How Does the i-Planet Software Work?

The i-Planet software consists of individual components that act as building blocks. Each of these components have a well-defined interface that hides their internal implementation. This allows for them to interact without depending on a particular implementation, and allows you to extend and expand the functionality easily that the i-Planet product offers to clients.

The entire i-Planet architecture is Internet and web based. The communication protocols include both standard HTTP (Hypertext Transfer Protocol) and HTTPS (Secure Hypertext Transfer Protocol, an encrypted version of HTTP that is understood by all newer web browsers and allows secure communication between a web browser and web server across any network). Additional i-Planet applications, in particular remote windowing software and specific communication components, use their native TCP-based communications protocols, encrypted and passed through the configured SSL port.

By relying on these protocols, the i-Planet product lets you use standard web browsers for both secure end-user access to applications and for secure administration of the i-Planet software. All remote-user traffic uses the SSL port for all traffic, while administrative access can be through HTTP or HTTPS, if you are using SSL service for communication between the i-Planet server and the i-Planet gateway.

For simplicity in explanation and discussion, this document assumes that all end users have access to your i-Planet installation from somewhere on the Internet--even though it applies equally to both the Internet and intranet. Depending on the type of authentication used, web-browser-based administrative access to the i-Planet product can come from within your internal network or from a remote host over the Internet.

Figure 1-1 shows a basic diagram of the i-Planet product, including the default port numbers, as installed on two machines. SSL is used to encrypt the connection between client to the i-Planet gateway over the Internet. SSL can be used as an option to encrypt the connection between the i-Planet server to the i-Planet gateway.

Figure 1-1 i-Planet Basic Diagram

The following sections detail each of the main components and their roles in this communication process.

The i-Planet Gateway

The i-Planet gateway forms the boundary between the Internet and the intranet. It has two main responsibilities:

1. It acts as the border guard, establishing identity and allowing access.

2. It also acts as a translator, altering documents served so that links to the intranet content will work on the extranet.

In general, networks "inside" your i-Planet gateway can be considered secure, internal networks, that is your intranet. Networks outside the i-Planet gateway (that is, the Internet) are not secure, and access from those networks must be closely controlled, through encryption and authentication. The i-Planet gateway component provides this control.

To accomplish these goals, the i-Planet gateway relies on three subsystems.

1. Server subsystem--Listens for network connections and assigns resources to process these requests.

2. Connection handler subsystem--Does the actual processing of the requests. It translates and transmits the response back to the client.

3. Authentication and profile subsystem--Handles authorization, authentication, and profile information for the gateway.

The i-Planet gateway also runs the optional i-Planet firewall application that is included with the i-Planet software. Although it is not required for baseline operation of the i-Planet product, it provides greater security.

The i-Planet Server

The i-Planet server handles all of the details of authorization, authentication, policy, and user profile access and management, which compose the i-Planet platform. It also handles the functionality of the i-Planet application server. Communication with the i-Planet server is generally through HTTP. If you have enabled SSL service from the i-Planet server to the i-Planet gateway, communication is through HTTPS. You have administrative access to the i-Planet administration screens through a web browser.

The i-Planet Platform Server

The i-Planet platform server is composed of several subsystems: authentication, authorization, and profile management. These subsystems handle the connections to outside services. Because these subsystems are independent browser links to the overall i-Planet product, you can incorporate many different technologies into your installation of the i-Planet software, without making major changes to the i-Planet server or to other i-Planet components.

The i-Planet server subsystems work together and interface with external data sources to manage the process of identifying users to the system, determining access rights, and providing that access. The platform-server subsystems are:

1. The authentication subsystem--deposits, manages, and clears cookies from end user's systems. It describes the physical and virtual connection from the end user's browser to the i-Planet server. In this way, it essentially authenticates each transaction.

2. The authorization subsystem--assures that end users have the correct permissions to use particular applications.

3. The profile-management subsystem--Stores application profiles and user profiles, as well as interfaces with external data sources, such as files and directory servers. Application profiles and user profiles declare the allowable set of roles that can be assumed by the authenticated user name. These profiles also contain additional user-specific application and personal information. For example, a user profile contains information about the user's identity.

i-Planet Application Server

The i-Planet application server can link to any TCP/IP accessible application on your intranet. The i-Planet product has a core set of applications that offer baseline remote access functionality, including viewing your group calendar and accessing email. By design, HTTP accessible applications, including any applications already running on your intranet, should work without modification. The i-Planet product has no specific requirements on how additional add-in applications are structured.

The i-Planet product comes with the following applications for end users:

• i-Planet Desktop--Provides access to all online help and a central access point for end users to obtain access to all i-Planet applications. Remote users can change their preferences from the i-Planet Desktop.

• NetMail --Provides full IMAP mail server access and offline reading capabilities.

• NetMail Lite--supports Sun Internet Mail Server (SIMS) without requiring support for Java applets.

• NetCalendar--Provides an HTML client calendar that supports CDE and the Sun Calendar server.

• NetSurf--Permits end users to look at certain web pages on your intranet.

• NetFile--Provides end users with additional, flexible remote access capabilities of your choice (including Telnet and remote X-Windows capabilities).

• NetFile Lite --Provides limited remote file system access without requiring a Java applet.

• Generate SKEYs--Allows users to generate their own S/Key passwords.