Previous
Contents
Index
Next
|
| Sun ONE Portal Server, Secure Remote Access 6.0 Installation Guide |
Chapter 2 Installing the Sun ONE Portal Server, Secure Remote Access 6.0
This chapter includes instructions for installing the Sun ONE Portal Server, Secure Remote Access software.
This chapter contains the following sections:
Overview of Installing Sun ONE Portal Server, Secure Remote Access
Installing the Sun ONE Portal Server and Secure Remote Access Support
Installing the Gateway on the Sun ONE Portal Server Node
Installing Netlet Proxy on the Sun ONE Portal Server Node
Installing Rewriter Proxy on the Sun ONE Portal Server Node
Installing the Gateway on a Non-Sun ONE Portal Server Node
Installing Netlet Proxy on a Non-Sun ONE Portal Server Node
Overview of Installing Sun ONE Portal Server, Secure Remote Access
You can install the Secure Remote Access components on the Portal Server node, or on a non-Portal Server node.
See Table 1-1, "Components and Nodes," on page 10 for details.
Secure Remote Access support must be installed on the Sun ONE Portal Server node
Sun ONE Portal Server must be running
Default answers for the installation questions are indicated in square brackets. For example: [y]/n indicates that y is the default.
Installation Log File
A log of the installation is stored in /var/sadm/install/logs/pssetup.pid. When you start the installation script, it displays the complete name of the log. The log can be helpful if you are trying to diagnose a problem related to installation.
You can view the log file on a separate terminal window as the installation proceeds using:
tail -f /var/sadm/install/logs/pssetup.pid
Installing the Sun ONE Portal Server and Secure Remote Access Support
Installing the Sun ONE Portal Server also installs Secure Remote Access support. If you are installing Secure Remote Access on an open mode installation of the Sun ONE Portal Server, "Install Secure Remote Access support" is available as a separate option.
Note WebNFS is required for NetFile support. WebNFS is installed as part of the Secure Remote Access support, if it does not already exist on the machine.
To Install Sun ONE Portal Server and Secure Remote Access Support
Log in as root to the machine on which Sun ONE Portal Server needs to be installed, or has been installed.
You need root access to install the Sun ONE Portal Server, Secure Remote Access.
Change directories to where the installation program is located. Use the following command:
cd exact path
Type ./pssetup.
The license agreement is displayed.
Specify if you accept the license agreement. To accept, type yes.
The installation script displays the Remove options menu.
The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected components, and you can choose the component that you want to remove.
Type the number corresponding to the Continue with install option.
The Install options menu is displayed.
Type the number corresponding to the Install Portal Server or Install Secure Remote Access support option.
The installation prompts you for certain details. See the Checklist for Installing Portal Server for details.
The installation script displays the installation summary. Type y to use these settings. Type n if you want to start from the beginning.
The installation is completed.
The Install options screen is displayed again. You can choose to install another component or exit from the installation.
Installing the Gateway on the Sun ONE Portal Server Node
This procedure assumes that Sun ONE Portal Server is already installed on the machine.
For configuring the gateway with the portal server in SSL mode, the CA certificate of the portal server's web server needs to be added to the gateway's certificate database. Export the CA certificate from the web server and add it to the gateway's certificate database using the certadmin tool.
To Install the Gateway on the Sun ONE Portal Server Node
Log in as root to the machine on which Sun ONE Portal Server has been installed.
You need root access to install the Sun ONE Portal Server, Secure Remote Access.
Change directories to where the installation program is located. Use the following command:
cd exact path
Type ./pssetup
The license agreement is displayed.
Specify if you accept the license agreement. To accept, type yes.
The installation script displays the Remove options menu.
The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected components, and you can choose the component that you want to remove.
Type the number corresponding to the Continue with install option.
The Install options screen is displayed.
Choose the option to install the gateway.
The Gateway installation summary appears.
The installation summary is obtained from the details provided during the installation of the Sun ONE Portal Server.
Type n if you do not want to use the settings displayed in the Gateway installation summary. Type y to continue installing with the displayed settings.
If you chose n in step 8, the installation prompts you for certain details.
See the Checklist for Installing the Gateway on a Sun ONE Portal Server Node for details.
The installation script displays the new Gateway installation summary. Type y to use these settings. Type n if you want to start from the beginning.
If you chose y in step 10, the gateway installation is completed.
The Install options screen is displayed again. You can choose to install another component or exit from the installation.
Installing Netlet Proxy on the Sun ONE Portal Server Node
The gateway ensures a secure communication channel between the remote client machine and the gateway. Netlet Proxy extends this secure communication channel from the client, through the gateway to the Netlet proxy that resides in the intranet. This restricts the number of open ports in a firewall between the demilitarized zone (DMZ) and the intranet.
Note Netlet proxy is optional and you may choose not to install this proxy during the installation. You can also choose to install the Netlet proxy on a non-Sun ONE Portal Server node. See "Installing Netlet Proxy on a Non-Sun ONE Portal Server Node" on page 47.
For configuring the Netlet proxy with the portal server in SSL mode, the CA certificate of the portal server's web server needs to be added to the Netlet proxy's certificate database. Use the certadmin tool to create a certificate database for the Netlet proxy, and export the CA certificate from the web server to the Netlet proxy's certificate database.
To Install the Netlet Proxy on the Sun ONE Portal Server Node
Log in as root to the machine on which Sun ONE Portal Server has been installed.
You need root access to install the Sun ONE Portal Server, Secure Remote Access.
Change directories to where the installation program is located. Use the following command:
cd exact path
Type ./pssetup.
The license agreement is displayed.
Specify if you accept the license agreement. To accept, type yes.
The installation script displays the Remove options menu.
The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected components, and you can choose the component that you want to remove.
Type the number corresponding to Continue with install.
The installation script displays the Install options menu.
Type the number corresponding to Install Netlet Proxy.
The JDK installation summary and the Netlet proxy installation summary are displayed.
Choose y to continue installing the Netlet proxy with the displayed settings. Choose n to change some of the settings.
If you chose n in step 8, the installation prompts you again for details.
See the Checklist for Installing Netlet Proxy on a Sun ONE Portal Server Node for details.
The installation script displays the new Netlet proxy installation summary. Type y to use these settings. Type n if you want to start from the beginning.
The Netlet proxy installation is completed when you type y.
The Install options screen is displayed again. You can choose to install another component or exit from the installation.
Installing Rewriter Proxy on the Sun ONE Portal Server Node
Install the rewriter proxy to redirect HTTP requests to the rewriter proxy instead of directly to the destination host. The rewriter proxy in turn sends the request to the destination server.
If you do not specify a proxy, the gateway component makes a direct connection to intranet computers when a user tries to access one of those intranet computers.
For configuring the rewriter proxy with the portal server in SSL mode, the CA certificate of the portal server's web server needs to be added to the rewriter proxy's certificate database. Export the CA certificate from the web server and add it to the rewriter proxy's certificate database using the certadmin tool.
This procedure asks you if you want to install a self-signed certificate. If you choose yes, the install script prompts you for certificate-related details such as the organization name and division name. If you choose to install your own certificate at a later point, the details are not asked, but a certificate database is still created.
To Install the Rewriter Proxy on the Sun ONE Portal Server
Log in as root to the machine on which Sun ONE Portal Server has been installed.
You need root access to install the Sun ONE Portal Server, Secure Remote Access.
Change directories to where the installation program is located. Use the following command:
cd exact path
Type ./pssetup.
The license agreement is displayed.
Specify if you accept the license agreement. To accept, type yes.
The installation script displays the Remove options menu.
The Remove options are displayed in case you want to remove components that you might have installed earlier. The installation script displays a list of all detected components, and you can choose the component that you want to remove.
Type the number corresponding to Continue with install.
The installation script displays the Install options menu.
Type the number corresponding to Install Rewriter Proxy.
The JDK installation summary and the Rewriter Proxy installation summary are displayed.
Choose y to continue installing the Rewriter proxy with the displayed settings. Choose n to change some of the settings.
If you chose n in step 8, the installation prompts you for certain details.
See the Checklist for Installing Rewriter Proxy for details.
The installation script displays the new Rewriter Proxy installation summary. Type y to use these settings. Type n if you want to start from the beginning.
The Rewriter Proxy installation is completed when you type y.
The Install options screen is displayed again. You can choose to install another component or exit from the installation.
Installing the Gateway on a Non-Sun ONE Portal Server Node
It is recommended that the gateway be installed on a machine other than the Sun ONE Portal Server machine.
For configuring the gateway with the portal server in SSL mode, the CA certificate of the portal server's web server needs to be added to the gateway's certificate database. Export the CA certificate from the web server and add it to the gateway's certificate database using the certadmin tool.
This procedure asks you if you want to install a self-signed certificate. If you choose yes, the install script prompts you for certificate-related details such as the organization name and division name. If you choose to install your own certificate at a later point, the details are not asked, but a certificate database is still created.
For security reasons, it is recommended that no other software is installed on the same machine as the gateway.
To Install the Gateway on a Non-Sun ONE Portal Server Node
Log in as root to the machine on which you want to install the gateway component.
You need root access to install the Sun ONE Portal Server: Secure Remote Access.
Change directories to where the installation program is located. Use the following command:
cd exact path
Type ./pssetup.
The license agreement is displayed.
Specify if you accept the license agreement. To accept, type yes.
The installation script displays the Install options.
Type the number corresponding to the Install Gateway option.
The installation prompts you for certain details. See the Checklist for Installing Gateway on a non-Sun ONE Portal Server Node for details.
The Install options screen is displayed again. You can choose to install another component or exit from the installation.
Installing Netlet Proxy on a Non-Sun ONE Portal Server Node
The Netlet proxy can be installed on the Sun ONE Portal Server node or on an independent node.
For configuring the Netlet proxy with the portal server in SSL mode, the CA certificate of the portal server's web server needs to be added to the Netlet proxy's certificate database. Use the certadmin tool to create a certificate database for the Netlet proxy, and export the CA certificate from the web server to the Netlet proxy's certificate database.
To Install Netlet Proxy on a Non-Sun ONE Portal Server Node
Log in as root to the machine on which Sun ONE Portal Server has been installed.
You need root access to install the Sun ONE Portal Server, Secure Remote Access.
Change directories to where the installation program is located. Use the following command:
cd exact path
Type ./pssetup.
The license agreement is displayed.
Specify if you accept the license agreement. To accept, type yes.
The installation script displays the Install options.
Type the number corresponding to the Install Netlet proxy option.
The installation prompts you for certain details. See the Checklist for Installing Netlet Proxy on a non-Sun ONE Portal Server Node for details.
The Install options screen is displayed again. You can choose to install another component or exit from the installation.
Installing Secure Remote Access Migration Tools
You need to install the SRA Migration Tools to migrate the gateway components from previous versions to Sun ONE Portal Server, Secure Remote Access 6.0.
To Install the Secure Remote Access Migration Tools
Log in as root to the machine on which Sun ONE Portal Server has been installed.
You need root access to install the Sun ONE Portal Server, Secure Remote Access.
Change directories to where the installation program is located. Use the following command:
cd exact path
Type ./pssetup.
The license agreement is displayed.
Specify if you accept the license agreement. To accept, type yes.
The installation script displays the Install options.
Type the number corresponding to the Install SRA Migration Tools option.
If you have not installed the Portal Server Migration Tools, you are prompted for the base directory in which to install the SRA Migration Tools.
If you have installed the Portal Server Migration Tools, no questions are asked. The SRA Migration Tools are installed in the same directory in which the Portal Server Migration Tools are installed.
The Install options screen is displayed again. You can choose to install another component or exit from the installation.
Post Installation Tasks
After installion, do the following to start the gateway and run the required tasks:
Start the gateway using the following command:
InstallDir/SUNWps/bin/gateway -n new profile name start
default is the default gateway profile that is created during installation. You can create your own profiles later, and restart the gateway with the new profile. See Creating a Gateway Profile in Chapter 2, "Administering the Gateway" in the Sun ONE Portal Server, Secure Remote Access 6.0 Administration Guide.
If you have multiple gateway instances, use:
InstallDir/SUNWps/bin/gateway start
This command starts all the gateway instances configured on that particular node.
InstallDir/SUNWps/bin/gateway stop
This command stops all the gateway instances that are running on that particular node.
Ensure that only the configuration files for the instances that you want to start are in the /etc/opt/SUNWps directory.
Note This step is not required if you chose y for the "Start Gateway after installation" option during the gateway installation.
Run the following command to check if the gateway is running on the specified port:
If the gateway is not running, start the gateway in the debug mode, and view messages that are printed on the console. Use the following command to start the gateway in debug mode:
InstallDir/SUNWps/bin/gateway -n profilename start debug
Also view the log files after setting the gateway.debug attribute in the platform.conf.profilename file to message. See the section Understanding the platform.conf File in Chapter 2, Administering the Gateway in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for details.
Run Sun ONE Portal Server in the secure mode by typing the gateway URL in your browser:
https://gateway machine name:portnumber
If you have chosen the default port (443) during installation, you need not specify the port number.
Note Before starting the Netlet proxy and the rewriter proxy, ensure that the gateway profile is updated with the Netlet proxy and the rewriter proxy options.
Login to the iPlanet Directory Server Access Management Edition admin console as administrator using the username amadmin, and using the password specified during installation. You can now create new organizations, roles, and users and assign required services and attributes in the admin console.
Ensure that you enable the Access List service for all users, to allow access through the gateway.
Previous Contents Index Next
Copyright 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated September 23, 2002