|
| Sun ONE Portal Server 6.0 Deployment Guide |
Chapter 1 Overview of Sun ONE Portal Server
Sun™ ONE Portal Server is an identity-enabled portal server solution. It provides all the user, policy, and identity management to enforce security, web application Single Sign-on, and access capabilities to end user communities. In addition, Sun ONE Portal Server combines key portal services, such as personalization, aggregation, security, integration, and search. Unique capabilities that enable secure remote access to internal resources and applications round out a complete portal platform for deploying robust business-to-employee, business-to-business, and business-to-consumer portals. The Sun™ ONE Portal Server, Secure Remote Access add-on product provides additional secure remote access capabilities, providing access to both web- and non-web enabled resources.
This chapter describes the basic ideas you need to understand before designing your portal. This chapter contains the following sections:
- Understanding Sun ONE Portal Server
- Independent Software Vendor Integrations with Sun ONE Portal Server
- Types of Portal Deployments
- Portal Deployment Architecture
- Establishing Quality Goals
Understanding Sun ONE Portal Server
To begin understanding Portal Server, and how it fits in your organization, use this section to gather the necessary background information on the Portal Server product and lifecycle.
What Is a Portal?
A portal is an entry point to a set of resources that an enterprise wants to make available to the portal's users. For some consumer portals, the set of resources includes the entire World-Wide Web. For most enterprise portals, the set of resources includes information, applications, and other resources that are specific to the relationship between the user and the enterprise. For service providers, the portal provides a point of entry to customer service applications as well as a controlled content aggregation service.
In general, a portal enables users to:
- Customize the available data content
- Change how channels are generated
- Control how data is displayed
- Create and manage links to other allowable web sites
Resources can include the use of provider applications and utilities such as mail, file management, and storage facilities.
Overview of the Sun ONE Portal Server 6.0 Product Family
The Sun ONE Portal Server 6.0 product family consists of the Portal Server Core, additional Sun ONE software products that enable the core, and optional add-on products, installed on top of the core. The complete Sun ONE Portal Server family consists of:
- Sun ONE Portal Server (core)
- Sun™ ONE Directory Server
- iPlanet™ Directory Server Access Management Edition (now known as Sun™ ONE Identity Server)
- Sun™ ONE Web Server, or an application server, such as Sun™ ONE Application Server, BEA WebLogic, or IBM WebSphere Advanced Edition
- Optional add-ons, such as Sun™ ONE Portal Server, Secure Remote Access
In this guide, the use of the term Sun ONE Portal Server (or simply Portal Server) refers to the Portal Server Core.
The combination of the above software provides the following capabilities to your organization:
- Secure access and authorized connectivity, optionally using encryption between the user's browser and the enterprise
- Authentication of users before allowing access to a set of resources that are specific for each user
- Support for abstractions that provide the ability to pull content from a variety of sources and aggregate and personalize it into a output format suitable for the user's device
- A search engine infrastructure to enable intranet content to be organized and accessed from the portal
- Ability to store user- and service-specific persistent data
- Access to commonly needed applications for accessing services such as mail, calendar, and file storage
- An administration interface enabling delegated and remote administration
Examples of How Sun ONE Portal Server 6.0 Satisfies Business Needs
Depending on your organization's requirements and business needs, your portal deployment will vary. The following section provides a high-level look at how three organizations have deployed Sun ONE Portal Server. Use the information in this section to generate ideas that will help you more effectively deploy Portal Server in your organization.
Case Study: Business-to-Employee Portal
This multinational company, which manufactures a wide range of products, has hundreds of thousands of employees located around the world, grouped in hundreds of business units. Thus, the company has a highly-distributed computing environment.
Previously, the company relied on a static portal for employee communications, which proved inefficient in meeting its business needs. The company decided to move to a dynamic portal where employees could get personalized access to company information. The portal needed to be configured to support multiple organizations and user roles, as well to provide access to internal sites from the company's intranet.
Table 1-1 summarizes this organization's goals and presents the Portal Server feature or capability that meets this goal. In this table, the first column gives the goal. The second column describes the Portal Server feature or benefit that meets this goal.
Case Study: Business-to-Consumer Portal
This travel company markets various vacation destinations and ancillary businesses, and needed a business-to-consumer portal to help develop a direct relationship with end customers. The portal needed to serve as the mechanism to execute a strategy moving away from travel agencies to a direct consumer relationship.
Table 1-2 summarizes this organization's goals and presents the Portal Server feature or capability that meets this goal. In this table, the first column gives the goal. The second column describes the Portal Server feature or benefit that meets this goal.
Case Study: Internet Service Provider Portal
This company provides a full range of telecommunications services and products, is a leading service provider in its country, and needed to quickly transition from a telephone services company to a communications service provider. In response to new customer demands, as well as strong competitive threats, the company decided to build a solution that would include an affordable Internet access as well as small business services such as fax and email, supplementing and eventually replacing standard telephone services.
The company developed a solution that was a comprehensive, end-to-end portal framework to delivery Internet service and applications.
Table 1-3 summarizes this organization's goals and presents the Portal Server feature or capability that meets this goal. In this table, the first column gives the goal. The second column describes the Portal Server feature or benefit that meets this goal.
Sun ONE Portal Server Life Cycle
The previous section illustrates an important point in deploying Portal Server, namely the Portal Server product life cycle. In general, any product deployment can be broken down into the following sequence of events, or life cycle:
- Planning - In the planning phase, your organization and your Sun ONE representatives work to understand your business and its needs, establish business objectives, and scope and collect requirements.
- Developing - In this phase, your organization develops an overall portal design based on the requirements you have established and your sizing estimates.
- Designing, Building, and Testing - Once you have arrived at an overall architecture, you can begin designing, building, and testing your portal.
- Deploying - In this phase, you install a server instance as a trial and test whether your portal can handle your user load. If the portal is not adequate as it is, you then adjust your design and test the trial again. Adjust your trial design until you have a robust portal that you can confidently introduce to your organization.
- Production - Once you have put your portal through a trial run and tuned the portal, you need to develop and execute a plan for taking the portal from trial to production.
This guide attempts to use this life cycle to ensure the success of your portal deployment. See Chapter 6 "Understanding the Portal Deployment Process" for more information on managing a portal project.
Sun ONE Portal Server Resources
This section provides general information about Portal Server resources. See Chapter 2 "Sun ONE Portal Server Core Architecture" for a complete architectural description.
JavaServer Pages Technology
To generate the rendered Desktop user interface (what the industry refers to as the "presentation"), Portal Server makes use of either JavaServer Pages™ (JSP™) technology or template files (HTML). JSP technology is preferred because it enables a much easier customization process without having to change the provider Java™ classes. JSP technology also provides a way to enable a strict separation of business and presentation logic. Specifically, this means having the business logic in the provider classes and presentation logic in JSP technology.
In JavaServer Pages technology, actions are elements that can create and access programming language objects and affect the output stream. JSP technology supports reusable modules called custom actions. You invoke a custom action by using a custom tag in a JSP file. A tag library is a collection of custom tags. The Desktop custom tag library contains tags that you use to perform Desktop operations for JSP code.
Before tag libraries, JSP code was difficult to maintain because you were forced to use JavaBeans™ components and scriptlets as the main mechanism for performing tasks. Custom actions, that is, a tag library, alleviate this problem by bringing the benefits of another level of componentization to JSP code. A tag library encapsulates recurring tasks so that they can be reused across more than one application.
The Sun ONE Portal Server Desktop tag library consists of six parts:
- Core tags that can be used on any provider or container that implement the Provider Application Programming Interface (PAPI)
- Tags that can be used to operate on a provider or container that support the ProviderContext and ContainerProviderContext interfaces
- Tags that operate on specific container building-block providers (SingleContainer, TableContainer, TabContainer, and so on)
- JSP Standard tag libraries from Apache
- Tags that support the Search function.
- Tags that provide theme support in the Desktop
See the Sun ONE Portal Server 6.0 Desktop Customization Guide for more information on JSP technology and Portal Server.
Portal (Desktop) Content
The Desktop provides the primary end-user interface for Portal Server and a mechanism for extensible content aggregation through the Provider Application Programming Interface (PAPI). The Desktop includes a variety of providers that enable container hierarchy and the basic building blocks for building some types of channels. For storing content provider and channel data, the Desktop implements a display profile data storage mechanism on top of an Identity Server service. You can edit the display profile and other Desktop service data through the Identity Server administration console.
Configuration Data
As an Identity Server application, Portal Server defines services that are managed using the Identity Server service management system. Generally, any service-related data that is not server-specific is stored in the directory service. Server-specific data can be stored in properties files that are local to the specific server.
In addition, Portal Server uses certain files to manage the configuration of the Desktop and Search services. The Desktop configuration file, desktopconfig.properties, defines server-specific parameters.
The Search service uses the following configuration files: classification.conf, filter.conf, filterrules.conf, and robot.conf files. The convert.conf and import.conf files are generated by the Search server. Do not manually edit these files. The search.conf file lists all the specific search values you have set.
At installation time, you are given the option of defining values or using the default values for the base directory (/opt), the deployment URI (/portal) and the deploy instance (cate.sesta.com).
See the Sun ONE Portal Server 6.0 Administrator's Guide for more information on core product configuration files.
Application Data
Portal Server stores certain data in the user's profile that is passed to back-end applications. For example, the User Preference channel stores NetMail service data (user preferences for using NetMail). Application data also includes Rewriter rulesets.
Site Data
Portal Server uses the local file system to store data specific to a particular instance or node. Site data includes the /opt/SUNWam/lib/AMConfig.properties file and the /etc/opt/SUNWps/desktop/desktopconfig.properties file file.
Sun ONE Portal Server, Secure Remote Access
The Sun ONE Portal Server, Secure Remote Access add-on product offers browser-based secure remote access to portal content and services from any remote browser. Secure Remote Access is a cost-effective, secure access solution that is accessible to users from any browser enabled with Java technology. Secure Remote Access eliminates the need for additional client software. Because Secure Remote Access is integrated with Portal Server, users receive secure encrypted access to the content and services that they have permission to access.
Using Secure Remote Access, you can install your portal in secure mode. Secure mode provides users with secure remote access to required intranet file systems and applications.
Secure mode uses the Secure Remote Access gateway, which typically resides in the demilitarized zone (DMZ). The gateway provides a single secure access point to all intranet URLs and applications, thus reducing the number of ports to be opened in the firewall. All other Portal Server services such as Session, Authentication, and the Desktop reside behind the DMZ in the secured intranet. Communication from the client browser to the gateway is encrypted using HTTP over Secure Sockets Layer (HTTPS). Communication from the gateway to the server and intranet resources can be either HTTP or HTTPS.
See Chapter 3 "Sun ONE Portal Server, Secure Remote Access Architecture" for more information.
Migrating to a New Version of Portal Server
Migrating from Sun ONE Portal Server 3.0 to Sun ONE Portal Server 6.0 requires a different set of deployment requirements that are outside the scope of this document. Several new features in Sun ONE Portal Server 6.0 require format changes in the data store of Sun ONE Portal Server 3.0 because of the new access layer and iPlanet Directory Server Access Management Edition 5.1 APIs that Sun ONE Portal Server 6.0 now uses.
The Sun ONE Portal Server 3.0 Data Migration Tool Suite provided with Sun ONE Portal Server 6.0 enables you to migrate the following:
- LDAP data
- Templates
- JavaServer Pages code
- Resource bundles
- Certificates (with the exception of gateway certificates)
- Custom authentication module data
- Properties files from Sun ONE Portal Server 3.0 to Sun ONE Portal Server 6.0 or to iPlanet Directory Server Access Management Edition 5.1 as necessary
The Sun ONE Portal Server 3.0 Data Migration Tool Suite does not migrate gateway certificates. See the Sun ONE Portal Server 6.0 Migration Guide for more information.
Independent Software Vendor Integrations with Sun ONE Portal Server
This section provides an overview of some of the independent software vendor (ISV) integrations that exist for Portal Server. For a complete list of ISV integrations, contact your Sun ONE representative.
Integration Types
In general, there are seven different types of Portal Server integration:
- Application user interface - This integration uses the provider API and Sun ONE Portal Server, Secure Remote Access for secure access. (Sun ONE Portal Server, Secure Remote Access is not an integration type on its own.) Examples include FatWire, Interwoven, SAP, Tarantella, Documentum, Vignette, PeopleSoft, Siebel, Citrix, Yahoo!, and YellowBrix.
- Security products - This integration uses the Identity Server Login API to enable portal access by using a custom authentication scheme. Examples include RSA and Entrust.
- Products containing searchable data - This integration provides data access into Portal Server, enabling searches on the data. An example is CMS (search CMS database).
- Collaboration software - This integration enables Sun™ ONE Instant Messaging to move a collaboration session from one forum to a another. Examples include WebEx and ThoughtWeb.
- Monitoring - This integration focuses on billing, performance measurement, and diagnostics, for which you rely on log files (or Identity Server's logging API) and traffic snooping. Examples include Mercury Interactive, Hyperion, and Informatica.
- Portal capability augmentation - This integration enables products to add functionality to Portal Server. Examples include Altio, Bowstreet, rule engines to add group capability, and dynamic Desktop and provider contents (HNC).
- Integratable portal stack - This integration includes products that replace elements of Portal Server. Examples include Identity Server and LDAP.
Note Portal Server cannot currently integrate another LDAP solution. Identity Server and Portal Server rely on features not found in other LDAP implementations.
The "depth" to which user interface integration occurs with Portal Server indicates how complete the integration is. Depth is a term used to describe the complementary nature of the integration, and points to such items as:
- Application availability through Portal Server itself
- Application available in secure mode (using Secure Remote Access, Netlet rules, and so on)
- Ability to use Single Sign-on
In general, the degree to which an application integrates in Portal Server can be viewed as follows:
- Shallow integration - This integration essentially uses the portal server as a launch point. The user logs in to the portal and clicks a link that starts a web application.
- Deep integration - The user accesses the user interface provided by the channels in Portal Server directly. That is, the integrated software works within the portal. No additional windows and no applets will appear.
The following sections provide a look at some of the ISVs by category.
Collaboration and Application Emulation ISVs
ISVs in this category include:
- Citrix NFuse - Solves access-related problems by delivering a suite of software products and services that provide access to any device, over any network to any application or information source. Portal Server integrates with Citrix's NFuse through a portal channel, the NFuse provider. NFuse enables web-based access to applications running on MetaFrame servers in a Citrix server farm. Portal Server's integration works for both open and secure portal modes. The NFuse provider is an icon-based interface with features that can be personalized.
- Tarantella - Provides browser-based access to back-end applications via the portal, without any code modifications. Tarantella immediately web-enables UNIX®, Linux, Windows, mainframe, AS/400, and Java applications without rewriting code, changing the architecture, or touching the infrastructure. All of these capabilities can be displayed through Portal Server.
In conjunction with Sun ONE Portal Server, Secure Remote Access, the Tarantella Integration Pack for Portal Server is designed to enable Tarantella traffic to tunnel through the secure channel provided by the Netlet. The Tarantella Integration Pack provides Single Sign-on authentication for the portal user and channel integration. Users are authenticated once, when they log in to the portal, and all permitted applications are available to them immediately.
Content and Document Management ISVs
Most portals provide some support for content management. However, in general, analysts agree that portals need to be supplemented by a dedicated content management system (CMS). While portals usually handle content through search and display functions, they generally do not provide for creating and adding portal content. This is where a content management system comes in.
ISVs in this category include:
- Documentum - Provides automated processes for production, review, approval, and publishing of document assets within an organization. Documentum enables existing applications (for example, ERP/CRM) with enterprise content, managing business critical documentation.
- FatWire - As a portal content management system, FatWire Spark pCM installs and runs within the Portal Server system. It provides portlets (channels) for all three content management processes:
- CM Home Channel - Provides the business interfaces for creating and managing content with a wide array of data types.
- CM Control Center Channel - Provides tools for administrative functions, such as managing users and groups, creating content folders, and selecting workflows.
- Content-rich display Channels - SparkpCM is delivered with a selection of portlets for content display. SparkpCM also includes developer interfaces and integration for rapidly building additional portlets (channels) within the portal framework.
- Interwoven - Provides content management software and services for the enterprise web. TeamSite from Interwoven is usually installed on separate machines. The providers are installed on the machine hosting Portal Server.
Generally, TeamSite users have a TeamSite login and password. The first time users log in to Portal Server they must set their login information and TeamSite workarea into TeamSiteInfo provider. This information is used by all the TeamSite providers to authenticate with the TeamSite server. TeamSite channels are not initially configured, and display an error status the first time users access them. Once authentication is successful, the sample providers appear without any error status.
- Vignette - Provides content management across multiple web sites, content inheritance by child sites from parent sites, personalization of content, and role- and policy-based access via Portal Server. Provides various prebuilt portlets (channels) for distribution within Portal Server, including:
- Vignette Content Contribution Channel - Displays content types that can be created by the authorized user
- Vignette Content Inbox Channel - Manages the workflow and tasks assigned to the authorized user, and enables the user to preview the content and manage the content's status
- Vignette Site and Channel Management Channel - Displays the site and channel management console, and enables the user to manage content across multiple sites and multiple channels
Content Syndication ISVs
ISVs in this category include:
- Pinnacor (formerly Screaming Media) - Delivers syndicated content to portal channels, including news stories from nearly 3,000 premium newswires, newspapers, magazine and trade journals, categorized and delivered to your specifications. Pinnacor content providers leverage all the functionality of Portal Server to deliver a high return on your portal investment. Modular content provider offerings deploy rapidly, run efficiently with the existing portal framework, and require minimal maintenance with no additional hardware. Using Pinnacor, you can create a targeted experience with Single Sign-on and multilevel personalization, without extraneous advertising or link-outs.
- Sun ONE Portal Server for Yahoo! Enterprise Solutions - Provides pre-integration into Portal Server, supplying more than 80 channels with local content from 25 regions in 13 languages. You can assign channels to users, roles, and organizations, create default preferences, and link to personal MyYahoo! accounts. Sun ONE Portal Server for Yahoo! Enterprise Solutions includes support for anonymous users and comes with a free 30 day trial account.
Enterprise Applications ISVs
ISVs in this category include:
- Entrust - The integration between Portal Server and Entrust TruePass enables TruePass to be used as an authentication mechanism for enabling users access to the portal. TruePass uses digital signatures to validate the identity of users seeking access to the portal.
The integration with Entrust GetAccess enables GetAccess to be used as a provider of authentication and authorization services for Portal Server. Users trying to access the portal are authenticated by GetAccess. The policies set for the user's Desktop in the GetAccess repository are used to determine the Desktop look.
- Lotus Domino - The integration between Lotus Domino and Portal Server provides two channels. One channel is for the Lotus Domino provider, which enables a user to log in to the Lotus database. After successful login, users can retrieve mail and check and update their calendars. Access to a todo list is also provided. The second channel is for Lotus Domino Collaboration Object. From this channel, users can send mail to other Lotus users, or set entries in calendars.
- PeopleSoft - The PeopleSoft CRM connector for Portal Server enables portal users to access the PeopleSoft CRM application in Portal Server channels with Single Sign-on. The PeopleSoft CRM functionality exposed through the connector includes Customer Contact Information management and Opportunity Management.
- SAP - The integration with SAP can be achieved by using the Java Connector Architecture (JCA). Several vendors write these connectors (for example, Altio, Insevo, and so on). True SSO is not possible at this point since SAP is not Identity Server aware.
- Siebel - The Siebel eService and ERM Portal Connectors for Portal Server enable users to access their Siebel ERM (Employee Relationship Management) and eService applications through Portal Server channels.
The eService connector pack installs on Portal Server and provides Single Sign-on with the back-end Siebel eService application. The eService channels enable users to submit and check status of service requests, view online knowledgebases, and provide communication services that organize email, postal mail, and structured feedback forms.
The ERM connector provides access to Employee Relationship Management applications including Online Helpdesk, Employee opportunities and projects management, Performance Management, and Internal News Administration.
Location-Based Services and Device-Independent Rendering ISV
The ISV in this category is:
- Aligo - Provides a mobile application server that is a development and deployment platform.
Personalization, Business Intelligence, and Analysis ISV
The ISV in this category is:
- Fair, Isaac - Provides an integration module that enables Blaze Advisor to provide rules-based personalization and other services to Portal Server. Using this module, you can take advantage of the Blaze Advisor rule syntax and sophisticated design tools while giving portal administrators and users the power to change their personalization rules using simple web-based interfaces. The scope of the integration is focussed on the following:
- Personalization based on the user profile (both internal and external). The internal profile is the profile stored on Portal Server. The external profile is stored as part of some other data store to which the Blaze rules engine and Portal Server have access to. This kind of personalization determines the content to be displayed on individual channels and can also be used to determine the combination of channels to be displayed, based on the user.
- Personalization based on preferences of other users with similar profiles or preferences.
- Personalization based on the click stream analysis and history of usage.
Rapid Portlet and Web Services Development ISVs
ISVs in this category include:
- Altio - AltioLive provides a browser-based visual development environment to create channels with greater interactivity than HTML. AltioLive can combine data from multiple systems into the development environment. Developers can link disparate data sources for display in a single portlet (channel).
- Bowstreet - Bowstreet models operate as a channel in Portal Server's environment. Bowstreet is integrated with the Profile API and security services. Using Bowstreet's modeling approach, developers are able to:
- Create highly customized channels based on the user's role.
- Create "abstract" channels that can regenerate into hundreds of different channels. For example, a developer could create the "News" channel as a Bowstreet model and use profiling to create the "Sports News" and "Regional News" channels.
- Create a reusable "builders" that can be leveraged across different channels.
Types of Portal Deployments
Three general types of portals are in use today: business-to-employee (B2E), business-to-consumer (B2C), and business-to-business (B2B). Each type has its own special needs, and Sun ONE Portal Server has features to support each type.
Note Another type of portal that deserves mention is business-to-everyone, usually implemented by carriers and ISPs.
The following sections describe the various types of portals.
Business-to-Employee Portal (B2E)
B2E portals provide a collection of information and applications from the company's internal network. These portal services are accessed by employees in their offices as well as by remote, travelling, and telecommuting employees from any web-enabled browser on the Internet. B2E portals include features such as:
- Access to applications, including mail, calendaring, and file browsing
- Server access through X Window System, Citrix, and Telnet protocols
- Access to up-to-date company information, including press releases
- News feeds from outside the company
- User-specified features such as local weather reports
Portal Server enables companies to establish secure employee portals using existing enterprise authentication mechanisms and additional one-time password and certificate-based authentication for Internet-based access. Furthermore, iPlanet Portal Server is capable of presenting employee portals on the intranet using only standard HTTP port 80, and on the Internet using only secure HTTPS on port 443.
Business-to-Consumer Portal (B2C)
B2C portals generally grant access to anyone on the Internet, without using secure authentication and encrypted communication. These portals typically sell products and services to anyone visiting the site. B2C portals often provide extended features (such as customer support) to registered customers, who also might or might not be paying customers. It is well known that the longer a user visits a site the more likely it is for a purchase to be made. Thus, many portals have increased their "stickiness" through the addition of syndicated content that helps to prolong site visits.
The Portal Server architecture enables companies to build B2C portals by extending Sun ONE or third-party commerce applications to customers on any web-enabled browser. Portal Server's membership management services can be used to help build user communities through self-administered membership modules. Management services can also enforce policy-based access so that enhanced services are only provided to customers who have paid for them. You incorporate applications and content into B2C portals through channels that can be configured both by the hosting company and by individuals. Giving users power to control their portal experience increases the likelihood of return visits. To further increase site stickiness, you can configure search engines and syndicated content (such as news feeds) for user access.
Note Open anonymous mode is a good example of how B2C portals enable non-personalized (non-profiled) access.
Business-to-Business Portal (B2B)
B2B portals establish extranet connections through which companies and their suppliers and partners can more effectively communicate and collaborate. Suppliers can better match supplies to demand when they have direct access to ERP systems that handle the sales and production process. Consultants can be more effective when they have direct access to engineering specifications and diagrams. And company accountants can more quickly meet tax deadlines when they can get data directly from company accounting systems. Because B2B portals are designed for sharing business-critical information with third parties, security is of paramount importance. B2B portals must provide the means to authenticate the identity of their visitors, and once access is authorized, securely encrypt the data as it passes between the portal and the authorized users.
When used to support B2B portals, Portal Server can be configured to use strong authentication techniques ranging from one-time passwords to unforgeable X.509 certificates. Even before the authentication process is initiated, connections to Portal Server can be encrypted with HTTPS sessions with keys up to 128 bits in length. Once users are authorized, Portal Server can provide access to company information based on the user's identity, group, or organization. User access can be as fine-grained as is necessary for your site.
Note Because security is so important for B2B portals, you need to deploy a secure portal running Sun ONE Portal Server, Secure Remote Access, for HTTPS sessions. See Chapter 3 "Sun ONE Portal Server, Secure Remote Access Architecture" for more information.
Portal Server can provide access to just about any kind of information that business partners need. Access to UNIX and Microsoft Windows NT applications is provided through Citrix technologies. Applications using Java technology applets and even proprietary protocols can be supported through Secure Remote Access Netlet software. Terminal emulation is also available, giving partners access to command-line interfaces ranging from standard Telnet to mainframe applications.
Portal Deployment Architecture
Usually, but not always, you deploy Sun ONE Portal Server software on the following different portal nodes (servers) that work together to implement the portal:
- Core portal node - The server upon which you install the Portal Server, Sun ONE Web Server, and Identity Server software. You can also install the Portal Server Search component on this node if desired.
- Search node - Optional. The server upon which you install the Portal Server Search component. You can install the Portal Server Search component on its own server, for performance, scalability, and availability reasons.
- Gateway node - Optional. The server upon which you install the Secure Remote Access gateway component. You can also install the gateway component on the core portal node, though in general, because you locate the gateway in the DMZ, it will be on a non-portal node.
- Directory server - The server running Sun ONE Directory Server software. You can install Directory Server on the core portal node.
- Other servers, such as mail, file, and legacy servers - These servers provide backend support, data, and applications to portal users.
Figure 1-1 shows the high-level architecture of a typical installation at a company site for a business-to-employee portal. In this figure, the gateway is hosted in the company's DMZ along with other systems accessible from the Internet, including web servers, proxy/cache servers, and mail gateways. The core portal node, portal search node, and directory server, are hosted on the internal network where they have access to systems and services ranging from individual employee desktop systems to legacy systems.
In Figure 1-1, users on the Internet access the gateway from a web-enabled browser and connect to the gateway at the IP address and port for the portal they are attempting to access. For example, a B2B portal would usually allow access to only port 443, the HTTPS port. Depending on the authorized use, the gateway forwards requests on to the core portal node, or directly to the service access on the enterprise internal network.
Figure 1-1 illustrates some of the components of a portal deployment but does not address the actual physical network design, single points of failure, nor high availability. See Chapter 7 "Creating Your Portal Design," more detailed information on portal design.
Figure 1-1 High-level Architecture for a Business-to-Employee Portal
Establishing Quality Goals
When deploying Sun ONE Portal Server, think about the quality goals you want to establish for your organization. Some of these goals might include:
- Upgrading all existing Sun ONE Portal Server 3.0 servers and users to Sun ONE Portal Server 6.0 within a certain timeframe, say 12 months.
- If you are migrating from Sun ONE Portal Server 3.0, your organization's IT group must maintain existing portal services during the migration.
- Setting performance and reliability expectations. You'll need to establish baseline measurements and then continue tracking as you move to a production environment.
- Maintaining a completely functioning network infrastructure throughout the transition period from trial to production.
- Eliminating single points of failure for the portal system by developing an architecture that includes redundant portal servers, gateways, and directory replicas and masters at various service layers.