snmp management software LoriotProsnmp management software LoriotPro

Administrator Handbook
www.loriotpro.com

TOC

Configuring and Starting the Web Server Process

Adding a WEB server process

When you initially install LoriotPro the ‘LoriotPro http Server’ is automatically loaded as well as the supervision service called ‘DashBoardService’.


Default loaded Plugin

If you do not have the HTTP Server running you should add it to be able to use the Remote Access.
In the Service workspace, click the right mouse button the contextual menu is displayed.

Select Http Server or add new service option.

The first immediatly insert the service, the second option open the Plug-in Loader below.

Both option give the same result. The plug'in loader give you more details about each Service Plug-in.

Removing the HTTP Server process

If you don’t want to use this Web server, you have to right click on the service

and from the contextual menu choose ‘Delete Service’.


Service delete

Or from the main menu 


Delete a service from the main menu

WEB server configuration

By default, the WEB server has predefined settings that for security reasons allow you only to access it locally. To change this setting and allows remote navigator to access it, you have to change the default properties. The properties are accessible from the contextual menu link to the process. 


Service properties

The ‘HTTPD Options’ is displayed.

Configuration window of the Web server process

The default port used for the WEB server is 8010 and only the localhost (loopback address 127.0.0.1) has the permission to connect to it.

Saving WEB Configuration

To save your configuration in a file click on the Save Config button :


Configuration save.

      Warning
Be sure that the file is saved in the LoriotPro /bin/config/httpd directory.

Access filters

The main point of interest of the LoriotPro WEB server is to give access to the SNMP collected data from anywhere and from a standard WEB navigator. Unfortunately, the major drawback is that unauthorized users could see private or sensible information about your infrastructure. To avoid such risk, the WEB server is only visible for pre-conFigure d users by the means of an access list. To allow a remote host to access the WEB server you have to know its IP address. 

The WEB service uses a filtering strategy based on the remote host IP address. A list of authorized or unauthorized hosts could be defined regarding their IP address.

The principle of the filter is to check the incoming IP address of an incoming request and then sequentially compare it to the rules defined in the list, if a condition is satisfied the according action is applied, either permit the request or deny it.

Acces filter

Simple filter

Let us use an example, suppose that the host has the 10.33.10.130 IP address.

-    Select the line in the list where you want to insert a new rule.
-     Enter the IP address and the mask of the host to filter
-     Choose either permit or Deny.

-     Click on Ins

Simple filter

Complex filter

In the following example we want to deny access to the 10.33.10.130  host but still allow access for other hosts off this IP subnet.

The rule order use here is important, if the host 10.33.10.130 tries to connect the first rule will apply and the connection will be rejected.

Complex filter

Script functions

By default the WEB server allows the user to start LoriotPro scripts or PHP scripts. However you can disable this possibility if you don’t want that remote user to start SNMP request on Directory host objects.

To cancel the support of script, un-checke the following options:

PHP script options

LoriotPro includes an innovative function that allows you to mix proprietary script and PHP script.

To use it you should first install a PHP interpreter in CGI mode of at least the 4.06 version.

For more details on this installation, refer to the link:

http://www.php.org

The http://www.easyphp.org site proposes you an installation script that does everything automatically. It installs PHP and MYSQL which in the version 1.5 is fully compliant with LoriotPro. The version 1.6 of PHP does not support CGI mode.

Once the PHP software is installed, you should inform LoriotPro of the directory where the file php.exe is located.

Use the browse button.


Looking for the php.exe.file


Path of the php.exe

Modifying the default TCP server port

The server uses by default the TCP 8020 port and 20 Threads to provide good response times on HTTP requests. You can change these values if needed.

Example: Port TCP 82 and 10 Threads


Modifying the TCP port.

The new local URL has become : http://127.0.0.1:82

WEB server console

If you double click on the HTTP server a graphical console is displayed.

The console allow you to control the WEB server.

You can start and stop the WEB server with the Start/Stop button.

The Properties button opens the configuration window.

The Go Home button opens the server home page.

Two vu-meters and a double graph are available and give information on the WEB server load. Graphics are refreshed every 10 seconds.

The blue graph provides the throughput in Kilobytes/second.

The yellow one provides the number of received requests.

The   button hides the window.

You can access the User Manager to define the users and their rights for accessing the LoriotPro from a remote WEB navigator.

You can access the Report Manager and set access level on the report files.

Directory access security

We have seen that it was possible to filter access to the Directory for WEB users. It could be necessary to deny access to specific branches of the Directory tree. This security is global to all remote users. To define access control per user it is necessary to use the User Manager.

To deny access to a Directory object, you should use the ‘lock/unlock  Remote Access’  option available in the Directory menu.

 :

Select the object that you want to lock from a Web access and then from the contextual menu choose  ‘lock/unlock  Remote Access’  .

or in the main menu

Directory> Lock/Unlock remote Access

If a lock is set on an object, a blue point is added to the icon object in the upper left hand corner. Such objects are not visible to WEB users.

To unlock the branch, just click on the same option ‘Lock/Unlock remote Access’ in the menu

      Warning
The Directory tree is viewed with a Navigator but is not dynamically refreshed like the one under the Windows native environment. You should use the refresh button to force an update from the LoriotPro WEB server. Some versions of the Netscape navigator do not support the display of the Directory tree.


www.loriotpro.com
Copyright © 2004 LUTEUS SARL. All rights reserved. This documentation is copyrighted by LUTEUS SARL. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying or otherwise, without the prior express written permission of LUTEUS SARL