4.1 Planning

 < Day Day Up > 



4.1 Planning

This topic provides hardware and software requirements that are supported for WebSphere Portal and Tivoli Access Manager for e-business products. It also provides the high-level implementation steps needed to install and configure these products.

The following figure depicts the hardware and software configurations used in the lab for implementing a secure portal.

Refer to "Security node" on page 26 and "Application node" on page 26 for a description of each of these nodes.

4.1.1 Hardware and software configurations

This section provides data for hardware and software configurations that have been tested by IBM.

WebSphere Portal

Use the following information as a guide for the installation of WebSphere Portal for secure portal implementation.

Hardware recommendations
  • Processor: CPU speeds of late model, mid-range to high-end servers are recommended: Pentium® 800MHz or the equivalent at a minimum. Production environments should consider the Pentium 4 processor at 1.4GHz or higher.

  • Physical memory: 1024 MB or more per processor

  • Disk space: the following disk space is required if you use the installation program to install WebSphere Application Server, extensions, and fixes, IBM HTTP Server, and WebSphere Portal.

Note 

You can perform a custom installation of the components.

The following list shows the space recommendations by component:

Table 4-1: Disk Space needed for WebSphere Portal components Installation

Component

Install directory

/tmp

WebSphere Portal

1124 MB

50 MB

WebSphere Application Server, extensions and fixes

968 MB

245 MB

IBM HTTP Server

30 MB

n/a

Total

2413 MB

295 MB minimum

Note 

The C partition should have more than 295 MB if the Windows system directory is not C.

  • Virtual memory/swap space: it is recommended that this be equal to double your physical memory. At a minimum, this should be at least equal to your physical memory.

  • File system: the NTFS file system is recommended.

    Note 

    Because the installation program does not check cluster sizes on a file system, install on an NTFS file system to ensure that you have enough disk space. If you intend to install on a FAT file system, make sure that you have enough disk space prior to installation. For information, refer to the Microsoft® support Web site, http://support.microsoft.com, and search for content about default cluster sizes for FAT file systems.

  • Network connectivity: to use Portal across a network, the following is required for the Portal machine:

    • Network adapter and connection to a physical network that can carry IP packets. For example, Ethernet, Token Ring, ATM, and so on.

    • Static IP address.

    • Configured fully-qualified hostname. The portal system must be able to resolve an IP address from its fully-qualified hostname. To ensure that this is configured correctly, you can issue the ping command from a command line. An example command is: ping hostname.yourco.com, where hostname.yourco.com is the fully-qualified hostname.

Software recommendations

The minimum WebSphere Portal components that should be installed are as follows:

Table 4-2: Portal software recommendations

Software

Notes®

WebSphere Portal 5.0

Runs on WebSphere Application Server

IBM WebSphere Application Server Enterprise V5.0 with Fix Pack 1

All of the fixes listed in the for WebSphere Portal 5.0 Release Notes are required.

IBM HTTP Server 1.3.26.1

Used by WebSphere Application Server as a Web (HTTP) Server.

Cloudscape V5.1.26 (required for initial WebSphere Portal Installation)

Cloudscape must be installed on the same machine where WebSphere Portal is installed.

A Web browser (Supported Web Browsers are Microsoft IE 5.5 or above, Mozilla 1.0.2 or above, Netscape Communicator 6.2 or above)

The Java Script option must be enabled in the Web browser.

Note 

In our environment, we implemented Windows 2000 Server with SP3 and WebSphere Portal for Multiplatforms V5.0 Enable Edition.

Please refer to the following URL for more information about installing WebSphere Portal on other operating systems:

  • http://publib.boulder.ibm.com/pvc/wp/500/ent/en/InfoCenter/wpf/os_intr.html

Tivoli Access Manager for e-business

Use the following information as a guide for the secure portal implementation.

Base Servers: consist of the following:

  • Tivoli Access Manager policy server, pdmgrd

  • Tivoli Access Manager authorization server, pdacld

These form the backbone of the Tivoli Access Manager secure domain.

Base Clients: we install two of the base clients, which are used to interact with the base servers and enforce security policy:

  • Tivoli Access Manager runtime component, PDRTE

  • Tivoli Access Manager Java runtime environment component

WebSEAL: Tivoli Access Manager WebSEAL is the security resource manager responsible for managing and protecting Web-based information and resources. WebSEAL provides Single Sign-On capabilities and fine-grained security policy to the protected Web object space.

Tip 

For information about other Tivoli Access Manager 4.1 components, visit the info center at the URL:

  • http://publib.boulder.ibm.com/tividd/td/IBMAccessMangerfore-business4.1.html

Hardware recommendations

Tivoli Access Manager system recommendations are shown in Table 4-3.

Table 4-3: Tivoli Access Manager hardware recommendations

Component

Disk Space (MB)

Memory (MB)

Minimum

Recommended

Additional for ACL database

Additional for Log Files

Minimum

Recommended

Policy Server

20

30

10

 

32

64

Authorization Server

10

20

10

 

32

64

Runtime

75

85

 

10

64

128

Java runtime

5

15

 

10

64

128

WebSEAL

10

100

 

90

64

256

Note 

In general, more disk space and more memory improve performance.

Memory sizes for the runtime components represent total system memory, including the base operating system, and assume no other Tivoli Access Manager components are installed on the same system. Memory sizes for other components are in addition to the base operating system and other components installed on the same system.

Software recommendations

The software recommendations for Tivoli Access Manager for e-business are listed below:

  • Operating System: Windows 2000 Advanced Server with Service Pack 3 (Service Pack 2 is the minimum requirement).

  • Tivoli Access Manager 4.1 Components: Policy Server, Authorization Server, WebSEAL Server. Refer to Table 4-4 on page 45 for the prerequisite software for WebSEAL.

    Table 4-4: Prerequisite Software for WebSEAL

    Product

    Required Patches or Service Level

    Java Runtime Environment

    Windows

    Version 1.3.1 with Service Pack2

    See Note 1.

    IBM Global Security Toolkit (GSKit)

    5.0.5.74

    IBM Directory Server, Version 4.1

    Fix Pack FP411W-02. See note 2.

  • Tivoli Access Manager 4.1 Fix Pack 6: the release notes of WebSphere Portal V5.0 state that the Portal V5.0 and Tivoli Access Manager4.1 integration requires installation of Tivoli Access Manager V4.1 Fix Pack 2. At the time of this writing, the most current release was Tivoli Access Manager V4.1 Fix Pack 6 (which supersedes Fix Pack 2). We installed this Fix Pack release for secure portal implementation.

  • Patches required for associated software: Table 4-4 lists the patches required for associated software and the following notes gives URLs to download the fix packs that are not available on CDs.

Note 
  1. Tivoli Access Manager also supports the Java Runtime Environment included with IBM WebSphere Application Server.

  2. IBM Tivoli Access Manager Base Fixpack 6 can be downloaded from:

    ftp://ftp.software.ibm.com/software/tivoli_support/patches/patches_4.1/4.1-TAM-FP06

  3. IBM Tivoli Access Manger Web Security Fixpack 6 can be downloaded from:

    ftp://ftp.software.ibm.com/software/tivoli_support/patches/patches_4.1/4.1-AWS-FP06

  4. IBM GSKIT 5.0.5.83 should be requested from the Tivoli Support Web site at:

    http://www-3.ibm.com/software/sysmgmt/products/support/ or http://techsupport.services.ibm.com/guides/tivoli_contacts.html

  5. IBM Directory Server V4.1 Fix Pack 2 can be downloaded from the following location:

    ftp://ftp.software.ibm.com/software/network/directory/support/efixes/410IDSFP2/

4.1.2 High-level implementation steps

The following are the high-level steps used to implement the runtime environment for secure portal. The remaining sections of this and the next chapter provide the detailed implementation information for each of these steps. The section "Hardware and software configurations" on page 41 provides a list of all of the software components that are needed. We will install the components in the order shown below:

  1. Installing the WebSphere Portal for Multiplatforms V5.0 Enable Edition.

    1. Create a new user with Administrator privileges before installing the Portal software (this step is optional, but you still must give administrator privileges to a specific user).

    2. When you install WebSphere Portal, it will also install the following components.

      1. IBM HTTP Server V1.3.26

      2. WebSphere Application Server Enterprise Edition V5.0 (from CD#1-1)

      3. IBM Cloudscape V5.1.26

      4. WebSphere Application Server Fix Pack 1 and eFixes (from CD#1-6)

      5. WebSphere Portal Server V5.0.1 (from CD#2)

  2. Installing the LDAP server

    When you install IBM Directory Server, it will also install the following components in the order shown below:

    1. IBM DB2 Server

    2. IBM HTTP Server

    3. IBM Directory Server

    4. IBM Directory Client

  3. Installing Tivoli Access Manager V4.1.5 Components

    This consists of the following steps:

    1. Installing Policy Server

    2. Installing Authorization Server

    3. Installing WebSEAL

    4. Checking Tivoli Access Manager Installation

    5. Installing Fix Packs for Tivoli Access Manager

    6. Modifying LDAP Access Control

    7. Installing Tivoli Access Manager Java RunTime Environment

    8. Installing Tivoli Access Manager Fix Pack



 < Day Day Up > 



Secure Portal. Using Websphere Portal V5 and Tivoli Access Manager V4. 1
A Secure Portal Using Websphere Portal V5 and Tivoli Access Manager V4.1
ISBN: 073849853X
EAN: 2147483647
Year: 2003
Pages: 73
Authors: IBM Redbooks

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net