test

Sun Java System Portal Server 7 Deployment Planning Guide

Secure Remote Access

Table 1–2 shows the Sun Java System Portal Server Secure Remote Access (SRA) features and their benefits.

Table 1–2 SRA Features and Benefits

Feature 

Description 

Benefit 

Integrated security

Extranet or Virtual Private Network capabilities “on demand” while providing user, policy, and authentication services. The Gateway component provides the interface and security barrier between remote user sessions originating from the Internet, and your corporate intranet. 

Extends an enterprise’s content, applications, files, and services located behind firewalls to authorized suppliers, business partners, and employees. 

To prevent denial of service attacks, you can use both internal and external DMZ-based Gateways. 

SRA core 

Users achieve remote access through four components: 

  • Gateway

  • NetFile

  • Netlet

  • Proxylet

This component has four parts: 

  • Gateway—Controls communication between the Portal Server and the various Gateway instances.

  • NetFile—Enables remote access and operation of file systems and directories.

  • Netlet—Ensures secure communication between the Netlet applet on the client browser, the Gateway, and the application servers.

  • Proxylet—Proxylet sets itself up as a proxy server running on the client's machine, and modifies the proxy settings of the browser to point to itself ( also referred to as the local proxy server). The local proxy server (Proxylet) then proxies all the intranet traffic through the gateway.

Universal access 

Enables web browser based universal access with no client software installation or maintenance necessary. 

Simplifies the IT administration and maintenance overhead while dramatically reducing the time and cost of deployment. 

Netlet Proxy 

Provides an optional component that extends the secure tunnel from the client, through the Gateway to the Netlet Proxy that resides in the intranet. 

Restricts the number of open ports in a firewall between the demilitarized zone (DMZ) and the intranet. 

Rewriter Proxy 

Redirects HTTP requests to the Rewriter Proxy instead of directly to the destination host. The Rewriter Proxy in turn sends the request to the destination server. 

Using the Rewriter Proxy enables secure HTTP traffic between the Gateway and intranet computers and offers two advantages: 

  • If a firewall exists between the Gateway and server, the firewall needs to open only two ports: one between the Gateway and the Rewriter Proxy, and another between the Gateway and the Portal Server.

  • HTTP traffic is now secure between the Gateway and the intranet even if the destination server only supports HTTP protocol (no HTTPS).