instances.

Each node is associated with a GUI-based administration interface:

Opening the Directory Proxy Server Console

Once you have logged in to the Sun Java System Server Console, you can open the Directory Proxy Server Console: in the navigation tree of the Sun Java System Server Console, expand the hostname that contains the server group to which the Directory Proxy Server instance belongs, expand the Server Group node, select the entry that corresponds to the Directory Proxy Server instance of your interest, and click Open. The Directory Proxy Server Console opens (Figure 4-4).

Figure 4-4 Directory Proxy Server Console: Tasks

Directory Proxy Server Tasks tab.

The Directory Proxy Server Console to has two tabs—Tasks and Configuration—each addressing specific administrative areas.

The Tasks tab enables you to perform common tasks such as starting, stopping, restarting, and reloading the server, distributing or balancing load among various LDAP directories and manage certificates. For further information, see the following chapters:

The Configuration tab (Figure 4-5) enables you to view and modify the configuration for a particular instance.

Figure 4-5 Directory Proxy Server Console: Configuration

Directory Proxy Server Console Configuration tab.

The Settings and Encryptions tabs are related to how this specific instance of Directory Proxy Server is configured.

The Settings Tab (Figure 4-5) allows you to configure the following parameters:

Network. Displays the Host Name, Port, and SSL Port for this instance of Directory Proxy Server.

SSL/TLS. Displays the currently selected configuration from which Directory Proxy Server sends to and requires from SSL certificates from servers and clients. It also identifies the SSL/TLS versions for client to Directory Proxy Server and Directory Proxy Server to backend communication.

Connections. Displays the Directory Proxy Server connection backlog value, allows you to specify a maximum number of connections, and set connection pool timeout values.

Unix. Displays the UNIX user ID and working directory for this instance of Directory Proxy Server.

Settings saved as. Allows you to specify a Directory Proxy Server name value for the editing session currently displayed in the list box. You may also create a new or delete an old Directory Proxy Server configuration.

The Configuration tab encryption tab (Figure 4-6) enables you to view and modify the encryption settings.

Figure 4-6 Directory Proxy Server Console: Encryption

Directory Proxy Server Console Configuration Encryption tab.

The Encryption Tab allows you to configure the following parameters:

Refresh. Allows you to refresh the current screen values to see newly added certificates.

Enable SSL for this server. Enables SSL encryption for this instance of Directory Proxy Server.

Use the cipher family RSA. Enables you to set the Security Device, Certificate, and cipher settings for this instance of Directory Proxy Server.

See Creating System Configuration Instances for more information on setting encryption for your system.

Opening the Directory Proxy Server Configuration Editor Console

Open the Directory Proxy Server Configuration Editor Console, as follows:

  1. Select the Network Groups icon in shown Figure 4-6.
  2. Select a group configuration
  3. Click on Edit.

The Directory Proxy Server Configuration Editor Console window opens. The following figure shows the Directory Proxy Server Configuration Editor Console.

Figure 4-7 Directory Proxy Server Configuration Editor Console

Directory Proxy Server Configuration Editor Console.

The navigation tree on the left side contains nodes for each of Directory Proxy Server's basic configuration objects. Expanding one of the main nodes shows tree nodes for each of object subtype. Clicking a tree node displays a table on the right side containing all current objects of the type indicated by the selected tree node. Object tables whose ordering is important, for example, Network Groups, have a set of up and down buttons that allow individual objects to be raised or lowered in precedence.

Table 4-1 lists the configuration object types shown in the navigation tree.

Table 4-1 Configuration Objects in the Directory Proxy Server Configuration Editor Console  

Configuration Object Type

Description

Network Groups

Each Network Group object identifies a specific client community, and specifies the restrictions to enforce on clients that match that group. For details, see Creating and Managing Groups.

Events

Event objects are used to specify conditions that occur at predetermined states. Conditions can be attached to certain events, on which, if satisfied, Directory Proxy Server can take certain actions. For details, see Creating and Managing Event Objects.

Actions

Actions are used to specify actions to take when an event occurs. For details, see Creating and Managing Action Objects.

Properties

Properties are used to describe more specialized restrictions on the client. Each group object may include a set of properties defined by property objects. For details, see Defining and Managing Property Objects.



Previous      Contents      Index      Next     


Copyright 2004 Sun Microsystems, Inc. All rights reserved.