Previous     Contents     Index          Next     
iPlanet Partner Agent for ECXpert Server Site Administrator’s Handbook



Appendix A   (Optional) Installing a Stand-alone FileDrive Server

This chapter describes the stand-alone FileDrive Server, which optionally can be used to exchange files with the Partner Agent Server, and consequently with ECXpert, through a firewall.

This chapter explains how to optionally install a stand-alone FileDrive Server, how to configure FileDrive Server to transfer files to and from Partner Agent Server through a firewall, and how to uninstall FileDrive Server. It also provides answers to frequently asked questions about FileDrive Server.

The following topics are discussed in this section:

FileDrive Server

The Partner Agent Server is installed directly on the ECXpert machine, so file transfers between the two servers do not go through a firewall. If you want to be able to transfer files to ECXpert from an FTP or HTTP(S) server in a DMZ outside of your firewall, you can install a separate FileDrive Server, in addition to Partner Agent Server. You can then use the FileDrive Server to transfer files from outside the firewall to Partner Agent Server, which can then transfer the files to and from ECXpert.

Hardware Requirements for a Stand-alone Instance of FileDrive Server

  • Approximately 12 MB of disk space to hold the installed FileDrive Server directory.


  • Approximately 12 MB of temporary disk space to hold the FileDrive Server tar file, the extracted distribution, and the installer. These can be backed up and deleted once FileDrive Server is installed.


  • 64 MB of memory and 128 MB of swap space for the operating system and Server are recommended.


  • In addition, FileDrive Server produces logfiles, security audits, and configuration version histories that are stored in the FileDrive Server directory hierarchy. The size and growth rate of these files are highly dependent on server activity. Expect a lightly used Server to use up a minimum of 2 MB of additional disk space during several months of operation.




    • Note

    These minimums do not take into account other applications that may be running simultaneously with FileDrive Server on the same machine.


Server Distribution

The FileDrive Server is distributed with the ECXpert 3.0 Service Pack 1 for Solaris. To download and decompress the server installation script, even if you will be installing the FileDrive Server separate from ECXpert, follow these steps.

  1. Log on as root to the machine on which you will install FileDrive Server.


  2. Download the Service Pack 1 installation file.


    1. Display the ProductTracker by SubscribNet web page.


      2. The URL is http://subscribnet.netscape.com/.

    2. Enter your Subscribnet user ID and password.


      3. The main Subscribnet page is displayed.

    3. Click the link in "Click here to access your software."


      4. An index of the Netscape and iPlanet software registered for your user ID is displayed.

    4. Click the "Netscape ECXpert" link.


      5. A page is displayed that asks you to select the version and platform.

    5. Locate the link for the FileDrive 2.1 Server, either Domestic (for customers in the U.S. or Canada) or Export (for customers in all other countries).


    6. Click the download link.


      7. Download the ECXpert 3.0 Service Pack 1 installation file into the directory in which you will install FileDrive Server.

  3. Unzip the downloaded file.


    4. Use a PKZip-compatible decompression utility that supports encryption, or download the Info-ZIP WiZTM utility available free from Subscribnet.

    The downloaded file will be unzipped into the following files:

    • dist-Solaris.tar


    • license110299sdk.txt


    • Install


    • README.Install


    • README.Certificates


    • relnotes.html


    • Uninstall


    • WHATS-NEW-2.1


  4. Install FileDrive Server using the Install script.


    5. See "Installing a Stand-alone FileDrive Server".

Obtaining a License File

FileDrive Server does not work until a license is installed. During installation, you are asked for the fully qualified path to a license file, which you should have prior to running the install script. If you do not have a license, you can run the install script and then add the license later ("Installing a License File After Installation").

Installing a Stand-alone FileDrive Server



Note

These instructions are only for installing FileDrive Server as a stand-alone server, independent of ECXpert.

To install Partner Agent Server, which interacts with ECXpert, on the ECXpert machine, follow the installation instructions in the ECXpert Service Pack 1 Release Note.


To install the FileDrive Server as a stand-alone server, perform the following steps.

  1. Log in as root.


    2. All files and directories in a stand-alone instance of FileDrive Server must be owned by root.

  2. Change to the directory in which you unzipped the downloaded installation package.


  3. Run the installation script.


    4. At the prompt, enter the following command:

    # ./Install

  4. Review the evaluation agreement.


    5. An evaluation agreement displays. Use the Space key to page through the agreement. At the end of the agreement, the installer prompts:

    Do you agree to the above terms? [y/n]
    • To continue with the installation, type Y and press Enter.


    OR

    • Type N and press Enter, to cancel the installation.


  5. Choose the directory in which to install the FileDrive Server.


    6. The FileDrive Server installer creates a directory hierarchy that contains all the FileDrive Server binaries, configuration files, and support files. The location of the FileDrive Server directory is referred to as $FILEDRIVEHOME in this document.

    To enter a location for the FileDrive Server root directory:

    • To use the default location, press Enter.


    OR

    • Enter a complete path name.


    • Press Enter.


    If the directory you have chosen does not exist, the installer asks if you want it to create the directory for you.

    • To create the directory, press Enter.


    • If you type N, for no, the installer asks:
      Do you want to continue with the installation? [y]


    • To continue, press Enter.


    • Press Enter to have the installer create the directory.


    The installer extracts the distribution. All files are owned by the root user, and have group bin. The following message displays:

    Extracting the distribution into $FILEDRIVEHOME.
    The installer configures the FileDrive Server installation. The configuration files are automatically edited to reflect the location that you have chosen for the root of the directory hierarchy. The Installer creates two environment files that reflect your choice of FileDrive Server root directory. You may reference these files in your .profile or .cshrc file to set a $FILEDRIVEHOME environment variable at login time. The following messages display:

    Configuring FileDrive installation
    Creating /etc/fd/env.sh
    Creating /etc/fd/env.csh
    In the next four steps, the installer prompts you for a series of ports on which to run the admin and HTTP and HTTPS Servers. You are prompted for secure and non-secure ports for each Server. After you enter each port, or accept the defaults, the installer configures the required UNIX system files to properly support FileDrive Server.

  6. Enter a port for the secure administration Server.


    7. The installer asks:

    What port would you like to run the admin server run on? [444]
    • Press Enter to select the default port 444.


    OR

    • Enter a port.


    • Press Enter.


  7. Enter a port for the non-secure administration Server.


    8. The installer asks:

    What port would you like to run the non-secure admin run on? [8081]
    • Press Enter to accept the default value of 8081.


    OR

    • Enter a port.


    • Press Enter


  8. Enter a port for the HTTP Server..




    9. Note

    The default port for HTTPS is 443. If an existing web service is using this port, select an alternate port or disable the other service that runs on this port.


    The installer asks:

    What port would you like to run the httpd server run on? [443]
    • Press Enter to accept the default value of 443.


    OR

    • Enter a port.


    • Press Enter.


  9. Enter a port for the non-secure HTTP Server..




    10. Note

    The default port for HTTP is 80. If an existing web service is using this port, select an alternate port or disable the other service that runs on this port.


    The installer asks:

    What port would you like to run the non-secure httpd server on? [80]
    • Press Enter to accept the default value of 80.


    OR

    • Enter a port.


    • Press Enter.


    A startup file is created, /etc/rc.filedrive.

  10. Set startup option.


    11. The installer asks:

    Would you like FileDrive to load at system start? [y]
    • Press Enter, to select the default yes.


    A script is added that starts FileDrive Server when the system boots.

    OR

    • Type N, for No.


    • Press Enter.


    The installer checks if an anonymous FTP account exists. If it does not exist, a message displays recommending that you create an anonymous FTP account.

  11. Set up nightly cron job.


    12. The installer asks:

    Would you like to install nightly log rotation? [y]
    • To create a crontab entry that handles the daily log rotation and generates the daily transfer statistics, press Enter.


    A crontab entry that drives the nightly log rotation and automatic statistics generation program is installed.

    OR

    • Type N, for No.


    • Press Enter.


  12. Select Server mode of operation.


    13. FileDrive Server can run in standalone mode or as an inetd entry, listening on port 21.



    Note

    We recommend using stand-alone mode in general, because it is more flexible and provides significant performance improvements over inetd-based services.


    To run as an inetd entry:

    • At the prompt, type N.


    • Press Enter.


    OR

    To run in standalone mode:

    • Press Enter at the prompt, to select Yes.


    In standalone mode, select the port. The installer asks:

    What port would you like to run the ftp server on? [21]
    • To run on the default port 21, press Enter.


    OR

    • Enter a new port.


    • Then press Enter.


    The installer updates the /etc/inetd.conf file to reflect your choices.

  13. Select a port for the ActiveAgents Server. The installer asks:


    14. What port would you like to run the ActiveAgents server on? [4455]
    • Press Enter to accept the default value of 4455.


    OR

    • Enter a port.


    • Press Enter.


In the next part of the installation, you generate three certificates for use by the three Servers; the FileDrive Server ftpd, the Agentd, and the Admin System. Each certificate has to be generated and then signed with a CA Signing Certificate.

  1. If a CA Signing Certificate does not exist, you must generate one to sign the three Server certificates. A PEM pass phrase (password) is required to encrypt the CA Signing Certificate's private key. This is a password to authorize your electronic signature on the other certificates.


    • At the prompt, enter a PEM pass phrase. The pass phrase must be at least four characters long.


    • Enter the PEM pass phrase again to verify it.


    • At the series of following prompts, enter information about yourself in order for the certificate to be created.


    After you respond to the prompts, the signing certificate is generated.

When you generate the next three certificates, you have the option to store the Server's private key encrypted. If you select this option, unattended Server startup is not possible at system boot. Instead, the PEM pass phrase will need to be entered at a console each time the Servers are started.



Note

If you are evaluating FileDrive Server, it is recommended that you do not encrypt the private key.


  1. Generate a certificate for the ActiveAgents Server.


    • At the following series of prompts, enter information about yourself that is incorporated into the certificate request.


    • The installer asks:


      • Is the above information correct? [y]
    • If the information is not correct, type N.


    • Re-enter the correct information at the prompts.


    OR

    • Press Enter, for yes.


    • The installer asks:


      • Encrypt Private Key? [n]
    • Press Enter, to select No.


    OR

    • To encrypt the Server's private key, type Y.


    • Press Enter.


      • The installer generates the private key.

    • Enter the PEM pass phrase from your CA Signing Certificate to sign the ActiveAgents Server certificate.


      • The certificate is saved.

  2. Generate a certificate for the FileDrive Server.


    3. At the following series of prompts, enter information about yourself that is incorporated into the certificate request. The information you entered for the previous certificate becomes the default values for this certificate.

    • At the prompts, press Enter to accept the defaults.


    OR

    • Enter the desired information.


    • The installer asks:


      • Is the above information correct? [y]

    • If the information is not correct, type N.


    • Re-enter the correct information at the prompts.


    OR

    • Press Enter, for yes.


    • The installer asks:


      • Encrypt Private Key? [n]

    • Press Enter, (to select No).


    OR

    • To encrypt the Server's private key, type Y.


    • Press Enter.


      • The installer generates the private key.

    • Enter the PEM pass phrase from your CA Signing Certificate to sign the certificate.


    The certificate is saved.

  3. Generate a certificate for the FileDrive Administration Server.


    4. At the following series of prompts, enter information about yourself that is incorporated into the certificate request. The information you entered for the previous certificate becomes the default values for this certificate.

    • At the prompts, press Enter to accept the defaults.


    OR

    • Enter the desired information.


    • The installer asks:


      • Is the above information correct? [y]
    • If the information is not correct, type N.


    • Re-enter the correct information at the prompts.


    OR

    • Press Enter, for yes.


    • The installer asks:


      • Encrypt Private Key? [n]
    • Press Enter, to select No.


    OR

    • To encrypt the Server's private key, type Y.


    • Press Enter.


      • The installer generates the private key.

    • Enter the PEM pass phrase from your CA Signing Certificate to sign the FileDrive Administration Server certificate.


      • The certificate is saved.

  4. Enter the FileDrive Server administrator password. The administrator password is required to access the administration system.


    • Enter an administrator account name at the account name prompt and press Enter.


    • Enter a password at the New password prompt and press Enter.


    • Re-enter new password and press Enter.




      • Note

      If you want to change or add a new admin password after the installation, run $FILEDRIVEHOME/bin/addpasswd.


  5. Install your FileDrive Server license.


    • To install the FileDrive Server License, at the Install Now prompt, press Enter.


    • Enter the pathname for the license text file and press Enter, at the prompt:


      • Where is the FileDrive license located? (enter the pathname)
      The license is installed. Your system's Server starts, allowing new connections to your FileDrive Server and the administration system starts.

      The following message appears:

      Congratulations, you are now running FileDrive.

Installing a License File After Installation

You can install FileDrive Server without a license file, but if you try to run it without a license, you will get the error message "530 Service not available."

To install a license after you have installed FileDrive Server:

  1. Run the license installation utility.


    2. Enter the following command:

    $FILEDRIVEHOME/bin/install.license
    where $FILEDRIVEHOME is the directory in which FileDrive Server is installed.

  2. At the prompt, enter the pathname for the license text file.


    3. The license is added.

  3. Stop the FileDrive FTP and HTTP servers.


    4. Enter the following commands:

    $FILEDRIVEHOME/bin/stop_ftpd
    $FILEDRIVEHOME/bin/stop_httpd
    where $FILEDRIVEHOME is the directory in which FileDrive Server is installed.

    The Servers shut down.

  4. Restart the FileDrive FTP and HTTP servers.


    5. Enter the following commands:

    $FILEDRIVEHOME/bin/start_ftpd
    $FILEDRIVEHOME/bin/start_httpd
    where $FILEDRIVEHOME is the directory in which FileDrive Server is installed.

    The Servers restart and read the license.

Uninstalling a Stand-alone Instance of FileDrive Server



Note

These instructions are only for uninstalling a stand-alone instance of FileDrive Server.


To uninstall a stand-alone instance of FileDrive Server, perform the following steps.

  1. Back up key components of the current installation in case there is a problem with the new installation. In particular, you want to preserve the conf directory, as well as the contents of bin/agents. Also, if logging is important, back up the var/logs directory as well.


  2. Create a separate directory to store these files.


    3. Use the following commands:

    # cd $FILEDRIVEHOME/

    # mkdir fd_sav

    # tar cvf ./fd_conf.tar conf bin/agents var/logs

    where $FILEDRIVEHOME is the directory in which FileDrive Server is installed.

  3. Remove the existing instance using the Uninstall script.


    4. $FILEDRIVEHOME/bin/utils/Uninstall



    Note

    The Uninstall program physically removes the directory. If you are removing FileDrive Server manually and have stopped FileDrive Server, you can remove the existing installation.

    Again, it is recommended that you back up key installation files listed in Step 1.


  4. If you reinstall FileDrive Server, you can copy bin/agents back in, but you have to manually reconfigure the Server. Do not copy the conf directory back into the FileDrive Server directory.


FileDrive Server FAQs

This section includes some frequently asked questions about FileDrive Server and their answers.

Q:.

When I connect to my FileDrive Server host, I get the message "530 Service Not Available." What does this mean?

A:.

This almost always indicates an expired or corrupted FileDrive Server license file.

To see if your license has expired:

  1. Go to the FileDrive Server installation directory. (By default, this is $FILEDRIVEHOME.)


    2. Look in the conf directory for the file filedrive.license.

    There is a token called Valid To:. If the year is 0, then this license is set to never expire. If the Valid To: date is before the current date, then your license has expired.

To replace the license contact ECXpert Technical Support.

  • In the United States, call Expert Alliance at 800-560-5749.


    • OR

  • Outside of the United States, call Technical Support International at 650-937-6688.


When you have a new license, run the install.license script in the $FILEDRIVEHOME/bin directory.

Q:.

How do I perform a chroot for FileDrive Server users?

A:.

FileDrive Server automatically performs a chroot operation on Virtual and anonymous users.

There are three different types of users known to FileDrive Server; real, virtual, and anonymous.

  • Real-—Real UNIX accounts. The account need not be a functioning shell account, but it must be in the /etc/passwd directory.


  • Virtual—This is the FileDrive Server-specific user. FileDrive Server maintains its own copy of a password file for FileDrive Server-specific authentication. Upon authentication, a chroot operation is performed on the resultant shell.


  • Anonymous— A long standing FTP concept where no password is required to gain entry to the machine through an FTP shell. Again, FileDrive Server automatically performs a chroot on the resultant shell.


This means that virtual and anonymous users in FileDrive Server can only descend their part of the file system tree. They are not allowed to go above their section of the file system.

Q:.

With other implementations of FTP, the chroot requires that the anonymous users have their version of system commands. Often system directories including an /etc/ and /bin are included in their part of the chroot filesystem. Why don't virtual users require this?

A:.

All FTP commands trigger events. FileDrive Server supplies its own implementation of every FTP command that can be entered. The reason is so FileDrive Server can map these to events and trigger user defined ActiveAgents. Because FileDrive Server has already implemented these command internally, system commands such as cd and other Operating System commands are not used.

Q:.

How are environment variables set and passed to an ActiveAgent? I'm concerned about current file transfers from different users that will trigger multiple executions of ActiveAgents. Specifically I wonder if there is a possibility of having incorrect environment variables passed to any of the ActiveAgents. Do environment variables get generated as part of the child process and therefore are not visible to other child processes?

A:.

As with many interesting questions, there is a long answer and a short one.

Short Answer:.

Environment variables are guaranteed to be available only to the agent specifically invoked by FileDrive Server.

Long Answer:.

The environment variables are generated by the FileDrive Server which is handling the request for a given session. The variables are passed to the agentd which then uses them to set up the environment for the process that will execute the agent. These variables do not actually exist as environment variables until agentd executes the agent process. There is no possibility of any environment variable getting inherited or passed to any other agent processes since once an agent is done executing, its process dies and all traces of the variables go away. In addition, the environment variables for a given session are regenerated each time an agent is executed, so there is also no way for agents to share environment variables even if this is desirable. Furthermore, the FileDrive Server to agentd connection is SSL encrypted, so the possibility of obtaining the values of these variables prior to agent execution is extremely unlikely.


Previous     Contents     Index          Next     

Copyright © 2000 Sun Microsystems, Inc.
Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.
Last Updated December 04, 2000