360 likes | 374 Views
This module explores the use of Linux on zSeries for web serving and mail serving scenarios, including the benefits of shared code, disk partitioning, and the use of Apache Web Server. It also discusses the advantages and disadvantages of different server setups and highlights the features and considerations of various web serving applications.
E N D
Objectives • Briefly describe the four Web serving applications mentioned: eOneCommerce, Tamino XML server, CommuniGate Pro, DI-Atlantis. • List five factors that need to be taken into consideration with a Web serving scenario. • State three differences between the configuration of a distributed server setup vs. a Linux for zSeries setup for mail serving. • State the main advantage of being able to partition a disk. • List five features that the Apache Web server supports. • State two things that must be done to allow apache to run multiple Web sites. • Briefly describe the directives you must be cautious of in the httpd.conf file (ExecCGI,FollowSymLinks,Server Side Includes, Directory indexing). • List two application servers. • State the main advantage and disadvantage of JIT over regular java compilation methods. • List four effects Java’s OO nature has on resource demands.
Outline • Web servers • Mail serving scenario: Intel vs. zSeries • Apache Web Server example • Virtual hosting • Web server security considerations • Web enablement applications • eOneCommerce • Tamino XML server • CommuniGate Pro • DI-Atlantis
Linux for zSeries Web serving • Linux for IBM zSeries is perfect for the Internet Service Provider (ISP) and Application Service Provider (ASP) market. • Providers typically run many identical servers, creating huge server farms with rack after rack of Web and application servers. • Corporations can maximize the cost of ownership benefits in maintenance, support and employee cost arenas. • Corporations also gain significant savings in floor space.
Factors of servers • Must account for firewalls, failover protection, directory servers, backup servers, etc. • Availability: single point of failure. • Cost of individual server. • Uniform software. • Cost of application maintenance: prime shift or 12 hours a day, 5 days per week.
Options for scenario: Intel 30 2-way Intel 1Gig (GHz) servers (running 5% utilization) • Servers are connected to a physical network which requires hardware. • Also notice that each server is running a separate copy of the operating system and application code. • This is duplicated for each server in the solution, which is 30 times in this case. • Each server requires disk space to support this. • Maintenance must be performed on each server individually. • Backup is done by a dedicated backup server. Client code on each system communicates with the server to perform backup operations.
Mail serving scenario 1: 30 2-way Intel 1 gigahertz (GHz) servers
Mail server: zSeries • Disk storage for operating system and application code is shared by all virtual servers. • Advantages of sharing code • Controlling the cost of disk storage • Ease of maintenance • One copy of the code, 30 servers in operation. • Servers still issue messages that have to be monitored and possibly responded to. • z/VM’s PROP used to handle messages and to avoid need for additional software.
zSeries benefits • Ability to partition the disk space available to the servers. • Don’t need to buy new disks for increased disk space. • Partition disks into minidisks that can be allocated easily to a server that requires additional disk space. • Accommodates varying growth of e-mail applications, mailboxes that grow faster can be expanded as needed. • Backup is done again by a backup client. • Tivoli Systems Manager server communicates with clients on the virtual instances to perform backup operations.
zSeries benefit: ESS • TotalStorage Enterprise Storage Server disk solution is a unique and far more powerful solution than dedicated disks on standalone systems available in conjunction with the Linux on zSeries environment. • The reliability characteristics of the ESS include the advanced functions that are available in the unit, such as FlashCopy. • Function allows you to create a copy of a disk volume instantly. • Extremely useful for minimizing downtime for backups or creating test data for new applications.
Apache Web Server • One of the most popular Web servers started by the National Center for Super Computing Applications (NCSA) Web server. • Apache is a full-function Web server. • Supports • HTTP/1.1 protocol • File-based configuration • Common Gateway Interface (CGI) support • Virtual Host support • HTTP (or basic) authentication • Integrated Perl (the defacto Apache CGI script language) • Operation as a caching proxy server • Customizable logging • Server Side Includes (SSI) • SSL (through a set of patches called Apache-SSL) • User session tracking capability • FastCGI • Java Servlets (through the Jserv module) • This Web server will be installed and configured on your Linux virtual machines during an accompanying lab at the end of the module.
Apache • Apache Web server is built in a highly modular fashion. • Small core of code. • Large number of configurable modules supply majority of function. • With configuration file and config script it is possible to build a custom Apache server that includes only the function you need. • Apache Web server supports a server API. • Possible to create your own modules extending the function of the server.
Virtual Hosting/Apache • Apache is capable of running multiple Web sites from a single server. • Configuration file only defines a single main site. • Define additional Web sites through statements in file. • Each site needs to be identified by a unique domain name. • Update DNS servers within network so that clients can access their virtual Web sites. • Update DNS servers to include the new DNS names and resolve those names to the IP address of the Linux system. • Virtual sites are defined to the Apache server using the VirtualHost container in the httpd.conf file. • Example of a virtual host definition: • <VirtualHost 9.130.31.15> • DocumentRoot /usr/local/apache/newsite/htdocs • ServerName www.newsite.com • </VirtualHost>
Web Server security considerations • Combining the free-for-all nature of Linux with the security intensive nature of zSeries needed to securely share resources means that once you have your Web server installed and configured, it is useful to spend time considering how you can make it secure. • Installation and configuration are the concepts to understand about these environments. They will be covered in a following lab.
Web Server security considerations • Outside access to the content provided by your Web server can be controlled by the access control statements in httpd.conf. • Define a very restrictive set of permissions for the / directory, then add permissions as needed. • The set of statements that authorize access and features will be provided for you. • There are several directives in the httpd.conf file that you must use with caution.
Directive: ExecCGI ExecCGI • Specifies CGI programs that can be executed within the directory hierarchy for option. • CGI programs can open security holes. • Restrict CGI programs to a specific directory that is outside the hierarchy of your httpd root file system and control access to it.
Directive: FollowSymLinks Apache FollowSymLinks • Symbolic links are file pointers. • When a symbolic link is accessed, it behaves as though the user accessed the real, referenced file. • Option allows remote users to follow symbolic links in the directory they are referencing by clicking the associated hyperlinks. • Security problem: if someone inadvertently links to an important internal system file the remote user can violate the barrier that separates the Web hierarchy from the system file hierarchy.
Directive: Includes option Includes option • Server Side Includes (SSI) create dynamic information in HTML documents. • Creates dynamic documents without writing CGI programs. • No serious security exposures except the EXEC directive. • Allows you to specify system commands within your source HTML. • Produces a directory listing in the HTML output stream. • If HTML page takes user input, an attacker could download the HTML source, insert malicious exec commands, and then submit the form. • Server would process form and unwittingly execute the commands specified. • Don’t allow exec cmd directive (Options IncludesNOEXEC) in order to prevent this.
Directive: directory indexing Directory indexing • Do not enable the directory indexing option. It causes Apache to send a directory listing (similar to an ls -l command) when a default HTML page is not found. • Potentially allows a Web user to browse the list of files in a particular directory and navigate between directories. • If you have included files in the directory that are not usually referenced by any HTML page, the directory listing will expose the files to Web users.
Web application server • Web application server • Technically “application server” is a generic term, in common usage it refers to a server that implements the Java 2 Enterprise Edition (J2EE) standard. • Java application servers • IBM WebSphere Application Server • BEA WebLogic • Lutris Enhydra • Tomcat • Resin from the Apache Project • Deploying any application server is a very complex undertaking dependent on the particulars of each application.
Web enablement applications Applications announced for the zSeries Linux solution that provide a huge edge to a corporation’s Web infrastructure • eOneCommerce • E-business software application and Internet publishing tool from the eOne Group. • 100% platform independent and integrates seamlessly to any IBM hardware, software, database, and operating system. • Tamino XML server • High performance information management platform application by Software AG. • CommuniGate Pro • Carrier grade messaging solution application from Stalker Software. • DI-Atlantis • Multidimensional software package designed to transform data for intuitive access and analysis.
eOneCommerce • eOneCommerce offers rapid and simple deployment. • eOneCommerce uses Open Standards. • eOneCommerce Web-enables your entire enterprise. • eOneCommerce gives you easy-to-administer tools and utilities. • eOneCommerce separates presentation, application, and data layers. • “Model-View-Controller” design • eOneCommerce is an Out-of-the-Box application, no custom codes. • allows you to successfully migrate business functions to the Web.
eOneCommerce features • It is a 100% Java, hardware independent Web engine that can have a business on-line in days with J2EE application suite that fits into a multi-platform environment. • Utilize open eCommerce architecture based on existing business rules using platform-independent tools and technologies. • Benefit from state-of-the-art total Web integration and save money. • Orders that are generated on the Web will flow seamlessly through the existing fulfillment infrastructure. • Offers “real-time” access to back-end systems. • Gives the flexibility and portability to scale to different platforms as growth/performance demand increase. • For more information go to http://www.ibm.com/software/is/mp/linux/software/pdfs/eOne_Group_Hires_Ltr4_16_02.pdf
eOneCommerce: JVM • eOneCommerce is based on Java technology. • Java Virtual Machine (JVM) • JVM can be viewed as its own small virtual server. • Emulates a sort of system with a limited set of instructions and functions. • Just-In-Time compilation (JIT) • Compiling the Java byte-code into native instructions just before execution. • Provides significant improvements in execution time. • Java applications tend to be more CPU-intensive. • With JIT compilation much less CPU time is required. • JVM is also a pure stack-based machine.
Java: Objects • Java is an object-oriented language • OO is a tool for improving software engineering methods and programmer effectiveness; not performance. • Effects on resource demands: • Loading of class hierarchies • Indirection • Dynamic binding • Cache-unfriendly behavior • Java code is a large consumer of memory (usage and bandwidth). • Architecture of applications have significant impact on run-time behavior. • Applications composed of many smaller objects will tend to be more efficient on zSeries.
Tamino XML Server • High performance information management platform application by Software AG. • Based on native XML storage and open standard Internet technologies for managing data on internets and intranets. • Advanced query capabilities: helps to find and manage any type of content across the enterprise and enables rapid implementation of electronic business applications based on XML standards. • The server is built to: • Store XML documents natively. • Expose information residing in various external XML or non-XML sources (legacy data) or applications to the outside world in XML format. • Search effectively on all information available to the Tamino application.
Tamino features • Manages information of all types. • Tamino is the world's leading XML server. • 2001 market share of 40.5%. • List of enterprises that have already gained a competitive advantage by implementing Tamino can be found on the Internet at www.softwareag.com/germany/referenzen/ or www.softwareag.com/corporat/references/ for international references. • By combining Tamino's performance with Linux's stability, Software AG and SUSE Linux AG have created an offering geared to enterprises who want to exploit reliable mainframes such as the zSeries for e-business. • Linux offers very high scalability; not just to small- and medium-sized businesses, but also to large-scale environments. • Free Introduction with the XML Starter Kit • The XML Starter Kit 3rd Edition offers professional users, developers, and IT decision makers a comprehensive package that allows them to evaluate Tamino XML Server and learn about XML technology at www.xmlstarterkit.com or view a demo version. • For more on Tamino and Linux see http://www.eweek.com/article2/0,3959,844434,00.asp
CommuniGate Pro • Carrier grade messaging solution application from Stalker Software. • Provides high performance, speed, reliability, security with an extensive feature set as benefits for running on the zSeries platform (i.e. benefits from the ability to utilize HiperSockets for secure memory-speed communications). • Utilizes a dynamic clustering architecture to manage millions of accounts, while providing a 99.999% uptime requirement. • Its Linux base allows it to support over 24 different operating systems and hardware platforms. • CommuniGate Pro is a powerful, feature-rich POP3, SMTP, and IMAP4 e-mail server with an intuitive browser-based administration interface and compelling extras like list services and a Web-based e-mail client. • Download trial version from http://www.stalker.com
CommuniGate Pro features • CommuniGate Pro provides SMTP mail exchange and functions as a POP3 and IMAP4 mail server. It provides Web access to POP3 or IMAP4 e-mail (you can get to all your IMAP4 server-side folders from a browser). CommuniGate Pro also lets you create mailing lists and provides list management services. • Can poll multiple remote POP3 servers and gather the mail to a single user's local POP3 or IMAP4 account. • Can create automated message handling rules that apply to all accounts, as well as rules that apply to individual accounts. The administrator can allow users to add and modify private rules. • Can work with LDAP server, but CommuniGate Pro doesn't provide LDAP directory services itself. • Can allow users to create a personal Web site. • http://www.stalker.com/CommuniGatePro/
DI-Atlantis • This solution from Dimensional Insight, Inc. is a multidimensional software package designed to transform data for intuitive access and analysis. • Allows you to give users the information they need in a format that is easily understood.
DI-Atlantis features • Data spheres are set up to provide business accurate information quickly enabling the right decisions. • Automated process to provide different level users (internal, remote, and external) distributed across the enterprise appropriate access. • Unified access to resources for all types of users: share information securely across the supply chain. • User-friendly interface across the enterprise. • Automated report analysis. • Easy access to data when and where you need them. • Dynamic query tools. • All users benefit.
Conclusion • There are many applications that are prime candidates to utilize the unique environment created by using Linux on zSeries. Among them are: eOneCommerce, Tamino XML server, CommuniGate Pro, DI-Atlantis. • Regardless of the scenario you set up for your servers, additional elements are needed such as your firewalls, need for backup, the need to maintain servers/software, failover protections, etc. • With individual servers, you need physical wiring for your networking and have to consider all the possible problems with availability and latency. Each server is running its own copy of the operating system and needs its own software including all the maintenance and licensing fees. • A unique advantage of using the Linux for zSeries environment is the ability to use VM to partition disks and thus be able to utilize all resources while eliminating the need to purchase a new disk/equipment each time you want to add disk space to a server.
Conclusion • Apache is a versatile full function Web server that supports: HTTP/1.1 protocol, File-based configuration, Common Gateway Interface (CGI), Virtual Host, HTTP (or basic) authentication, Integrated Perl, Operation as a caching proxy server, Customizable logging, Server Side Includes (SSI), SSL, User session tracking capability, FastCGI and Java Servlets. • Although Apache is capable of running multiple Web sites from a single server the configuration file only defines a single main site so to utilize this fully you must define additional Web sites through statements in config file and identify each site with a unique domain name. • The directives that could cause some problems due to security considerations are: ExecCGI for enabling CGI programs, FollowSymLinks for creating file pointers, SSI for inserting dynamic content in HTML docs, and directory indexing to enable directory listings. • There are many different Web application servers, among them are WebSphere Application Server, BEA WebLogic, Lutris Enhydra and Tomcat. • JIT compilation allows you to compile Java byte-code into native instructions just before execution which results in significant improvements in execution time since it is much less CPU intensive.
References • Linux on IBM zSeries and S/390:ISP/ASP Solutions introduction • Linux for s/390 (Chapter 21 Apache) • Linux Handbook: A Guide to IBM Linux Solutions and Resources (Chapter 4)