Local users logging in to SunWeb from a computer connected to SWAN (includes access via VPN) 

Approximately 19,000–21,000 unique users per day 

Remote users logging in to SunWeb from a computer or mobile device not connected to SWAN (SRA) 

Approximately 1,700–2,100 unique users per day 

SunWeb Portal Desktop

• Provide role-based desktop access that enables access to applications and services based on a user's role.

• Integrate with content management systems to dynamically serve content.

• Provide single sign-on (SSO) with the MySales and MyMarketing portals and with other applications.

• Integrate with corporate LDAP for authentication and personalization of services.

• Provide secure login to Access Manager through SSL.

• Provide dynamic web services and RSS content through blogs and web services.

• Provide Ajax-based portlets to dynamically refresh and display data.

• Provide reporting and auditing to generate reports for compliance.

• Integrate with applications such as employee lookup, the Support ticketing system, the bug reporting system, and so on.

• Enable and present Human Resources services through a single desktop access.

• Provide a tab-based desktop to group and present similar applications and services.

• Ensure that the desktop is highly customizable and user friendly to meet corporate usability requirements and standards.

Access Manager

• Provide SSO capability to several applications.

• Use agents and the service infrastructure to enable simplified development and deployment of an SSO infrastructure.

• Provide advanced policy and user management.

• Implement a role-based infrastructure to integrate into the corporate LDAP framework.

• Provide chained authentication and enable higher authentication levels to access secure and sensitive business applications.

Remote access

• Provide secure remote access to the SunWeb portal from anywhere, anytime, and on any device to enable users to access intranet applications, the network, and services in a secure way.

• Provide token-based authentication to enable users to authenticate in a secure way.

• Provide a URL-based access control list through the remote access services.

• Provide SSO for applications using HTTP basic authentication.

• Provide SSL tunneling end-to-end from the browser to the end application infrastructure.

• Use Rewriter and Netlet proxies to prevent several ports and access points from being opened in the firewall (restrict the firewall to have only one open port).

• Enable users to personalize and customize remote infrastructure applications such as telnet and FTP.

Mobile access

• Build upon the Secure Remote Access Pack (SRAP) and Mobile Access Pack (MAP) of Portal Server.

• Enable Sun internal users to access Sun's internal mobile content, business applications, and tools anywhere and anytime through SunWeb using a web-enabled mobile device with micro browser and SSL support. Mobile users access the internal portal by accessing the remote gateway for their region on their mobile device.

• Enable mobile access to the SunWeb portal and its mobile content, applications, and tools channels from the Internet using secure remote access.

• Provide mobile services for web-enabled cell phones and PDA devices, including support for mobile access of mail and calendar services, employee lookup, and a small set of SunWeb channels.

File access

• Support the NFS, Window File Services, and FTP protocols.

• Provide NetFile through the SRA service, and FTP through netlets. NetFile is a Portal Server SRA component that enables users to access and operate on remote file systems and directories.

Communications channels (mail and calendar) [Mail and calendar services are provided by instances of Sun Java System Messaging Server and Sun Java System Calendar Server that are already deployed and running on the main corporate network. The SunWeb deployment uses Portal Server channels to provide SunWeb users with access to these services on their portal desktops.]

The following requirements are common to the mail and calendar channels. Unique requirements for these channels are listed in the channel-specific sections later in this table. The common requirements are as follows: 

• Deploy the mail and calendar channels on SunWeb with SSO based on a SunWeb authenticated session. To provide SSO to mail and calendar, the portal server stores user names and passwords in the directory server.

• Require authentication before the channels are displayed.

• Populate channel properties with information drawn from corporate LDAP wherever possible. User preferences data (the user profile) should be retrieved automatically from LDAP without user interaction.

• Must not impact portal performance.

• Must be highly customizable.

Mail

• Enable mobile users to access their email account through the portal anywhere, anytime, using any device and to view, read, and reply to messages.

• Provide a comprehensive webmail client that allows message forwarding, vacation messages, server-side mail filters, and a server-side address book.

• Provide SSO with the webmail client.

• Prepopulate IMAP server and port, user name, password, SMTP server and port, and any other settings required to connect the channel to the user's mail account.

• Customize the user interface to meet corporate standards.

• Provide spam and antivirus protection through plug-ins.

• Provide portal-based mail access through JavaServer Pages^TM (JSP^TM) mail portlets and native client support through SRA.

• Mailbox size (maximum): 2 GB.

• Attachment size (maximum): 20 MB.

Calendar

• Enable mobile users to access and manage their Java ES calendar account through the portal anywhere, anytime, and using any device.

• Provide SSO with the calendar client.

• Prepopulate calendar server and port, user name, password, and any other settings required to connect the channel to the user's calendar account.

• Customize the user interface to meet corporate standards.

Blogs

• Introduce a custom RSS provider to the SunWeb channel catalog to be developed by the internal product team.

• Enable authenticated users to add the blogs channel to their tabs in SunWeb and to choose up to seven RSS and blog feeds to personalize the channel's contents.

• Must be highly customizable.

• Must not impact portal performance.

SunWeb (Java ES) search

• Integrate search with the portal desktop and the SRA service to provide a single entry point.

• Provide advanced search capabilities based on several possible combinations.

• Implement a paragraph-based search that provides highly intelligent search results.

• Deploy the multitier architecture to segregate crawling from presentation.

Physical 

• Housed within a secure data center to which only authorized personnel have access

Firewall  

• Redundant firewall protection

• Secure transfer and storage of data

• Administrative options provided to customize security settings (explicit policy control)

Transport 

• Compatible with SSL-enabled web browsers and Transport Layer Security (TLS)

• 128-bit encryption for mail transfer between client and server

Backup and recovery 

• All software and configurations backed up (weekly or nightly incremental backups)

• Operating system backed up weekly

• Backups stored for 2 weeks

• Maximum 24 hours of data loss

Disaster recovery 

• Distributed architecture in multiple data centers with failover capability

• Disaster recovery to be completed within 24 hours

Privacy 

• Data storage that follows applicable regulations, corporate security policies, and corporate privacy policies