While you can manage multiple servers from another server automobile, it is much simpler to administer them all from a desktop. While I similar to think that at that place are administrators lurking in every server room who prefer Linux on the desktop, the reality of the situation is that Microsoft Windows is still the desktop operating organization of choice. Fortunately, this doesn't limit the usefulness of SSH, as in that location are some fine tools out there for Windows. One of the best known is PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/), as shown in Effigy 9.8.
Figure ix.8. Running PuTTY on Windows
Using this tool, information technology is quick and simple to connect to and manage multiple Linux servers from a Windows desktop.
Another groovy tool for Windows is WinSCP (http://winscp.internet/eng/index.php). With this tool, you are able to securely copy files to and from a SSH server and never have to worry. It supports multiple encryption ciphers and protocols.
Dr. Thomas West. Shinder , Debra Littlejohn Shinder , in Dr. Tom Shinder's Configuring ISA Server 2004, 2005
Third–Political party Remote Management Web GUI
Tertiary-party vendors provide Web interfaces that can be used to manage ISA Server machines from whatever computer. No software has to be installed on the client machine, and no special configuration is necessary on the ISA Server. However, you might demand to utilise the Cyberspace Explorer browser, and/or the browser's security settings may have to be configured to use the Web GUI (for example, ActiveX controls might accept to be enabled). You also might have to add together the ISA Server's Spider web site to your Trusted Sites or Local Intranet security zone.
Two examples of Spider web interfaces for ISA-based firewall appliances are shown in Figure ii.24. The commencement shows the RoadBLOCK appliance marketed by RimApp (www.rimapp.com). The second shows the NS6000 apparatus marketed past Network Engines (www.networkengines.com). You lot tin can see that Web interfaces can differ dramatically. Appliance vendors can add many enhancements that make the ISA-based firewall more functional, providing unique features based on their customers' priorities. Other vendors that have partnered with Microsoft to make ISA-based appliances include Hewlett-Packard, Celestix Networks and Advantis.
Figure 2.24. Third-Party Vendors Provide Spider web Interfaces for ISA-based Firewall Appliances
Larry L. Peterson , Bruce S. Davie , in Computer Networks (Fifth Edition), 2012
1.4.1 Application Programming Interface (Sockets)
The place to start when implementing a network awarding is the interface exported by the network. Since most network protocols are implemented in software (specially those high in the protocol stack), and nearly all computer systems implement their network protocols as part of the operating arrangement, when we refer to the interface "exported by the network," we are by and large referring to the interface that the Os provides to its networking subsystem. This interface is frequently called the network application programming interface (API).
Although each operating system is gratuitous to ascertain its own network API (and most have), over time certain of these APIs accept become widely supported; that is, they have been ported to operating systems other than their native organization. This is what has happened with the socket interface originally provided by the Berkeley distribution of Unix, which is now supported in virtually all popular operating systems, and is the foundation of language-specific interfaces, such as the Java socket library. The advantages of industry-broad support for a single API are that applications can be easily ported from one Os to another and developers can easily write applications for multiple operating systems.
Before describing the socket interface, information technology is important to continue two concerns divide in your mind. Each protocol provides a certain set of services, and the API provides a syntax past which those services can be invoked on a detail computer system. The implementation is then responsible for mapping the tangible fix of operations and objects defined by the API onto the abstract set of services divers past the protocol. If you have washed a good task of defining the interface, then it will be possible to apply the syntax of the interface to invoke the services of many different protocols. Such generality was certainly a goal of the socket interface, although information technology'south far from perfect.
The master abstraction of the socket interface, not surprisingly, is the socket. A skillful way to retrieve of a socket is as the bespeak where a local application process attaches to the network. The interface defines operations for creating a socket, attaching the socket to the network, sending/ receiving messages through the socket, and closing the socket. To simplify the discussion, we volition limit ourselves to showing how sockets are used with TCP.
The first stride is to create a socket, which is done with the following performance:
int socket(int domain, int type, int protocol)
The reason that this operation takes three arguments is that the socket interface was designed to exist general plenty to support any underlying protocol suite. Specifically, the domain argument specifies the protocol family that is going to exist used: PF_INET denotes the Internet family, PF_UNIX denotes the Unix piping facility, and PF_PACKET denotes direct access to the network interface (i.e., information technology bypasses the TCP/IP protocol stack). The type argument indicates the semantics of the communication. SOCK_STREAM is used to denote a byte stream. SOCK_DGRAM is an culling that denotes a message-oriented service, such every bit that provided by UDP. The protocol statement identifies the specific protocol that is going to be used. In our case, this statement is UNSPEC considering the combination of PF_INET and SOCK_STREAM implies TCP. Finally, the render value from socket is a handle for the newly created socket—that is, an identifier by which we tin refer to the socket in the future. It is given every bit an argument to subsequent operations on this socket.
The next step depends on whether you are a client or a server. On a server machine, the application process performs a passive open—the server says that information technology is prepared to accept connections, but it does not actually establish a connectedness. The server does this by invoking the following three operations:
int bind(int socket, struct sockaddr *address, int addr_len)
int listen(int socket, int backlog)
int accept(int socket, struct sockaddr *accost, int *addr_len)
The bind operation, as its name suggests, binds the newly created socket to the specified address. This is the network accost of the local participant—the server. Note that, when used with the Internet protocols, accost is a data structure that includes both the IP accost of the server and a TCP port number. (As we will see in Chapter 5, ports are used to indirectly place processes. They are a form of demux keys as defined in Section 1.3.1.) The port number is usually some well-known number specific to the service being offered; for example, spider web servers commonly have connections on port 80.
The heed operation then defines how many connections can be awaiting on the specified socket. Finally, the accept operation carries out the passive open. Information technology is a blocking performance that does not return until a remote participant has established a connection, and when it does complete information technology returns a new socket that corresponds to this just-established connection, and the address argument contains the remote participant's address. Note that when have returns, the original socket that was given as an argument even so exists and yet corresponds to the passive open; it is used in futurity invocations of have.
On the client auto, the awarding process performs an active open; that is, it says who it wants to communicate with by invoking the following single performance:
int connect(int socket, struct sockaddr *address, int addr_len)
This operation does not return until TCP has successfully established a connection, at which time the application is free to brainstorm sending information. In this instance, address contains the remote participant'due south accost. In do, the client unremarkably specifies only the remote participant'south address and lets the system fill up in the local information. Whereas a server usually listens for messages on a well-known port, a client typically does not care which port information technology uses for itself; the OS simply selects an unused 1.
Once a connectedness is established, the awarding processes invoke the following 2 operations to send and receive data:
int send(int socket, char *message, int msg_len, int flags)
int recv(int socket, char *buffer, int buf_len, int flags)
The first operation sends the given message over the specified socket, while the second operation receives a bulletin from the specified socket into the given buffer. Both operations take a gear up of flags that command certain details of the operation.
Michael L. Scott , in Programming Language Pragmatics (3rd Edition), 2009
13.3.one CGI Scripts
The original mechanism for server-side web scripting is the Common Gateway Interface (CGI). A CGI script is an executable plan residing in a special directory known to the web server program. When a client requests the URI respective to such a plan, the server executes the programme and sends its output back to the client. Naturally, this output needs to be something that the browser volition understand—typically HTML.
Example xiii.29
Remote Monitoring with a CGI Script
CGI scripts may be written in any language available on the server'south auto, though Perl is specially pop: its string-handling and "glue" mechanisms are ideally suited to generating HTML, and information technology was already widely available during the early years of the Spider web. Equally a uncomplicated if somewhat artificial example, suppose we would like to be able to monitor the condition of a server auto shared past some community of users. The Perl script in Effigy thirteen.10 creates a web folio titled by the name of the server machine, and containing the output of the uptime and who commands (two simple sources of status information). The script's initial print command produces an HTTP message header, indicating that what follows is HTML. Sample output from executing the script appears in Figure xiii.11.
Figure 13.10. A elementary CGI script in Perl.
If this script is named status.perl, and is installed in the server'due south cgi-bin directory, then a user anywhere on the Internet can obtain summary statistics and a list of users currently logged in to the server by typing hostname/cgi-bin/status.perl into a browser window.
Figure 13.11. Sample output from the script of Figure 13.ten.
HTML source appears at top; the rendered page is below.
Example 13.xxx
Adder Web Form with a CGI Script
CGI scripts are commonly used to process on-line forms. A simple case appears in Effigy 13.12. The Grade element in the HTML file specifies the URI of the CGI script, which is invoked when the user hits the Submit button. Values previously entered into the INPUT fields are passed to the script either every bit a trailing part of the URI (for a go-blazon form) or on the standard input stream (for a mail-type course, shown here).vii With either method, we can access the values using the param routine of the standard CGI Perl library, loaded at the beginning of our script.
Figure xiii.12. An interactive CGI form.
Source for the original web page is shown at the upper left, with the rendered page to the right. The user has entered 12 and 34 in the text fields. When the Submit push button is pressed, the client browser sends a request to the server for URI /cgi-bin/add.perl. The values 12 and xiii are independent within the request. The Perl script, shown in the middle, uses these values to generate a new web page, shown in HTML at the bottom left, with the rendered page to the right.
Securing, monitoring, and managing a virtual infrastructure
Thomas Olzak , ... James Sabovik , in Microsoft Virtualization, 2010
Windows Firewall
Windows Firewall is a stateful firewall that comes installed with near modern versions of Windows past default. On Windows 2008 Server machines, the firewall is enabled by default, blocking many of the ports that crusade and then much problem in otherwise unprotected Windows systems. On virtual servers, the Windows Firewall ensures that only the services necessary for the chosen office are exposed (the firewall will automatically configure itself for new server roles, for case, and when certain server applications are installed). As members of your domain, the Windows Firewall of your virtual servers tin can be managed remotely, or through Group Policy.
Scripting and Programming for the Virtual Infrastructure
Ai Muller , ... David E. Hart , in Scripting VMware Ability Tools, 2006
Working with the VmCOM API
The VmCOM API exposes five objects that are used to establish, maintain communication, and interact with a VMware ESX server or virtual machine. Ii of these objects will serve as primary objects that expose the methods and backdrop you lot will utilize in your scripts to interact with, or gather information from, your hosts and virtual machines. In function, these objects are similar to the VMware::VmPerl::Server and VMware::VmPerl::VM modules provided past the VmPerl API, discussed later in this chapter. They are
■
VmServerCtl Used to create a session with an ESX host and expose the services and functionality of the API's server interfaces.
■
VmCtl Used to manage and perform operations against a virtual machine on a item ESX host.
Supporting these primary objects are three other objects that provide a secondary, supporting role. These support objects provide the input or output resources needed to pass to the primary object's properties and methods. They are
■
VmConnectParams Provides host data and authentication credentials used when establishing a connection to an ESX host.
■
VmCollection Provides a collection or array of properties or other interfaces to exist passed to the principal objects.
■
VmQuestion Provides an interactive interface to answer to questions or mistake atmospheric condition for a virtual auto running on an ESX host.
The process begins by establishing a connection with an ESX or GSX host, or a virtual auto on a particular host using the Connect() method of either an instantiated VmServerCtl or VmCtl object. VmServerCtl. Connect() method uses the VmConnectParams object to set the target host information and credentials to establish the connection. The VmCtl. Connect() method likewise uses the VmConnectParams object, merely as the VmServerCtl does, in add-on to the configuration file proper name for the target virtual machine. Later you lot accept connected to an ESX server host or a virtual machine on that host, yous can then call the other methods and properties of the VmCOM component.
Equally with any COM API, you must expose the VmCOM objects first past either creating an example of those objects or retrieving an instance of the objects as a returned value for a property. We will discuss this in further detail shortly.
Depending on what your script does, y'all work with instances of one or more of the following objects:
■
VmConnectParams
■
VmCollection
■
VmServerCtl
■
VmCtl
Before nosotros jump deeper into these topics, we should talk over the evolution surroundings within which you will exist writing your code. Commonly, VmCOM development is done in a Microsoft development language, be it VBScript or one of the. NET languages (VB.NET, C++, or C#). If you opt to write code in the latter, the IDE all-time suited for the job is Microsoft Visual Studio.
Although every IDE provides its own set of strengths and benefits, development efforts surrounding COM objects observe themselves at home with Microsoft Visual Studio 2005.Two central things that I would like to call out are the ease of including VmCOM in your code and using Intellisense to speed up your development and reduce time spent debugging your code.
If you lot opt to use Visual Studio 2005 as your IDE, you need to reference the VmCOM Type Library, equally shown in Figure three.2, later on creating a new project or solution.
Figure three.2. Referencing the VMware VmCOM 1.0 Type Library
If the library was successfully referenced and included in the project, you should see it listed in the References tree in the Solution Explorer, as portrayed in Figure 3.iii. You will as well be able to browse the API with VS 2005's Object Browser, as shown in Effigy three.4. Not plenty tin can be said almost coding with the advisable tool for your language. The more feature-rich the tool is, the easier and faster your coding volition become.
Figure 3.3. The VMCOMLib Reference in Solution Explorer
Figure 3.4. Using the Object Browser to View the Methods and Properties of the VmCtl Object
But plenty of the formalities…let's move on and take a look at the VmCOM objects.
Vm ConnectParams
The VmConnectParams provides the host information and user credentials required by the Connect() method for either the VMServerCtl or VmCtl object, and exposes backdrop whose values you can gear up, as shown in Table three.1. You can apply these properties for data retrieval or modification through your script or application.
Table 3.1. VmConnectParams Properties
Property Name
Clarification
Hostname
A string value that represents the DNS host nanne of the VMware ESX or GSX host or its IP address.
Port
An integer value representing the TCP port that should be used to establish a connection with the VMware ESX or GSX host. This holding is optional. If omitted, the default value of 0 (zero) will exist used, telling the Connect() method to utilize the standard management TCP port 902
Username
A cord value containing the username to pass as credentials for the connectedness.
Password
A string value containing the password for the user set in the Username property.
The following demonstrates the instantiation of the VmConnectParams object in VBScript and how to set the properties listed before.
Set objConnParams = CreateObject("VmCOM. VmConnectParams")
objConnParams.hostname = "esxserver1"
objConnParams.username = "adminuser1"
ObjConnParams.password = "password1"
VmCollection
This is a good point to introduce the side by side object in our discussion, the VmCollection object. Although you volition never instantiate it directly, there are a couple of properties in the other objects we volition discuss that return a VmCollection. The Registered VmNames property of the VmServerCtl object and the Choices property of the VmQuestion object both return a range of elements, or values, equally a VmCollection object.
A VmCollection object has two backdrop: Count, which is an integer value for the number of elements in the drove; and Item(alphabetize), which is a string value that returns the specific element represented by the index value y'all pass. You can navigate the elements returned by stepping through them as you lot would an array, or admission a specific chemical element past referencing its index. You will see examples of this later in the chapter as nosotros work with those properties that render VmCollection objects.
VmServerCtl
The VmServerCtl object is used to interact with a specific VMware ESX or GSX host. This object exposes two backdrop and iii methods, as shown in Table 3.2. I particular property, RegisteredVmNames, returns a VmCollection object that contains a consummate listing of virtual machines registered on the host. This property will prove particularly useful equally y'all query for the host'due south inventory.
Table three.2. VmServerCtl Properties and Methods
Detail
Type
Description
RegisteredVmNames
holding
Returns a listing of all registered VMs on the VMware ESX or GSX host as a VmCollection object.
Resource
Property
Used syntactically with a particular system esource variable, this property returns the value equally a string variant.
Connect
Method
Used to plant a connexion with a VMware ESX or GSX host. You must reference a VmConnectParams object when calling the method.
RegisterVm
Method
Used to annals a VM on a host. Y'all must reference the configuration file proper noun of the VM being targeted.
UnregisterVm
Method
User to unregister a VM on a host. You must reference the configuration file name of the VM being targeted.
Notation
The VmCOM API limits the total number of concurrent connections supported by the API. Connections established by the VmCtl object and the VmServerCtl object cannot exceed 62 when using the API. Go along this in mind when you run scripts meantime to manage VMs and hosts. If you lot need to perform multiple tasks against a particular virtual machine or host, and y'all cannot do then in the same connectedness, try chaining the tasks synchronously, thus freeing connections by destroying instantiated VmCtl and VMServerCtl objects earlier establishing new ones.
The following continues from our terminal code example, calculation the instantiation of the VmServerCtl object and connecting to the host using the previously divers VmConnectParams object.
Timothy Stapko , in Practical Embedded Security, 2008
Combination Client/Server HTTP Applications
A combination arroyo may be desirable if the embedded devices in the application need to communicate with one another, as well every bit with larger PC or server machines. The disadvantage here is that we need to support a broader range of technologies in guild to support both client and server HTTP, which volition require additional space and memory.
HTTP provides a slick, usually highly graphical interface for many applications. Yet, sometimes the application does not need (or simply cannot support) a full web server. Equally a result, a console interface may be more than appropriate. In the next section, nosotros volition hash out panel interfaces and a couple of options that may be used to secure them.
The VXLAN Tunnel Cease Signal (VTEP) is the VXLAN encapsulation bespeak and is continued to a traffic source which may be a stand up-alone server or virtual machine. For case, the VTEP could exist office of the hypervisor in a server platform, part of the network interface device in the server, or part of the attached acme of rack (ToR) switch. Figure 7.vi will exist used as an example of how a layer 2 unicast frame is encapsulated when sending it from VM2 to VM3 through a VXLAN tunnel.
Figure 7.6. VTEP encapsulation example.
At the ingress to the network, VM2 sends a frame that may contain a TCP/IP address along with a layer ii header containing a SMAC address, a DMAC address, and a VLAN tag. The DMAC accost is the layer 2 accost of VM3 which is function of the same tenant VLAN equally VM2. Equally far as VM2 in concerned, VM3 is office of its local layer 2 network, when in fact it could exist in another VM on the other side of the data center.
When the frame is delivered to VTEP-A, the VNI is determined based on data such as which virtual machine the data is coming from. It is causeless that each VM in the network will be assigned to a unmarried VNI and that a given VNI volition take all of the tenant's virtual machines associated with it. Once the VNI has been identified, VTEP-A will also examine the inner DMAC/VLAN address and use this along with the VNI to determine that the destination is VTEP-B. The frame is so encapsulated with the VXLAN header containing the VNI, the UDP header, the destination IP accost of VTEP-B, and the source IP address of VTEP-A.
If the inner DMAC is an unknown address within this VNI, a MAC accost learning process is used similar to what is used inside a layer two network. To do this, IP multicast addresses are used. Every VTEP associated with a given VNI volition join the same IP multicast grouping. Unknown addresses are flooded to all other associated VTEPs using this multicast IP address in the outer IP destination address field. When a response is received from a destination VTEP, the SMAC from this response frame is used to update the VTEP-A forwarding tabular array, just as information technology is washed in a L2 network. In this fashion, the environment that the VM is exposed to behaves just similar a layer 2 network including address learning.
As the number of VMs increases within the server, the burden of managing all of this traffic inside the vSwitch tin tax CPU resources, which can reduce server and VM performance levels. To gainsay this problem, Intel developed VMDqs which are implemented in many of their network controllers to both improve networking performance and decrease CPU utilization by offloading some of the vSwitch traffic management tasks.
Within the network interface controller (NIC), both transmit and receive queues are established for each VM hosted in the server equally shown in Effigy 6.four. When frames are received from the physical network, MAC accost and VLAN tag data in the frame headers tin exist used to determine the correct destination VM. The vSwitch simply needs to forward the frame to the VM from the corresponding queue. When packets are transmitted from the VM, they are simply forwarded to the associated queue in the NIC. The NIC tin can then ship frames out to the physical network based on diverse scheduling mechanisms such as round robin, weighted circular robin, or strict priority based on service level agreements.
Figure 6.iv. NIC with VMDq support.
VMs are assigned to cores within a multicore CPU on the server host. In some cases, a single cadre tin burst data at rates over 5Gbps causing potential congestion in the NIC. The egress VMDqs tin can provide filtering and sorting capabilities to ensure proper egress link utilization nether heavy traffic loads. On the ingress side, VMDqs tin be used along with a scheduler to efficiently distribute the traffic load beyond the CPU cores in order to provide optimal performance. In some cases, VMDqs can exist used in conjunction with a technology called Receive Side Scaling which is an manufacture standard mechanism supported by hypervisor vendors like VMware ad Microsoft to efficiently distribute traffic loads across multiple processor cores using a hash-based mechanism. Intel also offers a feature in their NICs chosen Catamenia Director which matches layer two and layer 3 header fields to determine which core to send particular flows to. This provides a unique association between the core and the client application.
Olivier Courtois , Caroline Bardelay-Guyot , in Undersea Fiber Communication Systems (Second Edition), 2016
9.4.v.1 Server part
The server function communicates with the elements composing the network (SLTE, PFE, wet plant), and manages and treats data collected on those elements.
The hardware platform supporting NMS server part has evolved over fourth dimension. Traditionally, the NMS was offered in distributed compages with one equipment manager software awarding in each station installed on defended server machines and the network managing director software in the NOC also installed on a dedicated server machine. Nowadays, the efficient solution is to relocate the NMS application from a specific hardware appliance to a virtualized server infrastructure: the centralized NMS server part is hosted in a Linux virtual server installed on the hardware infrastructure preferred by the client.
Nearly of the fourth dimension the centralized NMS is secured by a loftier availability adequacy, also called geographical resilience, thanks to clustering architecture between virtual servers. This flexible solution allows the client to optimize its asset, whether this asset is endemic and administered past the customer or hired on the cloud.
0 Response to "What Is A Machine That Uses Services Provided By A Server Called?"
Post a Comment