WebShare is comprised of two main servers: the WebShare WebObjects Server, and the WebShare File Server. The objective is to enable versatile and high performance remote file access over the Internet, while at the same time isolating the file server from the Internet. This feature is accomplished by means of the two-tier WebShare server application. The WebShare WebObjects Server acts as an intermediary between the Internet and the WebShare File Server:
When remote users log in to WebShare, their only access is to the WebShare WebObjects Server, which is connected to the Internet. The WebShare WebObjects Server is very secure, and contains no data, passwords, or configuration information. This WebShare WebObjects Server accepts requests and forwards them to the WebShare File Server, via a private protocol. The file server authenticates these requests, and then starts a separate process with each user's access rights, so that remote users can access only the files and directories for which they have file system permissions. The WebShare File Server forwards the requested content to the WebShare WebObjects Server which generates dynamic HTML pages for the remote users. This enables them to "see" the file server, without being directly connected.
Ideally, the WebShare WebObjects Server application should run on a dedicated server, allowing all other services and ports to be shut down. The WebShare File Server application then runs on the file server that contains the actual data to be shared. The following sections detail the various server configurations possible, and the related Firewall options. Additional security details are discussed in
8 "Security considerations".
3.1.2 Software Firewall (Internet)
A software Firewall can be configured directly on the WebShare WebObjects server (Fig.
1). It must only allow incoming HTTP connections, and only on port 2009. Other ports on this server must not be reached via HTTP from the Internet in order to provide a high level of security. For example, on a Mac OS X server, software Firewall settings can be defined via
System Preferences > Sharing.
Furthermore, the WebShare WebObjects Server needs two network interfaces, one for the Internet, and one for the Intranet. IP-routing must be switched off.
Fig. 1: Software Firewall towards the Internet
|
|
3.1.3 Hardware Firewall (Internet)
Another possibility is to install a hardware Firewall between the Internet and the WebShare WebObjects Server (Fig.
2). As described in
3.1.2 "Software Firewall (Internet)", the Firewall must only allow incoming HTTP connections on port 2009. Here, one network interface for both the Internet and the Intranet will do, but two network interfaces offer additional security. IP-routing must be switched off.
Fig. 2: Hardware Firewall towards the Internet
|
|
3.1.4 Hardware Firewall (Intranet)
A hardware Firewall can also be positioned between the WebShare WebObjects Server and the Intranet. It should only allow incoming connections on ports 2010-2015. In addition, a software Firewall should only allow incoming HTTP requests on port 2009 (Fig.
3). This setup requires two network interfaces, one for the Internet and one for the Intranet. IP-routing must be switched off.
Fig. 3: Hardware Firewall towards the Intranet
|
|
3.1.5 Single server solution
In a single server solution (Fig.
4), the WebShare WebObjects Server and the WebShare File Server are running on the same machine. The hardware Firewall must deny incoming HTTP connections other than on port 2009.
Fig. 4: Single server solution
|
|
3.2 WebShare WebObjects Server installation
3.2.1 System requirements
For the installation of the WebShare WebObjects Server the following prerequisites apply:
- Any supported HELIOS server platform. See a current listing of all supported platforms at:
www.helios.de/support/platforms.phtml
- The programming language Perl (version 5.0.5 or newer) must be installed
- Java 1.4.1 or newer runtime
- 32 MB RAM; 2 MB per active client
Note: If a two-tier WebShare server configuration is used, then only HELIOS Base and the WebShare WebObjects Server should be installed on the WebShare WebObjects Server. On the WebShare File Server, HELIOS Base and the WebShare File Server get installed.
3.2.2 WebShare WebObjects Server license
The WebShare WebObjects Server has been developed using Apple Xcode SDK which includes WebObjects 5.3 technology. It is not required to install any Apple WebObjects software. All necessary components are delivered as an J2EE application server compatible deployment program.
The complete support for the Webshare WebObjects Server product is provided by HELIOS and its partners. Even WebShare has been built with Apple WebObjects technologies. Apple does not offer any support for the HELIOS Webshare WebObjects Server.
3.2.3 Software installation
The installation of the HELIOS WebShare WebObjects Server follows the standard HELIOS software installation scheme. It is described in detail in the chapter "Software Installation" in the HELIOS Base manual.
3.2.4 Verifying the installation
There are some steps you should take in order to verify that the installation of the WebShare WebObjects Server was successful:
On a command line, issue "srvutil status" (see "srvutil" in the Base manual):
Service Status PID When Restarts
srvsrv Running 398 Fri 8:38
slpsrv Running 400 Fri 8:38
mailsrv Running 401 Fri 8:38
termsrv Running 402 Fri 8:38
timesrv Running 403 Fri 8:38
createpdf Running 405 Fri 8:38
notifysrv Running 406 Fri 8:38
desksrv Running 417 Fri 8:38
admsrv Running 418 Fri 8:38
papsrv Running 419 Fri 8:38
authsrv Running 420 Fri 8:38
afpsrv Running 425 Fri 8:38
pcshare Running 427 Fri 8:38
opisrv Running 446 Fri 8:39
scriptsrv Running 904 Fri 10:30
websharesrv Running 428 Fri 8:38
websharewoa Running 404 Fri 8:38
heladmsrv Running 421 Fri 8:38
The result of the status query shows that "websharewoa" is running. If "websharewoa" is not running, check the system messages for errors.
Note: On Mac OS X systems, the "HELIOS Services" application ("Applications" folder) will be installed (as part of HELIOS Base) on both the WebShare WebObjects Server and the WebShare File Server. Hence, it can be used to verify the installation.
The following steps may be used to verify that the WebShare WebObjects Server is also available remotely:
In your browser enter the URL
http://<hostname>:2009
If this is successful, everything should work fine.
If it is not, try
http://<DNS name>:2009
Example: http://myserver.com:2009
If this fails, try
http://<IP-address>:2009
Example: http://172.16.0.8:2009
If you are successful with using the IP address in the URL but not with "host name" or "Web server name", the installation of the WebShare WebObjects Server was successful, but you may have a DNS configuration problem.
In a next step, prove that the Web server (port 2009) can be reached from outside, e.g. via the HELIOS "socket" utility:
outsidehost$ socket myserver.com 2009
Trying...
Connected to helioshost.
If this returns an unknown host, try the IP address:
outsidehost$ socket 172.16.0.8 2009
Trying...
Connected to 172.16.0.8.
If this also fails, try (directly on the WebShare WebObjects Server):
$ socket localhost 2009
Trying 127.0.0.1...
Connected to helioshost.
Exit "socket" with
Ctrl-C.
Note: The host names and IP addresses in the excerpts above are just examples!
Note: By default, the WebShare WebObjects Server allows connecting to all WebShare File Server hosts. The preference WSAllowedHostNames (6.6 "Preference keys") restricts the access to named WebShare File Servers only.
3.3 WebShare File Server installation
3.3.1 System requirements
For the installation of the WebShare File Server the following prerequisites apply:
- Any supported HELIOS server platform or Windows 2000 workstation or newer.
See a current listing of all supported platforms at:
www.helios.de/support/platforms.phtml
- The programming language Perl (version 5.0.5 or newer) must be installed
- 32 MB RAM; 2 MB per active client
- Each server that publishes files via WebShare requires a WebShare File Server license
3.3.2 Software installation and licensing
The installation of the HELIOS WebShare File Server uses the standard HELIOS Installer. It is described in detail in the chapter "Software Installation" in the HELIOS Base manual.
The license is entered according to the instructions given in the chapter "Entering a new license" in the HELIOS Base manual.
3.3.3 Verifying the installation
There are some steps you should take in order to verify that the installation of the WebShare File Server was successful:
On a command line, issue "srvutil status" (see "srvutil" in the HELIOS Base manual):
Service Status PID When Restarts
srvsrv Running 398 Fri 8:38
slpsrv Running 400 Fri 8:38
mailsrv Running 401 Fri 8:38
termsrv Running 402 Fri 8:38
timesrv Running 403 Fri 8:38
createpdf Running 405 Fri 8:38
notifysrv Running 406 Fri 8:38
desksrv Running 417 Fri 8:38
admsrv Running 418 Fri 8:38
papsrv Running 419 Fri 8:38
authsrv Running 420 Fri 8:38
afpsrv Running 425 Fri 8:38
pcshare Running 427 Fri 8:38
opisrv Running 446 Fri 8:39
scriptsrv Running 904 Fri 10:30
websharesrv Running 428 Fri 8:38
websharewoa Running 404 Fri 8:38
heladmsrv Running 421 Fri 8:38
The result of the status query shows that "websharesrv" is running.
Note: On Mac OS X systems, the "HELIOS Services" application ("Applications" folder) will be installed (as part of HELIOS Base) on both the WebShare WebObjects Server and the WebShare File Server. Hence, it can be used to verify the installation.
The following steps may be used to verify that the WebShare File Server is also available remotely (use the appropriate server host name (or IP address) in place of "helioshost"):
Exit "socket" with
Ctrl-C.
As the example above shows, the WebShare File Server port (2010) is available.
