Best Practices Checklist

This section lists some of the best practices you can adopt while you execute and administer Gateway in your environment.

Gateway Best Practices

• To start or stop Watchdog, you could use the psadmin sra-watchdog command.

• To change the password of amService-srapGateway agent, log into AMConsole and select Agents > SRA Log User Password, and change the password. Gateway verifies the credentials of an user using the amService-srapGateway agent.

• To view the logs of the Gateway, use the psconsole. From the PSCconsole, select the Secure Remote Access tab and click Logging. Select Gateway, Netletproxy, or Rewriterproxy to view the logs.

• When configuring Gateway on a separate node, ensure that the local Directory Server is running and the security directory is copied from the Portal Server node.

• The certificate database for Gateway is located at /etc/opt/SUNWportal/cert.

• When Gateway is configured to access multiple Access Managers and Portal Servers, the respective entries of each Access Manager and Portal Server instance must be appended to the non-authenticated URLs list.

• You can use one of these methods to change the Gateway configuration:

  • Change the parameters in the platform.conf.<instance> file.

  • Using the psconsole, change the Gateway profile.

• The chroot command is deprecated and is not supported in Portal Server 7.

• The Access Manager encryption key password must match the Access Manager SDK install on the Gateway node, with Access Manager installed on the remote node.

• When Portal Server and Gateway are installed on different domains, the domain entries should be present under the Cookie Domain List in the AMConsole under Service Configuration.

• On the Portal Server node, you can view both the AMConfig-default.properties and AMConfig.properties files at /etc/opt/SUNWPortal/. This file is specific to Netletproxy and Rewriterproxy.

• To create the Gateway profile:

  1. Create a new Gateway profile using the psconsole. Ensure the https and http port numbers you use is not currently used by another application.

  2. Run the psadmin command to create an instance by modifying an appropriate template.

• Ensure that the SRA Core is installed during the Portal Server installation, else Gateway does not get installed.

• SRA Core cannot be installed in a separate session from an open Portal Server.

• Proxylet does not work when Portal Server is installed in the SSL mode.

Proxylet Best Practices

This section lists some of the best practices you can adopt while administering Proxylet in your environment.

Proxylet supports WPAD protocol

Use the following procedure to add the application URLs to the Proxylet console.

1. Login to psconsole.

2. From Manage Channels and Containers for Proxylet, select theAppurls link.

3. Click the New Property button, and select a string type.

4. Enter a short name for the URL in the Name field and the actual URL in the Value field. Application URLs override the default settings.

Deployment Options

You can choose to deploy Proxylet for the entire enterprise domain which completely eliminates the need to use Rewriter or use Proxylet only for applications that cannot be configured using the Rewriter.

Option 1 — Deploying Proxylet in an Enterprise Domain

1. Add a rule to the Proxylet Rules field for enterprise domain. For example, enterprise domain: proxylethost: proxyletport. The Proxylet channel displays a link.

2. Launch Proxylet by default. Clicking the link downloads Proxylet and reloads the portal desktop page. Using the rules defined in Step 1, the portal desktop page is displayed through the Proxylet.

Option 2 — Deploying Proxylet for Selected Applications

1. Add multiple rules to the Proxylet Rules field for each of the application domain and sub-domain. For example, application domain:proxylethost:proxyletport.

2. Add application URLs to the appurls collection property of Proxylet Channel properties.

   The Proxylet channel displays the application URLs.

3. Click any one of the URLs to download the Proxylet and redirect the browser to the selected application.

Customizating Proxylet

From the psconsole, use the Custom PAC file field to write a customized PAC file logic that is appropriate to your working environment. Proxylet configures the end users browser with the custom PAC file. If the custom PAC file is configured, then the Rule field is ignored.

You can use a customized launch pad for starting applications instead of using the Proxylet Channel. The format of the URL is as follows:

• Proxylet Servlet URL?

• command=loadApp or loadJWSApp

• &followUp=Application URL

• &portalurl=portalserver desktop URL

• &propertyfile=name of property file

Netlet Best Practices

• You can configure a Netlet static rule using the psconsole, Netlet starts automatically when the user logs onto the desktop.

• Users can configure dynamic rules using the Netlet channel.