test

Solaris ISP Server 2.0 Administration Guide

Solaris ISP Server Overview

Solaris ISP Server is designed to run on a network; although you can install the entire product on a single machine, the result would not be functional in a working ISP environment. For best performance and security results, we recommend segregation of services by host machine, in a configuration appropriate for your planned use. The product presumes the existence of standard primary and secondary DNS (domain name service) servers, but requires no special configuration of them.

The directory services are integral to Solaris ISP Server. The product presumes a single installation of SunTM Directory Services managing all subscriber, administrator, and service configuration data for the system. Sun Internet Administrator and some of the services do not work in the absence of a directory. When set up to interoperate with Sun Internet Mail Server, certain special configuration steps are required to keep the two directories (Solaris ISP Server's directory server and that contained within the mail product) in synchronization. The sections that follow describe these networks in a general manner and describe the flow of basic operations.

A Basic Solaris ISP Server Installation

In the simple example that follows, some services share host computers. This is not a requirement; segregate services by host machine if that is the best configuration for your system.

Figure 1-2 Basic Solaris ISP Server Network

Graphic

Host C can also be the RADIUS server, if desired. RADIUS is a part of Sun Directory Services and is configured for authentication against the directory.

A Solaris ISP Server Installation with Sun Internet Mail Server

When Solaris ISP Server is set up to interoperate with Sun Internet Mail Server, the mail server must be installed on a different computer from Sun Directory Services.

Figure 1-3 Solaris ISP Server Network with Sun Internet Mail Server

Graphic

In this setup, the directory in the mail server is configured as a slave to the main Sun Directory Services. All user information management is performed on the main directory on Host C. User information is replicated across to Host F.

Solaris ISP Server Operation

Solaris ISP Server user information is stored in the directory, and user authentication is performed using LDAP. For example, if the RADIUS server packaged with Sun Directory Services is used, the server binds to the directory and searches the user entries for the user name and authsuffixname (a directory attribute defining the user's domain) provided by the user. Once the user's directory entry is found, the server compares the password provided with the one in the directory, validating the user. Once authenticated, the user communicates with the desired service using the appropriate protocol.

Figure 1-4 Communications and Protocols in Solaris ISP Server

Graphic

The ISP administrator typically accesses the administration server for Sun Internet Administrator. Once Sun Internet Administrator authenticates the administrator against the directory, it passes the login information to the services (single sign-on) as the administrator accesses them. Three-tier services invisibly authenticate the user against the directory again, blocking any attempt by an intruder pretending to be a Sun Internet Administrator. Three-tier services are described in "Three-Tier Service Architecture".