i-Planet gateway name 

The fully qualified host name (example: hostname.eng.sun.com) of the external interface to the Internet of the machine on which you install the gateway software. The gateway contains the encrypting proxy and the reverse proxy, which together handle all traffic from the Internet to the intranet. The gateway also contains the optional basic firewall application.

i-Planet server name 

The fully qualified host name (example: hostname2.eng.sun.com) of the machine on which you install the platform and applications software. The platform includes the Java web server and the administration services, such as authentication, licensing, and logging. The applications include the desktop, mail, calendar, intranet browsing, and file access applications.

installation directory

i-Planet software is installed in /opt unless you specify a different directory.

basic firewall application

If your organization does not have a firewall that can be used to restrict the external access to the i-Planet gateway machine to traffic on port 443 (or to the port you have configured to carry SSL traffic), you have the option of installing a basic firewall application on the i-Planet gateway.

The basic firewall application examines packets coming only from the external gateway interface, and follows these rules:  

• Allows external access to port 443 (or to the port you specify for the encrypting proxy during installation) of the gateway through the gateway's public, or external, interface

• Allows the gateway machine access to anywhere

• Allows routing information from the Internet interface on the gateway machine to be updated

• Denies everything not expressly allowed in the above rules

The basic firewall application does not run under Solaris 7. 

If you want greater control over the ports and traffic than this basic firewall application provides, consider installing a firewall product such as Sun Microsystems' SunScreen^(TM) EFS software.

network interface type

If you install the basic firewall application, you specify the gateway network interface. The machine on which you install the firewall should have more than one network interface. To list available interfaces, use the command ifconfig -a.

name service

If you install the basic firewall application, you specify your name service: NIS, DNS, NIS and DNS, or none. 

network domain name

Your network domain name. The network domain name does not include the host name or subdomain name. An example of a network domain name is sun.com. 

network subdomain names

If any URLs within your organization's intranet contain only a host and subdomain, such as host.eng, that subdomain must be entered as a network subdomain name during installation. For example, within the network domain name of sun.com, if host.group appears in a URL, then group must be entered as a network subdomain name. As a general rule, if any URL in your organization's domain is not fully qualified, the subdomain must be entered during installation. The subdomain name must not contain dots. Note: if you forget or omit subdomain names during installation, you can add subdomain names by editing a configuration file on the gateway; refer to the i-Planet Administration Guide for instructions.

port numbers

Default port numbers are provided for the encrypting proxy (443), the reverse proxy (10443), and the i-Planet server (8080 for non-SSL communication, 443 for SSL communication). If you select a customized installation, you can change these port numbers. You can also specify a port number for a web proxy host, if you use one.  

The reverse proxy and the encrypting proxy must use different port numbers. The i-Planet gateway must know the i-Planet server port number, whether or not you use SSL communication between the two machines. 

web proxy host

A web proxy host potentially handles all HTTP requests between the gateway and the intranet.

If you are using a web proxy host, use the web proxy option during installation to specify the fully qualified host name of your web proxy. The gateway will then use that proxy for all HTTP requests. This scenario is desirable if you do not want the gateway to have the routing information it would need to find the intranet machines.

If you do not specify a web proxy host, the gateway will make a direct connection to intranet machines when a user tries to access one of those intranet machines. 

After installation, you can change your web proxy host or add one if you did not specify one during installation by editing a configuration file on the gateway; refer to the i-Planet Administration Guide for instructions.

SSL communication

The secure socket layer (SSL) protocol provides a way to encrypt communication between two machines. i-Planet software uses SSL to encrypt communication between a browser and the i-Planet gateway, and, optionally, between the i-Planet gateway and the i-Planet server if they are installed on separate machines. 

By default, the gateway communicates with the i-Planet server "in the clear," or with unencrypted communication. During installation, you have the option of specifying that the gateway use SSL to communicate with the i-Planet server. In this case, you must have an SSL certificate installed on each machine. The i-Planet gateway must know the i-Planet server port number, whether or not you use SSL communication between the two machines.

After installation, you can change whether or not you use SSL between the gateway and the i-Planet server; refer to the i-Planet Administration Guide for instructions.

SSL certificate

To have an encrypted SSL link, you must have an SSL certificate on the machines using SSL.  

A self-signed SSL certificate on the gateway is created during i-Planet installation on the gateway. To create this certificate, you must enter organization-specific information, such as company name and address, and a passphrase. Do not use the equal sign (=) in the certificate field entries. 

If you are using SSL between the gateway and the i-Planet server, you must install an SSL certificate from a Certificate Authority vendor on the i-Planet server; refer to Appendix A, Generating and Installing SSL Certificates for instructions on obtaining and installing an SSL certificate from a Certificate Authority vendor.

You can create new self-signed SSL certificates, and you can request and install SSL vendor certificates at any time after installation. Refer to Appendix A, Generating and Installing SSL Certificates for information on certificates and instructions on installing them.