Portal Server Deployment

Portal Server enables enterprises to design a variety of deployment scenarios. This section provides the following topics:

• Open and Secure Intranet Access

• Multiple Portals

• Single Sign-On Authentication

Each enterprise assesses its own needs and plans its own deployment of Java Enterprise System. The optimal deployment for each enterprise depends on a variety of factors, including:

• The types of applications that Java Enterprise System is supporting

• The number of users

• What hardware is available

For more information about deployment planning and deployment scenarios, see the Sun Java System Portal Server 7.1 Deployment Planning Guide.

Open and Secure Intranet Access

Two options are available for providing end users access to the intranet that contains a portal:

• An open Portal Server that runs using HTTP or HTTP SSL. This option provides end users access only to the portal and the resources made available directly through the portal.

• A secure Portal Server that runs with the Secure Remote Access server. This option provides end users with secure remote access to the following:

  • Intranet file systems

  • Applications

  • Web sites

  • The portal and resources made available directly through the portal

  Only the IP address of the Gateway is published to the Internet.

Multiple Portals

Portal Server supports multiple portals using a single user repository. Administrators can design, deploy, and administer each portal independently. Setting up multiple portals for single end users allows administrators to do the following:

• Deploy multiple portals and Portal Server instances on one or more hosts

• Use Access Manager software to manage users for all portals

• Provide different content for different portals

• Offer single sign-on (SSO) between portals

• Enable end users to customize their Desktops for each portal

To manage end users, portal administrators use tools provided by Access Manager. End-user data in LDAP directories do not need to be synchronized with any other repository.

A portal is a collection of one or more Portal Server instances that deliver the same content and are mapped to a single URL. The content and services delivered by a portal are common to all of its instances.

A Portal Server instance is a web application deployed into a web container, using a particular portal context URI and serving requests on a specific network port. Each Portal Server instance is associated with a single portal.

Multiple portals share the same user repository, or Access Manager. These portals can be deployed on one host or on two or more hosts. Using the same user ID and the same session, a single end user can access more than one portal.

Single Sign-On Authentication

Single sign-on (SSO) enables end users to enter a password or other credentials once to gain authenticated access to various resource servers, which supply applications or services. Portal Server provides two ways of providing SSO:

• Access Manager - Within Java Enterprise System, the Access Manager product manages SSO. Portal Server is one of the resource servers for which SSO is enabled.

  Once an end user is authenticated with Access Manager, he can access Portal Server and any other resource server that Access Manager controls.

• SSO Adapter service - To deliver content from a third-party server that is not integrated with Access Manager, Portal Server provides an SSO Adapter service. Services accessed using SSO Adapter can include mail, calendar, address book, WSRP portlets, and data web services.

  The SSO Adapter service:

  • Establishes a connection to third-party server back-end systems

  • Stores configuration data and user credentials that Portal Server needs to access these services on behalf of the user

  • Defines two levels of data:

    • SSO Adapter template defines a class of connections to be made available to users. Many end users use a single template. Because the template defines the same data values, including default values and what values a user can edit, for all users, SSO Adapter templates are defined at a global service level.

    • SSO Adapter configuration provides data values that are specific to a user. A configuration references a template and takes data values from the template for properties that end users cannot change. End users can change user-editable properties of an SSO Adapter configuration. Changes to these properties apply only to the individual end user who makes the changes.