HELIOS WebShare User manual

3 Installation
3.1 Different setups
3.1.1 General Overview
WebShare is comprised of two main servers: the WebShare WebObjects Server, and the WebShare File Server. The objective is to enable versatile and high performance remote file access over the Internet, while at the same time isolating the File Server from the Internet. This feature is accomplished by means of the two-tier WebShare server application. The WebShare WebObjects Server acts as an intermediary between the Internet and the WebShare File Server:

When remote users log in to WebShare, their only access is to the WebShare WebObjects Server, which is connected to the Internet. The WebShare WebObjects Server is very secure, and contains no data, passwords, or configuration information. This WebShare WebObjects Server accepts requests and forwards them to the WebShare File Server, via a private protocol. The File Server authenticates these requests, and then starts a separate process with each user's access rights, so that remote users can access only the files and directories for which they have file system permissions. The WebShare File Server forwards the requested content to the WebShare WebObjects Server which generates dynamic HTML pages for the remote users. This enables them to "see" the File Server, without being directly connected.
Ideally, the WebShare WebObjects Server application should run on a dedicated server, allowing all other services and ports to be shut down. The WebShare File Server application then runs on the file server that contains the actual data to be shared. The following sections detail the various server configurations possible, and the related Firewall options. Additional security details are discussed in 8 "Security considerations".
3.1.2 Software Firewall (Internet)
A software Firewall can be configured directly on the WebShare WebObjects server (Fig. 1). It must only allow incoming HTTP connections, and only on port 2009. Other ports on this server must not be reached via HTTP from the Internet in order to provide a high level of security. For example, on a Mac OS X server, software Firewall settings can be defined via System Preferences > Sharing.
Furthermore, the WebShare WebObjects Server needs two network interfaces, one for the Internet, and one for the Intranet. IP-routing must be switched off.
Fig. 1: Software Firewall towards the Internet

3.1.3 Hardware Firewall (Internet)
Another possibility is to install a hardware Firewall between the Internet and the WebShare WebObjects Server (Fig. 2). As described in 3.1.2 "Software Firewall (Internet)", the Firewall must only allow incoming HTTP connections on port 2009. Here, one network interface for both the Internet and the Intranet will do, but two network interfaces offer additional security. IP-routing must be switched off.
Fig. 2: Hardware Firewall towards the Internet

3.1.4 Hardware Firewall (Intranet)
A hardware Firewall can also be positioned between the WebShare WebObjects Server and the Intranet. It should only allow incoming connections on ports 2010-2015. In addition, a software Firewall should only allow incoming HTTP requests on port 2009 (Fig. 3). This setup requires two network interfaces, one for the Internet and one for the Intranet. IP-routing must be switched off.
Fig. 3: Hardware Firewall towards the Intranet

3.1.5 Single Server solution
In a single server solution, the WebShare WebObjects Server and the WebShare File Server are running on the same machine. The hardware Firewall must deny incoming HTTP connections other than on port 2009.
Fig. 4: Single Server solution

3.2 WebShare WebObjects Server installation
3.2.1 System requirements
For the installation of the WebShare WebObjects Server the following prerequisites apply:

Note: If a two-tier WebShare server configuration is used, then only HELIOS Base, the WebShare WO Server, and the WebObjects license should be installed on the WebShare WebObjects Server. On the WebShare File Server, HELIOS Base and the WebShare File Server get installed.

3.2.2 Apple WebObjects 5.2 license
The WebShare WebObjects server requires an Apple WebObjects product with its license. It is not required to install the Apple WebObjects runtime because all necessary components are already included in the WebShare ".war" program.
Log in as "root" and enter the Apple WebObjects Deployment license as follows:
# cd /usr/local/helios
# cd var/conf
# echo "your-apple-deployment license">"WOLicense.key"
The Apple WebObjects deployment licenses look like:
B-323-XXX-XXX-XXX-XXX-XXX-XXX-XXX-XXX
After the license is entered a "srvutil stop websharewoa" and "srvutil start websharewoa" will restart the server and the "websharewoa" process should be running. This can be verified via the "srvutil status" command. In the case of errors all messages are logged into the system messages.
3.2.3 Apple WebObjects license included in Mac OS X Server
Apple Mac OS X Server 10.2 and 10.3 include already a WebObjects 5.2.x license. On Mac OS X Server it is not required to purchase an additional WebObjects products license. WebShare detects the Mac OS X Server included WebObjects license and will use it.
3.2.4 Software installation and licensing
The installation of the HELIOS WebShare WebObjects Server follows the standard HELIOS software installation scheme. It is described in detail in the chapters 4.1.5 and 4.1.6 "Software Installation" in the HELIOS Base manual.
3.2.5 Verifying the installation
There are some steps you should take in order to verify that the installation of the WebShare WebObjects Server was successful:
On a command line, issue "srvutil status" (see chapter 9.1 "srvutil" in the HELIOS Base manual):
$ srvutil status
Service Status PID When Restarts
srvsrv Running 27710 Tue 14:08
desksrv Running 27712 Tue 14:08
slpsrv Running 27713 Tue 14:08
admsrv Running 27714 Tue 14:08
afpsrv Running 27715 Tue 14:08
mailsrv Running 27716 Tue 14:08
papsrv Running 27717 Tue 14:08
pcshare Running 27718 Tue 14:08
lpd Running 27730 Tue 14:08
opisrv Running 27731 Tue 14:08
scriptsrv Running 27732 Tue 14:08
termsrv Running 27719 Tue 14:08
timesrv Running 27720 Tue 14:08
websharesr Running 27721 Tue 14:08
websharewo Running 27722 Tue 14:08
The result of the status query shows that "websharewoa" is running. If "websharewoa" is not running, check the system messages for errors.

Note: On Mac OS X systems, the "HELIOS Services" application (Applications folder) will be installed (as part of HELIOS Base) on both the WebShare WebObjects Server and the WebShare File Server. Hence, it can be used to verify the installation.

The following steps may be used to verify that the WebShare WebObjects Server is also available remotely:
In your browser enter the URL
http://<hostname>:2009
If this is successful, everything should work fine.
If it is not, try
http://<DNS name>:2009
Example: http://myserver.com:2009
If this fails, try
http://<IP-address>:2009
Example: http://172.16.0.8:2009
If you are successful with using the IP address in the URL but not with "host name" or "Web server name", the installation of the WebShare WebObjects Server was successful, but you may have a DNS configuration problem.
In a next step, prove that the Web server (port 2009) can be reached from outside, e.g. via "telnet":
outsidehost$ telnet myserver.com 2009
Trying...
Connected to helioshost.
Escape character is '^]'.
If this returns an unknown host, try the IP address:
outsidehost$ telnet 172.16.0.8 2009
Trying...
Connected to 172.16.0.8.
Escape character is '^]'.
If this also fails, try (directly on the WebShare WebObjects Server):
$ telnet localhost 2009
Trying 127.0.0.1...
Connected to helioshost.
Escape character is '^]'.
Exit "telnet" with Ctrl-] and type close.

Note: The host names and IP addresses in the excerpts above are just examples!

Note: By default, the WebShare WebObjects Server allows connecting to all WebShare File Server hosts. The preference WSAllowedHostNames (6.5 "Preference keys") restricts the access to named WebShare File Servers only.

3.3 WebShare File Server installation
3.3.1 System requirements
For the installation of the WebShare File Server the following prerequisites apply:
3.3.2 Software installation and licensing
The installation of the HELIOS WebShare File Server uses the standard HELIOS Installer. It is described in detail in the chapters 4.1.5 and 4.1.6 "Software Installation" in the HELIOS Base manual.
The license is entered according to the instructions given in the chapters 4.3.1 and 4.3.3 "Entering a new license" in the HELIOS Base manual.
3.3.3 Verifying the installation
There are some steps you should take in order to verify that the installation of the WebShare File Server was successful:
On a command line, issue "srvutil status" (see chapter 9.1 "srvutil" in the HELIOS Base manual):
$ srvutil status
Service Status PID When Restarts
srvsrv Running 27710 Tue 14:08
desksrv Running 27712 Tue 14:08
slpsrv Running 27713 Tue 14:08
admsrv Running 27714 Tue 14:08
afpsrv Running 27715 Tue 14:08
mailsrv Running 27716 Tue 14:08
papsrv Running 27717 Tue 14:08
pcshare Running 27718 Tue 14:08
lpd Running 27730 Tue 14:08
opisrv Running 27731 Tue 14:08
scriptsrv Running 27732 Tue 14:08
termsrv Running 27719 Tue 14:08
timesrv Running 27720 Tue 14:08
websharesr Running 27721 Tue 14:08
websharewo Running 27722 Tue 14:08
The result of the status query shows that "websharesrv" is running.

Note: On Mac OS X systems, the "HELIOS Services" application (Applications folder) will be installed (as part of HELIOS Base) on both the WebShare WebObjects Server and the WebShare File Server. Hence, it can be used to verify the installation.

The following steps may be used to verify that the WebShare File Server is also available remotely (use the appropriate server host name (or IP address) in place of "helioshost"):
$ telnet helioshost 2010
Trying 127.0.0.1...
Connected to helioshost
Escape character is '^]'.
Exit "telnet" with Ctrl-] and type close.
As the example above shows, the WebShare File Server port (2010) is available.
1
in preparation

2
in preparation

© 2004 HELIOS Software GmbH