| Sun ONE Portal Server, Secure Remote Access 6.1 Administrator's Guide |
Glossary
access control Implements the privileges granted by authorization.
address In networking, a unique code that identifies a node to the network. Names like host1.siroe.com are translated to "dotted quad" addresses (1.2.3.4) by the Domain Name Service. (DNS).
administration console The administrator’s Sun™ ONE Identity Server graphical user interface to Sun™ ONE Portal Server .
API Application Program Interface, a set of calling conventions or instructions defining how programs invoke services in existing software packages.
applet A program written in the Java™ programming language to run within a Web browser. An example would be the Java front end to the portal server’s NetMail and NetFile applications.
attribute Defines the parameters that an Identity Server service provides to an organization. The attributes that make up an Identity Server service are classified as one of the following: Dynamic, Policy, User, Organization, or Global. Using these types to subdivide the attributes in each service allows for a more consistent arrangement of the service schema and easier management of the service parameters.
ASP Access Service Provider. A company that, for a fee, provides access to applications that users can run without owning their own copies. See Internet Service Provider (ISP).
authentication The process of verifying a user’s identity.
authentication module An authentication module controls a specific authentication process. For example, Sun™ ONE Portal Server software provides authentication modules for Microsoft Windows NT, UNIX, S/key, and others, as well as opening the authentication API so other authentication modules can be written as needed.
authorization The process of granting specific access privileges to a user. Authorization is based on authentication and enforced by access control.
CA See Certificate Authority.
cache In Web browsers, the archive of recently visited Web pages, graphics, or other files that is stored in memory or on users’ disks.
CDP See Certificate Discovery Protocol.
certificate A set of data that identifies a person, machine, or application.
certificate identifier (ID) Generic term used to identify a particular self-generated or issued certificate. It effectively decouples the identification of a key for purposes of key lookup and access control from issues of network topology, routing, and IP addresses.
Certificate Authority (CA) Trusted network entity that digitally signs a certificate containing information that identifies the user; such as the user’s name, the issued certificate, and the certificate’s expiration date. VeriSign is one of the best known CAs.
channel In the portal server Desktop, a channel consists of a provider and configuration. Channels generate content which can consist of markup fragments, a frameset, an HTML page, and so on. Channel content is often aggregated with other channel content to form a portal Desktop.
cipher See encryption algorithm.
component An application or a service in portal server. Components have attributes and privileges, much like users.
content filtering Practice of allowing or disallowing traffic based on the content of the data being sent.
content provider A Java class that can write HTML content to a mini-frame in the desktop. Content providers are used to create information in specific areas of a user's desktop.
cookie General mechanism that server-side connections can use to store and retrieve information on the client side of the connection. Cookies are small data files written to a user’s hard drive by some Web sites when viewed in a Web browser. These data files contain information that the site can use to track things such as passwords, lists of pages visited, and the date when a certain page was last viewed.
customization The ability to change preferences in the portal such as content received, layout, and color (that is, user-driven). It can also refer to the ability to modify the UI or order of menu events.
data compression Application of an algorithm to reduce the space required to store or the bandwidth required to transmit data.
decryption Process of decrypting information that has been encrypted. See encryption.
demilitarized zone (DMZ) Small protected network between the public Internet and a private intranet, usually demarcated with firewalls on both ends. This area is used to provide limited public access to resources such as Web servers, FTP servers, and other information resources.
Desktop What the user sees on the screen. In the case of portal server, it is the HTML presentation of the portal. This usually includes a preferred set of applications and access privileges.
digital signatures Data added to a document to identify the sender using a public-key encryption scheme.
directory server A server that serves out information about people and resources within an organization from a logically centralized repository. See also Lightweight Directory Access Protocol (LDAP), Sun™ ONE Directory Server, and Sun™ ONE Identity Server.
DMZ See demilitarized zone.
DNS See Domain Name Service
domain The last part of a fully qualified domain name that identifies the company or organization that owns the domain name (for example, siroe.com, host.siroe.uk).
Domain Name Service A distributed name and address lookup mechanism used to translate domain names (siroe.com) to IP addresses (10.23.134.24). It also allows reverse lookup, to translate IP addresses back into names.
encryption Process of protecting information from unauthorized use by making the information unintelligible. Some encryption methods employ codes, called keys, which are used to encrypt the information. Contrast with decryption.
encryption algorithm The method or standard that is used to encrypt the information. Some of the common encryption algorithms are RC4 and RC6.
Refers to the person serviced by the customer (for example, a corporate employee).
Extensible Markup Language (XML) XML, a programming language, is essentially a simplified version of SGML that enables Web developers to create customized tags that will organize and deliver content more efficiently. XML is a metalanguage, containing a set of rules for constructing other markup languages. By enabling people to create their own tags, it expands the amount and kinds of information that can be provided about the data held in documents.
File Transfer Protocol (FTP) A file transfer protocol often used on TCP/IP networks to copy files to and from remote computers.
firewall Computer situated between an internal network and the rest of the network, and filters data packets according to user-specified criteria. Firewalls are normally used to protect systems on one side from unauthorized access by users on the other side.
FTP See File Transfer Protocol
fully qualified domain name (FQDN) The complete domain name of a system, including the host name, network name if applicable, and domain; for example host1.siroe.com.
gateway A system that provides and controls connections to another network. The gateway in the portal server is part of Secure Remote Access. See VPN.
host Name of a device on a TCP/IP network that has an IP address.
HTML Hypertext Markup Language. A file format, based on SGML, for hypertext documents on the Internet.
HTTP Hypertext Transfer Protocol, which describes how Web browsers and Web servers exchange information. See URL.
HTTPS Hypertext Transfer Protocol Secure, which describes the use of HTTP over an SSL connection, usually on port 443.
ICMP Internet Control Message Protocol. IP protocol that handles errors and control messages, to enable routers to inform other routers (or hosts) of IP routing problems or make suggestions of better routes. See ping.
IMAP Internet Message Access Protocol allows remote access to mailboxes and folders. IMAP clients usually leave some or all messages and folders on the server, unlike POP, in which all messages are downloaded.
Internet Protocol Protocol within TCP/IP suite used to link networks worldwide, developed by the United States Department of Defense and used on the Internet. The prominent feature of this suite is the IP protocol.
IP See Internet Protocol.
iPlanet Compass Server iPlanet's technology to improve user access to network resources typically used with iPlanet Portal Server 3.0. Sun™ ONE Portal Server 6.0 and higher contains a tightly integrated Search Engine which provides the functionality that iPlanet Compass Server provided with iPlanet Portal Server 3.0.
Sun™ ONE Identity Server Provides user and service configuration, authentication, and single-sign-on services, policy management, logging services, debug utility, the admin console, and client support interfaces for the portal server.
ISP Internet Service Provider. A company providing Internet access. This service often includes a phone number access code, username, and software—all for a provider fee.
issued certificate Certificate that is issued by a Certificate Authority. See self-generated certificate.
ISV Independent Software Vendor. Third-party software developer.
J2ME See Java 2 Platform, Micro Edition.
JATO A library for converting between Java and XML.
Java Object-oriented, platform-independent programming language developed by Sun Microsystems to solve a number of problems in modern programming practice.
Java 2 Platform, Micro Edition (J2ME) Small application environment suitable for mobile devices.
Java Development Kit (JDK) Software tools used to write Java applets or application programs.
JDK See Java Development Kit.
JSP Java Server Page.
JSS See Network Security Services for Java.
key Code for encrypting or decrypting data.
LAN Local area network, a private network at a single location. Multiple LANs can be interconnected to form a WAN.
LDAP Data Interchange Format (LDIF) The format used to represent directory server entries in text form.
Lightweight Directory Access Protocol (LDAP) Directory service protocol designed to run over TCP/IP and across multiple platforms. A simplification of the X.500 Directory Access Protocol (DAP) that allows a single point of management for storage, retrieval, and distribution of information, including user profiles, distribution lists, and configuration data across Sun ONE servers. The directory server uses the LDAP protocol.
load balancer A load balancer controls connections to multiple gateway machines to allow approximately equivalent loads on each of the available systems.
NetFile Java-based file server application that enables users remote access to file systems as well as enabling remote operations on files and directories. This component is available with the Sun™ ONE Portal Server, Secure Remote Access software.
Netlet A Java applet used in the portal server to allow any TCP/IP-based applications to securely connect to servers through an authenticated portal server connection. This component is available with Secure Remote Access.
NFS™ Network File System. A file system distributed by Sun Microsystems that enables a set of computers to cooperatively access each others files in a transparent manner.
node A transfer point within a network. Data is passed from node to node in a network until the data reaches its final destination. Used interchangeably with machine.
organization In Identity Server, an object that represents the top level of a hierarchical structure used by an enterprise to manage its departments and resources. Upon installation, the identity server dynamically creates a top-level organization (default o=isp) to manage the identity server enterprise configurations. Additional organizations can be created after installation to manage separate enterprises. All created organizations fall beneath the top-level organization. See also suborganization.
passphrase Collection of characters used in a similar manner to, although typically longer than, a password. See password.
password Unique string of characters that a user types as an identification code; a security measure to restrict access to computer systems and sensitive files.
personal digital certificate (PDC) An electronic certificate attached to a message that authenticates a user. A personal digital certificate can be created by correctly entering a user ID and password, or by using an SSL certificate request that in turn uses the security certificate of the server through which the user is connected. PDCs are issued by a Certification Authority (CA) and signed with the CA's private key. The CA validates the identity of a requesting body before issuing a certificate. Thus the presence of a PDC is a very powerful mechanism of authentication.
PDC See personal digital certificate.
POP Post Office Protocol. Defines a mechanism with which Internet users can connect to and download their waiting email messages.
PPP See Point-to-Point Protocol.
port The location (or socket) to which TCP/IP connections are made. Web servers traditionally use port 80, while FTP uses port 21 and telnet uses port 23. the portal server uses some special ports, particularly on client systems, to securely communicate through the portal server session to servers.
portal A “doorway” or entry point to a set of resources that an enterprise wants to make available to the portal’s users. For some consumer portals, the set of resources includes the entire World Wide Web, but for most enterprises, the set of resources includes information, applications, and other resources that are specific to the relationship between the user and the enterprise. The portal server Desktop is the application used to generate the portal in the portal server.
portal node A physical machine that is running the portal server.. Also called a “host.”
privilege A type of access right that is granted to a user, a set of users, or a resource that is specified by the particular type of authorization implemented.
protocol A formal description of messages to be exchanged and rules to be followed for two or more systems to exchange information.
provider The programmatic aspect of a channel. Adding configuration data to a provider differentiates it into an instance of a channel. A provider is a Java class and is responsible for converting the content in a file, or the output of an application or service into the proper format for a channel. A number of providers are shipped with the Portal Server, Secure Remote Access including a bookmark provider, an application provider, and a notes provider. As the Desktop is imaged, each provider is queried in turn for the content of its associated channel. Some providers are capable of generating multiple channels based upon their configuration.
Examples of content providers include the UserInfoProvider and BookmarkProvider. Examples of container providers include the TabContainerProvider and SingleContainerProvider. Examples of leaf providers include the JSPProvider, XMLProvider, URLScraperProvider and SimpleWebServicesProvider.proxy An intermediary program that makes and services requests on behalf of clients. Proxies act as servers and clients in turn and are used to control the content of various network services. See reverse proxy.
preference A user-specified choice about what displays or does not appear on the desktop, and how it displays, or other traits such as timeout settings.
private network A network of computers that is inaccessible unless you have appropriate access privileges. Private networks may be as small as a one-office LAN or as large as a multi-country enterprise network. See also public network.
privilege A type of access right that is granted to a user, a set of users, or a resource that is specified by the particular type of authorization implemented.
profile The attributes and privileges for a portal server entity, such as user, role, domain, or component.
profile server A special segment of portal server that is devoted to storing profile information.
protocol A formal description of messages to be exchanged and rules to be followed for two or more systems to exchange information.
provider A Java class that can write HTML content to a mini-frame in the desktop. Providers (also called content providers) are used to create information in specific areas of a user’s desktop.
proxy An intermediary program that makes and services requests on behalf of clients. Proxies act as servers and clients in turn, and are used to control the content of various network services. See reverse proxy.
public-key certificate A data structure containing a user’s public key, as well as information about the time and date during which the certificate is valid.
public-key cryptography Also known as asymmetric key cryptography. In public-key cryptosystems, everyone has two related complementary keys: a publicly revealed key and a secret key (also called a private key). Each key unlocks the code that the other key makes. Knowing the public key does not help you deduce the corresponding secret key. The public key can be published and widely disseminated across a communications network. This protocol provides privacy without the need for the secure channels that a conventional cryptosystem requires.
public network Like the Internet, a public network carries traffic from a variety of companies, individuals, and sources and is inherently insecure. Contrast with private network.
reverse proxy A proxy which performs bi-directional URL rewriting and translation between clients and servers. Unlike a proxy, which exists at the client side, a reverse proxy exists at the server side of the network. In the portal server, the reverse proxy exists on the gateway.
Rewriter The Rewriter provides a Java class library for rewriting URL references in various web languages such as HTML, Javascript, and XML and in HTTP location headers (redirections). The Rewriter defines an identity server service for storing rules that define how rewriting is to be done and the data to be rewritten. The Rewriter also includes an admin console module for editing these rules.
role Defines all aspects of a user’s experience when running in the portal server environment. A role can correspond to a job title (such as manager, engineer, and sales) or can be defined in other ways, such as a full member of a working group or an observer. A role determines what a user sees and can use on the desktop.
Secure Socket Layer (SSL) A form of secure, low-level encryption that is used by other protocols such as HTTP and FTP. The SSL protocol includes provisions for server authentication, encryption of data in transit, and optional client authentication. The version used in the portal server uses RSA’s public and private key encryption, as well as a digital certificate.
self-generated certificate Public key value only used when entities are named using the message digest of their public value, and when these names are securely communicated. See issued certificate.
Server Message Block (SMB) protocol A protocol that provides a method for client applications in a computer to read and write to files on and to request services from server programs in a computer network. The SMB protocol can be used over the Internet on top if its TCP/IP protocol or on top of other network protocols such as Internetwork Packet Exchange and NetBEUI. The portal server uses SMB for NetFile.
session A portal server session is a sequence of interactions between a user and one or more applications, starting with login and ending with logout or timeout.
session key Common cryptographic technique to encrypt each individual conversation between two people with a separate key.
SGML See Standard Generalized Markup Language.
shared-key cryptography Also known as symmetric key cryptography. Cryptography where each party must have the same key to encrypt or decrypt ciphertext.
Simple Mail Transfer Protocol (SMTP) The email protocol most commonly used by the Internet and the protocol supported by the Sun™ ONE Messaging Server product. Defined in RFC 821, with associated message format descriptions in RFC 822.
Simple Network Management Protocol (SNMP) Network management protocol that enables a user to monitor and configure network hosts remotely.
Simple Object Access Protocol (SOAP) A lightweight protocol for exchange of information in a decentralized, distributed environment. SOAP is an XML-based protocol.
single sign-on (SSO) The ability for a user to authenticate once and gain access to multiple services.
SMB protocol See Server Message Block protocol.
SMTP See Simple Mail Transfer Protocol.
SMTP proxy A variant of SMTP that sends messages from one computer to another on a network and is used on the Internet to route email.
SNMP See Simple Network Management Protocol.
SSL See Secure Socket Layer.
SSL Certificate An electronic token that means you or a vendor have given approval to encrypt and decrypt your secure transactions, using PKI. You create a self-signed SSL Certificate when you install the portal server. However, you can also obtain an SSL Certificate from a certificate vendor who authorizes secure communications services over the Internet.
SSO See single sign-on.
Standard Generalized Markup Language (SGML) Method of tagging a document to apply to many format elements.
static web content Refers to static HTML files, images, applet JAR files, and anything else that can be served up directly by the web server without using the Java web container. For the portal server, this gets installed in the web server (same place as dynamic web application).
subdomain The next-to-last part of a fully qualified domain name that identifies the division or department within a company or organization that owns the domain name (for example, support.siroe.com, sales.siroe.com); not always specified.
suborganization IIdentity Server, an object created under an organization and used by an enterprise for more granular control of its departments and resources. For example, when setting up your portal server, you might create a suborganization called mycompany under the top-level object isp.
Sun™ ONE Directory Server Provides the primary configuration and user profile data repository for the portal server. It is installed by the identity server if it is not already installed on the portal server system.
Sun™ ONE Portal Server Enables remote users to securely access their organization’s network and its services over the Internet. Additionally, it creates a secure internet portal, providing access to content, applications, and data to any targeted audience-employees, business partners, or the general public.
This is also referred to as the “core” part of the portal server product.Sun™ ONE Portal Server Desktop Often referred simply as “Desktop.” Provides the primary end-user interface and a mechanism for extensible content aggregation through the Content Provider Interface (PAPI). The Desktop includes a variety of providers that provide a container hierarchy and the basic building blocks for building some types of channels. The Desktop implements a display profile data storage mechanism on top of an identity server service for storing content provider and channel data. The Desktop also includes an admin console module for editing the display profile and other Desktop service data.
Sun™ ONE Portal Server Instant Collaboration Pack Sun ONE’s instant messaging product which includes the server, multiplexor and Sun ONE Instant Messenger components. Also known as Instant Messaging Server.
Sun™ ONE Web Server This is used as the web container for the portal server and web applications. The Web Server is included with the identity server product.
symmetric key cryptography See shared-key cryptography.
TCP See transmission control protocol.
TCP/IP Transmission Control Protocol/Internet Protocol. Protocol suite originally developed for the Internet. It is also called the internet protocol suite. Solaris networks run on TCP/IP by default.
target host The host or machine that you are trying to access.
telnet Virtual terminal protocol in the Internet suite of protocols. Enables users of one host to log in to a remote host and interact as normal terminal users of that host.
telnet proxy An application which sits between the telnet client and telnet server and acts as an intelligent relay.
transmission control protocol (TCP) Major transport protocol in the internet suite of protocols providing reliable, connection-oriented, full-duplex streams. Uses IP for delivery. Encrypts only IP packet data, but not the headers. Corresponds to the transport layer, which is the fourth of the seven ISO layers. See TCP/IP.
transparent clustering A condition whereby multiple machines appear as a single machine to the user. In the portal server, the condition where multiple gateways appear as a single gateway to the user.
tunneling Process of encrypting an entire IP packet, and wrapping it in another (unencrypted) IP packet. The source and destination addresses on the inner and outer packets may be different.
tunnel address Destination address on the outer (unencrypted) IP packet to which tunnel packets are sent. Generally used for encrypted gateways where the IP address of the host serves as the intermediary for any or all hosts on a network whose topology must remain unknown or hidden from the rest of the world.
Uniform Resource Indicator (URI) A standard notation for specifying the path and file name of a resource on a server. The server translates the URI into the native format for its operating system.
URL Uniform Resource Locator. A code that searches for the location of a specific address on the Internet.
user ID Name by which a user is known to the system.
Virtual Private Network A network with the appearance and functionality of a regular network, but which is really like a private network within a public one. The use of encryption in the lower protocol layers provides a secure connection through an otherwise insecure network, typically the Internet. VPNs are generally cheaper than true private networks using private lines, but rely on having the same encryption system at both ends. The encryption may be performed by firewall software or possibly by routers.
VPN gateway The entry point to a VPN. Typically protected by a firewall.
VPN See Virtual Private Network.
Watchdog A process that monitors a gateway and restarts the gateway if its processes fail.
Web page Document on the Web.
web server An application that responds to web requests such as HTTP and FTP.
World Wide Web Network of servers on the Internet that provide information and can include hypertext links to other documents on that server and often other servers as well.
XML See Extensible Markup Language.
XSL See Extensible Style Language.
