Web SAMS Seminar Web SAMS Architecture Websams requirement

Web. SAMS Seminar

Web. SAMS Architecture

Websams requirement Web. SAMS server access Internet without through proxy Web. SAMS server access HTTPS web site E. g. www. hsbc. com. hk logon HTTP server access internet without through proxy NAT port mapping E. g : 202. 123. 219. 100 10. 128. 150 TCP 80 , 443 , 7010 Allow traffic from DMZ http to Web. SAMS server Feb 2005 TCP 8009 TCP 7009 TCP 8109 ( 1 server 2 sams ) Web. SAMS Seminar B-3

Network architecture Feb 2005 Web. SAMS Seminar B-4

Network architecture (cont’d) Feb 2005 Web. SAMS Seminar B-5

Network architecture ( cont’d ) 3 types of Web. SAMS user ITED user Internet user. HTTP server is simply a relay which forward all the requests to the Web. SAMS server. The HTTP server itself does not store any data. Feb 2005 Web. SAMS Seminar B-6

Network Architecture ( cont’d ) Web. SAMS using URL to access. Determined by Name server ( DNS ) Different network user resolve different IP by using different DNS accordingly. Example : SAMS user : ITED user : websams. schabc. edu. hk => 10. 128. 150 / 192. 168. 0. 3 Internet user : Feb 2005 websams. schabc. edu. hk => 10. 128. 30. 150 websams. schabc. edu. hk => 202. 123. 219. 100 Web. SAMS Seminar B-7

Network Architecture ( cont’d ) Router ( between Web. SAMS and ITED ) HTTP establish to Web. SAMS server can access to internet without through proxy Feb 2005 Using TCP 8009 for production Using TCP 7009 for training Using TCP 8109 for 1 server 2 SAMS TCP 80 ( HTTP ) TCP 443 ( HTTPS ) TCP/UDP 53 ( DNS ) TCP 25 ( SMTP ) TCP 110 ( POP 3 ) Web. SAMS Seminar B-8

Network Architecture ( cont’d ) Internet Gateway Support NAT ( network address translation ) Port mapping Feb 2005 TCP 80 TCP 443 TCP 7010 Web. SAMS Seminar B-9

Internet Gateway Separate Internet and ITED 2 interfaces , One is real IP , Another is internal IP It could be , Feb 2005 Hardware firewall ( e. g. sonicwall , cisco pix, netscreen … etc. ) Proxy server with NAT function Router with NAT function Linux server ( 2 interface cards , using iptables or ipchains + ipmasqadm ) Win 2000 server ( 2 interface card , using ISA or Routing and Remote access ) Web. SAMS Seminar B - 10

DMZ Demilitarize Zone Separated area ( Internet Gateway have 3 interfaces ) Open services to internet Locate servers to a limited area Minimize affected area in case of suffer from hacking Feb 2005 Web. SAMS Seminar B - 11

Backup Web. SAMS schedule Backup Pre-backup Backup Post-backup From 00: 00 am to 06: 00 am Schedule backup Usage : Feb 2005 Stop Web. SAMS engine Backup Minor upgrade Housekeep Web. SAMS application log files Web. SAMS Seminar B - 12

Backup job flow Generate Random Sleep time Feb 2005 Web. SAMS Seminar B - 13

Pre-backup D: websamsbatchpre_backup. bat 15 mins Stop Jboss , database , apache ( not for training system ) Make copy of Web. SAMS data Feb 2005 E: data<SUID>databasesched Web. SAMS Seminar B - 14

Post-backup D: websamsbatchpost_backup. bat Generate a random time ( sleep the server ) Minor upgrade Housekeep apache log files Housekeep Web. SAMS server log files ( older then 30 days ) E: DATACDS<dest_id>systemlogs Housekeep Report temp log files D: websamsjbosslog Housekeep CDS log ( older then 30 days ) D: websamsapachelogs E: DATA<SUID>rpttemp Start Database , Jboss , apache Feb 2005 Web. SAMS Seminar B - 15

Backup approach Grandfather-son relationship Use 11 tape to keep 3 months backup 5 for daily , 3 for weekly and 3 for monthly Backup Drive D and Drive E Feb 2005 D: ( Web. SAMS Application files ) E: ( School backup and Data ) Web. SAMS Seminar B - 16

Backup approach ( cont’d ) Feb 2005 Web. SAMS Seminar B - 17

Backup approach ( cont’d ) Feb 2005 Web. SAMS Seminar B - 18

Ad-hoc database backup Ad-hoc database backup It will stop db and jboss automatically It also will startup after finish It will backup CDS files User upload files Database files User upload report template files E: data<SUID>databaseadhoc Check the “Backup Log” to see whether success or not Feb 2005 Web. SAMS Seminar B - 19

What is JSP Pre-compilation ? Ad-hoc job facilities Improve the JSP response time when first start up Operate when Off-peak After upgrade After reboot jboss D: websamscatalinaworkMain. Enginelocalhost_jsp 2 hours Will not affect system if fail. Feb 2005 Web. SAMS Seminar B - 20

NAT and configuration

What is NAT ? Network Address Translation ( NAT ) Translate the IP address from one network to other network Typically one is inside and one is outside Port mapping function Ref : http: //searchwebservices. techtarget. com/s. Definition/0, , sid 26_gci 214107, 00. html Feb 2005 Web. SAMS Seminar B - 22

Web. SAMS segment access internet without through Proxy Involved equipment Feb 2005 Web. SAMS router Internet Gateway ISP Web. SAMS Seminar B - 23

Web. SAMS server network setting Windows 2000 Server DHCP server DNS server WINS server ( if ITED using NT 4 domain ) Feb 2005 Web. SAMS Seminar B - 24

DHCP server setup Feb 2005 Web. SAMS Seminar B - 25

DHCP server setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 26

DHCP server setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 27

DHCP server setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 28

WINS server setup Feb 2005 Web. SAMS Seminar B - 29

WINS server setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 30

WINS server setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 31

WINS server setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 32

Internal DNS setup Feb 2005 Web. SAMS Seminar B - 33

Internal DNS setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 34

Internal DNS setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 35

Internal DNS setup ( cont’d ) Feb 2005 Web. SAMS Seminar B - 36

Router Config Modified default route E. g. ip route 0. 0 10. 128. 15. 253 ACL modification E. g. Feb 2005 access-list 101 permit tcp any 10. 128. 30. 0. 0. 255 gt 1023 established access-list 101 permit udp any 10. 128. 30. 0. 0. 255 gt 1023 access-list 101 permit icmp any 10. 128. 30. 0. 0. 255 echo-reply access-list 101 permit icmp any host 10. 128. 30. 150 packet-too-big access-list 101 permit tcp host 172. 16. 0. 150 host 10. 128. 30. 150 eq 8009 access-list 101 permit tcp host 172. 16. 0. 150 host 10. 128. 30. 150 eq 7009 Access-list 101 deny ip any log Web. SAMS Seminar B - 37

Security and Maintenance

Routine tasks perform Daily Task Check apache log Check Virus scanning log Check Jboss log Feb 2005 D: websamsjbosslogserver. log Check tape backup log Check version Upgrade Log D: websamsapachelogs E: tempwsup 1 Change Tape Check firewall log Web. SAMS Seminar B - 39

Routine tasks perform ( cont’d ) Weekly Tasks Change tape Check window event viewer Monthly Tasks Feb 2005 Reboot server Tape head cleaning Reboot HTTP server Web. SAMS Seminar B - 40

Log checking Window event viewer log Apache log D: websamsapachelogs Access. log-<dd-mm-yy> ( http request log ) Error. log-<dd-mm-yy> ( error log ) Virus Scanning log Backup Software Log Feb 2005 Web. SAMS Seminar B - 41

HTTP Log checking /var/log/message /var/log/ Feb 2005 Web. SAMS Seminar B - 42

Web. SAMS program Log ( server. log ) D: Web. SAMSjbosslogserver. log Feb 2005 Web. SAMS Seminar B - 43

Web. SAMS upgrade log E: wsup 1yyyy. MMdd. hhmmwebsams_upgrade. log Feb 2005 Web. SAMS Seminar B - 44

Upgrade log ( cont’d ) Upgrade Success sample : Upgrade Fail sample : Feb 2005 Web. SAMS Seminar B - 45

Firewall Log Screen Hardware Firewall Log Screen Feb 2005 Web. SAMS Seminar B - 46

Housekeeping Housekeep Websams server files Housekeep the Web. SAMS upgrade backup files Clear the Java Web start cache Feb 2005 Web. SAMS Seminar B - 47

Housekeep Websams files Housekeeping those files : Windows Event log Windows apache logs D: Web. SAMSapachelogsaccess_log-<dd-mm-yy>, D: Web. SAMSapachelogserrors_log--<dd-mm-yy> Web. SAMS Jboss Cache D: Web. SAMSjbosstmpdeploy* D: Web. SAMScatalinaworkMain. Enginelocalhost* Backup software log Linux HTTP server Feb 2005 apache log (/etc/httpd/logs/access_log, /etc/httpd/logs/error_log) syslog (/var/log/messages) virus scan log Web. SAMS Seminar B - 48

Housekeep Web. SAMS upgrade backup files E: tempwsup 1 E: temptraining Files are store as <yyyy. MMdd. hhmm> , save the last folder. Feb 2005 Web. SAMS Seminar B - 49

Clear Java Web start cache Go to File Preference Advanced Feb 2005 Web. SAMS Seminar B - 50

Clear Java Web start cache (cont’d) Click the box “Also remote …” Feb 2005 Web. SAMS Seminar B - 51

Backup Configuration ( Arcserve ) Feb 2005 Web. SAMS Seminar B - 52

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 53

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 54

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 55

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 56

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 57

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 58

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 59

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 60

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 61

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 62

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 63

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 64

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 65

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 66

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 67

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 68

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 69

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 70

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 71

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 72

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 73

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 74

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 75

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 76

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 77

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 78

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 79

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 80

Backup Configuration ( Arcserve ) (cont’d) Feb 2005 Web. SAMS Seminar B - 81

Ad-hoc tasks Ad-hoc database backup Ad-hoc training database backup Backup in HTTP server Manually Backup Web. SAMS server D: and E: to other computer Change Password Feb 2005 OS System administrator Websams sysadmin and asysadmin http root Web. SAMS Seminar B - 82

Ad-hoc task ( cont’d ) Feb 2005 Web. SAMS Seminar B - 83

Ad-hoc task ( cont’d ) Feb 2005 Web. SAMS Seminar B - 84

Ad-hoc task ( cont’d ) Ah-hoc Production Database backup path e: data<suid>databasesched Ah-hoc Training Database backup path Feb 2005 e: Data9999databasebackup_snapshot Web. SAMS Seminar B - 85

Backup in HTTP Server Backup HTTP server setting in to text file , save it into a floppy Using command “grepconfig. sh” Use when HTTP server running in Good condition Those file can copy to any window for backup purpose Feb 2005 Web. SAMS Seminar B - 86

Backup in HTTP Server ( con’t ) Step 1 : Log in HTTP server as root. Step 2 : Mount the CDROM ( assume grepconfig. sh is in cd ) mount /mnt/cdrom sh /mnt/cdrom/grepconfig. sh Step 3 : Press “Y” in the following screen Feb 2005 Web. SAMS Seminar B - 87

Backup in HTTP Server ( con’t ) Feb 2005 Web. SAMS Seminar B - 88

Backup in HTTP Server ( con’t ) Step 4 : Press “Y” in the following screen Feb 2005 Web. SAMS Seminar B - 89

Trouble-shoot case studies

General trouble-shoot ( helpdesk call ) 12 general case from helpdesk call Feb 2005 SAMS PC cannot join ITED domain ITED / internet cannot access websams Cannot connect CDS HTTP server cannot update virus defination Trendmicro cannot login / Lost password HTTP lost root password Cannot backup Only backup on first tape How to setup SAMS client PC ? ITED access become Internet access Cannot generate report fonts Web. SAMS Seminar B - 91

SAMS PC cannot join ITED domain Identify ITED domain type NT domain ? Win 2000 AD domain ? Win 2003 AD domain ? Check whether Web. SAMS server has been installed with appropriate services NT => WINS server Win 2000 / 2003 => DNS server Feb 2005 Set websams server DNS Forwarder to PDC server Web. SAMS Seminar B - 92

SAMS PC cannot join ITED domain ( cont’d ) SAMS PC ping ITED IP Success ? If fail, Add static route in PDC , or router setting problem If success , ping ITED PDC Computer name Success ? If fail, If success, Feb 2005 Client side computer name resolve problem E. g. wins server , dns server Client PC need to install NETBEUI protocol. Web. SAMS Seminar B - 93

SAMS PC cannot join ITED domain ( cont’d ) Other concern : Feb 2005 PDC computer name Domain controller IP Physical layer ( cabling ) Web. SAMS Seminar B - 94

ITED / Internet cannot access Web. SAMS Double check websams start ? Test with Web. SAMS segment work or not Check ITED client PC resolve what ip ? DNS problem / DHCP problem Proxy client Check ITED client PC use proxy in IE ? Check ITED client PC IE version Go to HTTP server , use the following test. Type command : Feb 2005 telnet <websams server ip> 8009 Web. SAMS Seminar B - 95

ITED / Internet cannot access Web. SAMS ( cont’d ) Success Sample Fail Sample Feb 2005 Web. SAMS Seminar B - 96

ITED / Internet cannot access Web. SAMS ( cont’d ) If success , it must be ITED segment problem If fail , it could be : HTTP server crash HTTP server setting wrong Web. SAMS router setting wrong ( or reset ) If it can load SSL prompt , which mean HTTP running smoothly , maybe HTTP setting or router setting problem Feb 2005 Web. SAMS Seminar B - 97

ITED / Internet cannot access Web. SAMS ( cont’d ) ITED can access Web. SAMS successfully , but internet cannot. Internet Gateway problem ( port mapping ) HTTP server Default Gateway setting is wrong Feb 2005 It should be set to the Internet Gateway that performing port mapping Type “route” in linux to show default gateway setting. Web. SAMS Seminar B - 98

CDS cannot connect It may be caused by wrong: Internet Gateway setting Web. SAMS router setting In Websams server , try to connect Internet without passing through proxy Go to ( www. hsbc. com. hk) then click logon , to test whether https URL work or not Try to ping cdsx 1. websams. emb. gov. hk and cdsx 2. websams. emb. gov. hk Feb 2005 If fail , it may be DNS problem. Web. SAMS Seminar B - 99

CDS cannot connect ( cont’d ) Nearly 95% of network with the “CDS cannot connect” problem cannot pass the above testing. E. g. Internet Gateway did not let Web. SAMS server access internet E. g. Websams router setting wrong ACL or wrong default route One very special case is CDS can sent but cannot received. Under our investigation , it may caused by the ISP and network setting. Solution : Feb 2005 Implement “packet-too-big” into router setting. Web. SAMS Seminar B - 100

Trend. Micro cannot update Virus Definition Check whether HTTP server can access Internet Since “ping” command is disabled in HTTP server, please use the command “links”. Eg. links www. websams. emb. gov. hk Check the default gateway of HTTP server setting Has the Trend. Micro been registered ? Feb 2005 Web. SAMS Seminar B - 101

Trend. Micro Cannot login It requires IE 6. 0 SP 1 ( the most updated IE ) Trend. Micro does not have stable web-interface , Try other PC The HTTP server should be by default enable all internal IP for accessing Trendmicro ( port 14942 ) 192. 168. x. x/16 10. x. x. x/8 172. 16. x. x/16 The password has been change? Client PC using proxy ? Feb 2005 Web. SAMS Seminar B - 102

Trend. Micro lost password Generally, there is no recovery procedure Possible solution : Feb 2005 Re-install HTTP server ( for normal user , with less Linux knowledge ) Web. SAMS Seminar B - 103

HTTP server lost password Reboot HTTP server If using LILO Press “ctrl-X” for console Boot with “linux 1” single user mode After successful boot to OS Type “passwd” to change root password Reboot If using GRUB Feb 2005 Press “e” to edit the boot syntax Edit the second line of boot syntax , add “ 1” at the end of the line Press “b” to boot single user mode Then do the same as those for LILO Web. SAMS Seminar B - 104

Cannot backup Hardware failure Besides, over 95% of cases are due to the following 3 reasons : Backup task is configured wrongly Backup task spend too much time that causes post_backup starting early then estimation The administrator password in system does not synchronize with that for backup batch jobs. For case 3 , we need to Change the password in pre_backup , post_backup Change the password in Backup software E. g Arc. Serve My Admin All password setting must be same as system administrator password Feb 2005 Web. SAMS Seminar B - 105

Backup only on first tape Schedule task in backup software is not set as rotation , or did not several tasks for each days. In Acr. Serve Situation , it also may be caused by : Feb 2005 Media name not as same as media name in rotation scheme in scheduled task. Web. SAMS Seminar B - 106

Setup Web. SAMS client PC It requires Windows 2000 (with SP 2 or above) Acrobat reader 5. 0 or above ( suggest 5. 05 ) HKSCS for special Chinese characters. IE 6. 0 ( better with latest update applied ) Crystal Reports ( full installation ) Sybase ODBC Library Feb 2005 Web. SAMS Seminar B - 107

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 108

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 109

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 110

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 111

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 112

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 113

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 114

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 115

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 116

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 117

Setup Web. SAMS client PC ( cont’d ) Feb 2005 Web. SAMS Seminar B - 118

How to get ODBC Driver ? Identify the School Owner of your school Contact School Owner to request for Web. SAMS ODBC Driver. Feb 2005 Web. SAMS Seminar B - 119

ITED user become Internet user ? Internal DNS setting Proxy client ? Client PC using proxy in IE ? Trouble-shoot Ping URL in command prompt , see what IP it resolve. It should be HTTP internal IP In one very extreme case School place HTTP in DMZ School Internet gateway change the source ip Feb 2005 I. e. SNAT in Linux Web. SAMS Seminar B - 120

Cannot generate report Feb 2005 Web. SAMS Seminar B - 121

Cannot generate report ( cont’d ) Feb 2005 Web. SAMS Seminar B - 122

Cannot generate report ( cont’d ) Final case : Check websams server computer name Is that equal to the subdomain name in URL ? I. e. Feb 2005 If the subdomain name is Websams-am. schabc. edu. hk then websams server computer name should be “websams-am” Web. SAMS Seminar B - 123

Fonts Web. SAMS Server font is corrupted. Can’t display HKSCS fonts on generated report. the mingliu. ttc font size should = 21 M, If not Copy the font from D: websamsbatchutilitiesmingliu. ttc To C: WINDOWSFonts Reboot the Server Install HKSCS software on all PC http: //cdr. websams. emb. gov. hk Feb 2005 主頁《香港增補字符集》(HKSCS) Web. SAMS Seminar B - 124

Web. SAMS Helpdesk Scope Web. SAMS Application enquiry Modules maintenance General usage enquiries Web. SAMS Technical enquiry Focus on Web. SAMS Application Not cover Hardware, software and OS malfunction Feb 2005 i. e. Backup Software, NAV, . . etc. Web. SAMS Seminar B - 125

Resources Web. SAMS Central Document Repository : Web. SAMS System Manual : Web. SAMS Central Document Repository -> HKed. City -> 討論園地 or ; http: //www. hkedcity. net/teacher/forum/index. phtml? forum_id=52 Web. SAMS Helpdesk : E: DataDocAOM E: DataDocCOPM E: DataDocAUM Web. SAMS Forum : http: //cdr. websams. emb. gov. hk 3125 -8510 Leave your School ID and Contact number / contact person ITEHelp helpdesk Feb 2005 Web. SAMS Seminar B - 126

ITe. Help information Provided by hkedcity 2111 3373 http: //itehelp. hkedcity. net Mainly Providing help on general IT knowledge and enquiry on School IT environment Start services in Feb 2005 Web. SAMS Seminar B - 127