Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster

Software Components in the Logical Architecture

While Figure 2–1 is indicative of the role of the different components within the reference configuration's logical architecture, the following table describes more precisely the purpose of each component.

Table 2–2 Software Components in the Logical Architecture


Component's Role in the Architecture 

Web Browser client 

While not formally a component of the reference configuration, the browser client is included in the architecture diagram to show how users will access portal services. There are two access scenarios: 

  • Access from a trusted network: browser clients (for example, an organization's employees) connect to portal services over the local network (or intranet) or from the Internet by using a virtual private network (VPN) or a similar solution.

  • Access from an unsecured network: Web browser clients (of a business-to-business or business-to-consumer portal) connect to portal services over the public Internet. This access scenario is supported by the Secure Remote Access (SRA) Gateway.

Remote client (optional) 

In addition to browsers, users can use applets that are included with Portal Server SRA software:  

  • Netlet. The Netlet applet runs on the browser and sets up an encrypted TCP/IP tunnel between the remote client and intranet applications in the Business Service tier. Netlet listens to and accepts connections on preconfigured ports, and routes both incoming and outgoing traffic between the client and the destination server. In this way, Netlet enables client applications to securely access intranet business service components.

  • Netfile. NetFile is a file manager application that allows remote access and operation of file systems.

  • Proxylet. Proxylet is a dynamic proxy server that runs on the browser and redirects a URL to the SRA Gateway. It does so by reading and modifying the proxy settings of the browser on the client so that the settings point to the local proxy server or Proxylet. Proxylet is used to reduce the number of ports that must be opened in a firewall through which the SRA Gateway(see next item) connects to Internet hosts. It is also used to minimize or eliminate the dependency on the Rewriter Proxy (see next item) and Rewriter rulesets.

Sun Java System Portal Server Secure Remote Access (Portal Server SRA) 

Portal Server SRA provides a gateway service that allows secure connections over the public Internet to applications and content on an internal intranet, but only to authorized users. In addition to the SRA Gateway, SRA includes the following two optional components, depending on your requirements: 

  • Netlet Proxy. The Netlet proxy is an stand-alone Java process that enhances the security between the SRA Gateway and the intranet by extending the secure tunnel from the client through the Gateway to the Netlet proxy that resides in the intranet. Netlet packets are decrypted by the proxy and then sent to their destinations. This mechanism helps to reduce the number of ports that must be opened in a firewall.

  • Rewriter Proxy. The Rewriter proxy is a stand-alone Java process that is installed on the intranet. The SRA Gateway forwards all requests to the Rewriter proxy, which fetches and returns the content of the request to the Gateway. This mechanism helps to reduce the number of ports that must be opened in a firewall.

Sun Java System Portal Server (Portal Server) 

Portal Server provides key portal services, such as content aggregation and personalization, to browser-based clients that are accessing business applications or services in the Business Service tier.  

Sun Java System Access Manager (Access Manager) 

Access Manager provides access management services such as authentication and role-based authorization for user access to applications and services. In cases where Access Manager is remote from a local component, Access Manager SDK provides an interface to the remote Access Manager services. 

Sun Java System Application Server (Application Server) 

Application Server provides the Java Platform, Enterprise Edition (Java EE) web container that is needed to support web components, such as Portal Server, Access Manager, portlet applications, and so forth. While a web container can also be provided by Sun Java System Web Server, the Portal Service on Application Server Cluster reference configuration uses Application Server. 


Various kinds of applications provide the content for Portal Server channels that are accessed by end users. These applications can include email systems, calendar servers, ERP applications, custom or third-party portlet applications deployed on a web container, and so forth. 

Sun Java System Directory Server (Directory Server) 

Directory Server provides an LDAP repository for storing information about portal users, such as identity profiles, user credentials, access privileges, application resource information, and so forth. This information is used by Access Manager for authentication and authorization and by Portal Server to build users' portal desktops.  

Sun Java System Message Queue (Message Queue) 

Message Queue is a reliable asynchronous messaging service that is used by Access Manager to write user session state into a replicated session database and to retrieve such state information when necessary.  

High Availability Session Store (HADB) 

HADB provides a data store that makes application data, especially session state data, available even in the case of failure. 

Java DB 

Java DB is the default relational database used by Portal Server to support community features and selected portal applications.