authenticaapachetomcat

apachetomcat  时间:2021-01-11  阅读:()
Remoteapplicationaccessisincreasinglyimportantintoday"sbusinessenvironment.
Solutionsthatprovideremoteaccesstoapplicationsanddatacaneliminategeographicalandnetworkboundaries,improveuserproductivity,enhanceprotectionofintellectualproperties,andhelpstreamlineIToperationswhilereducingcosts.
OpenTextExceedTurboXisanadvancedsolutionfordesktopvirtualizationandremoteaccesstoenterpriseapplicationsanddata,addressingtheneedsofmodernenterprises,especiallythosewithmixedUNIX/MicrosoftWindowshostingenvironments.
Thiswhitepaperdescribestheprinciplesofitsdesign,thearchitectureandkeycomponentsofthesolution,andtheirfunctionsandinteractions.
OpenTextExceedTurboXAnArchitectureOverviewTableofContents1.
0Introduction32.
0TheArchitectureDiagram43.
0TheBuildingBlocks44.
0Connectivity75.
0ThinXProtocol76.
0ClientandProxyRuntime87.
0Authentication98.
0Clustering109.
0Licensing1110.
0Fail-OverScenarios1211.
0Platforms13Closing1331.
0IntroductionRemoteapplicationaccesshasbeenasolutioncategorysincecomputerswerefirstlinkedintoanetwork.
Businesseshavealwayssoughtasolutionthatwouldallowuserstoaccessapplicationsrunningonaremotehost.
Alongcameglobalization,followedbyallformsofvirtualization,whichpushedapplicationsfurtherawayfromusers,whileincreasingtheneedforuserstobeproductivewhileaccessingapplicationsanddatafromagreatdistance.
OpenTexthasbeeninthebusinessofprovidingremoteapplicationaccesssolutionsformorethan20years.
BeginningwithOpenTextExceedinthe1990sandincludingOpenTextExceedonDemandinthe2000s,OpenTexthaspushedtheperformanceenvelope,bringingcomplex2Dand3Dapplicationstoenterpriseusersallovertheworld.
ExceedTurboXisthefutureofremoteapplicationaccesssolutions,madeavailabletoday.
ItisaculminationofyearsofexperiencewithXWindowandnetworkprogramming,andtheunderstandingofhundredsofrealworldcasesusingbusiness-criticalUNIXandWindowsapplications.
SixprimarygoalsguidedtheconceptionanddevelopmentofExceedTurboX:ProvideasingleplatformforITanduserstomanageandaccessalloftheirremoteinfrastructure,regardlessofplatformProvidethefastestremoteaccesssolutiononthemarketforaccessingUNIXandWindowshostsProvideaconsistentuserexperienceacrossallsupportedclientplatformsSimplifythedistributionandmanagementofclientsoftware,profile,andsettingstosupportlargedeploymentscenariosOfferfullyauditableeventsforbettervisibility,accountability,andproblemresolutionWorkintandemwithanyexistinginfrastructureandvendor,includingmixedphysical/virtualdesktopenvironmentsExceedTurboXdeliversresultsonallfronts.
Itsarchitectureisadeparturefrommanytraditionalremoteapplication-accesssolutionsonthemarket,includingourownExceedonDemand.
Itreliesonahybridoftechnologiestodeliverhighperformanceaccesswithagreatuserexperienceandsimplifiedadministration.
2.
0TheArchitectureDiagramThefollowingdiagramdepictstheoveralllayoutofallmajorExceedTurboXcomponentsandtheirrelationships.
Firstly,youwillnoticethatETXreliesonaWebApplicationServertoprovideaweb-basedgraphicalfrontend.
Secondly,ETXusesadatabasetostoreapplicationdata.
InadditiontotheETXserver,whichprovidestheuserinterface,configurationandloadbalancing,ETXConnectionNodesareresponsibleformanagingclientsessionsandcompressingtheremotedisplayfortransmissiontousers.
AgroupofconnectionnodesalongwiththeETXserveriscalledtheETXSite.
43.
0TheBuildingBlocksThefollowingcomponentsformthefoundationofExceedTurboX.
3.
1ETXServerThisisthebrainofthesolution,functioningasconcierge,gatekeeper,andtrafficcontrol-ler.
ItisawebapplicationthatrunsonanApacheTomcatwebapplicationserverandispresentedtouserswhentheyfirstconnecttotheETXwebportal.
ETXServerdisplayseitheraDashboardtousersoraServerManagertoadministrators.
UserscanusetheWebDashboardtolaunchnewsessions,createprofiles,ormanagetheirexistingsessions.
AdministratorsusetheServerManagertomonitorandmanageeveryaspectofthesolution,fromuserenrollmenttogeneratinglicenseandresourceusagereports.
3.
2ETXConnectionNodesTheETXConnectionNodeisresponsibleforstartingsessionproxies(anapplicationwhichmanagesandcompressesremotesessions),aswellasinteractingwiththeETXserver.
Withmultiplenodespresentintheinfrastructure,ETXservercanselectfrommultipleconnectionnodesforloadbalancingandnodefailover.
ETXConnectionNodesincludeseveralsub-components,whicheachhandleadifferenttask.
InadditiontotheProxyManager(whichstartsthesessionproxies),otherimportantcomponentsincludetheETXAuthenticator,XstartLauncher,andApplicationScanner,whichareexplainedinmoredetailbelow.
3.
2.
1ETXProxyManagerThemainfunctionoftheETXProxyManageristocreateremotesessionproxies.
Proxiesactasanintermediarybetweentheclientandapplicationordesktophost,providingencryptionandcompressionofthesessiondisplayovertheWAN.
Theproxyalsohandlespassinguserinputtothehost,aswellasotherdatasuchasfilesanddevices.
TheProxyManagermonitorsthewell-beingofthesesessionproxiesandcommunicatesthestatusofeachsessionproxytotheETXServer.
TheProxyManageralsohandlesuser5commands,suchassessionsuspendandresume,sessionsharing(multicasting),filetransfer,andothersession-relatedfeatures.
AProxyisafullyfunctionalXserver/RDPclient,andcanthereforeoperateasastand-aloneserver,handlingdisplayprotocolfromdefaultinstallationsofWindowsorUNIXhostswithoutanylocalsoftwarebeinginstalled.
TheproxyincludesanXserveraswellasanRDPclientforrenderingandcompressingthedisplayovertheWAN.
InthecaseofWindowsDirectdesktopconnections,theproxymustbeinstalleddirectlyontheWindowsdesktophostforlocalrenderingandcompression.
AcompresseddatastreamissentfromtheProxytotheClient,whichisinstalledontheuser"sdevice.
Theclienthandlesscreendrawingandkeyboardandmouseinputs.
Moreinformationonthefunc-tionsofProxiesandClientsisavailableinSection6.
0.
3.
2.
2ETXAuthenticatorAsthenameimplies,thiscomponenthandlesauthenticationofusersandadministratorswhentheylogintotheETXwebportal.
TheauthenticatorisrequiredtosupportPAMorNativeauthenticationinUNIXenvironments.
LDAP-basedenvironments(e.
g.
MicrosoftWindows)donotrequireanauthenticatorbecauseLDAPauthenticationishandledbyETXServer.
TheETXAuthenticatorprovidesseamlessintegrationofETXintoUNIXenvironmentsthatuseadedicatedPAMorNativeauthenticationserver.
ThisrequiresyoutoinstallanETXConnectionNodeonthePAM/NativeauthenticationserverandregistertheNodeasanAuthenticatorduringinstallation.
ETXsupportsmultipleauthenticationnodesforloadbalancing,buteachnodemustbeconfiguredwiththesamePAMorNativeauthentica-tionsettings.
3.
2.
3XstartLauncherXstartLauncheristhemoduleresponsibleforlaunchingindividualXWindoworWindowsapplicationswhenauserlaunchesanETXprofile.
ETXprofilesincludeallconfigurationsettingsfortheremotesession,includingwhichhosttoselectandwhichapplicationstorun.
3.
2.
4ApplicationScannerTheapplicationscannerisanoptionalutilitythatscanstheConnectionNodeforinstalledapplications,makingthemavailableforpublishingviatheETXServerManager.
Onceanapplicationispublishedtousers,userscanlaunchtheapplicationbycreatingaprofileandselectingtheapplicationtolaunch.
TheapplicationscannerworksonallETXplatforms,soyoucanpublishapplicationsrunningonbothUNIXandWindows.
IfyouhavemultipleConnectionNodeswiththesameapplicationinstalled,ETXServerdetectstheoverlapandgroupsapplicationsintoasingleitem.
Thisprovidesloadbalancingofapplicationsacrossmultiplehosts.
3.
2.
4LocalSessionDatabaseThelocalsessiondatabasekeepstrackofsessionstatusandreportsthisbacktoETXServeronaregularbasis.
IftheconnectionbetweenETXServerandtheProxymanagerfails,thelocalsessiondatabaseenablestheConnectionNodetocontinueoperatingnormally,includingsuspendingorterminatingsessions.
WhentheconnectiontoETXServerisre-established,thelocalsessiondatabaseissyncedwithETXServer.
Thismakeseachnodefault-tolerantincaseofanetworkfailure.
3.
3DatabaseTheRDBMSisthebookkeeperofthesolution.
Itisusedtostoreallnon-transientinforma-tion,includingserversettings,usersettings,profiles,eventlogs,licenseusagestatistics,etc.
ETXsupportsIBMDB2,MicrosoftSQLServer,andApacheDerby,andcomesbundledwithApacheDerbyforquickandeasyinstallation.
Forload-balancing,fail-over,andhigh-availabilitycapabilities,pleaserefertotheETXHighAvailabilityWhitePaper,aswellasvendordocumentationforsettingupdatabasereplication.
63.
4ETXLicenseServerMultipleETXsitescanshareasinglepooloflicensesandhavelicensesdynamicallyorstaticallydistributedtoeachsitebasedonrulesdefinedbyadministrators.
TheETXLicenseServerfunctionalityisembeddedineveryETXServerandcanbeenabledduringsetup.
Onceenabled,otherETXsitescanconnecttotheLicenseServeranduselicensesfromthepool,ratherthanusinglocallyinstalledlicensekeys.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,administratorswillbenotifiedviaemail,andsiteswillremainoperationalfor72hourssothattheproblemcanberesolved.
3.
5ETXClientRuntimeETXreliesonanativeclientRuntimetohandleremotecommunicationsandinteractions.
ItisthecounterparttotheETXProxyandcommunicateswiththeproxycontinuouslywheneverasessionisestablished.
LikeaProxy,theclientRuntimeisanativeapplication,whichtakesadvantageofthebestpossibleperformance,reliability,andcompatibility.
DeploymentoftheETXclientRuntimeisautomatic;thecorrectRuntimeisdownloadedsilentlyinthebackgroundwheneverauserlaunchesanapplication.
ClientRuntimesareavailableforWindows,LinuxandMacusers.
3.
6JavaRuntimeEnvironment(JRE)Whileitisnotnecessarilyabuildingblockonitsown,JREisasystemrequirementfortheETXServer.
Naturally,JREisrequiredonthemachinerunningtheETXServerandApacheTomcat.
JavacanalsobeusedtolaunchETXremotesessionsfromabrowser,althoughthisisnotthedefaultoption.
Bydefault,launchingETXsessionsrequirestheNativeClientLaunchercomponenttobeinstalledontheuser"sdevice(seesection3.
7below).
3.
7NativeClientLauncherTheNativeClientLaunchermustbeinstalledontheuser"smachinebeforetheusercanlaunchaprofileinExceedTurboX(unlesstheyhaveselectedtheJavaclientlauncher;seesection3.
6above).
TheNativeClientLauncherwilldownloadandexecutetheNativeClientRuntimeinthebackgroundwhentheuserlaunchesaprofile.
TheLauncherdoesnotrequireadministratorprivilegestoinstall,anditisprovidedforWindows,Linux,andMacclients.
74.
0NetworkConfigurationCommunicationbetweenETXcomponentsoccursonseveraldifferentports.
Itisimpor-tanttoensurethatyourfirewallisconfiguredproperlytoensureproperoperationoftheETXSite.
Thetablebelowsummarizestherequirednetworkchannels,includingthepurposeofthechannel,thecomponentsinvolved,theprotocolsused,andwhetherthechannelissecured.
DESCRIPTIONFIRSTCOMPONENTSECONDCOMPONENTPROTOCOL(S)DEFAULTPORT(S)SECURITYAccessingETXDashboardandServerManagerinabrowserWebbrowserETXServer(Tomcat)HTTP/HTTPS8080/8443None/SSLETXServercontactsIBMDB2databaseETXServerIBMDB2DatabaseJDBC50000None(SSLoptional)ETXServercontactsMicrosoftSQLdatabaseETXServerMicrosoftSQLDatabaseJDBC1433None(SSLoptional)ETXServercontactsApacheDerbyDBdatabaseETXServerApacheDerbyDatabaseJDBC1527None(SSLoptional)ETXServersendsamessagetotheConnectionNodeETXServerETXConnectionNodeTXPM5510SSLETXClientlaunchesanyprofileETXClientETXConnectionNodeThinX5510None(SSLoptional)UserlaunchesanXapplicationETXConnectionNodeUNIXHostX116000+SSHUserlaunchesaWindowsapplicationorRDPdesktopETXConnectionNodeWindowsHostRDP3389SSLETXServercontactsthelicenseserverETXServerETXLicenseServerHTTP/HTTPS8080/8443None/SSLAccessingETXServerRESTAPIsAnyapplicationorscriptETXServerHTTP/HTTPS8080/8443None/SSL5.
0ThinXProtocolThinXProtocolisthedigitalbloodcoursingthroughtheveinsofETX,anditiswhatmakesETXworksowell,sofast.
ThinXProtocol,orTXP,providesexceptionalperformanceoverawiderangeofnetworkbandwidthsandlatencies.
Resultsofin-houseanalysishaveshownthattheamountofnetworktrafficgeneratedbyTXPisbetweenoneand10percentofthetraditionalXprotocol.
Itisalsomoreefficientthancompetitiveremoteaccesssolutions.
TXPisdesignedtoaccomplishthefollowing:1Reducebandwidthrequirementsforremoteusers2Adapttochangingnetworkconditions3Reduceround-triprequestsforX11traffic4StrengthensecurityNote:TXPisalsousedbetweentheClientandProxyforconnectionstoWindowshosts.
InthecaseofRDPconnections,theETXProxyconvertstheRDPprotocoltoThinXforfasttransmissionovertheWAN.
85.
1ReduceBandwidthRequirementsTXPhasasuperiorabilitytocompress,cache,andoptimizerequests.
ThegoalistominimizetheamountofdatathathastotravelacrossthenetworkbetweenProxyandClient,whichischaracteristicallyhighinnetworklatencyandlowinnetworkbandwidth.
Naturally,theworkrequiredtooptimizeandreducenetworktrafficcomesattheexpenseofmoreCPUcyclesandcomputingresourcesonbothend-pointsoftheconnection.
However,theabundantcomputingpowerthatPCsandserversnowharnesscaneasilyhandletheincreasedworkloadwithoutslowingdowntheremoteserver,enablingExceedTurboXtoachievebandwidthreductionwithoutsacrificingoverallperformance.
5.
2AdapttoChangingNetworkConditionsThelevelofcompressionandoptimizationontheTXPdatastreamcanchangeauto-maticallyanddynamicallydependingonreal-timechangestobandwidthavailability,networklatency,andeventhecontentsoftheremotedisplay.
ExceedTurboXwilladjustandchoosetherighttypeofcompression,datatype,andupdatefrequencytomaintainmaximumperformanceandusability.
Theseadjustmentshappenontheflywithoutanyneedtocustomizeprotocolsettings.
ETXtendstoconsumeavailablebandwidthinordertoimprovedisplayqualityandresponsiveness,butusersandadministratorscanalsolimitthebandwidthusageofaparticularsessionbyadjustingETXprofilesettings.
5.
3ReduceRound-TripRequests(X11)TheXWindowprotocolwasdesignedforcommunicationinaLANenvironmentwherenetworkbandwidthisabundant.
ConnectingtoXapplicationsovertheWANwithoutacompressionlayerwillresultinveryslowperformanceoftheremoteXapplicationsordesk-tops.
TheETXProxycanbeinstalledeitherontheXapplicationhostitself–thuseliminatingXWindowprotocolfromtheLANentirely–oronaseparatemachineonthesameLANastheXapplicationhost.
TheProxywilleitherrenderontheserverandsendpicturesovertheWAN,orwillcompress,batchandsenddrawinginstructionsusingTXP(ThinXProtocol)basedonscreencontents.
WiththeintelligencebuiltintotheProxy,fewerround-triprequestswillneedtoreachtheClient,eliminatinginefficiencyanddelaysintheremotecommunication.
Thereductioninthenumberofround-triprequestsovertheWANorinternetconnectionissignificant,givingExceedTurboXanunparalleledperformanceadvantage.
5.
4StrengthenSecurityTXPissecureindesign.
ItcanbeeasilyencryptedusingthelatestTLS1.
2protocolforheightenedsecurity.
Infact,TLSencryptionisusedbydefaultbetweenETXservercomponentstoensurebusinesscriticalinformationisprotected.
ConnectionsfromusersoutsideofthecorporateLANmaybeencryptedeitherbyaVPNorbyenablingTLSencryptionintheETXServerManager.
6.
0AutomaticUpdatesETXisdesignedtoautomaticallyapplyupdatestoboththeclientandservercomponents,eliminatingtheneedtomanuallyrolloutupdatestothesystem.
ETXalsosupportstheabilitytodeploymultipleversionsoftheclientandserverruntimessothatyoucanapplypatchesanddifferentversionstodifferentgroupsofusers,allfromacentralmanagementinterfacebuiltintoETXServer.
6.
1NoClientInstallationWhenuserslaunchaprofileforthefirsttime,ETXwillautomaticallydetectthepresenceoftheclient-sidelauncherandpromptuserstodownloadandinstallthelauncherifitisnotfound.
Thiseliminatestheneedtomanuallyinstallthesoftwareonclientmachines.
6.
2AutomaticClientandProxyUpdatesviaRuntimePackagesThelightweightclientandproxyruntimesarepushedtotheuser"sdesktop,aswellastheETXproxy,whenauserlaunchesasession.
Theclientandproxyruntimearedevelopedinpairs,ensuringthateveryuserreceivesacompatibleversionoftheclientandservercomponentseverytimetheylaunchanewsession.
9Oncearuntimeisdownloaded,itwillbecachedonthemachineandwillnothavetobedownloadedagain.
Thisensuresthatsubsequentconnectionsarelaunchedasquicklyaspossible.
6.
3AutomaticConnectionNodeupdatesStartinginETX11.
5,patchingtheETXServerwillautomaticallyandsilentlypushallnecessaryupdatestotheETXConnectionNodesthatareregisteredwiththeserver.
InVDIrolloutswiththousandsofvirtualmachines,thiseliminatestheneedtomanuallyupdatethesoftwareonthousandsofnodes.
Note:theConnectionNodesoftwareisusedtomanagethesessionproxiesonthenodeandisseparatefromtheproxyruntime.
6.
4ManagemultipleruntimeversionsconcurrentlyETXServerallowsyoutoinstallandusemultipleruntimeversions,whichmeansthatyoucanapplypatchestospecificuserswithoutaffectingotherusers.
ThiscanbeusedtoapplyhotfixesforspecificapplicationsorperformstagingexperimentswithETXservicepacksandhotfixes.
EachETXprofilehasacustomizableruntimeversion,whichcanbesetbytheETXadministratorortheETXuser(iftheyhavepermissionstoeditprofiles).
7.
0AuthenticationETXsupportsthefollowingauthenticationmethods:LightweightDirectoryAccessProtocol(LDAP)MicrosoftActiveDirectory(AD)Kerberos-basedSingleSignOn(SSO)PluggableAuthenticationModule(PAM)NativeUserCredentials(UNIXonly)ETXwillusedifferentcomponentsinthearchitecturetoauthenticateusers,basedonyourauthenticationmethod.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONLDAP,MICROSOFTACTIVEDIRECTORYETXServerPAM,NATIVEUSERCREDENTIALSETXConnectionNodesLDAPandMicrosoftActiveDirectoryarecentralizedidentitymanagementsystems,whichcanbeaccessedfromanycomputer.
ItisfunctionallysimplerandmoreefficienttoletETXServertakecareofthoseauthenticationtypes.
ToimplementLDAP-basedauthentication,simplyconfiguretheappropriateLDAPsettingsduringinstallationofETXServer.
ForKerberos-based,singlesign-onenvironments,refertotheExceedTurboXInstallationandAdministrationGuide,whichispartofthecoreproductdocumentation.
Additionally,forUNIXenvironments,youmayusePAM(PluggableAuthenticationModule)orNativeauthenticationmethods.
Intheseauthenticationmodes,adedicatedPAMorNativeauthenticationserverisconfiguredtohandleETXloginrequests.
PAMorNativeauthenticationserversmusthavetheETXConnectionNodesoftwareinstalled,andbeassignedthe'Authenticator"roleduringinstallation.
OncethenodeisregisteredwithETXserver,ETXserverwilldirectallloginrequeststotheAuthenticatornode.
ETXServerallowsmorethanonePAM/Nativeauthenticatornodetoberegistered,sothatuserswon"tbelockedoutiftheauthenticationservergoesoffline.
However,youmustmakesurethePAMconfigurationoruserdatabaseisidenticalacrossallAuthenticators.
Inadditiontothe'Authenticator"role,nodescanbeassignedtothe'ProxyManager"role.
TheProxyManagerrolemeansthatthenodewillacceptremotedesktopandapplica-10tionsessions,andstartalocalsessionproxytocompressandmanagetheremoteusersession.
Ifyourauthenticationserver(s)aresharedbymanyapplications,youmaywanttodisabletheproxymanagerroletoavoidtaxingthesesystemswithETXsessions.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONAUTHENTICATORResponsibleforhandlingPAMandNativeUserCredentialsauthenticationrequestsonlyPROXYMANAGERResponsibleforcreatingandmanagingProxiesAUTHENTICATORANDPROXYMANAGERBothoftheabove7.
1MultipleAuthenticatorsFororganizationsthatchoosetousenativeauthenticationorPAM,itisalwaysagoodideatohavemorethanoneAuthenticatorinthesystemincaseoneoftheETXConnectionNodesisdisconnectedorotherwiseunavailable.
ETXServerwillchooseoneoftheavail-ableETXAuthenticatorsatrandom.
Therefore,itisofutmostimportancethatthesamesetofusersandtheircredentialsareavailableoraccessiblebyallETXAuthenticatorsinthesystem;otherwisesomeusersmaynotbeabletologintoETXatanygivenmoment.
Inmostcases,havingtwoAuthenticatorsinthesystemprovidesthenecessaryloadbalancingandprotectionagainstasinglepointoffailure.
Morethantwoauthentica-torsmayberedundantandcreateunnecessarycomplicationandworkloadinvolvedinsynchronizingnativeusercredentialsacrossmultiplemachines.
8.
0LoadBalancing8.
1WhatisLoadBalancingLoadBalancingreferstothecapabilityofETXServertodistributeremotesessionstoa"cluster"ofConnectionNodes.
Loadbalancingisakeyelementofprovidingahighlyavailableenvironmentforuserstoaccesstheirremotedesktopsandapplicationservers.
8.
2HowDoesLoadBalancingWorkWhenauserlaunchesaremoteapplicationordesktop,oneoftheETXconnectionnodescreatesaprocess(calleda"proxy")toactasintermediarybetweentheuserandtheremotehost.
Theproxyprocessisresponsibleforinteractingwiththehost(asthesessionclient)andcompressingtheremotedisplayfortransmissionovertheWANtotheenduser.
IfETXwereconfiguredwithonlyasinglenodetohandleallusersessions,failureofthatnode(duetohardware,network,orotherfailure)wouldbecrippling.
ETXwouldnotbeabletohandleanynewsessionsuntilthenodeisrestoredandreconnected.
Withtwoormorenodespresent,failureofasinglenodedoesnotcripplethesystem.
Theothernodescantakeoveruntilthefirstnodecomesbackonline.
AllETXConnectionNodesareregisteredwithETXServer,andtheirpresenceisrecordedandmonitoredsoETXServerknowstheexactnumberofETXConnectionNodesavail-able,whateachnodeisdoing,andtheresourcesavailableoneachnode.
Fromtheuser"sperspective,thereisnoobviousdifferencebetweendifferentConnectionNodes,andinmostcases,usersshouldnotcarewhichnodehandlestheuser"ssession.
JustlikewhenyouaccessAmazon.
com,youdon"tknow,nordoyoucare,whichoneofathousanddifferentwebserversisrespondingtoyourrequest.
118.
3LoadBalancingBecausetheETXServerkeepstrackofallconnectionnodesandtheavailableresourcesoneachnode,theservercanassignsessionstoconnectionnodesbyselectingthenodewiththemostavailableresources.
Thisensuresthatusersachievethefastestpossibleconnectionsfortheavailableserverhardware.
ThefollowingloadbalancingcriteriaaresupportedbyETXServer:LOADBALANCINGRULEFUNCTIONSESSIONSThenodewiththefewestactiveorsuspendedsessionsisselectedforthenextsessionlaunch.
CPUThenodewiththemostCPUresourcesisselected.
ThisdoesnotaccountforCPUspeedorarchitecture,onlypercentageofCPUconsumption.
MEMORYThenodewiththemostavailablememoryisselected.
Thistypeofloadbalancingcanbeusedwhenrunningmemory-intensiveapplications.
9.
0Licensing9.
1TypeofLicensesETXLicensesareconcurrentinnature,meaningtheyallowalargenumberofuserstoshareasmallersetoflicenses.
Forexample,ifyoupurchase50licensesforanETXsite,100usersmightsharethoselicenses,solongasnomorethan50usershaveactivesessionsatthesametime.
9.
2RulesofLicenseUsageAsingleusercanneverconsumemorethanonelicense.
Thismeansthatausercanlaunchmultiplesessionsonmultipledevicesandwillneverconsumemorethanasingleconcurrentuserlicense.
However,ifausersharestheirsessionwithmultipleusers,eachuserjoiningthesharedsessionwillconsumeonelicense(providedtheuserisn"talreadyconsumingalicense).
9.
3SharingLicensesAcrossMultipleETXSitesMultipleETXsitescanconnecttoanETXLicenseServerinordertoshareasinglepooloflicenses.
TheETXLicenseServerfunctionalityisembeddedineveryETXServer,andcanbeturnedonduringsetup.
TheLicenseServershouldbeconfiguredfirst,sothatotherETXServerscanspecifythelicenseserverduringsetup.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,allsiteswillremainoperationalforupto72hours,andadministratorswillbenotifiedaslongasthelicenseserverhasbeenconfiguredtosendemailnotifications.
9.
4LicenseDistributionMethodsETXLicenseServersupportstwotypesoflicensedistribution:StaticandDynamic.
9.
4.
1StaticLicenseDistributionAsthenameimplies,licensesarestaticallydistributedtoeachETXsitesoyoucantightlycontrollicenseusageandcostsonaper-sitebasis.
Oncelicensesarestaticallydistrib-utedtoanETXSite,thesitewillmanagethelicenseusageinternallyasifthoselicenseswerelocallyinstalled.
9.
4.
2DynamicLicenseDistributionAnylicensesthathavenotbeenassignedstaticallytoanETXsiteareavailableforanyconnectedsitetoconsumeonafirst-come,firstservebasis.
DynamiclicensescanflowfreelyfromoneETXsitetoanotherseamlessly.
Note:IfauserlaunchessessionsontwoindependentETXsitesthatshareacommonlicenseserver,theuserwillconsumeonelicensefromeachETXsite.
ThisisbecauseeachETXsitemanagesitslicensesindependently.
1210.
0FailureScenariosTheETXsolutionisdesignedtoberesilienttovarioustypesoffailuresandoffercontinuousservices.
Disastersorfailurescanhappentocomputershostingdifferentcomponents,andtherearevariousdegreesoffailure.
Thetablebelowoutlineshoweachcomponenthandleseachtypeoffailure.
COMPONENTNETWORKDISCONNECTIONCOMPONENTSHUTDOWNCLIENTIfthemachinewhereETXClientisrunninglosesitsconnectiontothenetwork,theuser"ssessionwillbeautomaticallysuspended.
IfthemachinewhereETXClientisrunningcrashesorotherwiseispoweredoff,theuser"ssessionwillbeautomaticallysuspended.
CONNECTIONNODEIfthemachinehostingtheConnectionNodeisdisconnectedfromthenetwork,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
IfthemachinehostingtheConnectionNodecrashesorispowereddownunexpectedly,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
AUTHENTICATORWhenusingNativeorPAMauthenticationforUNIXenvironments,iftheAuthenticatornodeisdisconnectedfromthenetwork,ETXServerwillnotbeabletoauthenticateusers.
Inthissituation,noonewillbeallowedtologintotheETXwebsite.
However,iftheadministratorcreatedamaintenanceuser(bydefault'etxinstall"),theycanloginwiththismaintenanceusertofixconfigurationproblemswiththeauthenticationnode.
Iftheauthenticatorfails,itwillnotaffectexistingsessions,unlessthosesessionsarerunningontheauthenticationnode(requirestheauthenticatornodetobeconfiguredasaProxyManager).
APACHETOMCAT/ETXSERVERIfApacheTomcatortheETXServerwebappisunavailable–whetherduetoabrokennetworkconnectionorservercrash,userswillbeunabletologintotheETXwebinterfaceorperformbasicfunctionssuchaslaunchingorresumingsessions.
AdministratorswillbeunabletologintothewebinterfacetoadministertheETXenvironment.
However,allactivesessionswillcontinuetooperatewithoutanylimitations.
IfausersuspendsanactivesessionwhileApacheTomcatortheETXServerisdown,heorshewillhavetowaituntilthosesystemsarerevivedandonlinebeforethesessioncanberesumed.
Note:ETXsupportshighavailabilityforthewebserver.
ThismeansthatyoucanrunETXserversinparallel.
Iftheprimarywebserverfails,thesecondarywilltakeover.
Forinformationonsetup,seetheExceedTurboXHighAvailabilityConfigurationGuide.
DATABASEIfthedatabaseisunavailablebecauseofanetworkfailure,theETXWebDashboardandWebServerManagerwillbeinac-cessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabaseconnectionisrestored,allfunctionswillberesumed.
Ifthemachinerunningthedatabasecrashesorispowereddownunexpectedly,orthedatabaseiscorrupted,ETXWebDashboardandWebServerManagerwillbeinaccessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabasemachineisrestoredallfunctionswillberesumed.
LICENSESERVERSTATICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,anETXServerwillcontinuetomanagetheallottedlicensesasiftheywerelocallyinstalled,forupto72hours.
ThisprovidestimeforITtofindandfixanyfailures.
ImpacttotheETXServeranditsusersisminimalunlessthisconditionisleftuntreated.
DYNAMICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,eachETXServerwillassumethatanyunallocatedlicensesareavailableforlocalsessionsforupto72hoursafterthedisconnection.
WhentheconnectiontotheLicenseServerisrestored,eachETXServerwillreportitscurrentlicenseusagetotheLicenseServer,andtheLicenseServerwillrecalculatethetotalnumberoflicensesthatareinuse.
Userswhohaveactivesessionswillnotbepenalizedifthenumberoflicensesinuseisgreaterthanthenumberoflicensesinstalled.
Inthiscase,thiseventwillbeloggedandanyuseractivitiesthatrequireadditionallicenseswillnotbepermitteduntilthetotalnumberoflicensesinuseisfewerthanthenumberoflicensesinstalled.
11.
0PlatformsThesupportedplatformsforeachETXcomponentisprovidedinthetablebelow.
LOADBALANCINGRULEFUNCTIONCLIENTWINDOWSPLATFORMSWindows10Windows8.
1Windows7SP1orlaterWindowsServer2008R2SP1orlaterWindowsServer2012R2orlaterLINUXPLATFORMSRedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterpriseLinux11&12,64-bitMACOSXPLATFORMSMacOS10.
12(Sierra)MacOSX10.
11(ElCapitan)IOSPLATFORMSiOS9.
0orlater,oniPad2orlater,iPadAir,iPadAir2,iPadmini2orlater,iPadProJAVACLIENTETXSERVERRedHatEnterpriseLinux6.
5orlater,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitETXCONNECTIONNODERedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterprise11&12,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitIBMAIX6.
1or7.
1Windows10,64-bitWindows8.
1,64-bitWindows7SP1,64-bitWindowsServer2008R2SP1,64-bitWindowsServer2012R2DATABASEIBMDB2Express-C10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyIBMDB2EnterpriseServer10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyMicrosoftSQL2012SP1StandardEditionorlateronWindowsServer2012R2orlaterMicrosoftSQL2008R2SP2StandardEditionorlateronWindowsServer2008R2SP1orlaterApacheDerby10orlater,onallsupportedETXServerplatformsWEBBROWSERSGoogleChromeMozillaFirefoxMicrosoftInternetExplorer11MicrosoftEdgeAppleSafari8orlater(applicabletoMacOSXonly)ClosingThankyouforyourinterestinOpenTextExceedTurboX.
TolearnmoreaboutExceedTurboX,visitourwebsiteat:connectivity.
opentext.
com/etx.
AboutOpenTextOpenTextenablesthedigitalworld,creatingabetterwayfororganizationstoworkwithinformation,onpremisesorinthecloud.
FormoreinformationaboutOpenText(NASDAQ:OTEX,TSX:OTC)visitopentext.
com.
Connectwithus:OpenTextCEOMarkBarrenechea"sblogTwitter|LinkedIn|Facebook

€4.99/月Contabo云服务器,美国高性价比VPS/4核8G内存200G SSD存储

Contabo是一家运营了20多年的欧洲老牌主机商,之前主要是运营德国数据中心,Contabo在今年4月份增设新加坡数据中心,近期同时新增了美国纽约和西雅图数据中心。全球布局基本完成,目前可选的数据中心包括:德国本土、美国东部(纽约)、美国西部(西雅图)、美国中部(圣路易斯)和亚洲的新加坡数据中心。Contabo的之前国外主机测评网站有多次介绍,他们家的特点就是性价比高,而且这个高不是一般的高,是...

Hostodo(年付12美元),美西斯波坎机房Linux VPS主机66折

Hostodo 商家是比较小众的国外VPS主机商,这不看到商家有推送促销优惠在美国西岸的斯波坎机房还有少部分库存准备通过低价格促销,年付低至12美元Linux VPS主机,且如果是1GB内存方案的可以享受六六折优惠,均是采用KVM架构,且可以支付宝付款。第一、商家优惠码优惠码:spokanessd 1GB+内存方案才可以用到优惠码,其他都是固定的优惠低至年12美元。第二、商家促销这里,我们可以看到...

半月湾hmbcloud升级500Mbps带宽,原生VPS,$4.99/月

关于半月湾HMBCloud商家之前也有几篇那文章介绍过这个商家的产品,对于他们家的其他产品我都没有多加留意,而是对他们家的DC5机房很多人还是比较喜欢的,这个比我们有些比较熟悉的某商家DC6 DC9机房限时,而且半月湾HMBCloud商家是相对便宜的。关于半月湾DC5机房的方案选择和介绍:1、半月湾三网洛杉矶DC5 CN2 GIA同款DC6 DC9 1G内存 1TB流量 月$4.992、亲测选择半...

apachetomcat为你推荐
国际域名注册如何在国外域名注册商注册国际域名哩全能虚拟主机时代互联的全能云虚拟主机怎么样,稳不稳定,速度怎么样的?广东虚拟主机大家推荐一下广东地区稳定的IDC中文域名注册查询中文域名注册怎么查询免费国外空间哪些免费的国外空间最好?速度快.功能大?便宜的虚拟主机哪里有便宜的国内虚拟主机?美国网站空间美国空间做什么网站好?山东虚拟主机能否在虚拟机与主机之间建立局域网,让主机与虚拟机同时上网?mysql虚拟主机哪些类型的虚拟主机支持数据库?东莞虚拟主机哪里的虚拟主机便宜 性价比高?
济南域名注册 出租服务器 vps安全设置 如何申请免费域名 ddos 免费全能空间 骨干网络 腾讯实名认证中心 phpmyadmin配置 cxz 德隆中文网 浙江服务器 登陆qq空间 asp空间 石家庄服务器 学生机 windowsserver2012 web服务器有哪些 rsync 回程 更多