Introduction to Gateway

The Gateway provides the interface and security barrier between remote user sessions originating from the Internet and your corporate intranet. The Gateway presents content securely from internal web servers and application servers through a single interface to a remote user.

For each Gateway instance you must complete the following tasks:

• Creating a Gateway Profile

• Creating Multiple Instances of a Gateway

• Chapter 8, Configuring the Secure Remote Access Gateway.

Other gateway related topics include the following:

• Restarting the Gateway

• Configuring the Gateway Watchdog

• Specifying a Virtual Host

• Specifying a Proxy to Contact Access Manager

Creating a Gateway Profile

A gateway profile contains all the information related to gateway configuration, such as the port on which the Gateway listens, SSL options, and proxy options. When you install a Gateway, if you choose the default values, a default gateway profile called "default" is created. A configuration file corresponding to the default profile exists at: /etc/opt/SUNWportal/platform.conf.default.

Where /etc/opt/SUNWportal is the default location for all the platform.conf.* files. For more information on the platform.conf file, see Understanding the platform.conf File.

When working with profiles, you can perform the following tasks:

• Create multiple profiles, define attributes for each profile, and assign these profiles to different Gateways as required.

• Assign a single profile to Gateway installations on different machines.

• Assign different profiles to instances of a single Gateway running on the same machine.

Do not assign the same profile to different instances of the Gateway running on the same machine. This setup causes a conflict because the port numbers are the same.

Do not specify the same port numbers in the different profiles created for the same Gateway. Running multiple instances of the same Gateway with the same port causes a conflict.

Creating Multiple Instances of a Gateway

To create multiple instances of a gateway, see Chapter 4, Installing and Configuring a Gateway With Portal Server, in Sun Java System Portal Server 7.2 Installation and Configuration Guide

Creating Multi-homed Gateway Instances

Multi-homed gateway instances are multiple gateways on one Portal Server. To create these instances, modify the platform.conf file as follows:

gatewaybindipaddress = 0.0.0.0

Creating Gateway Instances Using the Same LDAP

If you are creating multiple gateway instances that use the same LDAP, after creating the first Gateway on all subsequent Gateways:

In /etc/opt/SUNWam/config/, modify the following areas in AMConfig-instance-name.properties to be consistent with the first installed instance of the Gateway.

See To Create Gateway Instances Using the Same LDAP

Restarting the Gateway

Normally, you do not need to restart the Gateway. You need to restart only if any of the following events occur:

• You have created a new profile and need to assign the new profile to the Gateway.

• You have modified some attributes in the existing profile and need the changes to take effect.

• Gateway crashes due errors such as OutOfMemory error.

• Gateway stops responding and does not service any requests.

Configuring the Gateway Watchdog

You can configure the time interval at which the watchdog monitors the status of the Gateway. To start or to stop the watchdog, run the command;./psadmin sra-watchdog -u amadmin -f <password-file> -t <type> on|off. This time interval is set to 60 seconds by default. To change this value, edit the following line in the crontab utility:

0-59 * * * * gateway-install-root/SUNWportal/bin/
/var/opt/SUNWportal/.gw. 5 > /dev/null 2>&1

See the crontab man page to configure the crontab entries.

Specifying a Virtual Host

A virtual host is an additional host name that points to the same machine IP and a host name. For example, if a host name abc points to the host IP address 192.155.205.133, you can add another host name cde which points to the same IP address.

Specifying a Proxy to Contact Access Manager

You can specify a proxy host to be used by the Gateway to contact SRA Core (RemoteConfigServlet) that is deployed over the Portal Server. This proxy is used by the Gateway to reach the Portal Server and Access Manager. See, To Specify a Proxy.