2002 - cesnet
2002 - cesnet 2002 - cesnet
The easiest way – direct interconnection of the streaming server with CAAS – wasnot possible since the GINA library that maintains AAA services in Windowschanges with every Windows version (often also with different service packs).We would not be able to keep the system in a consistent state in terms of securityand upgrades would not be possible. That is why we chose the alternativein which a proxy upload server is connected in front of the streaming server.This proxy server mediates communication between the client and the streamingserver.We chose Linux as the proxy server platform, because there is a PAM librarydeveloped within CAAS for authentication using LDAPS. Since only authenticationdata are stored in LDAPS, the authorization works on the basis of accessrights in the file system of the proxy server. Every user can only access onedirectory in the streaming server. Data are transferred between the proxy andstreaming server using the SMB protocol (transfer rate offered by SMB is approx.50 Mbps per client).Suitable selection of the protocol for transfers between clients and the proxyserver turned out to be the biggest problem. User names and passwords needto be transferred in an encrypted form, whereas the remaining communicationshould be encryption-free (large volume of virtually uncompressible data). Theprotocol must easily pass though firewalls and there must be clients for thisprotocol for most of the operating systems normally available.After considering several alternatives (Kerberos FTP and standard FTP, SMB,SSH/SCP, HTTP), we selected SSH/SCP. Its disadvantage is its low transfer performance(less than 10 Mbps in the tested configuration) given by the necessityto encrypt the entire communication. On the other hand, SSH/SCP normallypasses through firewalls (if the port 22 is enabled) and there are a large numberof clients for various operating systems available for it. Nevertheless, we do notconsider the SSH/SCP alternative to be the optimal one and are looking for aprotocol that could offer higher transfer rates while preserving the security.Another extension considered is the direct connection of the proxy server tothe disk array (the disk array can be connected to two independent servers).The current streaming system configuration includes:• streaming server – DELL 4000 (Pentium III Xeon, 1.25 GB RAM, 100 GB internaldisk array, 1000BASE-SX)• proxy server – SuperMicro 6012-P8 (Dual P4 Xeon, 512 MB RAM, 36 GB diskcapacity, 1000BASE-T)• external disc array – Proware Simbolo 3140 (15 × 120 GB HDD, u160 SCSI)206 High-speed National Research Network and its New Applications 2002
streaming serverAAA (LDAPS) server1. SSH2. LDAPS3. SMB CESNET2(IP network)upload proxy serverupload clientFigure 21.1: Upload system scheme21.2 Announcing PortalDuring this year, we started to actively participate in the preparation of a programof the TERENA association entitled Academic Netcasting Working Group(TF-NETCAST). To provide groundwork for discussions, we launched the announcingportal, which is a Web application allowing announcements of livebroadcasts of events.The application is open; anyone with an access account in CAAS or in theportal system can contribute to the system. Submissions can also be uploadedoff-line via e-mail. The submitted data are in XML format and the respectiveDTD is freely available at http://prenosy.cesnet.cz/dtd/event.0-3.dtd. The portalis located at prenosy.cesnet.cz.21.3 Broadcasts of EventsIn 2002, we maintained live broadcasts of events or provided the technologicalplatform or technical support for these broadcasts. The most important ofthese events were the medical conferences Genetics after Genome and InternationalSymposium on Interventional Radiology. From the viewpoint of thetechnological development of the streaming platform, the most essential eventswere broadcasts in the PAL quality of the 10 Years of the Internet in the CzechRepublic and TERENA Mini Symposium seminars and the broadcast of the Invex2002 exhibition.High-speed National Research Network and its New Applications 2002207
- Page 155 and 156: 13.1.2 Construction of a Teleinform
- Page 157 and 158: with high-capacity disk memories co
- Page 159 and 160: If the collaboration of individual
- Page 161 and 162: ten, whereas items in the hyperlink
- Page 163 and 164: Besides that, we processed some lec
- Page 165 and 166: CallManager was designed using open
- Page 167 and 168: tre, when we were forced to handle
- Page 169 and 170: 15 Intelligent NetFlow AnalyserThe
- Page 171 and 172: In the second half-year, we complet
- Page 173 and 174: 15.4 ConclusionDuring 2002, our tea
- Page 175 and 176: • data space consolidation (easy
- Page 177 and 178: ecord size [kB] 256 512 1024 2048 4
- Page 179 and 180: Figure 16.3: Nishan-Linux measureme
- Page 181 and 182: 16.3.1 No SecurityThe initiator is
- Page 183 and 184: vices. These features mainly involv
- Page 185 and 186: Figure 17.1: www.cesnet.cz• We ha
- Page 187 and 188: The meeting was broadcast live via
- Page 189 and 190: Most of the problems connected with
- Page 191 and 192: Standard manipulator (privileged us
- Page 193 and 194: 19 Security of Local CESNET2Network
- Page 195 and 196: Moreover, the program was complemen
- Page 197 and 198: in the network of AV ČR Praha-Krč
- Page 199 and 200: 19.5 Future Plans, Expected Further
- Page 201 and 202: InternetNTPEthernetKPCPPSLabelPPSLa
- Page 203 and 204: generated by the NTP server. Its ou
- Page 205: 21 Platforms for Streaming andVideo
- Page 209 and 210: 21.5 Video Content CollaborationPla
- Page 211 and 212: First of all, we had to define an a
- Page 213 and 214: international-scale broadcast will
- Page 215 and 216: Part IVConclusion and Annexes
- Page 217 and 218: 23 ConclusionThe current developmen
- Page 219 and 220: AList of connected institutionsA.1
- Page 221 and 222: institutionconnection [Mbps]Institu
- Page 223 and 224: Karásek Miroslav, Ing., DrSc. Czec
- Page 225 and 226: Voral Pavel, Ing.Voříšek Martin,
- Page 227 and 228: Burčík J.: Optické přepínání
- Page 229 and 230: Veselá S.: Aktivity sdružení CES
- Page 231 and 232: Krsek M.: Platformy pro streaming m
- Page 233 and 234: Zatloukal K., Křivánek V.: Videok
- Page 235 and 236: Satrapa P.: Scavenger: Za Internet
The easiest way – direct interconnection of the streaming server with CAAS – wasnot possible since the GINA library that maintains AAA services in Windowschanges with every Windows version (often also with different service packs).We would not be able to keep the system in a consistent state in terms of securityand upgrades would not be possible. That is why we chose the alternativein which a proxy upload server is connected in front of the streaming server.This proxy server mediates communication between the client and the streamingserver.We chose Linux as the proxy server platform, because there is a PAM librarydeveloped within CAAS for authentication using LDAPS. Since only authenticationdata are stored in LDAPS, the authorization works on the basis of accessrights in the file system of the proxy server. Every user can only access onedirectory in the streaming server. Data are transferred between the proxy andstreaming server using the SMB protocol (transfer rate offered by SMB is approx.50 Mbps per client).Suitable selection of the protocol for transfers between clients and the proxyserver turned out to be the biggest problem. User names and passwords needto be transferred in an encrypted form, whereas the remaining communicationshould be encryption-free (large volume of virtually uncompressible data). Theprotocol must easily pass though firewalls and there must be clients for thisprotocol for most of the operating systems normally available.After considering several alternatives (Kerberos FTP and standard FTP, SMB,SSH/SCP, HTTP), we selected SSH/SCP. Its disadvantage is its low transfer performance(less than 10 Mbps in the tested configuration) given by the necessityto encrypt the entire communication. On the other hand, SSH/SCP normallypasses through firewalls (if the port 22 is enabled) and there are a large numberof clients for various operating systems available for it. Nevertheless, we do notconsider the SSH/SCP alternative to be the optimal one and are looking for aprotocol that could offer higher transfer rates while preserving the security.Another extension considered is the direct connection of the proxy server tothe disk array (the disk array can be connected to two independent servers).The current streaming system configuration includes:• streaming server – DELL 4000 (Pentium III Xeon, 1.25 GB RAM, 100 GB internaldisk array, 1000BASE-SX)• proxy server – SuperMicro 6012-P8 (Dual P4 Xeon, 512 MB RAM, 36 GB diskcapacity, 1000BASE-T)• external disc array – Proware Simbolo 3140 (15 × 120 GB HDD, u160 SCSI)206 High-speed National Research Network and its New Applications <strong>2002</strong>