test

Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Configuring the Netlet Attributes

You can perform the following tasks to configure the Netlet:

ProcedureTo Configure the Basic Attributes

  1. Log onto the Portal Server administration console as administrator.

  2. Select the Secure Remote Access tab and select the Netlet tab.

  3. Select a DN for a user or an organization from Select DN list or add a DN.

  4. Modify the following attributes:

    Attribute Name 

    Description 

    COS Priority 

    Specify value that is used to determine the inheritance of the attribute values. For more information on this attribute, see the Sun Java System Directory Server Administration Guide.

    Launch Netlet Using 

    Select the mode either the Java Webstart or Applet option to start the Netlet service. 

    Default Loopback Port 

    Specify the port to be used on the local machine when applets are downloaded through Netlet. The default value of 58000 is used unless the value is overridden in the Netlet rules. 

    Enter the required port number. 

    Keep Alive Interval (seconds) 

    If the client is connecting to the Gateway through a web proxy, then idle Netlet connections are disconnected due to proxy time out. To prevent this, enter a value less than the proxy time-out. 

  5. Click Save to complete.

ProcedureConfiguring the Advanced Attributes

  1. Log onto the Portal Server administration console as administrator.

  2. Select the Secure Remote Access tab and select the Netlet tab.

  3. Select a DN for a user or an organization from Select DN list or add a DN.

  4. Modify the following attributes:

    Attribute Name 

    Description 

    Terminate Netlet at Portal Logout 

    Select Yes to ensure that all connections are terminated when a user logs out of the Portal Server. This ensures greater security. By default, this option is selected. 

    Select No to ensure that live Netlet connections are operational even after the user has logged out of the Portal Server desktop. 

    Note –

    When the No option is selected, users are not allowed to make new Netlet connections after logging out of the Portal Server. Only existing connections are preserved.

    Re-authenticate for Connections 

    Select Yes to specify the port to be used on the local machine when applets are downloaded through Netlet. The default value of 58000 unless the value is overridden in the Netlet rules. By default, the No option is selected. 

    Display Warning Popup for Connections 

    Select Yes to display a warning popup dialog box on the user's desktop when other users are trying to connect to Netlet through the listen port and the user is running an application using Netlet. By default, the Yes option is selected. 

    Display Checkbox in Port Warning Dialog 

    Select Yes to display a warning popup dialog box on the users desktop when Netlet tries to connect to the destination host through an available port on the local machine, if its enabled in the administration console. By default, the Yes option is selected. 

    Netlet Rules 

    Create Netlet rules at a global level. These rules are inherited by any new organization that you create. For more information on creating, modifying, and deleting Netlet rules, see To Create, Modify, or Delete a Netlet Rule

    Default Native VM Cipher 

    Select from the drop down box the default cipher for the Netlet rules. This is useful when using existing rules that did not include the cipher as a part of the rule. For more information, see the Backward Compatibility section.

    Default Java Plugin Cipher 

    Select from the drop down box the default Java Plugin cipher. See Supported Ciphers for a list of supported ciphers.

    Allowed/Denied Hosts 

    Select the host address check box and select host to either allow access based on the user or organization type and select either the Allow or Deny option from the drop-down box. 

      To add a new host:

    1. Click Add Row.

    2. Enter the specify the fully qualified host address, for example: abc, type abc.sesta.com.

    Note –

    To delete an existing host: From the Host list, select the host and click Delete.

    You can define access or deny to certain hosts to specific hosts for certain organizations, roles, or users. For example, you can set up the Allow list with five hosts to which the user can telnet. You can deny access to specific hosts within an organization. Specify a unique local port for each rule.

    Note –

    An asterisk (*) in this field indicates that all the hosts in the specified domain are accessible. For example, if you specify *.sesta.com, all the Netlet targets within the sesta.com domain can be executed by the user. You can also specify a wild card IP address such as xxx.xxx.xxx.*.

    Access/Deny Netlet Rules 

    Select the Nelet rule and select either the Allow or Deny option from the drop-down box. 

    You can define access to specific Netlet rules for certain organizations, roles or users. 

    You can deny access to specific Netlet rules for certain organizations, roles or users. 

    Note –

    An asterisk (*) in this field indicates that all the defined Netlet rules are available for the selected organization.

  5. Click Save to complete.

ProcedureTo Create, Modify, or Delete a Netlet Rule

You can also create new rules or modify existing rules at the organization, role, or user levels. These rules are inherited by any new organization that you create.

  1. Log onto the Portal Server administration console as administrator.

  2. Select the Secure Remote Access tab and select the Netlet tab.

  3. Select a DN for a user or an organization from Select DN list or add a DN.

  4. Under Advanced > Netlet Rules, click New Rule.

    • To delete a rule, select a rule and click Delete.

    • To modify a rule, click the rule name.

      In the Netlet page, modify the parameters as explained the steps below.

  5. Enter the rule name in the Rule Name field.

  6. Select Other choose from the list of available ciphers and under Encryption Ciphers list, select one or more encryption cipher or select Default to retain the default encryption cipher.

    This is useful when using existing rules that did not include the cipher as a part of the rule. For information, see the Backward Compatibility section. For more information on ciphers, see Specify the Default Encryption Cipher.

  7. Enter the URL to the application to be invoked in the Remote Application URL field.

  8. Select the Client Port checkbox if an applet needs to be downloaded. Enter client port number, server host address, and server port number in the Client Port, Server Host, and Server Port field. Specify a unique local port for each rule.

    By default, the Enable Download Applet box is disabled. Specify the applet details only if the applet needs to be downloaded from a host other than the Portal Server host. For more information, see Downloading an Applet From a Remote Host.

  9. Select the Enable Extend Session checkbox to ensure that the Portal Server session time is extended while the Netlet session corresponding to this rule is running.

  10. Under Map Local Port to Destination Server Port, do the following:

    1. Enter the local port on which Netlet listens in the Local Port field.

      For an FTP rule, the local port value must be 30021.

    2. Enter an entry in the Destination Hosts field.

      For a static rule, enter the host name of the target machine for the Netlet connection. For a dynamic rule, enter "TARGET".

    3. Enter the port on the target host in the Destination Port field.

  11. Click Save to complete.

    The rule name is displayed in the Netlet home page.