Novell Home

Building a Secured Corporate Web Application Infrastructure

Novell Cool Solutions: Feature
By Thomas Yeung

Rate This Page

Reader Rating  stars  from 3 ratings

Digg This - Slashdot This

Posted: 14 Jan 2004 		 

Thomas Yeung is a Developer Solutions Engineer at Novell, Inc. You may contact him at tyeung@novell.com

Click here for a PDF of this article.

Welcome to the Building a Secured Corporate Web Application Infrastructure course. This course will help you understand the challenges of developing a modern corporate web infrastructure, accessible from inside and outside the firewall. We will show you how to achieve this by using different Novell technologies. During this course, we will build a simple example using Novell eDirectory, Novell Portal Services, DirXML, and eGuide.

Contents:

Course Description This course is intended to provide you with an introduction of developing a secure web application environment based on user's identity.
Objective You will learn how to build a simple secured Corporate Web Application infrastructure using various Novell Products and technologies.
Estimated time to complete this course It will take about 6-8 hours to complete this course.
Prerequisites Skills
  • Entry level Java Programming skills
  • Entry level SQL skills
    		•
    Required Setup A Windows 2000 Workstation with 256MB RAM min. 512 MB RAM recommended
    Optional Items None
    Required Setup
  • The most recent version of an Internet Browser (Netscape or Internet Explorer)
  • Java Development Kit v1.3.1 or above
  • Jakata Tomcat 3.x
    		•
    Development Environment n/a

    Introduction

    Business requirements are ever changing and are placing more demands on business IT systems. Employees are seeking greater access to your company's information-regardless of where it resides - and easier ways to access that information.

    Customers and trading partners want to conduct business electronically, which requires a level of interoperability that may not even exist in your organization today. And opening your network to the world creates a long list of serious security issues.


    Figure 1: Development Challenges

    To further add to the complexity, business executives would like the ability to exchange information with trading partners and customers without human intervention. The interfaces for these kinds of solutions have to be highly interactive, so they can facilitate business processes and deliver personalized access to relevant resources from different systems around the company. They need to be flexible enough to support any user using any device. They might take the form of enterprise portals, or workflows that streamline and manage business processes. Businesses also need the ability to dynamically reconfigure and enhance these solutions in order to respond rapidly to changing business requirements.

    You can only achieve this level of interaction by addressing both your systems and the business processes that those systems support. To dynamically provide the requested information, applications must be able to draw upon information from any data repository whenever the work step requires that information.

    One Net Solution, The Holy Grail

    IT departments are constantly under pressure to meet the new changes of its corporate environment. As most corporations are spread around the globe, most employee are working at different locations. In order to meet those requirements, the new IT infrastructure needs to be flexible (i.e. information is accessible both inside and outside the firewall). Applications can be access from both intranet as well as Internet. Partners can access their own information securely without the risks of exposing to their competitors. Finally, new employee can be productive on their first day at work. Of course, every decision you make about giving people access to your business, and every effort you make to deliver services or content to people, is based on identity.


    Figure 2: One Net vision solutions

    The Novell IS&T team had been tasked to meet these new requirements. They created solutions around the vision of One Net. There are three major initiatives, of One Net, being implemented by Novell IS&T. They are aimed to provide Novell with the following:

    • eBusiness Lifestyle: Through the creation of the Internet office; Employee can access their services and applications from anywhere.


    • More engaged and enlightened workforce: Through corporate portals that give each employee a personalized 3-dimensional view to their part of Novell's business.


    • Highly productive environment: By implementing a directory-based "Zero Day Start" system for resource access and changes.

    Novell is an organization of over 5,000 employee, doing business in more than 40 countries. Novell probably has a higher PC to employee ratio than most, with some 20,000 PCs on our network. But we also have Sun SPARC systems, HP 9000s and new Linux machines. We run more than 60 applications that relate to varied business processes.

    A key advantage in what we do is that we deploy all of this on an intelligent directory-based infrastructure - on Novell eDirectory - and then we use directory-based Net services applications from Novell, and others, to securely manage how these resources are deployed, configured, and accessed.

    eDirectory and associated Net services make the move to one Net solutions possible. They're the enablers we used to build secured web applications.


    Figure 3: Top issues related to workforce management

    There are many challenges that CEOs are facing. The top issue is related to workforce management, how to find and keep key people? Many companies believe people are the most important asset to their companies. Even though, if they managed to find capable people to work for them, the time for new employee to get productive is twenty four months.

    At Novell, when a new employee starts on their first day, they need to go through twenty key process steps, five forms to be filled, enable login for nineteen different applications and seventy one interfaces to go through. This is a daunting task for both Novell HR and IST departments.

    Each employee has many different passwords to remember. They end up having to put sticky notes on their monitor in order to remember their passwords. This poses a serious security risk. In addition, they need to use different URLs to access different applications and forms. There is no central place to access all the applications they need.


    Figure 4: Many logins

    Figure 5 shows the old Novell IS&T infrastructure prior to the One Net solution. This was a nightmare and very costly to maintain the system. However, Novell is not alone. Many companies are suffering with even more complex infrastructure than Novell. The goal for CIO is to streamline and simplify this complexity.


    Figure 5: The old Novell IS&T infrastructure prior to One Net

    Zero Day Start

    As a result, Novell implemented the "Zero Day Start" infrastructure which resulted in dramatic changes across a variety of processes. Figure 6 shows the automated distribution of employee information between different directories and applications today. By using open standards, it simplified a very cumbersome process in the past and a more manageable infrastructure.

    Wide adoption of important new standards are helping make one Net concepts such as Zero Day Start a reality.

    They include:

    • LDAP: the lightweight directory access protocol.
    • XML: for data Interchange between dissimilar applications and directories.
    • SSL: as a security standard, and obviously IP, are also a factor.

    This is an example of how Novell brings its new products up on the production network before the first customer ship. Some of the Novell's customers are already implementing similar solutions.

    The central pieces for Zero Day Start are using eDirectory and DirXML to automate the synchronization of information between the relative systems and provide access to services. eDirectory and DirXML connects the enterprise data systems, like PeopleSoft, to the corporate directory Figure 7. This allows automatic synchronization and authorization between user information and disparate systems.


    Figure 7: Automatic Provisioning.

    In Figure 8 we see an overview of what's going on. With the acceptance of a new job offer by a new employee, an event triggers the generation of a directory account followed by numerous automatic actions including: creation of e-mail, calendaring, instant messaging services, and building access rights timed for the appropriate start-date. An office phone number set to activate on the first day at work.


    Figure 8: An event triggers the generation of a directory account followed by numerous automatic actions.

    Once an account has been created in the Workforce Directory (eDirectory), the person's details will be available in the Novell Corporate Address Book, eGuide automatically. (eGuide is a directory enabled web based corporate address book.) When you initiate a search in eGuide, it will actually search through eDirectory for the records. If there is any changes, eGuide will reflect the changes immediately, see Figure 9.


    Figure 9: Zero Day Start Identity Management

    DirXML continues the process by pushing the information from the Workforce Directory to the PBX phone system. By doing so, monthly phone bills can be generated for each user.

    i-Login

    New employees can start being productive by accessing the Novell Corporate Portal, i-Login. i-Login, see Figure 10, provides different applications and functionalities based on user's identity.


    Figure 10: i-Login

    Managers at Novell get different information related to their role. For instance, Figure 11 shows the management information of Ken's team.


    Figure 11: Manager View

    Figure 12: Novell Portal Services

    Novell Portal Services integrates enterprise applications -like GroupWise and Phoenix into an intelligent portal. The portal references the corporate directory to understand 'who is who' and what services correspond to individuals based on their roles in the company.

    eBusiness Portals provides corporations with significant savings from simplified systems management.

    Using web browser to access "line-of-business" applications means a greatly reduced application training requirement. Training costs approach the million dollar mark for a company of Novell's size. Yet browser access frees individual users from needing to know how to directly run applications, or generate reports from one. The policies linked to their identity as they are authenticated to the Portal can be set to trigger the delivery of a report from the application to the employee's personalized Web page.

    Another example is software distribution savings. With browser access, client software is no longer required to input data to the application. Novell expects its savings from software distribution to be over a million dollars annually. With portal access to applications, software changes will be made at the data center and no longer pushed globally. These factors alone will spur Web based application hosting and browser access.

    Novell's OnDemand and DeFrame Services allow client-server applications, like Vantive and CPP, to be available through the intelligent portal which reduces the burden of these applications on WAN connections.

    Novell's iChain can extend services beyond corporate and private networks to the Internet, as shown in Figure 13. Slow WAN connections can be replaced with fast, inexpensive Internet lines. So all you need is the Internet to do your work.


    Figure 13: Novell iChain extends services beyond corporate and private networks to the Internet.

    Novell customers and partners can access Novell information related to them using Novell eLogin. With eLogin, they can access Novell support, education and partner information based on the identity and preferences.

    To protect and identify a person's identity, authentication is required to access to the Corporate Portal. eDirectory is the centre piece for authentication, authorization and people information repository.

    Novell Products of Interest

    For this course:

    Other relevant products:

    • exteNd family
    • iChain
    • BorderManager
    • NetMail
    • OnDemand
    • NetWare

    Novell eDirectory

    Novell eDirectory 8.7 is a powerful cross-platform directory service. eDirectory delivers the precise identity control and strong, scalable foundation you need to build a profitable secure identity-management solution.

    Characteristics of a Directory

    Directories are used to search for, retrieve and update information. Information can also be published or subscribed to DirXML.

    When data or access needs to be controlled, directories provide various aspects of security. Authentication establishes "who you are". This can be done by something you know such as passwords, PIN numbers, pass phrases, etc. Authentication can also be by something you are such as biometrics, which are physical characteristics that are unique to you including fingerprints, voice, face, retinas, etc. Authentication can also be established by something you have such as a driver's license, passport, smart card, tokens, etc. All of these can be used separately or in combination to establish your identity.

    Directories also provide levels of authorization of what you can or cannot see or do. Authorization should be granular enough to regulate authorization down to small elements of information and access.

    Information can be stored in the directory. The information is segmented to better partition the information. The information is also distributed or replicated so the information has a "locality" to the user or application using the information.

    A directory formulates a logical structure. This can be via containment hierarchy, collection groups, and links inferences.

    How the rights flow from objects is a key element of a directory -such as a member of a group, container, or explicit relationship.

    Policies can be created, stored and enforced by the directory -such as what is mandatory in creating, deleting, or modifying information; roles etc.

    Novell DirXML

    DirXML enables universal data integration, based on business policies, between applications, data stores, network platforms, and across technical and organizational boundaries and makes the Net work, together - as One Net.

    DirXML lets an application (such as Lotus Notes, Microsoft Exchange, or Active Directory) do the following:

    • Share data with eDirectory
    • Synchronize shared data to eDirectory when it is modified in the application database
    • Synchronize shared data to the application data store when it is modified in eDirectory

    Concept

    DirXML accomplishes the following tasks:

    • Uses eDirectory events to capture changes in the eDirectory data store.
    • Centralizes or distributes data management by acting as a hub to pull all the data together.
    • Exposes directory data in XML format, allowing it to be used and shared by XML applications or applications integrated through DirXML.
    • Controls the flow of data using specific filters that govern data elements defined in the system.
    • Enforces authoritative data sources by using permissions and filters.
    • Applies rules to directory data that is in an XML format. These rules govern the interpretation and transformation of the data as changes flow through DirXML.

    Novell Portal Services (NPS)

    NPS Keys Technologies

    NPS is completely built on industry standards. Because it uses open industry standards, Novell Portal Services works across a variety of network platforms and integrates data and applications from many sources.

    • XML/XST-transforms data presentation.
    • HTML-integrates nearly any Web page or portions of a Web page.
    • Java and JDBC-provides the deepest form of integration with disperse databases.
    • RSS-provides news-feed integration.
    • LDAP v3-provides authentication and authorization through a directory.
    • HTTP-provides firewall-friendly access to secure resources.

    Flexibility and Scalability Across Multiple eBusiness Platforms. A single directory object-the portal configuration object-controls all of the customized layouts for a particular portal, thereby enabling you to run that single portal on many Web servers. Using the portal configuration object, you can manage all portals centrally rather than on a server-by-server basis.

    Novell Portal Services also runs on most popular eBusiness platforms (including NetWare, Windows NT/2000, Linux, and Solaris), making it one of the most flexible services to implement in any corporate environment.

    NPS Architecture

    NPS requires a Web Application Server such as Jakata Tomcat, and Novell eDirectory. eDirectory is used for the following functions:

    • Authentication
    • Storing the NPS configuration information
    • Storing user access right information

    Figure 14: When a user access to NPS and is authenticated the portal is executed in the Web Application Server.

    As seen in Figure 14, when a user access to NPS and is authenticated the portal, a set of gadgets which come with NPS or developed in-house or third party companies is executed in the Web Application Server. A gadget is an application that executes within the portal and presents a window to specific content that covers part or all of a portal page. A gadget provides the data and the layout necessary to render its piece of the page. Typically, a gadget returns both an XML data stream and the URL of an XSLT style sheet that transforms the data into HTML for display. Many gadgets also receive and respond to input from the user who submits a form, selects a link, or performs some other action directed at that particular gadget. Most gadgets also interface with one or more external data sources such as applications, directories, databases, and web sites.

    High Level Design

    The high level implementation of NPS, complete with gadgets, is as follows:

    • User logs on and requests database information
    • Request is forwarded to the gadget responsible for that information
    • Gadget accesses client's authentication information from the directory
    • Gadget retrieves information from the back-end server
    • Gadget presents information to the Novell Portal Services servlet as an XML stream
    • Information is delivered to user

    eGuide 2.0

    Novell eGuide looks like an address book. But unlike an ordinary address book, eGuide is independent of platform or a particular application. It can be accessed by any user with rights to your Web server via a standard Web browser.

    Major Features of eGuide include:

    • Standards-based display and administration using HTML, XML, and XSL make configuration and use simple, convenient, and highly customizable.
    • Advanced Search capabilities allow searches on any attribute.
    • Organizational Charts are automatically generated based on eDirectory attributes.
    • Anonymous and User Authentication modes are supported, including contextless login, cookies, and support for eDirectory password restrictions.
    • Authenticated Searching utilizes access control lists in eDirectory to determine if a user can access particular attribute information, such as home phone numbers.
    • Works seamlessly with Novell iChain and Novell Portal Services. Novell eGuide is also an excellent add-on to DirXML synchronization projects.
    • Compatible with eDirectory or any other LDAP-enabled directory service, such as iPlanet.

    In addition to searching Novell eDirectory, you can use eGuide to search any LDAP directory, and even multiple directories at the same time. This means, for example, that if your company suddenly purchases another company, you can easily provide a combined white pages view of both companies using eGuide pointing at two separate directories at the same time.

    Adding an LDAP Directory

    When you add an LDAP directory, Novell eGuide creates a User category for the new directory using the User attribute settings and mappings in the first directory added when you ran the eGuide Setup Wizard. It is therefore recommended that you make any desired changes to the initial directory's User attribute settings and mappings before adding other directories.

    You can use directory configurations to increase search performance by taking advantage of eGuide's multi-threaded search capability. For example, you can break up a single large directory into multiple directory configurations within eGuide, with each pointing to a different search root. If the directory you are splitting up in this way requires user authentication, be sure to designate each directory configuration as part of the authentication group.

    eGuide 2.1 Features

    eGuide 2.1 features the following:

    • Standards-based display and administration using HTML, XML, and XSL make configuration and use simple, convenient, and highly customizable.
    • Advanced Search capabilities allow searches on any attribute.
    • Organizational Charts are automatically generated based on eDirectory attributes.
    • Anonymous and User Authentication modes are supported, including contextless login, cookies, and support for eDirectory password restrictions.
    • Authenticated Searching utilizes access control lists in eDirectory to determine if a user can access particular attribute information, such as home phone numbers.
    • Works seamlessly with Novell iChain and Novell Portal Services.
    • Novell eGuide is also an excellent add-on to DirXML synchronization projects.
    • Compatible with eDirectory or any other LDAP-enabled directory service, such as iPlanet.

    eGuide Technical Aspects

    Here are some of the technical aspects of eGuide:

    • Accessible from any standard web browser-there is no client software to install.
    • Users can define which directories they wish to search.
    • Administrators can define which directories are available to search.
    • Ships with an LDAP directory connector, yet allows developers to create their own directory connector.

    eGuide in Action

    eGuide in action supports multiple search options including:

    • Names and telephone number
    • E-mail address
    • Boolean "and/or" searches
    • Customizable search attributes

    Users perform searches in the Novell eGuide client by selecting three search filters, typing the text they want to search for, and then clicking Search. The three search filters, in the form of drop-down lists, are Category, Attribute, and Search Constraint.

    Lab Exercise

    In this exercise, we are going to simulate a Zero Day Start environment. A new employee is hired in the company and we are going to use an HR Application to enter his/her information. This information will then populate the eDirectory workforce directory. The new employee will then login to the corporate portal and access the corporate directory. He or She should be able to find his or her name in the directory.

    You will need to download the HR Application which we will provide for you to create a new employee. Also, you will need to download the DirXML driver which we provided for you. The driver will push the information from the HR Application to eDirectory.You will then set up the NPS using the eGuide gadget to access the corporate address book.

    At the end, you will login to the portal and do a search using the eGuide gadget and be able to find the new information created from the HR Application.

    We are going to install the following products:

    1. eDirectory 8.7
    2. DirXML
    3. Novell eGuide

    Install eDirectory

    Download eDirectory from http://download.novell.com and acquire an evaluation license from http://www.novell.com/products/edirectory/evaluation.html.

    1. Run /nt/setup.exe
    2. Select Install Novell Directory Services and Install ConsoleOne.
    3. Select Yes to Accept Software License Agreement.
    4. With the default selection of Typical Installation selected click the Install button.
    5. Click the OK button to reboot the computer.
    6. At the Login dialog, click Workstation Only and login to the workstation.
    7. At the Novell eDirectory Product Installation select Next.
    8. Accept the eDirectory License agreement.
    9. With English selected, select Next.
    10. With c:\Novell\NDS entered as the Installation Path select Next.
    11. Select Yes indicating it is alright to create the directory.
    12. Select Create a new eDirectory tree and click Next.

    Figure 15: eDirectory Installation

    For the tree information select:

    1. Tree Name - ACME-TREE
    2. New server object context - ACME-NDS.corp
    3. Administrator Name - Admin
    4. Admin Context - corp
    5. Password - novell
    6. Retype Password - novell
    7. Click Next>

    Figure 16: Http Server Port Configuration.

    On the Http Server Port Configuration screen select:

    1. Clear Text Port - 87
    2. SSL Port - 4043
    3. Click Next>
    4. Click Next> to create an Organizational Certificate Authority
    5. Click OK, recognizing that this server will host the certificate authority

    Figure 17: LDAP Configuration
    1. Retain the options of:


      • Clear Text Port: 389


      • SSL/TLS Port: 636


      • Require TLS for Simple Bind with Password - Uncheck this option. We will check it later


    2. Click Next>.


    3. Select Next> to install all the NMAP methods.


    4. Select Finish.


    5. Click Close recognizing that the Installation is complete.


    6. Install ConsoleOne (if not installed already).


      • From http://download.novell.com download \eDirectory\nt\setup.exe.


      • Select Install ConsoleOne and click Install.


      • At Welcome screen click Next>.


      • Accept License Agreement.


      • Select Next> to retain install just English version.


      • Select Next> to have Console installed in c:\novell\consoleone\1.2


      • Select Next> to install all the default components.


      • Accept the JInfonet license agreement.


      • Click the Finish button.


    Create eDirectory Objects

    Using ConsoleOne:

    1. Launch ConsoleOne.


    2. Select the NDS tree item in the left hand window.


    3. A new button, NDS Authenticate, will be displayed on the tool bar. Click this button.


    4. Authenticate as:


      • Login name: admin


      • Password: novell


      • Tree: ACME-TREE


      • Context: corp


    5. Click the Login button


    6. Create an Organizational Unit called nps in the corp container


    Using LDIF file:

    1. Load ConsoleOne


    2. Authenticate to ACME-TREE.


    3. From the Menu bar select Wizards>NDS Import/Export.


    4. With Import LDIF File selected, click the Next> button.


    5. From the CD browse to and select \FileHRSystem\Employees.ldif.


    6. Insert the following:


      • Server DNS Name/IP Address - localhost


      • Port: 389


      • Authenticated Login - Selected


      • User DN - cn=admin,o=corp


      • Password - novell

      Note: If you click "New" you can create all these settings to be used again for other LDIF files. If you click "Advanced", you can modify even more characteristics of this add.

    7. Click Next>.


    8. Click Finish. You should have 8 entries processed with 0 errors.



    Figure 18: NDS Import/Export Wizard.

    Click Close button to close the wizard.

    Install DirXML

    Download DirXML 1.1a from http://download.novell.com.

    1. Execute /DirXML/nt/install.exe.


    2. Click Next> at the Welcome screen.


    3. Accept the License Agreement.


    4. Click Select All.


      • Notice that DirXML Remote Loader Service is disabled.


    5. Click Next>.



      6. Figure 20: Select Drivers for Engine Install
    6. Click Select DirXML engine.


    7. Click Next>.



      8. Figure 21: Schema Extension.
    8. In order to extend the eDirectory schema with DirXML extensions enter:


      • User name - admin.corp


      • Enter the user password - novell


    9. Click Next>.


    10. For the components to install select:


      • ConsoleOne Snap-Ins for DirXML


    11. Click Next>.


    12. Click Finish.


    13. Uncheck Launch ConsoleOne DirXML Configuration Wizards.


    14. Click Close.


    Install/Run FileHRSystem Application and DirXML Driver

    From download at bottom of page (or http://developer.novell.com/research/downloads.htm) copy the \FileHRSystem to the root of the C drive.

    1. Copy the FileHRDriver.jar file from the FileHRSystem directory into c:\novell\nds\lib


    2. From ConsoleOne, select Create a new Application Driver? from the Wizard menu.


    3. Since this is the first Driver and we do not have a Driver Set object already create...Select In a new driver set.

      4. Figure 22: Application Driver Creating Wizard
    4. Click Next>.



      5. Figure 23: Application Driver Creation Wizard
    5. Enter the following:


      • Name: DriverSet


      • Context: corp


      • Server: ACME-NDS.corp


      • Create a new partition on this driver set: CHECKED


    6. Click Next>.


    7. At "Import pre-configured driver" (.XML file), select FileHRSystem.XML from FileHRSystem directory.


    8. Click Next>.



      9. Figure 24: DirXML Driver Configuration - Parameters
    9. Click OK to accept the default parameters.


    10. Click Yes to define Security Equivalences.


      • click the Add.. button.


      • Select the Admin user object.


      • Click OK.


    11. Click Yes to exclude "Administrative Roles."


      • Click the Add button.


      • Select the Admin user object.


      • Click OK.


    12. Click Finish.


    Config HRFileSystem Driver

    1. Set Driver Parameters:


      • Right click on the FileHRDriver Driver


      • Select Properties


      • Select Driver Parameters tab



        • Figure 25: Properties of FileHRDriver.
      • Set the following values:


        • Enter the Database Directory Path as c:\FileHRSystem\db\

        Enter the Status Directory Path as c:\FileHRSystem\
    2. Click the OK button.

    Modify the Placment rule

    1. Click on the Publisher object and double click on the PubPlacement object on the right hand pane.



      2. Figure 26: Properties of PubPlacement
    2. Click the Edit Rule button.

      3. Figure 27: Placement Rules Wizard
    3. Enter 'user rule' and click Next>.


    4. Click Next> (we are only concerned with User objects).


    5. Click Next>> (we aren't using any Match Path Prefixes).


    6. Click Next>> (we aren't matching any attributes).



      7. Figure 2: Properties of PubEventXForm
    7. With <Data: 'novell\Employees\'> select, click Edit Item.


    8. Change the value from: novell\Employees\ to: corp\Employees\


    9. Click the OK button.


    10. Click the Finish button.


    11. Click the OK button.

    Modify the Event Transformation Stylesheet on the Publisher channel

    1. Click on the Publisher object and double click on the PubEventXForm object on the right hand pane.


    2. Find

      - \MIDFIELDER-TREE\novell


    3. Replace with

      - \ACME-TREE\corp


    4. Find

      - \5SWORDS-TREE\novell


    5. Replace with

      - \ACME-TREE\corp


    6. Click the OK button.

    From the Control Panel start Novell eDirectory Services

    1. Select the dstrace dlm and click on Start.


    2. On the dstrace menu select Edit | Options.


    3. Click the Clear All button.



      4. Figure 29: Novell eDirectory Trace Options
    4. Select the DirXML Drivers check box.


    5. Click the Save Default button.


    6. Click OK.


    Setting the DirXML driver debug trace level

    1. In ConsoleOne, select the DriverSet object and right mouse click to select Properties.


    2. Click on the Other tab.


    3. Click on the Add button.


    4. Select DirXML-Driver TraceLevel.



      5. Figure 30: Properties of DriverSet
    5. Enter 4 as the value.


    6. Click OK button to close the window.


    Start the FileHRDriver

    1. In ConsoleOne, right click on the DriverSet object and select Properties.


      • Click on the down arrow on the DirXML tab and select Driver option.


      • Click on the Start button.


      • The status of the driver should be showing "running".

    Hire an Employee to test HRFileSystem driver

    1. From Windows Explorer, execute c:\FileHRSystem\FileHRSystem.exe


    2. Set the following:


      • DataBase Directory: c:\FileHRSystem\db\


      • Log Directory: c:\FileHRSystem\


      • Config Directory: c:\FileHRSystem\config\config.fle


    3. Click Save Config Settings.


    4. Click Cancel button.


    5. Execute c:\FileHRSystem\FileHRSystem.exe again.


    6. Enter the following:


      • Given Name: Chris


      • Surname: Stone


      • Is Supervisor: True


      • Location: Boston


      • Phone Number: 555-1212


      • Department: Finance


      • Job Function: President


    7. Click the Hire button


    8. Watch dstrace screen:


      • You should see some Green text indicating success, if not fix errors and try again.


    Install Novell eGuide

    Download a copy of eGuide from http://download.novell.com.

    1. Run eGuideInstall.exe in \install\win from the eGuide unzip directory.


    2. Click Next button to skip the introduction.


    3. Click Next button to accept the important information.


    4. Click I accept the terms of the License Agreement and click Next button.



      5. Figure 31: Novell eGuide
    5. Click Choose button to select the Tomcat webapps directory and click Next button.


    6. Click Next button to accept the review.


    7. Click Done to quit.


    8. Restart Tomcat.


    9. Starting the eGuide Quick Setup Wizard:


      • Use the following URL to start the eGuide Quick Setup Wizard:
        http://localhost:8080/eGuide/admin/index.html


      • Click on the Quick Setup link on the left pane and click the Next button.



        • Figure 32: LDAP Data Source
      • In the LDAP Data Source, enter the following information:

        Display Name: ACME Corp

        Host Name: 127.0.0.1

        Port: 389

        Enable SSL (requires prior setup): disabled

        Secure port (default 636): 636


    10. Click Next>> button.



      11. Figure 33: Authentication Proxy Credentials
    11. In the Authentication Proxy Credentials (Optional), enter the followoing:


      • Authentication search root: o=corp


      • Select Authentication user name and enter: cn=admin,o=corp


      • Authentication password: novell and click Next>>


    12. In Administrative Roles:


      • Enter admin and Click on the Search button.


      • Select cn=Admin,o=corp and click on the right arrow


      • Click Next>>


      • Click Finish to complete the setup.


    13. To test eGuide:


      • Enter http://localhost:8080/eGuide


      • Type "Stone" in the search box and you should find Chris Stone in the address book.


    Install Novell exteNd Director Standard Edition (Novell Portal Services)

    Download a copy of NPS from http://download.novell.com.

    1. Execute NPS_setup.jar


    2. Click Next> at the introductory screen.


    3. Accept the license agreement.


    4. For Web Server Address enter: localhost



      5. Figure 34: Web Server Address
    5. Click Next>.


    6. In the System configuration dialog enter:


      • Operating System: Windows 2000


      • Web Server: Apache Web Server


      • Web App Server: Tomcat Web App Server 3.3



      Figure 35: Select your System configuration
    7. Click Next>.


    8. In the path where the Web Apps are to be installed, place the path to where your Tomcat is installed, see Figure 36.



      9. Figure 36: Destination information dialog
    9. Click Next>.


    10. In the Web App Server info dialog enter:


      • File path to Tomcat configuration file:
        e.g. c:\tomcat\conf\auto\mod_jk.conf

    11. Click Next>.


    12. In the LDAP Server dialog enter:


      • Directory server and port: localhost (leave the port at 389)


      • Directory administrator Distinguished Name (DN): cn=admin,o=corp


      • Directory Administrator password: novell


    13. Click Next>.


    14. In the dialog for creating the PortalObject enter:


      • Distinguished Name (DN): cn=Portal,ou=nps,o=corp


      • Password seed: novell


    15. In the dialog for creating the PublicUser enter:


      • Distinguished Name (DN): cn=NPSPublicUser,ou=nps,o=corp


      • Password: novell


    16. Click Next>.


    17. Click Yes to create the Public User.


    18. In the dialog for user contexts, select: o=corp.


    19. Click Next>.


    20. Select Next> to keep the default names for gadgets to be created.


    21. Select Next> to keep default values for the community gadgets.


    22. Click Yes, to create the CommunityObjects container.


    23. Click Next> on the summary screen.


    24. Click the Finish button.


    Test the Portal installation

    1. Using Internet Explorer enter: http://127.0.0.1/nps


    2. At the login dialog enter:


      • Username: admin

      • Password: novell

    Set the Portal up for Employee Access

    1. Start up Tomcat


    2. Access the Portal


      • http://127.0.0.1:8080/nps


      • Login Dialog: Username: admin, Password: novell


    Build the Theme for the Employees of Acme Corp

    1. Click on the Administer the Portal link.


    2. Click on the Themes page.


    3. On the Themes page click the Create button.


    4. On the Create a New Theme page enter:


      • Name: EmployeeTheme


      • Description: Acme Employee Theme


    5. Click the Create button.


    6. On the Theme Saved page, click the Edit button.


    7. On the Edit a Theme page, click the Properties link.


    8. On the Theme Properties page enter:


      • Title bar name: Acme Employee Portal


      • Portal look:


        • Click Edit.

        Select the base look (Preview if you like).

        Click the OK button.

    9. Click the Continue button.


    10. Click the Save button.


    11. On the Theme Saved page, click the Assign button.


    12. On the Assign Theme to Objects page, click the Add button.


    13. On the Select Object Type page, click the OK button.


    14. On the Add Theme Assignment page, click the Search button.


      • In the Search Results list, select the ou=Employees,o=corp container.


    15. Click the Assign button.


    16. Click the Close button.

    Build the Pages for the Employees of Acme Corp

    1. Click the Pages page.


    2. On the Pages page, click the Create button.


    3. On the Create a New Page page enter:


      • Name: EmployeeHomePage

      • Description: Employee Home Page

    4. Click the Create button.


    5. On the Page Saved page, click the Edit button.


    6. On the Edit a Page page, click the Add button.


    7. On the Add Gadget Assignment page:


      • In the Select Gadget list select the eGuide gadget.

    8. Click the Add button.


    9. On the Gadget Assignment Configuration page, enter:


      • Display Name: Employee Address Book

    10. Click the Continue button.


    11. Click the Save button.


    12. On the Page Saved page, click the Assign button.


    13. On the Assign Page to Object page, click the Add button.


    14. On the Select Object Type page, click the OK button.


    15. On the Add Page Assignment page, click the Search button.


      • In the Search Results list, select the ou=Employees,o=corp container.

    16. Click the Assign button.


    17. Click the Close button.


    18. Open another instance of Internet Explorer.


    19. Authenticate as one of the Employees in the System.


    20. Click on EmployeeHomePage.


    21. Using the eGuide gadget search for one of the employees in the system.



    Figure 37: eGuild gadget search for employee in system

    Conclusion

    Congratulations! You have reached the end of the Building a Secured Corporate Web Application Infrastructure course.This course helped you understand the challenges of developing a modern corporate web infrastructure, accessible from inside and outside the firewall. During this course, you built a simple example using Novell eDirectory, Novell Portal Services, DirXML, and eGuide.

    Additional Resources

    For more information on secure web applications and infrastructures, check out the following resources:

    Reader Comments

    • Thanks, Thomas!

    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

    Novell® Making IT Work As One

    © 2009 Novell, Inc. All Rights Reserved.