Test Infrastructure: Simple and Protected
Negotiation Mechanism (SPNEGO) testing with WebSphere® Portal 6.1
Abstract
The purpose of this document is to outline the steps by which the WebSphere
Portal System Verification Test (SVT) team validated the Simple and Protected
Negotiation Mechanism (SPNEGO) TAI with WebSphere Portal 6.1.
Environment overview
The environment included the following items:
- WebSphere Portal v.6.1
- Microsoft® SQL Server 2005
- Microsoft Active Directory 2003
- Microsoft IIS (HTTP Server)
- Microsoft Windows® 2003 DNS Server (Domain
controller)
- Microsoft Windows XP Client Machine
The following picture shows how the environment supporting Portal, Active
Directory, and the client machine are integrated.
Machine specifications
The following tables shows the specifications for the machines used in
this test infrastructure:
|
Machine
|
OS
|
# of CPUs
|
CPU Speed
|
CPU Type
|
RAM (GB)
|
Function
|
| WebSphere Portal v.6.1
|
Windows 2003 Server
|
4
|
2.59 GHz
|
AMD – 32 bit
|
4
|
standalone portal node
|
| Microsoft SQL 2005
|
Windows 2003 Server
|
4
|
2.59 GHz
|
AMD – 32 bit
|
4
|
database
|
| Microsoft Active Directory
|
Windows 2003 Server
|
4
|
3.19 GHz
|
Intel – 32 bit
|
2
|
LDAP / Domain Controller
|
| Microsoft IIS Web Server
|
Windows 2003 Server
|
1
|
2.38 GHz
|
Intel – 32 bit
|
1
|
Web Server
|
| Client Test Machine
|
Windows XP
|
1
|
2.39 GHz
|
Intel – 32 bit
|
1
|
Client machine for browser
access |
Installation and configuration
Refer to the topics from the
WebSphere
Portal 6.1 Information Center
and the
WebSphere
Application Server 6.1 Information Center
listed in the steps below for more detailed instructions on the steps to
install and configure the environment used for this test.
The environment was installed with the following steps:
1.0 Install and configure Microsoft SQL 2005
database using the appropriate Microsoft documentation.
2.0 Install Microsoft Active Directory using
the appropriate Microsoft documentation.
3.0 Configure Active Directory server to support
DNS, and create a new domain for the client machine to join. The
“spnego” domain was created for this test.
- The client machine must join the domain
that is created on the Active Directory server in order to use the Simple
and Protected Negotiation Mechanism (SPNEGO) function correctly.
4.0 Install and configure WebSphere Portal 6.1,
using the topic "Installing WebSphere Portal."
- Configure to SQL 2005 using the topic
"Configuring WebSphere Portal to use SQL Server 2005"; two databases
were used in this environment.
- Configure to Active Directory LDAP using
the topic "Configuring a stand-alone LDAP user registry on Windows."
5.0 For WebSphere Portal 6.1, the SPNEGO TAI
must be manually enabled in WebSphere Application Server using the topic
"Enabling the SPNEGO TAI" found in the Portal 6.1 documentation.
6.0 Configure the SPNEGO TAI using the topic
"Creating a single sign-on for HTTP requests using the SPNEGO TAI"
found in the WebSphere Application Server 6.1 documentation.
Test user configuration
This environment was tested only on a functional level. The Active
Directory LDAP was loaded with 1,000 users and a random array of users
were tested using HP LoadRunner so that multiple users could log in to
the client test machine. The test ensured that the users could access
WebSphere Portal through the client browser (through IIS) after logging
into the domain. The user is expected to require no additional login
to WebSphere Portal as long as the user is logged in to the client machine,
providing a single sign-on experience for the end user.
NOTE: All customer environments are different. Our
results were obtained in a controlled test environment. Customer
environments are typically less optimal and may not provide the same results.
Understanding your environment (usage scenario, network, etc...)
is crucial before recommending scaling numbers, hardware and solutions.