Sun ONE Portal Server 6.1 Installation Guide · Installation Guide Sun™ ONE Portal Server Version6.1 816-6747-10 June 2003

Installation GuideSun™ ONE Portal Server

Version6.1

816-6747-10June 2003

Sun Microsystems, Inc.4150 Network CircleSanta Clara, CA 95054 U.S.A.

Copyright 2003 Sun Microsystems, Inc. All rights reserved.

Sun, Sun Microsystems, the Sun logo, Solaris, iPlanet, the iPlanet logo, Java, and JavaServer Pages are trademarks or registeredtrademarks of Sun Microsystems, Inc. in the United States and other countries. Netscape and the Netscape N logo are registeredtrademarks of Netscape Communications Corporation in the U.S. and other countries. Other Netscape logos, product names, andservice names are also trademarks of Netscape Communications Corporation, which may be registered in other countries. UNIX is aregistered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. All SPARCtrademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the US and othercountries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.

Federal Acquisitions: Commercial Software—Government Users Subject to Standard License Terms and Conditions

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation. Nopart of the product or this document may be reproduced in any form by any means without prior written authorization of the SunMicrosystems and its licensors, if any.

THIS DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS ANDWARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSEOR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BELEGALLY INVALID.

________________________________________________________________________________________

Copyright © 2003 Sun Microsystems, Inc. Tous droits réservés.

Sun, Sun Microsystems, le logo Sun, Solaris, iPlanet, et le logo iPlanet sont des marques de fabrique ou des marques déposées de SunMicrosystems, Inc. aux Etats-Unis et d’autre pays. Netscape et le logo Netscape N sont des marques déposées de NetscapeCommunications Corporation aux Etats-Unis et d’autre pays. Les autres logos, les noms de produit, et les noms de service deNetscape sont des marques déposées de Netscape Communications Corporation dans certains autres pays. UNIX est une marqueenregistree aux Etats-Unis et dans d'autres pays et licenciée exclusivement par X/Open Company Ltd. Toutes les marques SPARC,utilisées sous licence, sont des marques déposées ou enregistrées de SPARC International, Inc. aux Etats-Unis et dans d’autres pays.Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.

Le produit décrit dans ce document est distribué selon des conditions de licence qui en restreignent l'utilisation, la copie, ladistribution et la décompilation. Aucune partie de ce produit ni de ce document ne peut être reproduite sous quelque forme ou parquelque moyen que ce soit sans l’autorisation écrite préalable de Sun Microsystems et, le cas échéant, de ses bailleurs de licence.

CETTE DOCUMENTATION EST FOURNIE “EN L'ÉTAT”, ET TOUTES CONDITIONS EXPRESSES OU IMPLICITES, TOUTESREPRÉSENTATIONS ET TOUTES GARANTIES, Y COMPRIS TOUTE GARANTIE IMPLICITE D'APTITUDE À LA VENTE, OU ÀUN BUT PARTICULIER OU DE NON CONTREFAÇON SONT EXCLUES, EXCEPTÉ DANS LA MESURE OÙ DE TELLESEXCLUSIONS SERAIENT CONTRAIRES À LA LOI.

3

Contents

List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

List of Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

List of Code Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

What You Need to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Monospaced Font . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Bold Monospaced Font . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Italicized Font . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Command-Line Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Chapter 1 Planning the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Browser Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Checklist for Java™ Development Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Checklist for Sun™ ONE Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Checklist for Sun™ ONE Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Checklist for Deployment on Sun™ ONE Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

4 Sun ONE Portal Server 6.1 • Installation Guide • June 2003

Checklist for Deployment on BEA WebLogic Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Checklist for Deployment on IBM Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Checklist for Sun™ ONE Identity Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Checklist for Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Directory Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Chapter 2 Installing Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Installing the Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Installing the Sun ONE Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Configuring an Existing Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Upgrading Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Installing the Migration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Chapter 3 Post Installation Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Configuring the Sun ONE Portal Server to Run as User Non-Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Shortening the WAIT State for TCP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Reconfiguring the Sun ONE Portal Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Launching Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Configuring the Sun ONE Portal Server to Run as User Nobody . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Shortening the WAIT State for TCP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Reconfiguring the Sun ONE Portal Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Launching Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Creating and Deleting Instances of the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Where to Go Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Validating Sun ONE Portal Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Accessing the Sun ONE Portal Server Administration Console and Desktop . . . . . . . . . . . . . . . . . 59

To Access the Sun ONE Identity Server Administration Console . . . . . . . . . . . . . . . . . . . . . . . . 59To Access the Sample Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Configuring Sun ONE Portal Server With a Gateway to Trust Sun ONE Identity Server . . . . . . . 60Administering the Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Chapter 4 Uninstalling the Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Restarting Sun ONE Identity Server After Removing Sun ONE Portal Server . . . . . . . . . . . . . . . . 64

For a Single Instance Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64For a Multiple Instance Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Chapter 5 Tuning the Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Tuning Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Memory Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Tuning Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Solaris Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

5

Kernel Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70TCP Parameters Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Sun ONE Identity Server Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Directory Server Connection Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71LDAP Authentication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71LDAP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Sun ONE Identity Server Services Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Sun ONE Directory Server Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Sun ONE Web Server 6.0 Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

For Production Optimum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74For Production Large . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Sun ONE Portal Server Desktop Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77For Production Optimum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77For Production Large . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Appendix A Sun ONE Portal Server 6.1 Installation for Sun ONE Application Server 7.0 . 79Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Installing the Sun ONE Portal Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Installing the Sun ONE Portal Server into a Secure Application Server Instance . . . . . . . . . . . . . . . . . 85

To Secure the Application Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85To Install the Sun ONE Portal Server to Run as SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Appendix B Sun ONE Portal Server 6.1 Installation for BEA Application Server . . . . . . . . 91Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Pre Portal Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Installing the Portal Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Setting Up Sun ONE Portal Server on BEA Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Appendix C Sun ONE Portal Server 6.1 Installation for IBM Application Server . . . . . . . . 105Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106


Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Additional Software Requirements for WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Installing the Portal Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Creating an Application Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Appendix D Setting Up LDAP Replication for the Sun ONE Portal Server . . . . . . . . . . . . . 113Setting Up Replication on the Sun ONE Portal Server Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Setting Up Replication on the Dedicated LDAP Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Adding More Suppliers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Configuring the Sun ONE Portal Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Appendix E Setting Up the Sun ONE Portal Server to Use Secure External LDAP DirectoryServer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Configuring an Existing Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Configuring the Directory Server to Run in SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Creating a Trust Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Creating a Trust Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Using the password.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Installing A Root Certificate Authority (CA) Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Enabling SSL for the Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

7

List of Figures

Figure 1-1 Single Machine Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Figure 1-2 Multiple Machines Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Figure 1-3 Sun ONE Portal Server Deployment Using Application Server . . . . . . . . . . . . . . . . . . 24


9

List of Tables

Table 1 Common Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Table 1-1 Directory Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Table A-1 Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Table B-1 Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Table C-1 Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107


11

List of Procedures

Shortening the WAIT State for TCP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Reconfiguring the Sun ONE Portal Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Launching Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Shortening the WAIT State for TCP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Reconfiguring the Sun ONE Portal Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Launching Sun ONE Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

To Access the Sun ONE Identity Server Administration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

To Access the Sample Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

To Secure the Application Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

To Install the Sun ONE Portal Server to Run as SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84


List of Code Examples 13

List of Code Examples

Code Example 3-1 magnus.conf File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46


Code Example 3-3 dse.ldif File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Code Example 3-4 local.conf File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48


Code Example 3-6 desktopconfig.properties File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Code Example 3-7 amserver File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50



Code Example 3-10 dse.ldif File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Code Example 3-11 local.conf File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54


Code Example 3-13 desktopconfig.properties File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Code Example 3-14 amserver File Sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Code Example 1 Sample web.xml File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97


15

About This Guide

This guide explains how to install the Sun™ Open Net Environment (Sun™ ONE)Portal Server 6.1 software and its accompanying software components. Sun ONEPortal Server provides a platform to create portals for your organization’sintegrated data, knowledge management, and applications. The Sun ONE PortalServer platform offers a complete infrastructure solution for building anddeploying all types of portals, including business-to-business,business-to-employee, and business-to-consumer.

This preface includes the following sections:

• Who Should Read This Book

• What You Need to Know

• How This Book is Organized

• Document Conventions Used in This Guide

• Where to Find Related Information

• Where to Find This Guide Online

Who Should Read This BookYou should read this book if you are responsible for installing Sun ONE PortalServer at your site.

What You Need to Know


What You Need to KnowIn order to install Sun ONE Portal Server, you must be familiar with the followingproducts:

• Sun™ ONE Directory Server

• Sun™ ONE Identity Server

• Sun™ ONE Web Server

This book assumes you have a basic understanding of:

• The Solaris™ Operating System

• UNIX command-line utilities and administrative tasks

How This Book is OrganizedThis book contains the following chapters:

• About This Guide (this chapter)

• Chapter 1, “Planning the Installation.”

This chapter discusses the recommendations and requirements for installingthe Sun ONE Portal Server 6.1 software.

• Chapter 2, “Installing Sun ONE Portal Server.”

This chapter provides instructions for installing the Sun ONE Portal Serversoftware internal and external components.

• Chapter 3, “Post Installation Configuration.”

This chapter includes post-installation tasks for reconfiguring the portal serverto run as user nobody and user non-root.

• Chapter 4, “Uninstalling the Sun ONE Portal Server.”

This chapter provides instructions for removing the Sun ONE Portal Serversoftware internal and external components.

• Chapter 5, “Tuning the Sun ONE Portal Server.”

This chapter provides tuning recommendation for optimizing the performanceof the Sun ONE Portal Server.


About This Guide 17

• Appendix A, “Sun ONE Portal Server 6.1 Installation for Sun ONE ApplicationServer 7.0.”

This appendix provides instructions for installing the Sun ONE Portal Serversoftware on the Sun ONE Application Server.

• Appendix B, “Sun ONE Portal Server 6.1 Installation for BEA ApplicationServer.”

This appendix provides instructions for installing the Sun ONE Portal Serversoftware on the BEA WebLogic Application Server.

• Appendix C, “Sun ONE Portal Server 6.1 Installation for IBM ApplicationServer.”

This appendix provides instructions for installing the Sun ONE Portal Serversoftware on the IBM WebSphere Application Server.

• Appendix D, “Setting Up LDAP Replication for the Sun ONE Portal Server.”

This appendix provides instructions for setting up LDAP replication for theSun ONE Portal Server.

• Appendix E, “Setting Up the Sun ONE Portal Server to Use Secure ExternalLDAP Directory Server.”

This appendix provides a number of procedure for setting up the Sun ONEPortal Server running on the Sun ONE Web Server and the Sun ONEApplication Server web containers to use a secure external LDAP directoryserver.

Document Conventions Used in This Guide

Monospaced FontMonospaced font is used for any text that appears on the computer screen or textthat you should type. It is also used for file names, distinguished names, functions,and examples.



Bold Monospaced FontAlso, all paths specified in this manual are in Unix format. If you are using aWindows NT-based Sun ONE Portal Server, you should assume the Windows NTequivalent file paths whenever Unix file paths are shown in this book.

Bold monospaced font is used to represent text within a code example that youshould type. For example, you might see something like this:

./pssetup*******************************************************************

Portal Server (6.1 release)

*******************************************************************

Installation log at /var/sadm/install/logs/pssetup.13343/setup.log

This product will run without a license. However, you must eitherpurchase a Binary Code License from, or accept the terms of a BinarySoftware Evaluation license with, Sun Microsystems, to legally usethis product.

Do you accept? yes/[no] Starting install wizard in graphical mode

In this example, ./pssetup is what you would type from the command line andthe rest is what would appear as a result.

Italicized FontItalicized font is used to represent text that you enter using information that is uniqueto your installation (for example, variables). It is used for server paths and namesand account IDs.

Command-Line PromptsCommand-line prompts (for example, % for a C-Shell, or $ for a Korn, or Bourneshell) are not displayed in the examples. Depending on which operating systemenvironment you are using, you will see a variety of different command-lineprompts. However, you should enter the command as it appears in the documentunless specifically noted otherwise.


About This Guide 19

VariablesTable 1 is a two column table that describes the common variables used in thisdocument. The first column lists the variables, and the second column provides adescription of how the variables are used.

Where to Find Related InformationIn addition to this guide, Sun ONE Portal Server comes with supplementaryinformation for administrators as well as documentation for developers. Use thefollowing URL to see all the Sun ONE Portal Server documentation:

http://docs.sun.com/prod/s1portalsrv

Listed below are the additional documents released with the Sun ONE PortalServer 6.1 documentation suite:

• Sun ONE Portal Server 6.1 Release Notes

• Sun ONE Portal Server, Secure Remote Access 6.1 Release Notes

• Sun ONE Portal Server 6.1 Administrator’s Guide

• Sun ONE Portal Server 6.1 Migration Guide

• Sun ONE Portal Server, Secure Remote Access 6.1 Installation Guide

• Sun ONE Portal Server, Secure Remote Access 6.1 Adminstrator’s Guide

The following guides have not been updated for the Sun ONE Portal Server 6.1release; however, the information contained in these documents is applicable to theSun ONE Portal Server 6.1 product.

Table 1 Common Variables

Variable Description

S1PSBaseDir The Sun ONE Portal Server installation directory. Forexample, /opt.

DSBaseDir The Sun ONE Directory Server installation directory. Forexample, /usr/ldap.

ISBaseDir The Sun ONE Identity Server installation directory. Forexample, /opt.

UserID User identification. For example, root or nobody.



• Sun ONE Portal Server 6.0 Desktop Customization Guide

• Sun ONE Portal Server 6.0 Developer’s Guide

• Sun ONE Portal Server 6.0 Deployment Guide

Where to Find This Guide OnlineYou can find the Sun ONE Portal Server 6.1 Installation Guide online in PDF andHTML formats. This book can be found at the following URL:

http://docs.sun.com/prod/s1portalsrv

21

Chapter 1

Planning the Installation

Before you begin installing your Sun™ ONE Portal Server software, you must planyour installation carefully. Familiarize yourself with how the installation softwareis packaged, what the requirements for your system are, and what information youmust have so that you can complete the installation successfully.

This chapter contains the following sections:

• Installation Overview

• System Requirements

• Configuration Information

• Directory Layout

Installation OverviewThe Sun ONE Portal Server’s installation program installs components andprovides initial system configuration. You can install the Sun ONE Portal Serverand the Sun™ ONE Directory Server at the same time, or you can install themseparately. For better performance, you may want to install the Sun ONE PortalServer and the Sun ONE Directory Server on separate machines. For installationsthat are upgrades, the installation program provides migration tools.

Consider these guidelines for your installation:

• You can install Sun ONE Portal Server on the same machine as Sun ONEDirectory Server or on a separate machine. The Sun ONE Directory Server canalso be an existing installation.

❍ If you install Sun ONE Portal Server and Sun ONE Directory Serverseparately, the Sun ONE Directory Server must be installed first.

Installation Overview


❍ The machine running Sun ONE Portal Server must be able to access themachine running Sun ONE Directory Server. Any firewalls between thesystems must not block connections to the Sun ONE Directory Server port.

• The Sun ONE Portal Server must be installed on the same machine as theSun™ ONE Identity Server. The Sun ONE Portal Server can also be installed onan existing installation of the Sun ONE Identity Server.

• You cannot install Sun ONE Portal Server on a machine with an existinginstallation of the Sun™ ONE Web Server. The installation program installs theSun ONE Web Server that is needed for Sun ONE Portal Server. If a web serveris already installed, install the Sun ONE Web Server bundled with the SunONE Portal Server on a different port.

Figure 1-1 shows an example installation of the Sun ONE Portal Server, Sun ONEIdentity Server, Sun ONE Web Server, and Sun ONE Directory Server on a singlemachine.

Figure 1-1 Single Machine Installation

Figure 1-2 shows an example installation of the Sun ONE Portal Server, Sun ONEIdentity Server, and Sun ONE Web Server on multiple machines using Sun ONEDirectory Server on another machine.

Figure 1-2 Multiple Machines Installation

Sun ONE Portal Server

Sun ONE Web Server Sun ONE Directory Server

Sun ONE Identity Server

Installation Overview

Chapter 1 Planning the Installation 23

The Sun ONE Portal Server software also includes data migration tools for sitesthat are upgrading from previous Sun ONE Portal Server versions.

If you are upgrading from iPlanet™ Portal Server 3.0 Service Pack 3a or 4 to thisversion of the software, use the following guidelines:

Install the Sun ONE Portal Server Data Migration Tool Suite on the system.

• If you are migrating from an iPlanet™ Portal Server 3.0 (Service Pack 3a or 4)system to a separate Sun ONE Portal Server 6.1 system, you need twoinstallations of the Sun ONE Portal Server 6.1 Data Migration Tool Suite, oneon each system.

• You can install Sun ONE Portal Server 6.1 on an iPlanet Portal Server 3.0(Service Pack 3a or 4) system for a single-system migration.

Figure 1-3 shows an example installation of the Sun ONE Portal Server, Sun ONEIdentity Server, an application server, and Sun ONE Directory Server.



Sun ONE Web Server


Sun ONE Web Server

Sun ONEDirectory Server


System Requirements


Figure 1-3 Sun ONE Portal Server Deployment Using Application Server

For more information on deploying Portal Server 6.1 on an application server see:

• Checklist for Deployment on Sun™ ONE Application Server

• Checklist for Deployment on BEA WebLogic Server

• Checklist for Deployment on IBM Application Server

System RequirementsBefore installing the Sun ONE Portal Server software, ensure that your systemmeets the following requirements:

• Hardware Requirements

• Software Requirements

• Operating System Requirements, including patches

• Browser Recommendations

Hardware RequirementsFor a new installation of the software, your system must meet the followingminimal hardware requirements:

• 1 450 MHz UltraSPARC® II CPU or better


Application Server Sun ONE Directory Server


System Requirements


• 512 Mbytes of RAM

• 1 Gbyte of hard drive swap space

• 1 Gbyte of disk space

Software RequirementsThe software discussed here is required for a successful installation of the SunONE Portal Server software. Older versions of these software products are notsupported.

• Sun ONE Directory Server 5.1sp1

• Sun ONE Identity Server 6.0 SP1

• Java™ Development Kit (JDK™)

❍ JDK 1.3.1_06 if installing on the Sun ONE Web Server

❍ JDK 1.4.1_01 if installing on Sun™ ONE Application Server 7.0

❍ JDK 1.3.1_06 if installing on the BEA WebLogic 6.1 SP4 (default JDKprovided with BEA WebLogic 6.1 SP4. No JDK is installed by pssetup.)

❍ JDK 1.3.1_05 if installing on IBM WebSphere 4.0.5 (JDK provided with IBMWebSphere)

Operating System RequirementsThe Sun ONE Portal Server software requires at least a user distribution of theSolaris™ 8 Operating System or Solaris™ 9 Operating System. The Solaris 8Operating System requires the following operating system patches as well for asuccessful installation of the product:

• 109326-03

• 108434-03

• 108827-15

• 112438-01

Configuration Information


These are the minimum required patches. The last two digits of the patch numberare the minor revision number. If updates to the patch have been released, installthe most recent patch revision (the one with the higher revision number).Typically, these patches are made obsolete when a new patch is released and onlythe most recent patch is available at the SunSolve site. Please review the readme foreach patch to find out what dependencies or patches may be required.

The installer will allow you to continue if you feel that the latest patches areinstalled.

Browser RecommendationsThe following browsers are supported for administration and for accessing the SunONE Portal Server Desktop:

• Internet Explorer 5.5 and 6.0

• Netscape™ 4.7x or higher, and 6.2.1

Configuration InformationDuring installation of the Sun ONE Portal Server software, you must specify someconfiguration information. Complete the checklists in this section before you installthe software.

Checklist for Java™ Development KitIf the Java™ Development Kit (JDK™) software is already installed on the system,Sun ONE Portal Server accepts it.

Answer these questions before you install Sun ONE Portal Server:

• Is the supported version of JDK software currently installed on the system? Ifyes, specify the installation directory.

The JDK version depends on the web container being used. For details onwhich JDK version is used, see “Software Requirements.”

For example, the directory for JDK 1.4.1_01 is /usr/java1.4.1_01 or/usr/java1.3.1_06 JDK 1.3.1_06.

• Do you want to install the JDK software?



Checklist for Sun™ ONE Directory ServerDuring installation, you must provide information about the server where SunONE Directory Server will be installed so that the URL to access the directory canbe formulated.

Whether using an existing directory server or installing a new directory server, youmust specify the following information:

• Is the Sun ONE Directory Server already installed on this system? Or, do youwant to use the Sun ONE Directory Server running on another system?

The Sun ONE Directory Server must be installed before installing the Sun ONEPortal Server.

• Do you want to install the Sun ONE Directory Server on this system? Or, doyou want to install the Sun ONE Directory Server on another system?

The Sun ONE Directory Server must be installed before installing the Sun ONEPortal Server.

• What is the host name of the system running the directory server?

• What is the sub-domain name of the system running the directory server?

Use this if the server exists on a domain below the main domain. Or, enter dot(‘.’) to indicate that the server does not reside on a subdomain.

• What is the domain name of the system running the directory server?

Check the /etc/hosts file to specify the fully qualified domain name of thesystem.

• What is or what will be the Sun ONE Directory Server’s base directory?

NOTE If you are installing the Sun ONE Portal Server and have elected notto use an existing Sun ONE Directory Server, then you need notspecify the host name, subdomain, and domain name of the system.The installer assumes that these values will be the same as thoseentered for Sun ONE Identity Server.



The default base directory for a new Sun ONE Directory Server is /usr/ldap.The base directory must be a directory on a local disk drive; you cannot use anetworked drive for installation purposes. The file sharing protocols such asAFS, NFS, and SMB do not provide file locking and performance suitable foruse by the Sun ONE Directory Server. The server database index files may bedamaged if they are not held on a local file system.

• What port should be used to access Sun ONE Directory Server?

Port numbers can be any number from 1 to 65535.

The default LDAP port number is 389. The default port number for LDAP overSSL is 636. Therefore, do not use port number 636 for your standard LDAPinstallation, even if 636 is not already in use. You can also use LDAP over TLSon the standard LDAP port.

On UNIX platforms, Sun ONE Directory Server must be run as root or usernobody if it listens on either port 389 or 636.

Make sure the ports you choose are not already in use. To determine whetheror not a port is in use, enter:

netstat -an | grep port-number

Also, if you are using both LDAP and LDAPS communications, make sure theport numbers chosen for these two types of access are not identical.

• What is the Sun ONE Directory Server’s administration port number?

The default port number is 58900. If port 58900 is already in use by anotherapplication, choose a different port for Sun ONE Directory Serveradministration. Make sure the port you choose is not already in use by anotherprocess.

• What is the root suffix of the directory tree?

This is the directory entry that represents the first entry in a directory tree. Youmust have at least one directory suffix for the tree that contains yourenterprise’s data.

The default directory root suffix is dc=iplanet,dc=com

• What is the directory manager distinguished name (DN)?

Access control does not apply to this directory entry. The default DN iscn=Directory Manager.



This DN does not have to conform to any suffix configured for Sun ONEDirectory Server. Do not manually create an actual directory server entry withthe same DN as the directory manager DN.

• What is the directory manager’s password?

This must be at least 8 characters long. It is limited to ASCII letters and digits.

Checklist for Sun™ ONE Web ServerWhen installing the Sun ONE Web Server, specify the following basicconfiguration information:

• Is the Sun ONE Web Server installed on this system?

The Sun ONE Portal Server software will not use an existing installation of theSun ONE Web Server and will install its own web server.

• What will be the Sun ONE Web Server administration port number?

The administration instances allows you use to manage your Sun ONE WebServer. Choose a random number for the administration instance to make itharder for someone to breach your server. When you configure your server,you use the Administration Server’s port number. For example, for serversiroe.com, the server’s URL could be http://www.siroe.com:2634/.

Make sure the port you choose is not already in use. On UNIX systems, youcan check the file /etc/services on the server machine to make sure you donot assign a port number that is reserved for another service. If you choose aport that is currently being used by another service, the installation programprompts you for another port.

NOTE If you elect to have pssetup install the Sun ONE Directory Serverand Sun ONE Identity Server on the same machine during the SunONE Portal Server installation, then the Sun ONE Web Serveradministrator’s password, the Sun ONE Identity Serveradministrator’s password, and the directory manager’s passwordwill all be the same. Whatever you enter when asked for thepassphrase will become the password for accessing theadministration console for all three components.



If you use UNIX and you choose a server port number lower than 1024, youmust be logged in as root to start the server. After the server binds to the port,the server changes from the root user account to the user account you specify.You can run services under 1024 if you run them as user nobody and all othernon-root users do need to use ports higher than 1024. Since user nobody doesnot have a resolvable password, you have to be root to start processes that runas nobody. If you choose a port number higher than 1024, you do not need tobe the root user to start the server.

By default, the software assigns port 8088 as the Sun ONE Web Serveradministration port.

• What will be the Sun ONE Web Server administrator’s name?

By default, the user name to use for administering the web server is admin. Youcan, however, specify another name for the administrator.

• What will be the password of the administrator for this server?

The password must be at least 8 characters long. It is limited to ASCII lettersand digits.

Checklist for Deployment on Sun™ ONEApplication ServerThe Sun ONE Application Server needs to be installed before you install the SunONE Portal Server software. For installation requirements and instructions, seeAppendix A, “Sun ONE Portal Server 6.1 Installation for Sun ONE ApplicationServer 7.0.”

NOTE If you elect to have pssetup install the Sun ONE Directory Serverand Sun ONE Identity Server on the same machine during the SunONE Portal Server installation, then the Sun ONE Web Serveradministrator’s password, the Sun ONE Identity Serveradministrator’s password, and the directory manager’s passwordwill all be the same. Whatever you enter when asked for thepassphrase will become the password for accessing theadministration console for all three components.



Checklist for Deployment on BEA WebLogicServerThe BEA WebLogic Server needs to be installed before you install the Portal Server.software. For installation requirements and instructions, see Appendix B, “SunONE Portal Server 6.1 Installation for BEA Application Server.”

Checklist for Deployment on IBM ApplicationServerThe IBM WebSphere Server needs to be installed before you install the PortalServer software. The IBM WebSphere Server requires that you install a databasebefore you install WebSphere.

For installation requirements and instructions, see Appendix C, “Sun ONE PortalServer 6.1 Installation for IBM Application Server.”

Checklist for Sun™ ONE Identity ServerWhen installing the Sun ONE Identity Server, specify the following basicconfiguration information to install and configure the Sun ONE Identity Server forSun ONE Portal Server.

• Do you wish to install the Sun ONE Identity Server on this system? Or, is theSun ONE Identity Server currently installed on this system?

The Sun ONE Portal Server must be installed on the system running Sun ONEIdentity Server, and the Sun ONE Identity Server must be installed beforeinstalling the Sun ONE Portal Server. You can use an existing installation of theSun ONE Identity Server if the version is compatible (see “SoftwareRequirements” for more details). However, installation of the Sun ONE PortalServer into an existing Sun ONE Identity Server running as user nobody is notsupported. Change Sun ONE Identity Server to run as root before installing theSun ONE Portal Server (see Chapter 2, “Installing Sun ONE Portal Server” formore information on changing Sun ONE Identity Server to run as root).

• What will be the Sun ONE Identity Server software base directory?



The base directory must be a directory on a local disk drive; you cannot use anetworked drive for installation purposes. The base directory must not alreadyexist or must be empty.

The default base directory for Sun ONE Identity Server is /opt for Sun ONEWeb Server and IBM WebSphere.

The default base directory for Sun ONE Identity Server is/opt/SUNWappserver7 for Sun ONE Application Server.

The default base directory for Sun ONE Identity Server is /opt/bea for BEAWebLogic.

• What is the host name of the system?

• What is the subdomain name of the system?

Use this if the server exists on a domain below the main domain. Enter dot (‘.’)to indicate that the server does not reside on a subdomain.

• What is the domain name of the system?

Check the /etc/hosts file to specify the fully qualified domain name of thesystem.

• What is the IP address of this system?

If you have multiple Network Interface Cards (or NICs), ensure that youspecify the correct IP address since multiple IP addresses can correspond tomultiple NICs.

If you notice that the installation program is unable to detect the IP address ofthe system, ensure that you specify the fully qualified domain name of thesystem correctly.

• Run Secure Sockets Layer (SSL) on this server?

SSL can be used to encrypt the communication between the client browser andyour server. By default, the software assumes that you do not want to run SSLon the system.

• What port should be used to access Sun ONE Portal Server?

Specify a port that your browser will use to communicate with your server.The default port number provided for the server component of the Sun ONEPortal Server software is 80 for non-SSL communication and 443 for SSLcommunication.



If you decide to run the Sun ONE Portal Server as user nobody, you can use allof the available ports including the reserved ports up to 1024. If you want torun as a regular (or non-root) user, make sure you use ports greater than 1024when installing Sun ONE Portal Server.

Make sure the ports you choose are not already in use. To determine whetheror not a port is in use, enter:

netstat -an | grep port-number

• Identity Server Internal LDAP Authentication password?

It is limited to ASCII letters and digits.

Checklist for Sun ONE Portal ServerThe default base directory for Sun ONE Portal Server is /opt. Or it is deployed inthe same base directory as the Sun ONE Identity Server software’s base directory(see “Checklist for Sun™ ONE Identity Server” for more information).

• Is the Sun ONE Portal Server 3.0 Service Pack 3a or 4 currently installed on thissystem?

If yes, see information on upgrading to this version of the software in the“Installation Overview” before installing the software and/or the migrationutilities.

• What is the base directory?

• What is the deployment type?

❍ Sun ONE Application Server

❍ BEA WebLogic

❍ IBM WebSphere

❍ Sun ONE Web Server

If installing the Sun ONE Portal Server product in one of the supportedapplication servers, see the appendix associated with your application serverdeployment in this guide.

NOTE For security reasons, the Identity Server Internal LDAPAuthentication User password must not be the same as thepassphrase.

Directory Layout


❍ Appendix A, “Sun ONE Portal Server 6.1 Installation for Sun ONEApplication Server 7.0.”

❍ Appendix B, “Sun ONE Portal Server 6.1 Installation for BEA ApplicationServer.”

❍ Appendix C, “Sun ONE Portal Server 6.1 Installation for IBM ApplicationServer.”

• What is the deployment Uniform Resource Indicator (URI)?

By default, content is deployed inS1PSBaseDir/SUNWps/web-apps/ServerInstance/URI where the URI, by default, is/portal.The value for the deployment URI must have a leading slash andmust contain only one slash. The content gets installed in the Sun ONE WebServer.

• Do you wish to install the sample portal on this system?

The Sun ONE Portal Server software ships with a sample portal. If you installthe sample portal, you can see an example portal configuration. The sampleportal acts as a starting point and it provides examples of how to use thevarious Desktop components.

The sample portal is not intended for deployment. It is necessarily generic(sample-like) in nature. You can configure the portal for your specificdeployment needs.

• What is the upgrade mode?

This option allows you to perform an upgrade from Sun ONE Portal Server 6.0to Sun ONE Portal Server 6.1. For instructions on performing an upgrade seethe Sun ONE Portal Server 6.0 Migration Guide.

Directory LayoutThis section outlines the default directory layout of the Sun ONE Portal Serversoftware and its supporting components.

NOTE The deployment URI cannot be a “/” by itself.

Directory Layout


Table 1-1 is a five column table that contains the directory names and a descriptionof their contents for each of the web containers. The first column lists thedirectories for the Sun ONE Web Server. The second column lists the directories forthe Sun ONE Application Server. The third column lists the directories for the BEAWebLogic application server. The fourth column lists the directories for the IBMWebSphere application server. The fifth column provides a description of what thedirectory contains.

Table 1-1 Directory Layout

Sun ONEWeb Server

Sun ONE ApplicationServer

BEA WebLogic IBM WebSphere Description

/opt/SUNWps

/opt/SUNWappserver7/SUNWps

/opt/bea/SUNWps

/opt/SUNWps Contains Sun ONE PortalServer software executablesand the deployedapplication

/opt/SUNWam

/opt/SUNWappserver7/SUNWam

/opt/bea/SUNWam

/opt/SUNWam Contains Sun ONE IdentityServer executables, the SunONE Web Server, and thedeployed applications

/etc/opt/SUNWps

/etc/opt/SUNWps /etc/opt/SUNWps

/etc/opt/SUNWps

Contains Java Server Pages,template and property files,the tag libraries, and theSearch Engine databasedirectory

/var/opt/SUNWps

/var/opt/SUNWps /var/opt/SUNWps

/var/opt/SUNWps

Contains the search enginedatabase directory

/var/opt/SUNWam

/var/opt/SUNWam

/var/opt/SUNWam

/var/opt/SUNWam

Contains the debug log files

/usr/ldap /usr/ldap /usr/ldap /usr/ldap Contains Sun ONE DirectoryServer

/usr/java1.3.1_06

/usr/java1.4.1_01 /opt/bea/jdk131

/opt/WebSphere/AppServer/java

Contains JDK

/etc/opt/SUNWam

/etc/opt/SUNWam /etc/opt/SUNWam

/etc/opt/SUNWam

Contains Sun ONE IdentityServer DTDs

Directory Layout


37

Chapter 2

Installing Sun ONE Portal Server

This chapter includes instructions for installing the Sun™ ONE Portal Serversoftware and its supporting components.

If you are migrating from iPlanet™ Portal Server 3.0 (Service Pack 3a or 4) to SunONE Portal Server 6.1, back up your system before installing the Sun ONE PortalServer 6.1 software. This safety precaution eliminates the possibility ofcustomizations being overwritten.

This chapter contains the following sections:

• Installing the Sun ONE Portal Server

• Installing the Sun ONE Directory Server

• Installing the Migration Tools

Installing the Sun ONE Portal ServerThis section describes the steps for installing the Sun ONE Portal Server software.As part of the installation, the Sun ONE Portal Server software will install:

• Sun™ ONE Web Server software

• Sun™ ONE Directory Server software

• Sun™ ONE Identity Server software

NOTE To perform a new installation of the Sun ONE Portal Serversoftware, ensure that the requirements discussed in Chapter 1,“Planning the Installation” have been met.

Installing the Sun ONE Portal Server


• Sun ONE Portal Server software

To install the Sun ONE Portal Server software over an existing Sun ONE IdentityServer running as user nobody, change the Sun ONE Identity Server to run as root.To change Sun ONE Identity Server to run as root:

1. Log in to the server running Sun ONE Identity Server and become suppresses.

2. Modify the following files:

a. Change the line User nobody to User root inS1PSBaseDir/SUNWam/servers/https-hostname.domain/config/magnus.conf file.

b. Change the line nsslapd-localuser: nobody tonsslapd-localuser:root in DSBaseDir/slapd-hostname/config/dse.ldiffile.

3. Change the ownership of the following directories from nobody to root. That is,type:

chown -R root:other /etc/opt/SUNWam

chown -R root:other DSBaseDir

chown -R root:other /tmp/https*

chown -R root:other /opt/SUNWam

chown -R root:other /var/sadm/pkg/SUNWamsvc

chown -R root:other /var/sadm/pkg/SUNWamws

chown -R root:other /var/sadm/pkg/SUNWamds

4. Restart the directory server as the root user.

5. Run /etc/init.d/amserver stop.

6. Ensure that all of the processes are stopped. To verify, type:

ps -ef | grep SUNWam

ps -ef | grep DSBaseDir

Kill off any processes that did not get shutdown.

NOTE The My Yahoo! Provider is automatically installed with the SunONE Portal Server product. It is no longer necessary to perform aseparate installation of the My Yahoo! Provider.

Installing the Sun ONE Portal Server

Chapter 2 Installing Sun ONE Portal Server 39

7. Run /etc/init.d/amserver start.

To install the Sun ONE Portal Server software:

1. Log in to the machine and become superuser.

You will need root access to install the Sun ONE Portal Server.

2. Change directories to where the installation program is located.

3. Type:

./pssetup

4. Specify if you accept the license agreement. To accept, type yes.

5. Select the option to install the Sun ONE Portal Server.

6. Select the Deployment type. If installing on an application server, see theappropriate appendix.

❍ 1) Sun ONE Application Server

❍ 2) BEA WebLogic

❍ 3) IBM WebSphere

❍ 4) Sun ONE Web Server

Use the checklist in “Configuration Information” in Chapter 1 to install the SunONE Portal Server software.

NOTE Although this product will run without a license, you must eitherpurchase a Binary Code License from, or accept the terms of aBinary Software Evaluation license with Sun Microsystems, tolegally use this product.

Installing the Sun ONE Directory Server


Installing the Sun ONE Directory ServerTo install the Sun ONE Directory Server software:


You will need root access to install the Sun ONE Directory Server.


3. Type:

./pssetup


TIP Anytime during the installation, you can view the installation log at/var/sadm/install/logs/pssetup.pid/install.log for a statuson the installation. To view the log file during installation, forexample, enter:

tail -f /var/sadm/install/logs/pssetup.pid/setup.log

Here, pid is the process id for pssetup process. After installation,check this log for errors during installation.

Another way to view the contents of the install log is by setting theDISPLAY environment variable to run an xterm window.

For example, if you are on one machine (server1.sesta.com) and areperforming an installation of Sun ONE Portal Server on anothermachine (server2.sesta.com), you can do the following to view thelog file during installation:

In a terminal window on server, type the command xhost +

server2. Next login to server2 and set the DISPLAY environmentvariable to server1:0.0.

When the pssetup script is run, an xterm window will appear withthe contents of the setup.log for the installation on server2.

Configuring an Existing Directory Server


5. Select the option to install the Sun ONE Directory Server only.

See the section “Checklist for Sun™ ONE Directory Server” in Chapter 1 toinstall the software.

Configuring an Existing Directory ServerTo install the Sun ONE Portal Server software using an existing Sun ONEDirectory Server, the Sun ONE Portal Server 6.1 pssetup script provides an optionto configure the Directory Server. This option provides a way for you to configurea Sun ONE Directory Server installation that was not originally installed using thepssetup script to work with the Sun ONE Identity Server.

To configure an existing Sun ONE Directory Server installation:


TIP Anytime during the installation, you can view the installation log at/var/sadm/install/logs/pssetup.pid/install.log for a statuson the installation. To view the log file during installation, forexample, enter:

tail -f /var/sadm/install/logs/pssetup.pid/setup.log

Here, pid is the process id for pssetup process. After installation,check this log for errors during installation.

NOTE When performing multiple installations of the Sun ONE PortalServer product, each installation must be on a separate machine.Multiple Sun ONE Portal Server instances on a single machine,however, are supported. For instructions on creating multipleinstances on the server, see Chapter 3, “Post InstallationConfiguration.”

Upgrading Sun ONE Portal Server


1. Log in to the system as superuser.


3. Type:

./pssetup


5. Select the option to configure the Directory Server.

See the section “Checklist for Sun™ ONE Directory Server” in Chapter 1 toinstall the software.

Upgrading Sun ONE Portal ServerThe Sun ONE Portal Server installation script allows you to upgrade the softwarefrom Sun ONE Portal Server 6.0 to Sun ONE Portal Server 6.1. This processincludes some migration procedures. See the Sun ONE Portal Server 6.1 MigrationGuide for more information on upgrading the software.

Installing the Migration ToolsThe Sun ONE Portal Server software includes migration utilities for migratingfrom iPlanet Portal Server 3.0 (Service Pack 3a or 4) to this release of the software.

To install the migration tools:

1. Log in to the system become superuser.

The migration utilities can be installed on a system that has an existing versionof iPlanet Portal Server 3.0 (Service Pack 3a or 4) already installed. If you aremigrating from an iPlanet Portal Server 3.0 (Service Pack 3a or 4) system to aseparate Sun ONE Portal Server 6.1 system, you need two installations of the


Installing the Migration Tools


iPlanet Portal Server 3.0 Data Migration Tool Suite, one on each system. Youcan install Sun ONE Portal Server 6.1 on an iPlanet Portal Server 3.0 (ServicePack 3a or 4) system for single-system migration. You will need root access toinstall the migration utilities.


3. Type:

./pssetup

4. Accept the default installation location or specify the directory where you wantto install the migration utilities.

By default, the software will install the utilities in /opt. If you are installing themigration utilities on the system hosting Sun ONE Portal Server 6.1 software,the tools will be installed in S1PSBaseDir/SUNWps/migration.

5. Select the option to install the Migration Tools only.

The installation program will install the migration tools in the specifiedlocation. That is, the tools are installed in S1PSBaseDir/SUNWps/migration/bindirectory.

See the Sun ONE Portal Server 6.1 Migration Guide for more information onmigrating from iPlanet Portal Server 3.0 Service Pack 3a or 4 to Sun ONE PortalServer 6.1 using the migration utilities.

Installing the Migration Tools


45

Chapter 3

Post Installation Configuration

This chapter includes optional post installation tasks for:

• Configuring the Sun ONE Portal Server to Run as User Non-Root

• Configuring the Sun ONE Portal Server to Run as User Nobody

• Creating and Deleting Instances of the Server

• Where to Go Next?

Configuring the Sun ONE Portal Server to Run asUser Non-Root

Perform all steps as superuser, except as noted. After installing the Sun™ ONEPortal Server software, do the following use the following procedures to configurethe Sun ONE Portal Server to run as user non-root.

Shortening the WAIT State for TCP PortsShorten the length of time for the TCP’s driver’s close wait interval, which isnormally set for 240000 ms (4 minutes). If an application exits abnormally, it couldleave the port in a WAIT state and you have to wait 4 minutes in order to retrywhat you were doing. To reduce the length of the interval:

NOTE Configuring the Sun ONE Portal Server to run as user non-root isonly intended for Sun ONE Portal Server running on the web server.

Configuring the Sun ONE Portal Server to Run as User Non-Root


1. Retrieve the current setting by typing:

# ndd -get /dev/tcp tcp_time_wait_interval

2. Set the value to 10 seconds by typing:

# ndd -set /dev/tcp tcp_time_wait_interval 10000

This setting remains in effect until the next reboot. To make this a permanentchange, edit the /etc/rc2.d/S69inet file to shorten the time length.

Reconfiguring the Sun ONE Portal ServerInstallation1. Edit

S1PSBaseDir/SUNWam/servers/https-hostname.domain/config/magnus.conffile. Change the entry User root to User Userid as shown in the followingsample magnus.conf file:

2. Edit S1PSBaseDir/SUNWam/servers/https-admserv/config/magnus.conffile. Change the entry User root to User Userid as shown (in bold) in thefollowing example:

Code Example 3-1 magnus.conf File Sample

#ServerRoot /opt/SUNWam/servers/https-siroe.sun.comServerID https-siroe.sun.comServerName siroe.sun.comErrorLog /opt/SUNWam/servers/https-siroe.sun.com/logs/errorsPidLog /opt/SUNWam/servers/https-siroe.sun.com/logs/pidUser UseridMtaHost localhostDNS offSecurity offClientLanguage enAdminLanguage enDefaultLanguage enRqThrottle 1024StackSize 131072...#ServerRoot /opt/SUNWam/servers/https-siroe.sun.comServerID https-siroe.sun.com


Chapter 3 Post Installation Configuration 47

3. Edit /usr/ldap/slapd-hostname/config/dse.ldif file. Changensslapd-localuser: root to nsslapd-localuser: Userid as shown (in bold)in the following example:


#ServerRoot /opt/SUNWam/servers/https-admservNetsiteRoot /opt/SUNWam/serversServerID https-admservServerName siroe.sun.comErrorLog /opt/SUNWam/servers/https-admserv/logs/errorsPidLog /opt/SUNWam/servers/https-admserv/logs/pidUser UseridAdminUsers /opt/SUNWam/servers/https-admserv/config/admpwMtaHost localhostDNS offSecurity offClientLanguage enAdminLanguage enDefaultLanguage enRqThrottle 128TempDir /tmp/https-admserv-1b510d01...#ServerRoot /opt/SUNWam/servers/https-admservNetsiteRoot /opt/SUNWam/serversServerID https-admserv

Code Example 3-3 dse.ldif File Sample

...dn: cn=configcn: configobjectClass: topobjectClass: extensibleObjectobjectClass: nsslapdConfignsslapd-accesslog-logging-enabled: onnsslapd-accesslog: /usr/ldap/slapd-siroe/logs/accessnsslapd-accesslog-maxlogsperdir: 10nsslapd-accesslog-maxlogsize: 100nsslapd-accesslog-logrotationtime: 1nsslapd-accesslog-logrotationtimeunit: daynsslapd-enquote-sup-oc: offnsslapd-localhost: siroe.sun.comnsslapd-schemacheck: onnsslapd-rewrite-rfc1274: offnsslapd-return-exact-case: onnsslapd-port: 389



4. Edit /usr/ldap/admin-serv/config/local.conf file. Changeconfiguration.nsSuiteSpotUser: root toconfiguration.nsSuiteSpotUser: Userid as shown in the following samplelocal.conf file:

5. Edit /usr/ldap/admin-serv/config/magnus.conf file. Change the entryUser root to User Userid as shown in the following sample magnus.conf file:

nsslapd-localuser: Useridnsslapd-errorlog: /usr/ldap/slapd-siroe/logs/errorsnsslapd-errorlog-logging-enabled: onnsslapd-errorlog-maxlogsperdir: 2nsslapd-errorlog-maxlogsize: 100nsslapd-errorlog-logrotationtime: 1...

Code Example 3-4 local.conf File Sample

...configuration.objectClass: nsConfigconfiguration.objectClass: nsAdminConfigconfiguration.objectClass: nsAdminObjectconfiguration.objectClass: nsDirectoryInfoconfiguration.objectClass: topconfiguration.nsServerPort: 8900configuration.nsSuiteSpotUser: Useridconfiguration.nsAdminEnableEnduser: onconfiguration.nsAdminEnableDSGW: on...


NetsiteRoot /usr/ldapServerID admin-servServerName siroe.sun.comErrorLog /usr/ldap/admin-serv/logs/errorPidLog /usr/ldap/admin-serv/logs/pidUser UseridAdminUsers /usr/ldap/admin-serv/config/admpwMtaHost localhost

Code Example 3-3 dse.ldif File Sample (Continued)



6. Edit /etc/opt/SUNWps/desktop/desktopconfig.properties. SetlogLevel=message as shown in the following sampledesktopconfig.properties file:

7. Change the ownership of the following directories from root toUserid:UserGroup. That is, enter:

❍ chown -R Userid:UserGroup /etc/opt/SUNWps

❍ chown -R Userid:UserGroup /etc/opt/SUNWam

❍ chown -R Userid:UserGroup /usr/ldap

❍ chown -R Userid:UserGroup /tmp/https*

DNS onSecurity offClientLanguage enAdminLanguage enDefaultLanguage enRqThrottle 128TempDir /usr/ldap/admin-serv/tmp

Code Example 3-6 desktopconfig.properties File Sample

# Copyright 2001 Sun Microsystems, Inc. All rights reserved.# PROPRIETARY/CONFIDENTIAL. Use of this product is subject tolicense terms.########################### Desktop Configuration ############################ Log level#logLevel=message## Perf (log) level#perfLevel=off#...

Code Example 3-5 magnus.conf File Sample (Continued)



❍ chown -R Userid:UserGroup /opt/SUNWam

❍ chown -R Userid:UserGroup /opt/SUNWps

❍ chown -R Userid:UserGroup /usr/java1.3.1_06

❍ chown -R Userid:UserGroup /var/opt/SUNWam

❍ chown -R Userid:UserGroup /var/opt/SUNWps

❍ chown -R Userid:UserGroup /var/sadm/pkg/SUNWamsvc

❍ chown -R Userid:UserGroup /var/sadm/pkg/SUNWamws

❍ chown -R Userid:UserGroup /var/sadm/pkg/SUNWamds

❍ chown -R Userid:UserGroup /var/sadm/pkg/SUNWps

8. Edit /etc/init.d/amserver at line 386. Place a # before the check_root_usermethod call as shown in the following example:

9. Restart the directory server as the non-root user.

10. Run /etc/init.d/amserver stop.

A non-root user can run ${BASEDIR}/SUNWam/bin/amserver stop.

Code Example 3-7 amserver File Sample

#!/bin/sh# PROPRIETARY/CONFIDENTIAL/...BASE=/optDIRBASE=/usrLDAPDIR=/usr/ldapPRODUCTDIR=SUNWamPACKAGEDIR=$BASE/${PRODUCTDIR}WEBAPPDIR=$BASE/${PRODUCTDIR}/web-appsSERVICEAPPSDIR=$WEBAPPDIR/servicesAGENTAPPSDIR=$WEBAPPDIR/agent

PLATFORMCONFDIR=$PACKAGEDIR/libPLATFORMCONF=${PLATFORMCONFDIR}/AMConfig.propertiesPLATFORMBINDIR=${PACKAGEDIR}/binWTPASSFILE=${PACKAGEDIR}/config/.wtpasscheck_root_user () {...skipping}# check_root_user...

Configuring the Sun ONE Portal Server to Run as User Nobody


11. Ensure that all of the processes are stopped.

To verify, type:



12. Kill of any processes that did not get shutdown. As root enter:

/usr/ldap/stop-admin

Launching Sun ONE Portal Server1. Become superuser or log in as user Userid.

2. Enter /etc/init.d/amserver start.

Configuring the Sun ONE Portal Server to Run asUser Nobody

Specifying nobody as the owner of the Sun ONE Portal Server files is a special case,as nobody has an impossible resultant (encrypted) password. The user must beroot to manipulate and execute files nobody owns.

When the Sun ONE Portal Server is set up to run as nobody, the server can beconfigured to listen on port 8080, the default web server port. The LDAP server canalso run on the default port 389.

Perform all steps as root, except as noted. After installing the Sun ONE PortalServer software, do the following:

NOTE Configuring the Sun ONE Portal Server to run as user nobody isonly intended for Sun ONE Portal Server running on the web server.



Shortening the WAIT State for TCP PortsShorten the length of time for the TCP’s driver’s close wait interval, which isnormally set for 240000 ms (4 minutes). This is because, if an application exitsabnormally it could leave the port in a WAIT state and then you have to wait 4minutes in order to retry what you were doing.

1. Retrieve the current setting by entering:

# ndd -get /dev/tcp tcp_time_wait_interval

2. Set the value to ten seconds by entering:

# ndd -set /dev/tcp tcp_time_wait_interval 10000

This setting will remain in effect until the next reboot. To make this apermanent solution, edit the /etc/rc2.d/S69inet file to shorten the timelength.

Reconfiguring the Sun ONE Portal ServerInstallation1. Edit

S1PSBaseDir/SUNWam/servers/https-hostname.domain/config/magnus.conffile. Change the entry User root to User nobody as shown in the followingsample magnus.conf file:


#ServerRoot /opt/SUNWam/servers/https-siroe.sun.comServerID https-siroe.sun.comServerName siroe.sun.comErrorLog /opt/SUNWam/servers/https-siroe.sun.com/logs/errorsPidLog /opt/SUNWam/servers/https-siroe.sun.com/logs/pidUser nobodyMtaHost localhostDNS offSecurity offClientLanguage enAdminLanguage enDefaultLanguage enRqThrottle 1024StackSize 131072...



2. Edit S1PSBaseDir/SUNWam/servers/https-admserv/config/magnus.conffile. Change the entry User root to User nobody as shown (in bold) in thefollowing example:

3. Edit /usr/ldap/slapd-hostname/config/dse.ldif file. Changensslapd-localuser: root to nsslapd-localuser: nobody as shown (inbold) in the following example.


#ServerRoot /opt/SUNWam/servers/https-admservNetsiteRoot /opt/SUNWam/serversServerID https-admservServerName siroe.sun.comErrorLog /opt/SUNWam/servers/https-admserv/logs/errorsPidLog /opt/SUNWam/servers/https-admserv/logs/pidUser nobodyAdminUsers /opt/SUNWam/servers/https-admserv/config/admpwMtaHost localhostDNS offSecurity offClientLanguage enAdminLanguage enDefaultLanguage enRqThrottle 128TempDir /tmp/https-admserv-1b510d01...

Code Example 3-10 dse.ldif File Sample

...dn: cn=configcn: configobjectClass: topobjectClass: extensibleObjectobjectClass: nsslapdConfignsslapd-accesslog-logging-enabled: onnsslapd-accesslog: /usr/ldap/slapd-siroe/logs/accessnsslapd-accesslog-maxlogsperdir: 10nsslapd-accesslog-maxlogsize: 100nsslapd-accesslog-logrotationtime: 1nsslapd-accesslog-logrotationtimeunit: daynsslapd-enquote-sup-oc: offnsslapd-localhost: siroe.sun.comnsslapd-schemacheck: onnsslapd-rewrite-rfc1274: off



4. Edit /usr/ldap/admin-serv/config/local.conf file. Changeconfiguration.nsSuiteSpotUser: root toconfiguration.nsSuiteSpotUser: nobody as shown in the followingsample local.conf file:

5. Edit /usr/ldap/admin-serv/config/magnus.conf file. Change the entryUser root to User nobody as shown in the following sample magnus.conffile:

nsslapd-return-exact-case: onnsslapd-port: 389nsslapd-localuser: nobodynsslapd-errorlog: /usr/ldap/slapd-siroe/logs/errorsnsslapd-errorlog-logging-enabled: onnsslapd-errorlog-maxlogsperdir: 2nsslapd-errorlog-maxlogsize: 100nsslapd-errorlog-logrotationtime: 1...

Code Example 3-11 local.conf File Sample

...configuration.objectClass: nsConfigconfiguration.objectClass: nsAdminConfigconfiguration.objectClass: nsAdminObjectconfiguration.objectClass: nsDirectoryInfoconfiguration.objectClass: topconfiguration.nsServerPort: 8900configuration.nsSuiteSpotUser: nobodyconfiguration.nsAdminEnableEnduser: onconfiguration.nsAdminEnableDSGW: on...


NetsiteRoot /usr/ldapServerID admin-servServerName siroe.sun.comErrorLog /usr/ldap/admin-serv/logs/errorPidLog /usr/ldap/admin-serv/logs/pid

Code Example 3-10 dse.ldif File Sample (Continued)



6. Edit /etc/opt/SUNWps/desktop/desktopconfig.properties. SetlogLevel=message as shown in the following sampledesktopconfig.properties file:

7. Change the ownership of the following directories from root tonobody:nobody. That is, enter:

❍ chown -R nobody:nobody /etc/opt/SUNWps

❍ chown -R nobody:nobody /etc/opt/SUNWam

❍ chown -R nobody:nobody /usr/ldap

User nobodyAdminUsers /usr/ldap/admin-serv/config/admpwMtaHost localhostDNS onSecurity offClientLanguage enAdminLanguage enDefaultLanguage enRqThrottle 128TempDir /usr/ldap/admin-serv/tmp

Code Example 3-13 desktopconfig.properties File Sample

# Copyright 2001 Sun Microsystems, Inc. All rights reserved.# PROPRIETARY/CONFIDENTIAL. Use of this product is subject tolicense terms.########################### Desktop Configuration ############################ Log level#logLevel=message## Perf (log) level#perfLevel=off#...

Code Example 3-12 magnus.conf File Sample (Continued)



❍ chown -R nobody:nobody /tmp/https*

❍ chown -R nobody:nobody /opt/SUNWam

❍ chown -R nobody:nobody /opt/SUNWps

❍ chown -R nobody:nobody /usr/java1.3.1_06

❍ chown -R nobody:nobody /var/opt/SUNWam

❍ chown -R nobody:nobody /var/opt/SUNWps

❍ chown -R nobody:nobody /var/sadm/pkg/SUNWamsvc

❍ chown -R nobody:nobody /var/sadm/pkg/SUNWamws

❍ chown -R nobody:nobody /var/sadm/pkg/SUNWamds

❍ chown -R nobody:nobody /var/sadm/pkg/SUNWps

8. Edit /etc/init.d/amserver at line 386. Place a # before the check_root_usermethod call as shown in the following example:

9. Enter /etc/init.d/amserver stop.

10. Ensure that all of the processes are stopped. To verify, enter:

Code Example 3-14 amserver File Sample

#!/bin/sh# PROPRIETARY/CONFIDENTIAL/...BASE=/optDIRBASE=/usrLDAPDIR=/usr/ldapPRODUCTDIR=SUNWamPACKAGEDIR=$BASE/${PRODUCTDIR}WEBAPPDIR=$BASE/${PRODUCTDIR}/web-appsSERVICEAPPSDIR=$WEBAPPDIR/servicesAGENTAPPSDIR=$WEBAPPDIR/agent

PLATFORMCONFDIR=$PACKAGEDIR/libPLATFORMCONF=${PLATFORMCONFDIR}/AMConfig.propertiesPLATFORMBINDIR=${PACKAGEDIR}/binWTPASSFILE=${PACKAGEDIR}/config/.wtpasscheck_root_user () {...skipping}# check_root_user...

Creating and Deleting Instances of the Server




Kill of any processes that did not get shutdown.

Launching Sun ONE Portal Server1. Become superuser and do the following:

a. Change directories to DSBaseDir/slapd-hostname.

b. Enter start-slapd.

2. As user nobody, enter /etc/init.d/amserver start.

The web server will not start if you are using ports less than 1024.

3. Become superuser and enterS1PSBaseDir/SUNWam/servers/https-hostname.domain/start.

4. Enter /etc/init.d/amserver stop to stop the services.

Creating and Deleting Instances of the ServerAn instance is a server that listens on a particular port, bound to either one or moreIP addresses. For the Sun ONE Portal Server, an instance corresponds to a webserver process listening on a port and running a single JVM. Follow theinstructions in this section to create multiple instances of the server.

1. Log in to the server running the Sun ONE Portal Server: User Interface node.

2. Become superuser and change directories to S1PSBaseDir/SUNWps/bin.

3. Enter ./multiserverinstance for interactive installation

You will be prompted for the instance nickname, port number, and IdentityServer password for the new instance of the server. The instance name shouldonly contain alphanumeric characters (no dots).

NOTE Instance creation using the multiserverinstance command is onlysupported on Sun ONE Web Server.

Where to Go Next?


4. In a browser, enter:

❍ http://hostname.domain:instanceportnumber/amconsole to access theadministration console through the new instance

❍ http://hostname.domain:instanceportnumber/portal/ to access the defaultURL for the desktop through the new instance

If you create any additional server instances and you want to run them as non-rootor nobody, comment out the following lines for each instance atISBaseDir/SUNWam/bin/amserver.instance-nickname

To delete an instance:

1. Log in to the server running the Sun ONE Portal Server software.

2. Become superuser and change directories to BaseDir/SUNWps/bin.

3. Enter ./multiserverinstance delete -instance InstanceNickname.

Where to Go Next?This section includes information on the following:

• Validating Sun ONE Portal Server Installation

• Accessing the Sun ONE Portal Server Administration Console and Desktop

• Administering the Portal Server

Validating Sun ONE Portal Server InstallationTo ensure that the installation of the Sun ONE Portal Server was successful, startthe server and check that the processes run and listen correctly.

1. Log in to the server and become super user.

2. Start the Sun ONE Portal Server. To start:

if [ ‘$ID | $AWK ’{print $1}’‘ != "uid=0(root)" ]; then$ECHO "You must be root user. $BELL_CHAR"exit 1fi

Where to Go Next?


a. Change directories to BaseDir/SUNWam/bin directory.

b. Start the Sun™ ONE Identity Server. That is, enter:

# ./amserver start

3. Check that all the Sun ONE Portal Server processes run correctly. That is, enter:

a. The Sun™ ONE Web Server must run on port 80 (by default).

# pgrep ns-httpd

This command returns multiple process IDs since the Sun ONE PortalServer uses multiple web server instances.

b. Check that the Sun ONE Web Server listens on port 80 (by default).

# netstat -an | grep LISTEN | grep “*\*\.80\>”

This command returns a single line that shows that there is an open socketthat listens on port 80.

c. The Sun™ ONE Directory Server must run.

# pgrep ns-slapd

This command returns a single process ID of the Sun ONE DirectoryServer.

d. The doUnix helper must be running on port 8946.

Accessing the Sun ONE Portal ServerAdministration Console and DesktopUse the following procedures to validate that the Sun ONE Portal Serverinstallation was successful.

To Access the Sun ONE Identity Server Administration Console1. Open a browser.

2. Type http://hostname.domain:port/amconsole

NOTE To start the Portal Server, you must start the Sun ONE IdentityServer.

Where to Go Next?


3. Enter the administrator’s name and password to view the administrationconsole.

This is the name and password you specified at the time of installing the SunONE Identity Server software.

To Access the Sample DesktopFor the default organization you enter during the install, the software sets up thedesktop service, creates the template, creates and assigns a desktop policy to usersof that organization. You can either create a user in the organization to log on oruse anonymous login without having to create a user.

1. Open a browser.

2. Type one of the following:

http://hostname.domain:port/portal to access the default URL

3. Enter the username and password to log in to the desktop.

Configuring Sun ONE Portal Server With aGateway to Trust Sun ONE Identity ServerWhen using the Sun™ ONE Portal Server with the gateway, the gatewayCertificate Authority (CA) certificate must be added to the Sun ONE Portal Servertrusted CA list, regardless of whether the Sun ONE Portal Server is running inHTTP or HTTPs mode.

When a user session time out or user session logout action happens, the Sun ONEIdentity Server sends a session notification to the gateway. Even when the SunONE Identity Server is running in HTTP mode, it will act as an SSL client usingHttpsURLConnection to send the notification. Since it is connecting to an SSLserver (the gateway), it should have the gateway CA certificate as part of theTrusted CA list or it should have an option to allow self signed certificate.

To create HttpsURLConnection, the Java Virtual Machine (JVM™) property-Djava.protocol.handler.pkgs needs to be set.

NOTE The method for adding the CA to the trusted CA list depends on theprotocol handler defined.

Where to Go Next?


If Sun ONE Portal Server is running on the Sun ONE Web Server, this property iscorrectly set to -Djava.protocol.handler.pkgs by default. The Sun ONE IdentityServer com.iplanet.services.comm package has the implementation ofHttpsURLConnection and it provides an option to add the flagcom.iplanet.am.jssproxy.trustAllServerCerts=true to accept self-signedcertificates from any SSL server.

The -Djava.protocol.handler.pkgs is not set by default for the Sun ONEApplication Server, WebLogic and WebSphere. The HttpsURLConnectionimplementation for supported application servers must use their own defaulthandler (this could be JSSE or custom SSL implementation).

Administering the Portal ServerIn order to configure Secure Socket Layer (SSL), see Chapter 12 of the Sun ONEPortal Server 6.1 Administrator’s Guide, “Managing the Sun ONE Portal ServerSystem.”

In order to manage multiple installation of the portal server user interface nodes,see Chapter 12 of the Sun ONE Portal Server 6.1 Administrator’s Guide.

Where to Go Next?


63

Chapter 4

Uninstalling the Sun ONE PortalServer

This chapter includes instructions to remove one or more of the softwarecomponents. To uninstall one or more of the software and its components:


You will need root access to uninstall the Sun™ ONE Portal Server softwareand its associated components.


3. Type ./pssetup.

4. Examine the uninstall menu.

❍ Remove Sun ONE Portal Server Only - If selected, the installation programwill uninstall only the Sun ONE Portal Server software.

❍ Remove Sun™ ONE Identity Server Only - If selected, the installationprogram will uninstall only the Sun ONE Identity Server software.

❍ Remove Sun ONE Identity Server SDK only

❍ Remove Sun™ ONE Directory Server Only - If selected, the installationprogram will uninstall only the Sun ONE Directory Server software.

❍ Remove the Migration Tools - If selected, the installation program willuninstall only the migration tools.

❍ Continue with install

❍ Remove All - If selected, the installation program will uninstall the SunONE Portal Server software and all of its associated components(including Sun ONE Directory Server, Sun ONE Identity Server, and Sun™ONE Web Server).


5. Select the uninstall option.

6. Enter the Identity Server password.

7. Enter the Directory Manager password.

For Sun ONE Portal Server installed on Sun ONE Application Server or BEAWebLogic, the pssetup script asks for the application server administrationpassword when uninstalling.

Restarting Sun ONE Identity Server AfterRemoving Sun ONE Portal ServerIf running the Sun ONE Portal Server on the Sun™ ONE Web Server and youchoose the uninstall option to remove the Sun ONE Portal Server only, you mustrestart the Sun ONE Identity Server. Follow the procedures below before accessingthe Sun ONE Identity Server after the Sun ONE Portal Server software has beenuninstalled.

For a Single Instance Installation1. Stop Identity Server using /etc/init.d/amserver stop

2. Start Identity Server using /etc/init.d/amserver start

For a Multiple Instance InstallationFor each created instance on which the Sun ONE Portal Server was deployed(excluding the original instance for which the ClassCache is removed by thepssetup script) perform the following steps:

1. cd ${BASEDIR}/SUNWam/servers/https-Instance_Name/ClassCache

2. rm -rf https-Instance_Name/* https-Deploy_Instance/*

3. Repeat Step 1 and Step 2 for each created server instance.

4. After the ClassCache for all additional instances is removed, stop all instancesusing:

5. /etc/init.d/amserver stopall

6. Restart all the instances using:

7. /etc/init.d/amserver startall

Chapter 4 Uninstalling the Sun ONE Portal Server 65


67

Chapter 5

Tuning the Sun ONE Portal Server

This chapter describes the configuration parameters for optimizing theperformance and capacity of the Sun™ ONE Portal Server. The perftune script (inS1PSBaseDir/SUNWps/bin directory), bundled with Sun ONE Portal Server,automates most of the tuning process discussed in this chapter.

IntroductionThe perftune script:

• Tunes the Solaris Kernel and TCP settings (see Solaris Tuning)

• Modifies the following configuration files as part of:

❍ Sun ONE Web Server 6.0 Tuning:

• S1PSBaseDir/SUNWam/servers/WebServerInstance/config/magnus.conf

• S1PSBaseDir/SUNWam/servers/WebServerInstance/config/jvm12.conf

• S1PSBaseDir/SUNWam/servers/WebServerInstance/config/web-apps.xml

• S1PSBaseDir/SUNWam/servers/WebServerInstance/config/server.xml

• S1PSBaseDir/SUNWam/servers/https-admserv/start-jvm

❍ Sun ONE Directory Server Tuning:

• /usr/ldap/slapd-invierno/config/dse.ldif

❍ Sun ONE Identity Server Tuning:

• S1PSBaseDir/SUNWam/config/ums/serverconfig.xml

• S1PSBaseDir/SUNWam/lib/AMConfig.properties

Tuning Strategies


❍ Sun ONE Portal Server Desktop Tuning

• /etc/opt/SUNWps/desktop/desktopconfig.properties

• Modifies properties of the Sun ONE Portal Server Desktop service and SunONE Identity Server authentication service.

Tuning StrategiesWhen you run the perftune script, performance tuning options for two typicalusage scenarios, called Production Optimum and Production Large, is offered.These scenarios are defined to address the majority of Sun ONE Portal Serverusage patterns. These deployment scenarios are characterized by the following:

• Production Optimum:

❍ Higher level of concurrent user requests

❍ Small number of connected users (few hundreds per instance)

❍ CPU bound

❍ Most important Java™ Virtual Machine (JVM™) performance factors arethroughput and promptness

❍ Predominance of short-lived objects life time distribution

• Production Large:

❍ Lower level of concurrent user requests

❍ Large number of connected users (couple thousands per instance)

❍ Memory bound

❍ Most important JVM performance factor is JVM memory capacity

❍ Predominance of long-lived objects life time distribution

For example, during peak hours in a business to enterprise portal, a significantnumber of the company’s employees connect to the portal at the same time in aproduction large environment.

Memory Allocation

Chapter 5 Tuning the Sun ONE Portal Server 69

Memory AllocationThe larger amount of memory to allocate per JVM is determined by twoparameters:

1. Maximum size of physical memory per CPU. On E45* class of machines it isabout 1 GB

2. Recommended number of instances per CPU for performance and scalability isstill 1:1 (one instance per CPU) for Sun ONE Portal Server for optimumperformance. For production large, the ratio is rather 1:2 (one instance per 2CPUs) which allows a maximum JVM heap size of 2 GB.

The JVM performance matrix driving the tuning effort looks at the throughput,footprint, and promptness as defined below. The second, third, and fourthcolumns show the level of performance in the areas of throughput, footprint, andpromptness for production optimum and production large environmentsrespectively.

Here:

• throughput refers to the time not spent in GC

• footprint refers to a working set of process

• promptness refers to the time between when a object becomes dead and whenmemory it occupies becomes available

Tuning InstructionsWhen you run the perftune script, you can specify whether or not to execute thefollowing tuning recommendation. Review the recommendations carefully and usethe perftune script to execute these recommended modifications.

To run the perftune script:

throughput footprint promptness

production optimum high less critical high

production large less critical low less critical

Tuning Instructions


1. Log in to the machine and become super user.

You need root access to run this script.

2. Change directories to S1PSBaseDir/SUNWps/bin.

3. Enter ./perftune.

The perftune script performs start and stop operation of servers during tuningprocess. It creates backup copies of modified files in filename-orig-date-pid format.Reboot the system after running the script to take effect tuning changes.

Solaris Tuning

Kernel TuningTo the /etc/system file, the script appends the following setters:

• File Descriptor Limits - Number of open files limits

❍ set rlim_fd_max=16384

❍ set rlim_fd_cur=16384

• Stream queue Size - The depth of the syncq (number of messages) before adestination streams queue generates a QFULL

❍ set sq_max_size=0

• TCP Connection Hash Size (<= file descriptors)

❍ set tcp:tcp_conn_hash_size=8192

TCP Parameters TuningChanges to TCP parameters (shown within parenthesis) in /dev/tcp include:

• TCP Time Wait Interval (tcp_time_wait_interval) - The amount of time aTCP socket will remain in the TIME_WAIT state (after the connection is closed)is set to 60000

• TCP Fin Wait 2 Interval (tcp_fin_wait_2_flush_interval) - The amount oftime a TCP socket will remain in the FIN_WAIT_2 state (after the connection isclosed) is set to 60000

• TCP Maximum Connection Size (tcp_conn_req_max_q) - The maximumnumber of fully established connection is set to 8192

Tuning Instructions


• TCP List Queue (tcp_conn_req_max_q0) - The size of the queue containingunestablished connections is set to 8192

• TCP Packet Drop Time (tcp_ip_abort_interval) - The amount of time beforea packet is dropped is set to 60000

• TCP Keep Alive Interval (tcp_keepalive_interval) - This is set to 90000

• TCP Maximum Retransmit Interval (tcp_rexmit_interval_max) - This is setto 6000

• TCP Minimum Retransmit Interval (tcp_rexmit_interval_min) - This is setto 3000

• TCP Initial Retransmit Interval (tcp_rexmit_interval_initial) - This is setto 500

• TCP Smallest Anonymous Port (tcp_smallest_anon_port) - This is set to1024

• TCP Initial Packets for Slow Start Algorithm (tcp_slow_start_initial) -This is set to 2

• TCP Transmit/Receive Buffer Size Limit (tcp_xmit_hiwat andtcp_recv_hiwat) - These are set to 32768 each

In order to execute the ndd commands automatically when the system is rebooted,the perftune script copies the S99ndds_tcp file into /etc/rc2.d/ directory.

Sun ONE Identity Server Tuning

Directory Server Connection PoolChanges made to the S1PSBaseDir/SUNWam/config/ums/serverconfig.xml fileare as follows:

• Increases the minimum connection pool size to 10

• Increases the maximum connection pool size to 90

LDAP Authentication Service• Updates LDAP connection pools default size (min:max) to 10:90

LDAP Authentication• Specifies DN to Start User Search to ou=people,o=<organization>,o=isp

Tuning Instructions


• Specifies Search Scope to OBJECT

Sun ONE Identity Server Services Configuration ParametersChanges are made to the S1PSBaseDir/SUNWam/lib/AMConfig.properties file asfollows:

• Specifies com.iplanet.am.logstatus to INACTIVE

• Increases com.iplanet.am.session.maxSession (default 50000) if expectednumber of concurrent sessions exceeds this value

• Disables com.iplanet.am.session.httpSession.enabled

The following threadpool properties in the/opt/SUNWam/lib/AMConfig.properties file are exposed in Sun ONE PortalServer 6.1:

• com.iplanet.am.notification.threadpool.threshold. This propertyindicates the maximum size of the task queue in the thread pool. The threadpool will reject further requests if the number of unprocessed tasks in thequeue exceeds that threshold value. This number depends on the systemmemory resource. Each task requires about 3k. You should decide how manytasks can be queued given the size of thread pool. A task is queued only whenno thread in the pool is available.

The default value is set at 100. This might be high for your particular usage,and can be adjusted. For example use a value of 40 for a 4-CPU Ultra Sparc II orIII machine.

• com.iplanet.am.notification.threadpool.size. This parameter allowsreliable authentication for Sun ONE Portal Server on Sun One ApplicationServer under a heavy load. The default value is 10 but can be changed. Forexample, a value of 50 should be used for a 4-CPU Ultra Sparc II or III machine.

Sun ONE Directory Server TuningIf the Sun™ ONE Directory Server is shared by other applications, you may needto verify that those parameters are not conflicting with the other application’sparameters tuning.

Tuning Instructions


Enough virtual memory space must be provisioned for /tmp/slapd-DSinstance1and the total amount of used memory, including the allocated for databasecaching, should not exceed the size of physical memory to avoid paging. In anyevents, the cumulative values of nsslapd-dbcachesize +nsslapd-cachememsize + fixed memory used for slapd process itself cannotexceed the 4 GB of process address space. Nslapd is a 32-bit application.

With regard to the sizing of resources pooling (connections and threads), Sun ONEDirectory Server provides best performance with a concurrency level of around 15for search type of operations.

The perftune script tunes ns-slapd threading, db cache and database file systemmapping in the /usr/ldap/slapd-hostname/config/dse.ldif file as follows:

• Under dn: cn=config LDAP entry:

❍ Adds the line nsslapd-threadnumber to nThreads. In most cases, defaultvalue (30) should be fine unless a fair amount of profile changes (LDAPwrites) is expected, in which case, the script applies the following formula:

nThreads = 30 for 1 CPU, nThreads = 45 for 2 CPUs, nThreads =60 for 3 CPUs, nThreads = 90 for 4 CPUs.

❍ Specifies nsslapd-accesslog-logging-enabled to off to disable accesslog

• Under dn: cn=config,cn=ldbm database,cn=plugins,cn=config LDAPentry:

❍ Adds the line nsslapd-db-home-directory to /tmp/slapd-dsame1

❍ Changes the line nsslapd-maxthreadsperconn to 20

❍ Modifies the line nsslapd-dbcachesize to newSize where newSize = 1.2 *size of all db3 files located under/usr/ldap/slapd-hostname/db/userRoot.

• Under dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config LDAPentry, modifies the line nsslapd-cachememsize to newSize where newSize =3 * the size of id2entry.db3.

NOTE If you are tuning the Sun ONE Directory Server manually, you needto stop the Sun ONE Directory Server before tuning theseparameters.

Tuning Instructions


Sun ONE Web Server 6.0 TuningThe following describe the JVM Tuning offered by the perftune script to help tuneSun™ ONE Web Server for Sun ONE Portal Server performance in the ProductionOptimum and Production Large environments.

For Production Optimum

Heap sizeHeap size is the most significant option that needs attention. Consult the Sun ONEWeb Server tuning guide for details on these parameters. The perftune script:

1. Specifies the following in magnus.conf located atS1PSBaseDir/SUNWam/servers/https-hostname/config

❍ RqThrottle 256

❍ StackSize 393216

❍ ThreadIncrement 20

❍ ConnQueueSize 20000

2. Specifies the following (modifications shown in bold) in web-apps.xml filelocated at S1PSBaseDir/SUNWam/servers/https-hostname/config. That is, it:

❍ Defines the following session manager above the web-app tags:

<session-managerclass="com.iplanet.server.http.session.IWSSessionManager>

<init-param>

<param-name>maxSessions</param-name>

<param-value>50000</param-value>

</init-param>

<init-param>

<param-name>timeOut</param-name>


</init-param>

<init-param>

<param-name>reapInterval</param-name>


Tuning Instructions


</init-param>

</session-manager>

❍ Increases maxSession (default 50000) if expected number of concurrentsessions exceeds this value.

❍ Defines the classes reload interval to 5 minutes (default 30 seconds)

<class-loader classpath="[...]" delegate="false"reload-interval="300"/>

3. Specifies the following in jvm12.conf file atS1PSBaseDir/SUNWam/servers/https-hostname/config for JVM Tuning

❍ jvm.minHeapSize=1073741824

❍ jvm.maxHeapSize=1073741824

❍ jvm.option=-Xrs

❍ jvm.option=-server

❍ jvm.option=-XX:MaxPermSize=128M

❍ jvm.option=-XX:PermSize=128M

❍ jvm.option=-XX:+OverrideDefaultLibthread

❍ jvm.option=-XX:MaxNewSize=256M

❍ jvm.option=-XX:NewSize=256M

4. Specifies the following in start-jvm file for alternate T2 libthread

NSES_JRE_RUNTIME_LIBPATH=/usr/lib/lwp:${NSES_JRE}/lib/sparc/server:${NSES_JRE}/lib/sparc:${NSES_JRE}/lib/sparc/classic:${NSES_JRE}/lib/sparc/native_threads;export NSES_JRE_RUNTIME_LIBPATH

For Production Large1. Specifies the following in magnus.conf located at

S1PSBaseDir/SUNWam/servers/https-hostname/config

❍ RqThrottle 256

❍ StackSize 131072

2. Specifies the following in web-apps.xml file located atS1PSBaseDir/SUNWam/servers/https-hostname/config.

❍ Defines the session manager as follows above the web-app tags.:

Tuning Instructions


<session-managerclass="com.iplanet.server.http.session.IWSSessionManager>

<init-param>

<param-name>maxSessions</param-name>


</init-param>

<init-param>

<param-name>timeOut</param-name>


</init-param>

<init-param>

<param-name>reapInterval</param-name>


</init-param>

</session-manager>

❍ Increases maxSession (default 50000) if expected number of concurrentsessions exceeds this value.

3. Specifies the following in jvm12.conf file atS1PSBaseDir/SUNWam/servers/https-hostname/config for JVM Tuning

jvm.minHeapSize=1073741824

jvm.maxHeapSize=2147483648

jvm.option=-Xrs

jvm.option=-server

jvm.option=-XincGC

jvm.option=-XX:+UseLWPSynchronization

jvm.option=-XX:MaxPermSize=128M

jvm.option=-XX:PermSize=128M

jvm.option=-XX:+OverrideDefaultLibthread

jvm.option=-XX:MaxNewSize=256M

jvm.option=-XX:NewSize=256M

4. Specifies the following in start-jvm file for alternate T2 libthread

Tuning Instructions


NSES_JRE_RUNTIME_LIBPATH=/usr/lib/lwp:${NSES_JRE}/lib/sparc/server:${NSES_JRE}/lib/sparc:${NSES_JRE}/lib/sparc/classic:${NSES_JRE}/lib/sparc/native_threads;export NSES_JRE_RUNTIME_LIBPATH

Sun ONE Portal Server Desktop Tuning

For Production Optimum• For optimizing the Desktop Sessions, it disables Enable XML Parsing

Validation

Desktop sessions are different and disjoint from Sun ONE Identity ServerSSOToken sessions. If a Desktop session times out before the Sun ONE IdentityServer session expires, the Desktop transparently rebuilds the Desktop sessionwhen it is queried. Decreasing Desktop sessions idle time-out helps reclaimingmemory used by session objects assuming production optimum ischaracterized by short-lived user sessions.

• The caller parameters are used to size the thread pool to render contentthrough the providers. The caller pool is initialized to size 0. Items are added toto the pool as they are used and returned. The caller pool can expand to a verylarge size, however, in the normal case it will only be as big as the number ofchannels on the user’s desktop. In cases where there are multiple concurrentthreads with the same sid, the pool may expand to an size that is n * m, wheren = the number of concurrent same-sid threads and m = the number ofchannels on the desktop for the given sid.

The perftune script changes the following parameters for optimizing ProviderCaller Resource Pooling, in the/etc/opt/SUNWps/desktop/desktopconfig.properties file:

❍ Increases callerPoolMinSize to 128

❍ Increases callerPoolMaxSize to 512

NOTE JVM Memory Heap size is 1 GB minimum and 2 GB maximum.Young generation is proportionally smaller than for optimumproduction so that more space is available for connected users.

Incremental (or Train) GC is more suitable to large productionbecause GC speed is less of a concern than long pauses due to thepotential large size of the old generation.

Tuning Instructions


❍ Increases callerPoolPartitionSize to 16

❍ Increases templateScanInterval to 3600

For Production LargeThe caller parameters are used to size the thread pool to render content throughthe providers. The caller pool is initialized to size 0. Items are added to the pool asthey are used and returned. The caller pool can expand to a very large size,however, in the normal case it will only be as big as the number of channels on theuser’s desktop. In cases where there are multiple concurrent threads with the samesid, the pool may expand to an size that is n * m, where n = the number ofconcurrent same-sid threads and m = the number of channels on the desktop forthe given sid.

The perftune script changes the following parameters for optimizing the ProviderCaller Resource Pooling, in the/etc/opt/SUNWps/desktop/desktopconfig.properties file:

• Increases callerPoolMinSize to 128

• Increases callerPoolMaxSize to 512

• Increases callerPoolPartitionSize to 16

• Increases templateScanInterval to 3600

79

Appendix A

Sun ONE Portal Server 6.1Installation for Sun ONE Application

Server 7.0

Sun™ ONE Portal Server 6.1 can be deployed on a Sun™ ONE Application Serverusing it as its web application container.

This appendix contains the following sections:

• Overview

• Hardware and Software Requirements

• Installing the Sun ONE Portal Server Software

• Installing the Sun ONE Portal Server into a Secure Application Server Instance

Familiarity with Sun ONE Portal Server 6.1 Release Notes, and Sun ONE Portal Server6.1 Administrator’s Guide are recommended. The installation information onlydescribes the procedure for installing the Sun ONE Portal Server with defaultsettings and includes the sample desktop.

OverviewThe Sun ONE Application Server is a Java™ application server that enablesdeployment of web applications, such as the Sun ONE Portal Server, and webservices. The Sun ONE Application Server implements the J2EE™ platformspecification and supports servlets, JSPs, Enterprise JavaBeans™ (EJB™), and otherplatform services. In addition, the Sun ONE Application Server allows you to usethe Sun ONE Web Server to serve up static HTML and image files as well as JSPsand servlets.

Hardware and Software Requirements


When installing the Sun ONE Portal Server software, the installation script asksyou which deployment type you are using. Once you select Sun ONE ApplicationServer, the install script sets up the appropriate default directories and adds anumber of .war files that facilitate running the Portal Server on a Sun ONEApplication Server.

An example of some of the Sun ONE Application Server information the installscript needs to know is the application server directory (by default/opt/SUNWappserver7) and the application server instance into which portalserver should be deployed (by default, server1).

Hardware and Software RequirementsBefore installing the Sun ONE Portal Server software, ensure that your systemmeets the following requirements:





• 1 450 MHz CPU or better




Software RequirementsThe software discussed here is required for a successful installation of the SunONE Portal Server software. Other versions of these software products are notsupported.

• Sun ONE Application Server 7.0


Appendix A Sun ONE Portal Server 6.1 Installation for Sun ONE Application Server 7.0 81

• Sun™ ONE Identity Server 6.0 SP1, included with the Portal Serverinstallation.

• Java™ Development Kit (JDK™) supported by Sun ONE Application Server(JDK 1.4.0_02 or greater).

Space RequirementsThese requirements are the ones that are checked for in the Portal Serverinstallation script. Table A-1 is a three column table. The first column lists thedirectory, the second the size in megabytes, and the third adds relevant comments.

Table A-1 Space Requirements

Directory Size Comments

/etc/opt 200 MB

/var/opt 200 MB Add more for extended logging.

/usr 50 MB If installing JDK 1.4.1_01.

Application server basedirectory(/opt/SUNWappserver7)

50 MB If using migration tools.

DS_BASEDIR (/usr/ldap) 300 MB For Directory Server.


300 MB For iPlanet Directory Server AccessManagement Edition.


200 MB For Portal Server only.


500 MB For Secure Remote Access on the samemachine as the Portal Server software.

S1PSBASEDIR (/opt) 100 MB For Secure Remote Access support on themachine that has the Portal Server softwarewhen the gateway is on a separatemachine.

Installing the Sun ONE Portal Server Software


Operating System RequirementsThe Sun ONE Portal Server software requires at least a user distribution of theSolaris™ 8 or Solaris™ 9 software as the operating system. The Solaris 8 operatingsystem requires the following operating system patches as well for a successfulinstallation of the product:

• 109326-03

• 108434-03

• 108827-34

• 112438-01


Installing the Sun ONE Portal Server SoftwareThis installation example only gives the procedure for installing the Sun ONEPortal Server with default settings, which includes the sample desktop.

NOTE Portal Server cannot be installed into an application server instanceor domain whose name contains a dash or a space, for example,Default-Server or Default Server. If you try to install into anapplication server instance or domain with a dash or space in thename, the installation script returns the error message Invalidresponse! and prompts for the application server domain orapplication server instance name again.



The installation script sets the parameters needed. You supply the Sun ONEApplication Server password and Portal Server passphrase to complete the install.

1. Go to the directory where the portal server software is, then type the installcommand:

# ./pssetup

2. After you have accepted the licensing agreement, select option 1, Install PortalServer.

3. Select option 1, Sun ONE Application Server, as the deployment type.

4. This installs the portal server with these defaults.

NOTE Do not use this procedure if you are planning to run the portalserver on a Secure Sockets Layer (SSL) enabled application serverinstance. To run the portal server on an SSL-enabled applicationserver, you should secure the application server instance before youinstall the Sun ONE Portal Server software. See “Installing the SunONE Portal Server into a Secure Application Server Instance” onpage 85 for information.

NOTE The Sun ONE Portal Server software will be installed in the SunONE Application Server directory.

Application Server summary--------------------------Directory: /opt/SUNWappserver7Domain: /var/opt/SUNWappserver7/domains/domain1Instance: server1Document Root:/var/opt/SUNWappserver7/domains/domain1/server1/docrootAdministrator: adminAdministration Protocol: httpAdministration Port: 4848

JDK installation summary------------------------Directory: /usr/java1.4.1_01

Directory Server installation summary-------------------------------------



5. When asked the question: Use these settings?

Type y to accept the default settings.

Type n to change as necessary.

6. Enter the password for the application server and confirm it.

7. Enter a passphrase for the portal server and confirm it.

8. Enter the Identity Server Internal LDAP Authentication User password andconfirm it.

Base Directory: /usr/ldapHost: myappserver.sesta.comPort: 389Instance: myappserverRoot Suffix: dc=iplanet,dc=comDirectory Manager: cn=Directory ManagerAdministrator: adminAdministration Port: 58900

Identity Server installation summary------------------------------------Base Directory: /opt/SUNWappserver7Access URL: http://myappserver.sesta.com:80

Portal Server installation summary----------------------------------Base Directory: /opt/SUNWappserver7Deployment URI: /portalSample Portal: yUpgrade Mode: n

Use these settings? [y]/n yWhat is the password for the Application Server administrator?Again?What is the passphrase for this server? Again?What is the Identity Server Internal LDAP Authentication Userpassword? Again?

Installing the Sun ONE Portal Server into a Secure Application Server Instance


The install script finishes installing the portal server.

9. Check the /var/sadm/install/logs/pssetup.pid/setup.log file for errors.

10. Stop and restart the application server.

11. Test the Sun ONE Portal Server installation by launching the Portal Desktop ina browser by using:

http://fullhostname:listen-port/portal/dt

If the sample desktop displays without any exception, then your portal serverinstallation is good.

Installing the Sun ONE Portal Server into aSecure Application Server Instance

Setting up the Sun ONE Portal Server to run on an SSL-enabled Sun ONEApplication Server instance is a two-step procedure, First, secure the applicationserver instance into which you will install the portal server. Then install the SunONE Portal Server software.

To Secure the Application Server Instance1. Log in to the Sun ONE Application Server administration console. as

administrator (admin) by entering http://fullhostrname:port in your browser’sweb address field. The default port is 4848. Use the password you entered atinstallation.

2. Select the application server Instance on which you installed or will install theIdentity Server.

The right pane shows that the configuration has changed.

NOTE The password used for the passphrase and the password used forthe Identity Server Internal LDAP Authentication User(amldapuser) password can not be the same. If you use the samepassword for the passphrase and amldapuser password you will beprompted to enter a different password for the amldapuser.



3. Click Apply Changes.

4. Click Restart.

The application server should automatically restart.

5. In the left pane, click Security under the application server instance on whichyou installed or will install the Identity Server.

6. Click the Manage Database tab.

7. Click Create Database if it is not selected.

8. Enter the new database password and confirm it, then click the OK button.

Ensure that you write down the database password for later use.

9. Once the Certificate Database has been created, click the CertificateManagement tab.

10. Click the Request link if it is not selected.

11. Enter the Request data for the certificate as follows:

a. Select if this is a new certificate or a certificate renewal.

Many certificates expire after a set period of time, such as six months or ayear. Some Certificate Authorities (CA) will automatically send you arenewal.

b. Specify how you want to submit the request for the certificate.

• If the CA expects to receive the request in an email message, check CAEmail and enter the email address of the CA. For a list of CAs, clickList of available certificate authorities.

• If you are requesting the certificate from an internal CA that is usingthe Sun ONE Certificate Server, click CA URL and enter the URL forthe Certificate Server. This URL should point to the certificate server’sprogram that handles certificate requests.

c. Select the cryptographic module for the key-pair file you want to use whenrequesting the certificate from the drop-down list.

d. Enter the password for your key-pair file.

This is the password you specified in Step 8.



e. Enter your identification information.

In the Common Name field, enter the full name of the server including theport number, for example myserver1.sesta.com:80.In the Locality andState or Province fields, spell out your location completely. Abbreviations,such as CA for California, will not work.

12. Click OK button, you will see a message such as:

--BEGIN NEW CERTIFICATE REQUEST---afajsdllwqeroisdaoi234rlkqwelkasjlasnvdknbslajowijalsdkjfalsdflasdfalsfjawoeirjoi2ejowdnlkswnvnwofijwoeijfwiepwerfoiqeroijeprwpfrwl--END NEW CERTIFICATE REQUEST--

13. Copy all of this text to a file. Click OK.

Ensure that you get the Root CA certificate.

14. You will receive an e-mail certificate response containing the certificate, suchas:

--BEGIN CERTIFICATE---afajsdllwqeroisdaoi234rlkqwelkasjlasnvdknbslajowijalsdkjfalsdflasdfalsfjawoeirjoi2ejowdnlkswnvnwofijwoeijfwiepwerfoiqeroijeprwpfrwl--END CERTIFICATE--

15. Copy this text into your clipboard, or save the text into a file.

16. Go the Sun ONE Application Server administration console and click on Installlink.

17. Select Certificate for This Server.

18. Enter the Certificate Database password in the Key Pair File Password field. Itis the same password you entered in Step 8.

19. Paste the certificate into the provided text field, Message text (with headers), orenter the filename in the Message is in this file text box. Select the appropriateradio button.

20. Click OK button.

The browser displays the certificate, and provides a button to add thecertificate.

21. Click Add Server Certificate.

22. Install the Root CA Certificate in the same manner described in Step 9 throughStep 21. In Step 17, select Certificate for Trusted Certificate Authority instead.



23. Once you have completed installing both certificates, expand HTTP Servernode in the left pane

24. Select HTTP Listeners under HTTP Server.

25. Select http-listener-1.

The browser displays the socket information.

26. Change the value of the port used by http-listener-1 to a more appropriatevalue such as 443.

27. Select SSL/TLS Enabled.

28. Select Certificate Nickname.

29. Specify the Return server.

This should match the common name specified in Step 11.

30. Click Save.

31. Select the application server instance on which you will install the Sun ONEPortal Server software.



33. Click Restart.


To Install the Sun ONE Portal Server to Run asSSLOnce the Sun ONE Application Server instance is secured, install the Sun ONEPortal Server software as follows:

1. Go to the directory where the portal server software is, then type the installcommand:

# ./pssetup


3. Select option 1, Sun ONE Application Server, as the deployment type.



4. Do not accept the default settings—enter n at the prompt.

5. Enter the application server password and server passphrase and hit return toaccept the default values for each prompt except the Run SSL on <hostname>?

y/[n] prompt. Do not accept the default value of n. Enter y at this prompt touse SSL.

6. At the What port should be used to access the portal server? [443] prompt,enter the port number that was entered as the http-listener1 in Step 26 of “ToSecure the Application Server Instance” on page 85.

7. Review the values that will be used for the install and if they are correct acceptthem.

8. Log in to the Sun ONE Application Server administration console. asadministrator (admin) by entering http://fullservername:port in yourbrowser’s web address field. The default port is 4848. Use the password youentered at installation.

9. Select the application server instance on which you installed or will install theSun ONE Identity Server. The right pane shows that the configuration haschanged.

10. In the left pane, click Security under the application server instance on whichyou installed the Identity Server/Portal Server.

11. Select the JVM Settings Tab in the right pane.

12. Select the JVM Options link.

13. Type -Djava.protocol.handler.pkgs=com.iplanet.services.comm intoJVM Option text field and click Add.

14. Click Save.

15. In the Sun ONE Application Server administration console, select theapplication server instance on which Identity Server is running.



17. Click Restart button.


18. Open the AMConfig.properties file in a text editor. By default, the location ofthis file is the /opt/SUNWappserver7/SUNWam/lib directory.



19. Set property com.iplanet.am.admin.cli.certdb.dir toAPP_SERVER_INSTANCE_DIR/config. For example,/var/opt/SUNWappserver7/domains/domain1/server1/config.

20. Set property com.iplanet.am.admin.cli.certdb.prefix to empty.

For example, this line will have the following value by defaultcom.iplanet.am.admin.cli.certdb.prefix=https-<fqdn>-<hostname>-.Change it to com.iplanet.am.admin.cli.certdb.prefix=.

21. Save the AMConfig.properties file.

22. Restart the application server Instance from command line. It should promptyou for password. Enter the Certificate Database password.

91

Appendix B

Sun ONE Portal Server 6.1Installation for BEA Application

Server

Sun™ ONE Portal Server 6.1 software can be deployed on BEA WebLogic Server6.1 (SP4) using it as its web application container. The Portal Server software usesthe web server that is supplied with the WebLogic server.

This supplement contains the following sections:

• Overview


• Pre Portal Installation Tasks

• Installing the Portal Server Software

• Setting Up Sun ONE Portal Server on BEA Clusters

Familiarity with Sun ONE Portal Server 6.1 Release Notes, Sun ONE Portal Server 6.1Installation Guide, and Sun ONE Portal Server 6.1 Administrator’s Guide arerecommended before using this supplement. The installation information onlydescribes the procedure for installing the Sun ONE Portal Server with defaultsettings and includes the sample desktop.

Overview


OverviewThe BEA WebLogic server is a Java™ application server that enables deploymentof web applications, such as the Sun ONE Portal Server software. WebLogicimplements the J2EE™ platform specification and supports servlets, JSPs,Enterprise JavaBeans™ (EJB™), and other platform services. In addition, theWebLogic Server can also act as a fully functional web server to serve up staticHTML and image files as well as JSPs and servlets.

When installing the Sun ONE Portal Server software, the script assumes you areusing BEA WebLogic. It sets up the appropriate default directories, then creates anumber of .war files for the Portal and Identity Server web applications, anddeploys them on the WebLogic server. The Portal Server installation script updatesthe startWebLogic.sh, startManagedWebLogic.sh and config.xml files so thatthe Portal Server software can work with the WebLogic software.

Since you are using the BEA WebLogic Server, the install script needs to know theapplication server root (Deploy) directory (/opt/bea/wlserver6.1, the default,WL_HOME in the BEA documentation), the application server Domain(mydomain), the application server instance (myserver), the instance listen port, theWebLogic administration server port, and the password you entered for theadministration of the WebLogic Server. The Portal Server installation summarylists the deployment information related to WebLogic.









Appendix B Sun ONE Portal Server 6.1 Installation for BEA Application Server 93



Software RequirementsThe software discussed here is required for a successful installation of the SunONE Portal Server software. No other versions of these software products aresupported.

• BEA WebLogic Server 6.1 SP4

• Sun™ ONE Identity Server 6.0 SP1, included in the Portal Server installation

• Java™ Development Kit (JDK™) installed with BEA WebLogic 6.1 SP4

Space RequirementsTable B-1 is a three column table. The first column lists the directory, the secondcolumn lists the required size, and the third column contains additional comments.

Table B-1 Space Requirements


/etc/opt 200 MB


Application server basedirectory (/opt/bea)


DS_BASEDIR(/usr/ldap)

300 MB For Directory Server.







S1PSBASEDIR(/opt/bea)

100 MB For Secure Remote Access support on themachine that has the Portal Server softwarewhen the gateway is on a separatemachine.

Pre Portal Installation Tasks


Operating System RequirementsThe Sun ONE Portal Server software requires at least a user distribution of theSolaris™ 8 software as the operating system. Solaris 8 requires the followingoperating system patches as well for a successful installation of the product:

• 109326-03

• 108434-03

• 108827-15

• 112438-01


Pre Portal Installation Tasks1. Start the WebLogic admin server using the startWebLogic.sh script.

2. If you are installing Portal Server on a managed WebLogic instance, start themanaged instance using the startManagedWebLogic.sh script

3. Using a web browser try to access the weblogic server on the port you areplanning to install portal. This step is to ensure that the document root is setupcorrectly on the instance portal server is being installed. If you get a HTTPerror when you access the server, please read the BEA WebLogic 6.1documentation for more detail on how to configure a the document root andthe WebLogic DefultWebApp.

Installing the Portal Server SoftwareThis installation example only gives the procedure for installing the Sun ONEPortal Server with default settings, except for the JDK. It includes the sampledesktop. The installation script sets the parameters needed. You supply theWebLogic password and a Portal Server passphrase to complete the install.

Installing the Portal Server Software


The Portal Server installation script changes these WebLogic files to facilitaterunning the Portal Server software on the WebLogic Server: startWebLogic.sh,startManagedWebLogic.sh, and config.xml.

1. The WebLogic Server must be running. Go to the directory where the portalsoftware is, then type the install command:

# ./pssetup


3. Select option 2, BEA WebLogic, as the deployment type.

A list of the default values is displayed. The organization, host name, instancename, access URL and deploy instance are based on your machine name andyour domain name.

4. When asked: Use the settings?, type n to change the values as necessary. Thevalues entered for the following questions depend on wether you are installingSun ONE Portal Server on a managed instance or an administration instance.

NOTE The search module needs special configuration when the Sun ONEPortal Server is being installed in a WebLogic cluster. Please referthe Sun ONE Portal Server 6.1 Release Notes for this information.

NOTE The document root value of DefaultWebApp needs to be deployedto the WebLogic instance you are running the Portal Server softwareon. DefaultWebApp is the default web application, from which isserved static content in a WebLogic server. By default it is onlydeployed to the domain (mydomain) and the server instancedefined or created during the BEA WebLogic install. This meansthat if you create your own WebLogic domain or server, you need todeploy the DefaultWebApp to it, either by copying the directory tothe new server’s deployment directory, or by using the WebLogicadmin console. See the BEA documentation for more detail on howto configure a default web application.



❍ What is the application server instance name?

If you are installing Sun ONE Portal Server on an administration serverinstance this will be the name of the adminserver instance. Otherwise itwill be the name of the managed server instance.

❍ What is the Application Server document root?

The document root value of DefaultWebApp needs to be deployed to theWebLogic instance you are running the Portal Server software on.DefaultWebApp is the default web application, from which is served staticcontent in a WebLogic server. By default it is only deployed to the domain(mydomain) and the server instance defined or created during the BEAWebLogic install. This means that if you create your own WebLogicdomain or server, you need to deploy the DefaultWebApp to it, either bycopying the directory to the new server’s deployment directory, or byusing the WebLogic admin console. See the BEA documentation for moredetail on how to configure a default web application.

❍ What is Application Server administration port?

If you are installing on an administration server instance your responseshould be same as the response for the question: What is the admin serverport?

5. Enter a passphrase for the portal server and confirm it.

6. Enter a value for the Identity Server Internal LDAP Authentication User(amldapuser) password and confirm it.

7. After all of the questions have been answered, a list of the values is displayed.If these values are correct, respond y to the question: Use these settings? [y]/n

The following installation summary is for a managed server installation.




The install script finishes installing the Portal Server.

To verify the installation:


2. Restart the WebLogic server instance into which Sun ONE Portal Server wasdeployed

Application Server summary------------------------Directory: /opt/bea/wlserver6.1Domain: mydomainInstance: psserverDocument Root:/opt/bea/wlserver6.1/config/mydomain/applications/DefaultWebAppAdministration URL: http://myappserver.sesta.com:7001

Directory Server installation summary-------------------------------------Base Directory: /usr/ldapHost: myappserver.sesta.comPort: 389Instance: myappserverRoot Suffix: dc=iplanet,dc=comDirectory Manager: cn=Directory ManagerAdministrator: adminAdministration Port: 58900

Identity Server installation summary------------------------------------Base Directory: /opt/beaAccess URL: http://myappserver.sesta.com:80JDK Directory: /opt/bea/jdk131

Portal Server installation summary----------------------------------Base Directory: /opt/beaDeployment URI: /portalSample Portal: yUpgrade Mode: n

Use these settings? [y]/n y

Setting Up Sun ONE Portal Server on BEA Clusters


3. Test the portal server installation by launching the portal desktop in a browserby using:

http://full-hostname:listen-port/portal/dt

If the sample desktop displays without any exception showing in theWebLogic command window, then your Portal Server installation is good.

If you will be supporting multiple authentication methods, for example, LDAP,UNIX, Anonymous, you must add each authentication type to the Coreauthentication service to create an authentication menu. See the Sun ONE PortalServer 6.1 Administrator’s Guide for further information.

Setting Up Sun ONE Portal Server on BEAClusters

This section gives a brief description and example of how the Portal Serversoftware can be used with BEA WebLogic clusters.

NOTE To provide UNIX login for your users, configure UNIXauthentication in the Portal Server administration console, then stopand restart the amserver:

# /etc/init.d/amserver stop

# /etc/init.d/amserver start



For our example, there are five machines. All the machines must be on the samesubnet. One has a directory server only (DSmach). Another is the WebLogicadministration server (AS). There are three cluster machines (CS1, CS2, and CS3). Ifyou want to support load balancing, an additional machine or the administrationserver machine may be configured as a proxy servlet for load balancing. You mayalso use a hardware-based load balancer. Load balancing is needed for clusters. Inthis example, the proxy is on the administration server.

Install the directory server on DSmach. Install BEA WebLogic on all four of theother machines using the default installation. Check that all servers are workingcorrectly.

On the four machines with WebLogic, using the BEA instructions, create a newdomain (NEWDOMAIN on all machines) consisting of an administration serverwith listen port of 7001 (ADMINSERVER on all machines) and another server witha listen port of 80 (PORTALSERVER on all machines). Each listen port should bethe same; the example uses 80.

Next install the Portal Server software on the four machines to the managed serverinstance (PORTALSERVER).

1. Respond n to the question: Use these settings? [y]/n

A list of questions follows.

NOTE • For a cluster, all the machines must be on the same subnet. AllBEA instances participating in the cluster must listen on thesame port. In order to run the Portal Server software withsession failover successfully you need three managed serversrunning the Portal Server software.

• Do not run perftune if you are planning on using clusters.

• SRA does not work with clusters.

• The BEA proxy does not load balance. All server instances in aBEA cluster must use the same listen port. The new clusterservlet needs to be used forweblogic.servlet.proxy.HttpClusterServlet.

• Resonate 3.3 cannot load balance a BEA cluster.



2. Accept the default values except for these questions. These questions show thevalues that need to be changed and important default values. This example isfor the WebLogic Administration server. The installation values for the clustermachines is similar.

What is the Application Server domain? [mydomain] NEWDOMAIN

What is the Application Server instance? [myserver] PORTALSERVER

What is the Application Server administration port? [7001]

What port should be used to access the Portal Server? [80]

Use an existing Directory Server? y/[n] y

What is the name of the directory server?[...] DSmach

Answer the questions about the directory server appropriately.

3. Stop and restart all the servers (the Portal Server, the managed server and theadministration server) on all the machines.

4. Check and see that the installations were successful.

5. Log in to the Sun ONE Identity Server admin console as administrator.

By default, Identity Management is selected in the location pane and Allcreated organizations are displayed in the navigation pane.

6. Choose Service Configuration in the location pane.

7. Click on the Properties arrow next to Platform in the navigation pane.

8. Check that the Server List has the full-ps-servername for the machine you plan toput the proxy on. In our example, the machine is http://AS.sesta.com:80.

9. Click Save.

To set up a cluster:

1. Using the admin console of the admin machine AS(http://AS:7001/console), create a server for each of the machines to be inthe cluster.

a. Select Servers, configure new Server.

b. Use the machine name for the new servername: CS1, CS2,and CS3.

2. Stop all the servers on the machines to be in the cluster.



3. Restart those servers, but have them connect to the admin server AS. Forexample,

# ./startManagedWebLogic.sh CS1 AS:7001

4. Using the admin console of the admin machine AS(http://AS:7001/console), create the cluster.

a. Select Clusters, Configure a new Cluster.

For Name, the example uses NEWCLUSTER.

b. For Address, put in the names for the servers representing the machines tobe clustered: CS1,CS2,CS3.

c. Inside this same window, select the Servers tab, then select the servers CS1,CS2, and CS3; move them from the Available box to the Chosen box.

For more detail, see the BEA WebLogic instructions to set up a cluster.

As you set up clusters remember the following:

• Stop and restart all the servers each time you change the cluster configuration.

• Set up your cluster on the administration server (AS) machine in theNEWDOMAIN ADMINSERVER WebLogic admin console.

• Use the BEA tool to test for multicasting.

Check to see that cluster is set up correctly by going the WebLogic administrationconsole, selecting Cluster in the left pane, selecting the Monitoring tab in the rightpane, then select Monitor server participation in cluster. If one or more of thestarted server instances does not appear in the display, use the BEA tool to verifythe correct multicast addresses and port numbers.

If you are going to use a proxy servlet for load balancing, create a web.xml file foryour cluster to use to configure the load balancing servlet. Using a temporarydirectory make a subdirectory WEB-INF. The web.xml file is the only file in adirectory (WEB-INF). Use the fully qualified machine names in the file.

NOTE If you want to start and stop the WebLogic managed serversremotely from the administration console, you need to configureand run a BEA Node Manager. See the BEA documentation fordetailed information.



Make web.xml with your cluster server values into a .war file (jar cvfproxy.war WEB-INF). Deploy it on the WebLogic administration server using thejava weblogic.deploy command supplied by the WebLogic server software. Inthe WebLogic administration console on the administration server, expand Serversand select PORTALSERVER:80, and click the HTTP tab. Set the Default Web

Code Example 1 Sample web.xml File

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN""http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>

<servlet> <servlet-name>HttpClusterServlet</servlet-name>

<servlet-class> weblogic.servlet.proxy.HttpClusterServlet

</servlet-class>

<init-param> <param-name>WebLogicCluster</param-name> <param-value>

CS1.domain.COM:80:7002|CS2.domain.COM:80:7002|CS3.domain.COM:80:7002 </param-value>

</init-param>

</servlet>

<servlet-mapping> <servlet-name>HttpClusterServlet</servlet-name> <url-pattern>/</url-pattern>

</servlet-mapping>

<servlet-mapping> <servlet-name>HttpClusterServlet</servlet-name> <url-pattern>*.jsp</url-pattern>

</servlet-mapping>

<servlet-mapping> <servlet-name>HttpClusterServlet</servlet-name> <url-pattern>*.htm</url-pattern>

</servlet-mapping>

<servlet-mapping> <servlet-name>HttpClusterServlet</servlet-name> <url-pattern>*.html</url-pattern>

</servlet-mapping>

</web-app>



Application to the proxy. Restart the PORTALSERVER server. Or after making the.war file, copy the .war file to the applications directory in the NEWDOMAIN onthe administration machine (AS). Select Web Applications, click Configure a newWeb Application, enter proxy as the Name and give the complete path to the .warfile. Click Create. In the left pane under Web Applications, click proxy; in the rightpane, click the Target tab, and move PORTALSERVER from the Available box tothe Chosen box.

Next you need to deploy the Portal Server software to the cluster. So for each webapplication (amconsole, amserver and portal) follow these steps.

1. Go to the WebLogic administration console for the administration server(AS:7001/console).

2. Expand Web Applications in the left pane, then select one of the Portal Serversoftware web applications (amconsole, amserver and portal).

3. Undeploy the admin server (you have installed Portal on the PORTALSERVERserver, but it is not part of the cluster, so now you remove it from this server).

a. Select the Target tab, then the Servers sub-tab.

b. Move your server name from Chosen to Available box and click Apply.

4. Click the Edit Web Application Descriptor link; click the Configure a new WebApp Ext Descriptor link.

5. In the left pane under WebApp Ext, Select Session Descriptor.

6. In the right pane, change Persistent Store Type to replicated. Click Apply.

7. Select top topic in the left pane, Web Descriptor or iDSAME Services. SelectPersist. Close this window.

8. Select the Target tab, then the Cluster sub-tab.

9. Move your cluster name (NEWCLUSTER) from Available to Chosen box andclick Apply.

10. For each of the three Portal Server machines, go to the /opt/bea/SUNWam/libdirectory and open the AMConfig.properties files with a text editor.



11. Set the following values on all the machines:

com.iplanet.am.session.failover.enabled=true

com.iplanet.am.replica.enable=true

com.iplanet.am.naming.url=http://AS.sesta.com:80/amserver/namingservice

com.iplanet.am.notification.url=http://AS.sesta.com:80/amserver/notificationservice

com.iplanet.am.session.server.host=AS.sesta.com

com.iplanet.am.server.host=ASNMS.sesta.com

com.iplanet.services.cdsso.CDCURL=http://AS.sesta.com:80/amserver/cdcservlet

com.iplanet.services.cdc.authLoginUrl=http://AS.sesta.com:80/amserver/login

12. Stop and restart all the servers. For the managed servers, on each machine,type:

# ./startManagedWebLogic.sh managed-servernamehttp://AS.sesta.com:80

13. Check to see if all is working well.

105

Appendix C

Sun ONE Portal Server 6.1Installation for IBM Application Server

Sun™ ONE Portal Server 6.1 can be deployed on an IBM WebSphere ApplicationServer 4.0.5 Advanced Edition using it as its web application container.

This supplement contains the following sections:

• Overview


• Installing the Portal Server Software

• Creating an Application Server Instance

Familiarity with Sun ONE Portal Server 6.1 Release Notes, Sun ONE Portal Server 6.1Installation Guide, and Sun ONE Portal Server 6.1 Administrator’s Guide arerecommended before using this supplement. The installation information onlydescribes the procedure for installing the Sun ONE Portal Server with defaultsettings and includes the sample desktop.

OverviewThe IBM WebSphere Server is a Java™ application server that enables deploymentof web applications, such as the Sun ONE Portal Server, and web services. The IBMWebSphere Server implements the J2EE™ platform specification and supportsservlets, JSPs, JavaBeans™, and other platform services. In addition, the IBMWebSphere Server allows you to use the Sun ONE Web Server to serve up staticHTML and image files as well as JSPs and servlets.



When installing the Sun ONE Portal Server software, the script asks you whichdeployment type you are using. Once you select IBM WebSphere Server, the installscript sets up the appropriate default directories and adds a number of .war filesthat facilitate running the Portal Server on a IBM WebSphere Server.

Since you are using the IBM WebSphere Server, the install script needs to know theapplication server directory is (/opt/WebSphere/AppServer, the default) and thename of the application server instance on which the Portal Server will bedeployed. The Portal Server installation summary lists the deployment informationrelated to the application server.




• Space Requirements


• Additional Software Requirements for WebSphere







Appendix C Sun ONE Portal Server 6.1 Installation for IBM Application Server 107

Software RequirementsThe software discussed here is required for a successful installation of the SunONE Portal Server software. Other versions of these software products are notsupported.

• IBM WebSphere Server 4.0.1 AE upgraded to 4.0.5.

• Sun™ ONE Identity Server 6.0 SP1, included in the Portal Server installation.

• Java™ Development Kit (JDK™) 1.3.1_05, which is provided with upgrade toIBM WebSphere 4.0.5.

Space RequirementsThese requirements are the ones that are checked for in the Portal Serverinstallation script. Table C-1 is a three column table. The first column lists thedirectory, the second the size in megabytes, and the third adds relevant comments.

Table C-1 Space Requirements


/etc/opt 200 MB


Portal installation basedirectory (/opt)


DS_BASEDIR (/usr/ldap) 300 MB For Directory Server.







S1PSBASEDIR (/opt) 100 MB For Secure Remote Access support on themachine that has the Portal Server softwarewhen the gateway is on a separatemachine.



Operating System RequirementsThe Sun ONE Portal Server software requires at least a user distribution of theSolaris™ 8 software as the operating system. Solaris 8 requires the followingoperating system patches as well for a successful installation of the product:

• 109326-03

• 108434-03

• 108827-34

• 112438-01

• Solaris 8 patch cluster 5/6/2002, required for WebSphere


Additional Software Requirements forWebSphereThere are FixPaks from IBM for DB2 and WebSphere that are required. TheWebSphere FixPak upgrades the 4.01version base to version 4.0.5. The listed eFixfrom IBM is also required.

• eFix (APAR): pq51545

• FixPak for DB2 (FP8_484613)

• FixPak for WebSphere upgrade to 4.0.5 (was40_ae_ptf_5_SUN.tar)

Installing the Portal Server SoftwareThis installation example only gives the procedure for installing the Sun ONEPortal Server with default settings, which includes the sample desktop. Theinstallation script sets the parameters needed. You supply a Portal Serverpassphrase to complete the install.



1. Go to the directory where the portal software is, then type the installcommand:

# ./pssetup


3. Select option 1, IBM WebSphere, as the deployment type.

4. At the install script query for the application server directory, accept thedefault /opt/WebSphere/AppServer.

A list of default settings is displayed with the following values.

NOTE Portal Server cannot be installed into an application server instanceor domain whose name contains a dash or a space, for example,Default-Server or Default Server. If you try to install into anapplication server instance or domain with a dash or space in thename, the installation script returns the error message Invalidresponse! and prompts for the application server domain orapplication server instance name again.

NOTE Be sure that /usr/bin/jar exists. If not, add appropriate link.

NOTE To install the Portal Server, the application server instance to whichyou install must already exist. You can create a new applicationserver instance or use an existing instance; however, the instancename must not contain a space.

The install program defines the default application server instanceas Default_Server. If you want to perform an install of the PortalServer software to an application server instance namedDefault_Server you would need to create the instance beforestarting the Portal Server install. See “Installing the Portal ServerSoftware” on page 108 for information.



5. Accept the settings if they are correct, otherwise change as necessary.

6. Enter a passphrase for the portal server and confirm it

The install script finishes installing the Portal Server.

7. Enter and confirm a value for the Identity Server Internal LDAPAuthentication User (amldapuser) password.

Application Server summary------------------------Directory: /opt/WebSphere/AppServerVirtual Host: default_hostNode:myappserverInstance: Default_ServerDocument Root: /opt/IBMHTTPD/htdocs

Directory Server installation summary-------------------------------------Directory: /usr/ldapHost: myappserver.sesta.comPort: 389Instance: myappserverRoot Suffix: dc=iplanet,dc=comDirectory Manager: cn=Directory ManagerAdministrator: adminAdministration Port: 58900

Identity Server installation summary------------------------------------Base Directory: /optAccess URL: http://myappserver.sesta.com:80

Portal Server installation summary----------------------------------Base Directory: /optDeployment URI: /portalSample Portal: yUpgrade Mode: n

Use these settings? [y]/n y

Creating an Application Server Instance



9. Stop and restart the application server instance and the application servernode.

10. Test the portal server installation by launching the portal desktop andadministration console in a browser by using:

http://full-hostname:listen-port/portal/dt andhttp://full-hostname:listen-port/amconsole

If the sample desktop and administration console display without anyexception, then your Portal Server installation is good.

Creating an Application Server InstanceTo install the Portal Server, the application server instance to which you installmust already exist. You can create a new application server instance or use anexisting instance; however, the instance name must not contain a space.

For example, the Portal Server installation program defines the default applicationserver instance for an IBM WebSphere Application Server as Default_Server. Ifyou want to perform an install of the Portal Server to the application serverinstance Default_Server you would need to create an application server instancenamed Default_Server using the Create Application Server wizard in theadministration console before starting the Portal Server install.

1. Open the admin console. For example, to start the console installed in thedefault base directory of /opt, type:

/opt/WebSphere/AppServer/bin/adminclient.sh

2. Click Console, Wizards, and Create Application Server.


Creating an Application Server Instance


3. On the Specifying Application Server Properties page, enter the following:

Application Server: Default_Server

Node to install server on: node_name

where node_name is the machine name on which the application server isinstalled.

4. Click Next and Finish.

113

Appendix D

Setting Up LDAP Replication for theSun ONE Portal Server

The main reason for using LDAP replication for your Sun™ ONE Portal Server isto provide higher availability.

This procedure requires that you install the Sun™ ONE Directory Server softwareon all the machines you want to use for replication, then set up the replication.Next, you install the application server and Portal Server software. The applicationand Portal Server software can be installed on the machines to be used forreplication or on separate machines. Before using the portal server software, youneed to update a number of configuration files.

The following instructions are for setting up two machines: one machine with SunONE Portal Server software (ps-server) including LDAP and one machine with justLDAP (x-ldap-server). Replication is set up between the two machines and LDAPfailover is set up on the machine with the Sun ONE Portal Server software.

For more details and other replication set ups, see Chapter 8, Managing Replicationin the Sun ONE Directory Server Administrator’s Guide.

These instructions assume that the default values are used except wherespecifically noted.

On both machines, install the directory server.

1. In a terminal window on the machine that will have the portal serverinstallation, as root, go to the directory where the portal server software is andtype:

# ./pssetup

2. Select 2, Install Directory Server only.

3. Remember the passphase.


Setting Up Replication on the Sun ONE PortalServer Machine1. As root, in a terminal window start the directory server console by typing:

# /usr/ldap/startconsole

2. In the login window that is displayed, enter admin as the user name and thepassphrase you chose earlier.

3. In the left pane of the console, expand the directory.

4. Select Directory Server (ps-server).

5. In the right pane, click Open.

A pop-up window is displayed.

6. Select the Configuration tab.

7. Expand Replication in the left pane.

8. Select Replication.

9. Check Enable Changelog check box in the right pane.

10. Click Use default button in the right pane.

The default directory value is entered in the Changelog database directory textfield.

11. Click Save.

12. Select userRoot in the left pane.

13. Check Enable Replica check box in the right pane.

14. Select Multiple Master.

15. Enter a number (1-255) in the Replica ID box. This number needs to be uniquefor each master.

16. Enter cn=Directory Manager in the Enter the Supplier DN box.

17. Click Save.

18. In the tool bar, click Object and select New Replication Agreement.

19. Enter a name (you can use the name of the x-ldap-server) for the replicationagreement. Add a brief description.

20. Click Next.

Appendix D Setting Up LDAP Replication for the Sun ONE Portal Server 115

21. Select Other and insert the fully qualified distinguished name of the machineto be connected to with the port number (default 389).

22. Click OK.

23. For Bind as, use cn=Directory Manager and insert the password for thedirectory server on the x-ldap-server machine being connected to.

24. Click Next.

25. Click Next again.

26. Select Do Not Initialize Consumer and click Next.

The replication agreement is displayed.

27. Click Done if it is correct.

28. Click OK.

Setting Up Replication on the Dedicated LDAPMachine1. As root, in a terminal window start the directory server console by typing:


2. In the login window that is displayed, enter admin as the user name and thepassphrase you chose earlier.

The console is displayed.

3. In the left pane of the console, expand the directory.

4. Select Directory Server (x-ldap-server).

5. In the right pane, click Open.

A pop-up window is displayed.

6. Select the Configuration tab.

7. Expand the Replication in the left pane.

8. Select Replication.

9. Check Enable Changelog check box in the right pane.


10. Click Use default button in the right pane.

The default directory value is entered in the Changelog database directory textfield.

11. Click Save.

12. Select userRoot in the left pane.

13. Check Enable Replica check box in the right pane.

14. Select Multiple Master.

15. Enter a number (1-255) in the Replica ID box. This number needs to be uniquefor each master.

16. Enter cn=Directory Manager in the Enter the Supplier DN box.

17. Click Save.

18. In the tool bar, click Object and select New Replication Agreement.

19. Enter a name (you can use the name of the ps-server) for the replicationagreement. Add a brief description.

20. Click Next.

21. Select Other and insert the fully qualified distinguished name of the machineto be connected to with the port number (default 389).

22. Click OK.

23. For Bind as, use cn=Directory Manager and insert the password for thedirectory server on the ps-server machine being connected to.

24. Click Next.

25. Click Next again.

26. Select Initialize consumer now and click Next.

The replication agreement is displayed.

27. Click Done if it is correct.

28. Click OK.

NOTE To check replication status, select the Status tab. Select ReplicationStatus in the left pane. The right pane displays the name of yourreplication agreement. You may need to click the Refresh button ifyou are using multiple replication agreements.


29. In this set up the Sun ONE Portal Server machine’s LDAP is a consumer of thisLDAP and this LDAP is a consumer of the portal server machine’s LDAP. Sofor each additional consumer portal server machine, repeat Steps 20 to 30.

30. Stop each LDAP that has been initialized (Step 26), then restart. For example,log into the supplier machine (ps-server) as root and type:

# /usr/ldap/slapd-servername/stop-slapd# /usr/ldap/slapd-servername/start-slapd

Adding More SuppliersWhen making the replication agreements, each master must have an agreementwith every other master. Any supplier you initialize, you need to restart.

Configuring the Sun ONE Portal Server Software1. Install the Sun ONE Portal Server software. See Chapter 2, “Installing Sun

ONE Portal Server.”

2. Go to the S1PSBaseDir/config/ums/serverconfig.xml file. Set theconfiguration to point to the local LDAP.

a. Copy the Server1 line right below itself.

b. Edit the lines so they have these values:

NOTE To check replication on the consumer, start the directory serverconsole, expand the directory in the left pane and select DirectoryServer. Click Open and select the Directory tab on the pop-upwindow. Expand the entry for the root suffix (default isp). Notethat there are few nodes. After installing Sun ONE ApplicationServer and Portal Server software, and starting replication, checkisp again. If replication is set up correctly, there should be manynodes.

NOTE The directory server should already be installed. When installing theSun ONE Portal Server, select the option to use an existing DirectoryServer and use the directory manager password for that server.


<Server name="Server1" host="full-ps-servername" port="389" type="SIMPLE" />

<Server name="Server2" host="x-ldap-fullservername" port="389" type="SIMPLE" />

c. If you have multiple suppliers, add similar lines for each one.

<Server name="Server3" host="x-ldap-fullservername2" port="389" type="SIMPLE" />

3. Go to the S1PSBaseDir/lib/AmConfig.properties file (the default is/opt/SUNWappserver7/SUNWam/lib/AmConfig.properties).

a. Check that this line is correct:

com.iplanet.am.directory.host=full-ps-servername

b. Change com.iplanet.am.replica.enable=false tocom.iplanet.am.replica.enable=true.

c. If appropriate, changecom.iplanet.am.session.failover.enabled=false tocom.iplanet.am.session.failover.enabled=true

4. Stop the web application container instance.

5. Stop and restart the amserver.

# /etc/init.d/amserver stop

# /etc/init.d/amserver start

6. In a terminal window, restart the web application container instance.

7. Log in to the Sun ONE Identity Server admin console as administrator.

By default, Identity Management is selected in the location pane and Allcreated organizations are displayed in the navigation pane.

8. Select User Management in the View menu and click on the organization namelink in the navigation pane.

9. Select Services in the Show menu in the navigation pane.

10. Click on the Properties arrow next to LDAP Authentication in the navigationpane.

11. Check that the Primary LDAP box only has the full-ps-servername listed. If youhave multiple LDAP servers, the Primary LDAP box should list localhost orfull-ps-servername|full-ps-servername:389.

12. To the Secondary LDAP box Add the x-ldap-fullservername to the list.

13. Click Save to save the configuration.


14. If you have a number of portal server installations, complete Step 15 to Step 19.If not, you are finished.

15. Return to the root level by clicking root suffix (default isp) in the locationpane.

16. In the View menu, select Service Management.

17. Click on the Properties arrow next to Platform in the navigation pane.

18. Check that the Server List has all of the portal server machines listed using thefull-ps-servername for each server.

19. Click Save.


121

Appendix E

Setting Up the Sun ONE PortalServer to Use Secure External LDAP

Directory Server

In the default install, the Sun™ ONE Portal Server, the Sun™ ONE Identity Server,and the Sun™ ONE Directory Server software are all running on the same host.However, depending on the performance, security, and integration requirementsof your deployment, you might want to run the directory server on a separate,external host and have the portal server access the directory over a secureconnection using Secure Sockets Layer (SSL). In order to access the directory serverover a secure connection, the Sun™ ONE Application Server must be configured totrust the certificate authority that signed the directory’s certificate.

Setting up the Sun ONE Portal Server to use an external LDAP directory, requiresthe following procedures:

• Configuring an existing directory server. This procedure is necessary only ifthe existing directory server was not installed using the pssetup script or thesetup script for Identity. See “Configuring an Existing Directory Server.”

• Installing the Sun ONE Portal Server. See “Installing the Sun ONE PortalServer” in Chapter 2 of this guide.

• Configuring the Directory Server to run SSL. See “Configuring the DirectoryServer to Run in SSL.”

• Creating a trust database. See “Creating a Trust Database.”

• Installing a root Certificate Authority (CA) certificate. See “Installing A RootCertificate Authority (CA) Certificate.”

• Enabling SSL for the Directory Server. See “Enabling SSL for the DirectoryServer.”


Configuring an Existing Directory ServerIf the remote directory server was not installed by using the pssetup installationscript, the directory server must first be configured using the pssetup script. Thisprocedure must be done prior to installing Sun ONE Portal Server 6.1.

To configure an existing Sun ONE Directory Server installation:

1. Log in to the system as superuser.


3. Type:

./pssetup


5. Select the option to configure the Directory Server.

See the section “Checklist for Sun™ ONE Directory Server” in Chapter 1 for alist of the information needed to configure the Directory Server.

6. Accept the default settings if they are correct by typing y. Otherwise, type n tochange the values as necessary.

If you choose n, the script displays a list of settings for which you can enteryour own values.

7. Enter and confirm the directory manager password.

8. Install the Sun ONE Portal Server.

Configuring the Directory Server to Run in SSL1. Verify that both the Directory Server (ns-slapd process) and the Admin Server

(ns-httpd process) are started and running.


Appendix E Setting Up the Sun ONE Portal Server to Use Secure External LDAP Directory Server 123

1. As root, in a terminal window start the directory server console by typing:


2. In the login window that is displayed, enter admin as the user name and thepassphrase for the Directory Server.

3. In the left pane of the console, expand the directory until you see the DirectoryServer instance under Server Group.

4. Select Directory Server instance and click Open.

5. Select Tasks and then Manage Certificates.

The first time you perform this task, you’ll be asked to create a certificatedatabase by entering a password. Make a note of this password as you willneed it later to start up the Directory Server.

6. Click Request.

The Certificate Request Wizard appears. Follow the wizard and complete thesteps to generate a certificate request. The request is sent to a CertificateManagement Server (CMS) for approval. The CMS returns the real certificate.Save a copy of the certificate request by copying the request data to a file.

7. After the certificate request is sent to the CMS, have the administrator of theCMS approve the request and send back the approved certificate.

8. Get the generated certificate for the DS and the CMS certificate.

Since the CMS generated the certificate for DS, the CMS will also have to betrusted by importing its certificate as a root CA.

9. Select Manage Certificates, Server Certificates and then click Install.

The Certificate Install Wizard appears.

10. Copy and paste the approved certificate data from Step 7 into the text area andfollow the steps of the wizard to install the certificate.

When the certificate is successfully installed, the certificate displays as a lineitem on the Server Certificates tab.

11. Select Manage Certificates and CA Certificates, and then click Install.

Copy and paste the CMS certificate data into the text area and follow the stepsof the wizard to install the certificate.

12. Click Close to close the Manage Certificates window.

13. Select Configuration.


14. In the right pane, select Settings.

15. Verify or specify a valid port number in the Encrypted port field and clickSave.

The default is 636.

16. Click Encryption, check the Enable SSL for this server and Use the cipherfamily: RSA check boxes and click Save.

17. Restart the Directory Server and supply the certificate database passwordentered in Step 5.

Your Directory is now listening on port 636 (default) for SSL connections.

Creating a Trust DatabaseWhen you create the trust database, you specify a password that will be used for akey-pair file. You will also need this password to start a server using encryptedcommunications. For a list of guidelines to consider when changing a password,see Changing Passwords or PINs.

In the trust database you create and store the public and private keys, referred to asyour key-pair file. The key-pair file is used for SSL encryption. You will use thekey-pair file when you request and install your server certificate. The certificate isstored in the trust database after installation. The key-pair file is stored encryptedin:

/var/opt/SUNWappserver7/domains/DEPLOY_DOMAIN/DEPLOY_INSTANCE/config/key3.db.

The procedure for creating a trust database depends on the type of web containerthat you are using. The following instructions are for creating a trust database onthe Sun ONE Web Server and can also be found in iPlanet Web Server, EnterpriseEdition Administrator’s Guide at http://docs.sun.com.

For instructions on creating a trust database on the Sun ONE Application Serverrefer to Sun ONE Application Server 7 Administrator’s Guide to Security onhttp://docs.sun.com.

Creating a Trust DatabaseTo create a trust database on the Sun ONE Web Server, perform the followingsteps:


1. Access either the Administration Server or the Server Manager and choose theSecurity tab.

For the Server Manager you must first select the server instance from thedrop-down list.

2. Click on the Create Database link.

3. Enter a password for the database.

4. Repeat.

5. Click OK.

6. For the Server Manager, click Apply, and then Restart for changes to takeeffect.

Using the password.conf FileBy default, the web server prompts the administrator for the key databasepassword before starting up. If you want to be able to restart an unattended webserver, you need to save the password in a password.conf file. Only do this ifyour system is adequately protected so that this file and the key databases are notcompromised.

Normally, you cannot start an Unix SSL-enabled server with the /etc/rc.local orthe etc/inittab files because the server requires a password before starting.Although you can start an SSL-enabled server automatically if you keep thepassword in plain text in a file, this is not recommended. The server’spassword.conf file should be owned by root or the user who installed the server,with only the owner having read and write access to them. On Unix, leaving theSSL-enabled server’s password in the password.conf file is a large security risk.Anyone who can access the file has access to the SSL-enabled server’s password.Consider the security risks before keeping the SSL-enabled server’s password inthe password.conf file.

Installing A Root Certificate Authority (CA)CertificateThe procedure for installing a root CA certificate depends on the type of webcontainer that you are using. The following procedure describes how to install aroot CA on the Sun ONE Web Server, and can also be found in iPlanet Web Server,Enterprise Edition Administrator’s Guide at http://docs.sun.com.


For instructions on installing a root CA certificate on the Sun ONE ApplicationServer refer to Sun ONE Application Server 7 Administrator’s Guide to Security onhttp://docs.sun.com.

1. Go the Web Server console and click on Install Certificate.

2. Click on Certificate for this Server.

3. Enter the Certificate Database password in the Key Pair File Password field.

4. Paste the certificate into the provided text field, or check the radio button andenter the filename in the text box. Click Submit.

The browser will display the certificate, and provide a button to add thecertificate.

5. Click Install Certificate.

6. Click Certificate for Trusted Certificate Authority.

Enabling SSL for the Directory ServerTo enable SSL for the Directory server, edit the AMConfig.properties file. Thisstep is container independent and must be done for Sun ONE Web Server as wellas Sun ONE Application Server.

Change the following settings in the AMConfig.properties file from:

to

com.iplanet.am.directory.ssl.enabled=falsecom.iplanet.am.directory.host=server12.sesta.com (if it needs to be changed)com.iplanet.am.directory.port=51389

com.iplanet.am.directory.ssl.enabled=truecom.iplanet.am.directory.host=server1.sesta.comcom.iplanet.am.directory.port=51631 (port on which DS uses encryption)


If you are using the Sun ONE Application Server as your web container, edit theAMConfig.properties file to point to the certificate database path and prefix usedby Sun ONE Application Server.

Change the following settings from:

to:

Change the connection port and the connection type values in theserverconfig.XML file to change from open mode to SSL.

Edit the serverconfig.XML file and change the following line from:

to:

After making these changes to the configuration files (AMConfig.properties andserverconfig.xml) restart the web container

com.iplanet.am.admin.cli.certdb.dir=/opt/SUNWappserver7/SUNWam/servers/aliascom.iplanet.am.admin.cli.certdb.prefix=https-myappserver.sesta.com-sesta-

com.iplanet.am.admin.cli.certdb.dir=/var/opt/SUNWappserver7/domains/domain1/\server1/configcom.iplanet.am.admin.cli.certdb.prefix=

<Server name="Server1" host="gimli.red.iplanet.com"port="51389" type="SIMPLE" />

to<Server name="Server1" host="gimli.red.iplanet.com"port="51636"type="SSL" />


If using Sun ONE Web Server type:

amserver stop/amserver start

Or use the appropriate method for stopping and starting the application server onwhich Sun ONE Portal Server is installed.

129

Index

Bbrowsers 26

Cchecklist

Java Development Kit 26Sun ONE Directory Server 27Sun ONE Identity Server 31Sun ONE Portal Server 33Sun ONE Web Server 29

Hhardware requirements 24

Iinstall

checklist 26directory layout 34instructions 37migration tools 42, 43post installation tasks 45Sun ONE Directory Server 40, 41, 42, 122Sun ONE Portal Server 37, 39

validation 58

JJava Development Kit

installation checklist 26version 25

Kkernel tuning 70

Mmigration

install tools 42, 43tools 21, 23uninstall tools 63

Pperftune 67, 69, 74production large 68, 75, 78production optimum 68, 74, 77

Section R


pssetup 39, 40, 42, 43, 122

Rrequirements

hardware 24operating system 25software 25

Ssoftware requirements 25Solaris

tuning 70version 25

Sun ONE Directory Serverinstallation checklist 27tuning 72uninstall instructions 63version 25

Sun ONE Identity Serverinstallation checklist 31uninstall instructions 63version 25

Sun ONE Portal Serveraccessing the administration console 60accessing the Desktop 60browser recommendations 26creating multiple instances 57deleting an instance 58Desktop tuning 77directory layout 34hardware requirements 24install instructions 37, 38, 39installation checklist 26, 33installation scenarios 21multiple machines installation 22non-root configuration 45operating system requirements 25single machine installation 22, 23software requirements 25tuning instructions 67

uninstall instructions 63usage patterns 68user nobody configuration 51

Sun ONE Web Serverinstallation checklist 29tuning 74

Ttuning

for Production Large 68, 75, 78for Production Optimum 68, 74, 77Solaris 69Sun ONE Directory Server 72Sun ONE Portal Server 67Sun ONE Portal Server Desktop 77Sun ONE Web Server 74TCP parameters 70the kernel 70

Uuninstall

migration tools 63Sun ONE Identity Server 63Sun ONE Portal Server 63

upgrade 21

Documents

Sun ONE Portal Server 6.1 Installation Guide · Installation Guide Sun™ ONE Portal Server Version6.1 816-6747-10 June 2003