authenticaapachetomcat
apachetomcat 时间:2021-01-11 阅读:()
Remoteapplicationaccessisincreasinglyimportantintoday"sbusinessenvironment.
Solutionsthatprovideremoteaccesstoapplicationsanddatacaneliminategeographicalandnetworkboundaries,improveuserproductivity,enhanceprotectionofintellectualproperties,andhelpstreamlineIToperationswhilereducingcosts.
OpenTextExceedTurboXisanadvancedsolutionfordesktopvirtualizationandremoteaccesstoenterpriseapplicationsanddata,addressingtheneedsofmodernenterprises,especiallythosewithmixedUNIX/MicrosoftWindowshostingenvironments.
Thiswhitepaperdescribestheprinciplesofitsdesign,thearchitectureandkeycomponentsofthesolution,andtheirfunctionsandinteractions.
OpenTextExceedTurboXAnArchitectureOverviewTableofContents1.
0Introduction32.
0TheArchitectureDiagram43.
0TheBuildingBlocks44.
0Connectivity75.
0ThinXProtocol76.
0ClientandProxyRuntime87.
0Authentication98.
0Clustering109.
0Licensing1110.
0Fail-OverScenarios1211.
0Platforms13Closing1331.
0IntroductionRemoteapplicationaccesshasbeenasolutioncategorysincecomputerswerefirstlinkedintoanetwork.
Businesseshavealwayssoughtasolutionthatwouldallowuserstoaccessapplicationsrunningonaremotehost.
Alongcameglobalization,followedbyallformsofvirtualization,whichpushedapplicationsfurtherawayfromusers,whileincreasingtheneedforuserstobeproductivewhileaccessingapplicationsanddatafromagreatdistance.
OpenTexthasbeeninthebusinessofprovidingremoteapplicationaccesssolutionsformorethan20years.
BeginningwithOpenTextExceedinthe1990sandincludingOpenTextExceedonDemandinthe2000s,OpenTexthaspushedtheperformanceenvelope,bringingcomplex2Dand3Dapplicationstoenterpriseusersallovertheworld.
ExceedTurboXisthefutureofremoteapplicationaccesssolutions,madeavailabletoday.
ItisaculminationofyearsofexperiencewithXWindowandnetworkprogramming,andtheunderstandingofhundredsofrealworldcasesusingbusiness-criticalUNIXandWindowsapplications.
SixprimarygoalsguidedtheconceptionanddevelopmentofExceedTurboX:ProvideasingleplatformforITanduserstomanageandaccessalloftheirremoteinfrastructure,regardlessofplatformProvidethefastestremoteaccesssolutiononthemarketforaccessingUNIXandWindowshostsProvideaconsistentuserexperienceacrossallsupportedclientplatformsSimplifythedistributionandmanagementofclientsoftware,profile,andsettingstosupportlargedeploymentscenariosOfferfullyauditableeventsforbettervisibility,accountability,andproblemresolutionWorkintandemwithanyexistinginfrastructureandvendor,includingmixedphysical/virtualdesktopenvironmentsExceedTurboXdeliversresultsonallfronts.
Itsarchitectureisadeparturefrommanytraditionalremoteapplication-accesssolutionsonthemarket,includingourownExceedonDemand.
Itreliesonahybridoftechnologiestodeliverhighperformanceaccesswithagreatuserexperienceandsimplifiedadministration.
2.
0TheArchitectureDiagramThefollowingdiagramdepictstheoveralllayoutofallmajorExceedTurboXcomponentsandtheirrelationships.
Firstly,youwillnoticethatETXreliesonaWebApplicationServertoprovideaweb-basedgraphicalfrontend.
Secondly,ETXusesadatabasetostoreapplicationdata.
InadditiontotheETXserver,whichprovidestheuserinterface,configurationandloadbalancing,ETXConnectionNodesareresponsibleformanagingclientsessionsandcompressingtheremotedisplayfortransmissiontousers.
AgroupofconnectionnodesalongwiththeETXserveriscalledtheETXSite.
43.
0TheBuildingBlocksThefollowingcomponentsformthefoundationofExceedTurboX.
3.
1ETXServerThisisthebrainofthesolution,functioningasconcierge,gatekeeper,andtrafficcontrol-ler.
ItisawebapplicationthatrunsonanApacheTomcatwebapplicationserverandispresentedtouserswhentheyfirstconnecttotheETXwebportal.
ETXServerdisplayseitheraDashboardtousersoraServerManagertoadministrators.
UserscanusetheWebDashboardtolaunchnewsessions,createprofiles,ormanagetheirexistingsessions.
AdministratorsusetheServerManagertomonitorandmanageeveryaspectofthesolution,fromuserenrollmenttogeneratinglicenseandresourceusagereports.
3.
2ETXConnectionNodesTheETXConnectionNodeisresponsibleforstartingsessionproxies(anapplicationwhichmanagesandcompressesremotesessions),aswellasinteractingwiththeETXserver.
Withmultiplenodespresentintheinfrastructure,ETXservercanselectfrommultipleconnectionnodesforloadbalancingandnodefailover.
ETXConnectionNodesincludeseveralsub-components,whicheachhandleadifferenttask.
InadditiontotheProxyManager(whichstartsthesessionproxies),otherimportantcomponentsincludetheETXAuthenticator,XstartLauncher,andApplicationScanner,whichareexplainedinmoredetailbelow.
3.
2.
1ETXProxyManagerThemainfunctionoftheETXProxyManageristocreateremotesessionproxies.
Proxiesactasanintermediarybetweentheclientandapplicationordesktophost,providingencryptionandcompressionofthesessiondisplayovertheWAN.
Theproxyalsohandlespassinguserinputtothehost,aswellasotherdatasuchasfilesanddevices.
TheProxyManagermonitorsthewell-beingofthesesessionproxiesandcommunicatesthestatusofeachsessionproxytotheETXServer.
TheProxyManageralsohandlesuser5commands,suchassessionsuspendandresume,sessionsharing(multicasting),filetransfer,andothersession-relatedfeatures.
AProxyisafullyfunctionalXserver/RDPclient,andcanthereforeoperateasastand-aloneserver,handlingdisplayprotocolfromdefaultinstallationsofWindowsorUNIXhostswithoutanylocalsoftwarebeinginstalled.
TheproxyincludesanXserveraswellasanRDPclientforrenderingandcompressingthedisplayovertheWAN.
InthecaseofWindowsDirectdesktopconnections,theproxymustbeinstalleddirectlyontheWindowsdesktophostforlocalrenderingandcompression.
AcompresseddatastreamissentfromtheProxytotheClient,whichisinstalledontheuser"sdevice.
Theclienthandlesscreendrawingandkeyboardandmouseinputs.
Moreinformationonthefunc-tionsofProxiesandClientsisavailableinSection6.
0.
3.
2.
2ETXAuthenticatorAsthenameimplies,thiscomponenthandlesauthenticationofusersandadministratorswhentheylogintotheETXwebportal.
TheauthenticatorisrequiredtosupportPAMorNativeauthenticationinUNIXenvironments.
LDAP-basedenvironments(e.
g.
MicrosoftWindows)donotrequireanauthenticatorbecauseLDAPauthenticationishandledbyETXServer.
TheETXAuthenticatorprovidesseamlessintegrationofETXintoUNIXenvironmentsthatuseadedicatedPAMorNativeauthenticationserver.
ThisrequiresyoutoinstallanETXConnectionNodeonthePAM/NativeauthenticationserverandregistertheNodeasanAuthenticatorduringinstallation.
ETXsupportsmultipleauthenticationnodesforloadbalancing,buteachnodemustbeconfiguredwiththesamePAMorNativeauthentica-tionsettings.
3.
2.
3XstartLauncherXstartLauncheristhemoduleresponsibleforlaunchingindividualXWindoworWindowsapplicationswhenauserlaunchesanETXprofile.
ETXprofilesincludeallconfigurationsettingsfortheremotesession,includingwhichhosttoselectandwhichapplicationstorun.
3.
2.
4ApplicationScannerTheapplicationscannerisanoptionalutilitythatscanstheConnectionNodeforinstalledapplications,makingthemavailableforpublishingviatheETXServerManager.
Onceanapplicationispublishedtousers,userscanlaunchtheapplicationbycreatingaprofileandselectingtheapplicationtolaunch.
TheapplicationscannerworksonallETXplatforms,soyoucanpublishapplicationsrunningonbothUNIXandWindows.
IfyouhavemultipleConnectionNodeswiththesameapplicationinstalled,ETXServerdetectstheoverlapandgroupsapplicationsintoasingleitem.
Thisprovidesloadbalancingofapplicationsacrossmultiplehosts.
3.
2.
4LocalSessionDatabaseThelocalsessiondatabasekeepstrackofsessionstatusandreportsthisbacktoETXServeronaregularbasis.
IftheconnectionbetweenETXServerandtheProxymanagerfails,thelocalsessiondatabaseenablestheConnectionNodetocontinueoperatingnormally,includingsuspendingorterminatingsessions.
WhentheconnectiontoETXServerisre-established,thelocalsessiondatabaseissyncedwithETXServer.
Thismakeseachnodefault-tolerantincaseofanetworkfailure.
3.
3DatabaseTheRDBMSisthebookkeeperofthesolution.
Itisusedtostoreallnon-transientinforma-tion,includingserversettings,usersettings,profiles,eventlogs,licenseusagestatistics,etc.
ETXsupportsIBMDB2,MicrosoftSQLServer,andApacheDerby,andcomesbundledwithApacheDerbyforquickandeasyinstallation.
Forload-balancing,fail-over,andhigh-availabilitycapabilities,pleaserefertotheETXHighAvailabilityWhitePaper,aswellasvendordocumentationforsettingupdatabasereplication.
63.
4ETXLicenseServerMultipleETXsitescanshareasinglepooloflicensesandhavelicensesdynamicallyorstaticallydistributedtoeachsitebasedonrulesdefinedbyadministrators.
TheETXLicenseServerfunctionalityisembeddedineveryETXServerandcanbeenabledduringsetup.
Onceenabled,otherETXsitescanconnecttotheLicenseServeranduselicensesfromthepool,ratherthanusinglocallyinstalledlicensekeys.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,administratorswillbenotifiedviaemail,andsiteswillremainoperationalfor72hourssothattheproblemcanberesolved.
3.
5ETXClientRuntimeETXreliesonanativeclientRuntimetohandleremotecommunicationsandinteractions.
ItisthecounterparttotheETXProxyandcommunicateswiththeproxycontinuouslywheneverasessionisestablished.
LikeaProxy,theclientRuntimeisanativeapplication,whichtakesadvantageofthebestpossibleperformance,reliability,andcompatibility.
DeploymentoftheETXclientRuntimeisautomatic;thecorrectRuntimeisdownloadedsilentlyinthebackgroundwheneverauserlaunchesanapplication.
ClientRuntimesareavailableforWindows,LinuxandMacusers.
3.
6JavaRuntimeEnvironment(JRE)Whileitisnotnecessarilyabuildingblockonitsown,JREisasystemrequirementfortheETXServer.
Naturally,JREisrequiredonthemachinerunningtheETXServerandApacheTomcat.
JavacanalsobeusedtolaunchETXremotesessionsfromabrowser,althoughthisisnotthedefaultoption.
Bydefault,launchingETXsessionsrequirestheNativeClientLaunchercomponenttobeinstalledontheuser"sdevice(seesection3.
7below).
3.
7NativeClientLauncherTheNativeClientLaunchermustbeinstalledontheuser"smachinebeforetheusercanlaunchaprofileinExceedTurboX(unlesstheyhaveselectedtheJavaclientlauncher;seesection3.
6above).
TheNativeClientLauncherwilldownloadandexecutetheNativeClientRuntimeinthebackgroundwhentheuserlaunchesaprofile.
TheLauncherdoesnotrequireadministratorprivilegestoinstall,anditisprovidedforWindows,Linux,andMacclients.
74.
0NetworkConfigurationCommunicationbetweenETXcomponentsoccursonseveraldifferentports.
Itisimpor-tanttoensurethatyourfirewallisconfiguredproperlytoensureproperoperationoftheETXSite.
Thetablebelowsummarizestherequirednetworkchannels,includingthepurposeofthechannel,thecomponentsinvolved,theprotocolsused,andwhetherthechannelissecured.
DESCRIPTIONFIRSTCOMPONENTSECONDCOMPONENTPROTOCOL(S)DEFAULTPORT(S)SECURITYAccessingETXDashboardandServerManagerinabrowserWebbrowserETXServer(Tomcat)HTTP/HTTPS8080/8443None/SSLETXServercontactsIBMDB2databaseETXServerIBMDB2DatabaseJDBC50000None(SSLoptional)ETXServercontactsMicrosoftSQLdatabaseETXServerMicrosoftSQLDatabaseJDBC1433None(SSLoptional)ETXServercontactsApacheDerbyDBdatabaseETXServerApacheDerbyDatabaseJDBC1527None(SSLoptional)ETXServersendsamessagetotheConnectionNodeETXServerETXConnectionNodeTXPM5510SSLETXClientlaunchesanyprofileETXClientETXConnectionNodeThinX5510None(SSLoptional)UserlaunchesanXapplicationETXConnectionNodeUNIXHostX116000+SSHUserlaunchesaWindowsapplicationorRDPdesktopETXConnectionNodeWindowsHostRDP3389SSLETXServercontactsthelicenseserverETXServerETXLicenseServerHTTP/HTTPS8080/8443None/SSLAccessingETXServerRESTAPIsAnyapplicationorscriptETXServerHTTP/HTTPS8080/8443None/SSL5.
0ThinXProtocolThinXProtocolisthedigitalbloodcoursingthroughtheveinsofETX,anditiswhatmakesETXworksowell,sofast.
ThinXProtocol,orTXP,providesexceptionalperformanceoverawiderangeofnetworkbandwidthsandlatencies.
Resultsofin-houseanalysishaveshownthattheamountofnetworktrafficgeneratedbyTXPisbetweenoneand10percentofthetraditionalXprotocol.
Itisalsomoreefficientthancompetitiveremoteaccesssolutions.
TXPisdesignedtoaccomplishthefollowing:1Reducebandwidthrequirementsforremoteusers2Adapttochangingnetworkconditions3Reduceround-triprequestsforX11traffic4StrengthensecurityNote:TXPisalsousedbetweentheClientandProxyforconnectionstoWindowshosts.
InthecaseofRDPconnections,theETXProxyconvertstheRDPprotocoltoThinXforfasttransmissionovertheWAN.
85.
1ReduceBandwidthRequirementsTXPhasasuperiorabilitytocompress,cache,andoptimizerequests.
ThegoalistominimizetheamountofdatathathastotravelacrossthenetworkbetweenProxyandClient,whichischaracteristicallyhighinnetworklatencyandlowinnetworkbandwidth.
Naturally,theworkrequiredtooptimizeandreducenetworktrafficcomesattheexpenseofmoreCPUcyclesandcomputingresourcesonbothend-pointsoftheconnection.
However,theabundantcomputingpowerthatPCsandserversnowharnesscaneasilyhandletheincreasedworkloadwithoutslowingdowntheremoteserver,enablingExceedTurboXtoachievebandwidthreductionwithoutsacrificingoverallperformance.
5.
2AdapttoChangingNetworkConditionsThelevelofcompressionandoptimizationontheTXPdatastreamcanchangeauto-maticallyanddynamicallydependingonreal-timechangestobandwidthavailability,networklatency,andeventhecontentsoftheremotedisplay.
ExceedTurboXwilladjustandchoosetherighttypeofcompression,datatype,andupdatefrequencytomaintainmaximumperformanceandusability.
Theseadjustmentshappenontheflywithoutanyneedtocustomizeprotocolsettings.
ETXtendstoconsumeavailablebandwidthinordertoimprovedisplayqualityandresponsiveness,butusersandadministratorscanalsolimitthebandwidthusageofaparticularsessionbyadjustingETXprofilesettings.
5.
3ReduceRound-TripRequests(X11)TheXWindowprotocolwasdesignedforcommunicationinaLANenvironmentwherenetworkbandwidthisabundant.
ConnectingtoXapplicationsovertheWANwithoutacompressionlayerwillresultinveryslowperformanceoftheremoteXapplicationsordesk-tops.
TheETXProxycanbeinstalledeitherontheXapplicationhostitself–thuseliminatingXWindowprotocolfromtheLANentirely–oronaseparatemachineonthesameLANastheXapplicationhost.
TheProxywilleitherrenderontheserverandsendpicturesovertheWAN,orwillcompress,batchandsenddrawinginstructionsusingTXP(ThinXProtocol)basedonscreencontents.
WiththeintelligencebuiltintotheProxy,fewerround-triprequestswillneedtoreachtheClient,eliminatinginefficiencyanddelaysintheremotecommunication.
Thereductioninthenumberofround-triprequestsovertheWANorinternetconnectionissignificant,givingExceedTurboXanunparalleledperformanceadvantage.
5.
4StrengthenSecurityTXPissecureindesign.
ItcanbeeasilyencryptedusingthelatestTLS1.
2protocolforheightenedsecurity.
Infact,TLSencryptionisusedbydefaultbetweenETXservercomponentstoensurebusinesscriticalinformationisprotected.
ConnectionsfromusersoutsideofthecorporateLANmaybeencryptedeitherbyaVPNorbyenablingTLSencryptionintheETXServerManager.
6.
0AutomaticUpdatesETXisdesignedtoautomaticallyapplyupdatestoboththeclientandservercomponents,eliminatingtheneedtomanuallyrolloutupdatestothesystem.
ETXalsosupportstheabilitytodeploymultipleversionsoftheclientandserverruntimessothatyoucanapplypatchesanddifferentversionstodifferentgroupsofusers,allfromacentralmanagementinterfacebuiltintoETXServer.
6.
1NoClientInstallationWhenuserslaunchaprofileforthefirsttime,ETXwillautomaticallydetectthepresenceoftheclient-sidelauncherandpromptuserstodownloadandinstallthelauncherifitisnotfound.
Thiseliminatestheneedtomanuallyinstallthesoftwareonclientmachines.
6.
2AutomaticClientandProxyUpdatesviaRuntimePackagesThelightweightclientandproxyruntimesarepushedtotheuser"sdesktop,aswellastheETXproxy,whenauserlaunchesasession.
Theclientandproxyruntimearedevelopedinpairs,ensuringthateveryuserreceivesacompatibleversionoftheclientandservercomponentseverytimetheylaunchanewsession.
9Oncearuntimeisdownloaded,itwillbecachedonthemachineandwillnothavetobedownloadedagain.
Thisensuresthatsubsequentconnectionsarelaunchedasquicklyaspossible.
6.
3AutomaticConnectionNodeupdatesStartinginETX11.
5,patchingtheETXServerwillautomaticallyandsilentlypushallnecessaryupdatestotheETXConnectionNodesthatareregisteredwiththeserver.
InVDIrolloutswiththousandsofvirtualmachines,thiseliminatestheneedtomanuallyupdatethesoftwareonthousandsofnodes.
Note:theConnectionNodesoftwareisusedtomanagethesessionproxiesonthenodeandisseparatefromtheproxyruntime.
6.
4ManagemultipleruntimeversionsconcurrentlyETXServerallowsyoutoinstallandusemultipleruntimeversions,whichmeansthatyoucanapplypatchestospecificuserswithoutaffectingotherusers.
ThiscanbeusedtoapplyhotfixesforspecificapplicationsorperformstagingexperimentswithETXservicepacksandhotfixes.
EachETXprofilehasacustomizableruntimeversion,whichcanbesetbytheETXadministratorortheETXuser(iftheyhavepermissionstoeditprofiles).
7.
0AuthenticationETXsupportsthefollowingauthenticationmethods:LightweightDirectoryAccessProtocol(LDAP)MicrosoftActiveDirectory(AD)Kerberos-basedSingleSignOn(SSO)PluggableAuthenticationModule(PAM)NativeUserCredentials(UNIXonly)ETXwillusedifferentcomponentsinthearchitecturetoauthenticateusers,basedonyourauthenticationmethod.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONLDAP,MICROSOFTACTIVEDIRECTORYETXServerPAM,NATIVEUSERCREDENTIALSETXConnectionNodesLDAPandMicrosoftActiveDirectoryarecentralizedidentitymanagementsystems,whichcanbeaccessedfromanycomputer.
ItisfunctionallysimplerandmoreefficienttoletETXServertakecareofthoseauthenticationtypes.
ToimplementLDAP-basedauthentication,simplyconfiguretheappropriateLDAPsettingsduringinstallationofETXServer.
ForKerberos-based,singlesign-onenvironments,refertotheExceedTurboXInstallationandAdministrationGuide,whichispartofthecoreproductdocumentation.
Additionally,forUNIXenvironments,youmayusePAM(PluggableAuthenticationModule)orNativeauthenticationmethods.
Intheseauthenticationmodes,adedicatedPAMorNativeauthenticationserverisconfiguredtohandleETXloginrequests.
PAMorNativeauthenticationserversmusthavetheETXConnectionNodesoftwareinstalled,andbeassignedthe'Authenticator"roleduringinstallation.
OncethenodeisregisteredwithETXserver,ETXserverwilldirectallloginrequeststotheAuthenticatornode.
ETXServerallowsmorethanonePAM/Nativeauthenticatornodetoberegistered,sothatuserswon"tbelockedoutiftheauthenticationservergoesoffline.
However,youmustmakesurethePAMconfigurationoruserdatabaseisidenticalacrossallAuthenticators.
Inadditiontothe'Authenticator"role,nodescanbeassignedtothe'ProxyManager"role.
TheProxyManagerrolemeansthatthenodewillacceptremotedesktopandapplica-10tionsessions,andstartalocalsessionproxytocompressandmanagetheremoteusersession.
Ifyourauthenticationserver(s)aresharedbymanyapplications,youmaywanttodisabletheproxymanagerroletoavoidtaxingthesesystemswithETXsessions.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONAUTHENTICATORResponsibleforhandlingPAMandNativeUserCredentialsauthenticationrequestsonlyPROXYMANAGERResponsibleforcreatingandmanagingProxiesAUTHENTICATORANDPROXYMANAGERBothoftheabove7.
1MultipleAuthenticatorsFororganizationsthatchoosetousenativeauthenticationorPAM,itisalwaysagoodideatohavemorethanoneAuthenticatorinthesystemincaseoneoftheETXConnectionNodesisdisconnectedorotherwiseunavailable.
ETXServerwillchooseoneoftheavail-ableETXAuthenticatorsatrandom.
Therefore,itisofutmostimportancethatthesamesetofusersandtheircredentialsareavailableoraccessiblebyallETXAuthenticatorsinthesystem;otherwisesomeusersmaynotbeabletologintoETXatanygivenmoment.
Inmostcases,havingtwoAuthenticatorsinthesystemprovidesthenecessaryloadbalancingandprotectionagainstasinglepointoffailure.
Morethantwoauthentica-torsmayberedundantandcreateunnecessarycomplicationandworkloadinvolvedinsynchronizingnativeusercredentialsacrossmultiplemachines.
8.
0LoadBalancing8.
1WhatisLoadBalancingLoadBalancingreferstothecapabilityofETXServertodistributeremotesessionstoa"cluster"ofConnectionNodes.
Loadbalancingisakeyelementofprovidingahighlyavailableenvironmentforuserstoaccesstheirremotedesktopsandapplicationservers.
8.
2HowDoesLoadBalancingWorkWhenauserlaunchesaremoteapplicationordesktop,oneoftheETXconnectionnodescreatesaprocess(calleda"proxy")toactasintermediarybetweentheuserandtheremotehost.
Theproxyprocessisresponsibleforinteractingwiththehost(asthesessionclient)andcompressingtheremotedisplayfortransmissionovertheWANtotheenduser.
IfETXwereconfiguredwithonlyasinglenodetohandleallusersessions,failureofthatnode(duetohardware,network,orotherfailure)wouldbecrippling.
ETXwouldnotbeabletohandleanynewsessionsuntilthenodeisrestoredandreconnected.
Withtwoormorenodespresent,failureofasinglenodedoesnotcripplethesystem.
Theothernodescantakeoveruntilthefirstnodecomesbackonline.
AllETXConnectionNodesareregisteredwithETXServer,andtheirpresenceisrecordedandmonitoredsoETXServerknowstheexactnumberofETXConnectionNodesavail-able,whateachnodeisdoing,andtheresourcesavailableoneachnode.
Fromtheuser"sperspective,thereisnoobviousdifferencebetweendifferentConnectionNodes,andinmostcases,usersshouldnotcarewhichnodehandlestheuser"ssession.
JustlikewhenyouaccessAmazon.
com,youdon"tknow,nordoyoucare,whichoneofathousanddifferentwebserversisrespondingtoyourrequest.
118.
3LoadBalancingBecausetheETXServerkeepstrackofallconnectionnodesandtheavailableresourcesoneachnode,theservercanassignsessionstoconnectionnodesbyselectingthenodewiththemostavailableresources.
Thisensuresthatusersachievethefastestpossibleconnectionsfortheavailableserverhardware.
ThefollowingloadbalancingcriteriaaresupportedbyETXServer:LOADBALANCINGRULEFUNCTIONSESSIONSThenodewiththefewestactiveorsuspendedsessionsisselectedforthenextsessionlaunch.
CPUThenodewiththemostCPUresourcesisselected.
ThisdoesnotaccountforCPUspeedorarchitecture,onlypercentageofCPUconsumption.
MEMORYThenodewiththemostavailablememoryisselected.
Thistypeofloadbalancingcanbeusedwhenrunningmemory-intensiveapplications.
9.
0Licensing9.
1TypeofLicensesETXLicensesareconcurrentinnature,meaningtheyallowalargenumberofuserstoshareasmallersetoflicenses.
Forexample,ifyoupurchase50licensesforanETXsite,100usersmightsharethoselicenses,solongasnomorethan50usershaveactivesessionsatthesametime.
9.
2RulesofLicenseUsageAsingleusercanneverconsumemorethanonelicense.
Thismeansthatausercanlaunchmultiplesessionsonmultipledevicesandwillneverconsumemorethanasingleconcurrentuserlicense.
However,ifausersharestheirsessionwithmultipleusers,eachuserjoiningthesharedsessionwillconsumeonelicense(providedtheuserisn"talreadyconsumingalicense).
9.
3SharingLicensesAcrossMultipleETXSitesMultipleETXsitescanconnecttoanETXLicenseServerinordertoshareasinglepooloflicenses.
TheETXLicenseServerfunctionalityisembeddedineveryETXServer,andcanbeturnedonduringsetup.
TheLicenseServershouldbeconfiguredfirst,sothatotherETXServerscanspecifythelicenseserverduringsetup.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,allsiteswillremainoperationalforupto72hours,andadministratorswillbenotifiedaslongasthelicenseserverhasbeenconfiguredtosendemailnotifications.
9.
4LicenseDistributionMethodsETXLicenseServersupportstwotypesoflicensedistribution:StaticandDynamic.
9.
4.
1StaticLicenseDistributionAsthenameimplies,licensesarestaticallydistributedtoeachETXsitesoyoucantightlycontrollicenseusageandcostsonaper-sitebasis.
Oncelicensesarestaticallydistrib-utedtoanETXSite,thesitewillmanagethelicenseusageinternallyasifthoselicenseswerelocallyinstalled.
9.
4.
2DynamicLicenseDistributionAnylicensesthathavenotbeenassignedstaticallytoanETXsiteareavailableforanyconnectedsitetoconsumeonafirst-come,firstservebasis.
DynamiclicensescanflowfreelyfromoneETXsitetoanotherseamlessly.
Note:IfauserlaunchessessionsontwoindependentETXsitesthatshareacommonlicenseserver,theuserwillconsumeonelicensefromeachETXsite.
ThisisbecauseeachETXsitemanagesitslicensesindependently.
1210.
0FailureScenariosTheETXsolutionisdesignedtoberesilienttovarioustypesoffailuresandoffercontinuousservices.
Disastersorfailurescanhappentocomputershostingdifferentcomponents,andtherearevariousdegreesoffailure.
Thetablebelowoutlineshoweachcomponenthandleseachtypeoffailure.
COMPONENTNETWORKDISCONNECTIONCOMPONENTSHUTDOWNCLIENTIfthemachinewhereETXClientisrunninglosesitsconnectiontothenetwork,theuser"ssessionwillbeautomaticallysuspended.
IfthemachinewhereETXClientisrunningcrashesorotherwiseispoweredoff,theuser"ssessionwillbeautomaticallysuspended.
CONNECTIONNODEIfthemachinehostingtheConnectionNodeisdisconnectedfromthenetwork,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
IfthemachinehostingtheConnectionNodecrashesorispowereddownunexpectedly,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
AUTHENTICATORWhenusingNativeorPAMauthenticationforUNIXenvironments,iftheAuthenticatornodeisdisconnectedfromthenetwork,ETXServerwillnotbeabletoauthenticateusers.
Inthissituation,noonewillbeallowedtologintotheETXwebsite.
However,iftheadministratorcreatedamaintenanceuser(bydefault'etxinstall"),theycanloginwiththismaintenanceusertofixconfigurationproblemswiththeauthenticationnode.
Iftheauthenticatorfails,itwillnotaffectexistingsessions,unlessthosesessionsarerunningontheauthenticationnode(requirestheauthenticatornodetobeconfiguredasaProxyManager).
APACHETOMCAT/ETXSERVERIfApacheTomcatortheETXServerwebappisunavailable–whetherduetoabrokennetworkconnectionorservercrash,userswillbeunabletologintotheETXwebinterfaceorperformbasicfunctionssuchaslaunchingorresumingsessions.
AdministratorswillbeunabletologintothewebinterfacetoadministertheETXenvironment.
However,allactivesessionswillcontinuetooperatewithoutanylimitations.
IfausersuspendsanactivesessionwhileApacheTomcatortheETXServerisdown,heorshewillhavetowaituntilthosesystemsarerevivedandonlinebeforethesessioncanberesumed.
Note:ETXsupportshighavailabilityforthewebserver.
ThismeansthatyoucanrunETXserversinparallel.
Iftheprimarywebserverfails,thesecondarywilltakeover.
Forinformationonsetup,seetheExceedTurboXHighAvailabilityConfigurationGuide.
DATABASEIfthedatabaseisunavailablebecauseofanetworkfailure,theETXWebDashboardandWebServerManagerwillbeinac-cessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabaseconnectionisrestored,allfunctionswillberesumed.
Ifthemachinerunningthedatabasecrashesorispowereddownunexpectedly,orthedatabaseiscorrupted,ETXWebDashboardandWebServerManagerwillbeinaccessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabasemachineisrestoredallfunctionswillberesumed.
LICENSESERVERSTATICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,anETXServerwillcontinuetomanagetheallottedlicensesasiftheywerelocallyinstalled,forupto72hours.
ThisprovidestimeforITtofindandfixanyfailures.
ImpacttotheETXServeranditsusersisminimalunlessthisconditionisleftuntreated.
DYNAMICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,eachETXServerwillassumethatanyunallocatedlicensesareavailableforlocalsessionsforupto72hoursafterthedisconnection.
WhentheconnectiontotheLicenseServerisrestored,eachETXServerwillreportitscurrentlicenseusagetotheLicenseServer,andtheLicenseServerwillrecalculatethetotalnumberoflicensesthatareinuse.
Userswhohaveactivesessionswillnotbepenalizedifthenumberoflicensesinuseisgreaterthanthenumberoflicensesinstalled.
Inthiscase,thiseventwillbeloggedandanyuseractivitiesthatrequireadditionallicenseswillnotbepermitteduntilthetotalnumberoflicensesinuseisfewerthanthenumberoflicensesinstalled.
11.
0PlatformsThesupportedplatformsforeachETXcomponentisprovidedinthetablebelow.
LOADBALANCINGRULEFUNCTIONCLIENTWINDOWSPLATFORMSWindows10Windows8.
1Windows7SP1orlaterWindowsServer2008R2SP1orlaterWindowsServer2012R2orlaterLINUXPLATFORMSRedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterpriseLinux11&12,64-bitMACOSXPLATFORMSMacOS10.
12(Sierra)MacOSX10.
11(ElCapitan)IOSPLATFORMSiOS9.
0orlater,oniPad2orlater,iPadAir,iPadAir2,iPadmini2orlater,iPadProJAVACLIENTETXSERVERRedHatEnterpriseLinux6.
5orlater,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitETXCONNECTIONNODERedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterprise11&12,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitIBMAIX6.
1or7.
1Windows10,64-bitWindows8.
1,64-bitWindows7SP1,64-bitWindowsServer2008R2SP1,64-bitWindowsServer2012R2DATABASEIBMDB2Express-C10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyIBMDB2EnterpriseServer10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyMicrosoftSQL2012SP1StandardEditionorlateronWindowsServer2012R2orlaterMicrosoftSQL2008R2SP2StandardEditionorlateronWindowsServer2008R2SP1orlaterApacheDerby10orlater,onallsupportedETXServerplatformsWEBBROWSERSGoogleChromeMozillaFirefoxMicrosoftInternetExplorer11MicrosoftEdgeAppleSafari8orlater(applicabletoMacOSXonly)ClosingThankyouforyourinterestinOpenTextExceedTurboX.
TolearnmoreaboutExceedTurboX,visitourwebsiteat:connectivity.
opentext.
com/etx.
AboutOpenTextOpenTextenablesthedigitalworld,creatingabetterwayfororganizationstoworkwithinformation,onpremisesorinthecloud.
FormoreinformationaboutOpenText(NASDAQ:OTEX,TSX:OTC)visitopentext.
com.
Connectwithus:OpenTextCEOMarkBarrenechea"sblogTwitter|LinkedIn|Facebook
Solutionsthatprovideremoteaccesstoapplicationsanddatacaneliminategeographicalandnetworkboundaries,improveuserproductivity,enhanceprotectionofintellectualproperties,andhelpstreamlineIToperationswhilereducingcosts.
OpenTextExceedTurboXisanadvancedsolutionfordesktopvirtualizationandremoteaccesstoenterpriseapplicationsanddata,addressingtheneedsofmodernenterprises,especiallythosewithmixedUNIX/MicrosoftWindowshostingenvironments.
Thiswhitepaperdescribestheprinciplesofitsdesign,thearchitectureandkeycomponentsofthesolution,andtheirfunctionsandinteractions.
OpenTextExceedTurboXAnArchitectureOverviewTableofContents1.
0Introduction32.
0TheArchitectureDiagram43.
0TheBuildingBlocks44.
0Connectivity75.
0ThinXProtocol76.
0ClientandProxyRuntime87.
0Authentication98.
0Clustering109.
0Licensing1110.
0Fail-OverScenarios1211.
0Platforms13Closing1331.
0IntroductionRemoteapplicationaccesshasbeenasolutioncategorysincecomputerswerefirstlinkedintoanetwork.
Businesseshavealwayssoughtasolutionthatwouldallowuserstoaccessapplicationsrunningonaremotehost.
Alongcameglobalization,followedbyallformsofvirtualization,whichpushedapplicationsfurtherawayfromusers,whileincreasingtheneedforuserstobeproductivewhileaccessingapplicationsanddatafromagreatdistance.
OpenTexthasbeeninthebusinessofprovidingremoteapplicationaccesssolutionsformorethan20years.
BeginningwithOpenTextExceedinthe1990sandincludingOpenTextExceedonDemandinthe2000s,OpenTexthaspushedtheperformanceenvelope,bringingcomplex2Dand3Dapplicationstoenterpriseusersallovertheworld.
ExceedTurboXisthefutureofremoteapplicationaccesssolutions,madeavailabletoday.
ItisaculminationofyearsofexperiencewithXWindowandnetworkprogramming,andtheunderstandingofhundredsofrealworldcasesusingbusiness-criticalUNIXandWindowsapplications.
SixprimarygoalsguidedtheconceptionanddevelopmentofExceedTurboX:ProvideasingleplatformforITanduserstomanageandaccessalloftheirremoteinfrastructure,regardlessofplatformProvidethefastestremoteaccesssolutiononthemarketforaccessingUNIXandWindowshostsProvideaconsistentuserexperienceacrossallsupportedclientplatformsSimplifythedistributionandmanagementofclientsoftware,profile,andsettingstosupportlargedeploymentscenariosOfferfullyauditableeventsforbettervisibility,accountability,andproblemresolutionWorkintandemwithanyexistinginfrastructureandvendor,includingmixedphysical/virtualdesktopenvironmentsExceedTurboXdeliversresultsonallfronts.
Itsarchitectureisadeparturefrommanytraditionalremoteapplication-accesssolutionsonthemarket,includingourownExceedonDemand.
Itreliesonahybridoftechnologiestodeliverhighperformanceaccesswithagreatuserexperienceandsimplifiedadministration.
2.
0TheArchitectureDiagramThefollowingdiagramdepictstheoveralllayoutofallmajorExceedTurboXcomponentsandtheirrelationships.
Firstly,youwillnoticethatETXreliesonaWebApplicationServertoprovideaweb-basedgraphicalfrontend.
Secondly,ETXusesadatabasetostoreapplicationdata.
InadditiontotheETXserver,whichprovidestheuserinterface,configurationandloadbalancing,ETXConnectionNodesareresponsibleformanagingclientsessionsandcompressingtheremotedisplayfortransmissiontousers.
AgroupofconnectionnodesalongwiththeETXserveriscalledtheETXSite.
43.
0TheBuildingBlocksThefollowingcomponentsformthefoundationofExceedTurboX.
3.
1ETXServerThisisthebrainofthesolution,functioningasconcierge,gatekeeper,andtrafficcontrol-ler.
ItisawebapplicationthatrunsonanApacheTomcatwebapplicationserverandispresentedtouserswhentheyfirstconnecttotheETXwebportal.
ETXServerdisplayseitheraDashboardtousersoraServerManagertoadministrators.
UserscanusetheWebDashboardtolaunchnewsessions,createprofiles,ormanagetheirexistingsessions.
AdministratorsusetheServerManagertomonitorandmanageeveryaspectofthesolution,fromuserenrollmenttogeneratinglicenseandresourceusagereports.
3.
2ETXConnectionNodesTheETXConnectionNodeisresponsibleforstartingsessionproxies(anapplicationwhichmanagesandcompressesremotesessions),aswellasinteractingwiththeETXserver.
Withmultiplenodespresentintheinfrastructure,ETXservercanselectfrommultipleconnectionnodesforloadbalancingandnodefailover.
ETXConnectionNodesincludeseveralsub-components,whicheachhandleadifferenttask.
InadditiontotheProxyManager(whichstartsthesessionproxies),otherimportantcomponentsincludetheETXAuthenticator,XstartLauncher,andApplicationScanner,whichareexplainedinmoredetailbelow.
3.
2.
1ETXProxyManagerThemainfunctionoftheETXProxyManageristocreateremotesessionproxies.
Proxiesactasanintermediarybetweentheclientandapplicationordesktophost,providingencryptionandcompressionofthesessiondisplayovertheWAN.
Theproxyalsohandlespassinguserinputtothehost,aswellasotherdatasuchasfilesanddevices.
TheProxyManagermonitorsthewell-beingofthesesessionproxiesandcommunicatesthestatusofeachsessionproxytotheETXServer.
TheProxyManageralsohandlesuser5commands,suchassessionsuspendandresume,sessionsharing(multicasting),filetransfer,andothersession-relatedfeatures.
AProxyisafullyfunctionalXserver/RDPclient,andcanthereforeoperateasastand-aloneserver,handlingdisplayprotocolfromdefaultinstallationsofWindowsorUNIXhostswithoutanylocalsoftwarebeinginstalled.
TheproxyincludesanXserveraswellasanRDPclientforrenderingandcompressingthedisplayovertheWAN.
InthecaseofWindowsDirectdesktopconnections,theproxymustbeinstalleddirectlyontheWindowsdesktophostforlocalrenderingandcompression.
AcompresseddatastreamissentfromtheProxytotheClient,whichisinstalledontheuser"sdevice.
Theclienthandlesscreendrawingandkeyboardandmouseinputs.
Moreinformationonthefunc-tionsofProxiesandClientsisavailableinSection6.
0.
3.
2.
2ETXAuthenticatorAsthenameimplies,thiscomponenthandlesauthenticationofusersandadministratorswhentheylogintotheETXwebportal.
TheauthenticatorisrequiredtosupportPAMorNativeauthenticationinUNIXenvironments.
LDAP-basedenvironments(e.
g.
MicrosoftWindows)donotrequireanauthenticatorbecauseLDAPauthenticationishandledbyETXServer.
TheETXAuthenticatorprovidesseamlessintegrationofETXintoUNIXenvironmentsthatuseadedicatedPAMorNativeauthenticationserver.
ThisrequiresyoutoinstallanETXConnectionNodeonthePAM/NativeauthenticationserverandregistertheNodeasanAuthenticatorduringinstallation.
ETXsupportsmultipleauthenticationnodesforloadbalancing,buteachnodemustbeconfiguredwiththesamePAMorNativeauthentica-tionsettings.
3.
2.
3XstartLauncherXstartLauncheristhemoduleresponsibleforlaunchingindividualXWindoworWindowsapplicationswhenauserlaunchesanETXprofile.
ETXprofilesincludeallconfigurationsettingsfortheremotesession,includingwhichhosttoselectandwhichapplicationstorun.
3.
2.
4ApplicationScannerTheapplicationscannerisanoptionalutilitythatscanstheConnectionNodeforinstalledapplications,makingthemavailableforpublishingviatheETXServerManager.
Onceanapplicationispublishedtousers,userscanlaunchtheapplicationbycreatingaprofileandselectingtheapplicationtolaunch.
TheapplicationscannerworksonallETXplatforms,soyoucanpublishapplicationsrunningonbothUNIXandWindows.
IfyouhavemultipleConnectionNodeswiththesameapplicationinstalled,ETXServerdetectstheoverlapandgroupsapplicationsintoasingleitem.
Thisprovidesloadbalancingofapplicationsacrossmultiplehosts.
3.
2.
4LocalSessionDatabaseThelocalsessiondatabasekeepstrackofsessionstatusandreportsthisbacktoETXServeronaregularbasis.
IftheconnectionbetweenETXServerandtheProxymanagerfails,thelocalsessiondatabaseenablestheConnectionNodetocontinueoperatingnormally,includingsuspendingorterminatingsessions.
WhentheconnectiontoETXServerisre-established,thelocalsessiondatabaseissyncedwithETXServer.
Thismakeseachnodefault-tolerantincaseofanetworkfailure.
3.
3DatabaseTheRDBMSisthebookkeeperofthesolution.
Itisusedtostoreallnon-transientinforma-tion,includingserversettings,usersettings,profiles,eventlogs,licenseusagestatistics,etc.
ETXsupportsIBMDB2,MicrosoftSQLServer,andApacheDerby,andcomesbundledwithApacheDerbyforquickandeasyinstallation.
Forload-balancing,fail-over,andhigh-availabilitycapabilities,pleaserefertotheETXHighAvailabilityWhitePaper,aswellasvendordocumentationforsettingupdatabasereplication.
63.
4ETXLicenseServerMultipleETXsitescanshareasinglepooloflicensesandhavelicensesdynamicallyorstaticallydistributedtoeachsitebasedonrulesdefinedbyadministrators.
TheETXLicenseServerfunctionalityisembeddedineveryETXServerandcanbeenabledduringsetup.
Onceenabled,otherETXsitescanconnecttotheLicenseServeranduselicensesfromthepool,ratherthanusinglocallyinstalledlicensekeys.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,administratorswillbenotifiedviaemail,andsiteswillremainoperationalfor72hourssothattheproblemcanberesolved.
3.
5ETXClientRuntimeETXreliesonanativeclientRuntimetohandleremotecommunicationsandinteractions.
ItisthecounterparttotheETXProxyandcommunicateswiththeproxycontinuouslywheneverasessionisestablished.
LikeaProxy,theclientRuntimeisanativeapplication,whichtakesadvantageofthebestpossibleperformance,reliability,andcompatibility.
DeploymentoftheETXclientRuntimeisautomatic;thecorrectRuntimeisdownloadedsilentlyinthebackgroundwheneverauserlaunchesanapplication.
ClientRuntimesareavailableforWindows,LinuxandMacusers.
3.
6JavaRuntimeEnvironment(JRE)Whileitisnotnecessarilyabuildingblockonitsown,JREisasystemrequirementfortheETXServer.
Naturally,JREisrequiredonthemachinerunningtheETXServerandApacheTomcat.
JavacanalsobeusedtolaunchETXremotesessionsfromabrowser,althoughthisisnotthedefaultoption.
Bydefault,launchingETXsessionsrequirestheNativeClientLaunchercomponenttobeinstalledontheuser"sdevice(seesection3.
7below).
3.
7NativeClientLauncherTheNativeClientLaunchermustbeinstalledontheuser"smachinebeforetheusercanlaunchaprofileinExceedTurboX(unlesstheyhaveselectedtheJavaclientlauncher;seesection3.
6above).
TheNativeClientLauncherwilldownloadandexecutetheNativeClientRuntimeinthebackgroundwhentheuserlaunchesaprofile.
TheLauncherdoesnotrequireadministratorprivilegestoinstall,anditisprovidedforWindows,Linux,andMacclients.
74.
0NetworkConfigurationCommunicationbetweenETXcomponentsoccursonseveraldifferentports.
Itisimpor-tanttoensurethatyourfirewallisconfiguredproperlytoensureproperoperationoftheETXSite.
Thetablebelowsummarizestherequirednetworkchannels,includingthepurposeofthechannel,thecomponentsinvolved,theprotocolsused,andwhetherthechannelissecured.
DESCRIPTIONFIRSTCOMPONENTSECONDCOMPONENTPROTOCOL(S)DEFAULTPORT(S)SECURITYAccessingETXDashboardandServerManagerinabrowserWebbrowserETXServer(Tomcat)HTTP/HTTPS8080/8443None/SSLETXServercontactsIBMDB2databaseETXServerIBMDB2DatabaseJDBC50000None(SSLoptional)ETXServercontactsMicrosoftSQLdatabaseETXServerMicrosoftSQLDatabaseJDBC1433None(SSLoptional)ETXServercontactsApacheDerbyDBdatabaseETXServerApacheDerbyDatabaseJDBC1527None(SSLoptional)ETXServersendsamessagetotheConnectionNodeETXServerETXConnectionNodeTXPM5510SSLETXClientlaunchesanyprofileETXClientETXConnectionNodeThinX5510None(SSLoptional)UserlaunchesanXapplicationETXConnectionNodeUNIXHostX116000+SSHUserlaunchesaWindowsapplicationorRDPdesktopETXConnectionNodeWindowsHostRDP3389SSLETXServercontactsthelicenseserverETXServerETXLicenseServerHTTP/HTTPS8080/8443None/SSLAccessingETXServerRESTAPIsAnyapplicationorscriptETXServerHTTP/HTTPS8080/8443None/SSL5.
0ThinXProtocolThinXProtocolisthedigitalbloodcoursingthroughtheveinsofETX,anditiswhatmakesETXworksowell,sofast.
ThinXProtocol,orTXP,providesexceptionalperformanceoverawiderangeofnetworkbandwidthsandlatencies.
Resultsofin-houseanalysishaveshownthattheamountofnetworktrafficgeneratedbyTXPisbetweenoneand10percentofthetraditionalXprotocol.
Itisalsomoreefficientthancompetitiveremoteaccesssolutions.
TXPisdesignedtoaccomplishthefollowing:1Reducebandwidthrequirementsforremoteusers2Adapttochangingnetworkconditions3Reduceround-triprequestsforX11traffic4StrengthensecurityNote:TXPisalsousedbetweentheClientandProxyforconnectionstoWindowshosts.
InthecaseofRDPconnections,theETXProxyconvertstheRDPprotocoltoThinXforfasttransmissionovertheWAN.
85.
1ReduceBandwidthRequirementsTXPhasasuperiorabilitytocompress,cache,andoptimizerequests.
ThegoalistominimizetheamountofdatathathastotravelacrossthenetworkbetweenProxyandClient,whichischaracteristicallyhighinnetworklatencyandlowinnetworkbandwidth.
Naturally,theworkrequiredtooptimizeandreducenetworktrafficcomesattheexpenseofmoreCPUcyclesandcomputingresourcesonbothend-pointsoftheconnection.
However,theabundantcomputingpowerthatPCsandserversnowharnesscaneasilyhandletheincreasedworkloadwithoutslowingdowntheremoteserver,enablingExceedTurboXtoachievebandwidthreductionwithoutsacrificingoverallperformance.
5.
2AdapttoChangingNetworkConditionsThelevelofcompressionandoptimizationontheTXPdatastreamcanchangeauto-maticallyanddynamicallydependingonreal-timechangestobandwidthavailability,networklatency,andeventhecontentsoftheremotedisplay.
ExceedTurboXwilladjustandchoosetherighttypeofcompression,datatype,andupdatefrequencytomaintainmaximumperformanceandusability.
Theseadjustmentshappenontheflywithoutanyneedtocustomizeprotocolsettings.
ETXtendstoconsumeavailablebandwidthinordertoimprovedisplayqualityandresponsiveness,butusersandadministratorscanalsolimitthebandwidthusageofaparticularsessionbyadjustingETXprofilesettings.
5.
3ReduceRound-TripRequests(X11)TheXWindowprotocolwasdesignedforcommunicationinaLANenvironmentwherenetworkbandwidthisabundant.
ConnectingtoXapplicationsovertheWANwithoutacompressionlayerwillresultinveryslowperformanceoftheremoteXapplicationsordesk-tops.
TheETXProxycanbeinstalledeitherontheXapplicationhostitself–thuseliminatingXWindowprotocolfromtheLANentirely–oronaseparatemachineonthesameLANastheXapplicationhost.
TheProxywilleitherrenderontheserverandsendpicturesovertheWAN,orwillcompress,batchandsenddrawinginstructionsusingTXP(ThinXProtocol)basedonscreencontents.
WiththeintelligencebuiltintotheProxy,fewerround-triprequestswillneedtoreachtheClient,eliminatinginefficiencyanddelaysintheremotecommunication.
Thereductioninthenumberofround-triprequestsovertheWANorinternetconnectionissignificant,givingExceedTurboXanunparalleledperformanceadvantage.
5.
4StrengthenSecurityTXPissecureindesign.
ItcanbeeasilyencryptedusingthelatestTLS1.
2protocolforheightenedsecurity.
Infact,TLSencryptionisusedbydefaultbetweenETXservercomponentstoensurebusinesscriticalinformationisprotected.
ConnectionsfromusersoutsideofthecorporateLANmaybeencryptedeitherbyaVPNorbyenablingTLSencryptionintheETXServerManager.
6.
0AutomaticUpdatesETXisdesignedtoautomaticallyapplyupdatestoboththeclientandservercomponents,eliminatingtheneedtomanuallyrolloutupdatestothesystem.
ETXalsosupportstheabilitytodeploymultipleversionsoftheclientandserverruntimessothatyoucanapplypatchesanddifferentversionstodifferentgroupsofusers,allfromacentralmanagementinterfacebuiltintoETXServer.
6.
1NoClientInstallationWhenuserslaunchaprofileforthefirsttime,ETXwillautomaticallydetectthepresenceoftheclient-sidelauncherandpromptuserstodownloadandinstallthelauncherifitisnotfound.
Thiseliminatestheneedtomanuallyinstallthesoftwareonclientmachines.
6.
2AutomaticClientandProxyUpdatesviaRuntimePackagesThelightweightclientandproxyruntimesarepushedtotheuser"sdesktop,aswellastheETXproxy,whenauserlaunchesasession.
Theclientandproxyruntimearedevelopedinpairs,ensuringthateveryuserreceivesacompatibleversionoftheclientandservercomponentseverytimetheylaunchanewsession.
9Oncearuntimeisdownloaded,itwillbecachedonthemachineandwillnothavetobedownloadedagain.
Thisensuresthatsubsequentconnectionsarelaunchedasquicklyaspossible.
6.
3AutomaticConnectionNodeupdatesStartinginETX11.
5,patchingtheETXServerwillautomaticallyandsilentlypushallnecessaryupdatestotheETXConnectionNodesthatareregisteredwiththeserver.
InVDIrolloutswiththousandsofvirtualmachines,thiseliminatestheneedtomanuallyupdatethesoftwareonthousandsofnodes.
Note:theConnectionNodesoftwareisusedtomanagethesessionproxiesonthenodeandisseparatefromtheproxyruntime.
6.
4ManagemultipleruntimeversionsconcurrentlyETXServerallowsyoutoinstallandusemultipleruntimeversions,whichmeansthatyoucanapplypatchestospecificuserswithoutaffectingotherusers.
ThiscanbeusedtoapplyhotfixesforspecificapplicationsorperformstagingexperimentswithETXservicepacksandhotfixes.
EachETXprofilehasacustomizableruntimeversion,whichcanbesetbytheETXadministratorortheETXuser(iftheyhavepermissionstoeditprofiles).
7.
0AuthenticationETXsupportsthefollowingauthenticationmethods:LightweightDirectoryAccessProtocol(LDAP)MicrosoftActiveDirectory(AD)Kerberos-basedSingleSignOn(SSO)PluggableAuthenticationModule(PAM)NativeUserCredentials(UNIXonly)ETXwillusedifferentcomponentsinthearchitecturetoauthenticateusers,basedonyourauthenticationmethod.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONLDAP,MICROSOFTACTIVEDIRECTORYETXServerPAM,NATIVEUSERCREDENTIALSETXConnectionNodesLDAPandMicrosoftActiveDirectoryarecentralizedidentitymanagementsystems,whichcanbeaccessedfromanycomputer.
ItisfunctionallysimplerandmoreefficienttoletETXServertakecareofthoseauthenticationtypes.
ToimplementLDAP-basedauthentication,simplyconfiguretheappropriateLDAPsettingsduringinstallationofETXServer.
ForKerberos-based,singlesign-onenvironments,refertotheExceedTurboXInstallationandAdministrationGuide,whichispartofthecoreproductdocumentation.
Additionally,forUNIXenvironments,youmayusePAM(PluggableAuthenticationModule)orNativeauthenticationmethods.
Intheseauthenticationmodes,adedicatedPAMorNativeauthenticationserverisconfiguredtohandleETXloginrequests.
PAMorNativeauthenticationserversmusthavetheETXConnectionNodesoftwareinstalled,andbeassignedthe'Authenticator"roleduringinstallation.
OncethenodeisregisteredwithETXserver,ETXserverwilldirectallloginrequeststotheAuthenticatornode.
ETXServerallowsmorethanonePAM/Nativeauthenticatornodetoberegistered,sothatuserswon"tbelockedoutiftheauthenticationservergoesoffline.
However,youmustmakesurethePAMconfigurationoruserdatabaseisidenticalacrossallAuthenticators.
Inadditiontothe'Authenticator"role,nodescanbeassignedtothe'ProxyManager"role.
TheProxyManagerrolemeansthatthenodewillacceptremotedesktopandapplica-10tionsessions,andstartalocalsessionproxytocompressandmanagetheremoteusersession.
Ifyourauthenticationserver(s)aresharedbymanyapplications,youmaywanttodisabletheproxymanagerroletoavoidtaxingthesesystemswithETXsessions.
AUTHENTICATIONTYPECOMPONENTTHATHANDLESAUTHENTICATIONAUTHENTICATORResponsibleforhandlingPAMandNativeUserCredentialsauthenticationrequestsonlyPROXYMANAGERResponsibleforcreatingandmanagingProxiesAUTHENTICATORANDPROXYMANAGERBothoftheabove7.
1MultipleAuthenticatorsFororganizationsthatchoosetousenativeauthenticationorPAM,itisalwaysagoodideatohavemorethanoneAuthenticatorinthesystemincaseoneoftheETXConnectionNodesisdisconnectedorotherwiseunavailable.
ETXServerwillchooseoneoftheavail-ableETXAuthenticatorsatrandom.
Therefore,itisofutmostimportancethatthesamesetofusersandtheircredentialsareavailableoraccessiblebyallETXAuthenticatorsinthesystem;otherwisesomeusersmaynotbeabletologintoETXatanygivenmoment.
Inmostcases,havingtwoAuthenticatorsinthesystemprovidesthenecessaryloadbalancingandprotectionagainstasinglepointoffailure.
Morethantwoauthentica-torsmayberedundantandcreateunnecessarycomplicationandworkloadinvolvedinsynchronizingnativeusercredentialsacrossmultiplemachines.
8.
0LoadBalancing8.
1WhatisLoadBalancingLoadBalancingreferstothecapabilityofETXServertodistributeremotesessionstoa"cluster"ofConnectionNodes.
Loadbalancingisakeyelementofprovidingahighlyavailableenvironmentforuserstoaccesstheirremotedesktopsandapplicationservers.
8.
2HowDoesLoadBalancingWorkWhenauserlaunchesaremoteapplicationordesktop,oneoftheETXconnectionnodescreatesaprocess(calleda"proxy")toactasintermediarybetweentheuserandtheremotehost.
Theproxyprocessisresponsibleforinteractingwiththehost(asthesessionclient)andcompressingtheremotedisplayfortransmissionovertheWANtotheenduser.
IfETXwereconfiguredwithonlyasinglenodetohandleallusersessions,failureofthatnode(duetohardware,network,orotherfailure)wouldbecrippling.
ETXwouldnotbeabletohandleanynewsessionsuntilthenodeisrestoredandreconnected.
Withtwoormorenodespresent,failureofasinglenodedoesnotcripplethesystem.
Theothernodescantakeoveruntilthefirstnodecomesbackonline.
AllETXConnectionNodesareregisteredwithETXServer,andtheirpresenceisrecordedandmonitoredsoETXServerknowstheexactnumberofETXConnectionNodesavail-able,whateachnodeisdoing,andtheresourcesavailableoneachnode.
Fromtheuser"sperspective,thereisnoobviousdifferencebetweendifferentConnectionNodes,andinmostcases,usersshouldnotcarewhichnodehandlestheuser"ssession.
JustlikewhenyouaccessAmazon.
com,youdon"tknow,nordoyoucare,whichoneofathousanddifferentwebserversisrespondingtoyourrequest.
118.
3LoadBalancingBecausetheETXServerkeepstrackofallconnectionnodesandtheavailableresourcesoneachnode,theservercanassignsessionstoconnectionnodesbyselectingthenodewiththemostavailableresources.
Thisensuresthatusersachievethefastestpossibleconnectionsfortheavailableserverhardware.
ThefollowingloadbalancingcriteriaaresupportedbyETXServer:LOADBALANCINGRULEFUNCTIONSESSIONSThenodewiththefewestactiveorsuspendedsessionsisselectedforthenextsessionlaunch.
CPUThenodewiththemostCPUresourcesisselected.
ThisdoesnotaccountforCPUspeedorarchitecture,onlypercentageofCPUconsumption.
MEMORYThenodewiththemostavailablememoryisselected.
Thistypeofloadbalancingcanbeusedwhenrunningmemory-intensiveapplications.
9.
0Licensing9.
1TypeofLicensesETXLicensesareconcurrentinnature,meaningtheyallowalargenumberofuserstoshareasmallersetoflicenses.
Forexample,ifyoupurchase50licensesforanETXsite,100usersmightsharethoselicenses,solongasnomorethan50usershaveactivesessionsatthesametime.
9.
2RulesofLicenseUsageAsingleusercanneverconsumemorethanonelicense.
Thismeansthatausercanlaunchmultiplesessionsonmultipledevicesandwillneverconsumemorethanasingleconcurrentuserlicense.
However,ifausersharestheirsessionwithmultipleusers,eachuserjoiningthesharedsessionwillconsumeonelicense(providedtheuserisn"talreadyconsumingalicense).
9.
3SharingLicensesAcrossMultipleETXSitesMultipleETXsitescanconnecttoanETXLicenseServerinordertoshareasinglepooloflicenses.
TheETXLicenseServerfunctionalityisembeddedineveryETXServer,andcanbeturnedonduringsetup.
TheLicenseServershouldbeconfiguredfirst,sothatotherETXServerscanspecifythelicenseserverduringsetup.
SpecialcarehasbeengiventothedesignofthissolutiontoensurethatiftheLicenseServerisoutofserviceoroutofreach,allsiteswillremainoperationalforupto72hours,andadministratorswillbenotifiedaslongasthelicenseserverhasbeenconfiguredtosendemailnotifications.
9.
4LicenseDistributionMethodsETXLicenseServersupportstwotypesoflicensedistribution:StaticandDynamic.
9.
4.
1StaticLicenseDistributionAsthenameimplies,licensesarestaticallydistributedtoeachETXsitesoyoucantightlycontrollicenseusageandcostsonaper-sitebasis.
Oncelicensesarestaticallydistrib-utedtoanETXSite,thesitewillmanagethelicenseusageinternallyasifthoselicenseswerelocallyinstalled.
9.
4.
2DynamicLicenseDistributionAnylicensesthathavenotbeenassignedstaticallytoanETXsiteareavailableforanyconnectedsitetoconsumeonafirst-come,firstservebasis.
DynamiclicensescanflowfreelyfromoneETXsitetoanotherseamlessly.
Note:IfauserlaunchessessionsontwoindependentETXsitesthatshareacommonlicenseserver,theuserwillconsumeonelicensefromeachETXsite.
ThisisbecauseeachETXsitemanagesitslicensesindependently.
1210.
0FailureScenariosTheETXsolutionisdesignedtoberesilienttovarioustypesoffailuresandoffercontinuousservices.
Disastersorfailurescanhappentocomputershostingdifferentcomponents,andtherearevariousdegreesoffailure.
Thetablebelowoutlineshoweachcomponenthandleseachtypeoffailure.
COMPONENTNETWORKDISCONNECTIONCOMPONENTSHUTDOWNCLIENTIfthemachinewhereETXClientisrunninglosesitsconnectiontothenetwork,theuser"ssessionwillbeautomaticallysuspended.
IfthemachinewhereETXClientisrunningcrashesorotherwiseispoweredoff,theuser"ssessionwillbeautomaticallysuspended.
CONNECTIONNODEIfthemachinehostingtheConnectionNodeisdisconnectedfromthenetwork,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
IfthemachinehostingtheConnectionNodecrashesorispowereddownunexpectedly,XWindowsessionswillbepermanentlylost.
WindowsRDPsessionswillbecomedisconnectedbutmayberesumedbylaunchinganewsessionconnectingtothesamehostonadifferentnode.
OtherETXConnectionNodeswillcontinuetoacceptnewconnections.
AUTHENTICATORWhenusingNativeorPAMauthenticationforUNIXenvironments,iftheAuthenticatornodeisdisconnectedfromthenetwork,ETXServerwillnotbeabletoauthenticateusers.
Inthissituation,noonewillbeallowedtologintotheETXwebsite.
However,iftheadministratorcreatedamaintenanceuser(bydefault'etxinstall"),theycanloginwiththismaintenanceusertofixconfigurationproblemswiththeauthenticationnode.
Iftheauthenticatorfails,itwillnotaffectexistingsessions,unlessthosesessionsarerunningontheauthenticationnode(requirestheauthenticatornodetobeconfiguredasaProxyManager).
APACHETOMCAT/ETXSERVERIfApacheTomcatortheETXServerwebappisunavailable–whetherduetoabrokennetworkconnectionorservercrash,userswillbeunabletologintotheETXwebinterfaceorperformbasicfunctionssuchaslaunchingorresumingsessions.
AdministratorswillbeunabletologintothewebinterfacetoadministertheETXenvironment.
However,allactivesessionswillcontinuetooperatewithoutanylimitations.
IfausersuspendsanactivesessionwhileApacheTomcatortheETXServerisdown,heorshewillhavetowaituntilthosesystemsarerevivedandonlinebeforethesessioncanberesumed.
Note:ETXsupportshighavailabilityforthewebserver.
ThismeansthatyoucanrunETXserversinparallel.
Iftheprimarywebserverfails,thesecondarywilltakeover.
Forinformationonsetup,seetheExceedTurboXHighAvailabilityConfigurationGuide.
DATABASEIfthedatabaseisunavailablebecauseofanetworkfailure,theETXWebDashboardandWebServerManagerwillbeinac-cessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabaseconnectionisrestored,allfunctionswillberesumed.
Ifthemachinerunningthedatabasecrashesorispowereddownunexpectedly,orthedatabaseiscorrupted,ETXWebDashboardandWebServerManagerwillbeinaccessible.
However,allactivesessionswillcontinuetooperatewithoutlimitations.
Whenthedatabasemachineisrestoredallfunctionswillberesumed.
LICENSESERVERSTATICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,anETXServerwillcontinuetomanagetheallottedlicensesasiftheywerelocallyinstalled,forupto72hours.
ThisprovidestimeforITtofindandfixanyfailures.
ImpacttotheETXServeranditsusersisminimalunlessthisconditionisleftuntreated.
DYNAMICLICENSEDISTRIBUTIONUpondisconnectionfromaLicenseServer,eachETXServerwillassumethatanyunallocatedlicensesareavailableforlocalsessionsforupto72hoursafterthedisconnection.
WhentheconnectiontotheLicenseServerisrestored,eachETXServerwillreportitscurrentlicenseusagetotheLicenseServer,andtheLicenseServerwillrecalculatethetotalnumberoflicensesthatareinuse.
Userswhohaveactivesessionswillnotbepenalizedifthenumberoflicensesinuseisgreaterthanthenumberoflicensesinstalled.
Inthiscase,thiseventwillbeloggedandanyuseractivitiesthatrequireadditionallicenseswillnotbepermitteduntilthetotalnumberoflicensesinuseisfewerthanthenumberoflicensesinstalled.
11.
0PlatformsThesupportedplatformsforeachETXcomponentisprovidedinthetablebelow.
LOADBALANCINGRULEFUNCTIONCLIENTWINDOWSPLATFORMSWindows10Windows8.
1Windows7SP1orlaterWindowsServer2008R2SP1orlaterWindowsServer2012R2orlaterLINUXPLATFORMSRedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterpriseLinux11&12,64-bitMACOSXPLATFORMSMacOS10.
12(Sierra)MacOSX10.
11(ElCapitan)IOSPLATFORMSiOS9.
0orlater,oniPad2orlater,iPadAir,iPadAir2,iPadmini2orlater,iPadProJAVACLIENTETXSERVERRedHatEnterpriseLinux6.
5orlater,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitETXCONNECTIONNODERedHatEnterpriseLinux6.
5orlater,64-bitSuSELinuxEnterprise11&12,64-bitOracleSolarisSPARC10&11,64-bitOracleSolarisx86-6410&11,64-bitIBMAIX6.
1or7.
1Windows10,64-bitWindows8.
1,64-bitWindows7SP1,64-bitWindowsServer2008R2SP1,64-bitWindowsServer2012R2DATABASEIBMDB2Express-C10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyIBMDB2EnterpriseServer10.
5withRedHatEnterpriseLinux6orlater,64-bitonlyMicrosoftSQL2012SP1StandardEditionorlateronWindowsServer2012R2orlaterMicrosoftSQL2008R2SP2StandardEditionorlateronWindowsServer2008R2SP1orlaterApacheDerby10orlater,onallsupportedETXServerplatformsWEBBROWSERSGoogleChromeMozillaFirefoxMicrosoftInternetExplorer11MicrosoftEdgeAppleSafari8orlater(applicabletoMacOSXonly)ClosingThankyouforyourinterestinOpenTextExceedTurboX.
TolearnmoreaboutExceedTurboX,visitourwebsiteat:connectivity.
opentext.
com/etx.
AboutOpenTextOpenTextenablesthedigitalworld,creatingabetterwayfororganizationstoworkwithinformation,onpremisesorinthecloud.
FormoreinformationaboutOpenText(NASDAQ:OTEX,TSX:OTC)visitopentext.
com.
Connectwithus:OpenTextCEOMarkBarrenechea"sblogTwitter|LinkedIn|Facebook
- authenticaapachetomcat相关文档
- creationapachetomcat
- POJOsapachetomcat
- multiapachetomcat
- removeapachetomcat
- clearapachetomcat
- 考勤apachetomcat
VirMach(8元/月)KVM VPS,北美、欧洲
VirMach,成立于2014年的美国IDC商家,知名的低价便宜VPS销售商,支持支付宝、微信、PayPal等方式付款购买,主打美国、欧洲暑假中心产品,拥有包括洛杉矶、西雅图、圣何塞、凤凰城在内的11个数据中心可以选择,可以自由搭配1Gbps、2Gbps、10Gbps带宽端口,有Voxility DDoS高防IP可以选择(500Gbps以上的防御能力),并且支持在控制面板付费切换机房和更换IP(带...
企鹅小屋:垃圾服务商有跑路风险,站长注意转移备份数据!
企鹅小屋:垃圾服务商有跑路风险!企鹅不允许你二次工单的,二次提交工单直接关服务器,再严重就封号,意思是你提交工单要小心,别因为提交工单被干了账号!前段时间,就有站长说企鹅小屋要跑路了,站长不太相信,本站平台已经为企鹅小屋推荐了几千元的业绩,CPS返利达182.67CNY。然后,站长通过企鹅小屋后台申请提现,提现申请至今已经有20几天,企鹅小屋也没有转账。然后,搞笑的一幕出现了:平台账号登录不上提示...
Hostodo商家提供两年大流量美国VPS主机 可选拉斯维加斯和迈阿密
Hostodo商家算是一个比较小众且运营比较久的服务商,而且还是率先硬盘更换成NVMe阵列的,目前有提供拉斯维加斯和迈阿密两个机房。看到商家这两年的促销套餐方案变化还是比较大的,每个月一般有这么两次的促销方案推送,可见商家也在想着提高一些客户量。毕竟即便再老的服务商,你不走出来让大家知道,迟早会落寞。目前,Hostodo有提供两款大流量的VPS主机促销,机房可选拉斯维加斯和迈阿密两个数据中心,且都...
apachetomcat为你推荐
-
php虚拟主机求php虚拟主机提供商。。。哪里的 好,价格也优惠的域名注册公司域名注册公司是不是要向DNS根服务器交钱?vps试用小弟是VPS新手,请问各位哪里有VPS主机免费试用和T楼活动啊?求网站..网站域名域名和网址有什么区别香港虚拟空间最好的香港虚拟主机是哪家?虚拟主机系统虚拟主机采用什么操作系统?华众虚拟主机管理系统星外,华众,依然这三个虚拟主机管理系统中哪个好华众虚拟主机管理系统华众虚拟主机管理系统怎样才能使用支付宝的双功能支付接口或者担保交易的支付接口域名网站哪里可以给你免费的域名做个网站备案域名哪些域名可以在国内备案?