Chapter 5 The Installation and Configuration Plan

Previous Contents Index Next
Sun Java Enterprise System 2005Q4 Deployment Example: Telecommunications Provider Scenario

Chapter 5
The Installation and Configuration Plan

The goal of the installation and configuration process is the distributed system described in the deployment architecture. The distributed system is composed of component instances that run on multiple computers and interoperate with each other. To achieve a functioning distributed system, you must install the component instances on multiple computers and perform the basic configuration required to establish interoperation among the component instances.

To ensure that you achieve a functioning distributed system, you must develop an installation plan that uses the installer appropriately and considers the requirements of the components in the deployment. Your plan must describe the correct order for installing the component instances and performing basic configuration. The plan must also specify the configuration values that configure the components to interoperate.

This chapter describes the installation and configuration plan for the Telco deployment.

Installation and Configuration Issues

You install Java ES components with the Java ES installer. The installer is able to configure some of the Java ES components at installation time. The other components are configured by running separate configuration tools after installation is complete.

Your installation and configuration procedures depend on the following factors:

Installer Behavior

Component Dependencies

Distributed Subcomponents

Component Redundancy

LDAP Directory Tree

Each of these factors is described in the following sections.

Installer Behavior

The Java ES installer uses Solaris pkgadd to transfer Java ES software to your computer system. The installer can install any number of Java ES components during a single installation session. The installer does not perform distributed installations. Therefore, to install and configure Java ES components on multiple computers, as called for in the Telco deployment architecture (Figure 3-6), you must run the installer on each computer used in your deployment until all of the components have been installed and configured.

Distributed Installations

The quality of service requirements for Java ES solutions lead to architectures that place component instances on more than one computer. For example, the Telco deployment achieves a reliable portal service by installing two instances of Portal Server on two computers (jesPAM1 and jesPAM2) and using a load balancer to establish a failover relationship between the two instances.

The Java ES installer, however operates on only one computer at a time. Therefore, when you install a distributed solution you must run the installer on every computer used in the solution.

In many cases you must install a component or components on a computer and then run a configuration tool to perform the basic configuration of the component. For example, in the Telco deployment, on the computer jesIMR1, you run the installer to install the Messaging Server software, and then you run a Messaging Server configuration program to configure an instance of the Message Transfer Agent.

Configuring for Interoperation

The goal of the installation process is a set of interoperating component instances. When you install components and perform basic instance configuration, you supply configuration values that result in component instance interoperation.

The configuration values that result in interoperation include such values as the URLs or port numbers that one component instance uses to communicate with another component instance and the administrator account IDs and password that one component instance uses to gain access to another component instance. For example, in the Telco deployment, the Access Manager instances must communicate with the Directory Server instances, so you configure the Access Manager instances with the URLs, administrator account ID, and password for the directory service instances in the deployment.

When you run the Java ES installer, it does not know what components are installed on other computers used in the deployment. For example, when you install Access Manager, the installer does not know where the appropriate LDAP directory is located. To ensure the success of your installation and configuration process, you must plan ahead and develop the information that you need to configure each component instance. For example, when you configure the Access Manager instances on jesPAM1 and jesPAM2, you will need the URLs, administrator IDs, and administrator passwords for the jesDPA directory service.

Configure Now and Configure Later

The Java ES installer is capable of configuring runnable instances of some components. To use the installer this way, you must run the installer in “configure now” mode and supply the necessary configuration values.

For components that cannot be configured at install time, you run the installer in configure later mode. After installation is complete, you run a configuration program for each component instance you are creating. For example, in the Telco deployment, on MCS1b, you run the installer in configure later mode to install Messaging Server and Calendar Server software. Then you run the Messaging Server configuration program to create an instance of the Message Store. Then you run the Calendar Server configuration program to configure and instance of the calendar store.

When you plan how to install and configure a solution, you need to plan the correct sequence of running the Java ES installer and running the configuration programs.

The installation and configuration plan for the Telco deployment uses the configure now option whenever it is possible to do so.

Component Dependencies

Some Java ES components cannot be installed and configured unless other components are installed and configured first. Dependencies occur for several reasons:

Some components cannot function unless certain other components are installed and configured. For example, Portal Server Secure Remote Access functions as a gateway for a specific Portal Server instance. The configuration process for Portal Server Secure Remote Access requires input of URLs that enable Portal Server Secure Remote Access to interoperate with an already functioning Portal Server. Because of this dependency, Portal Server must be installed, configured, and running before Portal Server Secure Remote Access is installed and configured. In the Telco installation plan, this type of dependency determines the installation sequence for the Portal Server and Portal Server Secure Remote Access instances.

A number of components require an LDAP directory for authentication and authorization. When you install and configure instances of these components you input the URL for the LDAP directory service. Because of this dependency, Directory Server must be installed and configured before the components that use the LDAP directory service. In the Telco installation plan, Directory Server is the first component installed and configured.

Some components modify the configuration of an existing component. For example, installing and configuring Access Manager modifies the LDAP directory schema. If your solution uses Access Manager, you must plan to install and configure Directory Server before you install and configure Access Manager. In the Telco installation plan, Access Manager instances are installed and configured after the Directory Server instances.

A number of Java ES components are web applications. These components must be deployed into web containers to function. The Telco deployment uses Web Server as a web container. The Java ES installer can install Web Server and the web application component in one installation session and automatically deploy the component to Web Server. This is how the components on jesPAM1 and PAM2 are installed.

Java ES components can be installed in a high-availability cluster provided by Sun Cluster software. The Sun Cluster software must be installed and running before the other components are installed and configured. Then, after the Java ES components are installed and configured, you must install and configure the appropriate Sun Cluster agents for the Java ES components. In the Telco installation plan, this is how the components on jesMCS1b, jesMCS2b, jesMS1c, and jesMS2c are installed and configured.

The Telco deployment has examples of all these types of dependency.

Notice that some of these dependencies are solution-wide and some are local. You consider solution-wide dependencies and local dependencies differently when you plan how to install and configure a solution. The difference is described in the following example:

The dependency of Access Manager on Directory Server is a system-wide dependency. When you install Access Manager, you supply a URL for a directory service that is provided by one more instances of Directory Server. Once Directory Server is installed and configured, the directory service is available to all components in the solution. This type of dependency is determines the system-wide sequence for installing and configuring component instances: the computers running Directory Server are installed and configured before the computers running Access Manager. System-wide dependencies determine the overall sequence of installation and configuration steps.

The dependency of Access Manager on a web container is a local dependency. To satisfy this dependency, a web container must be installed on the computer that runs Access Manager. This web container, however, does not provide services for the entire solution. In a distributed solution, web containers are typically installed on multiple computers. You do not install a single web container that supports the entire deployment. You install web container instances where they are needed locally. Each web container supports a different component locally. Therefore, in a distributed solution there is no single location for web container installation, and there is no single point in the installation procedure installing the web container.

To develop an installation plan, you analyze the deployment architecture and identify the dependencies among the components. Your plan must install and configure the components in a sequence that satisfies all of the dependencies. In general, you can develop an overall sequence of installation steps from the solution-wide dependencies. Then you consider the local dependencies that might exist on each computer.

Distributed Subcomponents

Some Java ES components have subcomponents that can be separately installed and configured. For example, Messaging Server has four subcomponents, the Message Transfer Agent (MTA), the Message Multiplexor (MMP), Messenger Express Multiplexor (MEM), and Message Store. If the deployment architecture calls for these subcomponents to be installed on different computers, you must run the installer on each computer, in the correct sequence, and configure the subcomponents to interoperate.

The Telco deployment architecture places the Messaging Server subcomponents on separate computers to satisfy quality of service requirements. The Telco installation and configuration plan describes the correct sequence for installing and configuring these subcomponents.

Component Redundancy

The sequence of installation sessions and configuration procedures depends on how redundancy is being used in a deployment architecture. Redundancy can be used to achieve high availability, scalability, serviceability, or any combination of these service qualities. There are three technologies for using redundant components in the Java ES Telecommunications Provider architecture: load balancing, Sun Cluster, and Directory Server multimaster replication. Each has recommended configuration procedures that affect the sequence of installation sessions, as outlined briefly in the following paragraphs:

Load balancing is best set up by installing and configuring one instance of a load-balanced component, testing that the service provided by the instance is accessible through the load balancer, and then installing and configuring additional instances of the same component. This phased approach facilitates troubleshooting of configuration problems.

Sun Cluster software is set up by first installing the Sun Cluster core software on all cluster nodes before installing other components. For the Telco architecture, for example, Sun Cluster core must be installed and configured before installing and configuring Messaging Server and Calendar Server on the cluster nodes. Likewise, Messaging Server and Calendar Server must be configured before Sun Cluster agents are configured.

Directory Server multimaster replication is best implemented by first installing and configuring one of the multimaster replicas, then installing and configuring all components that depend on Directory Server. Once such installations and configurations are completed, replicas of Directory Server can be installed and the system configured to provide synchronization and failover.

Each of these redundancy implementations implies a specific scoping and sequencing of installation sessions and configuration procedures.

LDAP Directory Tree

Installing and configuring a Java ES solution requires configuration values that establish the correct directory schema and directory tree structure. The schema and tree structure specified for the Telco deployment are described in The User Management Specification.

The installation and configuration plan contains the procedures for implementing the specified schema and directory tree.

Installation and Configuration Plan for the Telco Deployment

This section summarizes the sequence of installation sessions and configuration procedures for the Telco deployment. The sequence is determined by considering all of the issues discussed in Installation and Configuration Issues.

The installation and configuration steps are grouped into modules. Each module contains the installation and configuration steps for one component subsystem in the Telco deployment architecture. The installation and configuration modules for the Telco deployment are listed in Table 5-1.

The configuration values that you input in each module are listed the detailed procedures for the modules, which are described in Software Installation and Configuration Procedures.

Table 5-1  Telco Deployment Installation and Configuration Modules

Module Number

Computers

Component Subsystem

Procedures

1A

jesDSM1

jesDSM2

Directory Server with multimaster replication

Install Directory Server and Administration Server

2

jesDPA1

jesDPA2

Load-balanced Directory Proxy Server

Install Directory Proxy Server and Administration Server

3

jesPAM1

jesPAM2

Load-balanced Portal Server and Access Manager

Install Portal Server, Access Manager, and Web Server

4

jesDSM1

User Management

Prepare directory for Messaging Server and Calendar Server (run Directory Preparation Tool)

jesPAM1

Install Delegated Administrator. Configure Delegated Administrator

jesPAM1

Use Delegated Administrator command line to extend LDAP schema to support messaging and calendar services

Run ldapmodify to add new user to directory

5A

jesMCS1b

jesMCS2b

Clustered Business-class Messaging Server and Calendar Server

Install Sun Cluster software; configure both computers as Sun Cluster nodes

5b

jesMCS1b

jesMCS2b

Install Messaging Server and Calendar Server, configure Messaging Server, configure Calendar Server

5c

jesMCS1b

jesMCS2b

Install Sun Cluster agent software

6A

jesMS1c

jesMS2c

Clustered Consumer-class Messaging Server

Install Sun Cluster software; configure both computers as Sun Cluster nodes

6b

jesMS1c

jesMS2c

Install Messaging Server, configure Messaging Server

6c

jesMS1c

jesMS2c

Install Sun Cluster agent software

7

jesPAM1

jesPAM2

Load balanced Portal Server Secure Remote Access

Install Portal Server Secure Remote Access core on both computers.

jesSRA1

jesSRA2

Install Portal Server Secure Remote Access gateway on both computers

8

jesADM

Delegated Administrator Console

Install Delegated Administrator on computer. Configure Delegated Administrator.

9A

jesIMR1

jesIMR2

Load-balanced inbound message relay and outbound message relay

Install Messaging Server software on jesIMR1. Configure Messaging Server MTA on jesIMR1. Install Messaging Server software on jesIMR2. Configure Messaging Server MTA on jesIMR2.

9B

jesORM1

jesOMR2

Install Messaging Server software on jesOMR1. Configure Messaging Server MTA on jesOMR1. Install Messaging Server software on jesOMR2. Configure Messaging Server MTA on jesOMR2.

10

jesMMP1

jesMMP2

Load-balanced messaging multiplexor

Install Messaging Server software on jesMMP1. Configure Messaging Server MMP on jesMMP1. Install Messaging Server software on jesMMP2. Configure Messaging Server MMP on jesMMP2.

1B

jesDMS1

jesDSM2

Directory Server with multimaster replication

Activate multimaster replication (after all other installation and configuration steps are complete)

The sequencing of the modules is described below. The sequence is determined by the issues described in Installation and Configuration Issues.

Module 1a     The Directory Server module is first, because other components are dependent on the directory service. Notice this module is actually in two parts, with the multimaster replication being implemented in Module 1b after all other services have been installed and configured. For more information see Component Redundancy.

Module 2     The Directory Proxy Server module comes next, because all other components access the directory through the directory proxy service.

Module 3     The Portal Server and Access Manager module comes next, because Messaging Server and Calendar Server depend upon the directory schema (Schema 2) that Access Manager sets up in the directory.

Module 4     Following the Directory Proxy Server module, a test user is created and a corresponding entry placed in the directory. A test user helps verify the remaining modules.

Modules 5 and 6     The two Messaging Server and Calendar Server back end modules are next because these service are accessed by most of the remaining components. This module is also complicated, because it includes Sun Cluster, and should be done early on to reduce risk.

Following the first six modules, the ordering of the remaining modules is more arbitrary.

Module 7     Portal Server Secure Remote Access.

Module 8     Delegated Administrator Console.

Modules 9 and 10     In these two modules, the various Message Transfer Agent instances are installed and configured. These instances are similar to each other. The have no dependencies on each other, so the order of these modules is not significant.

Each module, including its corresponding installation and configuration steps, is described more fully in Software Installation and Configuration Procedures.

Configuring Single Sign-on

There are two mechanisms by which single sign-on behavior is achieved in the Telco deployment: Access Manager SSO and proxy authentication. Both of these mechanisms are activated by the installation and configuration process.

Access Manager SSO.   Access Manager SSO is a mechanism that supports single sign-on for all web-based services. When Access Manager authenticates an end user successfully, the end-user's browser gets a cookie. If that end user subsequently tries to access another service, the browser passes the cookie, after confirming with Access Manager that the user session is still open, and Access Manager provides access to the service in question. To set up Access Manager SSO for the Telco deployment, you have to configure Messaging Server and Calendar Server components to use Access Manager SSO instead of their legacy authentication mechanisms. For detailed instructions on configuring Access Manager SSO, see Configure Messaging Server to support Access Manager single sign-on., and Configure Calendar Server to support Access Manager single sign-on..

Proxy authentication.   Proxy authentication means that some proxy user is authenticated on behalf of an end user that has logged in to the system.

Proxy authentication is used for populating the mail and calendar channels that appear in the portal desktop. A proxy user is authenticated by the Messaging Server and the Calendar Server on behalf of an end user who has logged in to Portal Server. For the Telco deployment, the proxy users are the Messaging Server administrator (admin) and the Calendar Server administrator (calmaster), respectively. To set up Portal Server proxy authentication, you use the Access Manager administration console to configure a Portal Server SSO adapter for each of these two Portal Desktop channels. You must also populate user entries with the attributes needed to support the Portal Server SSO adapter service. For detailed instructions on configuring proxy authentication, see Set up the SSO Adapter for the portal mail channel., and Set up the SSO Adapter for the portal calendar channel. In the Access Manager console:.

Proxy authentication is also used by the Messaging Server MEM component as an adjunct to Access Manager SSO. The user name is extracted from a valid cookie and access to Messaging Server is performed by the Messaging Server administrator (admin) on behalf of the user.

Protocols and Port Numbers Used

The following table shows the protocols used in the Telco deployment.

Table 5-2  Protocols Used by the Telco Deployment

Service Provider

Protocol

Client facing

HTTP, HTTPS, IMAP, SMTP

Portal Server

HTTP, LDAP

Portal Server Secure Remote Access

HTTPS

Messaging Server (MMP)
Messaging Server (MEM)

IMAP, HTTP, LDAP

Messaging Server (MTA)

SMTP, LMTP, LDAP

Access Manager

HTTP, LDAP

Directory Server

LDAP

Messaging Server (Store)

HTTP, IMAP, SMTP, LMTP, LDAP

Calendar Server (Store)

HTTP, WCAP, LDAP

When the Java ES installer requests that you enter a port number, the installer performs a runtime check on the ports in use and displays an appropriate default value. If the default port number is being used by another component or by another instance of the same component, the installer presents an alternative value.

The following table lists the Java ES components used in the Telco deployment, the port numbers that each component uses, and the purpose of each port used. Standard ports that are not used in the deployment, such as those for secure SSL protocols, are not included in the table.

Note

Access Manager and Portal Server are not listed in this table because they use the port numbers of the web container into which they are deployed.

Table 5-3  Telco Deployment Component Port Numbers

Component

Port

Purpose

Administration Server

390

Standard HTTP port

Calendar Server

82

Standard HTTP port (changed from default value of 80)

57997

ENS

Directory Server

389

Standard LDAP listener

Directory Proxy Server

489

Standard Directory Proxy Server listener

Messaging Server

25

Standard SMTP port

80

Messaging MEM (HTTP) port

143

Standard IMAP4 port / MMP IMAP Proxy

7997

Event Notification Service port

27442

Used by Job Controller for product internal communication

49994

Used by the Watcher for internal product communication

Portal Server Secure Remote Access

80

Standard HTTP Port

443

HTTP over SSL

10443

Rewriter Proxy port

10555

Netlet Proxy port

49916

Secure Mode, Netlet outgoing port

49917

Secure Mode, Netlet incoming port

Web Server

80

Standard HTTP port

8888

Standard Administration port

Previous      Contents      Index      Next

Part No: 819-5485-10. Copyright 2006 Sun Microsystems, Inc. All rights reserved.

Module Number	Computers	Component Subsystem	Procedures
1A	jesDSM1 jesDSM2	Directory Server with multimaster replication	Install Directory Server and Administration Server
2	jesDPA1 jesDPA2	Load-balanced Directory Proxy Server	Install Directory Proxy Server and Administration Server
3	jesPAM1 jesPAM2	Load-balanced Portal Server and Access Manager	Install Portal Server, Access Manager, and Web Server
4	jesDSM1	User Management	Prepare directory for Messaging Server and Calendar Server (run Directory Preparation Tool)
	jesPAM1		Install Delegated Administrator. Configure Delegated Administrator
	jesPAM1		Use Delegated Administrator command line to extend LDAP schema to support messaging and calendar services
			Run ldapmodify to add new user to directory
5A	jesMCS1b jesMCS2b	Clustered Business-class Messaging Server and Calendar Server	Install Sun Cluster software; configure both computers as Sun Cluster nodes
5b	jesMCS1b jesMCS2b		Install Messaging Server and Calendar Server, configure Messaging Server, configure Calendar Server
5c	jesMCS1b jesMCS2b		Install Sun Cluster agent software
6A	jesMS1c jesMS2c	Clustered Consumer-class Messaging Server	Install Sun Cluster software; configure both computers as Sun Cluster nodes
6b	jesMS1c jesMS2c		Install Messaging Server, configure Messaging Server
6c	jesMS1c jesMS2c		Install Sun Cluster agent software
7	jesPAM1 jesPAM2	Load balanced Portal Server Secure Remote Access	Install Portal Server Secure Remote Access core on both computers.
	jesSRA1 jesSRA2		Install Portal Server Secure Remote Access gateway on both computers
8	jesADM	Delegated Administrator Console	Install Delegated Administrator on computer. Configure Delegated Administrator.
9A	jesIMR1 jesIMR2	Load-balanced inbound message relay and outbound message relay	Install Messaging Server software on jesIMR1. Configure Messaging Server MTA on jesIMR1. Install Messaging Server software on jesIMR2. Configure Messaging Server MTA on jesIMR2.
9B	jesORM1 jesOMR2		Install Messaging Server software on jesOMR1. Configure Messaging Server MTA on jesOMR1. Install Messaging Server software on jesOMR2. Configure Messaging Server MTA on jesOMR2.
10	jesMMP1 jesMMP2	Load-balanced messaging multiplexor	Install Messaging Server software on jesMMP1. Configure Messaging Server MMP on jesMMP1. Install Messaging Server software on jesMMP2. Configure Messaging Server MMP on jesMMP2.
1B	jesDMS1 jesDSM2	Directory Server with multimaster replication	Activate multimaster replication (after all other installation and configuration steps are complete)

Service Provider	Protocol
Client facing	HTTP, HTTPS, IMAP, SMTP
Portal Server	HTTP, LDAP
Portal Server Secure Remote Access	HTTPS
Messaging Server (MMP) Messaging Server (MEM)	IMAP, HTTP, LDAP
Messaging Server (MTA)	SMTP, LMTP, LDAP
Access Manager	HTTP, LDAP
Directory Server	LDAP
Messaging Server (Store)	HTTP, IMAP, SMTP, LMTP, LDAP
Calendar Server (Store)	HTTP, WCAP, LDAP


Note	Access Manager and Portal Server are not listed in this table because they use the port numbers of the web container into which they are deployed.

Component	Port	Purpose
Administration Server	390	Standard HTTP port
Calendar Server	82	Standard HTTP port (changed from default value of 80)
	57997	ENS
Directory Server	389	Standard LDAP listener
Directory Proxy Server	489	Standard Directory Proxy Server listener
Messaging Server	25	Standard SMTP port
	80	Messaging MEM (HTTP) port
	143	Standard IMAP4 port / MMP IMAP Proxy
	7997	Event Notification Service port
	27442	Used by Job Controller for product internal communication
	49994	Used by the Watcher for internal product communication
Portal Server Secure Remote Access	80	Standard HTTP Port
	443	HTTP over SSL
	10443	Rewriter Proxy port
	10555	Netlet Proxy port
	49916	Secure Mode, Netlet outgoing port
	49917	Secure Mode, Netlet incoming port
Web Server	80	Standard HTTP port
	8888	Standard Administration port