Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Portal Server, Secure Remote Access 6.1 Installation Guide

Chapter 2
Installing Sun ONE Portal Server, Secure Remote Access

This chapter includes instructions for installing gateway Portal Server, Secure Remote Access.

This chapter includes the following sections:

Overview

You can install Secure Remote Access on a Sun™ ONE Web Server or an application server.

You install it either with a clean installation of the Sun™ ONE Portal Server or on an existing installation of the portal server which was installed in open mode. Either way you will need to also install the gateway. You can also install Rewriter Proxy and Netlet Proxy if desired, but they are optional. For an explanation of the Secure Remote Access components, see "Component Descriptions and Nodes".

Note

The portal server must be installed before installing any of the Secure Remote Access components.

Installation Log File

A log of the installation is stored in /var/sadm/install/logs/pssetup.pid. When you start the installation script, it displays the complete name of the log. The log can be helpful if you are trying to diagnose a problem related to installation.

You can view the log file on a separate terminal window as the installation proceeds with the following command:

tail -f /var/sadm/install/logs/pssetup.pid

Using the ./pssetup script

During installation, the ./pssetup script requires information related to the portal server, such as the name of the machine where the portal server is installed, the domain, the sub-domain and the IP address. Use the "Installation Checklists".

Default answers for the installation questions are indicated in square brackets. For example: [y]/n indicates that y is the default.

Installing Secure Remote Access on a Web Server

    To Install Secure Remote Access on a Web Server
  1. Log in as root on the web server on which the portal server needs to be installed, or has been installed.
  2. Change directories to where the installation program is located. Use the following command:

    3. cd exact_path

  3. Type ./pssetup.

    4. The license agreement is displayed.

  4. Specify if you accept the license agreement. To accept, type yes.
  5. The installation script displays the Remove options menu.

    6. The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected componeets. You can choose the component that you want to remove.

    Caution

    Choosing Remove all uninstalls Sun™ ONE Directory Server and Sun™ ONE Identity Server. If the portal server is installed on the same machine, uninstalling these components will cause the portal server to stop functioning.

  6. Type the number corresponding to the Continue with install option.

    7. The Install options menu is displayed.

  7. Type the number corresponding to the desired install option.
  8. Choose Sun ONE Web Server for the deployment type.
  9. The installation script displays the installation summary. Type y to use these settings. Type n if you want to start from the beginning.

    10. Make the selections as determined in "Installation Checklists".

  10. Enter the required passwords.

    11. A user name is displayed for logging purposes.

    The installation is completed.

  11. Restart the web server.

Installing Secure Remote Access on an Application Server

You can install Secure Remote Access on the following application servers:

Sun ONE Application Server

    To Install Secure Remote Access on a Sun™ ONE Application Server
  1. Log in as root on the machine on which the portal server needs to be installed, or has been installed.
  2. Install the Sun™ ONE Application Server. Refer to “Appendix A” in the Sun ONE Portal Server 6.1 Installation Guide.
  3. Download the Sun™ ONE Application Server Secure Remote Access software into /tmp/ps-sra , unzip it, and run the tar extract command:

    4. gunzip -dc ps-sra-6.0-s1-us.sparc-sun-solaris8.tar.gz | /usr/bin/tar xvf -

  4. Change directories to where the installation program is located. Use the following command:

    5. cd exact_path

  5. Type ./pssetup.

    6. The license agreement is displayed.

  6. Specify if you accept the license agreement. To accept, type yes.
  7. The installation script displays the Remove options menu.

    8. The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected componeets. You can choose the component that you want to remove.

    Caution

    Choosing Remove all uninstalls Sun™ ONE Directory Server and Sun™ ONE Identity Server. If the portal server is installed on the same machine, uninstalling these components will cause the portal server to stop functioning.

  8. Type the number corresponding to the Continue with install option.

    9. The Install options menu is displayed.

  9. Type the number corresponding to “Install Portal Server”.
  10. Type the number corresponding to Sun ONE Application Server for the deployment type.
  11. The installation script displays the installation summary. Type y to use these settings. Type n if you want to start from the beginning.

    12. Make the selections as determined in "Installation Checklists".

  12. Enter the required passwords.

    13. A user name is displayed for logging purposes.

    The installation is completed.

  13. Replace the following mime mapping entry in each gateway profile, from something similar to:

    14. JAVASCRIPT=application/x-javascript

    to:

    JAVASCRIPT=application/x-javascript:text/javascript

  14. Save the profile.
  15. Restart the gateway.

    16. Modify /var/opt/SUNWappserver7/domains/domain1/server1/config/server.policy as follows:

    permission java.net.SocketPermission"*","connect,accept,listen,resolve"

    permission java.io.FilePermission"<<ALLFILES>>","read,write,execute,delete"

  16. Restart the application server.

Location of Files

Some of the files are placed in different directories.

The rewriter samples are accessed from a web browser using portal_server_URL/portal/samples/rewriter. These samples are described in the Sun ONE Portal Server, Secure Remote Access 6.1 Administrator’s Guide which lists their location as portal_server_URL/rewriter.

The MIME types configuration file is now in the InstallDir/SUNWps/samples/config/netfile directory. In a portal server installation not using the Sun™ ONE Application Server software, the MIME type configuration file is in the InstallDir/SUNWam/servers/instance_name/config director

Note

The Sun™ ONE Application Server console is not accessible through the gateway.

The Secure Remote Access gateway and Secure Remote Access Netfile do not work if the portal server is configured for session failover.

Setting Additional Parameters for Gateway Reliability

To achieve optimal performance using Secure Remote Access, configure your implementation as follows:

  1. Modify the /opt/SUNWappserver7/domains/domain1/server1/configAmConfig.properties file to set the notification threadpool size for the application server. At the top of the file just below the following lines:

    2. Sun, Sun Microsystems, the Sun logo, and iPlanet

    * are trademarks or registered trademarks of Sun Microsystems,

    * Inc. in the United States and other countries.

    add the following lines to set the threadpool size to 200:

    /*Notification Thread Pool Size*/ com.iplanet.am.notification.threadpool.size=200

  2. Log into the portal server admin console with the user name amadmin and the passphrase you entered during the installation.
  3. Select Service Management in the View menu.
  4. Select SRAP Configuration and then Gateway.
  5. Select the default server and click Edit.
  6. Check the Enable HTTP Connections checkbox.
  7. In the HTTP Port field, type 80 and click Save.
  8. Log in to the Sun ONE Application Server admin console as administrator (admin) by entering http://fullservername:port in your browser’s web address field. The default port is 4848. Use the password you entered at installation.
  9. Select the application server instance where you installed the identity server.
  10. Click JVM Settings and then JVM Options.
  11. In the JVM Option field, enter the following string:

    12. -Dhttp.keepAlive=false

  12. Click Add and then Save.
  13. Select the application server instance on which you will install portal server.

    14. The right pane shows that the configuration has changed.

  14. Click Apply Changes.
  15. Click Restart.
  16. The application server should automatically restart.
  17. On the server where the gateway is installed, go to the /opt/SUNWps/bin/perf directory and enter the following to run a script that will set tuning parameters for Secure Remote Access:

    18. ./srapperftune

  18. Modify the /opt/SUNWam/lib/AmConfig.properties file to set the notification threadpool size for the gateway. At the top of the file just below the following lines:

    19. Sun, Sun Microsystems, the Sun logo, and iPlanet

    * are trademarks or registered trademarks of Sun Microsystems,

    * Inc. in the United States and other countries.

    add the following lines to set the threadpool size to 200:

    /*Notification Thread Pool Size*/ com.iplanet.am.notification.threadpool.size=200

  19. Go to the /opt/SUNWps/bin directory and modify the gateway file to set the -Dhttp.keepAlive option to false and to increase the settings for the -Xms and -Xmx heap size options.

    20. By default, the srapperftune script sets the -Xms and -Xmx heap size options to 1024. In the line defining the CMD settings options, increase the default values defined for -Xms and -Xmx options to 2048 and add the string -Dhttp.keepAlive=false. For example, the correct lines would be:

    CMD="$JAVA_HOME/bin/java -server -Xms2048M -Xmx2048M -XX:+OverrideDefaultLibthread -XX:ThreadStackSize=128 -XX:MaxPermSize=128M -XX:PermSize=128M -XX:MaxNewSize=256M -XX:NewSize=256M -Dhttp.keepAlive=false -classpath ${CLASSPATH} $DEFINES $PROXY_DEFINES $INSTANCE_DEFINES com.sun.portal.netlet.eproxy.EProxy"

  20. Modify the /etc/opt/SUNWps/platform.conf.default file to set the gateway.protocol parameter to http and the gateway.port parameter to port 80 as follows:

    21. gateway.protocol= http

    gateway.port=80

  21. Restart the gateway for the changes to take effect by typing the following command:

    22. InstallDir/SUNWps/bin/gateway -n default start

    where default is the default gateway profile created during installation.

BEA Application Server

    To Install Secure Remote Access on the BEA Application Server
  1. Log in as root on the web server on which the portal server needs to be installed, or has been installed.
  2. Install the WebLogic Application Server. Refer to “Appendix B” in the Sun ONE Portal Server 6.1 Installation Guide.
  3. Download the BEA WebLogic application server software for Secure Remote Access, unzip it, and run the tar extract command:

    4. gunzip -dc ps-sra-6.0-bea-us.sparc-sun-solaris8.tar.gz | /usr/bin/tar xvf -

  4. Change directories to where the installation program is located. Use the following command:

    5. cd exact_path

  5. Type ./pssetup.

    6. The license agreement is displayed.

  6. Specify if you accept the license agreement. To accept, type yes.
  7. The installation script displays the Remove options menu.

    8. The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected componeets. You can choose the component that you want to remove.

    Caution

    Choosing Remove all uninstalls Sun™ ONE Directory Server and Sun™ ONE Identity Server. If the portal server is installed on the same machine, uninstalling these components will cause the portal server to stop functioning.

  8. Type the number corresponding to the Continue with install option.

    9. The Install options menu is displayed.

  9. Type the number corresponding “Install Portal Server”.
  10. Type the number corresponding to BEA WebLogic for the deployment type.
  11. The installation script displays the installation summary. Type y to use these settings. Type n if you want to start from the beginning.

    12. Make the selections as determined in "Installation Checklists".

  12. Enter the required passwords.

    13. A user name is displayed for logging purposes.

  13. The installation is completed.
  14. Restart the application server.

Location of files

Some of the files are placed in different directories when using Secure Remote Access with the BEA WebLogic Server software.

The rewriter samples are accessed from a web browser using portal_server_URL/portal/samples/rewriter. These samples are described in the Sun ONE Portal Server, Secure Remote Access 6.1 Administrator’s Guide, which lists their location as portal_server_URL/rewriter.

The MIME types configuration file is now in the InstallDir/SUNWps/samples/config/netfile directory. In a portal server installation not using the WebLogic software, the MIME type configuration file is in the InstallDir/SUNWam/servers/instance_name/config directory.

Note

The WebLogic console is not accessible through the gateway.

The Secure Remote Access gateway and Secure Remote Access Netfile do not work if the portal server is configured for session failover.

IBM Application Server

    To Install Secure Remote Access on the IBM Application Server
  1. Log in as root on the machine on which the portal server needs to be installed, or has been installed.
  2. Install the WebSphere application server. Refer to “Appendix C” in the Sun ONE Portal Server 6.1 Installation Guide.
  3. Download the IBM WebSphere software for Secure Remote Access to /tmp/ps-sra, unzip it, and extract the files:

    4. unzip ps-sra-6.0-ibm-us.sparc-sun-solaris8.zip

  4. Change directories to where the installation program is located. Use the following command:

    5. cd exact_path

  5. Type ./pssetup.

    6. The license agreement is displayed.

  6. Specify if you accept the license agreement. To accept, type yes.
  7. The installation script displays the Remove options menu.

    8. The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected componeets. You can choose the component that you want to remove.

    Caution

    Choosing Remove all uninstalls Sun™ ONE Directory Server and Sun™ ONE Identity Server. If the portal server is installed on the same machine, uninstalling these components will cause the portal server to stop functioning.

  8. Type the number corresponding to the Continue with install option.

    9. The Install options menu is displayed.

  9. Type the number corresponding to the “Install Portal Server”.
  10. Type the number corresponding to IBM WebSphere for the deployment type.
  11. The installation script displays the installation summary. Type y to use these settings. Type n if you want to start from the beginning.

    12. Make the selections as determined in "Installation Checklists".

  12. Enter the required passwords.

    13. A user name is displayed for logging purposes.

  13. The installation is completed.
  14. When downloading the Netfile, NetMail and Netlet applet archives, the content-type is set to text/html in the response header. You need to explicitly associate the .jar and .cab extension to mime type application/octet-stream in the portal web application deployment descriptor file. By default, the deployment descriptor file is located at:

    15. /opt/WebSphere/AppServer/installedApps/Portal URI.ear/portal.war/WEB-INF/web.xml

  15. Add the following lines to the file after the line containing:

    16. </session-config>:

    <mime-mapping>

    <extension>jar</extension>

    <mime-type>application/octet-stream</mime-type>

    </mime-mapping>

    <mime-mapping>

    <extension>cab</extension>

    <mime-type>application/octet-stream</mime-type>

    </mime-mapping>

Note

During migration the mime mappings configuration necessary for the Secure Remote Access product are removed. These mapping need to be added again after migration is done.

  1. Restart the application server.

Location of File

Some of the files are placed in different directories when using Secure Remote Access with the IBM WebShpere Server software.

The rewriter samples are accessed from a web browser using portal_server_URL/portal/samples/rewriter. These samples are described in the Sun ONE Portal Server, Secure Remote Access 6.1 Administrator’s Guide, which lists their location as portal_server_URL/rewriter.

The MIME types configuration file is now in the InstallDir/SUNWps/samples/config/netfile directory. In a portal server installation not using the IBM WebSphere Server software, the MIME type configuration file is in the InstallDir/SUNWam/servers/instance_name/config directory.

Note

The WebSphere server console is not accessible through the gateway.

The gateway and NetFile do not work if the portal server is configured for session failover.

Installing the Gateway on the Portal Server Node

This procedure assumes that portal server is already installed on the machine.

When using Portal Server with the gateway, the gateway Certificate Authority (CA) certificate must be added to Portal Server trusted CA list, regardless of whether Portal Server is running in HTTP or HTTPs mode.

When a user session time out or user session logout action happens, the identity server sends a session notification to the gateway. Even when Identity Server is running in HTTP mode, it will act as an SSL client using HttpsURLConnection to send the notification. Since it is connecting to an SSL server (the gateway), it should have the gateway CA certificate as part of the Trusted CA list or it should have an option to allow self signed certificates.

Note

The method for adding the CA to the trusted CA list depends on the protocol handler defined.

To configure the gateway with the portal server in SSL mode, the CA certificate for the web server hosting the portal server needs to be added to the gateway’s certificate database. Use the certadmin tool to export the CA certificate from the web server and add it to the gateway’s certificate database. See Chapter 4, "Installing SSL Certificates" for more information.

    To Install the Gateway on the Portal Server Node
  1. Log in as root on the machine where Sun™ ONE Portal Server has been installed.
  2. Change directories to where the installation program is located:

    3. cd exact_path

  3. Type ./pssetup

    4. The license agreement is displayed.

  4. Specify if you accept the license agreement. To accept, type yes.
  5. The installation script displays the Remove options menu.

    6. The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected components. You can choose the component that you want to remove.

    Caution

    Choosing Remove all uninstalls the directory server and the identity server. If the portal server is installed on the same machine, uninstalling these components will cause the portal server to stop functioning.

  6. Type the number corresponding to the Continue with install option.

    7. The Install options screen is displayed.

  7. Choose the option to install the gateway.

    8. The gateway installation summary appears.

    The installation summary is obtained from the details provided during the installation of the portal server.

  8. Type n if you do not want to use the settings displayed in the gateway installation summary. Type y to continue installing with the displayed settings.
  9. If you chose n in step 8, the installation prompts you for details.

    10. See the Checklist for Installing Gateway on a Separate Node for details.

  10. The installation script displays the new gateway installation summary. Type y to use these settings. Type n if you want to start from the beginning.
  11. If you chose y in step 10, the gateway installation is completed.

    12. The Install options screen is displayed again. You can choose to install another component or exit from the installation.

Installing the Netlet Proxy on the Portal Server Node

The gateway ensures a secure communication channel between the remote client machine and the gateway. Netlet Proxy extends this secure communication channel from the client, through the gateway to Netlet Proxy that resides in the intranet. This restricts the number of open ports in a firewall between the demilitarized zone (DMZ) and the intranet.

Note

Netlet Proxy is optional and you may choose not to install this proxy during the installation. You can also choose to install the Netlet Proxy on a separate node. See "Installing the Netlet Proxy on a Separate Node" on page 63.

To configure the Netlet Proxy with the portal server in SSL mode, the CA certificate of the portal server’s web server needs to be added to the Netlet Proxy’s certificate database. Use the certadmin tool to create a certificate database for the Netlet Proxy, and export the CA certificate from the web server to the Netlet Proxy’s certificate database.

    To Install the Netlet Proxy on the Portal Server Node
  1. Log in as root on the machine where the portal server has been installed.
  2. Change directories to where the installation program is located:

    3. cd exact_path

  3. Type ./pssetup.

    4. The license agreement is displayed.

  4. Specify if you accept the license agreement. To accept, type yes.
  5. The installation script displays the Remove options menu.

    6. The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected components. You can choose the component that you want to remove.

    Caution

    Choosing Remove all uninstalls the directory server and the identity server. If the portal server is installed on the same machine, uninstalling these components will cause the portal server to stop functioning.

  6. Type the number corresponding to Continue with install.

    7. The installation script displays the Install options menu.

  7. Type the number corresponding to Install Netlet Proxy.

    8. The JDK installation summary and the Netlet Proxy installation summary are displayed.

  8. Choose y to continue installing the Netlet Proxy with the displayed settings. Choose n to change some of the settings.
  9. If you chose n in step 8, the installation prompts you again for details.

    10. See the "Checklist for Installing the Netlet Proxy on a Portal Server Node" for details.

  10. The installation script displays the new Netlet Proxy installation summary. Type y to use these settings. Type n if you want to start from the beginning.

    11. The Netlet Proxy installation is completed when you type y.

    The Install options screen is displayed again. You can choose to install another component or exit from the installation.

Installing the Rewriter Proxy on the Portal Server Server Node

Install the Rewriter Proxy to redirect HTTP requests to the Rewriter Proxy instead of directly to the destination host. The Rewriter Proxy in turn sends the request to the destination server.

If you do not specify a proxy, the gateway component makes a direct connection to intranet computers when a user tries to access one of those intranet computers.

Note

You can install the Rewriter Proxy only on the portal server node. The basic purpose of the Rewriter Proxy is to extend the secure connection from the gateway to the portal server. This purpose is not achieved if the Rewriter Proxy is installed on any node other than the portal server node.

The option to install the Rewriter Proxy is available only if the portal server is already installed on the machine.

To configure the Rewriter Proxy with the portal server in SSL mode, the CA certificate of the portal server’s web server needs to be added to the Rewriter Proxy’s certificate database. Export the CA certificate from the web server and add it to the Rewriter Proxy’s certificate database using the certadmin tool.

This procedure asks you if you want to install a self-signed certificate. If you choose yes, the install script prompts you for certificate-related details such as the organization name and division name. If you choose to install your own certificate at a later point, the details are not asked, but a certificate database is still created.

    To Install the Rewriter Proxy on the Sun™ ONE Portal Server
  1. Log in as root on the machine where the portal server has been installed.
  2. Change directories to where the installation program is located. Use the following command:

    3. cd exact_path

  3. Type ./pssetup.

    4. The license agreement is displayed.

  4. Specify if you accept the license agreement. To accept, type yes.
  5. The installation script displays the Remove options menu.

    6. The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected components. You can choose the component that you want to remove.

    Caution

    Choosing Remove all uninstalls the directory server and the identity server. If the portal server is installed on the same machine, uninstalling these components will cause the portal server to stop functioning.

  6. Type the number corresponding to Continue with install.

    7. The installation script displays the Install options menu.

  7. Type the number corresponding to Install Rewriter Proxy.

    8. The JDK installation summary and the Rewriter Proxy installation summary are displayed.

  8. Choose y to continue installing the Rewriter proxy with the displayed settings. Choose n to change some of the settings.
  9. If you chose n in step 8, the installation prompts you for details.

    10. See the "Checklist for Installing the Rewriter Proxy" for details.

  10. The installation script displays the new Rewriter Proxy installation summary. Type y to use these settings. Type n if you want to start from the beginning.

    11. The Rewriter Proxy installation is completed when you type y.

    The Install options screen is displayed again. You can choose to install another component or exit from the installation.

Installing the Gateway on a Separate Node

The gateway should be installed on a machine other than the portal server machine.

When using Portal Server with the gateway, the gateway Certificate Authority (CA) certificate must be added to Portal Server trusted CA list, regardless of whether Portal Server is running in HTTP or HTTPs mode.

When a user session time out or user session logout action happens, the identity server sends a session notification to the gateway. Even when Identity Server is running in HTTP mode, it will act as an SSL client using HttpsURLConnection to send the notification. Since it is connecting to an SSL server (the gateway), it should have the gateway CA certificate as part of the Trusted CA list or it should have an option to allow self signed certificates.

Note

The method for adding the CA to the trusted CA list depends on the protocol handler defined.

To configure the gateway with the portal server in SSL mode, the CA certificate for the web server hosting the portal server needs to be added to the gateway’s certificate database. Use the certadmin tool to export the CA certificate from the web server and add it to the gateway’s certificate database. See Chapter 4, "Installing SSL Certificates" for more information.

This procedure asks you if you want to install a self-signed certificate. If you choose yes, the install script prompts you for certificate-related details such as the organization name and division name. If you choose to install your own certificate at a later point, the details are not asked, but a certificate database is still created.

Caution

For security reasons, no other software should be installed on the same machine as the gateway machine.

    To Install Gateway on a Separate Node
  1. Log in as root on the machine where you want to install the gateway component.
  2. Change directories to where the installation program is located. Use the following command:

    3. cd exact_path

  3. Type ./pssetup.

    4. The license agreement is displayed.

  4. Specify if you accept the license agreement. To accept, type yes.

    5. The installation script displays the Install options.

  5. Type the number corresponding to the Install gateway option.

    6. The installation prompts you for details. See the "Checklist for Installing Gateway on a Separate Node" for details.

    The Install options screen is displayed again. You can choose to install another component or exit from the installation.

Installing the Netlet Proxy on a Separate Node

The Netlet Proxy can be installed on the portal server node or on a separate node (a node without portal server)

Note

You cannot install Netlet Proxy on the same machine as the gateway. The main purpose of the Netlet Proxy is to restrict the number of open ports between the gateway and the portal server to 1. Installing Netlet Proxy on the gateway machine will result in multiple ports being opened in the firewall between the gateway and portal server.

You can install the Netlet Proxy on a portal server machine, and choose a portal server installation on a different machine for the Netlet Proxy to work with.

To configure the Netlet Proxy with the portal server in SSL mode, the CA certificate of the portal server’s web server needs to be added to the Netlet Proxy’s certificate database. Use the certadmin tool to create a certificate database for the Netlet Proxy, and export the CA certificate from the web server to the Netlet Proxy’s certificate database.

    To Install Netlet Proxy on a Separate Node
  1. Log in as root on the machine where the portal server has been installed.
  2. Change directories to where the installation program is located:

    3. cd exact_path

  3. Type ./pssetup.

    4. The license agreement is displayed.

  4. Specify if you accept the license agreement. To accept, type yes.

    5. The installation script displays the Install options.

  5. Type the number corresponding to the Install Netlet Proxy option.

    6. The installation prompts you for details. See the "Checklist for Installing Portal Server on Application Servers and Sun™ ONE Web Server" for details.

    The Install options screen is displayed again. You can choose to install another component or exit from the installation.

Installing Secure Remote Access Support

When you install the portal server, the Secure Remote Access support product is also installed.

Secure Remote Access is available as a separate option on the portal servers that have been installed in open mode (without Secure Remote Access).

    To Install Secure Remote Access Support on a Portal Server in Open Mode
  1. Log in as root on the machine on which the portal server needs to be installed, or has been installed.
  2. Change directories to where the installation program is located. Use the following command:

    3. cd exact_path

  3. Type ./pssetup.

    4. The license agreement is displayed.

  4. Specify if you accept the license agreement. To accept, type yes.
  5. The installation script displays the Remove options menu.

    6. The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected componeets. You can choose the component that you want to remove.

    Caution

    Choosing Remove all uninstalls the directory server and the identity server. If the portal server is installed on the same machine, uninstalling these components will cause the portal server to stop functioning.

  6. Type the number corresponding to the Continue with install option.

    7. The Install options menu is displayed.

  7. Type the number corresponding to the desired install option.
  8. If you chose to install the portal server, choose the deployment type.
  9. The installation script displays the installation summary. Type y to use these settings. Type n if you want to start from the beginning.
  10. Enter the required passwords.

    11. A user name is displayed for logging purposes.

    The installation is completed.

    Note

    WebNFS is required for NetFile support. If WebNFS does not already exist on the machine, it is installed as part of Secure Remote Access support.

Installing Secure Remote Access Migration Tools

To migrate the gateway components from previous versions to Sun ONE Portal Server, Secure Remote Access 6.1, install the Secure Remote Access migration tools.

Note

If a standalone gateway is installed, and you need to migrate certificates on the gateway machine, install the SRA Migration Tools on the gateway machine. Otherwise, you can install the SRA Migration Tools on the portal server machine.

    To Install the Secure Remote Access Migration Tools
  1. Log in as root on the machine where the portal server has been installed.
  2. Change directories to where the installation program is located:

    3. cd exact_path

  3. Type ./pssetup.

    4. The license agreement is displayed.

  4. Specify if you accept the license agreement. To accept, type yes.

    5. The installation script displays the Install options.

  5. Type the number corresponding to the Install SRA Migration Tools option.

    6. If you have not installed the portal server migration yools, you are prompted for the base directory in which to install the SRA migration tools.

    If you have installed the portal server migration tools, no questions are asked. The SRA Migration Tools are installed in the same directory as the portal server migration tools.

    The Install options screen is displayed again. You can choose to install another component or exit from the installation.

Post Installation Tasks

After installation, do the following to start the gateway and perform the required tasks:

    To Start the Gateway
  1. Start the gateway using the following command:

    2. InstallDir/SUNWps/bin/gateway -n new_ profile_name start

    default is the default gateway profile that is created during installation. You can create your own profiles later, and restart the gateway with the new profile. See “Creating a Gateway Profile” in Chapter 2, Administering Gateway in the Sun ONE Portal Server, Secure Remote Access 6.1 Administrator’s Guide.

    If you have multiple gateway instances, use:

    InstallDir/SUNWps/bin/gateway start

    This command starts all the gateway instances configured on that particular node.

    InstallDir/SUNWps/bin/gateway stop

    This command stops all the gateway instances that are running on that particular node.

    Caution

    Ensure that only the configuration files for the instances that you want to start are in the /etc/opt/SUNWps directory.

    Note

    This step is not required if you chose y for the "Start Gateway after installation" option during the gateway installation.

  2. Run the following command to check if the gateway is running on the specified port:

    3. netstat -an | grep port_number

    where the default gateway port is 443.

    If the gateway is not running, start the gateway in the debug mode, and view messages that are printed on the console. Use the following command to start the gateway in debug mode:

    InstallDir/SUNWps/bin/gateway -n profilename start debug

    Also view the log files after setting the gateway.debug attribute in the platform.conf.profilename file to message. See the section “Understanding the platform.conf File” in Chapter 2, Administering Gateway in the Sun ONE Portal Server, Secure Remote Access 6.1 Administrator’s Guide, for details.

  3. Run the portal server in secure mode by typing the gateway URL in your browser:

    4. https://gateway_machine name:portnumber

    If you have chosen the default port (443) during installation, you need not specify the port number.

    Note

    Before starting the Netlet Proxy and the Rewriter Proxy, ensure that the gateway profile is updated with the Netlet Proxy and the Rewriter Proxy options.

  4. Login to the directory server admin console as administrator using the username amadmin, and using the password specified during installation.

You can now create new organizations, roles, and users and assign required services and attributes in the admin console.

Caution

Ensure that you enable the Access List service for all users, to allow access through the gateway.



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.