manualshive.com logo in svg

MACROMEDIA COLDFUSION 4.5-ADMINISTRING COLDFUSION..., Manual


Share
Download
background image

Chapter 8:  ColdFusion Security

279

Deploying Applications with Basic Security

Basic security lets you disable execution of CFML tags that could prevent security 
hazards if they were used in a ColdFusion application, because they could be used to 
upload, delete, or otherwise manipulate files on the ColdFusion server. ColdFusion 
displays an error when it encounters a disabled tag in an application.

Besides the ability to restrict CFML tags, Basic security provides no runtime security 
for ColdFusion applications. When Basic security is implemented, the responsibility 
for securing applications falls mainly to the application developers. For example, 
developers must authenticate end-users of their applications by creating customized 
user directories. Developers can also integrate existing user directories, like NT 
domains, by using any of the custom extension mechanisms supported by ColdFusion, 
including CFX tags, and COM or CORBA objects. Similarly, developers must custom-
build all access privileges into all their applications.

Deploying Applications with Advanced Security

Advanced security lets ColdFusion developers authenticate users and match protected 
resources with authorized users. Advanced security builds consistent, standardized 
authentication right into the ColdFusion server engine, making it easier for developers 
to control all aspects of access to their applications.

When Advanced security is implemented, developers don’t need to create customized 
directories or databases to authenticate users; Advanced Security can automatically 
authenticate users against existing LDAP directories, NT domains, or ODBC data 
sources. Advanced security also makes it easier to enforce access rights for 
authenticated users and groups. You can expressly grant or forbid run-time access to 
ColdFusion Applications, CFML tags, collections, components, Data sources, Files, 
Directories, and Custom Tags on a user-by-user or group-by-group basis. For example, 
you could use Advanced security to:

Restrict sensitive CFML tags like <CFREGISTRY> so they can be used only by 
members of the NT Domain Administrators group of the local domain. 

Make a sensitive search collection available only to your company’s Human 
Resources staff. No matter which applications use the collection, it would only 
ever be available to this one group.

Make CORBA or COM objects that work with a company’s financial information 
available only to the departments and Web applications that require them

In the Enterprise edition of ColdFusion, Advanced security also lets you run 
applications in a security sandbox, which assigns security permissions to any 
applications running from a specified directory tree. Unlike other Advanced security 
features, Security sandboxes automatically enforce control over resources without 
additional coding to autehnticate and authorize users. Security sandboxes eliminate 
the risk that one application will access another application’s resources, and are most 
useful to hosted sites where multiple ColdFusion applications are deployed on the 
same server.

Summary of Contents for COLDFUSION 4.5-ADMINISTRING COLDFUSION...

Page 1: ...Allaire Corporation Administering ColdFusion Server ColdFusion 4 5...

Page 2: ...ication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical recording or otherwise without the prior written permission of Allaire Corporati...

Page 3: ...updates xviii ColdFusion manuals xviii ColdFusion Server online documentation xix Printing ColdFusion documentation xix Documentation conventions xx Getting Answers xx Contacting Allaire xx Chapter 1...

Page 4: ...on Administrator 39 Accessing the Administrator remotely 39 Starting and Stopping ColdFusion 41 Using batch files to start and stop ColdFusion Windows 41 Using scripts to start and stop ColdFusion Sol...

Page 5: ...ptimizing Purging and Deleting Collections 66 Configuring Server Side Source Control 67 Requirements 67 Using ColdFusion in a Distributed Configuration 68 Distributed ColdFusion and clustering 68 Chan...

Page 6: ...ing the Oracle 7 3 Native Driver Windows 102 Configuring the Oracle 8 Client Windows UNIX 103 Connecting to DB2 Data Sources 105 Configuring DB2 Options Windows 105 Configuring DB2 Options UNIX 105 Co...

Page 7: ...oducing ClusterCATS for ColdFusion 155 ClusterCATS for ColdFusion Features 155 ClusterCATS for ColdFusion Components 158 ClusterCATS Server 158 ClusterCATS Explorer 159 ClusterCATS Server Administrato...

Page 8: ...ColdFusion Security 273 Why Is ColdFusion Security Important 274 Types of ColdFusion Security 275 Choosing a Level of ColdFusion Security 276 Developing Applications 277 Deploying Applications 278 Sec...

Page 9: ...00 Defining User Directories 301 Defining a Security Context 304 Specifying Resources to Protect 305 Implementing ColdFusion RDS Security 307 Implementing User Security 308 Implementing Server Sandbox...

Page 10: ...x Administering ColdFusion Server...

Page 11: ...to install configure and maintain ColdFusion Server Contents Intended Audience xii Welcome to the ColdFusion 4 5 Web Application Server xii Products and System Requirements xii New features in ColdFu...

Page 12: ...ng and database connectivity again giving you more reliability and new functionality The focus on fundamentals extends to new features As part of a broad new commitment to Java ColdFusion 4 5 has a ra...

Page 13: ...MB RAM 256 MB recommended for clustering 150 MB hard disk space ColdFusion Server 4 5 Professional Edition for Windows Windows 95 98 or Windows NT 4 0 Intel Pentium or above 50 MB hard disk space 32...

Page 14: ...and pages more easily by collapsing sections of the code in the editor so you can build sophisticated applications more quickly Function Insight Find the parameters and format for functions instantly...

Page 15: ...ithout affecting server availability for runtime data source maintenance without server restarts Improved performance Cisco Local Director Integration Deliver very large scale sites with Cisco Local D...

Page 16: ...ibuted Data Exchange WDDX OS Command Execution Execute OS shell scripts services executables and batch files from within ColdFusion applications LDAP 3 0 Use all the power of LDAP 3 0 for directory ac...

Page 17: ...ription Allaire Web site www allaire com General information about Allaire products and services Technical Support www allaire com support Allaire offers a wide range of professional support programs...

Page 18: ...e support options and Allaire products and services For ColdFusion Studio users you can access the documentation update page by clicking on the Help resource tab and browsing your way through the onli...

Page 19: ...a product CD you can download ColdFusion documentation from the Allaire web site by visiting http www allaire com developer and clicking the Documentation link ColdFusion Studio online documentation...

Page 20: ...um can help you figure out how to do just about anything with ColdFusion The search facility can also help you search messages going back 12 months allowing you to learn how others have solved a probl...

Page 21: ...xxi Postings to the ColdFusion Support Forum http forums allaire com can be made any time Sales Toll Free 888 939 2545 Tel 617 761 2100 Fax 617 761 2101 Email sales allaire com Web http www allaire co...

Page 22: ...xxii AdministeringColdFusionServer...

Page 23: ...This chapter describes ColdFusion s system requirements and how to install and configure ColdFusion on your platform Contents ColdFusion System Requirements 2 Installing ColdFusion on Windows 5 Instal...

Page 24: ...s for ClusterCATS Server on page 162 The ClusterCATS system requirements may impact your overall environment requirements ColdFusion Server 4 5 Enterprise Edition for Windows To install and use ColdFu...

Page 25: ...ck 4 Intel Pentium or higher 32 MB of RAM 128 recommended 50 MB of free disk space A World Wide Web server that supports the NSAPI ISAPI or WSAPI application programming interfaces APIs Specific Web s...

Page 26: ...Microsoft Personal Web Server PWS WebSite Server API WSAPI Common Gateway Interface CGI A CD ROM drive Solaris Enterprise edition only To install and use ColdFusion on Solaris your system must meet t...

Page 27: ...equirements may impact your overall environment requirements Installing ColdFusion on Windows This section addresses the following topics about installing ColdFusion on Windows Verifying that a Web se...

Page 28: ...allation of the ODBC 3 0 drivers Note Because of a problem in the way Verity handles indexing ColdFusion must be installed to a directory path that contains no spaces in the path name This restriction...

Page 29: ...es The User Information dialog box appears after the Software License Agreement dialog box 7 Enter your name company and ColdFusion serial number in the User Information dialog box and click Next Note...

Page 30: ...Web Server dialog box appears If your Web server is already installed the ColdFusion Setup program will automatically detect it 9 If your Web server is not one of the ones listed select the Other opt...

Page 31: ...irectory below the Web server s document directory The Select Install Options dialog box appears 11 Accept the default install options or select those that you want and click Next Note By default Load...

Page 32: ...ord dialog box appears next 12 Enter a password you will use to access the ColdFusion Administrator in the Password and Confirm fields and press Next The Select ColdFusion Studio Password dialog box a...

Page 33: ...ostname CFIDE Administrator index cfm where hostname is the name of the server hosting ColdFusion If ColdFusion is not properly installed after following the steps above please call Allaire Customer S...

Page 34: ...the Apache Web server is running shut down the Web server 2 Copy the cfusion bin ApacheModuleColdFusion dll module to your Apache modules directory For example c Apache modules ApacheModuleColdFusion...

Page 35: ...3 In the Log On As section click the This Account radio button and enter the appropriate account information Installing ColdFusion on Solaris ColdFusion is distributed as a Solaris package You can use...

Page 36: ...hoose to automatically configure a Netscape server By default the package file installs ColdFusion into the opt directory If you want to install ColdFusion into a different directory you must create t...

Page 37: ...l load of unavailable servers in the cluster 12 Enter your Web server s document root directory and press Enter The default document root directory is determined by the Web server you are using 13 Whe...

Page 38: ...The uninstall script removes your odbc ini file and all Verity collections Therefore you may want to preserve these items by saving them to a new location before uninstalling ColdFusion To uninstall C...

Page 39: ...spot plugins coldfusion coldfusion so 2 Edit the usr netscape suitespot https smurf config mime types file to add a new ColdFusion type Add the line type magnus internal cold fusion exts cfm dbm 3 Edi...

Page 40: ...ipt modifies are enclosed by Start BT and End BT comment blocks obj conf Netscape Communications Corporation obj conf You can edit this file but comments and formatting changes might be lost when the...

Page 41: ...e magnus internal cgi Service fn send cgi Object magnus conf ServerRoot local1 netscape https skagway ServerID https skagway ServerName skagway brighttiger com Start BT Remove Address line from magnus...

Page 42: ...installed in usr local etc httpd and you installed ColdFusion in opt To add the ColdFusion module 1 Copy the module mod_coldfusion a to your Apache source directory cp opt coldfusion webserver apache...

Page 43: ...sult the Apache documentation for details README DSO Configure this module into the Apache build by running the following command configure enable module so other apache options make make install If y...

Page 44: ...n so Note If you have a ClearModuleList directive in httpd conf you will need to add the following directive to the AddModule list as stated by the comments in the httpd conf file AddModule mod_coldfu...

Page 45: ...lowing topics about installing ColdFusion on Linux Installing ColdFusion on page 23 Uninstalling ColdFusion on page 25 Installing ColdFusion Before installing ColdFusion on Linux please note the follo...

Page 46: ...nning and press Enter or just press Enter if you are running the default Web server Apache 9 Press Enter to let the installation script automatically configure your Web server for ColdFusion The progr...

Page 47: ...ClusterCATS the ColdFusion installation script runs first followed by the ClusterCATS installation script The ClusterCATS installation script will prompt you with additional questions about your Web s...

Page 48: ...26 Administering ColdFusion Server...

Page 49: ...Fusion Server and describes how to access the ColdFusion Administrator pages Contents Overview of Administering ColdFusion 28 Summary of Administrative Tasks 29 The ColdFusion Administrator 30 ColdFus...

Page 50: ...cation Accessing the Administrator All administrative operations are performed using the ColdFusion Administrator which you can launch from the ColdFusion 4 0 program group in Windows or by opening th...

Page 51: ...e ColdFusion data sources for your applications You can configure ODBC data sources or employ a native database driver to access your Oracle or Sybase databases Enterprise Edition only For more inform...

Page 52: ...lled Information about ColdFusion Administration Subject Where to find it Installing ColdFusion See Chapter 1 Installing and Configuring ColdFusion on page 1 Configuring ColdFusion data sources Chapte...

Page 53: ...urce Extensions Includes options for registering Java applets and CFX tags custom tags written in C Logging You use the Logging pages to configure a ColdFusion Administrator email address and to Speci...

Page 54: ...ge 129 ColdFusion Application Server The main ColdFusion Server service ColdFusion pages cannot be processed if this service is not running ColdFusion Executive Polls the ColdFusion Application Server...

Page 55: ...istry database This process must be running as the root user in order for ColdFusion to function The start script will start this process if it isn t running such as during system startup The stop scr...

Page 56: ...the service immediately click Startup to configure startup options for ColdFusion Solaris Two scripts are provided to start and stop the ColdFusion processes installdir coldfusion bin start installdi...

Page 57: ...ervices may be necessary in the following instances To install a new ODBC driver package To replace or upgrade your Web server software To upgrade or reinstall your ColdFusion program files To update...

Page 58: ...36 Administering ColdFusion Server...

Page 59: ...8 Enabling External Client State Management 48 Migrating Client Variable Data 50 Enabling Application and Session Variables 51 Locking Variables 53 ColdFusion Java Settings 54 ColdFusion Version Infor...

Page 60: ...38 Administering ColdFusion Server Using ColdFusion in a Distributed Configuration 68...

Page 61: ...on Administrator icon in the ColdFusion program group or 2 Open the administrator by loading the following URL in a browser http hostname CFIDE administrator index cfm where hostname is the name of th...

Page 62: ...ta to control simultaneous access Enabling and configuring ColdFusion application session and client variables Mapping directories ColdFusion version information Data Sources Configures ColdFusion dat...

Page 63: ...under which ColdFusion runs Changing an existing data source setting such as Page timeout Buffer size or Maintaining database connections Using batch files to start and stop ColdFusion Windows You ca...

Page 64: ...down etc init d coldfusion etc rc1 d K19coldfusion etc rc3 d S25coldfusion ColdFusion runs the following processes on the system cfexec Starts stops the other processes and manages page scheduling cfs...

Page 65: ...n rules ColdFusion tag attributes that are not relevant to the execution of a tag will not be allowed When disabled irrelevant attributes may be passed to CFML tags without effect Strict attribute val...

Page 66: ...ccess to a wide range of operations such as adding or deleting data sources setting server performance options and so on For detailed information about configuring security options in the ColdFusion A...

Page 67: ...entity of a client visiting your site Identifying clients and customizing page content for users requires the ability to manage client state ColdFusion allows the following ways of managing client var...

Page 68: ...utomatically expire Client side control Users can configure browsers to disallow cookies ColdFusion limits individual cookie data to 4 KB Netscape Navigator allows only 20 cookies from any one host Co...

Page 69: ...ual Memory dialog 3 At the bottom of the dialog the current registry size is reported Specify a new maximum registry size in MB Checking registry size UNIX Unlike Windows NT ColdFusion for UNIX does n...

Page 70: ...t variables since they have already been created when you added the data source for the first server in the cluster If you inadvertently enable the option to automatically create client variable datab...

Page 71: ...allows you to set a limit to the length of time a client variable remains active You can configure your client variable data source to expire client variables after some number of days you specify As...

Page 72: ...le data to another data source you need to know the structure of the database tables used to store this information Client variables stored externally use two small database tables with the following...

Page 73: ...FQUERY NAME global2 DATASOURCE DSN CREATE INDEX id2 ON CGLOBAL cfid CFQUERY CFQUERY NAME global2 DATASOURCE DSN CREATE INDEX id3 ON CGLOBAL lvisit CFQUERY Enabling Application and Session Variables Se...

Page 74: ...pmc is installed in cfusion bin To monitor ColdFusion Server activity click on the ColdFusion Performance Monitor icon in the ColdFusion Server Program group You can also open the Performance Monitor...

Page 75: ...ch of the Server Application and Session scopes the Variable Locking Administrator page provides three choices for control none full checking and automatic locking of read accesses Choosing None retai...

Page 76: ...s the directories for classes used by ColdFusion Initial Heap Size Specifies the JVM initial heap memory size Max Heap Size Specifies the JVM maximum heap memory size System Options Specifies standard...

Page 77: ...0 Server ColdFusion ProductLevel Stores ColdFusion product level information for example Professional Server ColdFusion SerialNumber Stores ColdFusion serial number information Server OS Name Stores...

Page 78: ...is facility can help users report errors Note that this e mail address can be overridden in the application framework page Application cfm Log directory The default location for ColdFusion log files i...

Page 79: ...t and click to enable the Log all email messages checkbox 3 Click Apply to complete the operation Log files created by ColdFusion ColdFusion creates nine different log files ColdFusion Log Files Log F...

Page 80: ...n and your Web server This file is meant primarily to help Allaire Technical Support personnel customtag log Logs errors generated in custom tag processing remote log The Network Listener Module NLM w...

Page 81: ...th C ColdFusion allows you to build extensions or custom tags in two ways Using C to code DLLs Windows or shared objects Solaris that provide a custom tag you can use in your application pages Using C...

Page 82: ...be used to override any parameters you define in the Administrator Registered Applets page Before you can use CFAPPLET to place a Java applet in your CFFORM you must register the applet in the ColdFus...

Page 83: ...ription Codebase Enter the base URL of the applet the directory that contains the applet components The applet class files must be located within the Web browser root directory Example http servername...

Page 84: ...TSUPPORTED attribute Parameter Name Enter a name for a required applet parameter Your Java applet will typically provide the parameter name needed to use the applet Enter each parameter in a separate...

Page 85: ...ldFusion Administrator Mail page to specify a mail server to handle sending automated mail messages from the server Enter a valid mail server either a mail server name or IP address as well as a serve...

Page 86: ...ags see Developing Web Applications with ColdFusion Using the Verity Collections page The Verity Collections page in the Administrator provides a means for creating collections Collections can also be...

Page 87: ...nary document types and produce search results that include summaries of these documents The following table lists the supported document types Supported Document Types Documents Versions Text files H...

Page 88: ...tp my_server cfdocs 6 Click Index ColdFusion populates the collection with data from the specified directory Note that Verity collections including those that index query data can be created using the...

Page 89: ...trol with ColdFusion SourceSafe client software installed on the same server as ColdFusion Server The account under which ColdFusion runs must have permission to access the SourceSafe server executabl...

Page 90: ...ally be of a different architecture from the machine hosting the ColdFusion engine It allows more than one Web server to be served by the same ColdFusion engine To provide some degree of security for...

Page 91: ...all machines also provides a useful baseline environment so that validation can be done in the absence of the remote extensions Should problems arise using ColdFusion in remote mode it s possible to...

Page 92: ...webserver on Solaris and you want to connect to a ColdFusion server running on Windows NT you might set these values as LOCALPATH usr local apache htdocs REMOTEPATH C Inetpub wwwroot This would map a...

Page 93: ...buted configuration since for a variety of practical and security reasons ColdFusion will not run in distributed mode if any information in the INI file is missing or incomplete The Network Listener M...

Page 94: ...pecify p switch and possibly the k switch in the Startup Parameters box in the Services applet Please refer to the list of command line options below To uninstall the listener Invoke cfdist exe with t...

Page 95: ...In order for verbose commentary to appear on the terminal you must be running in interactive mode Aside from the display of debugging output however there is no difference in operation between running...

Page 96: ...ly set to be automatically deleted after being read at startup Sample INI file for CFDist AKA the ColdFusion Listener Module Place this file in the root directory of your ColdFusion installation It mu...

Page 97: ...remote log confirming that remoting is active and what startup parameters except the encryption key were used Valid values Yes No MESSAGE YES The listener also writes various informative messages to t...

Page 98: ...76 Administering ColdFusion Server...

Page 99: ...rces 78 Choosing the Right Drivers 80 Adding Data Sources for ColdFusion 82 Verifying ColdFusion Data Sources 85 Connecting to Microsoft SQL Server Databases 87 Connecting to OpenIngress Databases 90...

Page 100: ...gure the database as a ColdFusion data source You do this using the ColdFusion Administrator Data Sources page The specific databases you can configure for ColdFusion depend on the platform on which C...

Page 101: ...ybase 11 Driver X X X MERANT dBase FoxPro Driver X MERANT IBM DB2 6000 Driver X MERANT OpenIngress 1 x Driver X MERANT OpenIngress 2 x Driver X MERANT Oracle 7 Driver X MERANT Oracle 8 Driver X MERANT...

Page 102: ...85 Provides step by step instructions for making sure that a data source has been correctly configured and is available to your ColdFusion application pages Using ColdFusion to Create a Data Source o...

Page 103: ...drivers tend to offer better performance than their ODBC counterparts Stored procedures are only available through native drivers Software requirements for Native Drivers Before you can use the ColdFu...

Page 104: ...Providers that go directly to the database are akin to native drivers in providing an alternative to ODBC Providers are available for all the major relational DBMS products as well as the data stores...

Page 105: ...ch ColdFusion is installed and on the driver you specify For detailed information about options for your driver see the section for your specific database later in this chapter 6 Click CF Settings to...

Page 106: ...ame and password specified in a CFQUERY or other data access tag overrides the values specified in the ColdFusion login Also when creating a data source using a native database driver you use the user...

Page 107: ...riod of time no matter how frequently or infrequently it has been used The default is or 0 which means the connection timeout is never enforced Restrict SQL Operations Select the SQL operations you wa...

Page 108: ...erified appears next to each data source that ColdFusion successfully verified and the word Failed appears next to each data source that ColdFusion could not verify 4 To verify an individual data sour...

Page 109: ...Option Description Data Source Name A name for your ODBC data source Description A short description of the data source Server The name of the server hosting the database you want to use Use Trusted C...

Page 110: ...L Server driver prepares a statement by placing it in a procedure and compiling that procedure Translation Convert OEM to ANSI characters If the SQL Server client computer and SQL Server are using the...

Page 111: ...n page 82 for more information Performance Row Limit The number of rows the driver retrieves from the server for a fetch Enabling this option can increase performance by reducing network traffic Disab...

Page 112: ...with any particular dbc file Driver Settings Collating Sequence Select the collating sequence you want to use The collating sequence determines the sequence in which the fields are sorted Exclusive Wh...

Page 113: ...ame including the full path of the database to which you want to connect Server Name The name of the virtual node that you defined using the OpenIngres NETU utility This virtual node tells OpenIngres...

Page 114: ...er An integer value that specifies in 1024 byte multiples the maximum amount of data that will be transferred to the client for unbound long data result columns Optimize SELECT statements as repeated...

Page 115: ...iption Data Source Name A name for your ODBC data source Description Descriptive information about the data source Database Directory The path dBase database you want to use as an ODBC data source Dat...

Page 116: ...onnections Database Version The version number of the dBase FoxPro database you want to use Driver Settings Use lowercase file extension dbf Specifies whether lowercase file extensions are accepted If...

Page 117: ...n your ColdFusion Server You can find these drivers at http www microsoft com data Microsoft Access ODBC Options Option Description Data Source Name A name for your data source Description Descriptive...

Page 118: ...Adding Data Sources for ColdFusion on page 82 for more information Microsoft Excel ODBC Options Option Description Data Source Name A name for your ODBC data source Description Descriptive information...

Page 119: ...ions UNIX ODBC MERANT Text Driver Options Solaris The following table describes ColdFusion ODBC options for data sources created with the MERANT Text driver Microsoft Text ODBC Options Option Descript...

Page 120: ...ion Server Enterprise edition is installed on a Windows NT server you can configure an Oracle data source using a Native driver Database Directory The directory where the text files are found Extensio...

Page 121: ...ata Source Name A name for your data source Description Descriptive information about the data source Host String Enter the database alias you created using the Oracle Net8 Easy Config utility To find...

Page 122: ...33 The PORT 1521 line is the port the tcp listener is assigned to You can look at the etc services file of the UNIX machine where the Oracle server resides to find out what it is The SID WG73 is the i...

Page 123: ...reinstall the oracle client software Oracle 7 1 users must build the Oracle client shared library libclntsh so for Solaris before the Oracle driver can be used Run the genclntsh script found in the o...

Page 124: ...y containing the correct library must be on the LD_LIBRARY_PATH before ORACLE_HOME lib Otherwise the original Oracle version will be loaded resulting in an error Troubleshooting the Oracle 7 3 Native...

Page 125: ...ity can be found in ORACLE_HOME bin net8wiz sh 3 Create the data source in the ColdFusion Administrator Native Drivers page 4 Edit the coldfusion bin start script to include the following values The d...

Page 126: ...ort number 5 After entering a hostname you enter the Database SID which identifies your specific Oracle database instance The default is ORCL but your database SID might be different See your database...

Page 127: ...et a name and password each CFML database call must specifically define a username and password 4 Once you have created the data source open the Verify Data Source page in the Administrator to verify...

Page 128: ...msgmnb 65535 set msgsys msqginfo_msgseg 8192 set msgsys msqginfo_msgssz 16 You must reboot the server for these settings to take effect Add the following settings to the etc services file dbserver1 50...

Page 129: ...in it that you need to run to set up your environment Environment variables need to be set to run the command line tool db2 Look in the installdir sqllib directory for the db2profile and db2cshrc scr...

Page 130: ...ne utility db2 2 At the db2 prompt enter the following db2 connect to sample1 user username using password db2 select from employee db2 terminate Data source and start script settings for DB2 UNIX Thi...

Page 131: ...following syntax db2 CONNECT TO database_name USER userid USING password To bind the MERANT SQL files to the DB2 database The next step is to bind the MERANT SQL files to the database You can use spe...

Page 132: ...luding ColdFusion Server The stored procedure s name is what you called it in your SQC file The example which follows calls the stored procedure outsrv The create procedure statement looks like this C...

Page 133: ...See Adding Data Sources for ColdFusion on page 82 for more information about adding data sources to ColdFusion Informix Native Driver Options Option Description Data Source Name A name for your data s...

Page 134: ...Descriptive information about the data source Database Name The name of the database to which you want to connect Server Host Name The name of the machine on which the INFORMIX server resides Use INFO...

Page 135: ...ou will point to in the start script as INFORMIXDIR Run the script installclientsdk to install the client SDK Before you continue make sure that you can connect to the Informix server from a client ot...

Page 136: ...ime to wait for lock in distributed env RESIDENT 0 Forced residency flag Yes 1 No 0 Stopping and restarting ColdFusion services When you ve completed all the steps in this section you will need to sto...

Page 137: ...server and the name of the demo database is stores7 Using the Start button in the Windows taskbar go to Programs Informix CLI 32 and select Informix Setnet 32 Configure the Informix Setnet32 utility a...

Page 138: ...a source as described in Verifying ColdFusion Data Sources on page 85 to make sure it is configured properly If verification fails check the system environment variables To check the system environmen...

Page 139: ...usion uses both native and ODBC drivers to connect to Informix databases ColdFusion 4 5 supports Informix 7 3 and higher Configuring Sybase System 11 Options Windows If ColdFusion Server Enterprise ed...

Page 140: ...figure a ColdFusion data source See Adding Data Sources for ColdFusion on page 82 for more information about adding data sources to ColdFusion Sybase System 11 Adaptive Server 11 5 Native Database Dri...

Page 141: ...dFusion make sure the SYBASE environment variable that you set up in the ColdFusion start Workstation ID The workstation ID used by the client Performance Row Limit The number of rows the driver retri...

Page 142: ...ry directory to the FRONT of this list Example LD_LIBRARY_PATH SYBASE lib usr dt lib lib usr openwin lib CFHOME lib LD_LIBRARY_PATH SYBASE lib usr dt lib lib usr openwin lib CFHOME lib This is the lis...

Page 143: ...BODY Before running this code you need to create the newtable data source in the ColdFusion Administrator specifying the Merant dBase FoxPro ODBC driver CFQUERY NAME xs DATASOURCE newtable CREATE TABL...

Page 144: ...1999 08 01 00 00 00 000000 Deep rich high altitude flavor CFQUERY CFQUERY NAME xs DATASOURCE newtable INSERT INTO Beans1 VALUES 4 P Guatamala 15 ts 1999 08 01 00 00 00 000000 Organically grown CFQUERY...

Page 145: ...s Often the two are combined to allow the periodic regeneration of data that doesn t need to be available dynamically to a ColdFusion application Contents About Scheduling ColdFusion Pages 124 Schedul...

Page 146: ...heduled page executes a message is written to a log file schedule log which specifies the name of the scheduled action the page that was executed and whether the page executed successfully or not For...

Page 147: ...llowing Intervals when scheduling a recurring ColdFusion event Daily Weekly Monthly One time Daily at specified intervals To define the start end time and interval 1 Open the ColdFusion Administrator...

Page 148: ...e scheduled task For example you could schedule a page that generates an employee list every night and make the page output available to end users You do this by specifying an output directory and pag...

Page 149: ...g and stopping ColdFusion services on Windows NT see Chapter 3 Configuring ColdFusion Server on page 37 Logging Scheduled Events ColdFusion writes information about all scheduled events to a log file...

Page 150: ...128 Administering ColdFusion Server...

Page 151: ...ize and administer your ClusterCATS server clusters Contents What is Scalability 130 Issues Affecting Successful Scalability Implementations 132 What is Web Site Availability 144 Techniques for Creati...

Page 152: ...urance testers should test and measure an application s performance prior to deployment to establish acceptable quality benchmarks If all of these efforts are performed well consequently you are able...

Page 153: ...relative to resources means that with a constant load performance improves at a constant rate relative to additional resources Caching and resource management overhead affect an application server s a...

Page 154: ...fferent methods that you can use to achieve load management hardware based solutions software based solutions including round robin Internet DNS or third party clustering packages hardware and softwar...

Page 155: ...ition the application This section discusses the following topics to consider when designing and building a Web application Application session and state management Single threaded vs multi threaded a...

Page 156: ...page 207 Single threaded vs multi threaded application connections Another major issue that Web developers must consider when constructing their applications is whether or not the application will be...

Page 157: ...sm such as a SQL WHERE clause then the HR Director would receive a message informing her that she could not access the employee record because it was in use thereby alerting her that the HR Generalist...

Page 158: ...oled and maintained and whether or not stored procedures are implemented for frequent database access all directly impact the application s performance The way in which architects and Web developers d...

Page 159: ...Web application Therefore when planning the physical design of the system be sure to investigate carefully the network topology that will be implemented to ensure that existing servers are up to the t...

Page 160: ...ffects on site performance and availability Internet DNS is a powerful and successful mechanism that has enabled huge numbers of individuals and organizations to create easily locatable Web sites on t...

Page 161: ...types server aliases and round robin distribution Zones and domains A Domain Name System is composed of a distributed database of names The names in the DNS database establish a logical tree structur...

Page 162: ...er for ColdFusion s load balancing and failover technology to work correctly These records must be defined and configured on your local and primary DNS servers A Record This record contains a host nam...

Page 163: ...ve On the Windows platform you make these DNS entries using the Domain Name Service Manager utility On UNIX platforms you make these DNS entries in the name db file which is read by the DNS server s B...

Page 164: ...d use actual users to simultaneously access the site to perform load testing However this is often a difficult activity to accomplish well because it introduces many human variables Therefore it is ty...

Page 165: ...e and what is the best way to implement the fixes After the changes are made and a new build of the application is available you ll rerun the tests to look for performance improvements Again you ll re...

Page 166: ...se in your environment uses network services You should now have a good overview of what scalability implies the core elements that comprise it some of the issues that affect successful implementation...

Page 167: ...e CFS returns the results back to the Web server which in turn returns an HTML response back to the browser For all of this to occur correctly and within acceptable time frames the CFS itself must rem...

Page 168: ...n s availability reliability and performance to be compromised Similarly if the Web server software crashes or acts erratically it will likely cause the Web server to stop running when you didn t inte...

Page 169: ...Although the application may have contained many useful features and capabilities the customers were not able to use them for very long because the site s performance degraded to the point that the si...

Page 170: ...he primary server and uses an inexpensive lower quality server for the backup server in case the primary server fails Parallel Servers This model is known as a classic load balancing redundancy model...

Page 171: ...ides notifying the administrator that a problem has occurred you also want your failover solution to automatically redirect traffic intended for the unavailable server to other available servers until...

Page 172: ...ts to the cluster members that are available Some hardware based failover devices that have less built in intelligence require an administrator s intervention once the failure is detected Clustering c...

Page 173: ...er stops sending packets to the unresponsive server Routers are not considered fully intelligent because while they can redirect requests upon discovering a failure they do not allow you to configure...

Page 174: ...application server Limited intelligence The device does not allow you to configure individual load and redirection thresholds for each server in a cluster and therefore it is unable to effectively man...

Page 175: ...The following benefits make a software based clustering solution attractive Relatively low expense Compared to the cost of hardware devices such as routers or switches software based clustering soluti...

Page 176: ...y low complexity Others introduce a higher level of complexity because of the features offered the amount of initial configuration and subsequent administration or the amount of integration that needs...

Page 177: ...Features The ClusterCATS technology embedded in ColdFusion Enterprise provides robust features for load balancing and failing over servers This section describes the following ClusterCATS features Ne...

Page 178: ...have a Windows machine NT 98 or 95 on which to install the Windows based Explorer you can use the Web based ClusterCATS Explorer together with included server utilities to administer your cluster memb...

Page 179: ...ion Server Session Aware Load Balancing This feature ensures that your e commerce applications maintain their state when users are in the process of shopping ordering or paying for their purchases Som...

Page 180: ...sts of three components ClusterCATS Server ClusterCATS Explorer ClusterCATS Server Administrator All of the components are installed on a machine when you run the ColdFusion Server installation progra...

Page 181: ...from a centrally located computer that is not in the same location as the cluster This flexibility allows administrators in different geographic locations the ability to administer distributed cluster...

Page 182: ...aphical Windows based utility that lets you perform various server administration activities including adding and removing the ClusterCATS filter from the Web server service stopping and starting the...

Page 183: ...notes Verify system requirements Configure your primary DNS server Configure your Web server s network settings Configure ClusterCATS for use across firewalls Review the release notes Frequently users...

Page 184: ...erCATS Server Sun SPARC workstation 100 MB of free disk space 128 MB of RAM more recommended Solaris operating system v 2 51 or greater with Patch 103582 18 or higher Netscape Enterprise Server v3 5 1...

Page 185: ...b Explorer Use the ClusterCATS Web Explorer if you have a UNIX only environment and cannot obtain a Windows machine to run the Explorer Install the ClusterCATS Web Explorer program on a UNIX server th...

Page 186: ...se name translations For example forward translation entries A records would look like this Reverse translation entries PTR records are just the opposite and would look like this It s important that y...

Page 187: ...cal DNS server typically resides at the facility where the Web servers are hosted 3 If the local DNS server does not have the mapping it goes out to the Internet and locates the primary DNS server to...

Page 188: ...tion technique but it cannot manage load because it is unable to react to increases in server traffic It also cannot detect server failures nor redirect requests among available servers ClusterCATS co...

Page 189: ...stributes the initial domain level requests across all four servers Thereafter ClusterCATS distributes load to avoid failed or overloaded servers To configure DNS records on your Windows NT DNS server...

Page 190: ...he IP address of a server that will host the site in the Host IP Address field Note Do not enable the Create Associated PTR Record check box You only want forward mappings associated with the site nam...

Page 191: ...le and Highly Available Web Sites 169 Your entries should look similar to the following entries when you re done 7 Right click the zone for your Web site again and select New Record The New Resource R...

Page 192: ...t name 9 Enter the Host name and corresponding IP address for an explicit Web server that will host your Web site in the Host Name and IP Address fields respectively For example your explicit Host Nam...

Page 193: ...ortant server failover concepts ClusterCATS uses an IP keep alive strategy to accomplish transparent server failover when a Web server fails This process involves each server in the cluster listening...

Page 194: ...point to your local DNS server Configuring ClusterCATS offline maintenance support NT only Configuring your Web server to point to your local DNS server You must configure each Web server in your clu...

Page 195: ...right if applicable to specify the order in which the DNS servers will be accessed 10 Click OK in all open dialog boxes and close the Windows Control Panel To configure UNIX based Web servers to refer...

Page 196: ...rience three to five minutes of downtime on failover recovery due to an automatic system reboot that occurs when a system comes back online following failover Once you put a server in maintenance mode...

Page 197: ...ter I enter a static IP address for the server in its IP stack via the NIC if one doesn t already exist 2 I then remove the Web site s IP address from the server s IP stack also via the NIC 3 I open t...

Page 198: ...176 Administering ColdFusion Server...

Page 199: ...server s host name is not the same as the Web site s name Assigning a static IP address to each server s NIC If your cluster consists of Windows NT servers assign a static IP address to each server s...

Page 200: ...ompt For example nslookup wwwx company com nslookup nnn nnn nnn nnn where wwwx is the explicit server name and nnn represents the numeric values of that server s IP address To learn how to put a serve...

Page 201: ...maintenance support Note If you use Netscape Enterprise Server as your Web server you must create the cluster members before you delete the Web site IP addresses from the NIC For IIS you create cluste...

Page 202: ...boxes to apply your configuration and to close the Windows Control Panel 6 Reboot your system for these changes to take affect Adding your Web sites IP addresses to your Web server You must assign a u...

Page 203: ...and Highly Available Web Sites 181 2 Locate the Web server and expand its tree structure 3 Right click the Web site for which you want to configure the IP address and choose Properties The Web Site Pr...

Page 204: ...sed Web servers See the documentation that came with your Web server for specific procedures about how to configure Web site IP addresses on your server Verifying that the server s host name is not th...

Page 205: ...Chapter 6 Creating Scalable and Highly Available Web Sites 183 3 Click the DNS tab...

Page 206: ...environments today rely on firewalls to securely control access to proprietary knowledge that resides on public Internet sites internal intranet sites or private extranet sites You can configure Clust...

Page 207: ...icate with one another across firewalls Port 9129 for TCP and UDP access Opening port 9129 on a firewall allows the ClusterCATS Explorer to communicate with multiple distributed server clusters across...

Page 208: ...The ColdFusion v4 5 Setup program starts and displays the ColdFusion Setup Welcome page 5 Click Next in the Welcome and Software License Agreement dialog boxes The User Information dialog box appears...

Page 209: ...7 Accept or change the default destination folder and click Next The Select Web Server dialog box appears If your Web server is already installed the ColdFusion Setup program will automatically detec...

Page 210: ...tion and example code are installed in a subdirectory below the Web server s document directory The Select Install Options dialog box appears 10 If you ve already installed ColdFusion and just want to...

Page 211: ...3 Mount the CD ROM on cdrom cdrom0 if necessary If the Solaris Volume Manager is active you won t need to mount the CD 4 Type pkgadd d cdrom cdrom0 to start the installation process 5 Enter cfusion at...

Page 212: ...directory is docroot 13 Do not install Advanced Security at this time enter n when prompted and press Enter 14 Enter the password you want to use to access the ColdFusion Administrator which allows y...

Page 213: ...ides or provide a different location and press Enter The default location is etc httpd conf 9 Press Enter to have ClusterCATS monitor all cluster members servers for failures 10 If you want ClusterCAT...

Page 214: ...ne and configure required load balancing and high availability features for your server clusters Note While you can create server clusters manually using the ClusterCATS Explorer menu options it s eas...

Page 215: ...oose Cluster Setup Wizard from the Configure menu Alternatively you can click the Cluster Setup Wizard icon that appears in the tool bar The Create New Cluster dialog box appears 3 Enter a name for yo...

Page 216: ...4 Click Add to add available Web servers to your cluster The Add New Server dialog box appears 5 Enter the fully qualified TCP IP host name of a Web server in the New Web Server Name field for exampl...

Page 217: ...7 Select the ClusterCATS Maintenance Support check box to enable support for offline maintenance 8 Enter the fully qualified host name of the maintenance address for example serv1 yourcompany com in t...

Page 218: ...performance 13 Click Next The Alert Notification dialog box appears 14 Enter the name of your outbound SMTP mail server in the SMTP Mail Server field and the e mail address for a recipient of cluster...

Page 219: ...that are different If there are multiple recipients for the same alert event separate your e mail address entries with commas Click OK to return to the Alarm Notifications dialog box and then Click N...

Page 220: ...vice in addition to ClusterCATS to manage and distribute load enter the name of the Web site that this device supports for example www yourcompany com and click Next 19 Click Finish ClusterCATS create...

Page 221: ...vironment Creating clusters manually If you do not want to create your clusters using the Cluster Setup Wizard you can create them manually To create clusters manually using the ClusterCATS Explorer 1...

Page 222: ...Manager 5 If you are not configuring this Web server for offline maintenance support go to step 8 However if you already configured this Web server with a maintenance IP address as described in Config...

Page 223: ...eleting cluster members You add servers to and delete servers from a cluster one at a time using the ClusterCATS Explorer To add a cluster member to a cluster 1 Open the ClusterCATS Explorer and selec...

Page 224: ...ster member to the cluster If you need help in configuring the maintenance IP address see Assigning a static IP address to each server s NIC on page 177 Offline maintenance support is only available o...

Page 225: ...features perform the following tasks before activating them Configuring server load thresholds Configuring session aware load balancing Configuring ColdFusion probes Integrating ClusterCATS with load...

Page 226: ...By default the Peak load threshold is 90 and the Gradual Redirection threshold is 70 These default settings adequately handle HTTP traffic going across most Web sites However if your Web site is part...

Page 227: ...r apart so that there is a differential of at least 10 between the two threshold values 6 Click OK to apply your new threshold settings Viewing a cluster s load status ColdFusion reports its load data...

Page 228: ...sual display To set or change threshold settings using this method you use your mouse to drag the Peak and Gradual Redirection threshold lines to their desired settings instead of entering numeric val...

Page 229: ...correctly To overcome this problem ClusterCATS provides a session aware load balancing feature that lets you maintain application state in a clustered environment Using session variables and session a...

Page 230: ...r for which you want to enable session aware load balancing and choose Administration from the Configure menu Alternatively you can right click on the cluster and select Configure Administration The C...

Page 231: ...s requests to other available servers in the cluster The restricted server will become available as soon as the probe returns a valid value Additionally if the ColdFusion Server ever hangs or fails Cl...

Page 232: ...llation directory 7 In the Startup Parameters field replace URL with the actual URL of the site you want the probe to access and replace success string with a text string that appears on a page on the...

Page 233: ...etwork congestion for example rather than detecting an actual failure on the ColdFusion Server Allaire recommends you set your Timeout and Frequency intervals to 120 seconds 10 Click Register to creat...

Page 234: ...f the Gradual Redirection load threshold when using these two load balancing technologies together See Configuring server load thresholds on page 203 for turning off gradual redirection This section d...

Page 235: ...perties from the Cluster menu or choose Administration from the Configure menu Both menu selections display the Properties dialog box The Properties dialog box appears 8 Select the Load Balance tab an...

Page 236: ...explicit real servers on the LocalDirector box in the Bind ID field In order for the ClusterCATS LocalDirector integration to work as intended the server name port number and bind ID combination must...

Page 237: ...on packet flow while ClusterCATS monitors ColdFusion load and availability If ClusterCATS detects that the ColdFusion Server is becoming overloaded it will supersede the load balancing device and red...

Page 238: ...e person you want to receive e mail notification of the event 4 Repeat step 3 for each event you want to be notified about Click Propagate to send all notifications to the same e mail address 5 Enter...

Page 239: ...e mail Sends an automatic e mail nightly to Allaire s Technical Support team that contains basic configuration information about your cluster This information enables Allaire to provide optimal suppo...

Page 240: ...ou enable the ClusterCATS administration security for a specific cluster only authorized users are able to access and administer that cluster using their ClusterCATS Explorer ClusterCATS provides thre...

Page 241: ...l users of a server must have an account on the server where the Web server resides For example if a cluster includes several Web servers and you only have an account on one then you can only administ...

Page 242: ...authenticate administrators that have been added to a Windows NT domain user group Note This authentication mode can only be used on NT servers Before you can enable NT domain authentication on any sp...

Page 243: ...and description for the group in the applicable fields Your global group name must be BT_clustername where clustername is the name of your ClusterCATS cluster 4 Click Add to add the administrators yo...

Page 244: ...use ClusterCATS Explorer to view and administer clusters using the ClusterCATS Explorer Disabling authentication Disabled authentication lets any user use the ClusterCATS Explorer to create configure...

Page 245: ...Common Cluster Administration Tasks After you ve created your clusters and configured them with load balancing and high availability features they ll likely run inconspicuously in your environment fo...

Page 246: ...y to that server without any ClusterCATS processing To change a cluster member s state from Active to Passive 1 Open the ClusterCATS Explorer select a cluster member and choose State from the Configur...

Page 247: ...Within the Server Access area of the dialog select Restricted This option ensures that HTTP requests sent explicitly to the specific cluster member are redirected to another server within the cluster...

Page 248: ...S Explorer and select a cluster member that you want to update 2 Right click the cluster member and choose Configure Load The Properties dialog box appears for the selected cluster member with the Loa...

Page 249: ...227 6 Click the BT Service Status button to display the Manage ClusterCATS Services dialog box 7 Stop the ClusterCATS service by selecting the Stopped option and enter 10 minutes in the Drain Down Per...

Page 250: ...explains how to restrict an active cluster member so that you can make necessary updates To update an existing cluster member with new software or content 1 Perform steps 1 through 8 in Putting a clu...

Page 251: ...r 6 To initially limit the amount of HTTP traffic sent to the server return to the ClusterCATS Explorer and reconfigure the cluster member s Peak Load threshold to a low value like 10 7 Click OK 8 Wit...

Page 252: ...ration to its original pre clustered state You can only do this by using the ClusterCATS Server Administrator that is installed on each cluster member Using the ClusterCATS Explorer to delete cluster...

Page 253: ...TS Web Explorer It allows administrators in UNIX only environments to use a graphical cross platform Web based utility to create configure and administer ClusterCATS clusters You can only install the...

Page 254: ...can only access the ClusterCATS Web Explorer through the defined communications port on your Web server You configure this user defined port using the Netscape Enterprise Server Administrator not the...

Page 255: ...ur user name and password in the appropriate fields and click OK Note The default user name and password is admin The ClusterCATS Web Explorer opens Creating clusters 1 From within the open Web Explor...

Page 256: ...ort Web and so on 3 Enter the fully qualified host name for example doc allaire com in the Web Server Name field for the first server you want to be a member of this cluster Note You cannot create an...

Page 257: ...eb Sites 235 Adding cluster members 1 Open the ClusterCATS Web Explorer if it s not already opened 2 Click the Add Server link The Add Server page appears 3 Enter the fully qualified host name for exa...

Page 258: ...ster the cluster is also deleted and you are returned to the default page of the ClusterCATS Web Explorer If you want to delete a cluster you must delete all of its members Configuring server load thr...

Page 259: ...of your cluster members perform the following procedures To configure Peak and Gradual Redirection thresholds 1 Open the ClusterCATS Web Explorer if it s not already open 2 Click the Show Cluster link...

Page 260: ...usion Server 4 Click the Server Attributes link The Connect to Server page appears 5 Select the server you want to connect to from the Web Server Name drop down box and click OK The selected server s...

Page 261: ...appears for the selected server 7 Enter new values in the Standard and Gradual Load Threshold fields and click OK If you want the server to be able to handle as much load as possible set both threshol...

Page 262: ...URL over periodic intervals and verifies its validity against a user defined string that is contained in the returned page If the validation test succeeds inbound HTTP requests will continue to be sen...

Page 263: ...241 3 Enter the fully qualified host name of the server for which you want to configure the ColdFusion probe in the Web Server Name field and click OK The Cluster Member List page appears 4 Click the...

Page 264: ...Server 5 Select the server you want to connect to from the Web Server Name drop down box and click OK The selected server s Properties page appears 6 Click the ColdFusion Probe link The ColdFusion Ap...

Page 265: ...Server on detecting a failure However remove it if you do not want ClusterCATS to be able to automatically restart the ColdFusion Server upon detecting a failure 10 If you want longer intervals for h...

Page 266: ...page Absolute hyperlinks route the HTTP request back to the cluster entry point and redirect requests according to the current load threshold without regard to the state of the requesting client To a...

Page 267: ...e Web Sites 245 4 Click the Administration link under Cluster Attributes The Cluster Administration page appears 5 Enable the Session Aware Load Balancing check box and click OK Session aware load bal...

Page 268: ...e You cannot integrate ClusterCATS with Cisco LocalDirector using the Web Explorer This capability is only available in the Windows based ClusterCATS Explorer To integrate your clusters with a load ba...

Page 269: ...utes The Cluster Administration page appears 5 In the Load Balancing Product field enter the URL of the Web site for which the load balancing product has been set up to manage HTTP traffic 6 Click OK...

Page 270: ...event triggers the alarm you are notified by e mail To configure administrator alarm notifications 1 Open ClusterCATS Web Explorer if it s not already open 2 Click the Show Cluster link The Show Clust...

Page 271: ...ink The Alarm Notification page appears 5 Enter the e mail address of the person you want to be notified about the occurrence of an event in that event s corresponding field If you want multiple peopl...

Page 272: ...name and IP address of each server in the cluster Files total number of files in the Web servers root directory Disk space total amount of disk space used and remaining on the system drive that conta...

Page 273: ...tes 251 3 Enter the fully qualified host name of a server for which you want to configure administrator e mail support in the Web Server Name field and click OK The Cluster Member List page appears 4...

Page 274: ...elivered in the SMTP Gateway field and click OK The ClusterCATS Report and Support e mail options are enabled Configuring administrator authentication Using the Web Explorer you can configure two admi...

Page 275: ...e Show Cluster link The Show Cluster page appears 3 Enter the fully qualified host name of the server for which you want to configure administrator authentication in the Web Server Name field and clic...

Page 276: ...dvertently lock yourself out of the cluster Changing cluster members state All cluster members are added to a cluster in Active state by default In Active state ClusterCATS provides availability and f...

Page 277: ...from Active to Passive 1 Open ClusterCATS Web Explorer if it s not already open 2 Click the Show Cluster link The Show Cluster page appears 3 Enter the fully qualified host name of the server that yo...

Page 278: ...Server 4 Click the Server Attributes link under Other The Connect to Server page appears 5 Select the server you want to connect to from the Web Server Name drop down box and click OK The selected ser...

Page 279: ...ars for the selected server 7 Select Active or Passive from the State drop down box and click OK If you selected Passive the ClusterCATS load balancing and failover capabilities are now disabled for t...

Page 280: ...ns including server maintenance server software updates and as a load management method To restrict an active cluster member from receiving HTTP requests 1 Open ClusterCATS Web Explorer if it s not al...

Page 281: ...lable Web Sites 259 4 Click the Server Attributes link under Other The Connect to Server page appears 5 Select the server you want to connect to from the Web Server Name drop down box and click OK The...

Page 282: ...er Administration page appears for the selected server 7 Select Restricted from the Restriction Status drop down box and click OK The selected server will no longer participate in the cluster and will...

Page 283: ...ity to Start and stop daemons Configure ClusterCATS options Enable and disable options Show and reset clusters Display btadmin online help Start and stop daemons Use the following command line syntax...

Page 284: ...S options btadmin enable disable option You can enable or disable the following ClusterCATS options with btadmin Below are examples of how you enable and disable ClusterCATS options with the btadmin u...

Page 285: ...syntax to start and stop a Netscape or Apache Web server bt start server bt stop server f Note Use the f option to stop the Web server without being prompted for confirmation btcfgchk utility The btc...

Page 286: ...e domain name Make sure no typos appear in these names in your DNS definitions both on the DNS server and on each cluster member s DNS definition To verify that the host name is correct enter the foll...

Page 287: ...in name or does not map to configured IP address The host name maps to more than one IP address round robin DNS or maps to an IP address not found on this machine Use the ClusterCATS hostinfo utility...

Page 288: ...of the DNS table and the round robin addresses appear under the Addresses section sniff utility The sniff utility is a network management tool that displays the packets that a specific Network Interf...

Page 289: ...ations ability to scale and perform To learn more about these and other related topics in greater detail consult additional resources The following list of technology white papers books and other Web...

Page 290: ...site at http www itmcenter com Books The following books provide excellent detailed information on Web scalability failover and performance issues Derfler Frank and Steve Rigney TCP IP A Survival Gui...

Page 291: ...g CGI with ColdFusion This chapter describes how to use ColdFusion with a Web server that does not support one of the major APIs Contents CGI vs Web Server APIs 270 Limitations of CGI 270 Referencing...

Page 292: ...sion application server through a DLL In addition to introducing server APIs many server vendors have created document type mapping so that individual document extensions can be associated with a proc...

Page 293: ...ation page file to use in processing the request To pass parameters to the script you append a to it and then specify a list of parameters in a key value format delimited by the character For example...

Page 294: ...only specify myquery cfm to refer to it If you create subdirectories within the cfdocs directory you can reference application pages within them using their subdirectory names For example if you put...

Page 295: ...usion Server Basic and Advanced security features that allow you to protect a wide variety of ColdFusion resources Contents Why Is ColdFusion Security Important 274 Types of ColdFusion Security 275 Ch...

Page 296: ...orized access The risk of exposing sensitive information to unauthorized users is the biggest and most complex security risk because the Internet effectively links every computer to one large network...

Page 297: ...prise editions include Advanced Security features that provide scalable granular security for building and deploying your ColdFusion applications Application development Control access to files data s...

Page 298: ...ity is never absolute Technology is fast evolving and the Web is by nature an environment that favors openness and access over privacy and security You should regularly review your security plans to m...

Page 299: ...dvanced security on application development and deployment and on administrative access to ColdFusion Server Remember that when you select Basic or Advanced security you re making a global choice that...

Page 300: ...iguration than using Basic security but the benefits you ll see in streamlined development processes are well worth the time you ll invest With Advanced security you must specify the data sources and...

Page 301: ...developers don t need to create customized directories or databases to authenticate users Advanced Security can automatically authenticate users against existing LDAP directories NT domains or ODBC da...

Page 302: ...ay be desirable if you re implementing ColdFusion in a small group where no one person is a designated administrator and everyone pitches in with administrative tasks The liabilities of using Basic se...

Page 303: ...security bulletins and technical briefs that provide information about issues Allaire believes are significant The Security Zone also contains an extensive list of non Allaire sites where you can go...

Page 304: ...282 Administering ColdFusion Server...

Page 305: ...ver resources with password access This chapter describes configuration options for basic ColdFusion security Contents About Basic Security 284 Configuring Basic Remote Development Security 284 ColdFu...

Page 306: ...he first time you are prompted to enter the password We recommend that you continue to use Administrator security until you complete the ColdFusion server configuration Once you ve determined your sec...

Page 307: ...tive Drivers page configure ColdFusion settings to allow only certain SQL operations such as SELECT and INSERT in interactions with the data source ColdFusion Remote Development Services RDS ColdFusio...

Page 308: ...network drives Access is determined by the network permissions of user logged into workstation where Studio is being run FTP based Connects to an FTP server running on same machine as the target web...

Page 309: ...abase and file access from Studio Separate Studio and Administrator passwords allow you to separate access control to ColdFusion data sources and files and Administrator pages Note Whenever you make a...

Page 310: ...Basic Security link You see the Basic Server Security Page 2 Under Tag Restrictions remove the check mark from the check box that appears in front of each tag you want to disable You can block executi...

Page 311: ...rity Implementations 294 Creating an Advanced Security Framework 297 Installing Advanced Security 298 Setting Up a Security Server 299 Defining User Directories 301 Defining a Security Context 304 Spe...

Page 312: ...Basic security which automatcally password protects your resources Advanced security provides a self enforced security framework that must be explicitly enforced by developers in the applications they...

Page 313: ...ColdFusion applications Using existing NT or LDAP provides an added bonus User groups to whom you assign security priveleges automatically inherit changes to group membership no additional maintenanc...

Page 314: ...ss rights to a set of users A policy matches resources to users or user groups that is it grants a group of users access to specified resources For example you can create a policy that gives members o...

Page 315: ...ral applications If you are deploying a more complex application you may need to create more than one security context for that application alone If you re managing a fairly small homogeneous group of...

Page 316: ...uring Applications with User Security User Security authenticates users in a ColdFusion application and then assigns privileges based on the applicable ColdFusion security context For example suppose...

Page 317: ...ould only be able to access the data source pi_dsn and the files in the directory c development pi The Gamma team should only be able to access the data source gamma_dsn and the files in the c develop...

Page 318: ...on is generally necessary to set up ColdFusion Server for your application In some cases it s feasible for a single person to perform all the necessary administrative tasks Many times though you ll wa...

Page 319: ...andbox or administrator security you ll follow the same basic steps for creating the framework 1 Set up the security server See Setting Up a Security Server on page 299 for more information 2 Set up u...

Page 320: ...ust choose the Advanced Security option when installing ColdFusion 4 0 See Chapter 1 Installing and Configuring ColdFusion on page 1 for more information about installing ColdFusion Server To install...

Page 321: ...the other servers in the cluster all point to the security server to authenticate and authorize users and groups You can only administer Advanced security from the security server You can t administe...

Page 322: ...ty information You can load this cache at startup By default it is notified of administrative changes to the policy store once every minute The information stored in this cache is used to determine if...

Page 323: ...tricted for use in conjunction with security access control policy storage and user authentication and cannot be used for any other purpose Only Netscape supplied Directory Server administration tools...

Page 324: ...bled when accessing an LDAP server over Secure Sockets Layer SSL 7 Leave the Add User Directory to Existing Security Context check box selected to add users from this user directory to existing securi...

Page 325: ...ow these steps to use this sample database to test the ODBC username password authentication 1 Use the ColdFusion Administrator to create an ODBC data source using the Microsoft Access ODBC driver Be...

Page 326: ...Each ODBC data source you use for authenticating users requires a section of the same name in this INI file The section must contain the appropriate SQL statements to authenticate users You can use th...

Page 327: ...es and policies for this context Specifying Resources to Protect When you define a security context you specify the types of resources to protect for example files and directories Now you must specify...

Page 328: ...alog are different for each resource type For example if you select CFML Tags you see a drop down list that contains all the ColdFusion tags if you select Files and Directories you see a text box wher...

Page 329: ...in ColdFusion Studio See Securing Resources with RDS Security on page 295 to learn about RDS security concepts In order to implement RDS security you must use the ColdFusion Administrator to 1 Set up...

Page 330: ...IsAuthenticated and IsAuthorized functions enable developers to offer or deny access based on the established security policies Remember that nothing you configured in the ColdFusion Administrator tak...

Page 331: ...ased on priveleges assigned through a Windows NT domain Choosing Security Context protects ColdFusion resources based on priveleges assigned through a security context 8 Click Add You see the New Sand...

Page 332: ...Admin Note Before you can configure ColdFusion Administrator security you must know how to create a user directory If you don t know how to create a user directory see Defining User Directories on pa...

Page 333: ...ple shows you how to limit ColdFusion Studio access to a specific set of files and or data sources on a remote server based on username password authentication For this example assume you are responsi...

Page 334: ...For an NT user directory enter the server name in the form domain_name server_name 2 Enter the server name or a TCP IP address for the LDAP option If you specifiy an LDAP directory you can fill out th...

Page 335: ...Current Security Context drop down box 3 In the Resource Browser select DATASOURCE and then click the Add Resource button at the bottom of the page You see the Add Resource dialog 4 Enter the asterisk...

Page 336: ...rized to access any files or data sources in the RDSService security context All of these resources have been protected with the wildcard rule and no one has been granted permission to access them To...

Page 337: ...rs and groups to the policies you created To add users and groups to policies 1 From the Policy page select the MARS policy and click the Users button The Users page indicates that no users are curren...

Page 338: ...the Use Security Server Cache check box on the Advanced Server Security page to improve the performance of the authentication process Now when a user authenticates from ColdFusion Studio to this RDS h...

Page 339: ...umented tags and functions more widely known The availability of the undocumented tags potentially gives developers who have permission to place applications on a ColdFusion server the ability to gain...

Page 340: ...ColdFusion SMTP mail server CFUSION_GETODBCINI Gets ODBC data source information from the Registry CFUSION_SETODBCINI Sets ODBC data source information in the Registry CFUSION_GETODBCDSN Gets the ODBC...

Page 341: ...failure 216 notification frequency 216 Probe failure 217 server busy 216 server unreachable 217 alarms ClusterCATS failover 217 types defined 216 Allaire xx contacting xx headquarters xx sales xxi tec...

Page 342: ...eating clusters with Setup Wizard 192 defined 155 deleting a cluster 203 deleting members from clusters 202 disabling administrator authentication 222 252 ease of use features 156 email support option...

Page 343: ...ing 66 purging 66 repairing 66 Common failures 146 Configuring Apache on Solaris 20 22 Apache on Windows 12 cluster maintenance mode 225 cluster member states 224 ColdFusion Probe 208 ColdFusion user...

Page 344: ...s defined 140 round robin 152 round robin distribution 166 sample table entries 141 server aliases 140 tables with round robin enabled 166 troubleshooting 267 using hostinfo utility 265 zones and doma...

Page 345: ...g problems 143 reasons to perform 142 Web applications 142 Load thresholds adjusting graphically 206 configuration 203 236 configuring Peak and Gradual Redirection 204 Gradual Redirection 204 Peak 204...

Page 346: ...edirection load thresholds configuring 204 Redundancy ensuring corrective actions 149 models 148 planning 148 systems monitoring 148 Redundancy models Parallel Servers 148 Primary Backup 148 Referenci...

Page 347: ...rver unreachable alarm 217 Server utilities administering clusters with 261 Server variables 55 server log file 58 Server OS BuildNumber 55 56 Server OS Name 55 56 Server OS Version 55 Session scope 5...

Page 348: ...Server on Solaris 162 Web Explorer 163 Windows Explorer 163 Verifying data sources 85 105 Verity Administrator page 64 creating a collection 64 deleting collections 66 indexing data 64 Version inform...

Page 349: ...linear 131 load management factors 132 performance factors 130 webserver log file 57 WebSite 270 Website API WSAPI 270 Windows 95 starting ColdFusion 34 Windows NT domain authentication for clusterin...

Page 350: ...328 Administering ColdFusion Server...

Reviews:

No comments

Related manuals for COLDFUSION 4.5-ADMINISTRING COLDFUSION...

DAVIS Vantage Pro2 Updater Getting Started Manual preview
Vantage Pro2 Updater
Brand: DAVIS Pages: 12
AMX RMS Administrator'S Manual preview
RMS
Brand: AMX Pages: 212
Xante PlateRunner P24 Processor Supplementary Manual preview
PlateRunner P24 Processor
Brand: Xante Pages: 6
Acer ASM Pro Installation Manual preview
ASM Pro
Brand: Acer Pages: 20
Acer eConsole User Manual preview
eConsole
Brand: Acer Pages: 33
Acer Destinator PN User Manual preview
Destinator PN
Brand: Acer Pages: 118
Sharp REACH User Manual preview
REACH
Brand: Sharp Pages: 16
Sharp AR-P17 Software setupg guide Software Setup Manual preview
AR-P17 Software setupg guide
Brand: Sharp Pages: 22
Sharp Qtopia Desktop Operation Manual preview
Qtopia Desktop
Brand: Sharp Pages: 39
Sharp FO-NS2 Operation Manual preview
FO-NS2
Brand: Sharp Pages: 43
Sharp AR-NB2A Online Manual preview
AR-NB2A
Brand: Sharp Pages: 48
Sharp MXUSX5 - Desk - PC User Manual preview
MXUSX5 - Desk - PC
Brand: Sharp Pages: 91
Sharp e-Copy ShareScan OP 3.0 Configuration Manual preview
e-Copy ShareScan OP 3.0
Brand: Sharp Pages: 144
Sharp PenCell IQ-9B01 Operation Manual preview
PenCell IQ-9B01
Brand: Sharp Pages: 247
FieldServer FS-8704-01 Driver Manual preview
FS-8704-01
Brand: FieldServer Pages: 12
Applied Biosystems Data Explorer 4 Series User Manual preview
Data Explorer 4 Series
Brand: Applied Biosystems Pages: 447
RADVision OnLAN User Manual preview
OnLAN
Brand: RADVision Pages: 12
Xilinx LogiCORE Endpoint v2.4 User Manual preview
LogiCORE Endpoint v2.4
Brand: Xilinx Pages: 172

Brands by name

Popular brands

Load more brands