Chapter 4 Installing and Configuring a Gateway With Portal Server

Configuring a Gateway in a Portal Server deployment allows you to access intranet URL's through one external Gateway address. Both a basic portal deployment (without Gateway and with Gateway), can work in HTTP or HTTPS modes. But when you use HTTPS in a basic portal deployment, you have secure access to only the portal. With the SRA Gateway, secure access can be provided for the entire intranet. The Gateway also offers a Rewriter feature that allows internal URLs to be accessible using a single Gateway URL.

This chapter includes the following sections:

• Configuring Gateway During Installation

• Configuring Portal Server and Gateway on Separate Nodes

• Creating a Gateway Instance

• Configuring Personal Digital Certificate (PDC) Authentication

• Installing Load Balancer Plugin and Gateway for Portal Server

• Installing and Creating Instances of Netlet and Rewriter Proxies

Configuring Gateway During Installation

This section contains the following procedures:

• Configuring a Portal Server and a Gateway on a Single Node

• Configuring Portal Server and Gateway on Separate Nodes

• Installing the Gateway with Portal Server in the SSL Mode

• Installing Gateway in DMZ

• Creating a Gateway Instance

Figure 4–1 Portal Server with Gateway

Configuring a Portal Server and a Gateway on a Single Node

This section describes how to configure a Portal Server and a Gateway on a single node in the Configure Now and Configure Later modes. In practice, this configuration is not recommended as a Gateway is designed to work in a DMZ, which mandates that the Portal Server and Gateway are deployed on separate nodes.

Using the Configure Now mode, you can configure a Gateway while installing Portal Server, where the Gateway is configured with other components. You can also configure the Gateway using the Configure Later mode, where you need to manually configure Gateway using the psconfig command after installing Portal Server.

To Configure Portal Server and Gateway on a Single Node using the Configure Now Mode

1. Ensure that Directory Server and web container are running.

2. Select the Gateway and the PortalServer options, which are displayed in the Portal Server 7.2 GUI installer when you install Portal Server 7.2.

3. Enter Directory Server, Access Manager, and web container information in the specific installer screens.

4. Start the Gateway.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile -p portal-id --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

To Configure Portal Server and Gateway on a Single Node using the Configure Later Mode

1. Install Access Manager and Directory Server using the Java ES 5 Update1 installer on top of the Application Server 9.1.

2. Select the Gateway and PortalServer options, which are displayed in the Portal Server 7.2 GUI installer when you install Portal Server 7.2.

3. Install the selected components using the Portal Server 7.2 GUI installer in the Configure Later mode.

4. Ensure that Directory Server, web container instance, and web container Administration Server are running.

5. Modify the example17.xml file.

   The example17.xml file is located in the PortalServer_base/SUNWportal/samples/psconfig directory.

   You can use this sample to configure all the components in Portal Server such as Search Server, Portal Server, SRA Core, Gateway, Netlet Proxy, Rewriter Proxy on Application Server 9.1.

6. Configure Portal Server using the psconfig command.

   PortalServer_base/SUNWportal/bin/psconfig --config example17.xml

7. Start the Gateway.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile -p portal-id --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

Configuring Portal Server and Gateway on Separate Nodes

This section describes how to configure Portal Server and Gateway on separate nodes in the Configure Now and Configure Later modes.

You can configure Gateway using the Configure Now or Configure Later options, where you need to manually configure Gateway using the psconfig command after installing Portal Server.

Ensure that the following ports are opened whenever you configure a Gateway or perform any Administration Console or command line operations that involve Gateway.

• 80 or 8080 : Portal Server Host or Portal Server Load Balancer

• 80 or 8080 : Access Manager Host or Access Manager Load Balancer (site id)

  ---

  Note –

  80 or 8080 ports are default values. But, could be different depending on configuration.

  ---

• 11162 : JMX Port (TCP) — Preferred

• 11161 : SNMP Adapter Port (UDP) — Optional

• 11163 : Commandstream Adapter Port (TCP) — Optional

• 11164: RMI Connector Port (TCP) — Used outside of DMZ environment

To Configure Portal Server and Gateway on Separate Nodes in the Configure Now Mode

This procedure requires a minimum of two nodes: Node 1 and Node 2.

1. Install Portal Server 7.2 on Node 1 on top of Application Server 9.1 with Access Manager and Directory Server.

2. Set SRA status to Enabled on Node 1.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin_user -f password_file on

3. Invoke Portal Server 7.2 GUI installer on Node 2 and select Gateway to install. This will also install Access Manager SDK.

   ---

   Note –

   Use the same password encryption key on both the nodes.

   ---

4. Provision profile on Node 1.

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin_user -f password_file --gateway-profile gateway_profile -p portal-id --enable

5. Start Gateway on Node 2.

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

To Configure Portal Server and Gateway on Separate Nodes in the Configure Later Mode

1. In the Configure Now mode, install Portal Server 7.2 on Node 1 on top of Application Server 9.1 with Access Manager and Directory Server.

2. Install Access Manager SDK on Node 2 in the Configure Now mode using the Java ES 5 installer.

   ---

   Note –

   Use the same password encryption key on both the nodes.

   ---

3. Install Gateway on Node 2 in the Configure Later mode using the Portal Server 7.2 GUI installer.

4. Enable Gateway profile on Node 1.

   PortalServer_base/SUNWportal/bin provision-sra -u admin_user -f password_file --gateway-profile gateway_profile -p portal-id --enable

5. On Node 2, modify the example10.xml file.

   The example10.xml file is located in the PortalServer_base/SUNWportal/samples/psconfig directory.

6. On Node 2, Configure Gateway and Common Agent Container using the psconfig command.

   PortalServer_base/SUNWportal/bin/psconfig --config example10.xml

7. Start the Gateway.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile -p portal-id --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

Installing the Gateway with Portal Server in the SSL Mode

Installing the Gateway with Portal Server in SSL mode allows the user, in the same Intranet where Portal Server is installed, to access Portals through a secure protocol.

Figure 4–2 Portal Server in the SSL mode

To Install Gateway with Portal Server in SSL

1. Install Portal Server 7.2 in SSL mode.

2. Import the root Certificate Authority (CA) to the certificate database of the Gateway.

   cd /usr/jdk/entsys-j2se/jre/lib/security /usr/jdk/entsys-j2se/jre/bin/keytool -keystore cacerts -keyalg RSA -import -trustcacerts -alias alias-name -storepass store-password -file file-name-path

3. Invoke Portal Server 7.2 installer and install the Gateway. This will also install Access Manager SDK.

4. Create a certificate signing request.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n default

   2. Select Option 2 in the command-line interface.

   3. Type the details and save the certificate request in a file.

5. Get this certificate signed by the Certificate Authority.

   The Certificate Authority will be the Portal Server Administrator.

6. Create a file on the Gateway node, and paste the certificate response.

7. Add the signed certificate to the certificate database of Gateway.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n default

   2. Select Option 4 in the command-line interface.

8. Add the Root Certificate Authority to the certificate database.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n default

   2. Select Option 3 in the command-line interface.

   3. Provide the path for the Root Certificate Authority.

      The following message is displayed, “Successfully added.”

9. Restart the Gateway.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile -p portal-id --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

Installing Gateway in DMZ

Installing Gateway in DMZ is similar to configuring Gateway on a remote node. However, all ports need not be opened while you install Gateway in DMZ. You can install using only the Access Manager Server port and the Portal Server port. You can install Gateway in DMZ, using both psconfig and psadmin. You cannot configure Gateway in DMZ using Portal Server console.

Follow these steps to install Gateway using psconfig and psadmin.

To Install Gateway in DMZ Using psconfig

Before You Begin

Before you install Gateway in DMZ, configure Access Manager SDK. To do this:

• Change to the directory /opt/SUNWam/bin/ that contains the amconfig input file template, amsamplesilent.

• Copy the input template to a new file. For example, cp amsamplesilent new_inputfile.

• Edit the new_inputfile to set the Access Manager SDK and set the following configuration parameters:

  • SERVER_NAME

  • SERVER_HOST

  • SERVER_PORT

  • DEPLOY_LEVEL=3 (If you want to configure only in Access Manager SDK)

  • DS_HOST

  • DS_DIRMGRPASSWD

  • ROOT_SUFFIX

  • ADMINPASSWD

  • AMLDAPUSERPASSWD

  • COOKIE_DOMAIN

• Run the amconfig command using the newly created input file.

  cd opt/SUNWam/bin ./amconfig -s new_inputfile

• The amconfig script requires the JDK to be installed and linked to /usr/jdk/entsys-j2se.

1. Install Gateway in Configure Later mode.

2. Modify the attributes in example10.xml appropriately. Ensure that the RestrictiveMode attribute is set to true.

3. Run the ./psconfig --config example10.xml command to configure Gateway.

4. Run the ./psadmin start-sra-instance --user username --passwordfile passwordfile -N gatewayprofile -t gateway --restrictive to start the Gateway instance.

5. If you need to stop the Gateway instance, run the ./psadmin stop-sra-instance --user username --passwordfile passwordfile -N gatewayprofile -t gateway command.

   ---

   Note –

   The --restrictive option in the above commands is necessary to start the Gateway.

   ---

To Install Gateway in DMZ Using psadmin

1. Install Gateway in Configure Later mode.

2. Modify the attributes in example2.xml file appropriately and run the ./psconfig --config example2.xml command.

3. Copy the /opt/SUNWportal/template/sra/GWConfig.properties.template and modify the attributes appropriately.

4. Run the ./psadmin create-sra-instance --adminuser amadmin --passwordfile passwordfile -S GWConfig.properties -t gateway --restrictive command.

5. Run the ./psadmin start-sra-instance --user username --passwordfile passwordfile -N gatewayprofile -t gateway --restrictive command to start the Gateway instance created.

Creating a Gateway Instance

You can also create an instance of Gateway using the Portal Server console, as long as the Gateway instances are not to be deployed in a DMZ. This allows the user to contact any one of the Gateway instances and access Portals.

To Create a Gateway Instance

1. Login to Portal Server Administration Console.

2. Click the Secure Remote Access tab.

3. Click New Profile.

4. Type the new profile name and select the Copy Profile Data From option. Click OK.

   The following message is displayed: “New profile is successfully created. Please change the relevant ports in the new profile so that they do not clash with those in the existing profiles.”

5. Click OK.

   The Profile screen is displayed.

6. Click the new profile created and change the port of the instance so that it does not clash with any ports that are in use.

   You need to change both the http and https port numbers.

7. Click OK.

8. Modify the GWConfig-default.properties.template file available in the /etc/opt/SUNWportal/ location.

9. Run the PortalServer_base/psadmin create-sra-instance -u amadmin -f passwordfile --sraconfig templatefilelocation -t gateway command.

Configuring Personal Digital Certificate (PDC) Authentication

This section describes how to configure a digital certificate for a Gateway.

To Configure Personal Digital Certificate Authentication

Before You Begin

• Ensure that the Gateway and Portal Server are up and running.

1. Edit the AMConfig.properties file on the Portal Server node.

   The AMConfig.properties file is located in the AccessManager_base/SUNWam/config directory.

   1. Add the following line in the AMConfig.properties file.

      com.iplanet.authentication.modules.cert.gwAuthEnable=yes

2. Import the certificates to the certificate database of the Gateway.

3. Import the Root Certificate Authority on the Gateway machine.

4. Add the Root Certificate Authority to the Gateway profile.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n gateway-profile-name

   2. Select Option 3 in the command-line interface.

      You are prompted to provide the certificate path. When you provide a valid path, the certificate is added. You will get a message that the certificate is added successfully.

5. Generate a Certificate Signing Request for submitting to the Certificate Authority.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n gateway-profile-name

   2. Select Option 2 in the command-line interface.

   3. Enter values when prompted.

   4. Save the request in a file.

6. Submit the Certificate Signing Request to a Certificate Authority and get it approved.

7. Save the certificate response on a file after Certificate Authority has signed it.

8. Import the certificate response file.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n gateway-profile-name

   2. Select Option 4 in the Certadmin menu.

   3. Provide the location of the certificate response file.

9. Import the Root CA certificate on the Portal Server machine.

   ./certutil -A -n rootca -t "TCu,TCu,TCuw" -d /opt/SUNWappserver/appserver/domains/domain1/config -a -i rootca-path

10. Register Certificate as an Authentication module.

    1. Login to Access Manager Console as the Administrator.

    2. Click the Identity Management tab.

    3. Select the Organization.

    4. Select Services in the View dropdown list.

    5. Verify whether the Certificate is displayed in the left pane under the Authentication Modules option.

    6. Click Add if the Certificate Service is not displayed in the left pane.

    7. Select Certificate in the right pane.

       Certificate is displayed under the Authentication Modules option.

    8. Click OK.

       Certificate is displayed under the Authentication Modules option in the left pane.

11. Allow Certificate Authentication to trust any remote host.

    1. Login to Access Manager Console as the Administrator.

    2. Click the Identity Management tab.

    3. Select the Organization.

    4. Select Services in the View dropdown list.

    5. Click the Arrow button displayed with the Certificate option.

    6. Select the None option displayed in the Trusted Remote Hosts list box.

    7. Click Remove.

    8. Type Any in the text box displayed with the Trusted Remote Hosts list box.

    9. Click Add, and click Save in the right panel.

12. Add Certificate as a required enforcement criterion.

    1. Login to Access Manager Console as the Administrator.

    2. Click the Identity Management tab.

    3. Select the Organization.

    4. Select Services in the View dropdown list.

    5. Click the Arrow button that is displayed with the Authentication Configuration option.

       The Service Instance screen appears.

    6. Click New in the Service Instance screen.

       The New Service Instance List screen appears.

    7. Enter the service instance name as gatewaypdc.

    8. Click Submit.

       The Service Instance List screen appears.

    9. Click gatewaypdc option.

       The gatewaypdc Show Properties screen appears.

    10. Click the Edit link.

    11. Click Add.

        The Add Authentication Modules popup window appears.

    12. Select Cert as the Module Name.

    13. Select Required for Enforcement Criteria.

    14. Click OK.

        The Authentication Modules popup window appears.

    15. Click OK and close the popup window.

13. Add a dynamic user.

    1. Login to Access Manager Console as the Administrator.

    2. Click the Arrow button displayed with Core option in the Identity Management tab.

    3. Select gatewaypdc in the Organization Authentication Modules list box.

    4. Select Dynamic from the User Profile dropdown list.

    5. Click Save.

14. Add Gateway host in the Portal Server Administration Console.

    1. Login to Portal Server Administration Console.

    2. Click Secure Remote Access.

    3. Click the Gateway profile.

       The Profile screen appears.

    4. Click the Security tab.

       The Security Options screen appears.

    5. Add the Gateway host name in the Certificate-enabled Gateway Hosts list box.

    6. Click Add and click Save.

15. Restart the server.

    ---

    Note –

    This is mandatory because the Amconfig.Properties is updated.

    ---

16. Restart the Gateway profile.

17. Install the client certificate issued by the Certificate Authority into the browser.

    Access the PDC enabled Gateway.

18. Install the client certificate to the JVM keystore.

    1. Click Start > Settings > Control Panel > Java.

    2. Add the following parameters in the Applet Run Time parameters:

       -Djavax.net.ssl.keyStore=keystore-path -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.keyStoreType=type

19. Add portal services to the dynamic user created.

    1. Login to Access Manager Administration Console as the Administrator.

    2. Click the Identity Management tab.

    3. Select the Organization.

    4. Select Users in the View dropdown list.

    5. Add Services to the dynamic user created.

20. Add a dynamic user to the Distinguished Name (DN).

    1. Login to the Portal Server Administration Console.

    2. Click Portals > Portal name.

    3. Add the dynamic user to the DN.

    4. Change the Parent Container to JSPTabContainer.

    5. Change Desktop Type of the user to developer_sample, enterprise_sample, or community_sample.

Installing Load Balancer Plugin and Gateway for Portal Server

This section explains how to install Load Balancer Plugin and Gateway for Portal Server. A Load Balancer handles multiple Portal Server instances. If any one of the Portal Server instances goes down, the Load Balancer automatically redirects the user to the other available Portal Server instance.

A Load Balancer can be installed behind the Gateway or in front of the Gateway. If the Load Balancer is installed behind the Gateway, the user accesses the Portal Server instances through the Gateway. The end user contacts the Gateway. If the Load Balancer is installed in front of the Gateway, the user accesses the Portal Server instances through the Load Balancer.

Figure 4–3 Portal Server with Load Balancer

This section explains the following:

• To Install Load Balancer Plugin for Portal Server

• To Install Gateway in Front of the Load Balancer

• Installing Gateway on a Separate Node

To Install Load Balancer Plugin for Portal Server

This task requires the following:

• Two nodes: Node 1 and Node 2.

• Two Portal Server instances on Node 1 and Node 2.

---

Note –

You can install any Load Balancer of your choice for Portal Server. This procedure provides an example to install the Load Balancer that is available with Sun Java System Application Server 9.1 for Portal Server.

---

1. Install the Load Balancer plugin that is available with the Application Server 9.1. Web Server should already be installed from Java ES 5 bits.

2. Edit the Loadbalancer.xml file.

   The Loadbalancer.xml file is located in the WebServer_base/SUNWwbsvr/https-node3/config/ directory.

   A sample Loadbalancer.xml file is displayed as follows:

   <!DOCTYPE Load Balancer PUBLIC "-//Sun Microsystems Inc. //DTDSun ONE Application Server 9.1//EN" "sun-Load Balancer_1_1.dtd"> <Load Balancer> <cluster name="cluster1"> <!-- Configure the listeners as space seperated URLs like listeners="http://host:port https://host:port" For example: <instance name="instance1" enabled="true" disable-timeout-in-minutes="60" listeners="http://node1.domain-name:80"/> <instance name="instance1" enabled="true" disable-timeout-in-minutes="60" listeners="http://node2.domain-name:80"/> --> <instance name="instance1" enabled="true" disable-timeout-in-minutes="60" listeners=""/> <web-module context-root="/portal" enabled="true" disable-timeout-in-minutes="60" error-url="sun-http-lberror.html" /> <web-module context-root="/psconsole" enabled="true" disable-timeout-in-minutes="60" error-url="sun-http-lberror.html" /> <health-checker url="/" interval-in-seconds="10" timeout-in-seconds="30" /> </cluster> <property name="reload-poll-interval-in-seconds" value="60"/> <property name="response-timeout-in-seconds" value="30"/> <property name="https-routing" value="true"/> <property name="require-monitor-data" value="false"/> <property name="active-healthcheck-enabled" value="false"/> <property name="number-healthcheck-retries" value="3"/> <property name="rewrite-location" value="true"/> </Load Balancer>

3. Restart the Web Server and access Portal through the Load Balancer.

To Install Gateway in Front of the Load Balancer

This procedure explains how to install Gateway in front of the Load Balancer. This procedure requires three nodes: Node 1, Node 2, and Node 3.

---

Note –

You can install any Load Balancer of your choice for Portal Server. This procedure provides an example to install the Load Balancer that is available with Sun Java System Application Server 9.1 for Portal Server.

---

1. Install Portal Server with Secure Remote Access, Directory Server, Access Manager, and Application Server 9.1 on Node 1.

2. Install Load Balancer that is available with Sun Java System Application Server 9.1 on Node 2.

   Load Balancer is load balancing only the Portal Server 7,2 instances and not the Access Manager instances.

3. Access Portal Server console.

4. Navigate to Secure Remote Access —> default.

   You can view a list box for Portal Servers.

5. Remove the existing entry in the list box and add https://node4.domain.com:port/portal.

6. Add URLs required for Load Balancer in the URLs to which User Session Cookie is Forwarded list box.

7. Click the Security tab. You can view the following entries in the Non-Authenticated URL list:

8. Run the following switch-sra-status and provision-sra commands.

   ./psadmin switch-sra-status -u amadmin -f password-file on

   ./psadmin provision-sra -u amadmin -f password-file --loadbalancer-url protocol://loadbalancer_host:loadbalancer_port/portaluri --gateway-profile gateway-profile -p portal-id --enable

9. Restart Portal Server 7.2 and Application Server 9.1 on Node 1.

10. Login to Portal Server console and Portal desktop through the Load Balancer using the following URLs:

    http:node2.dommain-name:8080/psconsole

    http:node2.dommain-name:8080/portal/dt

11. Install Gateway on Node 3.

12. Provide appropriate Portal Server, Access Manager, and Directory Server values in the Installation panels for AccessURL and Primary portal host.

    ---

    Note –

    AccessURL should point to Load Balancer URL.

    ---

    The Gateway is installed successfully.

    Gateway can be installed in the Configure Later mode also. Change the example10.xml file. Set the PortalAccessURL as the Load Balancer URL. Set the PrimaryPortalHost as the portal, where the first portal is installed. This is used to set up trust between two Common Agent Containers. After modifying the example10.xml file, run the psconfig command to configure Portal Server.

13. Configure the Gateway to direct to the Load Balancer instead of Portal Server on Node 3.

    1. Set ignoreServerList=true in the platform.conf.default file.

       The platform.conf.default file is located in the PortalServer_base/SUNWportal directory.

    2. Replace Portal host and port information with Load Balancer host and port in the platform.conf.default file.

       The platform.conf.default file is located in the PortalServer_base/SUNWportal directory.

    3. Replace Portal host and port information with Load Balancer host and port in the AMConfig-default.properties file on Node 3.

       The AMConfig-default.properties file is located in the AccessManager_base/SUNWam directory.

    4. Login to Portal Server Administration Console.

       http://node1.domain-name:8080/psconsole

    5. Click Secure Remote Access —> default.

    6. Enter the Load Balancer URL in the Portal Server(s) list displayed in the right panel.

       http://node2.domain-name:8080

    7. Add the Load Balancer URL in the URLs to which User Session Cookie is Forwarded list.

    8. Click the Security tab.

14. Restart Access Manager, Portal Server, and Gateway.

Installing Gateway on a Separate Node

Follow the procedure to install Gateway on a one machine and Portal Server on a separate machine.

To Install Gateway on a Separate Node

1. In the Portal Server 7.2 GUI installer, select SRAGateway from the Product Selection screen as the only component to install.

2. Click Next.

   The Secure Remote Access Gateway Settings screen appears.

   Figure 4–4 Secure Remote Access Gateway Settings Screen

   
   

3. Enter appropriate values for SRA Gateway and click Next.

   Protocol

   Choose the Protocol as http or https. The default value is https.

   Port

   Enter port value.

   Profile

   Enter the Profile name.

   Portal Server Access URL

   This value will be either Load Balancer or Portal Server depending upon the installation.

   Portal Server Administration Host

   Enter the host name where the Portal Server need to be installed.

   Log User Password

   Enter the password for user.

4. The next steps are similar to installing Portal Server 7.2 using Portal Server 7.2 GUI installer. For more information on installing Portal Server 7.2 GUI installer, refer To Install Sun Java System Portal Server 7.2 on Application Server 9.1 Using Portal Server 7.2 GUI Installer

Installing and Creating Instances of Netlet and Rewriter Proxies

This section explains how to install Netlet Proxy and Rewriter Proxy. This section also explains how to create a second instance of Netlet and Rewriter proxies using the psadmin command.

This section includes the following:

• To Install Netlet Proxy in the Configure Now Mode

• To Install Netlet Proxy in the Configure Later Mode

• To Create a Second Instance of Netlet Proxy Using the psadmin Command

• To Install Rewriter Proxy in the Configure Now mode

• To Install Rewriter Proxy in the Configure Later Mode

• To Create a Second Instance of Rewriter Proxy Using the psadmin Command

To Install Netlet Proxy in the Configure Now Mode

1. Invoke the Portal Server 7.2 GUI installer.

2. Select Netlet Proxy in the Components Selection screen and proceed with the installation.

3. Specify the Host IP Address, Access Port (default: 10555), and the Profile Name to which the Netlet Proxy instance needs to be associated in the Portal Server: Secure Remote Access: Configure Netlet Proxy panel.

4. Start the Netlet Proxy instance using the following command.

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t nlproxy

5. Verify whether the Netlet Proxy instance is running.

   netstat -an | grep PORT

To Install Netlet Proxy in the Configure Later Mode

1. Install Netlet Proxy in the Configure Later mode using the Portal Server 7.2 GUI installer.

2. Modify the example11.xml with the appropriate values.

   The attributes within <NetletPoxy profile=profilename>...</NetletProxy> tags need to be changed.

3. Configure example11.xml.

   PortalServer_base/SUNWportal/bin/psconfig --config example11.xml

4. Start the Netlet Proxy instance using the following command.

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t nlproxy

To Create a Second Instance of Netlet Proxy Using the psadmin Command

1. Install Netlet Proxy in the Configure Later mode using the Portal Server 7.2 GUI installer.

2. Configure Common Agent Container by modifying the example2.xml file.

3. Configure the Common Agent Container.

   PortalServer_base/SUNWportal/bin/psconfig --config example2.xml

4. Copy the NLPConfig.properties.template file to a temporary location.

   cp PortalServer_base/SUNWportal/template/sra/NLPConfig.properties.template /tmp

5. Modify the values for an existing profile.

6. Create a Netlet Proxy instance.

   psadmin create-sra-instance -u admin-user-name -f PASSWORDFILE -S /tmp/NLPConfig.properties.template -t nlproxy

7. Start the Netlet Proxy instance using the following command.

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N profile-name -t nlproxy

   where profile-name is the value specified for the rewriterproxy.profile.name property in the RWPConfig.properties file during the creation of Netlet Proxy instance.

To Install Rewriter Proxy in the Configure Now mode

1. Invoke the Portal Server 7.2 GUI installer.

2. Select Rewriter Proxy in the Components Selection screen, and proceed with the installation.

3. Specify the Host IP Address, Access Port (default: 10443), and the Profile Name to which this Rewriter Proxy instance needs to be associated in the Portal Server: Secure Remote Access: Configure Rewriter Proxy screen.

4. Start Rewriter Proxy instance using the following command.

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t rwproxy

5. Check whether the Rewriter Proxy instance is running:

   netstat -an | grep PORT

To Install Rewriter Proxy in the Configure Later Mode

1. Install Rewriter Proxy in the Configure Later mode using the Portal Server 7.2 GUI installer.

2. Modify the example12.xml file with the appropriate values.

   The attributes within the <RewriterPoxy profile=profilename>...</RewriterProxy> tags need to be changed for Rewriter proxy.

3. Configure the Common Agent Container.

   PortalServer_base/SUNWportal/bin/psconfig --config example12.xml

4. Start Rewriter Proxy by using the following command.

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t rwproxy

To Create a Second Instance of Rewriter Proxy Using the psadmin Command

1. Install Rewriter Proxy in Configure Later mode using the Portal Server 7.2 GUI installer.

2. Configure Common Agent Container by modifying the example2.xml file.

   PortalServer_base/SUNWportal/bin/psconfig --config example2.xml

3. Copy the RWPConfig.properties.template file to a temporary location.

   cp PortalServer_base/SUNWportal/template/sra/RWPConfig.properties.template /tmp

4. Modify the values for an SRA profile.

5. Create a Rewriter Proxy.

   PortalServer_base/SUNWportal/bin/psadmin create-sra-instance -u admin-user-name -f PASSWORDFILE -S /tmp/RWPConfig.properties.template -t rwproxy

6. Start Rewriter Proxy using the following command.

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N profile-name -t rwproxy

   where profile-name is the value specified for the rewriterproxy.profile.name property in the RWPConfig.properties file during the creation of Rewriter Proxy instance.