This appendix contains the following sections:
Before installing Communications Express, consider the following planning aspects:
You cannot use the installer to install the Universal Web Client (UWC) or Access Manager on a sparse non-root global Solaris zone. Instead, you need to manually add the packages from the distribution CD using pkgadd.
You can deploy Communications Express and Access Manager in both SSL and non-SSL modes, either on the same or a different web container.
You can plan for a distributed deployment in which Directory Server, Messaging Server, Calendar Server, and Access Manager are installed on separate hosts.
You can configure Communications Express for SSL or non-SSL. If you configure SSL, you can choose between having Communications Express clients use SSL only for authentication, or to use SSL for the entire session.
Communications Express Mail now includes the security advantages of the Secure/Multipurpose Internet Mail Extension (S/MIME). Communications Express Mail users who are set up to use S/MIME can exchange signed or encrypted messages with other Communications Express Mail users, and with users of the Microsoft Outlook mail system or other mail clients that support S/MIME.
The signature and encryption features of S/MIME are available to a Communications Express Mail user only after:
A private and public key pair are issued with a certificate in standard X.509 format. The certificate assures other mail users that the keys really belong to the person who uses them. Keys and their certificate are issued from within your organization or purchased from a third-party vendor. Regardless of how the keys and certificate are issued, the issuing organization is referred to as a certificate authority (CA).
The private-public key pair, with its certificate, are properly stored electronically in a local key store or distributed to end users on common access cards (CACs), referred to as smart cards.
All public keys and certificates are stored to an LDAP directory, accessible by Directory Server. This is referred to as publishing the public keys to make them available to other mail users who are creating S/MIME messages.
Card reading devices are properly installed on the client machines when private-public key pairs and their certificates are stored on smart cards.
All the necessary platform software is installed on the client machines where Communications Express Mail is accessed.
All the necessary Sun Microsystems software is installed and configured for S/MIME.
The Communications Express Mail user is set up to use the Sun Microsystems mail system. This includes giving the user permission to use the S/MIME features.
Before you deploy your mail system for S/MIME, be sure you are familiar with these concepts:
Basic administrative procedures of your platform
Structure and use of an LDAP directory
Addition or modification of entries in an LDAP directory
Configuration process for Sun Java System Directory Server
Concepts and purpose of the following:
Secure Socket Layer (SSL) for a secured communications line
Digitally signed email messages
Encrypted email messages
Local key store of a browser
Smart cards and the software and hardware to use them
Private-public key pairs and their certificates
Certificate authorities (CA)
Verifying keys and their certificates
Certificate revocation list (CRL)
To install and configure Communications Express, see the instructions in the Sun Java System Communications Express 6.3 Administration Guide.
To administer S/MIME, see Chapter Chapter 24, Administering S/MIME for Communications Express Mail, in Sun Java System Messaging Server 6.3 Administration Guide.