2002 - cesnet
Share Embed Flag
Download ePaper

2002 - cesnet

2002 - cesnet 2002 - cesnet

ces.net
13.07.2015 Views

The easiest way – direct interconnection of the streaming server with CAAS – wasnot possible since the GINA library that maintains AAA services in Windowschanges with every Windows version (often also with different service packs).We would not be able to keep the system in a consistent state in terms of securityand upgrades would not be possible. That is why we chose the alternativein which a proxy upload server is connected in front of the streaming server.This proxy server mediates communication between the client and the streamingserver.We chose Linux as the proxy server platform, because there is a PAM librarydeveloped within CAAS for authentication using LDAPS. Since only authenticationdata are stored in LDAPS, the authorization works on the basis of accessrights in the file system of the proxy server. Every user can only access onedirectory in the streaming server. Data are transferred between the proxy andstreaming server using the SMB protocol (transfer rate offered by SMB is approx.50 Mbps per client).Suitable selection of the protocol for transfers between clients and the proxyserver turned out to be the biggest problem. User names and passwords needto be transferred in an encrypted form, whereas the remaining communicationshould be encryption-free (large volume of virtually uncompressible data). Theprotocol must easily pass though firewalls and there must be clients for thisprotocol for most of the operating systems normally available.After considering several alternatives (Kerberos FTP and standard FTP, SMB,SSH/SCP, HTTP), we selected SSH/SCP. Its disadvantage is its low transfer performance(less than 10 Mbps in the tested configuration) given by the necessityto encrypt the entire communication. On the other hand, SSH/SCP normallypasses through firewalls (if the port 22 is enabled) and there are a large numberof clients for various operating systems available for it. Nevertheless, we do notconsider the SSH/SCP alternative to be the optimal one and are looking for aprotocol that could offer higher transfer rates while preserving the security.Another extension considered is the direct connection of the proxy server tothe disk array (the disk array can be connected to two independent servers).The current streaming system configuration includes:• streaming server – DELL 4000 (Pentium III Xeon, 1.25 GB RAM, 100 GB internaldisk array, 1000BASE-SX)• proxy server – SuperMicro 6012-P8 (Dual P4 Xeon, 512 MB RAM, 36 GB diskcapacity, 1000BASE-T)• external disc array – Proware Simbolo 3140 (15 × 120 GB HDD, u160 SCSI)206 High-speed National Research Network and its New Applications 2002

streaming serverAAA (LDAPS) server1. SSH2. LDAPS3. SMB CESNET2(IP network)upload proxy serverupload clientFigure 21.1: Upload system scheme21.2 Announcing PortalDuring this year, we started to actively participate in the preparation of a programof the TERENA association entitled Academic Netcasting Working Group(TF-NETCAST). To provide groundwork for discussions, we launched the announcingportal, which is a Web application allowing announcements of livebroadcasts of events.The application is open; anyone with an access account in CAAS or in theportal system can contribute to the system. Submissions can also be uploadedoff-line via e-mail. The submitted data are in XML format and the respectiveDTD is freely available at http://prenosy.cesnet.cz/dtd/event.0-3.dtd. The portalis located at prenosy.cesnet.cz.21.3 Broadcasts of EventsIn 2002, we maintained live broadcasts of events or provided the technologicalplatform or technical support for these broadcasts. The most important ofthese events were the medical conferences Genetics after Genome and InternationalSymposium on Interventional Radiology. From the viewpoint of thetechnological development of the streaming platform, the most essential eventswere broadcasts in the PAL quality of the 10 Years of the Internet in the CzechRepublic and TERENA Mini Symposium seminars and the broadcast of the Invex2002 exhibition.High-speed National Research Network and its New Applications 2002207

The easiest way – direct interconnection of the streaming server with CAAS – wasnot possible since the GINA library that maintains AAA services in Windowschanges with every Windows version (often also with different service packs).We would not be able to keep the system in a consistent state in terms of securityand upgrades would not be possible. That is why we chose the alternativein which a proxy upload server is connected in front of the streaming server.This proxy server mediates communication between the client and the streamingserver.We chose Linux as the proxy server platform, because there is a PAM librarydeveloped within CAAS for authentication using LDAPS. Since only authenticationdata are stored in LDAPS, the authorization works on the basis of accessrights in the file system of the proxy server. Every user can only access onedirectory in the streaming server. Data are transferred between the proxy andstreaming server using the SMB protocol (transfer rate offered by SMB is approx.50 Mbps per client).Suitable selection of the protocol for transfers between clients and the proxyserver turned out to be the biggest problem. User names and passwords needto be transferred in an encrypted form, whereas the remaining communicationshould be encryption-free (large volume of virtually uncompressible data). Theprotocol must easily pass though firewalls and there must be clients for thisprotocol for most of the operating systems normally available.After considering several alternatives (Kerberos FTP and standard FTP, SMB,SSH/SCP, HTTP), we selected SSH/SCP. Its disadvantage is its low transfer performance(less than 10 Mbps in the tested configuration) given by the necessityto encrypt the entire communication. On the other hand, SSH/SCP normallypasses through firewalls (if the port 22 is enabled) and there are a large numberof clients for various operating systems available for it. Nevertheless, we do notconsider the SSH/SCP alternative to be the optimal one and are looking for aprotocol that could offer higher transfer rates while preserving the security.Another extension considered is the direct connection of the proxy server tothe disk array (the disk array can be connected to two independent servers).The current streaming system configuration includes:• streaming server – DELL 4000 (Pentium III Xeon, 1.25 GB RAM, 100 GB internaldisk array, 1000BASE-SX)• proxy server – SuperMicro 6012-P8 (Dual P4 Xeon, 512 MB RAM, 36 GB diskcapacity, 1000BASE-T)• external disc array – Proware Simbolo 3140 (15 × 120 GB HDD, u160 SCSI)206 High-speed National Research Network and its New Applications <strong>2002</strong>

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!