authenticaapachetomcat

apachetomcat  时间:2021-01-11  阅读:()
Remoteapplicationaccessisincreasinglyimportantintoday"sbusinessenvironment.
Solutionsthatprovideremoteaccesstoapplicationsanddatacaneliminategeographicalandnetworkboundaries,improveuserproductivity,enhanceprotectionofintellectualproperties,andhelpstreamlineIToperationswhilereducingcosts.
OpenTextExceedTurboXisanadvancedsolutionfordesktopvirtualizationandremoteaccesstoenterpriseapplicationsanddata,addressingtheneedsofmodernenterprises,especiallythosewithmixedUNIX/MicrosoftWindowshostingenvironments.
Thiswhitepaperdescribestheprinciplesofitsdesign,thearchitectureandkeycomponentsofthesolution,andtheirfunctionsandinteractions.
OpenTextExceedTurboXAnArchitectureOverviewTableofContents1.
0Introduction32.
0TheArchitectureDiagram43.
0TheBuildingBlocks44.
0Connectivity75.
0ThinXProtocol76.
0ClientandProxyRuntime87.
0Authentication98.
0Clustering109.
0Licensing1110.
0Fail-OverScenarios1211.
0Platforms13Closing1331.
0IntroductionRemoteapplicationaccesshasbeenasolutioncategorysincecomputerswerefirstlinkedintoanetwork.
Businesseshavealwayssoughtasolutionthatwouldallowuserstoaccessapplicationsrunningonaremotehost.
Alongcameglobalization,followedbyallformsofvirtualization,whichpushedapplicationsfurtherawayfromusers,whileincreasingtheneedforuserstobeproductivewhileaccessingapplicationsanddatafromagreatdistance.
OpenTexthasbeeninthebusinessofprovidingremoteapplicationaccesssolutionsformorethan20years.
BeginningwithOpenTextExceedinthe1990sandincludingOpenTextExceedonDemandinthe2000s,OpenTexthaspushedtheperformanceenvelope,bringingcomplex2Dand3Dapplicationstoenterpriseusersallovertheworld.
ExceedTurboXisthefutureofremoteapplicationaccesssolutions,madeavailabletoday.
ItisaculminationofyearsofexperiencewithXWindowandnetworkprogramming,andtheunderstandingofhundredsofrealworldcasesusingbusiness-criticalUNIXandWindowsapplications.
SixprimarygoalsguidedtheconceptionanddevelopmentofExceedTurboX:ProvideasingleplatformforITanduserstomanageandaccessalloftheirremoteinfrastructure,regardlessofplatformProvidethefastestremoteaccesssolutiononthemarketforaccessingUNIXandWindowshostsProvideaconsistentuserexperienceacrossallsupportedclientplatformsSimplifythedistributionandmanagementofclientsoftware,profile,andsettingstosupportlargedeploymentscenariosOfferfullyauditableeventsforbettervisibility,accountability,andproblemresolutionWorkintandemwithanyexistinginfrastructureandvendor,includingmixedphysical/virtualdesktopenvironmentsExceedTurboXdeliversresultsonallfronts.
Itsarchitectureisadeparturefrommanytraditionalremoteapplication-accesssolutionsonthemarket,includingourownExceedonDemand.
Itreliesonahybridoftechnologiestodeliverhighperformanceaccesswithagreatuserexperienceandsimplifiedadministration.
2.
0TheArchitectureDiagramThefollowingdiagramdepictstheoveralllayoutofallmajorExceedTurboXcomponentsandtheirrelationships.
Firstly,youwillnoticethatETXreliesonaWebApplicationServertoprovideaweb-basedgraphicalfrontend.
Secondly,ETXusesadatabasetostoreapplicationdata.
InadditiontotheETXserver,whichprovidestheuserinterface,configurationandloadbalancing,ETXConnectionNodesareresponsibleformanagingclientsessionsandcompressingtheremotedisplayfortransmissiontousers.
AgroupofconnectionnodesalongwiththeETXserveriscalledtheETXSite.
43.
0TheBuildingBlocksThefollowingcomponentsformthefoundationofExceedTurboX.
3.
1ETXServerThisisthebrainofthesolution,functioningasconcierge,gatekeeper,andtrafficcontrol-ler.
ItisawebapplicationthatrunsonanApacheTomcatwebapplicationserverandispresentedtouserswhentheyfirstconnecttotheETXwebportal.
ETXServerdisplayseitheraDashboardtousersoraServerManagertoadministrators.
UserscanusetheWebDashboardtolaunchnewsessions,createprofiles,ormanagetheirexistingsessions.
AdministratorsusetheServerManagertomonitorandmanageeveryaspectofthesolution,fromuserenrollmenttogeneratinglicenseandresourceusagereports.
3.
2ETXConnectionNodesTheETXConnectionNodeisresponsibleforstartingsessionproxies(anapplicationwhichmanagesandcompressesremotesessions),aswellasinteractingwiththeETXserver.
Withmultiplenodespresentintheinfrastructure,ETXservercanselectfrommultipleconnectionnodesforloadbalancingandnodefailover.
ETXConnectionNodesincludeseveralsub-components,whicheachhandleadifferenttask.
InadditiontotheProxyManager(whichstartsthesessionproxies),otherimportantcomponentsincludetheETXAuthenticator,XstartLauncher,andApplicationScanner,whichareexplainedinmoredetailbelow.
3.
2.
1ETXProxyManagerThemainfunctionoftheETXProxyManageristocreateremotesessionproxies.
Proxiesactasanintermediarybetweentheclientandapplicationordesktophost,providingencryptionandcompressionofthesessiondisplayovertheWAN.
Theproxyalsohandlespassinguserinputtothehost,aswellasotherdatasuchasfilesanddevices.
TheProxyManagermonitorsthewell-beingofthesesessionproxiesandcommunicatesthestatusofeachsessionproxytotheETXServer.
TheProxyManageralsohandlesuser5commands,suchassessionsuspendandresume,sessionsharing(multicasting),filetransfer,andothersession-relatedfeatures.
AProxyisafullyfunctionalXserver/RDPclient,andcanthereforeoperateasastand-aloneserver,handlingdisplayprotocolfromdefaultinstallationsofWindowsorUNIXhostswithoutanylocalsoftwarebeinginstalled.
TheproxyincludesanXserveraswellasanRDPclientforrenderingandcompressingthedisplayovertheWAN.
InthecaseofWindowsDirectdesktopconnections,theproxymustbeinstalleddirectlyontheWindowsdesktophostforlocalrenderingandcompression.
AcompresseddatastreamissentfromtheProxytotheClient,whichisinstalledontheuser"sdevice.
Theclienthandlesscreendrawingandkeyboardandmouseinputs.
Moreinformationonthefunc-tionsofProxiesandClientsisavailableinSection6.
0.
3.
2.
2ETXAuthenticatorAsthenameimplies,thiscomponenthandlesauthenticationofusersandadministratorswhentheylogintotheETXwebportal.
TheauthenticatorisrequiredtosupportPAMorNativeauthenticationinUNIXenvironments.
LDAP-basedenvironments(e.
g.
MicrosoftWindows)donotrequireanauthenticatorbecauseLDAPauthenticationishandledbyETXServer.
TheETXAuthenticatorprovidesseamlessintegrationofETXintoUNIXenvironmentsthatuseadedicatedPAMorNativeauthenticationserver.
ThisrequiresyoutoinstallanETXConnectionNodeonthePAM/NativeauthenticationserverandregistertheNodeasanAuthenticatorduringinstallation.
ETXsupportsmultipleauthenticationnodesforloadbalancing,buteachnodemustbeconfiguredwiththesamePAMorNativeauthentica-tionsettings.
3.
2.
3XstartLauncherXstartLauncheristhemoduleresponsibleforlaunchingindividualXWindoworWindowsapplicationswhenauserlaunchesanETXprofile.
ETXprofilesincludeallconfigurationsettingsfortheremotesession,includingwhichhosttoselectandwhichapplicationstorun.
3.
2.
4ApplicationScannerTheapplicationscannerisanoptionalutilitythatscanstheConnectionNodeforinstalledapplications,makingthemavailableforpublishingviatheETXServerManager.
Onceanapplicationispublishedtousers,userscanlaunchtheapplicationbycreatingaprofileandselectingtheapplicationtolaunch.
TheapplicationscannerworksonallETXplatforms,soyoucanpublishapplicationsrunningonbothUNIXandWindows.
IfyouhavemultipleConnectionNodeswiththesameapplicationinstalled,ETXServerdetectstheoverlapandgroupsapplicationsintoasingleitem.
Thisprovidesloadbalancingofapplicationsacrossmultiplehosts.
3.
2.
4LocalSessionDatabaseThelocalsessiondatabasekeepstrackofsessionstatusandreportsthisbacktoETXServeronaregularbasis.
IftheconnectionbetweenETXServerandtheProxymanagerfails,thelocalsessiondatabaseenablestheConnectionNodetocontinueoperatingnormally,includingsuspendingorterminatingsessions.
WhentheconnectiontoETXServerisre-established,thelocalsessiondatabaseissyncedwithETXServer.
Thismakeseachnodefault-tolerantincaseofanetworkfailure.
3.
3DatabaseTheRDBMSisthebookkeeperofthesolution.
Itisusedtostoreallnon-transientinforma-tion,includingserversettings,usersettings,profiles,eventlogs,licenseusagestatistics,etc.
ETXsupportsIBMDB2,MicrosoftSQLServer,andApacheDerby,andcomesbundledwithApacheDerbyforquickandeasyinstallation.
Forload-balancing,fail-over,andhigh-availabilitycapabilities,pleaserefertotheETXHighAvailabilityWhitePaper,aswellasvendordocumentationforsettingupdatabasereplication.
63.
4ETXLicenseServerMultipleETXsitescanshareasinglepooloflicensesandhavelicensesdynamicallyorstaticallydistributedtoeachsitebasedonrulesdefinedbyadministrators.
TheETXLicenseServerfunctionalityisembeddedineveryETXServerandcanbeenabledduringsetup.
Onceenabled,otherETXsitescanconnecttotheLicenseServeranduselicensesfromthepool,ratherthanusinglocallyinstalledlicensekeys.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,administratorswillbenotifiedviaemail,andsiteswillremainoperationalfor72hourssothattheproblemcanberesolved.
3.
5ETXClientRuntimeETXreliesonanativeclientRuntimetohandleremotecommunicationsandinteractions.
ItisthecounterparttotheETXProxyandcommunicateswiththeproxycontinuouslywheneverasessionisestablished.
LikeaProxy,theclientRuntimeisanativeapplication,whichtakesadvantageofthebestpossibleperformance,reliability,andcompatibility.
DeploymentoftheETXclientRuntimeisautomatic;thecorrectRuntimeisdownloadedsilentlyinthebackgroundwheneverauserlaunchesanapplication.
ClientRuntimesareavailableforWindows,LinuxandMacusers.
3.
6JavaRuntimeEnvironment(JRE)Whileitisnotnecessarilyabuildingblockonitsown,JREisasystemrequirementfortheETXServer.
Naturally,JREisrequiredonthemachinerunningtheETXServerandApacheTomcat.
JavacanalsobeusedtolaunchETXremotesessionsfromabrowser,althoughthisisnotthedefaultoption.
Bydefault,launchingETXsessionsrequirestheNativeClientLaunchercomponenttobeinstalledontheuser"sdevice(seesection3.
7below).
3.
7NativeClientLauncherTheNativeClientLaunchermustbeinstalledontheuser"smachinebeforetheusercanlaunchaprofileinExceedTurboX(unlesstheyhaveselectedtheJavaclientlauncher;seesection3.
6above).
TheNativeClientLauncherwilldownloadandexecutetheNativeClientRuntimeinthebackgroundwhentheuserlaunchesaprofile.
TheLauncherdoesnotrequireadministratorprivilegestoinstall,anditisprovidedforWindows,Linux,andMacclients.
74.
0NetworkConfigurationCommunicationbetweenETXcomponentsoccursonseveraldifferentports.
Itisimpor-tanttoensurethatyourfirewallisconfiguredproperlytoensureproperoperationoftheETXSite.
Thetablebelowsummarizestherequirednetworkchannels,includingthepurposeofthechannel,thecomponentsinvolved,theprotocolsused,andwhetherthechannelissecured.
DESCRIPTIONFIRSTCOMPONENTSECONDCOMPONENTPROTOCOL(S)DEFAULTPORT(S)SECURITYAccessingETXDashboardandServerManagerinabrowserWebbrowserETXServer(Tomcat)HTTP/HTTPS8080/8443None/SSLETXServercontactsIBMDB2databaseETXServerIBMDB2DatabaseJDBC50000None(SSLoptional)ETXServercontactsMicrosoftSQLdatabaseETXServerMicrosoftSQLDatabaseJDBC1433None(SSLoptional)ETXServercontactsApacheDerbyDBdatabaseETXServerApacheDerbyDatabaseJDBC1527None(SSLoptional)ETXServersendsamessagetotheConnectionNodeETXServerETXConnectionNodeTXPM5510SSLETXClientlaunchesanyprofileETXClientETXConnectionNodeThinX5510None(SSLoptional)UserlaunchesanXapplicationETXConnectionNodeUNIXHostX116000+SSHUserlaunchesaWindowsapplicationorRDPdesktopETXConnectionNodeWindowsHostRDP3389SSLETXServercontactsthelicenseserverETXServerETXLicenseServerHTTP/HTTPS8080/8443None/SSLAccessingETXServerRESTAPIsAnyapplicationorscriptETXServerHTTP/HTTPS8080/8443None/SSL5.
0ThinXProtocolThinXProtocolisthedigitalbloodcoursingthroughtheveinsofETX,anditiswhatmakesETXworksowell,sofast.
ThinXProtocol,orTXP,providesexceptionalperformanceoverawiderangeofnetworkbandwidthsandlatencies.
Resultsofin-houseanalysishaveshownthattheamountofnetworktrafficgeneratedbyTXPisbetweenoneand10percentofthetraditionalXprotocol.
Itisalsomoreefficientthancompetitiveremoteaccesssolutions.
TXPisdesignedtoaccomplishthefollowing:1Reducebandwidthrequirementsforremoteusers2Adapttochangingnetworkconditions3Reduceround-triprequestsforX11traffic4StrengthensecurityNote:TXPisalsousedbetweentheClientandProxyforconnectionstoWindowshosts.
InthecaseofRDPconnections,theETXProxyconvertstheRDPprotocoltoThinXforfasttransmissionovertheWAN.
85.
1ReduceBandwidthRequirementsTXPhasasuperiorabilitytocompress,cache,andoptimizerequests.
ThegoalistominimizetheamountofdatathathastotravelacrossthenetworkbetweenProxyandClient,whichischaracteristicallyhighinnetworklatencyandlowinnetworkbandwidth.
Naturally,theworkrequiredtooptimizeandreducenetworktrafficcomesattheexpenseofmoreCPUcyclesandcomputingresourcesonbothend-pointsoftheconnection.
However,theabundantcomputingpowerthatPCsandserversnowharnesscaneasilyhandletheincreasedworkloadwithoutslowingdowntheremoteserver,enablingExceedTurboXtoachievebandwidthreductionwithoutsacrificingoverallperformance.
5.
2AdapttoChangingNetworkConditionsThelevelofcompressionandoptimizationontheTXPdatastreamcanchangeauto-maticallyanddynamicallydependingonreal-timechangestobandwidthavailability,networklatency,andeventhecontentsoftheremotedisplay.
ExceedTurboXwilladjustandchoosetherighttypeofcompression,datatype,andupdatefrequencytomaintainmaximumperformanceandusability.
Theseadjustmentshappenontheflywithoutanyneedtocustomizeprotocolsettings.
ETXtendstoconsumeavailablebandwidthinordertoimprovedisplayqualityandresponsiveness,butusersandadministratorscanalsolimitthebandwidthusageofaparticularsessionbyadjustingETXprofilesettings.
5.
3ReduceRound-TripRequests(X11)TheXWindowprotocolwasdesignedforcommunicationinaLANenvironmentwherenetworkbandwidthisabundant.
ConnectingtoXapplicationsovertheWANwithoutacompressionlayerwillresultinveryslowperformanceoftheremoteXapplicationsordesk-tops.
TheETXProxycanbeinstalledeitherontheXapplicationhostitself–thuseliminatingXWindowprotocolfromtheLANentirely–oronaseparatemachineonthesameLANastheXapplicationhost.
TheProxywilleitherrenderontheserverandsendpicturesovertheWAN,orwillcompress,batchandsenddrawinginstructionsusingTXP(ThinXProtocol)basedonscreencontents.
WiththeintelligencebuiltintotheProxy,fewerround-triprequestswillneedtoreachtheClient,eliminatinginefficiencyanddelaysintheremotecommunication.
Thereductioninthenumberofround-triprequestsovertheWANorinternetconnectionissignificant,givingExceedTurboXanunparalleledperformanceadvantage.
5.
4StrengthenSecurityTXPissecureindesign.
ItcanbeeasilyencryptedusingthelatestTLS1.
2protocolforheightenedsecurity.
Infact,TLSencryptionisusedbydefaultbetweenETXservercomponentstoensurebusinesscriticalinformationisprotected.
ConnectionsfromusersoutsideofthecorporateLANmaybeencryptedeitherbyaVPNorbyenablingTLSencryptionintheETXServerManager.
6.
0AutomaticUpdatesETXisdesignedtoautomaticallyapplyupdatestoboththeclientandservercomponents,eliminatingtheneedtomanuallyrolloutupdatestothesystem.
ETXalsosupportstheabilitytodeploymultipleversionsoftheclientandserverruntimessothatyoucanapplypatchesanddifferentversionstodifferentgroupsofusers,allfromacentralmanagementinterfacebuiltintoETXServer.
6.
1NoClientInstallationWhenuserslaunchaprofileforthefirsttime,ETXwillautomaticallydetectthepresenceoftheclient-sidelauncherandpromptuserstodownloadandinstallthelauncherifitisnotfound.
Thiseliminatestheneedtomanuallyinstallthesoftwareonclientmachines.
6.
2AutomaticClientandProxyUpdatesviaRuntimePackagesThelightweightclientandproxyruntimesarepushedtotheuser"sdesktop,aswellastheETXproxy,whenauserlaunchesasession.
Theclientandproxyruntimearedevelopedinpairs,ensuringthateveryuserreceivesacompatibleversionoftheclientandservercomponentseverytimetheylaunchanewsession.
9Oncearuntimeisdownloaded,itwillbecachedonthemachineandwillnothavetobedownloadedagain.
Thisensuresthatsubsequentconnectionsarelaunchedasquicklyaspossible.
6.
3AutomaticConnectionNodeupdatesStartinginETX11.
5,patchingtheETXServerwillautomaticallyandsilentlypushallnecessaryupdatestotheETXConnectionNodesthatareregisteredwiththeserver.
InVDIrolloutswiththousandsofvirtualmachines,thiseliminatestheneedtomanuallyupdatethesoftwareonthousandsofnodes.
Note:theConnectionNodesoftwareisusedtomanagethesessionproxiesonthenodeandisseparatefromtheproxyruntime.
6.
4ManagemultipleruntimeversionsconcurrentlyETXServerallowsyoutoinstallandusemultipleruntimeversions,whichmeansthatyoucanapplypatchestospecificuserswithoutaffectingotherusers.
ThiscanbeusedtoapplyhotfixesforspecificapplicationsorperformstagingexperimentswithETXservicepacksandhotfixes.
EachETXprofilehasacustomizableruntimeversion,whichcanbesetbytheETXadministratorortheETXuser(iftheyhavepermissionstoeditprofiles).
7.
0AuthenticationETXsupportsthefollowingauthenticationmethods:LightweightDirectoryAccessProtocol(LDAP)MicrosoftActiveDirectory(AD)Kerberos-basedSingleSignOn(SSO)PluggableAuthenticationModule(PAM)NativeUserCredentials(UNIXonly)ETXwillusedifferentcomponentsinthearchitecturetoauthenticateusers,basedonyourauthenticationmethod.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONLDAP,MICROSOFTACTIVEDIRECTORYETXServerPAM,NATIVEUSERCREDENTIALSETXConnectionNodesLDAPandMicrosoftActiveDirectoryarecentralizedidentitymanagementsystems,whichcanbeaccessedfromanycomputer.
ItisfunctionallysimplerandmoreefficienttoletETXServertakecareofthoseauthenticationtypes.
ToimplementLDAP-basedauthentication,simplyconfiguretheappropriateLDAPsettingsduringinstallationofETXServer.
ForKerberos-based,singlesign-onenvironments,refertotheExceedTurboXInstallationandAdministrationGuide,whichispartofthecoreproductdocumentation.
Additionally,forUNIXenvironments,youmayusePAM(PluggableAuthenticationModule)orNativeauthenticationmethods.
Intheseauthenticationmodes,adedicatedPAMorNativeauthenticationserverisconfiguredtohandleETXloginrequests.
PAMorNativeauthenticationserversmusthavetheETXConnectionNodesoftwareinstalled,andbeassignedthe'Authenticator"roleduringinstallation.
OncethenodeisregisteredwithETXserver,ETXserverwilldirectallloginrequeststotheAuthenticatornode.
ETXServerallowsmorethanonePAM/Nativeauthenticatornodetoberegistered,sothatuserswon"tbelockedoutiftheauthenticationservergoesoffline.
However,youmustmakesurethePAMconfigurationoruserdatabaseisidenticalacrossallAuthenticators.
Inadditiontothe'Authenticator"role,nodescanbeassignedtothe'ProxyManager"role.
TheProxyManagerrolemeansthatthenodewillacceptremotedesktopandapplica-10tionsessions,andstartalocalsessionproxytocompressandmanagetheremoteusersession.
Ifyourauthenticationserver(s)aresharedbymanyapplications,youmaywanttodisabletheproxymanagerroletoavoidtaxingthesesystemswithETXsessions.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONAUTHENTICATORResponsibleforhandlingPAMandNativeUserCredentialsauthenticationrequestsonlyPROXYMANAGERResponsibleforcreatingandmanagingProxiesAUTHENTICATORANDPROXYMANAGERBothoftheabove7.
1MultipleAuthenticatorsFororganizationsthatchoosetousenativeauthenticationorPAM,itisalwaysagoodideatohavemorethanoneAuthenticatorinthesystemincaseoneoftheETXConnectionNodesisdisconnectedorotherwiseunavailable.
ETXServerwillchooseoneoftheavail-ableETXAuthenticatorsatrandom.
Therefore,itisofutmostimportancethatthesamesetofusersandtheircredentialsareavailableoraccessiblebyallETXAuthenticatorsinthesystem;otherwisesomeusersmaynotbeabletologintoETXatanygivenmoment.
Inmostcases,havingtwoAuthenticatorsinthesystemprovidesthenecessaryloadbalancingandprotectionagainstasinglepointoffailure.
Morethantwoauthentica-torsmayberedundantandcreateunnecessarycomplicationandworkloadinvolvedinsynchronizingnativeusercredentialsacrossmultiplemachines.
8.
0LoadBalancing8.
1WhatisLoadBalancingLoadBalancingreferstothecapabilityofETXServertodistributeremotesessionstoa"cluster"ofConnectionNodes.
Loadbalancingisakeyelementofprovidingahighlyavailableenvironmentforuserstoaccesstheirremotedesktopsandapplicationservers.
8.
2HowDoesLoadBalancingWorkWhenauserlaunchesaremoteapplicationordesktop,oneoftheETXconnectionnodescreatesaprocess(calleda"proxy")toactasintermediarybetweentheuserandtheremotehost.
Theproxyprocessisresponsibleforinteractingwiththehost(asthesessionclient)andcompressingtheremotedisplayfortransmissionovertheWANtotheenduser.
IfETXwereconfiguredwithonlyasinglenodetohandleallusersessions,failureofthatnode(duetohardware,network,orotherfailure)wouldbecrippling.
ETXwouldnotbeabletohandleanynewsessionsuntilthenodeisrestoredandreconnected.
Withtwoormorenodespresent,failureofasinglenodedoesnotcripplethesystem.
Theothernodescantakeoveruntilthefirstnodecomesbackonline.
AllETXConnectionNodesareregisteredwithETXServer,andtheirpresenceisrecordedandmonitoredsoETXServerknowstheexactnumberofETXConnectionNodesavail-able,whateachnodeisdoing,andtheresourcesavailableoneachnode.
Fromtheuser"sperspective,thereisnoobviousdifferencebetweendifferentConnectionNodes,andinmostcases,usersshouldnotcarewhichnodehandlestheuser"ssession.
JustlikewhenyouaccessAmazon.
com,youdon"tknow,nordoyoucare,whichoneofathousanddifferentwebserversisrespondingtoyourrequest.
118.
3LoadBalancingBecausetheETXServerkeepstrackofallconnectionnodesandtheavailableresourcesoneachnode,theservercanassignsessionstoconnectionnodesbyselectingthenodewiththemostavailableresources.
Thisensuresthatusersachievethefastestpossibleconnectionsfortheavailableserverhardware.
ThefollowingloadbalancingcriteriaaresupportedbyETXServer:LOADBALANCINGRULEFUNCTIONSESSIONSThenodewiththefewestactiveorsuspendedsessionsisselectedforthenextsessionlaunch.
CPUThenodewiththemostCPUresourcesisselected.
ThisdoesnotaccountforCPUspeedorarchitecture,onlypercentageofCPUconsumption.
MEMORYThenodewiththemostavailablememoryisselected.
Thistypeofloadbalancingcanbeusedwhenrunningmemory-intensiveapplications.
9.
0Licensing9.
1TypeofLicensesETXLicensesareconcurrentinnature,meaningtheyallowalargenumberofuserstoshareasmallersetoflicenses.
Forexample,ifyoupurchase50licensesforanETXsite,100usersmightsharethoselicenses,solongasnomorethan50usershaveactivesessionsatthesametime.
9.
2RulesofLicenseUsageAsingleusercanneverconsumemorethanonelicense.
Thismeansthatausercanlaunchmultiplesessionsonmultipledevicesandwillneverconsumemorethanasingleconcurrentuserlicense.
However,ifausersharestheirsessionwithmultipleusers,eachuserjoiningthesharedsessionwillconsumeonelicense(providedtheuserisn"talreadyconsumingalicense).
9.
3SharingLicensesAcrossMultipleETXSitesMultipleETXsitescanconnecttoanETXLicenseServerinordertoshareasinglepooloflicenses.
TheETXLicenseServerfunctionalityisembeddedineveryETXServer,andcanbeturnedonduringsetup.
TheLicenseServershouldbeconfiguredfirst,sothatotherETXServerscanspecifythelicenseserverduringsetup.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,allsiteswillremainoperationalforupto72hours,andadministratorswillbenotifiedaslongasthelicenseserverhasbeenconfiguredtosendemailnotifications.
9.
4LicenseDistributionMethodsETXLicenseServersupportstwotypesoflicensedistribution:StaticandDynamic.
9.
4.
1StaticLicenseDistributionAsthenameimplies,licensesarestaticallydistributedtoeachETXsitesoyoucantightlycontrollicenseusageandcostsonaper-sitebasis.
Oncelicensesarestaticallydistrib-utedtoanETXSite,thesitewillmanagethelicenseusageinternallyasifthoselicenseswerelocallyinstalled.
9.
4.
2DynamicLicenseDistributionAnylicensesthathavenotbeenassignedstaticallytoanETXsiteareavailableforanyconnectedsitetoconsumeonafirst-come,firstservebasis.
DynamiclicensescanflowfreelyfromoneETXsitetoanotherseamlessly.
Note:IfauserlaunchessessionsontwoindependentETXsitesthatshareacommonlicenseserver,theuserwillconsumeonelicensefromeachETXsite.
ThisisbecauseeachETXsitemanagesitslicensesindependently.
1210.
0FailureScenariosTheETXsolutionisdesignedtoberesilienttovarioustypesoffailuresandoffercontinuousservices.
Disastersorfailurescanhappentocomputershostingdifferentcomponents,andtherearevariousdegreesoffailure.
Thetablebelowoutlineshoweachcomponenthandleseachtypeoffailure.
COMPONENTNETWORKDISCONNECTIONCOMPONENTSHUTDOWNCLIENTIfthemachinewhereETXClientisrunninglosesitsconnectiontothenetwork,theuser"ssessionwillbeautomaticallysuspended.
IfthemachinewhereETXClientisrunningcrashesorotherwiseispoweredoff,theuser"ssessionwillbeautomaticallysuspended.
CONNECTIONNODEIfthemachinehostingtheConnectionNodeisdisconnectedfromthenetwork,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
IfthemachinehostingtheConnectionNodecrashesorispowereddownunexpectedly,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
AUTHENTICATORWhenusingNativeorPAMauthenticationforUNIXenvironments,iftheAuthenticatornodeisdisconnectedfromthenetwork,ETXServerwillnotbeabletoauthenticateusers.
Inthissituation,noonewillbeallowedtologintotheETXwebsite.
However,iftheadministratorcreatedamaintenanceuser(bydefault'etxinstall"),theycanloginwiththismaintenanceusertofixconfigurationproblemswiththeauthenticationnode.
Iftheauthenticatorfails,itwillnotaffectexistingsessions,unlessthosesessionsarerunningontheauthenticationnode(requirestheauthenticatornodetobeconfiguredasaProxyManager).
APACHETOMCAT/ETXSERVERIfApacheTomcatortheETXServerwebappisunavailable–whetherduetoabrokennetworkconnectionorservercrash,userswillbeunabletologintotheETXwebinterfaceorperformbasicfunctionssuchaslaunchingorresumingsessions.
AdministratorswillbeunabletologintothewebinterfacetoadministertheETXenvironment.
However,allactivesessionswillcontinuetooperatewithoutanylimitations.
IfausersuspendsanactivesessionwhileApacheTomcatortheETXServerisdown,heorshewillhavetowaituntilthosesystemsarerevivedandonlinebeforethesessioncanberesumed.
Note:ETXsupportshighavailabilityforthewebserver.
ThismeansthatyoucanrunETXserversinparallel.
Iftheprimarywebserverfails,thesecondarywilltakeover.
Forinformationonsetup,seetheExceedTurboXHighAvailabilityConfigurationGuide.
DATABASEIfthedatabaseisunavailablebecauseofanetworkfailure,theETXWebDashboardandWebServerManagerwillbeinac-cessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabaseconnectionisrestored,allfunctionswillberesumed.
Ifthemachinerunningthedatabasecrashesorispowereddownunexpectedly,orthedatabaseiscorrupted,ETXWebDashboardandWebServerManagerwillbeinaccessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabasemachineisrestoredallfunctionswillberesumed.
LICENSESERVERSTATICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,anETXServerwillcontinuetomanagetheallottedlicensesasiftheywerelocallyinstalled,forupto72hours.
ThisprovidestimeforITtofindandfixanyfailures.
ImpacttotheETXServeranditsusersisminimalunlessthisconditionisleftuntreated.
DYNAMICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,eachETXServerwillassumethatanyunallocatedlicensesareavailableforlocalsessionsforupto72hoursafterthedisconnection.
WhentheconnectiontotheLicenseServerisrestored,eachETXServerwillreportitscurrentlicenseusagetotheLicenseServer,andtheLicenseServerwillrecalculatethetotalnumberoflicensesthatareinuse.
Userswhohaveactivesessionswillnotbepenalizedifthenumberoflicensesinuseisgreaterthanthenumberoflicensesinstalled.
Inthiscase,thiseventwillbeloggedandanyuseractivitiesthatrequireadditionallicenseswillnotbepermitteduntilthetotalnumberoflicensesinuseisfewerthanthenumberoflicensesinstalled.
11.
0PlatformsThesupportedplatformsforeachETXcomponentisprovidedinthetablebelow.
LOADBALANCINGRULEFUNCTIONCLIENTWINDOWSPLATFORMSWindows10Windows8.
1Windows7SP1orlaterWindowsServer2008R2SP1orlaterWindowsServer2012R2orlaterLINUXPLATFORMSRedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterpriseLinux11&12,64-bitMACOSXPLATFORMSMacOS10.
12(Sierra)MacOSX10.
11(ElCapitan)IOSPLATFORMSiOS9.
0orlater,oniPad2orlater,iPadAir,iPadAir2,iPadmini2orlater,iPadProJAVACLIENTETXSERVERRedHatEnterpriseLinux6.
5orlater,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitETXCONNECTIONNODERedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterprise11&12,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitIBMAIX6.
1or7.
1Windows10,64-bitWindows8.
1,64-bitWindows7SP1,64-bitWindowsServer2008R2SP1,64-bitWindowsServer2012R2DATABASEIBMDB2Express-C10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyIBMDB2EnterpriseServer10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyMicrosoftSQL2012SP1StandardEditionorlateronWindowsServer2012R2orlaterMicrosoftSQL2008R2SP2StandardEditionorlateronWindowsServer2008R2SP1orlaterApacheDerby10orlater,onallsupportedETXServerplatformsWEBBROWSERSGoogleChromeMozillaFirefoxMicrosoftInternetExplorer11MicrosoftEdgeAppleSafari8orlater(applicabletoMacOSXonly)ClosingThankyouforyourinterestinOpenTextExceedTurboX.
TolearnmoreaboutExceedTurboX,visitourwebsiteat:connectivity.
opentext.
com/etx.
AboutOpenTextOpenTextenablesthedigitalworld,creatingabetterwayfororganizationstoworkwithinformation,onpremisesorinthecloud.
FormoreinformationaboutOpenText(NASDAQ:OTEX,TSX:OTC)visitopentext.
com.
Connectwithus:OpenTextCEOMarkBarrenechea"sblogTwitter|LinkedIn|Facebook

PQS彼得巧 年中低至38折提供台湾彰化HiNet线路VPS主机 200M带宽

在六月初的时候有介绍过一次来自中国台湾的PQS彼得巧商家(在这里)。商家的特点是有提供台湾彰化HiNet线路VPS主机,起步带宽200M,从带宽速率看是不错的,不过价格也比较贵原价需要300多一个月,是不是很贵?当然懂的人可能会有需要。这次年中促销期间,商家也有提供一定的优惠。比如月付七折,年付达到38折,不过年付价格确实总价格比较高的。第一、商家优惠活动年付三八折优惠:PQS2021-618-C...

LiCloud:香港CMI/香港CN2+BGP服务器,30Mbps,$39.99/月;香港KVM VPS仅$6.99/月

licloud怎么样?licloud目前提供香港cmi服务器及香港CN2+BGP服务器/E3-1230v2/16GB内存/240GB SSD硬盘/不限流量/30Mbps带宽,$39.99/月。licloud 成立於2021年,是香港LiCloud Limited(CR No.3013909)旗下的品牌,主要提供香港kvm vps,分为精简网络和高级网络A、高级网络B,现在精简网络和高级网络A。现在...

新版本Apache HTTP Server 2.4.51发布更新(有安全漏洞建议升级)

今天中午的时候看到群里网友在讨论新版本的Apache HTTP Server 2.4.51发布且建议更新升级,如果有服务器在使用较早版本的话可能需要升级安全,这次的版本中涉及到安全漏洞的问题。Apache HTTP 中2.4.50的修复补丁CVE-2021-41773 修复不完整,导致新的漏洞CVE-2021-42013。攻击者可以使用由类似别名的指令配置将URL映射到目录外的文件的遍历攻击。这里...

apachetomcat为你推荐
企业虚拟主机购买虚拟主机要注意些什么?企业网站有什么好的虚拟主机推荐吗?域名空间什么是空间 什么是域名虚拟主机代理请问虚拟主机的代理和虚拟主机分销有什么区别?分销的主机是不是可以把主机分给多个用户使用?我用的ResellerClub代理!!代理主机主机做成代理服务器,其他局域网内的电脑必须通过我的这个网络出去香港虚拟空间香港虚拟空间哪家好?虚拟空间哪个好虚拟内存一般设多大比较好?免费网站空间有没有免费的网站空间推荐网站空间申请企业网站空间申请有哪些流程啊。、、。北京网站空间求永久免费的网站服务器!天津虚拟主机在天津做个网站需要多少钱
宿迁服务器租用 中文域名查询 vps论坛 企业域名备案 什么是域名解析 西安服务器 adman lunarpages 彩虹ip 华为4核 个人域名 ntfs格式分区 什么是服务器托管 佛山高防服务器 流媒体加速 视频服务器是什么 海外空间 路由跟踪 国外在线代理服务器 学生服务器 更多