WebShare UB+ User manual

3 Installation

3.1 Different setups

3.1.1 General Overview

WebShare is comprised of two main servers: the WebShare WebObjects Server, and the WebShare File Server. The objective is to enable versatile and high performance remote file access over the Internet, while at the same time isolating the file server from the Internet. This feature is accomplished by means of the two-tier WebShare server application. The WebShare WebObjects Server acts as an intermediary between the Internet and the WebShare File Server:

When remote users log in to WebShare, their only access is to the WebShare WebObjects Server, which is connected to the Internet. The WebShare WebObjects Server is very secure, and contains no data, passwords, or configuration information. This WebShare WebObjects Server accepts requests and forwards them to the WebShare File Server, via a private protocol. The file server authenticates these requests, and then starts a separate process with each user's access rights, so that remote users can access only the files and directories for which they have file system permissions. The WebShare File Server forwards the requested content to the WebShare WebObjects Server which generates dynamic HTML pages for the remote users. This enables them to "see" the file server, without being directly connected.

Ideally, the WebShare WebObjects Server application should run on a dedicated server, allowing all other services and ports to be shut down. The WebShare File Server application then runs on the file server that contains the actual data to be shared. The following sections detail the various server configurations possible, and the related Firewall options. Additional security details are discussed in 8 "WebShare Security".

3.1.2 Software Firewall (Internet)

A software Firewall can be configured directly on the WebShare WebObjects Server (Fig. 1). For example, on a Mac OS X server, software Firewall settings can be defined via System Preferences- > Sharing. It must only allow incoming HTTP connections, and only on port 2009. Other ports on this server must not be reached via HTTP from the Internet in order to provide a high level of security. Chapter 8.1.11 "Switching WebShare to port 80 on the WebShare WebObjects Server" describes how to change the default HTTP IP address and port.
Furthermore, the WebShare WebObjects Server needs two network interfaces, one for the Internet, and one for the Intranet. IP-routing must be switched off.

Fig. 1: Software firewall towards the Internet

3.1.3 Hardware Firewall (Internet)

Another possibility is to install a hardware Firewall between the Internet and the WebShare WebObjects Server (Fig. 2). As described in 3.1.2 "Software Firewall (Internet)", the Firewall must only allow incoming HTTP connections on port 2009. Here, one network interface for both the Internet and the Intranet will do, but two network interfaces offer additional security. IP-routing must be switched off.

Fig. 2: Hardware firewall towards the Internet

3.1.4 Hardware Firewall (Intranet)

A hardware Firewall can also be positioned between the WebShare WebObjects Server and the Intranet. It should only allow incoming connections on ports 2010-2015. In addition, a software Firewall should only allow incoming HTTP requests on port 2009 (Fig. 3). This setup requires two network interfaces, one for the Internet and one for the Intranet. IP-routing must be switched off.

Fig. 3: Hardware firewall towards the Intranet

3.1.5 Single server solution

In a single server solution (Fig. 4), the WebShare WebObjects Server and the WebShare File Server are running on the same machine. The hardware Firewall must deny incoming HTTP connections other than on port 2009.

Fig. 4: Single server solution

3.2 WebShare WebObjects Server installation

3.2.1 System requirements

For the installation of the WebShare WebObjects Server the following prerequisites apply:

• Any supported HELIOS server platform. See a current listing of all supported platforms.
• The programming language Perl (version 5.0.5 or newer)
• Java 1.4.1 or newer runtime
• 32 MB RAM; 2 MB per active client

Note: If a two-tier WebShare server configuration is used, then only HELIOS Base and the WebShare WebObjects Server should be installed on the WebShare WebObjects Server. On the WebShare File Server, HELIOS Base and the WebShare File Server get installed. It is only necessary to enter the HELIOS license information on the WebShare File Server.

3.2.2 WebShare WebObjects Server license

The WebShare WebObjects Server has been developed using Apple Xcode SDK which includes WebObjects 5.3 technology. It is not required to install any Apple WebObjects software.

The complete support for the WebShare WebObjects Server product is provided by HELIOS and its partners. Apple does not offer any support for the HELIOS WebShare WebObjects Server.

3.2.3 Software installation

The installation of the HELIOS WebShare WebObjects Server follows the standard HELIOS software installation scheme. It is described in detail in the chapter "Software Installation" in the Base manual.

3.2.4 Verifying the installation

There are some steps you should take in order to verify that the installation of the WebShare WebObjects Server was successful:

On a command line, issue "srvutil status" (see "srvutil" in the Base manual):

$ srvutil status
Service	Status	PID	When	Restarts
srvsrv	Running	287	Wed 10:08
notifysrv	Running	289	Wed 10:08
authsrv	Running	290	Wed 10:08
desksrv	Running	291	Wed 10:08
heladmsrv	Running	292	Wed 10:08
admsrv	Running	294	Wed 10:08
afpsrv	Running	295	Wed 10:08
mailsrv	Running	296	Wed 10:08
papsrv	Running	297	Wed 10:08
pcshare	Running	298	Wed 10:08
lpd	Running	299	Wed 10:08
termsrv	Running	301	Wed 10:08
timesrv	Running	302	Wed 10:08
websharesrv	Running	303	Wed 10:08
dhcpsrv	Running	311	Wed 10:08
pcsdossrv	Running	304	Wed 10:08
opisrv	Running	305	Wed 10:08
scriptsrv	Running	306	Wed 10:08
createpdf	Running	307	Wed 10:08
mdnsproxysrv	Running	308	Wed 10:08
websharewoa	Running	309	Wed 10:08
toolsrv	Running	310	Wed 10:08

The result of the status query shows that "websharewoa" is running. If "websharewoa" is not running, check the system messages for errors.

Note: On Mac OS X systems, the "HELIOS Services" application ("Applications" folder) will be installed (as part of HELIOS Base) on both the WebShare WebObjects Server and the WebShare File Server. Hence, it can be used to verify the installation.

The following steps may be used to verify that the WebShare WebObjects Server is also available remotely:

In your browser enter the URL
http://<hostname>:2009

If this is successful, everything should work fine.

If it is not, try
http://<DNS name>:2009
Example: http://myserver.com:2009

If this fails, try
http://<IP-address>:2009
Example: http://172.16.0.8:2009

If you are successful with using the IP address in the URL but not with "host name" or "DNS name", the installation of the WebShare WebObjects Server was successful, but you may have a DNS configuration problem.

In a next step, prove that the web server (port 2009) can be reached from outside, e.g. via the HELIOS "socket" utility:

outsidehost$ socket myserver.com 2009
Trying...
Connected to helioshost.

If this returns an unknown host, try the IP address:

outsidehost$ socket 172.16.0.8 2009
Trying...
Connected to 172.16.0.8.

If this also fails, try (directly on the WebShare WebObjects Server):

$ socket localhost 2009
Trying 127.0.0.1...
Connected to helioshost.

Exit "socket" with Ctrl-C.

Note: The host names and IP addresses in the excerpts above are just examples!

Note: By default, the WebShare WebObjects Server allows connecting to all WebShare File Server hosts. The preference WSAllowedHostNames (6.5 "Preference keys") restricts the access to named WebShare File Servers only.

3.3 WebShare File Server installation

3.3.1 System requirements

For the installation of the WebShare File Server the following prerequisites apply:

• Any supported HELIOS server platform
  See a current listing of all supported platforms.
• The programming language Perl (version 5.0.5 or newer)
• 32 MB RAM; 2 MB per active client
• Each server that publishes files via WebShare requires a WebShare File Server license

3.3.2 Software installation and licensing

The installation of the HELIOS WebShare File Server uses the standard HELIOS Installer. It is described in detail in the chapter "Software Installation" in the Base manual.

The license is entered according to the instructions given in the chapter "Entering a new license" in the Base manual.

3.3.3 Verifying the installation

There are some steps you should take in order to verify that the installation of the WebShare File Server was successful:

On a command line, issue "srvutil status" (see "srvutil" in the Base manual):

$ srvutil status
Service	Status	PID	When	Restarts
srvsrv	Running	287	Wed 10:08
notifysrv	Running	289	Wed 10:08
authsrv	Running	290	Wed 10:08
desksrv	Running	291	Wed 10:08
heladmsrv	Running	292	Wed 10:08
admsrv	Running	294	Wed 10:08
afpsrv	Running	295	Wed 10:08
mailsrv	Running	296	Wed 10:08
papsrv	Running	297	Wed 10:08
pcshare	Running	298	Wed 10:08
lpd	Running	299	Wed 10:08
termsrv	Running	301	Wed 10:08
timesrv	Running	302	Wed 10:08
websharesrv	Running	303	Wed 10:08
dhcpsrv	Running	311	Wed 10:08
pcsdossrv	Running	304	Wed 10:08
opisrv	Running	305	Wed 10:08
scriptsrv	Running	306	Wed 10:08
createpdf	Running	307	Wed 10:08
mdnsproxysrv	Running	308	Wed 10:08
websharewoa	Running	309	Wed 10:08
toolsrv	Running	310	Wed 10:08

The result of the status query shows that "websharesrv" is running.

Note: On Mac OS X systems, the "HELIOS Services" application ("Applications" folder) will be installed (as part of HELIOS Base) on both the WebShare WebObjects Server and the WebShare File Server. Hence, it can be used to verify the installation.

The following steps may be used to verify that the WebShare File Server is also available remotely (use the appropriate server host name (or IP address) in place of "helioshost"):

$ socket helioshost 2010
Trying 127.0.0.1...
Connected to helioshost

Exit "socket" with Ctrl-C.

As the example above shows, the WebShare File Server port (2010) is available.