authenticaapachetomcat

Remoteapplicationaccessisincreasinglyimportantintoday"sbusinessenvironment.
Solutionsthatprovideremoteaccesstoapplicationsanddatacaneliminategeographicalandnetworkboundaries,improveuserproductivity,enhanceprotectionofintellectualproperties,andhelpstreamlineIToperationswhilereducingcosts.
OpenTextExceedTurboXisanadvancedsolutionfordesktopvirtualizationandremoteaccesstoenterpriseapplicationsanddata,addressingtheneedsofmodernenterprises,especiallythosewithmixedUNIX/MicrosoftWindowshostingenvironments.
Thiswhitepaperdescribestheprinciplesofitsdesign,thearchitectureandkeycomponentsofthesolution,andtheirfunctionsandinteractions.
OpenTextExceedTurboXAnArchitectureOverviewTableofContents1.
0Introduction32.
0TheArchitectureDiagram43.
0TheBuildingBlocks44.
0Connectivity75.
0ThinXProtocol76.
0ClientandProxyRuntime87.
0Authentication98.
0Clustering109.
0Licensing1110.
0Fail-OverScenarios1211.
0Platforms13Closing1331.
0IntroductionRemoteapplicationaccesshasbeenasolutioncategorysincecomputerswerefirstlinkedintoanetwork.
Businesseshavealwayssoughtasolutionthatwouldallowuserstoaccessapplicationsrunningonaremotehost.
Alongcameglobalization,followedbyallformsofvirtualization,whichpushedapplicationsfurtherawayfromusers,whileincreasingtheneedforuserstobeproductivewhileaccessingapplicationsanddatafromagreatdistance.
OpenTexthasbeeninthebusinessofprovidingremoteapplicationaccesssolutionsformorethan20years.
BeginningwithOpenTextExceedinthe1990sandincludingOpenTextExceedonDemandinthe2000s,OpenTexthaspushedtheperformanceenvelope,bringingcomplex2Dand3Dapplicationstoenterpriseusersallovertheworld.
ExceedTurboXisthefutureofremoteapplicationaccesssolutions,madeavailabletoday.
ItisaculminationofyearsofexperiencewithXWindowandnetworkprogramming,andtheunderstandingofhundredsofrealworldcasesusingbusiness-criticalUNIXandWindowsapplications.
SixprimarygoalsguidedtheconceptionanddevelopmentofExceedTurboX:ProvideasingleplatformforITanduserstomanageandaccessalloftheirremoteinfrastructure,regardlessofplatformProvidethefastestremoteaccesssolutiononthemarketforaccessingUNIXandWindowshostsProvideaconsistentuserexperienceacrossallsupportedclientplatformsSimplifythedistributionandmanagementofclientsoftware,profile,andsettingstosupportlargedeploymentscenariosOfferfullyauditableeventsforbettervisibility,accountability,andproblemresolutionWorkintandemwithanyexistinginfrastructureandvendor,includingmixedphysical/virtualdesktopenvironmentsExceedTurboXdeliversresultsonallfronts.
Itsarchitectureisadeparturefrommanytraditionalremoteapplication-accesssolutionsonthemarket,includingourownExceedonDemand.
Itreliesonahybridoftechnologiestodeliverhighperformanceaccesswithagreatuserexperienceandsimplifiedadministration.
2.
0TheArchitectureDiagramThefollowingdiagramdepictstheoveralllayoutofallmajorExceedTurboXcomponentsandtheirrelationships.
Firstly,youwillnoticethatETXreliesonaWebApplicationServertoprovideaweb-basedgraphicalfrontend.
Secondly,ETXusesadatabasetostoreapplicationdata.
InadditiontotheETXserver,whichprovidestheuserinterface,configurationandloadbalancing,ETXConnectionNodesareresponsibleformanagingclientsessionsandcompressingtheremotedisplayfortransmissiontousers.
AgroupofconnectionnodesalongwiththeETXserveriscalledtheETXSite.
43.
0TheBuildingBlocksThefollowingcomponentsformthefoundationofExceedTurboX.
3.
1ETXServerThisisthebrainofthesolution,functioningasconcierge,gatekeeper,andtrafficcontrol-ler.
ItisawebapplicationthatrunsonanApacheTomcatwebapplicationserverandispresentedtouserswhentheyfirstconnecttotheETXwebportal.
ETXServerdisplayseitheraDashboardtousersoraServerManagertoadministrators.
UserscanusetheWebDashboardtolaunchnewsessions,createprofiles,ormanagetheirexistingsessions.
AdministratorsusetheServerManagertomonitorandmanageeveryaspectofthesolution,fromuserenrollmenttogeneratinglicenseandresourceusagereports.
3.
2ETXConnectionNodesTheETXConnectionNodeisresponsibleforstartingsessionproxies(anapplicationwhichmanagesandcompressesremotesessions),aswellasinteractingwiththeETXserver.
Withmultiplenodespresentintheinfrastructure,ETXservercanselectfrommultipleconnectionnodesforloadbalancingandnodefailover.
ETXConnectionNodesincludeseveralsub-components,whicheachhandleadifferenttask.
InadditiontotheProxyManager(whichstartsthesessionproxies),otherimportantcomponentsincludetheETXAuthenticator,XstartLauncher,andApplicationScanner,whichareexplainedinmoredetailbelow.
3.
2.
1ETXProxyManagerThemainfunctionoftheETXProxyManageristocreateremotesessionproxies.
Proxiesactasanintermediarybetweentheclientandapplicationordesktophost,providingencryptionandcompressionofthesessiondisplayovertheWAN.
Theproxyalsohandlespassinguserinputtothehost,aswellasotherdatasuchasfilesanddevices.
TheProxyManagermonitorsthewell-beingofthesesessionproxiesandcommunicatesthestatusofeachsessionproxytotheETXServer.
TheProxyManageralsohandlesuser5commands,suchassessionsuspendandresume,sessionsharing(multicasting),filetransfer,andothersession-relatedfeatures.
AProxyisafullyfunctionalXserver/RDPclient,andcanthereforeoperateasastand-aloneserver,handlingdisplayprotocolfromdefaultinstallationsofWindowsorUNIXhostswithoutanylocalsoftwarebeinginstalled.
TheproxyincludesanXserveraswellasanRDPclientforrenderingandcompressingthedisplayovertheWAN.
InthecaseofWindowsDirectdesktopconnections,theproxymustbeinstalleddirectlyontheWindowsdesktophostforlocalrenderingandcompression.
AcompresseddatastreamissentfromtheProxytotheClient,whichisinstalledontheuser"sdevice.
Theclienthandlesscreendrawingandkeyboardandmouseinputs.
Moreinformationonthefunc-tionsofProxiesandClientsisavailableinSection6.
0.
3.
2.
2ETXAuthenticatorAsthenameimplies,thiscomponenthandlesauthenticationofusersandadministratorswhentheylogintotheETXwebportal.
TheauthenticatorisrequiredtosupportPAMorNativeauthenticationinUNIXenvironments.
LDAP-basedenvironments(e.
g.
MicrosoftWindows)donotrequireanauthenticatorbecauseLDAPauthenticationishandledbyETXServer.
TheETXAuthenticatorprovidesseamlessintegrationofETXintoUNIXenvironmentsthatuseadedicatedPAMorNativeauthenticationserver.
ThisrequiresyoutoinstallanETXConnectionNodeonthePAM/NativeauthenticationserverandregistertheNodeasanAuthenticatorduringinstallation.
ETXsupportsmultipleauthenticationnodesforloadbalancing,buteachnodemustbeconfiguredwiththesamePAMorNativeauthentica-tionsettings.
3.
2.
3XstartLauncherXstartLauncheristhemoduleresponsibleforlaunchingindividualXWindoworWindowsapplicationswhenauserlaunchesanETXprofile.
ETXprofilesincludeallconfigurationsettingsfortheremotesession,includingwhichhosttoselectandwhichapplicationstorun.
3.
2.
4ApplicationScannerTheapplicationscannerisanoptionalutilitythatscanstheConnectionNodeforinstalledapplications,makingthemavailableforpublishingviatheETXServerManager.
Onceanapplicationispublishedtousers,userscanlaunchtheapplicationbycreatingaprofileandselectingtheapplicationtolaunch.
TheapplicationscannerworksonallETXplatforms,soyoucanpublishapplicationsrunningonbothUNIXandWindows.
IfyouhavemultipleConnectionNodeswiththesameapplicationinstalled,ETXServerdetectstheoverlapandgroupsapplicationsintoasingleitem.
Thisprovidesloadbalancingofapplicationsacrossmultiplehosts.
3.
2.
4LocalSessionDatabaseThelocalsessiondatabasekeepstrackofsessionstatusandreportsthisbacktoETXServeronaregularbasis.
IftheconnectionbetweenETXServerandtheProxymanagerfails,thelocalsessiondatabaseenablestheConnectionNodetocontinueoperatingnormally,includingsuspendingorterminatingsessions.
WhentheconnectiontoETXServerisre-established,thelocalsessiondatabaseissyncedwithETXServer.
Thismakeseachnodefault-tolerantincaseofanetworkfailure.
3.
3DatabaseTheRDBMSisthebookkeeperofthesolution.
Itisusedtostoreallnon-transientinforma-tion,includingserversettings,usersettings,profiles,eventlogs,licenseusagestatistics,etc.
ETXsupportsIBMDB2,MicrosoftSQLServer,andApacheDerby,andcomesbundledwithApacheDerbyforquickandeasyinstallation.
Forload-balancing,fail-over,andhigh-availabilitycapabilities,pleaserefertotheETXHighAvailabilityWhitePaper,aswellasvendordocumentationforsettingupdatabasereplication.
63.
4ETXLicenseServerMultipleETXsitescanshareasinglepooloflicensesandhavelicensesdynamicallyorstaticallydistributedtoeachsitebasedonrulesdefinedbyadministrators.
TheETXLicenseServerfunctionalityisembeddedineveryETXServerandcanbeenabledduringsetup.
Onceenabled,otherETXsitescanconnecttotheLicenseServeranduselicensesfromthepool,ratherthanusinglocallyinstalledlicensekeys.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,administratorswillbenotifiedviaemail,andsiteswillremainoperationalfor72hourssothattheproblemcanberesolved.
3.
5ETXClientRuntimeETXreliesonanativeclientRuntimetohandleremotecommunicationsandinteractions.
ItisthecounterparttotheETXProxyandcommunicateswiththeproxycontinuouslywheneverasessionisestablished.
LikeaProxy,theclientRuntimeisanativeapplication,whichtakesadvantageofthebestpossibleperformance,reliability,andcompatibility.
DeploymentoftheETXclientRuntimeisautomatic;thecorrectRuntimeisdownloadedsilentlyinthebackgroundwheneverauserlaunchesanapplication.
ClientRuntimesareavailableforWindows,LinuxandMacusers.
3.
6JavaRuntimeEnvironment(JRE)Whileitisnotnecessarilyabuildingblockonitsown,JREisasystemrequirementfortheETXServer.
Naturally,JREisrequiredonthemachinerunningtheETXServerandApacheTomcat.
JavacanalsobeusedtolaunchETXremotesessionsfromabrowser,althoughthisisnotthedefaultoption.
Bydefault,launchingETXsessionsrequirestheNativeClientLaunchercomponenttobeinstalledontheuser"sdevice(seesection3.
7below).
3.
7NativeClientLauncherTheNativeClientLaunchermustbeinstalledontheuser"smachinebeforetheusercanlaunchaprofileinExceedTurboX(unlesstheyhaveselectedtheJavaclientlauncher;seesection3.
6above).
TheNativeClientLauncherwilldownloadandexecutetheNativeClientRuntimeinthebackgroundwhentheuserlaunchesaprofile.
TheLauncherdoesnotrequireadministratorprivilegestoinstall,anditisprovidedforWindows,Linux,andMacclients.
74.
0NetworkConfigurationCommunicationbetweenETXcomponentsoccursonseveraldifferentports.
Itisimpor-tanttoensurethatyourfirewallisconfiguredproperlytoensureproperoperationoftheETXSite.
Thetablebelowsummarizestherequirednetworkchannels,includingthepurposeofthechannel,thecomponentsinvolved,theprotocolsused,andwhetherthechannelissecured.
DESCRIPTIONFIRSTCOMPONENTSECONDCOMPONENTPROTOCOL(S)DEFAULTPORT(S)SECURITYAccessingETXDashboardandServerManagerinabrowserWebbrowserETXServer(Tomcat)HTTP/HTTPS8080/8443None/SSLETXServercontactsIBMDB2databaseETXServerIBMDB2DatabaseJDBC50000None(SSLoptional)ETXServercontactsMicrosoftSQLdatabaseETXServerMicrosoftSQLDatabaseJDBC1433None(SSLoptional)ETXServercontactsApacheDerbyDBdatabaseETXServerApacheDerbyDatabaseJDBC1527None(SSLoptional)ETXServersendsamessagetotheConnectionNodeETXServerETXConnectionNodeTXPM5510SSLETXClientlaunchesanyprofileETXClientETXConnectionNodeThinX5510None(SSLoptional)UserlaunchesanXapplicationETXConnectionNodeUNIXHostX116000+SSHUserlaunchesaWindowsapplicationorRDPdesktopETXConnectionNodeWindowsHostRDP3389SSLETXServercontactsthelicenseserverETXServerETXLicenseServerHTTP/HTTPS8080/8443None/SSLAccessingETXServerRESTAPIsAnyapplicationorscriptETXServerHTTP/HTTPS8080/8443None/SSL5.
0ThinXProtocolThinXProtocolisthedigitalbloodcoursingthroughtheveinsofETX,anditiswhatmakesETXworksowell,sofast.
ThinXProtocol,orTXP,providesexceptionalperformanceoverawiderangeofnetworkbandwidthsandlatencies.
Resultsofin-houseanalysishaveshownthattheamountofnetworktrafficgeneratedbyTXPisbetweenoneand10percentofthetraditionalXprotocol.
Itisalsomoreefficientthancompetitiveremoteaccesssolutions.
TXPisdesignedtoaccomplishthefollowing:1Reducebandwidthrequirementsforremoteusers2Adapttochangingnetworkconditions3Reduceround-triprequestsforX11traffic4StrengthensecurityNote:TXPisalsousedbetweentheClientandProxyforconnectionstoWindowshosts.
InthecaseofRDPconnections,theETXProxyconvertstheRDPprotocoltoThinXforfasttransmissionovertheWAN.
85.
1ReduceBandwidthRequirementsTXPhasasuperiorabilitytocompress,cache,andoptimizerequests.
ThegoalistominimizetheamountofdatathathastotravelacrossthenetworkbetweenProxyandClient,whichischaracteristicallyhighinnetworklatencyandlowinnetworkbandwidth.
Naturally,theworkrequiredtooptimizeandreducenetworktrafficcomesattheexpenseofmoreCPUcyclesandcomputingresourcesonbothend-pointsoftheconnection.
However,theabundantcomputingpowerthatPCsandserversnowharnesscaneasilyhandletheincreasedworkloadwithoutslowingdowntheremoteserver,enablingExceedTurboXtoachievebandwidthreductionwithoutsacrificingoverallperformance.
5.
2AdapttoChangingNetworkConditionsThelevelofcompressionandoptimizationontheTXPdatastreamcanchangeauto-maticallyanddynamicallydependingonreal-timechangestobandwidthavailability,networklatency,andeventhecontentsoftheremotedisplay.
ExceedTurboXwilladjustandchoosetherighttypeofcompression,datatype,andupdatefrequencytomaintainmaximumperformanceandusability.
Theseadjustmentshappenontheflywithoutanyneedtocustomizeprotocolsettings.
ETXtendstoconsumeavailablebandwidthinordertoimprovedisplayqualityandresponsiveness,butusersandadministratorscanalsolimitthebandwidthusageofaparticularsessionbyadjustingETXprofilesettings.
5.
3ReduceRound-TripRequests(X11)TheXWindowprotocolwasdesignedforcommunicationinaLANenvironmentwherenetworkbandwidthisabundant.
ConnectingtoXapplicationsovertheWANwithoutacompressionlayerwillresultinveryslowperformanceoftheremoteXapplicationsordesk-tops.
TheETXProxycanbeinstalledeitherontheXapplicationhostitself–thuseliminatingXWindowprotocolfromtheLANentirely–oronaseparatemachineonthesameLANastheXapplicationhost.
TheProxywilleitherrenderontheserverandsendpicturesovertheWAN,orwillcompress,batchandsenddrawinginstructionsusingTXP(ThinXProtocol)basedonscreencontents.
WiththeintelligencebuiltintotheProxy,fewerround-triprequestswillneedtoreachtheClient,eliminatinginefficiencyanddelaysintheremotecommunication.
Thereductioninthenumberofround-triprequestsovertheWANorinternetconnectionissignificant,givingExceedTurboXanunparalleledperformanceadvantage.
5.
4StrengthenSecurityTXPissecureindesign.
ItcanbeeasilyencryptedusingthelatestTLS1.
2protocolforheightenedsecurity.
Infact,TLSencryptionisusedbydefaultbetweenETXservercomponentstoensurebusinesscriticalinformationisprotected.
ConnectionsfromusersoutsideofthecorporateLANmaybeencryptedeitherbyaVPNorbyenablingTLSencryptionintheETXServerManager.
6.
0AutomaticUpdatesETXisdesignedtoautomaticallyapplyupdatestoboththeclientandservercomponents,eliminatingtheneedtomanuallyrolloutupdatestothesystem.
ETXalsosupportstheabilitytodeploymultipleversionsoftheclientandserverruntimessothatyoucanapplypatchesanddifferentversionstodifferentgroupsofusers,allfromacentralmanagementinterfacebuiltintoETXServer.
6.
1NoClientInstallationWhenuserslaunchaprofileforthefirsttime,ETXwillautomaticallydetectthepresenceoftheclient-sidelauncherandpromptuserstodownloadandinstallthelauncherifitisnotfound.
Thiseliminatestheneedtomanuallyinstallthesoftwareonclientmachines.
6.
2AutomaticClientandProxyUpdatesviaRuntimePackagesThelightweightclientandproxyruntimesarepushedtotheuser"sdesktop,aswellastheETXproxy,whenauserlaunchesasession.
Theclientandproxyruntimearedevelopedinpairs,ensuringthateveryuserreceivesacompatibleversionoftheclientandservercomponentseverytimetheylaunchanewsession.
9Oncearuntimeisdownloaded,itwillbecachedonthemachineandwillnothavetobedownloadedagain.
Thisensuresthatsubsequentconnectionsarelaunchedasquicklyaspossible.
6.
3AutomaticConnectionNodeupdatesStartinginETX11.
5,patchingtheETXServerwillautomaticallyandsilentlypushallnecessaryupdatestotheETXConnectionNodesthatareregisteredwiththeserver.
InVDIrolloutswiththousandsofvirtualmachines,thiseliminatestheneedtomanuallyupdatethesoftwareonthousandsofnodes.
Note:theConnectionNodesoftwareisusedtomanagethesessionproxiesonthenodeandisseparatefromtheproxyruntime.
6.
4ManagemultipleruntimeversionsconcurrentlyETXServerallowsyoutoinstallandusemultipleruntimeversions,whichmeansthatyoucanapplypatchestospecificuserswithoutaffectingotherusers.
ThiscanbeusedtoapplyhotfixesforspecificapplicationsorperformstagingexperimentswithETXservicepacksandhotfixes.
EachETXprofilehasacustomizableruntimeversion,whichcanbesetbytheETXadministratorortheETXuser(iftheyhavepermissionstoeditprofiles).
7.
0AuthenticationETXsupportsthefollowingauthenticationmethods:LightweightDirectoryAccessProtocol(LDAP)MicrosoftActiveDirectory(AD)Kerberos-basedSingleSignOn(SSO)PluggableAuthenticationModule(PAM)NativeUserCredentials(UNIXonly)ETXwillusedifferentcomponentsinthearchitecturetoauthenticateusers,basedonyourauthenticationmethod.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONLDAP,MICROSOFTACTIVEDIRECTORYETXServerPAM,NATIVEUSERCREDENTIALSETXConnectionNodesLDAPandMicrosoftActiveDirectoryarecentralizedidentitymanagementsystems,whichcanbeaccessedfromanycomputer.
ItisfunctionallysimplerandmoreefficienttoletETXServertakecareofthoseauthenticationtypes.
ToimplementLDAP-basedauthentication,simplyconfiguretheappropriateLDAPsettingsduringinstallationofETXServer.
ForKerberos-based,singlesign-onenvironments,refertotheExceedTurboXInstallationandAdministrationGuide,whichispartofthecoreproductdocumentation.
Additionally,forUNIXenvironments,youmayusePAM(PluggableAuthenticationModule)orNativeauthenticationmethods.
Intheseauthenticationmodes,adedicatedPAMorNativeauthenticationserverisconfiguredtohandleETXloginrequests.
PAMorNativeauthenticationserversmusthavetheETXConnectionNodesoftwareinstalled,andbeassignedthe'Authenticator"roleduringinstallation.
OncethenodeisregisteredwithETXserver,ETXserverwilldirectallloginrequeststotheAuthenticatornode.
ETXServerallowsmorethanonePAM/Nativeauthenticatornodetoberegistered,sothatuserswon"tbelockedoutiftheauthenticationservergoesoffline.
However,youmustmakesurethePAMconfigurationoruserdatabaseisidenticalacrossallAuthenticators.
Inadditiontothe'Authenticator"role,nodescanbeassignedtothe'ProxyManager"role.
TheProxyManagerrolemeansthatthenodewillacceptremotedesktopandapplica-10tionsessions,andstartalocalsessionproxytocompressandmanagetheremoteusersession.
Ifyourauthenticationserver(s)aresharedbymanyapplications,youmaywanttodisabletheproxymanagerroletoavoidtaxingthesesystemswithETXsessions.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONAUTHENTICATORResponsibleforhandlingPAMandNativeUserCredentialsauthenticationrequestsonlyPROXYMANAGERResponsibleforcreatingandmanagingProxiesAUTHENTICATORANDPROXYMANAGERBothoftheabove7.
1MultipleAuthenticatorsFororganizationsthatchoosetousenativeauthenticationorPAM,itisalwaysagoodideatohavemorethanoneAuthenticatorinthesystemincaseoneoftheETXConnectionNodesisdisconnectedorotherwiseunavailable.
ETXServerwillchooseoneoftheavail-ableETXAuthenticatorsatrandom.
Therefore,itisofutmostimportancethatthesamesetofusersandtheircredentialsareavailableoraccessiblebyallETXAuthenticatorsinthesystem;otherwisesomeusersmaynotbeabletologintoETXatanygivenmoment.
Inmostcases,havingtwoAuthenticatorsinthesystemprovidesthenecessaryloadbalancingandprotectionagainstasinglepointoffailure.
Morethantwoauthentica-torsmayberedundantandcreateunnecessarycomplicationandworkloadinvolvedinsynchronizingnativeusercredentialsacrossmultiplemachines.
8.
0LoadBalancing8.
1WhatisLoadBalancingLoadBalancingreferstothecapabilityofETXServertodistributeremotesessionstoa"cluster"ofConnectionNodes.
Loadbalancingisakeyelementofprovidingahighlyavailableenvironmentforuserstoaccesstheirremotedesktopsandapplicationservers.
8.
2HowDoesLoadBalancingWorkWhenauserlaunchesaremoteapplicationordesktop,oneoftheETXconnectionnodescreatesaprocess(calleda"proxy")toactasintermediarybetweentheuserandtheremotehost.
Theproxyprocessisresponsibleforinteractingwiththehost(asthesessionclient)andcompressingtheremotedisplayfortransmissionovertheWANtotheenduser.
IfETXwereconfiguredwithonlyasinglenodetohandleallusersessions,failureofthatnode(duetohardware,network,orotherfailure)wouldbecrippling.
ETXwouldnotbeabletohandleanynewsessionsuntilthenodeisrestoredandreconnected.
Withtwoormorenodespresent,failureofasinglenodedoesnotcripplethesystem.
Theothernodescantakeoveruntilthefirstnodecomesbackonline.
AllETXConnectionNodesareregisteredwithETXServer,andtheirpresenceisrecordedandmonitoredsoETXServerknowstheexactnumberofETXConnectionNodesavail-able,whateachnodeisdoing,andtheresourcesavailableoneachnode.
Fromtheuser"sperspective,thereisnoobviousdifferencebetweendifferentConnectionNodes,andinmostcases,usersshouldnotcarewhichnodehandlestheuser"ssession.
JustlikewhenyouaccessAmazon.
com,youdon"tknow,nordoyoucare,whichoneofathousanddifferentwebserversisrespondingtoyourrequest.
118.
3LoadBalancingBecausetheETXServerkeepstrackofallconnectionnodesandtheavailableresourcesoneachnode,theservercanassignsessionstoconnectionnodesbyselectingthenodewiththemostavailableresources.
Thisensuresthatusersachievethefastestpossibleconnectionsfortheavailableserverhardware.
ThefollowingloadbalancingcriteriaaresupportedbyETXServer:LOADBALANCINGRULEFUNCTIONSESSIONSThenodewiththefewestactiveorsuspendedsessionsisselectedforthenextsessionlaunch.
CPUThenodewiththemostCPUresourcesisselected.
ThisdoesnotaccountforCPUspeedorarchitecture,onlypercentageofCPUconsumption.
MEMORYThenodewiththemostavailablememoryisselected.
Thistypeofloadbalancingcanbeusedwhenrunningmemory-intensiveapplications.
9.
0Licensing9.
1TypeofLicensesETXLicensesareconcurrentinnature,meaningtheyallowalargenumberofuserstoshareasmallersetoflicenses.
Forexample,ifyoupurchase50licensesforanETXsite,100usersmightsharethoselicenses,solongasnomorethan50usershaveactivesessionsatthesametime.
9.
2RulesofLicenseUsageAsingleusercanneverconsumemorethanonelicense.
Thismeansthatausercanlaunchmultiplesessionsonmultipledevicesandwillneverconsumemorethanasingleconcurrentuserlicense.
However,ifausersharestheirsessionwithmultipleusers,eachuserjoiningthesharedsessionwillconsumeonelicense(providedtheuserisn"talreadyconsumingalicense).
9.
3SharingLicensesAcrossMultipleETXSitesMultipleETXsitescanconnecttoanETXLicenseServerinordertoshareasinglepooloflicenses.
TheETXLicenseServerfunctionalityisembeddedineveryETXServer,andcanbeturnedonduringsetup.
TheLicenseServershouldbeconfiguredfirst,sothatotherETXServerscanspecifythelicenseserverduringsetup.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,allsiteswillremainoperationalforupto72hours,andadministratorswillbenotifiedaslongasthelicenseserverhasbeenconfiguredtosendemailnotifications.
9.
4LicenseDistributionMethodsETXLicenseServersupportstwotypesoflicensedistribution:StaticandDynamic.
9.
4.
1StaticLicenseDistributionAsthenameimplies,licensesarestaticallydistributedtoeachETXsitesoyoucantightlycontrollicenseusageandcostsonaper-sitebasis.
Oncelicensesarestaticallydistrib-utedtoanETXSite,thesitewillmanagethelicenseusageinternallyasifthoselicenseswerelocallyinstalled.
9.
4.
2DynamicLicenseDistributionAnylicensesthathavenotbeenassignedstaticallytoanETXsiteareavailableforanyconnectedsitetoconsumeonafirst-come,firstservebasis.
DynamiclicensescanflowfreelyfromoneETXsitetoanotherseamlessly.
Note:IfauserlaunchessessionsontwoindependentETXsitesthatshareacommonlicenseserver,theuserwillconsumeonelicensefromeachETXsite.
ThisisbecauseeachETXsitemanagesitslicensesindependently.
1210.
0FailureScenariosTheETXsolutionisdesignedtoberesilienttovarioustypesoffailuresandoffercontinuousservices.
Disastersorfailurescanhappentocomputershostingdifferentcomponents,andtherearevariousdegreesoffailure.
Thetablebelowoutlineshoweachcomponenthandleseachtypeoffailure.
COMPONENTNETWORKDISCONNECTIONCOMPONENTSHUTDOWNCLIENTIfthemachinewhereETXClientisrunninglosesitsconnectiontothenetwork,theuser"ssessionwillbeautomaticallysuspended.
IfthemachinewhereETXClientisrunningcrashesorotherwiseispoweredoff,theuser"ssessionwillbeautomaticallysuspended.
CONNECTIONNODEIfthemachinehostingtheConnectionNodeisdisconnectedfromthenetwork,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
IfthemachinehostingtheConnectionNodecrashesorispowereddownunexpectedly,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
AUTHENTICATORWhenusingNativeorPAMauthenticationforUNIXenvironments,iftheAuthenticatornodeisdisconnectedfromthenetwork,ETXServerwillnotbeabletoauthenticateusers.
Inthissituation,noonewillbeallowedtologintotheETXwebsite.
However,iftheadministratorcreatedamaintenanceuser(bydefault'etxinstall"),theycanloginwiththismaintenanceusertofixconfigurationproblemswiththeauthenticationnode.
Iftheauthenticatorfails,itwillnotaffectexistingsessions,unlessthosesessionsarerunningontheauthenticationnode(requirestheauthenticatornodetobeconfiguredasaProxyManager).
APACHETOMCAT/ETXSERVERIfApacheTomcatortheETXServerwebappisunavailable–whetherduetoabrokennetworkconnectionorservercrash,userswillbeunabletologintotheETXwebinterfaceorperformbasicfunctionssuchaslaunchingorresumingsessions.
AdministratorswillbeunabletologintothewebinterfacetoadministertheETXenvironment.
However,allactivesessionswillcontinuetooperatewithoutanylimitations.
IfausersuspendsanactivesessionwhileApacheTomcatortheETXServerisdown,heorshewillhavetowaituntilthosesystemsarerevivedandonlinebeforethesessioncanberesumed.
Note:ETXsupportshighavailabilityforthewebserver.
ThismeansthatyoucanrunETXserversinparallel.
Iftheprimarywebserverfails,thesecondarywilltakeover.
Forinformationonsetup,seetheExceedTurboXHighAvailabilityConfigurationGuide.
DATABASEIfthedatabaseisunavailablebecauseofanetworkfailure,theETXWebDashboardandWebServerManagerwillbeinac-cessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabaseconnectionisrestored,allfunctionswillberesumed.
Ifthemachinerunningthedatabasecrashesorispowereddownunexpectedly,orthedatabaseiscorrupted,ETXWebDashboardandWebServerManagerwillbeinaccessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabasemachineisrestoredallfunctionswillberesumed.
LICENSESERVERSTATICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,anETXServerwillcontinuetomanagetheallottedlicensesasiftheywerelocallyinstalled,forupto72hours.
ThisprovidestimeforITtofindandfixanyfailures.
ImpacttotheETXServeranditsusersisminimalunlessthisconditionisleftuntreated.
DYNAMICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,eachETXServerwillassumethatanyunallocatedlicensesareavailableforlocalsessionsforupto72hoursafterthedisconnection.
WhentheconnectiontotheLicenseServerisrestored,eachETXServerwillreportitscurrentlicenseusagetotheLicenseServer,andtheLicenseServerwillrecalculatethetotalnumberoflicensesthatareinuse.
Userswhohaveactivesessionswillnotbepenalizedifthenumberoflicensesinuseisgreaterthanthenumberoflicensesinstalled.
Inthiscase,thiseventwillbeloggedandanyuseractivitiesthatrequireadditionallicenseswillnotbepermitteduntilthetotalnumberoflicensesinuseisfewerthanthenumberoflicensesinstalled.
11.
0PlatformsThesupportedplatformsforeachETXcomponentisprovidedinthetablebelow.
LOADBALANCINGRULEFUNCTIONCLIENTWINDOWSPLATFORMSWindows10Windows8.
1Windows7SP1orlaterWindowsServer2008R2SP1orlaterWindowsServer2012R2orlaterLINUXPLATFORMSRedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterpriseLinux11&12,64-bitMACOSXPLATFORMSMacOS10.
12(Sierra)MacOSX10.
11(ElCapitan)IOSPLATFORMSiOS9.
0orlater,oniPad2orlater,iPadAir,iPadAir2,iPadmini2orlater,iPadProJAVACLIENTETXSERVERRedHatEnterpriseLinux6.
5orlater,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitETXCONNECTIONNODERedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterprise11&12,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitIBMAIX6.
1or7.
1Windows10,64-bitWindows8.
1,64-bitWindows7SP1,64-bitWindowsServer2008R2SP1,64-bitWindowsServer2012R2DATABASEIBMDB2Express-C10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyIBMDB2EnterpriseServer10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyMicrosoftSQL2012SP1StandardEditionorlateronWindowsServer2012R2orlaterMicrosoftSQL2008R2SP2StandardEditionorlateronWindowsServer2008R2SP1orlaterApacheDerby10orlater,onallsupportedETXServerplatformsWEBBROWSERSGoogleChromeMozillaFirefoxMicrosoftInternetExplorer11MicrosoftEdgeAppleSafari8orlater(applicabletoMacOSXonly)ClosingThankyouforyourinterestinOpenTextExceedTurboX.
TolearnmoreaboutExceedTurboX,visitourwebsiteat:connectivity.
opentext.
com/etx.
AboutOpenTextOpenTextenablesthedigitalworld,creatingabetterwayfororganizationstoworkwithinformation,onpremisesorinthecloud.
FormoreinformationaboutOpenText(NASDAQ:OTEX,TSX:OTC)visitopentext.
com.
Connectwithus:OpenTextCEOMarkBarrenechea"sblogTwitter|LinkedIn|Facebook