This chapter describes configuring the Netlet attributes from the Sun Java System Portal Server administration console. All the attributes that can be configured at the organization level can also be configured at the user level. For more information on organization, role and user level attributes, see the Access Manager Administration Guide.
This chapter has the following sections:
You can perform the following tasks to configure the Netlet:
Log onto the Portal Server administration console as administrator.
Select the Secure Remote Access tab and select the Netlet tab.
Select a DN for a user or an organization from Select DN list or add a DN.
Modify the following attributes:
Attribute Name |
Description |
---|---|
COS Priority |
Specify value that is used to determine the inheritance of the attribute values. For more information on this attribute, see the Sun Java System Directory Server Administration Guide. |
Launch Netlet Using |
Select the mode either the Java Webstart or Applet option to start the Netlet service. |
Default Loopback Port |
Specify the port to be used on the local machine when applets are downloaded through Netlet. The default value of 58000 is used unless the value is overridden in the Netlet rules. Enter the required port number. |
Keep Alive Interval (seconds) |
If the client is connecting to the Gateway through a web proxy, then idle Netlet connections are disconnected due to proxy time out. To prevent this, enter a value less than the proxy time-out. |
Click Save to complete.
Log onto the Portal Server administration console as administrator.
Select the Secure Remote Access tab and select the Netlet tab.
Select a DN for a user or an organization from Select DN list or add a DN.
Modify the following attributes:
Attribute Name |
Description |
---|---|
Terminate Netlet at Portal Logout |
Select Yes to ensure that all connections are terminated when a user logs out of the Portal Server. This ensures greater security. By default, this option is selected. Select No to ensure that live Netlet connections are operational even after the user has logged out of the Portal Server desktop. Note – When the No option is selected, users are not allowed to make new Netlet connections after logging out of the Portal Server. Only existing connections are preserved. |
Re-authenticate for Connections |
Select Yes to specify the port to be used on the local machine when applets are downloaded through Netlet. The default value of 58000 unless the value is overridden in the Netlet rules. By default, the No option is selected. |
Display Warning Popup for Connections |
Select Yes to display a warning popup dialog box on the user's desktop when other users are trying to connect to Netlet through the listen port and the user is running an application using Netlet. By default, the Yes option is selected. |
Display Checkbox in Port Warning Dialog |
Select Yes to display a warning popup dialog box on the users desktop when Netlet tries to connect to the destination host through an available port on the local machine, if its enabled in the administration console. By default, the Yes option is selected. |
Netlet Rules |
Create Netlet rules at a global level. These rules are inherited by any new organization that you create. For more information on creating, modifying, and deleting Netlet rules, see To Create, Modify, or Delete a Netlet Rule |
Default Native VM Cipher |
Select from the drop down box the default cipher for the Netlet rules. This is useful when using existing rules that did not include the cipher as a part of the rule. For more information, see the Backward Compatibility section. |
Default Java Plugin Cipher |
Select from the drop down box the default Java Plugin cipher. See Supported Ciphers for a list of supported ciphers. |
Allowed/Denied Hosts |
Select the host address check box and select host to either allow access based on the user or organization type and select either the Allow or Deny option from the drop-down box.
To add a new host: Note – To delete an existing host: From the Host list, select the host and click Delete. You can define access or deny to certain hosts to specific hosts for certain organizations, roles, or users. For example, you can set up the Allow list with five hosts to which the user can telnet. You can deny access to specific hosts within an organization. Specify a unique local port for each rule. Note – An asterisk (*) in this field indicates that all the hosts in the specified domain are accessible. For example, if you specify *.sesta.com, all the Netlet targets within the sesta.com domain can be executed by the user. You can also specify a wild card IP address such as xxx.xxx.xxx.*. |
Access/Deny Netlet Rules |
Select the Nelet rule and select either the Allow or Deny option from the drop-down box. You can define access to specific Netlet rules for certain organizations, roles or users. You can deny access to specific Netlet rules for certain organizations, roles or users. Note – An asterisk (*) in this field indicates that all the defined Netlet rules are available for the selected organization. |
Click Save to complete.
You can also create new rules or modify existing rules at the organization, role, or user levels. These rules are inherited by any new organization that you create.
Log onto the Portal Server administration console as administrator.
Select the Secure Remote Access tab and select the Netlet tab.
Select a DN for a user or an organization from Select DN list or add a DN.
Under Advanced > Netlet Rules, click New Rule.
Enter the rule name in the Rule Name field.
Select Other choose from the list of available ciphers and under Encryption Ciphers list, select one or more encryption cipher or select Default to retain the default encryption cipher.
This is useful when using existing rules that did not include the cipher as a part of the rule. For information, see the Backward Compatibility section. For more information on ciphers, see Specify the Default Encryption Cipher.
Enter the URL to the application to be invoked in the Remote Application URL field.
Select the Client Port checkbox if an applet needs to be downloaded. Enter client port number, server host address, and server port number in the Client Port, Server Host, and Server Port field. Specify a unique local port for each rule.
By default, the Enable Download Applet box is disabled. Specify the applet details only if the applet needs to be downloaded from a host other than the Portal Server host. For more information, see Downloading an Applet From a Remote Host.
Select the Enable Extend Session checkbox to ensure that the Portal Server session time is extended while the Netlet session corresponding to this rule is running.
Under Map Local Port to Destination Server Port, do the following:
Enter the local port on which Netlet listens in the Local Port field.
For an FTP rule, the local port value must be 30021.
Enter an entry in the Destination Hosts field.
For a static rule, enter the host name of the target machine for the Netlet connection. For a dynamic rule, enter "TARGET".
Enter the port on the target host in the Destination Port field.
Click Save to complete.
The rule name is displayed in the Netlet home page.
The following attributes can be configured at the user level:
Browser proxy type
Browser proxy host
Browser proxy port
Browser proxy override list
If you do not specify these values in the administration console and Netlet is unable to determine the browser proxy setting, the user is asked for this information when a connection is being established through Netlet for the first time. This information is stored and used for future connections by the user.
Netlet fails to determine the browser proxy setting in the following scenarios:
The user has Internet Explorer 4.x, 5.x or 6.x with Java plug-in (version less then 1.4.0), has enabled the "Use Browser Settings" option in the Proxies tab of the Java Plug-in Control Panel, and has specified an add-on product or INS file in the "Use automatic configuration script" field in the Local Area Network Settings dialog of Internet Explorer.
The user has Netscape 6.2 with Java Plug-in (version 1.3.1_01 or greater) and has enabled the "Use Browser Settings" option in the Proxies tab of the Java Plug-in Control Panel.
In both these cases, Netlet may not be able to determine the browser settings, and hence the user is asked to supply the following information:
Browser proxy type
This attribute can take the values DIRECT or MANUAL. If the user chooses DIRECT from the drop-down list, Netlet connects directly to the gateway host.
Browser proxy host
Specify the required proxy host through which Netlet needs to connect.
Browser proxy port
Specify the port on the proxy host through which Netlet needs to connect.
Browser proxy override list (Comma separated)
Specify the hosts for which you do not want Netlet to connect through the proxy. This list can contain multiple comma-separated host names.