Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster

Security Requirements

Portal services deliver varied content to varied users, often over the public Internet. In many cases, the content is confidential and should only be viewed by authorized users. Hence, the following security features are included in the basic feature requirements for portal services:

In addition, a more general set of security requirements is needed to provide secure access to confidential data. These requirements are shown in the following table.

Table 1–3 Security Requirements for Portal Services

Security Category 



  • Housed within a secure data center to which only authorized personnel have access


  • Internet firewall protection

  • Subnet design that secures vital services

  • Secure transfer and storage of data


  • All data stored in a manner that follows applicable regulations, corporate security policies, and corporate privacy policies


  • Authentication must be secure

  • Compatible with Secure Socket Layer (SSL)-enabled browsers and Transport Layer Security (TLS)

  • Strong encryption

The Portal Service on Application Server Cluster reference configuration is designed to support these security requirements.