Sun ONE Portal Server, Secure Remote Access 6.0 Installation Guide: Chapter 1 Preparing for Installation

Previous Contents Index Next

Sun ONE Portal Server, Secure Remote Access 6.0 Installation Guide

Chapter 1 Preparing for Installation

This chapter discusses the recommendations and requirements for installing the Sun ONE Portal Server, Secure Remote Access 6.0.
This chapter includes the following sections:

Installation Overview

System Requirements

Installation Scenarios

Installation Checklists

Package Information

Directory Layout

Installation Overview

The Secure Remote Access product has 2 CDs. The first CD ROM contains the Sun ONE Portal Server, Secure Remote Access software. A second CD contains third party software that can be optionally installed. Installation instructions for the packaged third party software are available in Appendix A, "Installing Third-Party Software.
You can install the Secure Remote Access software in two ways:

A fresh installation of the Sun ONE Portal Server along with Secure Remote Access.

If you are carrying out a fresh installation of Sun ONE Portal Server, Secure Remote Access, you need to install:

Sun ONE Portal Server

Gateway

Rewriter Proxy (optional)

Netlet Proxy (optional)

Install Sun ONE Portal Server, Secure Remote Access on an existing installation of the Sun ONE Portal Server.

On an existing open mode installation of Sun ONE Portal Server, you need to install:

Secure Remote Access support

Gateway

Rewriter Proxy (optional)

Netlet Proxy (optional)

The installation script pssetup is used to install and uninstall components of the Secure Remote Access.

Installation Components

The components of the Secure Remote Access can be installed on the Sun ONE Portal Server node, or on any other individual node (referred as non-Sun ONE Portal Server node). Table 1-1 lists the various installable components and the nodes that they can be installed on.
Table 1-1 has three columns. The first column lists the installable components of the Secure Remote Access. The second column lists the nodes that the component can be installed on. The third column describes the component.

Table 1-1    Components and Nodes

Component

Node

Description

Gateway

Sun ONE Portal Server, non-Sun ONE Portal Server

The gateway provides the interface and security barrier between remote user sessions originating from the Internet, and your corporate intranet.

Secure Remote Access support

Sun ONE Portal Server

This component has three parts:

The gateway component that controls communication between the Sun ONE Portal Server and the various gateway instances.

NetFile - a file manager application that allows remote access and operation of file systems and directories. NetFile comprises NetFile Java™, a Java-based user interface. This is available for Java1 and Java2.

The Netlet component that ensures communication between the Netlet applet on the client browser, the gateway, and the Sun ONE Portal Server server.

This component is installed by default when you choose "Install Portal Server" in a fresh installation of the Sun ONE Portal Server, Secure Remote Access.
This component is available as a separate installable option if you are installing the Secure Remote Access software over an existing installation of the Sun ONE Portal Server.

Netlet Proxy

Sun ONE Portal Server, non-Sun ONE Portal Server

Netlet proxy is an optional component. You can choose not to install it, or install it later. Netlet Proxy extends the secure tunnel from the client, through the gateway to the Netlet proxy that resides in the intranet. This restricts the number of open ports in a firewall between the demilitarized zone (DMZ) and the intranet.
Netlet proxy cannot be installed on a gateway node.

Rewriter Proxy

Sun ONE Portal Server

Install the rewriter proxy to redirect HTTP requests to the rewriter proxy instead of directly to the destination host. The rewriter proxy in turn sends the request to the destination server.

System Requirements

This section describes the minimum system requirements for the Sun ONE Portal Server, Secure Remote Access.

Note A warning is issued and you are prompted to exit installation if the minimum disk space requirements are not satisfied.

This section discusses the following requirements:

Hardware Requirements

Software Requirements

Operating System Requirements

Browser Recommendations

Hardware Requirements

For a new installation of the software, the following requirements must be met:

Dual processor Ultra 60 or better

512 Mbytes of memory per processor

1 Gbyte of hard drive swap space

50 Mbytes under the directory chosen to install JDK

100 Mbytes under /etc to store component files. By default, the software components are installed in /etc/opt. Hence, 100 Mbytes of space are required in /etc for a default installation

200 Mbytes under /var for the log files

Software Requirements

Third party software - Rhino and SMB Client.
Rhino is required for Netlet PAC file support. SMB Client is required for using NetFile.

Operating System Requirements

The Sun ONE Portal Server, Secure Remote Access requires Solaris 8 or Solaris 9 as the Operating System.

Browser Recommendations

The following browsers are supported:

Internet Explorer 4.0 or higher for administration, and for the end user to access the portal server desktop

Netscape 4.0 or higher for administration, and for the end user to access the portal server desktop
Table 1-2 lists the browsers supported and the required Java plug-ins. The table has three columns. The first column lists the browser. The second column lists the platforms, and the third column lists the corresponding JVM.

Table 1-2    Browsers Supported

Browser

Platforms

JVM

Navigator 4.7x

Solaris 8, Solaris 9, Windows 98, 2000, XP

Built-in

Navigator 6.2

Solaris 8 and 9, Windows 98, 2000, XP

Sun JRE 1.3.1_02

Internet Explorer 5.5

Windows 98, 2000, XP

Microsoft JVM Build 3802
Sun JRE 1.3.1_02

Internet Explorer 6.0

Windows 98, 2000, XP

Microsoft JVM Build 3802
Sun JRE 1.3.1_02

Installation Scenarios

Depending on the end user and system requirements, you can install all the Secure Remote Access components on a single machine with Sun ONE Portal Server, or on multiple machines.

Deploying on a Single Machine

In this scenario, all the Secure Remote Access components (see Table 1-1, "Components and Nodes," on page 10) are installed on the same machine. The machine must have Sun ONE Portal Server installed on it.
This deployment is not generally recommended for production environments.

Deploying on Multiple Machines

Sun ONE Portal Server also supports an installation group that includes multiple gateways communicating with multiple servers. Figure 1-1 shows a diagram of the Sun ONE Portal Server in an installation that contains multiple gateway and server components.
See the Sun ONE Portal Server, Secure Remote Access Deployment Guide for other possible configurations.
Figure 1-1    Multiple gateway and server component installation

Figure 1-1 shows a sample deployment of the Sun ONE Portal Server, Secure Remote Access.

Components

The deployment shows two clients - Browser 1 and Browser 2.

There are two gateway hosts - Gateway 1 and Gateway 2. The gateway hosts are in the demilitarized zone (DMZ).

A load balancer is also present in the DMZ to direct the HTTP and Netlet traffic to the available gateway host.

There are two installations of the Sun ONE Portal Server with Secure Remote Access—Sun ONE Portal Server 1 and Sun ONE Portal Server 2.

Sun ONE Portal Server 1 has the rewriter proxy installed on it, and Sun ONE Portal Server 2 has both the rewriter and the Netlet proxies installed on it.

There is one application host - Application host 1.

There are two other hosts - Other host 1 and Other host 2.

Session Flow
HTTP and Netlet requests from Browser 1 and Browser 2 are directed to the load balancer. The load balancer directs this to any available gateway.
The HTTP request from Browser 1 is directed to Gateway 1. This in turns directs the request to the rewriter proxy configured on Sun ONE Portal Server 1. In the absence of the rewriter proxy, HTTP requests to multiple intranet hosts would result in multiple ports being opened in the firewall. The rewriter proxy ensures that only one port is opened in the firewall. The rewriter proxy also extends SSL traffic from the gateway to the portal server node.
The HTTP request from Browser 2 is directed to the load balancer. This in turn directs the request to Gateway 2. From Gateway 2, the request is passed to Other host 2 through the rewriter proxy installed on Sun ONE Portal Server 2.
The Netlet request from Browser 2 is directed to Gateway 2 by the load balancer. Gateway 2 directs the request to the required Application host 2 through the Netlet proxy installed on Sun ONE Portal Server 2.

Installation Checklists

The following checklists will help you install the Sun ONE Portal Server, Secure Remote Access smoothly.
All these checklists are tables that have 4 columns. The first column contains the question that is asked by the installation script. The second column contains the default value for that question. The third column is blank, and you can note the actual value in that column for easy installation, and also for ready reference at a later point in time. The fourth column contains the description.

Note Print out the relevant checklists and note the values of the specific parameters that you need to supply as part of the installation. This will ease the job of answering questions during the installation.

These checklists will also serve as a reference at a later point in time, if required. The following checklists are available:
Table 1-3, "Checklist for Installing Portal Server," on page 19

Note This includes the installation of Secure Remote Access support. If you are installing Secure Remote Access on an existing installation of Sun ONE Portal Server, Secure Remote Access support is available as a separate option when you run pssetup. Only a subset of the questions in this checklist are asked.

Table 1-4, "Checklist for Installing the Gateway on a Sun ONE Portal Server Node," on page 22
Table 1-5, "Checklist for Installing Gateway on a non-Sun ONE Portal Server Node," on page 25
Table 1-6, "Checklist for Installing Netlet Proxy on a Sun ONE Portal Server Node," on page 29
Table 1-7, "Checklist for Installing Netlet Proxy on a non-Sun ONE Portal Server Node," on page 30
Table 1-8, "Checklist for Installing Rewriter Proxy," on page 32

Character Restrictions

The following are the valid characters for each of the fields during installation.
" " represents empty space.

Directories - " a-z A-Z 0-9 . / _ -"

Hostnames - " a-z A-Z 0-9 _ -"

Domains and Subdomains - " a-z A-Z 0-9 . _ -"

IP - "0-9 ."

Ports - "0-9"

Port value should be between 1 and 65535 and the IP should be a valid internet IP.

Organizations - " a-z A-Z 0-9 . _ -"

Directory Server root suffix, - "a-zA-Z0-9 . " " _ = -"

Directory Manager - "a-zA-Z0-9 " " _ = -"

Gateway Profile - "a-zA-Z0-9 . / _ -"

Certificate Info (except for country) - "a-zA-Z " " _ -"

Country in Certificate - "a-zA-Z"

URI - "a-zA-Z0-9 _ / -"

Table 1-3    Checklist for Installing Portal Server

Parameter

Default Value/Example

Actual Value

Description

Use existing JDK

n

1.3.1_04 is the recommended version of JDK. Using other versions may result in instability or lowered performance.
If you choose y, you are asked to specify the location of the JDK directory.
If you choose n, the JDK is installed under /usr/java_1.3.1_04.

Specify JDK directory location

/usr/java

This question is asked only if you chose y in the previous question which asks if you want to choose the JDK directory.
You need to specify the path where you want the JDK to be installed.

installation base directory

/opt

This is the base directory for installing the portal server.

hostname of the server

hostname

This is the hostname of the portal server server.

sub-domain name for hostname

subdomain

This is the sub-domain to which the portal server machine belongs.

domain name for hostname

domain

This is the domain to which the portal server machine belongs.

ip address of hostname

This is the ip address of the portal server machine.

hostname running SSL

n

Specify whether the portal server machine needs to run SSL.

port used to access portal server

80

This is the port used to access the portal server.

organization name

subdomain.domain

This is the name of the default organization that is created.

use existing directory server

n

Specify whether to use an existing installation of the directory server.

host name of Directory Server

hostname

This question is asked only if you specified y for the previous question.
This is the host name of the Directory Server.

subdomain name for hostname

subdomain

This is the subdomain to which the Directory Server host belongs.

domain name for hostname

domain

This is the domain to which the Directory Server host belongs.

port used to access the directory server

389

This is the port that the portal server will use to access the directory server.

directory server administration port

8900

This is the directory server administration port.

Directory Server base directory

/usr/lap

This question is asked only if you have chosen y for using an existing Directory Server.
Specify the Directory Server base directory.

root suffix of the directory tree

o=isp

This is the default top level organization. Any new organization that you create is created under this organization.

directory manager

cn=Directory Manager

This is the LDAP directory manager.

web server administrator

admin

This is the web server administrator

web server administrator port

8088

This is the port for the web server administrator

passphrase for this server

This is the common password for the directory server, web server and iDS/AME administrators.

deployment URI

/portal

Specify the URI that you specified during the installation of the Portal Server.

install sample portal

y

Choose y to install a sample portal.

hostname of gateway

hostname

This is the name of the machine that will serve as the gateway.

sub-domain name for hostname

subdomain

This is the sub-domain to which the gateway machine belongs.

domain name for hostname

domain

This is the domain to which the gateway machine belongs.

ip address of hostname.subdomain.domain

This is the IP address of the gateway machine.

hostname running SSL

y

Specify whether the gateway machine needs to run SSL.

port that hostname listens on

443

This is the port on which the gateway machine listens.

gateway will use a web proxy

n

Choosing y here enables the "Use Proxy" checkbox in the gateway admin console. This enables the gateway to use the proxies specified in the "Proxies for Domains and Subdomains" list to contact the requested URLs.
See the chapter "Configuring the Gateway" in the Sun ONE Portal Server, Secure Remote Access Administrator's Guide for details.

name of this gateway profile

default

This is the profile that the gateway machine needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which the gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway admin console and associate different instances of the gateway with different profiles.
See Creating a Gateway Profile in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for more information.

assign this service to all users of the organization

y

This question is asked only if you are adding Secure Remote Access support on an existing portal server installation.
Specify whether you want to assign this service to all existing users in the default organization.
If there are more than 1000 users, and you choose y for this option, the installation will take a long time.

Table 1-4    Checklist for Installing the Gateway on a Sun ONE Portal Server Node

Parameter

Default Value/Example

Actual Value

Description

Gateway base directory

/opt

This is the directory in which to install the gateway.

hostname of gateway

hostname

This is the name of the machine that will serve as the gateway.

sub-domain name for hostname

subdomain

This is the sub-domain to which the gateway machine belongs.

domain name for hostname

domain

This is the domain to which the gateway machine belongs.

ip address of hostname.subdomain.domain

This is the IP address of the gateway machine.

hostname runs SSL

y

Specify whether the gateway machine should run SSL.

port that gateway listens on

443

This is the port on which the gateway machine will listen.

name of this gateway profile

default

This is the profile that the gateway machine needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which the gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway admin console and associate different instances of the gateway with different profiles.
Ensure that you specify the same profile name as specified when you installed the Sun ONE Portal Server or Secure Remote Access support.
See Creating a Gateway Profile in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for more information.

create self-signed certificate

y

Choose y if you want to create a self-signed certificate for the gateway. If you choose n, a certificate database is created anyway.
If you have a certificate issued by a trusted third-party, you can import that certificate into the database that is created during install.
You can generate a self-signed certificate, or obtain a certificate from a certificate authority after installation. See Chapter 4, "Installing SSL Certificates for more information.

name of your organization

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your division

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your city or locality

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your state or province

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

two-letter country code

us

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

password for the certificate database

This is the password for the certificate database. This should contain a minimum of 8 alphanumeric characters.
Do not use multibyte characters in the password.

URI for deployment

/portal

Specify the URI that you specified during the installation of the Portal Server.

start the gateway after installation

y

Specify whether to start the gateway after installation.

Table 1-5    Checklist for Installing Gateway on a non-Sun ONE Portal Server Node

Parameter

Default Value/Example

Actual Value

Description

Use existing JDK

n

1.3.1_04 is the recommended version of JDK. Using other versions may result in instability or lowered performance.
If you choose y, you are asked to specify the location of the JDK directory.
If you choose n, the JDK is installed under /usr/java_1.3.1_04.

Specify JDK directory location

/usr/java

This question is asked only if you chose y in the previous question which asks if you want to choose the JDK directory.
You need to specify the path where you want the JDK to be installed.

Identity Server SDK base directory

/opt

This is the directory in which iDS/AME SDK will be installed.

hostname of the Identity Server server

hostname

This is the machine on which iDS/AME is installed.
Specify the machine on which iDS/AME was installed for the Portal Server.

sub-domain name for hostname

subdomain

This is the sub-domain to which the iDS/AME machine belongs.
Specify the sub-domain of the machine on which iDS/AME was installed for the Portal Server.

domain name for hostname

domain

This is the domain to which the iDS/AME machine belongs.
Specify the domain of the machine on which iDS/AME was installed for the Portal Server.

ip address of hostname

This is the IP address of the iDS/AME machine.
Specify the IP address of the machine on which iDS/AME was installed for the Portal Server.

hostname runs SSL

n

Specify whether the iDS/AME machine runs SSL.
Choose the same option as specified during the Portal Server installation.

port used to access Portal Server

80

Specify the port that the iDS/AME machine uses to access the Portal Server.
Specify the same port as specified during the Portal Server installation.

organization name

sudomain.domain

Specify the name of the organization.
Specify the same organization as specified during the Portal Server installation.

hostname of Directory Server

hostname

This is the machine on which the Directory Server is installed.
Specify the machine on which Directory Server was installed for the Portal Server.

sub-domain name for hostname

subdomain

This is the sub-domain to which the Directory Server belongs.
Specify the sub-domain of the machine on which the Directory Server was installed for the Portal Server.

domain name for hostname

domain

This is the domain to which the Directory Server machine belongs.
Specify the domain of the machine on which the Directory Server was installed for the Portal Server.

port used to access Directory Server

389

This is the port which the Portal Server uses to access the Directory Server.
Specify the Directory Server port specified during the Portal Server installation.

root suffix of the directory tree

o=isp

This is the default top level organization. Any new organization that you create is created under this organization.
Specify the same value as specified for the portal server installation.

directory manager

cn=Directory Manager

This is the LDAP directory manager.

directory manager password

This is the password for the Directory Manager.

password for Identity Server administrator

Specify the password for the iDS/AME administrator.
Specify the same password as specified during the Portal Server installation.

Gateway base directory

/opt

This is the directory on the machine on which the gateway needs to be installed.

hostname of gateway

hostname

This is the name of the machine that will serve as the gateway.

sub-domain name for hostname

subdomain

This is the sub-domain to which the gateway machine belongs.

domain name for hostname

domain

This is the domain to which the gateway machine belongs.

ip address of hostname.subdomain.domain

This is the IP address of the gateway machine.

hostname running SSL

y

Specify whether the gateway machine needs to run SSL.

port that hostname listens on

443

This is the port on which the gateway machine listens.

name of this gateway profile

default

This is the profile that the gateway machine needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which the gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway admin console and associate different instances of the gateway with different profiles.
Ensure that you specify the same profile name as specified when you installed the Sun ONE Portal Server or Secure Remote Access support.
See Creating a Gateway Profile in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for more information.

create self-signed certificate

y

Choose y if you want to create a self-signed certificate for the gateway. If you choose n, a certificate database is created anyway.
If you have a certificate issued by a trusted third-party, you can import that certificate into the database that is created during install.
You can generate a self-signed certificate, or obtain a certificate from a certificate authority after installation. See Chapter 4, "Installing SSL Certificates for more information.

name of your organization

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your division

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your city or locality

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your state or province

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

two-letter country code

us

This question is not asked if you chose not to create a self-signed certificate.

password for the certificate database

This is the password for the certificate database. This should contain a minimum of 8 alphanumeric characters.
Do not use multibyte characters in the password.

URI for deployment

/portal

Specify the URI that you specified during the installation of the Portal Server.

start gateway after installation

y

Specify whether you want to start the gateway after installation is complete.

Table 1-6    Checklist for Installing Netlet Proxy on a Sun ONE Portal Server Node

Parameter

Default Value/Example

Actual Value

Description

This Netlet proxy needs to work with the Portal Server installed on this node

y

Choose y if you want this Netlet proxy to work with the Portal Server installed on the same node.
If you choose n, see Table 1-7, "Checklist for Installing Netlet Proxy on a non-Sun ONE Portal Server Node," on page 31.

Netlet Proxy base directory

/opt

This is the directory in which you want to install the Netlet proxy.

hostname of the Netlet proxy

hostname

This is the machine on which you want to install the Netlet proxy.

sub-domain name for hostname

subdomain

This is the sub-domain to which the Netlet proxy machine belongs.

domain name for hostname

domain

This is the domain to which the Netlet proxy machine belongs.

ip address of hostname

This is the IP address of the Netlet proxy machine.

port that Netlet proxy listens on

10555

This is the port on which the Netlet proxy listens.

URI for deployment

/portal

Specify the URI that you specified during the installation of the Portal Server.

Name of the gateway profile to use

default

Specify the gateway profile to be used for the Netlet proxy.

Table 1-7    Checklist for Installing Netlet Proxy on a non-Sun ONE Portal Server Node

Parameter

Default Value/Example

Actual Value

Description

Use existing JDK

n

1.3.1_04 is the recommended version of JDK. Using other versions may result in instability or lowered performance.
If you choose y, you are asked to specify the location of the JDK directory.
If you choose n, the JDK is installed under /usr/java_1.3.1_04.

Specify JDK directory location

/usr/java

This question is asked only if you chose y in the previous question which asks if you want to choose the JDK directory.
You need to specify the path where you want the JDK to be installed.

Identity Server SDK base directory

/opt

This is the directory in which the iDS/AME SDK will be installed.

hostname of the Identity Server server

hostname

This is the machine on which iDS/AME is installed.
Specify the machine on which iDS/AME was installed for the Portal Server.

sub-domain name for hostname

subdomain

This is the sub-domain to which the iDS/AME machine belongs.
Specify the sub-domain of the machine on which iDS/AME was installed for the Portal Server.

domain name for hostname

domain

This is the domain to which the iDS/AME machine belongs.
Specify the domain of the machine on which iDS/AME was installed for the Portal Server.

ip address of hostname

This is the IP address of the iDS/AME machine.
Specify the IP address of the machine on which iDS/AME was installed for the Portal Server.

hostname runs SSL

n

Specify whether the iDS/AME machine runs SSL.
Choose the same option as specified during the Portal Server installation.

port used to access Portal Server

80

Specify the port that the iDS/AME machine uses to access the Portal Server.
Specify the same port as specified during the Portal Server installation.

organization name

domain

Specify the name of the organization.
Specify the same organization as specified during the Portal Server installation.

hostname of Directory Server

hostname

This is the machine on which the Directory Server is installed.
Specify the machine on which Directory Server was installed for the Portal Server.

sub-domain name for hostname

subdomain

This is the sub-domain to which the Directory Server belongs.
Specify the sub-domain of the machine on which the Directory Server was installed for the Portal Server.

domain name for hostname

domain

This is the domain to which the Directory Server machine belongs.
Specify the domain of the machine on which the Directory Server was installed for the Portal Server.

port used to access Directory Server

389

This is the port which the Portal Server uses to access the Directory Server.
Specify the Directory Server port specified during the Portal Server installation.

root suffix of the directory tree

o=isp

This is the default top level organization. Any new organization that you create is created under this organization.
Specify the same value as specified during the portal server installation.

directory manager

cn=Directory Manager

This is the LDAP directory manager.

directory manager password

This is the password for the Directory Manager.

password for Identity Server administrator

Specify the password for the iDS/AME administrator.
Specify the same password as specified during the Portal Server installation.

Netlet proxy base directory

/opt

Specify the directory in which you want to install the Netlet proxy.

hostname of the Netlet proxy

hostname

This is the machine on which you want to install the Netlet proxy.

sub-domain name for hostname

subdomain

This is the sub-domain to which the Netlet proxy machine belongs.

domain name for hostname

domain

This is the domain to which the Netlet proxy machine belongs.

ip address of hostname

This is the IP address of the Netlet proxy machine.

port that hostname listens on

10555

This is the port on which the Netlet proxy listens.

URI for deployment

/portal

Specify the URI that you specified during the installation of the Portal Server.

Name of the gateway profile to use

default

Specify the gateway profile to be used for the Netlet proxy.

Table 1-8    Checklist for Installing Rewriter Proxy

Parameter

Default Value/Example

Actual Value

Description

Rewriter Proxy base directory

/opt

This is the directory in which you want to install the rewriter proxy.

hostname of the rewriter proxy

hostname

This is the machine on which you want to install the rewriter proxy.

sub-domain name for hostname

subdomain

This is the sub-domain to which the rewriter proxy machine belongs.

domain name for hostname

domain

This is the domain to which the rewriter proxy machine belongs.

ip address of hostname

This is the IP address of the rewriter proxy machine.

hostname runs SSL

y

Specify whether the rewriter proxy machine needs to run SSL.

port that hostname listens on

10443

Specify the port on which the rewriter proxy machine needs to listen.

name of the gateway profile to use

default

This is the gateway profile that the rewriter proxy needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which the gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway admin console and associate different instances of the gateway with different profiles.
Ensure that you specify the same profile name as specified when you installed the Sun ONE Portal Server or Secure Remote Access support.
See Creating a Gateway Profile in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for more information.

create self-signed certificate

y

Choose y if you want to create a self-signed certificate for the gateway. If you choose n, a certificate database is created anyway. You can generate a self-signed certificate, or obtain a certificate from a certificate authority after installation. See Chapter 4, "Installing SSL Certificates for more information.

name of your organization

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your division

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your city or locality

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

name of your state or province

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the name.

two-letter country code

us

This question is not asked if you chose not to create a self-signed certificate.

password for Certificate Database

This question is not asked if you chose not to create a self-signed certificate.
Do not use multibyte characters in the password.

URI for deployment

/portal

Specify the URI that you specified during the installation of the Portal Server.

Package Information

Table 1-9 lists the packages that are installed for each component of the Secure Remote Access. Table 1-9 has two columns. The first column lists the Package name. The second column describes the package.

Table 1-9    Secure Remote Access Package Details

Package Name

Description

SUNWpsgw

This is the Sun ONE Portal Server gateway component.

SUNWpsgwa

This is the Sun ONE Portal Server gateway administration console.

SUNWpsgws

This is the Sun ONE Portal Server gateway DSAME agent.

SUNWpsnf

This is the Sun ONE Portal Server gateway NetFile content.

SUNWpsnl

This is the Sun ONE Portal Server gateway Netlet content.

SUNWpsnlp

This is the Sun ONE Portal Server Netlet proxy.

SUNWpsrwp

This is the Sun ONE Portal Server rewriter proxy.

SUNWpsgwm

This is the Sun ONE Portal Server gateway migration package.

Directory Layout

This section outlines the default directory layout of the Sun ONE Portal Server, Secure Remote Access software.

InstallDir/SUNWps

Contains Sun ONE Portal Server, Secure Remote Access software executables, libraries, and the deployed application

InstallDir/SUNWam

Contains iPlanet Directory Server Access Management Edition executables, the web server, and the deployed applications.

/etc/opt/SUNWps

Contains Java Server Pages, template and property files, and the tag libraries. Also contains the platform.conf.profilename file.

/var/opt/SUNWam/logs

Contains the log files

/var/opt/SUNWps/debug

Contains the debug log files

Component	Node	Description
Gateway	Sun ONE Portal Server, non-Sun ONE Portal Server	The gateway provides the interface and security barrier between remote user sessions originating from the Internet, and your corporate intranet.
Secure Remote Access support	Sun ONE Portal Server	This component has three parts: The gateway component that controls communication between the Sun ONE Portal Server and the various gateway instances. NetFile - a file manager application that allows remote access and operation of file systems and directories. NetFile comprises NetFile Java™, a Java-based user interface. This is available for Java1 and Java2. The Netlet component that ensures communication between the Netlet applet on the client browser, the gateway, and the Sun ONE Portal Server server. This component is installed by default when you choose "Install Portal Server" in a fresh installation of the Sun ONE Portal Server, Secure Remote Access. This component is available as a separate installable option if you are installing the Secure Remote Access software over an existing installation of the Sun ONE Portal Server.
Netlet Proxy	Sun ONE Portal Server, non-Sun ONE Portal Server	Netlet proxy is an optional component. You can choose not to install it, or install it later. Netlet Proxy extends the secure tunnel from the client, through the gateway to the Netlet proxy that resides in the intranet. This restricts the number of open ports in a firewall between the demilitarized zone (DMZ) and the intranet. Netlet proxy cannot be installed on a gateway node.
Rewriter Proxy	Sun ONE Portal Server	Install the rewriter proxy to redirect HTTP requests to the rewriter proxy instead of directly to the destination host. The rewriter proxy in turn sends the request to the destination server.

Browser	Platforms	JVM
Navigator 4.7x	Solaris 8, Solaris 9, Windows 98, 2000, XP	Built-in
Navigator 6.2	Solaris 8 and 9, Windows 98, 2000, XP	Sun JRE 1.3.1_02
Internet Explorer 5.5	Windows 98, 2000, XP	Microsoft JVM Build 3802 Sun JRE 1.3.1_02
Internet Explorer 6.0	Windows 98, 2000, XP	Microsoft JVM Build 3802 Sun JRE 1.3.1_02

Parameter	Default Value/Example	Description
Use existing JDK	n	1.3.1_04 is the recommended version of JDK. Using other versions may result in instability or lowered performance. If you choose y, you are asked to specify the location of the JDK directory. If you choose n, the JDK is installed under /usr/java_1.3.1_04.
Specify JDK directory location	/usr/java	This question is asked only if you chose y in the previous question which asks if you want to choose the JDK directory. You need to specify the path where you want the JDK to be installed.
installation base directory	/opt	This is the base directory for installing the portal server.
hostname of the server	hostname	This is the hostname of the portal server server.
sub-domain name for hostname	subdomain	This is the sub-domain to which the portal server machine belongs.
domain name for hostname	domain	This is the domain to which the portal server machine belongs.
ip address of hostname		This is the ip address of the portal server machine.
hostname running SSL	n	Specify whether the portal server machine needs to run SSL.
port used to access portal server	80	This is the port used to access the portal server.
organization name	subdomain.domain	This is the name of the default organization that is created.
use existing directory server	n	Specify whether to use an existing installation of the directory server.
host name of Directory Server	hostname	This question is asked only if you specified y for the previous question. This is the host name of the Directory Server.
subdomain name for hostname	subdomain	This is the subdomain to which the Directory Server host belongs.
domain name for hostname	domain	This is the domain to which the Directory Server host belongs.
port used to access the directory server	389	This is the port that the portal server will use to access the directory server.
directory server administration port	8900	This is the directory server administration port.
Directory Server base directory	/usr/lap	This question is asked only if you have chosen y for using an existing Directory Server. Specify the Directory Server base directory.
root suffix of the directory tree	o=isp	This is the default top level organization. Any new organization that you create is created under this organization.
directory manager	cn=Directory Manager	This is the LDAP directory manager.
web server administrator	admin	This is the web server administrator
web server administrator port	8088	This is the port for the web server administrator
passphrase for this server		This is the common password for the directory server, web server and iDS/AME administrators.
deployment URI	/portal	Specify the URI that you specified during the installation of the Portal Server.
install sample portal	y	Choose y to install a sample portal.
hostname of gateway	hostname	This is the name of the machine that will serve as the gateway.
sub-domain name for hostname	subdomain	This is the sub-domain to which the gateway machine belongs.
domain name for hostname	domain	This is the domain to which the gateway machine belongs.
ip address of hostname.subdomain.domain		This is the IP address of the gateway machine.
hostname running SSL	y	Specify whether the gateway machine needs to run SSL.
port that hostname listens on	443	This is the port on which the gateway machine listens.
gateway will use a web proxy	n	Choosing y here enables the "Use Proxy" checkbox in the gateway admin console. This enables the gateway to use the proxies specified in the "Proxies for Domains and Subdomains" list to contact the requested URLs. See the chapter "Configuring the Gateway" in the Sun ONE Portal Server, Secure Remote Access Administrator's Guide for details.
name of this gateway profile	default	This is the profile that the gateway machine needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which the gateway listens, SSL options, and proxy options. You can create multiple profiles in the gateway admin console and associate different instances of the gateway with different profiles. See Creating a Gateway Profile in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for more information.
assign this service to all users of the organization	y	This question is asked only if you are adding Secure Remote Access support on an existing portal server installation. Specify whether you want to assign this service to all existing users in the default organization. If there are more than 1000 users, and you choose y for this option, the installation will take a long time.

Parameter	Default Value/Example	Description
Gateway base directory	/opt	This is the directory in which to install the gateway.
hostname of gateway	hostname	This is the name of the machine that will serve as the gateway.
sub-domain name for hostname	subdomain	This is the sub-domain to which the gateway machine belongs.
domain name for hostname	domain	This is the domain to which the gateway machine belongs.
ip address of hostname.subdomain.domain		This is the IP address of the gateway machine.
hostname runs SSL	y	Specify whether the gateway machine should run SSL.
port that gateway listens on	443	This is the port on which the gateway machine will listen.
name of this gateway profile	default	This is the profile that the gateway machine needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which the gateway listens, SSL options, and proxy options. You can create multiple profiles in the gateway admin console and associate different instances of the gateway with different profiles. Ensure that you specify the same profile name as specified when you installed the Sun ONE Portal Server or Secure Remote Access support. See Creating a Gateway Profile in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for more information.
create self-signed certificate	y	Choose y if you want to create a self-signed certificate for the gateway. If you choose n, a certificate database is created anyway. If you have a certificate issued by a trusted third-party, you can import that certificate into the database that is created during install. You can generate a self-signed certificate, or obtain a certificate from a certificate authority after installation. See Chapter 4, "Installing SSL Certificates for more information.
name of your organization		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your division		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your city or locality		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your state or province		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
two-letter country code	us	This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
password for the certificate database		This is the password for the certificate database. This should contain a minimum of 8 alphanumeric characters. Do not use multibyte characters in the password.
URI for deployment	/portal	Specify the URI that you specified during the installation of the Portal Server.
start the gateway after installation	y	Specify whether to start the gateway after installation.

Parameter	Default Value/Example	Description
Use existing JDK	n	1.3.1_04 is the recommended version of JDK. Using other versions may result in instability or lowered performance. If you choose y, you are asked to specify the location of the JDK directory. If you choose n, the JDK is installed under /usr/java_1.3.1_04.
Specify JDK directory location	/usr/java	This question is asked only if you chose y in the previous question which asks if you want to choose the JDK directory. You need to specify the path where you want the JDK to be installed.
Identity Server SDK base directory	/opt	This is the directory in which iDS/AME SDK will be installed.
hostname of the Identity Server server	hostname	This is the machine on which iDS/AME is installed. Specify the machine on which iDS/AME was installed for the Portal Server.
sub-domain name for hostname	subdomain	This is the sub-domain to which the iDS/AME machine belongs. Specify the sub-domain of the machine on which iDS/AME was installed for the Portal Server.
domain name for hostname	domain	This is the domain to which the iDS/AME machine belongs. Specify the domain of the machine on which iDS/AME was installed for the Portal Server.
ip address of hostname		This is the IP address of the iDS/AME machine. Specify the IP address of the machine on which iDS/AME was installed for the Portal Server.
hostname runs SSL	n	Specify whether the iDS/AME machine runs SSL. Choose the same option as specified during the Portal Server installation.
port used to access Portal Server	80	Specify the port that the iDS/AME machine uses to access the Portal Server. Specify the same port as specified during the Portal Server installation.
organization name	sudomain.domain	Specify the name of the organization. Specify the same organization as specified during the Portal Server installation.
hostname of Directory Server	hostname	This is the machine on which the Directory Server is installed. Specify the machine on which Directory Server was installed for the Portal Server.
sub-domain name for hostname	subdomain	This is the sub-domain to which the Directory Server belongs. Specify the sub-domain of the machine on which the Directory Server was installed for the Portal Server.
domain name for hostname	domain	This is the domain to which the Directory Server machine belongs. Specify the domain of the machine on which the Directory Server was installed for the Portal Server.
port used to access Directory Server	389	This is the port which the Portal Server uses to access the Directory Server. Specify the Directory Server port specified during the Portal Server installation.
root suffix of the directory tree	o=isp	This is the default top level organization. Any new organization that you create is created under this organization. Specify the same value as specified for the portal server installation.
directory manager	cn=Directory Manager	This is the LDAP directory manager.
directory manager password		This is the password for the Directory Manager.
password for Identity Server administrator		Specify the password for the iDS/AME administrator. Specify the same password as specified during the Portal Server installation.
Gateway base directory	/opt	This is the directory on the machine on which the gateway needs to be installed.
hostname of gateway	hostname	This is the name of the machine that will serve as the gateway.
sub-domain name for hostname	subdomain	This is the sub-domain to which the gateway machine belongs.
domain name for hostname	domain	This is the domain to which the gateway machine belongs.
ip address of hostname.subdomain.domain		This is the IP address of the gateway machine.
hostname running SSL	y	Specify whether the gateway machine needs to run SSL.
port that hostname listens on	443	This is the port on which the gateway machine listens.
name of this gateway profile	default	This is the profile that the gateway machine needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which the gateway listens, SSL options, and proxy options. You can create multiple profiles in the gateway admin console and associate different instances of the gateway with different profiles. Ensure that you specify the same profile name as specified when you installed the Sun ONE Portal Server or Secure Remote Access support. See Creating a Gateway Profile in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for more information.
create self-signed certificate	y	Choose y if you want to create a self-signed certificate for the gateway. If you choose n, a certificate database is created anyway. If you have a certificate issued by a trusted third-party, you can import that certificate into the database that is created during install. You can generate a self-signed certificate, or obtain a certificate from a certificate authority after installation. See Chapter 4, "Installing SSL Certificates for more information.
name of your organization		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your division		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your city or locality		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your state or province		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
two-letter country code	us	This question is not asked if you chose not to create a self-signed certificate.
password for the certificate database		This is the password for the certificate database. This should contain a minimum of 8 alphanumeric characters. Do not use multibyte characters in the password.
URI for deployment	/portal	Specify the URI that you specified during the installation of the Portal Server.
start gateway after installation	y	Specify whether you want to start the gateway after installation is complete.

Parameter	Default Value/Example	Description
This Netlet proxy needs to work with the Portal Server installed on this node	y	Choose y if you want this Netlet proxy to work with the Portal Server installed on the same node. If you choose n, see Table 1-7, "Checklist for Installing Netlet Proxy on a non-Sun ONE Portal Server Node," on page 31.
Netlet Proxy base directory	/opt	This is the directory in which you want to install the Netlet proxy.
hostname of the Netlet proxy	hostname	This is the machine on which you want to install the Netlet proxy.
sub-domain name for hostname	subdomain	This is the sub-domain to which the Netlet proxy machine belongs.
domain name for hostname	domain	This is the domain to which the Netlet proxy machine belongs.
ip address of hostname		This is the IP address of the Netlet proxy machine.
port that Netlet proxy listens on	10555	This is the port on which the Netlet proxy listens.
URI for deployment	/portal	Specify the URI that you specified during the installation of the Portal Server.
Name of the gateway profile to use	default	Specify the gateway profile to be used for the Netlet proxy.

Parameter	Default Value/Example	Description
Use existing JDK	n	1.3.1_04 is the recommended version of JDK. Using other versions may result in instability or lowered performance. If you choose y, you are asked to specify the location of the JDK directory. If you choose n, the JDK is installed under /usr/java_1.3.1_04.
Specify JDK directory location	/usr/java	This question is asked only if you chose y in the previous question which asks if you want to choose the JDK directory. You need to specify the path where you want the JDK to be installed.
Identity Server SDK base directory	/opt	This is the directory in which the iDS/AME SDK will be installed.
hostname of the Identity Server server	hostname	This is the machine on which iDS/AME is installed. Specify the machine on which iDS/AME was installed for the Portal Server.
sub-domain name for hostname	subdomain	This is the sub-domain to which the iDS/AME machine belongs. Specify the sub-domain of the machine on which iDS/AME was installed for the Portal Server.
domain name for hostname	domain	This is the domain to which the iDS/AME machine belongs. Specify the domain of the machine on which iDS/AME was installed for the Portal Server.
ip address of hostname		This is the IP address of the iDS/AME machine. Specify the IP address of the machine on which iDS/AME was installed for the Portal Server.
hostname runs SSL	n	Specify whether the iDS/AME machine runs SSL. Choose the same option as specified during the Portal Server installation.
port used to access Portal Server	80	Specify the port that the iDS/AME machine uses to access the Portal Server. Specify the same port as specified during the Portal Server installation.
organization name	domain	Specify the name of the organization. Specify the same organization as specified during the Portal Server installation.
hostname of Directory Server	hostname	This is the machine on which the Directory Server is installed. Specify the machine on which Directory Server was installed for the Portal Server.
sub-domain name for hostname	subdomain	This is the sub-domain to which the Directory Server belongs. Specify the sub-domain of the machine on which the Directory Server was installed for the Portal Server.
domain name for hostname	domain	This is the domain to which the Directory Server machine belongs. Specify the domain of the machine on which the Directory Server was installed for the Portal Server.
port used to access Directory Server	389	This is the port which the Portal Server uses to access the Directory Server. Specify the Directory Server port specified during the Portal Server installation.
root suffix of the directory tree	o=isp	This is the default top level organization. Any new organization that you create is created under this organization. Specify the same value as specified during the portal server installation.
directory manager	cn=Directory Manager	This is the LDAP directory manager.
directory manager password		This is the password for the Directory Manager.
password for Identity Server administrator		Specify the password for the iDS/AME administrator. Specify the same password as specified during the Portal Server installation.
Netlet proxy base directory	/opt	Specify the directory in which you want to install the Netlet proxy.
hostname of the Netlet proxy	hostname	This is the machine on which you want to install the Netlet proxy.
sub-domain name for hostname	subdomain	This is the sub-domain to which the Netlet proxy machine belongs.
domain name for hostname	domain	This is the domain to which the Netlet proxy machine belongs.
ip address of hostname		This is the IP address of the Netlet proxy machine.
port that hostname listens on	10555	This is the port on which the Netlet proxy listens.
URI for deployment	/portal	Specify the URI that you specified during the installation of the Portal Server.
Name of the gateway profile to use	default	Specify the gateway profile to be used for the Netlet proxy.

Parameter	Default Value/Example	Description
Rewriter Proxy base directory	/opt	This is the directory in which you want to install the rewriter proxy.
hostname of the rewriter proxy	hostname	This is the machine on which you want to install the rewriter proxy.
sub-domain name for hostname	subdomain	This is the sub-domain to which the rewriter proxy machine belongs.
domain name for hostname	domain	This is the domain to which the rewriter proxy machine belongs.
ip address of hostname		This is the IP address of the rewriter proxy machine.
hostname runs SSL	y	Specify whether the rewriter proxy machine needs to run SSL.
port that hostname listens on	10443	Specify the port on which the rewriter proxy machine needs to listen.
name of the gateway profile to use	default	This is the gateway profile that the rewriter proxy needs to use. A gateway profile contains all the information related to gateway configuration, such as the port on which the gateway listens, SSL options, and proxy options. You can create multiple profiles in the gateway admin console and associate different instances of the gateway with different profiles. Ensure that you specify the same profile name as specified when you installed the Sun ONE Portal Server or Secure Remote Access support. See Creating a Gateway Profile in the Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide for more information.
create self-signed certificate	y	Choose y if you want to create a self-signed certificate for the gateway. If you choose n, a certificate database is created anyway. You can generate a self-signed certificate, or obtain a certificate from a certificate authority after installation. See Chapter 4, "Installing SSL Certificates for more information.
name of your organization		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your division		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your city or locality		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
name of your state or province		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the name.
two-letter country code	us	This question is not asked if you chose not to create a self-signed certificate.
password for Certificate Database		This question is not asked if you chose not to create a self-signed certificate. Do not use multibyte characters in the password.
URI for deployment	/portal	Specify the URI that you specified during the installation of the Portal Server.

Package Name	Description
SUNWpsgw	This is the Sun ONE Portal Server gateway component.
SUNWpsgwa	This is the Sun ONE Portal Server gateway administration console.
SUNWpsgws	This is the Sun ONE Portal Server gateway DSAME agent.
SUNWpsnf	This is the Sun ONE Portal Server gateway NetFile content.
SUNWpsnl	This is the Sun ONE Portal Server gateway Netlet content.
SUNWpsnlp	This is the Sun ONE Portal Server Netlet proxy.
SUNWpsrwp	This is the Sun ONE Portal Server rewriter proxy.
SUNWpsgwm	This is the Sun ONE Portal Server gateway migration package.

Previous Contents Index Next
Copyright 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated September 23, 2002

InstallDir/SUNWps	Contains Sun ONE Portal Server, Secure Remote Access software executables, libraries, and the deployed application
InstallDir/SUNWam	Contains iPlanet Directory Server Access Management Edition executables, the web server, and the deployed applications.
/etc/opt/SUNWps	Contains Java Server Pages, template and property files, and the tag libraries. Also contains the platform.conf.profilename file.
/var/opt/SUNWam/logs	Contains the log files
/var/opt/SUNWps/debug	Contains the debug log files