Sun Java System Portal Server 7.2 Deployment Planning Guide

Portal Server Features

This section reviews specific technology features with the goal of determining which technologies are most important for your organization. Review these features while keeping in mind your organization’s short-, mid-, and long-term plans.

Use the following sections and tables to assess the benefits of the listed features and determine their relative priority for your organization. This information will assist you in developing a deployment plan in a timely and cost effective manner.

Note –

If your Java Enterprise System sales representative has previously discussed these topics with you, this section serves as a review of that process.

Identity Management

Portal Server uses identity management to control many users spanning a variety of different roles across the organization and sometimes outside the organization while accessing content, applications and services. The challenges include: Who is using an application? In what capacity do users serve the organization or company? What do users need to do, and what should users be able to access? How can others help with the administrative work?

Table 1–1 shows the identity management features and their benefits.

Table 1–1 Identity Management Features and Benefits


Feature	Description	Benefit
Directory service	Portal Server uses Access Manager and Directory Server	Portal Server uses an LDAP directory for storing user profiles, roles, and identity information for authentication, single sign-on (SSO), delegated administration, and personalization.
User, policy, and provisioning management	Access Manager enables you to manage many users spanning a variety of different roles across the organization and sometimes outside the organization while accessing content, applications, and services.	Provides central storage and management of identity information, which is integrated with a policy solution to enforce access rights. Extends a common identity to handle new applications, enables applications to share administrative work, and simplifies tasks normally associated with building these services. Consolidates management of users and applications. Personalizes content and service delivery. Simplifies and streamlines information and service access. Reduces costs associated with managing access and delivery. Provides secure policy-based access to applications. Ensures secure access as portal deployments expand beyond employee LAN access.
Single sign-on (SSO)	Access Manager integrates user authentication and single sign-on through an SSO API. Once the user is authenticated, the SSO API takes over. Each time the authenticated user tries to access a protected page, the SSO API determines if the user has the permissions required based on their authentication credentials. If the user is valid, access to the page is given without additional authentication. If not, the user is prompted to authenticate again.	Enhances user productivity by providing a consistent, centralized mechanism to manage authentication and single sign-on, while enabling employees, partners and customers access to content, applications, and services.
Delegated administration	The Portal Server administration console provides role-based delegated administration capabilities to different kinds of administrators to manage organizations, users, policy, roles, channels, and Portal Desktop providers based on the given permissions.	Enables IT to delegate portal administrative duties to free up valuable IT resources and administration.
Security	Provides single sign-on for aggregated applications to the portal.	Security can address many different needs within the portal, including authentication into the portal, encryption of the communications between the portal and the end user, and authorization of the content and applications to only users that are allowed access.

Secure Remote Access

Table 1–2 shows the Sun Java System Portal Server Secure Remote Access features and their benefits.

Table 1–2 Secure Remote Access Features and Benefits


Feature	Description	Benefit
Integrated security	Extranet or virtual private network (VPN) capabilities “on demand” while providing user, policy, and authentication services. The Gateway component provides the interface and security barrier between remote user sessions originating from the Internet, and your corporate intranet.	Extends an enterprise’s content, applications, files, and services located behind firewalls to authorized suppliers, business partners, and employees. To prevent denial of service attacks, you can use both internal and external DMZ-based Gateways.
Secure Remote Access core	Users achieve remote access through four components: Gateway NetFile Netlet Proxylet	This component has four parts: Gateway—Controls communication between the Portal Server and the various Gateway instances. NetFile—Enables remote access and operation of file systems and directories. Netlet—Ensures secure communication between the Netlet applet on the client browser, the Gateway, and the application servers. Proxylet—Proxylet sets itself up as a proxy server running on the client's machine, and modifies the proxy settings of the browser to point to itself ( also referred to as the local proxy server). The local proxy server (Proxylet) then proxies all the intranet traffic through the gateway.
Universal access	Enables web browser based universal access with no client software installation or maintenance necessary.	Simplifies the IT administration and maintenance overhead while dramatically reducing the time and cost of deployment.
Netlet Proxy	Provides an optional component that extends the secure tunnel from the client, through the Gateway to the Netlet Proxy that resides in the intranet.	Restricts the number of open ports in a firewall between the demilitarized zone (DMZ) and the intranet.
Rewriter Proxy	Redirects HTTP requests to the Rewriter Proxy instead of directly to the destination host. The Rewriter Proxy in turn sends the request to the destination server.	Enables secure HTTP traffic between the Gateway and intranet computers and offers two advantages: If a firewall exists between the Gateway and server, the firewall needs to open only two ports: one between the Gateway and the Rewriter Proxy, and another between the Gateway and the Portal Server. HTTP traffic is secure between the Gateway and the intranet even if the destination server only supports HTTP protocol (no HTTPS).

Search Service

The Sun Java System Portal Server provides a Search Service the retrieves and categorizes information for users. The Search Service is used in the following channels:

Subscription channel to summarize the number of hits (relevant information) that match each profile entry defined by the user for categorized documents and discussions.
Discussion channel to individually search contents and rate the importance for comments.

Table 1–3 lists the search features and their benefits.

Table 1–3 Search Features and Benefits


Feature	Description	Benefit
Search Service	Enables the retrieval of documents based on criteria specified by the end user.	Saves users time by providing access to content.
Categorization	Organizes documents into a hierarchy. This categorization is often referred to as taxonomy.	Provides a different view of documents that enables browsing and retrieval.
Robot	The Search Service robot is an agent that crawls and indexes information across your intranet or the Internet.	Automatically searches and extracts links to resources, describes those resources, and puts the descriptions in the Search database (also called generation or indexing).
Discussions	A forum for multiple threaded discussions.	Contents are individually searchable and importance rating are given for of all comments
Subscriptions	Enables the user to track new or changed material in different areas of interest.	Discussions, search categories, and free-form searches (saved searches) can be tracked.

Content Personalizing

Personalization is the ability to deliver content based on selective criteria and offer services to a user.

Table 1–4 shows the personalization features and their benefits.

Table 1–4 Personalization Features and Benefits


Feature	Description	Benefit
Deliver content based on user’s role	Portal Server includes the ability to automatically choose which applications users are able to access or to use, based on their role within the organization.	Increases employee productivity, improves customer relationships, and streamlines business relationships by providing quick and personalized access to content and services.
Enable users to customize content	Portal Server enables end users to choose what content they are interested in seeing. For example, users of a personal finance portal choose the stock quotes they would like to see when viewing their financial portfolio.	The information available in a portal is personalized for each individual. In addition, users can then customize this information further to their individual tastes. A portal puts control of the web experience in the hands of the people using the web, not the web site builders.
Aggregate and personalize content for multiple users	Portal Server enables an enterprise or service provider to aggregate and deliver personalized content to multiple communities of users simultaneously.	This enables a company to deploy multiple portals to multiple audiences from one product and manage them from a central management console. Also, new content and services can be added and delivered on demand without the need to restart Portal Server. All of this saves time and money, and ensures consistency in an IT organization.
Portal Communities	A Portal Community is an association of members and services that is created and administered by end-users.	The Portal Communities feature makes collaboration more accessible to end users by providing a way for end users to create their own Portal. End users are able to assign membership roles and choose which Portal services available to members.

Aggregation and Integration

One of the most important aspects of a portal is its ability to aggregate and integrate information, such as applications, services, and content. This functionality includes the ability to embed non-persistent information, such as stock quotes, through the portal, and to run applications within, or deliver them through, a portal.

Table 1–5 shows the aggregation and integration features and their benefits.

Table 1–5 Aggregation Features and Benefits


Feature	Description	Benefit
Aggregated information	The Portal Desktop provides the primary end-user interface for Portal Server and a mechanism for extensible content aggregation through the Provider Application Programming Interface (PAPI). The Portal Desktop includes a variety of providers that enable container hierarchy and the basic building blocks for building some types of channels.	Users no longer have to search for the information. Instead, the information finds them.
Consistent set of tools	Users can use the provided set of tools such as web-based email and calendaring software that follows them through their entire time at the company.	Users do not have to use one tool for one project, another tool for another location. Because these tools all work within the portal framework, the tools have a consistent look and feel and work similarly, reducing training time.
Collaboration	Portal Server provides control and access to data as a company-wide resource.	In many companies, data is seen as being owned by individual departments, instead of as a company-wide resource. The portal can act as a catalyst for making the data available in a controlled way to the people who need to use it. This broader, more immediate access can improve collaboration.
Integration	Portal Server enables you to use the Portal Desktop as the sole place for users to gain access to or launch applications and access data.	Integration with existing email, calendar, legacy, or web applications enables the portal to serve as a unified access point, enabling access to the information quickly and easily.