This chapter provides information about Sun Java System Policy Agent 2.2 as it pertains specifically to Microsoft IIS 6.0.
While the individual web agents tend to be similar in terms of installation and configuration, they can have unique characteristics that allow them to interact with unique characteristics in the underlying deployment container, such as a web server or proxy server. Therefore, this chapter describes characteristics that are unique to this agent, Sun Java System Access Manager Policy Agent 2.2 for Microsoft IIS 6.0, and that are unique to just the deployment container, Microsoft IIS 6.0. This chapter also summarizes specific tasks you might need to perform because of the unique characteristics of the deployment container.
The following table shows the supported platforms for the for the Microsoft Internet Information Services (IIS) 6.0 policy agent.
Table 2–1 Supported Platforms for the Microsoft IIS 6.0 Agent
Agent For |
Supported Platforms |
---|---|
Microsoft IIS 6.0 |
Windows Server 2003, Enterprise Edition, 32-bit and 64-bit systems Windows Server2003, Standard Edition, 32-bit and 64-bit systems |
Microsoft IIS 6.0 with Outlook Web Access 2003 |
Windows Server 2003, Enterprise Edition, 32-bit systems only Windows Server2003, Standard Edition, 32-bit systems only |
Microsoft IIS 6.0 with Outlook Web Access 2007 |
Windows Server 2003, Enterprise Edition, 64-bit systems only Windows Server2003, Standard Edition, 64-bit systems only |
Microsoft IIS 6.0 with SharePoint 2003 and Microsoft IIS 6.0 with SharePoint 2007 |
Windows Server 2003, Enterprise Edition, 32-bit systems only Windows Server2003, Standard Edition, 32-bit systems only |
Microsoft IIS 6.0 64-bit agent on IIS 7.0 and IIS 7.5 with Office SharePoint Server 2007 |
Windows Server 2008, 64-bit systems only For more information see, Appendix E, Configuring the IIS 6.0 64-bit Agent With IIS 7.x With Office SharePoint Server 2007 on Windows Server 2008. |
Notes
|
The compatibility of Agent for Microsoft IIS 6.0 with Access Manager varies depending on the deployment the agent is protecting:
Microsoft IIS 6.0
Microsoft IIS 6.0 to protect Microsoft Office SharePoint 2007 or Outlook Web Access 2007
Most agents in the Policy Agent 2.2 release are compatible with Access Manager 6.3 Patch 1 forward.
Moreover, all the 2.2 agents are compatible to some degree with Access Manager 7.0 and Access Manager 7.1. This compatibility applies to both of the available modes of Access Manager: Realm Mode and Legacy Mode.
However, when Agent for Microsoft IIS 6.0 is deployed to protect Microsoft Office SharePoint 2007 or Outlook Web Access 2007, Access Manager 6.3 is not supported and not all the specific patch versions of Access Manager 7.0 and Access Manager 7.1 are supported. See the patch compatibility list that follows.
The best practice is to install the latest Access Manager patches to ensure that all enhancements and fixes are applied.
Access Manager 6.3 from Patch 1 forward
However, certain limitations apply. For more information about the limitations, see Backward Compatibility With Access Manager 6.3
Access Manager 7.0 all
Access Manager 7.1 all
Access Manager 7.0 series from Patch 7 forward
Access Manager 7.1 series from Patch 1 forward
This section describes characteristics that are unique about this specific web agent.
To work with this web agent, you should have a thorough understanding of Microsoft IIS 6.0. Besides an understanding of the overall architecture, you should have an understanding of various concepts and technologies as related to Microsoft IIS 6.0, including the following: application pools, web sites, and authentication methods.
Agent for Microsoft IIS 6.0 is an ISAPI (Internet Server API) extension application. It is deployed as a wildcard application mapping to a web site. Therefore, when deployed for a particular web site, this agent intercepts every request for accessing the resources on that web site. It does authentication and policy evaluation, thereby providing SSO.
However, for protecting Microsoft Office SharePoint and Outlook Web Access, the agent is deployed as an ISAPI filter. In this case, authentication is provided and SSO is enabled by the agent, but policy evaluation is managed by whichever application you have installed: Microsoft Office SharePoint or Outlook Web Access.
The following subsections describe unique characteristics of Agent for Microsoft IIS 6.0.
Using Agent for Microsoft IIS 6.0 with Microsoft Office SharePoint or Outlook Web Access
Multiple Instances of Web Agent Not Supported on Same System
Besides the option of having Agent for Microsoft IIS 6.0 protect Microsoft IIS 6.0 Server, you can also configure the agent to protect Microsoft Office SharePoint Portal Server 2007 (referred to as Microsoft Office SharePoint throughout this guide) or Outlook Web Access for Microsoft Exchange Server 2007 (referred to as Outlook Web Access throughout this guide). Outlook Web Access is the web-based email service for Microsoft Exchange Server.
This guide provides specific instructions for SharePoint and Outlook Web Access in Appendix A, Microsoft Office SharePoint or Outlook Web Access: Deploying Agent for Microsoft IIS 6.0.
When you install Agent for Microsoft IIS 6.0 to protect Microsoft Office SharePoint, the agent enables single sign-on (SSO) for SharePoint with all the applications configured in Access Manager. When a user attempts to access SharePoint, Agent for Microsoft IIS 6.0 displays an Access Manager log-in screen. Once authenticated, the user can access SharePoint and all other applications that are secured by Access Manager.
When you install Agent for Microsoft IIS 6.0 to protect Outlook Web Access, the agent enables single sign-on (SSO) for Outlook Web Access with all the applications configured in Access Manager. When a user attempts to access Outlook Web Access, Agent for Microsoft IIS 6.0 displays an Access Manager log-in screen. Once authenticated, the user can access the Outlook Web Access applications, such as email, and all the other applications that are secured by Access Manager.
Policy Agent 2.2 for Microsoft IIS 6.0 is unique in that only one instance of Microsoft IIS 6.0 can be installed per computer system. Therefore, you cannot install multiple instances of Agent for Microsoft IIS 6.0 on the same computer system.
However, you can configure multiple web sites on one machine, allowing the agent to be configured for multiple web sites on multiple application pools. All the same, the agent cannot be configured for multiple web sites on the same application pool. Support is only provided for a single web site associated with a single application pool.