Secure Remote Access (SRA) in 7.1

Sun Java Systems Enterprise Secure Remote Access version 7.x

The 7.0 release of Portal Server saw the introduction of the JMX Administration. All administrative interfaces in portal now used mbeans to manage the various servers and configuration. A single command line interface was provided for all the administrative activities ( viz. psadmin). The Portal Admin Server (PAS) is the admin server that holds all the configuration of the various mbeans known to the JMX Server. The PAS held its configuration/bootstrap information in LDAP.

Gateway, the main workhorse of Secure Remote Access (SRA) component of Sun's JES stack, resides in the DMZ ( De Militrized Zone) and hence doesnt or rather shouldn't have direct access to LDAP which is inside the corporate firewall. So as a workaround in 7.0 there was a requirement of installation of a local directory server on the Gateway host. This directory server was not required by the Gateway process per se, but was required to bootstrap the administrative interface of Portal Server (PAS). This local directory server contained only the bootstrap information to startup PAS and nothing else. Once the GW is started up using psadmin, this local directory server on the gateway node could very well be shut off and that wouldn't affect the gateway at all. This (installation of a local directory) however was a major restriction and was a big no no.

So in 7.1, release this restriction was done away with. The PAS module on the local gateway box uses a file based JNDI mechanism to load its configuration information and hence no need for a local LDAP on the gateway box. So far so good.

However it recently came to my attention that there was a bug in which it was reported that the LDAP port between GW and the Portal Server was required to be opened. I have traced the issue down and have done the fix for that. It should be checked in by EOD tomorrow. Once this fix is done in the code
base and the product patched with the fix, the flow of traffic from an administrative perspective should follow exactly the diagram below.

So in 7.1 the scenario, as far as the GW, Portal nodes and the firewall is concerned looks pretty much like this. Note this figure is only for as far as the administration of GW is concerned. What I mean by that is, executing of any SRA related psadmin commands on the gateway node. Once the step 8 is completed in the figure below, the gateway starts up and starts serving pages from the portal ( ofcourse the HTTP/HTTPS port for the portal server needs to be opened in the firewall as well, but like I mentioned the figure essentially talks about the admin interface only.)