In early days Http and other services were accessed by concern server IP addresses, but now a days all services are mostly accessed by using the name spaces. An hierarchical name space was introduced for unique proprietary name provision for general public and organizations whom uses servers to give services in public networks ( eg., Web server etc., ).

Why I need names instead of Ip addresses to be directly used ? the major issues are given below.

1. A name will represent a company in the public network, IP doesn’t . ( Eg., www.google.com represents Google Search engine on internet. instead of that if i give a set of numbers as my web site address will that look fair ? (  Eg.,   http://173.194.32.104 )

2. The next thing is if i use my IP address as my site address its difficult for users to remember 100s of sites within their mind

3. The next thing is if I use my IP address as site address, in case if there is a service level issue with my ISP and am switching over to another ISP, my IP will surely get changed. Then i have to intimate all my customers about my change.

4. The fourth one is it is not possible to keep redundant web servers for same web site if they use IP address as site address.

5. The next major issue is I cant use mail address in their format. Will it look fair if i have a mail address as  ” anbarasu@122.165.216.46 “  ??

So for above mentioned reasons we cannot represent our site address in the IP format. Ok lets have a change.. let me change my site addresses to names such as www.yahoo.com , www.google.com like wise.

What will be the issue ? my basic communication between the servers and clients will be happening by my basic communication protocol the ” TCP / IP “. I can’t use a string as my server address .

What to do ? i need IP for basic communication and also i cannot use IP address as my site address. Here came the God father the mighty ” DNS “.

What actually DNS does ?

DNS is a server in which we can create Names vs IP address records. with a separate container for each and every domain ( A domain represents a company in DNS servers. For example for yahoo there will be a container alloted in which all its servers will be placed www.yahoo.com, chat.yahoo.com, in.yahoo.com ).

Inside the container I have to create records for each server as given below.

www.yahoo.com   122.165.216.46

chat.yahoo.com    122.164.215.45

in.yahoo.com         122.164.216.54

like wise. This is called DNS data base. The DNS server will be having database for all servers hosted in the public internet ( Lets discuss latter about how a server in America whose name record is available in my local ISP DNS server ).

So now, in my client machine I have to define which is my DNS server ( preferred alternate options will be available in your client machines ). Once you defined it for all name based probes, the client machine will contact your DNS server using your client machine’s DNS client service to get name query. No matter what type of application your using either a browser or a custom application.

Now in my client machine browser am typing ” www.yahoo.com “. The client machine OS directs the typed name to the DNS client service and in turn the client service establishes a connection to preferred DNS server in case if preferred DNS server is unavailable the client service establishes connection with the alternate DNS server.

Once the connection is established in between the DNS client and DNS server the DNS client starts name query as shown below. ( lets consider DNS client and server are speaking )

Client : Hello 203.145.184.40

Server : Hello 122.169.200.49

Client : Need a name query establish connection

Server : Ok establish connection

( connection got established )

Client : Need Ip address of www.yahoo.com

( Server Searches its database )

If got the record

Server : Ip address of www.yahoo.com is 122.165.216.46

Client : Thanks and signing off

in this way the client gets IP address of www.yahoo.com, not every time when you access www.yahoo.com, once per hour or two even if you continuously accessing yahoo . Because the resolved name will be in client machine’s memory for some time. Based on the configurations done in DNS server ( not in DNS client even if it is stored in DNS client ). This is called cache.

So how it is use full for you ? comment on this

Firewall_5510#config t

Firewall_5510(config)# enable password xxxxx(your password)

Enable password is necessary to enable ssh access

Firewall_5510(config)# username test password test123

User name and password for connecting using ssh

Firewall_5510(config)# aaa authentication ssh console LOCAL

Different authentication can be  configured, like RADIUS, TATAC, etc.., here we specified Local authentication with user name and password mentioned above

Firewall_5510(config)# ssh 192.168.x.x 255.255.255.o inside

Permit  ssh access to firewall  from specified ip or subnet, inside

Firewall_5510(config)# domain-name TEST.ORG

Domain name of your company. RSA key is generated using domain name + firewall name combination

Firewall_5510(config)# crypto key generate rsa modulus 1024

Generate RSA key

You are done !!!!!!!!!!!!!!!!!!!!!!

now the firewall can be accessed from inside network………………………

Cisco announced that Guinness World Records, an authority for record-breaking achievement around the world, has certified the Cisco Carrier Routing System (CRS-1) as the highest capacity Internet router ever developed. The new router will be the first networking technology to be recognized by Guinness World Records.

The CRS-1, announced in May, is designed to shuttle traffic across the backbone of the Internet. The company spent four years and $500 million developing the technology, and even created a new software operating system for the product. Cisco claims that the router can reach a routing throughput of 92 terabits, or 92 trillion bits per second. With this kind of capacity, the entire printed collection of the U.S. Library of Congress could be downloaded in 4.6 seconds. The same feat using a dial-up modem would take around 82 years.

Cisco has already been listed in the Guinness record books for other achievements. On April 11, 2000, Guinness recognized Cisco as having the highest market capitalization of any computer company in the world, eclipsing Microsoft. On that day, Cisco’s market capitalization was $503.4 billion, according to the record books.

Category 5

Category 5 transmits at 100MHz frequencies, providing a rated line speed of up to 100Mbit/s and a max cable segment length of 100 meters. Most Category 5 cables, designed for early networks, only used two twisted pairs. Older Category 5 cables continue to make up the bulk of the world’s network infrastructure.

Category 5e

An improved specification to Category 5 was later introduced. By reducing noise and signal interference, Category 5e was capable of increasing rated transfer speeds to 350 Mbit/s over 100 meters. The new standard also required all cables to include four twisted pairs (all eight contacts). An optimized encoding scheme allows up to 50-meter lengths of Category 5e cable to perform at, or near, Gigabit Ethernet (1000BASE-T) speeds.

Category 6

The mainstream adoption of Gigabit Ethernet (1000BASE-T) required new industry-standard cables capable of transmitting at a higher frequency of 250 MHz. Category 6 cable uses thicker-gauge wire, increased shielding, and more pair twists per inch to reduce signal noise and interference. The tighter specifications guarantee that 100-meter runs of Category 6 are capable of 1000 Mbit/s transfer speeds. 10-Gigabit Ethernet speeds are achievable when reducing cable lengths to less than 50 meters.

Category 6e

Category 6 Enhanced (6e) is an augmented specification designed to double transmission frequency to 500 MHz. By wrapping Category 6e in grounded foil shielding, full 10-Gigabit Ethernet speeds can be reached without sacrificing the max cable length of 100 meters.

It is possible through a Port forwarding.

We have tested this in a ubuntu Host With Windows Xp guest OS. Here we will access Remote desktop of the XP ( Guest OS ) from the network.

IP : 192.168.0.1

When we try Remote desktop to 192.168.0.1 it will not connect to XP. Just drop the packet from Host OS ( Ubuntu ). We can do pot forwarding with following three commands.

|

VBoxManage setextradata “XP Test” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/rdp/Protocol” TCP
VBoxManage setextradata “XP Test” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/rdp/GuestPort” 3389
VBoxManage setextradata “XP Test” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/rdp/HostPort” 3389

|

You have to change the following according to your need,
Windows Remote desktop Port : 3389
Host OS name : XP Test
Service : RDP

Now restart the Sun Virtual Box and Start the Guest OS

Port forwarding is enabled, when you Access Remote Desktop to 192.168.0.1 it Host OS will forward port 3389 to the Guest Os. and you can access XP Desktop.this port forwarding is happening on virtual box Layer

Tip 1:  Java Version

Typically, many performance optimizations are always being incorporated in newer releases of Java SE.  Whenever possible, it is a good idea to upgrade to  the latest version of Java SE Platform-to take advantage of these optimizations

To change Java version, edit the $GLASSFISH_HOME/config/asenv.conf.
Change the property called “AS_JAVA” to point to the desired Java version.

Tip 2:  Java Settings

By default, the GlassFish application server is configured to use the client VM (GlassFish application server is installed in developer profile). For better performance,  it is recommended to change this to “-server”.

Java Heap Size and other settings

-Xms and -Xmx

The size of the heap is determined by the Java options -Xmx (maximum) and -Xms (minimum).  While a larger heap can contain more objects and reduce the frequency of garbage collection, it may result in longer garbage collection times  especially for a full GC cycle. The optimum value for Xms and Xmx can be determined by the following points

initial and maximum heap sizes are

• Initial heap size of 1/64th of the physical memory, up to 1GB. (Note that the minimum initial heap size

is 32MB, since a server-class machine is defined to have at least 2GB of memory and 1/64th of 2GB is

32MB.)

• Maximum heap size of 1/4th of the physical memory, up to 1GB.

-XX:NewRatio

–XX:NewRatio=n 8 on server JVM

Ratio between the young and old generations. For example, if n is 3, then the ratio is 1:3 and the combined size of Eden and the survivor spaces is

one fourth of the total size of the young and old generations.

-XX:MaxPermSize

-XX:MaxPermSize=256m

-XX:+UseParallelGC

By default, the serial collector is the default garbage collector and is typically used for single processor machines and a small heap.  However, on server-class machines with more than one processor, parallel GC is the default. Ensure that parallel GC is being used (-XX:+UseParallelGC) for multithreaded machines which uses multiple threads for minor collections.  Major collections are the same as serial collector.

This  options can be set via Administration console:
1. Use the web browser URL:  http:<yourhostname>:4848 (the default
admin port)
2. Login with administrator user and password
3. Click on Application Server node on the left hand side, JVM settings
tab on the right hand side, then JVM options.
4. Edit the desired JVM option (or add New) in the textbox.
5. Click Save on the right hand side

Tip 3 – HTTP acceptor threads

HTTP acceptor threads accept new incoming connections and schedule new requests for the existing connections.  The default number of acceptor threads is one.  It is recommended to have 1 thread per 1-4 core, although experimentation may be necessary to find the optimal number.

This  options can be set via Administration console:

1. Login at the administration URL:  http://<yourhostname>:4848
2. Expand the node on the left hand side by clicking on Configuration –>
HTTP Service –> HTTP Listeners
3. Click on http-listener-1.
4. Edit the “Acceptor Threads” field under the Advanced setting.

Tip 4 – HTTP request processing threads

This pool of threads retrieve and process incoming HTTP requests.  The default
number of request processing threads is 5 but a starting rule of thumb is to tune
the number of HTTP request processing threads to the number of CPUs on the
SUT.  If you application is I/O bound, you can start with double the number of
CPUs.  Increase this number of threads until your throughput starts to decline.  At
the point when your throughput starts to suffer, the request processing threads
are starting to contend for CPU resources so some experimentation will be
necessary to find the sweet spot.

via Administration console:
1.  Login at the administration URL:  http://<yourhostname>:4848
2. Expand the node on the left hand side by clicking on Configuration –>
HTTP Service
3. Click on RequestProcessing Tab on right hand side.
4. Edit the text box beside Thread Count.
5. Click Save and restart.

Tip 5 -  Default-web.xml

The default-web.xml file defines features such as filters and security constraints that apply to all web applications.  The parameter, development=true, (the default value for developer profile) enables changes made to JSPTM – code to be  instantly visible to the clients. However, there is a cost associated with this. To avoid the cost of checking whether the JSP code  has been modified and hence its recompilation, the first parameter, development=false, can be used to set development to false since this scenario is unlikely in a production system.  This check affects application scalability when multiple users request the same JSP class. The second parameter, genStrAsCharArray=true, changes the way the JSPs are generated by generating char arrays for every static strings in the JSP class like for example, the HTML tags.  By default, the JSPcode  writer must call the toCharArray() on every String on every invocation of the JSPclass.

Settings in  default-web.xml.  ($GLASSFISH_HOME/domains/domain1/config/default-web.xml)
<init-param>
<param-name>development</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>genStrAsCharArray</param-name>
<param-value>true</param-value>
</init-param>

The more  configuration optimization can be done using the document from SUN you can download it here

Download – OptimizeGlassFishPerformance.pdf

Download KeyTool IUI :  Here

Create a keystore file

1. Select window’s task Create empty keystore

ie. if not visible, use in the menubar:

View | Select task | Create | Keystore

give password changeit that is the default password of glassfish keystore.jks, it will be easy if you give the same password.

1. Fill in the fields by clicking the respective icon buttons
   ==> once all required fields are filled, Action button (located at bottom) becomes enabled
2. Click Action button

Create a private key (keypair) entry, then save it in an existing keystore:

Trusted CA, private key (keypair) entry

ie. private key of type RSA.

This is done in 3 steps.

Step 1/3: create private key entry

1. Select task Create RSA private key entry

View | Select task | Create | Keystore’entry | RSA Private key with vers, with #1 cert

1. Fill in the fields
   ==> once all required fields are filled, Action button becomes enabled
2. Click Action button
   ==> A dialog shows up, containing the table of all available entries of the selected KeyStore
3. At the bottom of the dialog, enter new alias, enter password, confirm password

give alias name as s1as and password changeit this is the default alias name and password in glassfish, if you change the alias name and password the necessary changes has to be made in glassfish.

1. Click OK button

Step 2/3: export CSR

1. Select task Export certificate from private key entry as CSR file

View | Select task| Export | Certificate | CSR from private key entry

1. Fill in the fields
   ==> once all required fields are filled, Action button becomes enabled
2. Click Action button
   ==> A dialog shows up, containing the table of all available entries of the selected KeyStore
3. Select the alias pointing to the right private key (the one that was created in step 1/3), enter the respective password
4. Click OK button
   ==> This will generate a CSR file in PKCS#10 format. Submit this file to your CA (look for a CA that provides code signing certificate).

Step 3/3: import trusted certificate

Once your trusted certificate has been approved by the CA, you should receive it in PKCS#7 format (otherwise convert the one you get).  Copy the content(response conent which you receive in your mail) to a file and give extension .p7b (ex-:response.p7b)

Important

We also need to integrate intermediate certificate from the CA,otherwise some browsers (firefox 3.5) will show error during validation and say it is not a trusted certificate. We can download the intermediate from the CA’s site (for example verisign intermediate can be found in https://www.verisign.com/support/ssl-certificates-support/install-ssl-certificate.html). Copy the intermediate certificate and merge it with the response file, and then import to the keystore

How to

1. create file response+intermediate.p7b

2. Open response+intermediate.p7b file in vi, notepad or any other file editing tools

3. Copy the response file content send by your CA and paste it to the file (response+intermediate.p7b)

4. Copy the intermediate file content from CA site and paste it in the file (response+intermediate.p7b)

5. Now the response+intermediate.p7b file will be having two set of key’s, one is the response given the CA and the Intermediate taken from the CA website

6. Continue to the next step to import the response+intermediate.p7b file to keystore.jks

1. Select task Import CA certificate reply to private key entry

View | Select task| Import | Certificate | CA cert. replay to private key entry

1. Fill in the fields
   ==> once all required fields are filled, Action button becomes enabled
2. Click Action button
   ==> A dialog shows up, containing the table of all available entries of the selected KeyStore
3. Select the alias pointing to the right private key entry (the one that was created in step 1/3, and used in step 2/3), enter the respective password
4. Click OK button
   ==> This will import your trusted CA in the respective private key entry.

Now your keystore file is ready to deploy in glassfish. Copy the keystore file to server SDK/domains/domain1/config folder

restart the glassfish server, and take the url

copy, delete, change alias or/and password, …

1. Change keystore’s password,
2. Change secret/private key entry’s password,
3. Change entry’s alias,
4. Delete entry,
5. Copy entry,
6. View trusted certificate entry,
7. View private key entry’s certificates chain,
8. View secret key entry’s infos.

==> Open up KeyStore manager.

ie. from the menubar:

Tools | Keystore manager| [keystore-type] (JKS keystore)  keystore … (file name)

1, Install Debian lenny

Download link :  http://www.debian.org/releases/stable/

2, Install Following applications

openssh-server
openssh-client
apache2
libapache2-mod-php5
php5-cli
php5-common
php5-cgi
mysql-client
mysql-common
mysql-server
php5-mysql
php5-sqlite
php5-gd
Syslog-NG’

Root@server # apt-get install openssh-server openssh-client apache2 libapache2-mod-php5 php5-cli php5-common php5-cgi  mysql-client mysql-common mysql-server php5-mysql php5-sqlite php5-gd phpmyadmin

3, Configure /etc/default/syslog-ng

Root@server # vi  /etc/default/syslog-ng

CONSOLE_LOG_LEVEL=1
case “x$KERNEL_RINGBUF_SIZE” in
x[0-9]*)
dmesg -s $KERNEL_RINGBUF_SIZE
;;
x)
;;
*)
echo “KERNEL_RINGBUF_SIZE is of unaccepted value.”
;;

4, Configure /etc/syslog-ng/syslog-ng.conf

Find following line  and remove the comment

Change  # udp();  to udp();
Change use_dns(no);    to  use_dns(yes);
add dns_cache(yes);

5,  Downloaded and extract PHP Syslog NG to /var/www

Source : http://sourceforge.net/projects/php-syslog-ng/

6, Move Log from /var/log/syslog to MySQL

Add following script to the file

Root@server # vi /etc/syslog-ng/syslog-ng.conf

destination d_mysql {
pipe(“/var/log/mysql.pipe”
template(“INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( ‘$HOST’, ‘$FACILITY’, ‘$PRIORITY’, ‘$LEVEL’, ‘$TAG’, ‘$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC’,
‘$PROGRAM’, ‘$MSG’ );\n”) template-escape(yes));
};

log {
source(s_all);
destination(d_mysql);
};

7,  Create a  script to run in the start-up

root@Server # vi /etc/syslog-ng/syslog2mysql.sh

#!/bin/bash
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
mysql -u root –password=YOUR_PASS syslog < /var/log/mysql.pipe >/dev/null
done

8, Give execute permission to /etc/syslog-ng/syslog2mysql.sh

root@Server# chmod +x  syslog2mysql.sh

9, Put this script to Startup

Create file /etc/rc2.d/S99syslog2mysql

And add following line in that file

/etc/syslog-ng/syslog2mysql.sh

Now run following command to make it as executable

root@Server# chmod +x /etc/rc2.d/S99syslog2mysql

10, Create a Database named SYSLOG

root@Server # mysql -uroot -p syslog /var/www/install/sql/dbsetup.sql
Give write access for file /var/www/config/config.php
root@Server # chmod 777 config/config.php

Now we have too configure the PHP syslog ng, for that access your server via web browser ( http://youripaddress/install/install.php ) and follow the steps. after the installation you can access your server via web ( http://youripaddress/ )

How can you enable a password protection for putty connection manager?

There is an option to “enable database encryption” in PuTTYcm. But by default this features is disabled. You should use an Encryption library to use this feature. You can download it from PuTTYcm site

• First you download pcmcrypt.dll from http://puttycm.free.fr/download/pcmcrypt.dll

• Now open your Putty installation folder (Default location “C:\Program Files\PuTTY Connection Manager\” )

• Copy pcmcrypt.dll to above folder

• Open your PuTTYcm

• Go to “Database” menu and click on “Properties”

• Put tick mark on “enable database encryption” (It will enable only if pcmcrypt.dll is the same directory of puttycm.exe)

• Enter your Passphrase & Confirm.

• Go to file and “Save Database”

Next time onwards it will ask for a password while open the application

OpenDNS is one of the public DNS Servers. Open DNS provides many useful features like security caching and web filtering. Comparing to other Public DNS services, security is the main feature of open DNS. Here we listed some security features of Open DNS

• Web Content Filtering

Cloud-based, award-winning Web content filtering from OpenDNS with more than 50 categories of content. No appliance necessary. Effective against proxies, P2P, Web 2.0, adult and more.

• Anti-Phishing

OpenDNS provides real-time phishing site interception, Industry-leading anti-phishing powered by PhishTank, the most authoritative source of phishing data on the Internet. Protects your network, organization and its employees from fraudulent phishing scams.

• Malware Site Protection / Botnet Protection

DNS layer security protects the most vulnerable level of your network against the latest threats, including viruses, worms and zero-day vulnerabilities.

• White list / Blacklist

Lets you decide where your users can navigate on your customized Internet. White list-only functionality available.

• Smart Cache

OpenDNS’s proprietary DNS caching technology finds and locates the last known good IP address for Web sites that are experiencing difficulty, making Web sites that are down for the rest of the Internet load for OpenDNS users.

OpenDNS IPs : 208.67.222.222  & 208.67.220.220