Chapter 2 SunWeb Requirements
This chapter describes the business and technical requirements for the
SunWeb 4.0 deployment. The requirements listed in this chapter are one possible
set of requirements for an enterprise such as Sun. These requirements might
be similar to the requirements needed by your enterprise as you plan to deploy
and use Java ES services. Compare the requirements in this chapter with your
own business requirements to determine what aspects of the SunWeb 4.0 deployment
are applicable for your specific needs.
The requirements described in this chapter specify quality of service
(QoS) features such as performance, availability, and scalability. The deployment
architecture developed to meet these requirements is described in detail in Chapter 3, Designing the SunWeb Architecture.
This chapter contains the following sections:
Capacity Requirements
SunWeb provides services to two primary classes of internal users:
those accessing SunWeb when connected to the corporate network (SWAN) and
those accessing SunWeb using the public Internet and secure remote access
gateways (SRA). SWAN users connect directly to the portal server through a
load balancer. Internet users (SRA) access load-balanced gateways that connect
to the portal servers for serving content and other applications.
Each class of user has access to the same set of services, which includes
e-mail, blogs, search, file access, content, tools, applications, and a personalized
desktop. Access to specific services, tools, and content is based on an
employee's role at Sun (executive, people manager, individual contributor,
and so on). The following table lists the approximate number of users in each
class.
Table 2–1 Number of Users of SunWeb Services
Service Class
|
Number of Users
|
Local users logging in to SunWeb from a computer connected to SWAN (includes
access via VPN)
|
Approximately 19,000–21,000 unique users per day
|
Remote users logging in to SunWeb from a computer or mobile device not
connected to SWAN (SRA)
|
Approximately 1,700–2,100 unique users per day
|
The SunWeb user base is expected to grow as more applications
are integrated into the portal. For the initial deployment of SunWeb 4.0,
the requirement was that the system be scalable to support 6,000 concurrent
users. To meet future needs, the deployed system must be scalable to accommodate
an increasing number of users, with the growth rate for users expected to
be 10-15% per year.
Detailed Service Requirements
As highlighted in Deployment Overview,
the SunWeb portal provides a wide variety of services to internal users. The
following table lists the detailed service requirements that must be met by
the deployment.
Table 2–2 Detailed Service Requirements
Service
|
Requirement
|
SunWeb Portal Desktop
|
-
Provide role-based desktop access that enables access to applications
and services based on a user's role.
-
Integrate with content management systems to dynamically serve
content.
-
Provide single sign-on (SSO) with the MySales and MyMarketing
portals and with other applications.
-
Integrate with corporate LDAP for authentication and personalization
of services.
-
Provide secure login to Access Manager through SSL.
-
Provide dynamic web services and RSS content through blogs
and web services.
-
Provide Ajax-based portlets to dynamically refresh and display
data.
-
Provide reporting and auditing to generate reports for compliance.
-
Integrate with applications such as employee lookup, the Support
ticketing system, the bug reporting system, and so on.
-
Enable and present Human Resources services through a single
desktop access.
-
Provide a tab-based desktop to group and present similar applications
and services.
-
Ensure that the desktop is highly customizable and user friendly
to meet corporate usability requirements and standards.
|
Access Manager
|
-
Provide SSO capability to several applications.
-
Use agents and the service infrastructure to enable simplified
development and deployment of an SSO infrastructure.
-
Provide advanced policy and user management.
-
Implement a role-based infrastructure to integrate into the
corporate LDAP framework.
-
Provide chained authentication and enable higher authentication
levels to access secure and sensitive business applications.
|
Remote access
|
-
Provide secure remote access to the SunWeb portal from anywhere,
anytime, and on any device to enable users to access intranet applications,
the network, and services in a secure way.
-
Provide token-based authentication to enable users to authenticate
in a secure way.
-
Provide a URL-based access control list through the remote
access services.
-
Provide SSO for applications using HTTP basic authentication.
-
Provide SSL tunneling end-to-end from the browser to the end
application infrastructure.
-
Use Rewriter and Netlet proxies to prevent several ports and
access points from being opened in the firewall (restrict the firewall to
have only one open port).
-
Enable users to personalize and customize remote infrastructure
applications such as telnet and FTP.
|
Mobile access
|
-
Build upon the Secure Remote Access Pack (SRAP) and Mobile
Access Pack (MAP) of Portal Server.
-
Enable Sun internal users to access Sun's internal mobile
content, business applications, and tools anywhere and anytime through SunWeb
using a web-enabled mobile device with micro browser and SSL support. Mobile
users access the internal portal by accessing the remote gateway for their
region on their mobile device.
-
Enable mobile access to the SunWeb portal and its mobile content,
applications, and tools channels from the Internet using secure remote access.
-
Provide mobile services for web-enabled cell phones and PDA
devices, including support for mobile access of mail and calendar services,
employee lookup, and a small set of SunWeb channels.
|
File access
|
-
Support the NFS, Window File Services, and FTP protocols.
-
Provide NetFile through the SRA service, and FTP through netlets.
NetFile is a Portal Server SRA component that enables users to access and
operate on remote file systems and directories.
|
Communications channels (mail and calendar) [Mail and calendar services are provided by instances of Sun Java
System Messaging Server and Sun Java System Calendar Server that are already
deployed and running on the main corporate network. The SunWeb deployment
uses Portal Server channels to provide SunWeb users with access to these services
on their portal desktops.]
|
The following requirements are common to the mail and calendar channels.
Unique requirements for these channels are listed in the channel-specific
sections later in this table. The common requirements are as follows:
-
Deploy the mail and calendar channels on SunWeb with SSO based
on a SunWeb authenticated session. To provide SSO to mail and calendar, the
portal server stores user names and passwords in the directory server.
-
Require authentication before the channels are displayed.
-
Populate channel properties with information drawn from corporate
LDAP wherever possible. User preferences data (the user profile) should be
retrieved automatically from LDAP without user interaction.
-
Must not impact portal performance.
-
Must be highly customizable.
|
Mail
|
-
Enable mobile users to access their email account through
the portal anywhere, anytime, using any device and to view, read, and reply
to messages.
-
Provide a comprehensive webmail client that allows message
forwarding, vacation messages, server-side mail filters, and a server-side
address book.
-
Provide SSO with the webmail client.
-
Prepopulate IMAP server and port, user name, password, SMTP
server and port, and any other settings required to connect the channel to
the user's mail account.
-
Customize the user interface to meet corporate standards.
-
Provide spam and antivirus protection through plug-ins.
-
Provide portal-based mail access through JavaServer PagesTM (JSPTM) mail portlets and native client
support through SRA.
-
Mailbox size (maximum): 2 GB.
-
Attachment size (maximum): 20 MB.
|
Calendar
|
-
Enable mobile users to access and manage their Java ES calendar
account through the portal anywhere, anytime, and using any device.
-
Provide SSO with the calendar client.
-
Prepopulate calendar server and port, user name, password,
and any other settings required to connect the channel to the user's calendar
account.
-
Customize the user interface to meet corporate standards.
|
Blogs
|
-
Introduce a custom RSS provider to the SunWeb channel catalog
to be developed by the internal product team.
-
Enable authenticated users to add the blogs channel to their
tabs in SunWeb and to choose up to seven RSS and blog feeds to personalize
the channel's contents.
-
Must be highly customizable.
-
Must not impact portal performance.
|
SunWeb (Java ES) search
|
-
Integrate search with the portal desktop and the SRA service
to provide a single entry point.
-
Provide advanced search capabilities based on several possible
combinations.
-
Implement a paragraph-based search that provides highly intelligent
search results.
-
Deploy the multitier architecture to segregate crawling from
presentation.
|
Employee Usage Patterns
SunWeb users are expected to be most active during the 8:00 a.m. to
5:00 p.m. working hours in their respective geographical areas. Employee usage
is significant outside of those hours to facilitate communication with colleagues
in other time zones.
Availability Requirements
All production instances of the internal portal worldwide must be available
24x7x 365 with 98% uptime. To meet this requirement, the SunWeb 4.0 architecture
defines multiple redundant portal servers and gateways. Operationally, each
server is online and load balanced. If one server fails, all requests are
redirected to the remaining servers.
The long-term goal is 99.99% uptime worldwide, as SunWeb and SRA are
an integral part of Sun's business continuity and disaster-recovery strategy.
One way to meet this goal is to have three global instances, each at 99.9%
availability.
Performance Requirements
All production instances of the internal portal worldwide must support
6,000 concurrent users and have a response time of four seconds or less. To
meet this requirement, the SunWeb 4.0 architecture defines multiple load-balanced
portal servers and gateways, so each server can handle concurrent requests
from users simultaneously. These servers are tuned for optimum performance.
Scalability Requirements
As mentioned in Capacity Requirements,
the SunWeb user base is expected to grow. The architecture for SunWeb's Java
ES deployment must allow for horizontal scalability (adding more computers
to the system as user activity increases). To meet this requirement, the SunWeb
4.0 architecture allows for more portal servers or gateways to be added at
a later time to handle the extra load. For more information about scalability
strategies, see Planning for Scalability in the SunWeb Architecture.
Security Requirements
Security is a vital consideration for any system accessed by a large
number of users over the public Internet. The general security requirements
for SunWeb include the following:
-
Secure access to confidential data
-
Authentication over SSL
-
Confidential data captured on SSL
-
Remote and mobile client access through token-based and mobile
access authentication
-
Enforced role-based access control
-
Use of appropriate security features in the Access Manager
and load balancer
Token-based authentication is used for remote and mobile users accessing
SunWeb through the public Internet and the remote access gateways. Corporate
LDAP is used for internal users accessing the portal from a computer connected
to SWAN. Remote users accessing SunWeb over the public Internet (SRA) first
get a login screen in their browser. After authenticating, a customizable
desktop is displayed through which they gain access to various back-end applications
and services. The specific mechanisms are described in greater detail in Chapter
3, including Analyzing User Interactions with the SunWeb Components.
The following table provides more specific information about security
requirements.
Table 2–3 SunWeb Security Requirements
Security Category
|
Requirement
|
Physical
|
|
Firewall
|
-
Redundant firewall protection
-
Secure transfer and storage of data
-
Administrative options provided to customize security settings
(explicit policy control)
|
Transport
|
|
Backup and recovery
|
-
All software and configurations backed up (weekly or nightly
incremental backups)
-
Operating system backed up weekly
-
Backups stored for 2 weeks
-
Maximum 24 hours of data loss
|
Disaster recovery
|
|
Privacy
|
|
For more information about security strategies, see Choosing Security Strategies for the SunWeb Architecture.