Chapter 1 i-Planet Overview

This chapter discusses the following topics:

• What is the i-Planet software?

• Features of the i-Planet software

• Compatibility with SunScreen(TM) products

• Hardware and software requirements

• Online help and documentation

This Guide

This guide assumes that the systems administrator and the i-Planet administrator are the same person or at least persons of the same level of experience, level, and skill, and that have the same access to the network.

The term user, when used, refers to the i-Planet administrator and the systems administrator when they are the same person.

The term end user refers to the employee or business partner who is using the i-Planet product to obtain access over the Internet to the company's private network.

You use the information in this guide to configure and manage, that is, administer the i-Planet product. You do this primarily through the Administration Console, which is a browser-based graphical user interface (GUI). You must also administer parts of this product using the command line and you probably will have to modify some files. In addition to this guide, there is online help for the Administration Console. The only documentation that the end users have is the on-line help. You will have to supply them with certain information, such as passwords for authentication.

What Is The i-Planet Software?

The i-Planet software is a unique solution that provides a company's remote and travelling employees with worldwide remote access to the corporate network over the Internet from any computer with a Java-enabled web browser. The i-Planet software acts as a mediator between users coming in through the Internet to the corporate intranet. It provides secure end-user connectivity across all networks and a uniform, familiar, web browser-based interface.

The i-Planet software lets companies:

• Leverage the public network and Internet service providers (ISPs) to reduce costs.

• Increase productivity with better access to information.

• Simplify remote access for end users.

• Access anytime, anywhere with any computer with a browser. This means that the client could be behind a web proxy or a firewall.

The i-Planet software lets administrators:

• Authenticate Internet-based end users with a convenient, secure one-time password scheme or the plug-in authentication module of your choice.

• Implement access control technology that greatly increases intranet security.

• Allow secure access to electronic mail servers, web servers, and file servers.

• Allow users to have access through a web browser-based interface, sharply reducing learning curve and training time for remote end users.

• Administer the i-Planet software through an easy-to-use browser-based interface.

• Install an optional packet-filtering firewall application based on proven Sun Microsystems' SunScreen technology.

The i-Planet product provides a corporation and its remote and travelling employees with cost-effective, fast, secure access to corporate information, personal email, applications, and internal web sites. It provides this access at anytime, from anywhere, and from any platform that uses Netscape 4.06 with Java Advanced Windowing Toolkit (AWT) 1.1 support (or Netscape 4.04 or 4.05 with the JDK^TM 1.1 patch) or greater and Internet Explorer 4.0 or greater. The Java^TM Developers Kit (JDK) 1.1 patch from Netscape contains AWT 1.1 and greater support for JDK 1.1.

The i-Planet software consists of two main components:

• The i-Planet gateway--contains the software for the i-Planet gateway and the software for the (optional) i-Planet firewall application

• The i-Planet server --contains the software for the i-Planet platform and the software for the i-Planet applications.

You can install the i-Planet software on:

• One machine

• Two machines--With the i-Planet gateway on one machine and the i-Planet server on another. This is the preferred configuration.

How Does the i-Planet Software Work?

The i-Planet software consists of individual components that act as building blocks. Each of these components have a well-defined interface that hides their internal implementation. This allows for them to interact without depending on a particular implementation, and allows you to extend and expand the functionality easily that the i-Planet product offers to clients.

The entire i-Planet architecture is Internet and web based. The communication protocols include both standard HTTP (Hypertext Transfer Protocol) and HTTPS (Secure Hypertext Transfer Protocol, an encrypted version of HTTP that is understood by all newer web browsers and allows secure communication between a web browser and web server across any network). Additional i-Planet applications, in particular remote windowing software and specific communication components, use their native TCP-based communications protocols, encrypted and passed through the configured SSL port.

By relying on these protocols, the i-Planet product lets you use standard web browsers for both secure end-user access to applications and for secure administration of the i-Planet software. All remote-user traffic uses the SSL port for all traffic, while administrative access can be through HTTP or HTTPS, if you are using SSL service for communication between the i-Planet server and the i-Planet gateway.

For simplicity in explanation and discussion, this document assumes that all end users have access to your i-Planet installation from somewhere on the Internet--even though it applies equally to both the Internet and intranet. Depending on the type of authentication used, web-browser-based administrative access to the i-Planet product can come from within your internal network or from a remote host over the Internet.

Figure 1-1 shows a basic diagram of the i-Planet product, including the default port numbers, as installed on two machines. SSL is used to encrypt the connection between client to the i-Planet gateway over the Internet. SSL can be used as an option to encrypt the connection between the i-Planet server to the i-Planet gateway.

Figure 1-1 i-Planet Basic Diagram

The following sections detail each of the main components and their roles in this communication process.

The i-Planet Gateway

The i-Planet gateway forms the boundary between the Internet and the intranet. It has two main responsibilities:

1. It acts as the border guard, establishing identity and allowing access.

2. It also acts as a translator, altering documents served so that links to the intranet content will work on the extranet.

In general, networks "inside" your i-Planet gateway can be considered secure, internal networks, that is your intranet. Networks outside the i-Planet gateway (that is, the Internet) are not secure, and access from those networks must be closely controlled, through encryption and authentication. The i-Planet gateway component provides this control.

To accomplish these goals, the i-Planet gateway relies on three subsystems.

1. Server subsystem--Listens for network connections and assigns resources to process these requests.

2. Connection handler subsystem--Does the actual processing of the requests. It translates and transmits the response back to the client.

3. Authentication and profile subsystem--Handles authorization, authentication, and profile information for the gateway.

The i-Planet gateway also runs the optional i-Planet firewall application that is included with the i-Planet software. Although it is not required for baseline operation of the i-Planet product, it provides greater security.

The i-Planet Server

The i-Planet server handles all of the details of authorization, authentication, policy, and user profile access and management, which compose the i-Planet platform. It also handles the functionality of the i-Planet application server. Communication with the i-Planet server is generally through HTTP. If you have enabled SSL service from the i-Planet server to the i-Planet gateway, communication is through HTTPS. You have administrative access to the i-Planet administration screens through a web browser.

The i-Planet Platform Server

The i-Planet platform server is composed of several subsystems: authentication, authorization, and profile management. These subsystems handle the connections to outside services. Because these subsystems are independent browser links to the overall i-Planet product, you can incorporate many different technologies into your installation of the i-Planet software, without making major changes to the i-Planet server or to other i-Planet components.

The i-Planet server subsystems work together and interface with external data sources to manage the process of identifying users to the system, determining access rights, and providing that access. The platform-server subsystems are:

1. The authentication subsystem--deposits, manages, and clears cookies from end user's systems. It describes the physical and virtual connection from the end user's browser to the i-Planet server. In this way, it essentially authenticates each transaction.

2. The authorization subsystem--assures that end users have the correct permissions to use particular applications.

3. The profile-management subsystem--Stores application profiles and user profiles, as well as interfaces with external data sources, such as files and directory servers. Application profiles and user profiles declare the allowable set of roles that can be assumed by the authenticated user name. These profiles also contain additional user-specific application and personal information. For example, a user profile contains information about the user's identity.

i-Planet Application Server

The i-Planet application server can link to any TCP/IP accessible application on your intranet. The i-Planet product has a core set of applications that offer baseline remote access functionality, including viewing your group calendar and accessing email. By design, HTTP accessible applications, including any applications already running on your intranet, should work without modification. The i-Planet product has no specific requirements on how additional add-in applications are structured.

The i-Planet product comes with the following applications for end users:

• i-Planet Desktop--Provides access to all online help and a central access point for end users to obtain access to all i-Planet applications. Remote users can change their preferences from the i-Planet Desktop.

• NetMail --Provides full IMAP mail server access and offline reading capabilities.

• NetMail Lite--supports Sun Internet Mail Server (SIMS) without requiring support for Java applets.

• NetCalendar--Provides an HTML client calendar that supports CDE and the Sun Calendar server.

• NetSurf--Permits end users to look at certain web pages on your intranet.

• NetFile--Provides end users with additional, flexible remote access capabilities of your choice (including Telnet and remote X-Windows capabilities).

• NetFile Lite --Provides limited remote file system access without requiring a Java applet.

• Generate SKEYs--Allows users to generate their own S/Key passwords.

Online Help and Documentation

Online help is available for the i-Planet administration interface as well as for the end-user i-Planet Desktop and all included end-user applications. Access help by clicking the help links, located on every page in the i-Planet interface. From any page within the Administration Help you can navigate to the help index and all other administration help pages. Similarly, your users have access to help for every page of the i-Planet product, and from there can navigate to a help index and all other end-user help pages.

The installation CD-ROM for the i-Planet software contains a documentation directory with administration documentation in HTML and PostScript formats.

---

Note -

You can reach the files directly through the system or through your web server.

---

Look for:

• HTML files at http://i-Planet_server/docs/usenglish/manuals/html/

• The PostScript file at http://i-Planet_server/docs/usenglish/manuals/ps/

• Online administration help by clicking the Help button

• Online remote-user help by clicking the Help button

• Man pages at /opt/SUNWstnr/man