Seminar on Server, Network and Security for WebSAMS
Download
Report
Transcript Seminar on Server, Network and Security for WebSAMS
Seminar on Server, Network and Security for WebSAMS
WebSAMS Architecture
WebSAMS Requirements
WebSAMS server can access Internet without passing
through proxy
WebSAMS server can access HTTPS web site, e.g.:
HTTP server can access internet without passing
through proxy
Support NAT port mapping, e.g.:
E.g. www.hsbc.com.hk logon
202.123.219.100 10.128.15.150
TCP 80,443,7010
Allow traffic from DMZ HTTP to WebSAMS server
Sep 2014
TCP 8009
TCP 7009
TCP 8109 (1 Server 2 WebSAMS)
Seminar on Server, Network and Security for WebSAMS
B-3
Network Architecture
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B-4
Network Architecture (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B-5
Network Architecture ( cont’d )
3 types of WebSAMS users
WebSAMS user
ITED user
Internet user
HTTP server is simply a relay server which forwards
all the requests to the WebSAMS server
The HTTP server itself does not store any data
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B-6
Network Architecture ( cont’d )
Accessing WebSAMS by URL
Determined by Domain Name Server (DNS)
Accessing the WebSAMS server from different subnets
or networks will use different IP addresses
Examples:
WebSAMS users:
ITED users:
websams.schabc.edu.hk => 10.128.15.150 / 192.168.0.3
Internet users:
Sep 2014
websams.schabc.edu.hk => 10.128.30.150
websams.schabc.edu.hk => 202.123.219.100
Seminar on Server, Network and Security for WebSAMS
B-7
Network Architecture ( cont’d )
Router ( between WebSAMS and ITED )
HTTP Server connect to WebSAMS server
WebSAMS server can access Internet without passing
through proxy
Sep 2014
Using TCP 8009 for production
Using TCP 7009 for training
Using TCP 8109 for 1 server 2 SAMS
TCP 80 ( HTTP )
TCP 443 ( HTTPS )
TCP/UDP 53 ( DNS )
TCP 25 ( SMTP )
TCP 110 ( POP3 )
Seminar on Server, Network and Security for WebSAMS
B-8
Network Architecture ( cont’d )
Internet Gateway
Support NAT ( Network Address Translation )
Port mapping
Sep 2014
TCP 80
TCP 443
TCP 7010
Seminar on Server, Network and Security for WebSAMS
B-9
Internet Gateway
Separate Internet and ITED
2 interfaces - one for real IP and another for internal IP
It could be:
Hardware firewall ( e.g. SonicWALL , Cisco PIX,
Netscreen, CheckPoint, and so on … )
Proxy server with NAT function
Router with NAT function
Linux server ( 2 interface cards , using iptables or
ipchains + ipmasqadm )
Windows server ( 2 interface cards , using ISA or
routing and remote access )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 10
DMZ
It is called “Demilitarized Zone”
A separated area between Internet and Local
Area Network
Internet gateway should have at least 3
interfaces to support DMZ
Provide services opened to public
Aggregate servers, such as FTP server, Web
server, and so on, in a restricted area
Help to minimize impact to LAN in case of school
network being hacked
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 11
Backup
WebSAMS Backup Schedule
Pre-backup Backup Post-backup
From about 00:00 am to 06:00 am
Flow of Scheduled Backup:
Sep 2014
Stop WebSAMS engine
Backup
Minor upgrade (Minor version update for WebSAMS)
Housekeep WebSAMS application log files
Seminar on Server, Network and Security for WebSAMS
B - 12
Backup Job Workflow
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 13
Pre-backup
D:\WebSAMS3.0\batch\pre_backup.bat
15 mins
Stop JBoss, database, Apache
Make copy of WebSAMS data
Sep 2014
E:\data\<SUID>\database
Seminar on Server, Network and Security for WebSAMS
B - 14
Post-backup
D:\WebSAMS3.0\batch\post_backup.bat
Housekeep Apache log files
Housekeep WebSAMS server log files ( older than 30
days )
E:\data\CDS\<dest_id>\system\log\
Housekeep Report temp log files
D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\log
Housekeep CDS log ( More than 30 days )
D:\WebSAMS3.0\Apache\logs\
E:\data\<SUID>\rpt\temp
Start database , JBoss , Apache
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 15
Backup approach
Back up the disk image of the
whole WebSAMS server including
C, D and E drives
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 16
NAT and Configuration
What is NAT ?
Network Address Translation ( NAT )
Translate the IP address from one network to other
network
Typically one is inside and one is outside
Port mapping function
Reference: RFC 1631
Sep 2014
http://www.faqs.org/rfcs/rfc1631.html
Seminar on Server, Network and Security for WebSAMS
B - 18
WebSAMS segment access Internet
Access Internet directly not through the Proxy
server
Involved equipment
Sep 2014
WebSAMS router
Internet Gateway
ISP
Seminar on Server, Network and Security for WebSAMS
B - 19
Network Settings on WebSAMS server
Under Windows Server 2012
DHCP server setup
DNS server setup
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 20
DHCP server setup
Start > Administrative
Tools > DHCP
1
2
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 21
DHCP server setup ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 22
DHCP server setup ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 23
DHCP server setup ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 24
Internet DNS setup
Start > Administrative
Tools > DNS
1
2
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 25
Internal DNS setup
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 26
Internal DNS setup ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 27
Internal DNS setup ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 28
Internal DNS setup ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 29
Router Config
Modified default route
Example:
ip route 0.0.0.0 0.0.0.0 10.128.15.253
ACL modification
Example:
Sep 2014
access-list 101 permit tcp any 10.128.30.0 0.0.0.255 gt 1023 established
access-list 101 permit udp any 10.128.30.0 0.0.0.255 gt 1023
access-list 101 permit icmp any 10.128.30.0 0.0.0.255 echo-reply
access-list 101 permit icmp any host 10.128.30.150 packet-too-big
access-list 101 permit tcp host 172.16.0.150 host 10.128.30.150 eq 8009
access-list 101 permit tcp host 172.16.0.150 host 10.128.30.150 eq 7009
access-list 101 deny ip any any log
Seminar on Server, Network and Security for WebSAMS
B - 30
Security and Maintenance
Routine tasks performed
Daily Tasks
Check apache log
D:\WebSAMS3.0\Apache\logs\
Check Virus scanning log
Check JBoss log
D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\log\
Check version Upgrade Log
E:\temp\wsup1\yyyyMMdd.HHmm\
Check NAS backup log
Backup rotation
Check firewall log
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 32
Routine tasks performed ( cont’d )
Weekly Tasks
Backup rotation
Check free space of NAS and WebSAMS Server
Check Windows Event Viewer
Monthly Tasks
Sep 2014
Reboot WebSAMS Server
Reboot HTTP Server
Seminar on Server, Network and Security for WebSAMS
B - 33
Log checking
Windows Event Viewer log
Apache log
D:\WebSAMS3.0\Apache\logs\
access.log-<dd-MM-yyyy> ( http request log )
errors.log-<dd-MM-yyyy> ( error log )
Virus Scanning log
Backup Log
To check whether the pre-backup tasks have been run
successfully (E:\data\<SUID>\Log\DB)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 34
HTTP log checking
/var/log/messages
/var/log/
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 35
HTTP log checking ( cont’d )
All logs in anti-virus:
Sep 2014
https://websams.school.edu.hk:14943
Virus Logs, Spyware Logs, Scan Logs & System Logs
/var/log/TrendMicro/SProtectLinux/
Seminar on Server, Network and Security for WebSAMS
B - 36
HTTP log checking ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 37
WebSAMS program log ( server.log )
D:\WebSAMS3.0\JBoss-as7.1.1.Final\standalone\log\server.log
Severity
Time Stamp
Sep 2014
Message
Seminar on Server, Network and Security for WebSAMS
B - 38
WebSAMS upgrade log
E:\temp\wsup1\yyyyMMdd.HHmm\websams_upgrade
.log
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 39
Upgrade log ( cont’d )
Upgrade Success sample :
Upgrade Fail sample :
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 40
Firewall Log Screen
Hardware Firewall Log Screen
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 41
Housekeeping
Housekeep the WebSAMS server files
Housekeep the WebSAMS upgrade backup files
Clear the Java Web Start cache
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 42
Housekeep WebSAMS files
WebSAMS Server
Windows Event log
WebSAMS Apache logs
D:\WebSAMS3.0\Apache\logs\access.log
D:\WebSAMS3.0\Apache\logs\error.log
WebSAMS JBoss Cache
D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\tmp\vfs\*
D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\tmp\work\*
Sep 2014
Backup software log
Seminar on Server, Network and Security for WebSAMS
B - 43
Housekeep WebSAMS files
Linux HTTP server
Apache log
(/var/log/apache2/access_log_80, 443, 7010)
Error log
(/var/log/apache2/error_log_80, 443, 7010)
System log
(/var/log/messages)
Virus scan log
(/var/log/TrendMicro/SProtectLinux/Virus.yyyyMMdd.#### )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 44
Housekeep WebSAMS upgrade backup files
E:\temp\wsup1\<yyyyMMdd.HHmm>\*
E:\temp\wsup2\<yyyyMMdd.HHmm>\*
(For 2nd instance of 1 Server 2 WebSAMS)
E:\temp\training\<yyyyMMdd.HHmm>\*
Files and directories are saved under
<yyyyMMdd.HHmm> folder, and the latest folder
should be kept for tracking purpose.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 45
Clear Java Web Start cache
Go to Windows Control Panel Java
General tab [Setting…] [Delete Files…]
1.
2.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 46
Clear Java Web Start cache (cont’d)
3.
Sep 2014
4.
Seminar on Server, Network and Security for WebSAMS
B - 47
Backup Rotation Configuration
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 48
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 49
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 50
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 51
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 52
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 53
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 54
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 55
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 56
Backup Rotation Configuration (cont’d)
After the time of schedule
job – Pre_backup.bat
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 57
Backup Rotation Configuration (cont’d)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 58
Ad-hoc tasks
Ad-hoc database backup
Ad-hoc training database backup
Back up in HTTP server
Manually back up WebSAMS server D: and E: to other
computer
Change Password
Sep 2014
OS System administrator
WebSAMS login account “sysadmin” and “asysadmin”
HTTP root
Seminar on Server, Network and Security for WebSAMS
B - 59
Ad-hoc task ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 60
Ad-hoc database backup
Ad-hoc database backup
It will stop database and JBoss automatically
It also will start up after finish
It will back up:
CDS files
User upload files
Database files
User upload report template files
E:\data\<SUID>\database\adhoc\
Check the “Backup Log” to see whether success or not
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 61
Ad-hoc task ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 62
Ad-hoc task ( cont’d )
Ah-hoc Production Database backup path
E:\data\<suid>\database\adhoc\
Ah-hoc Training Database backup path
Sep 2014
E:\Data\9999\database\backup_snapshot\
Seminar on Server, Network and Security for WebSAMS
B - 63
Backup in HTTP Server
Back up the New (SUSE Linux Enterprise 11) HTTP
server setting to text file; save it into a floppy or a USB
drive
Use command “grepconfig”.
(For 1 Server 2 WebSAMS environment, use “grepconfig_1s2s”)
Run the command when HTTP server is running in good
condition
Those files can be copied to any Windows storage for
backup purpose
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 64
Backup in HTTP Server ( cont’d )
Step 1 : Log in HTTP server as root
Step 2 : Type command “grepconfig”
Step 3 : Press “Y” in the following screen
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 65
Backup in HTTP Server ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 66
Backup in HTTP Server ( cont’d )
Step 4: Press “0” if all information is correct
Step 5: Press “Y” to confirm in the following screen
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 67
Internet Security
Only open WebSAMS to Internet access for a specific
period when necessary:
1. Restrict the time for accessing WebSAMS from clients
outside SAMS LAN segment at “Security > Configuration
> System Configuration”
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 68
Internet Security ( cont’d )
2. Set up specific “Internet Access Time Profile” to further
control the access time for particular user clients
outside SAMS LAN segment at “Security > Access
Control > Internet Access Time Profile”
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 69
Internet Security ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 70
Internet Security ( cont’d )
3. For more security, you may deny the access to port
TCP 443 in the Internet gateway
Sep 2014
In the firewall, deny the network accessing to port
TCP 443, except the IP addresses of the Primary &
Secondary CDS Servers to allow packets passing
through this port.
This action requires efforts from vendors or support
staff in school who possess special knowledge and
experience on security and firewall.
Seminar on Server, Network and Security for WebSAMS
B - 71
WebSAMS Server Security
Windows server policies and security best practices:
1. Local Security Policy
Start Control Panel ->
Administrative Tools ->
Local Security Policy
In Account Policies ->
Account Lockout
Policy, set Account
lockout threshold to “3”
invalid logon attempts
Set Account logout
Duration and also
Reset account lockout
counter after to “30
minutes”.
Sep 2014
2.
1.
3.
Seminar on Server, Network and Security for WebSAMS
B - 72
WebSAMS Server Security
In Local Policies ->
Audit Policy
Set Audit object
access security
setting to “Failure”
and also set Audit
system events
security setting to
“Success”
More policy settings
in Appendix 8 of
Installaiton
Guidelines for
WebSAMS 3.0
Sep 2014
1.
2.
3.
Seminar on Server, Network and Security for WebSAMS
B - 73
WebSAMS Server Security
2. User account
management
Start -> Control Panel
-> Administrative
Tools -> Computer
Management ->
System Tools ->
Local Users and
Groups -> Users ->
Administrator
On the General tab of
ALL user accounts
properties, uncheck
the Password never
expires checkbox.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 74
WebSAMS Server Security
3. Enable Screen Saver Timeout
Start -> Control Panel -> Display > Change screen saver
1.
2.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 75
WebSAMS Server Security
4. Enable Windows Firewall
Start -> Control Panel -> Windows Firewall > Advanced settings
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 76
WebSAMS Server Security
4. Enable Windows Firewall
Inbound Rules > new Rule…
1.
Sep 2014
2.
Seminar on Server, Network and Security for WebSAMS
B - 77
WebSAMS Server Security
4. Enable Windows Firewall
Rule Type > Port
1.
2.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 78
WebSAMS Server Security
4. Enable Windows Firewall
Protocol and Ports > TCP > Specific local ports:
80, 443, 8009, 7009, 3268, 7010, 7268 (Add 8109 & 9268 for 1
Server 2 WebSAMS only)
1.
2.
3.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 79
WebSAMS Server Security
4. Enable Windows Firewall
Action > Allow the connection
2.
1.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 80
WebSAMS Server Security
4. Enable Windows Firewall
Profile > Domain, Private & Public
2.
1.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 81
WebSAMS Server Security
4. Enable Windows Firewall
Name > WebSAMS > Finish
2.
1.
4.
3.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 82
IT System Security
All WebSAMS users are required to have their own
identities (i.e. user accounts)
Passwords should not be shared or divulged unless
necessary
For safeguarding WebSAMS security, please remind
to follow the guidelines of “IT Security in Schools”
(ITSS):
http://www.edb.gov.hk/FileManager/EN/Content_1619/it%20security
%20in%20schools.pdf
Regularly visit the Information Security website of
HKSAR ( http://www.infosec.gov.hk ) for updated
information of IT security
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 83
Trouble-shoot Case Studies
General trouble-shoot ( Helpdesk issues )
10 general issues frequently received
by WebSAMS Helpdesk:
1.
What is the meaning of “Restricted” in the upper frame of WebSAMS?
2.
ITED / Internet cannot access WebSAMS
3.
Unable to connect CDS
4.
Unable to back up
5.
How to setup WebSAMS client PC?
6.
ITED-access becomes Internet-access
7.
WebSAMS-access becomes ITED-access
8.
Generate report problem
9.
Fonts problem
10. Version upgrade problem
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 85
1. What is the meaning of “Restricted” in
the upper frame of WebSAMS?
Access to WebSAMS and the information / materials
contained therein are restricted to authorized users
only.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 86
2. ITED / Internet cannot access WebSAMS
Double check whether WebSAMS has been started ?
Test if WebSAMS segment works or not
Check whether ITED client PC has resolved the IP problem ?
DNS problem / DHCP problem
Proxy client
Check using “Internet Explorer” on the ITED client PC
Check whether the ITED client PC uses proxy in IE ?
Confirm whether HTTP server has been started up & the ‘Pass
Phrase’ has been entered?
Idle 25 seconds > rcapache2 restart
In HTTP server, do the test by typing:
Sep 2014
telnet <WebSAMS_server_IP> 8009
Seminar on Server, Network and Security for WebSAMS
B - 87
2. ITED / Internet cannot access WebSAMS
( cont’d )
Success Sample
Failure Sample
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 88
2. ITED / Internet cannot access WebSAMS
( cont’d )
If succeed, it must be ITED segment problem
If fail, it could be:
HTTP server crash
HTTP server wrong setting
WebSAMS’s router wrong setting ( or reset )
School firewall setting if HTTP server in DMZ
If it can load SSL prompt, that means HTTP
running smoothly.
Otherwise, it may be HTTP setting or router
setting problem
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 89
2. ITED / Internet cannot access WebSAMS
( cont’d )
ITED can access WebSAMS successfully but Internet
cannot. The problem is due to:
Internet Gateway problem ( port mapping )
HTTP server’s Default Gateway setting is wrong
Sep 2014
It should be set to the Internet Gateway which performs
port mapping
Type “route” in Linux command line to show default
gateway setting
Seminar on Server, Network and Security for WebSAMS
B - 90
3. Unable to connect CDS
It may be caused by:
Wrong Internet Gateway setting
Wrong WebSAMS router setting
In WebSAMS server, try to connect Internet without
passing through proxy
Go to (www.hsbc.com.hk) then click “logon” to test
whether https URL works or not;
Try to ping:
cdsx1.websams.edb.gov.hk and
cdsx2.websams.edb.gov.hk
Sep 2014
If fail, it may be DNS problem
Seminar on Server, Network and Security for WebSAMS
B - 91
3. Unable to connect CDS ( cont’d )
Nearly 95% of network problem with the message of
“Unable to connect CDS” cannot pass the above
testing
e.g. Internet Gateway did not allow WebSAMS server
access Internet
e.g. WebSAMS router setting had a wrong ACL or wrong
default route
A very special case may happen that CDS can send
but cannot receive messages.
Under our investigation , it may be caused by the ISP
and network setting
Solution :
Sep 2014
Implement “packet-too-big” into router setting
Seminar on Server, Network and Security for WebSAMS
B - 92
4. Unable to back up
Hardware failure or no free space of hard disk in NAS
Besides, over 95% of cases are due to the following 3 reasons :
Backup task is configured wrongly
Backup task spends too much time that causes
post_backup starting early than estimation
The administrator password in system does not
synchronize with one from backup batch jobs
For case 3 above, we need to :
Change the password in pre_backup , post_backup
Change the password in Backup software
All password settings must be same as system
administrator password
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 93
5. How to setup WebSAMS client PC?
It requires Windows Vista or above
Adobe Reader 10.0 or above supports Windows
Vista/7/8
Enable Hong Kong Supplementary Character Set
(HKSCS) in Windows Vista/7/8, refer to the 9th
question
IE 8.0 or above (better to apply latest version
according to Windows version)
For IE 10 or above, please add school’s
WebSAMS domain name to “Compatibility View
Setting” in IE Tools menu if WebSAMS version is
still 2.0. WebSAMS v3.0 had solved this problem.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 94
5. How to setup WebSAMS client PC?
( cont’d )
SAP Crystal Reports 2013 ( full installation )
SAP Sybase SQL Anywhere 16 ODBC Driver (32-bit)
How to get ODBC Driver ?
Available in the installation CD of SAP Sybase SQL
Anywhere 16
Driver Installation: Databases > SQL Anywhere (32-bit)
> SQL Anywhere client
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 95
5. How to setup WebSAMS client PC?
( cont’d )
Driver Installation: Databases > SQL Anywhere (32-bit)
> SQL Anywhere Client
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 96
5. How to setup WebSAMS client PC?
( cont’d )
Configure ODBC Setting:
For 32-bit Windows : Control Panel > Administrative
Tools > Data Sources (ODBC)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 97
5. How to setup WebSAMS client PC?
( cont’d )
Configure ODBC Accounts:
For 64-bit Windows : Type “ODBC” in the search field of
Windows Start menu > ODBC Data Sources
Administrator (32-bit)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 98
5. How to setup WebSAMS client PC?
( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 99
5. How to setup WebSAMS client PC?
( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 100
5. How to setup WebSAMS client PC?
( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 101
5. How to setup WebSAMS client PC?
( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 102
5. How to setup WebSAMS client PC?
( cont’d )
Sep 2014
Install WebSAMS Root Certificate on Windows Vista/7/8
Seminar on Server, Network and Security for WebSAMS
B - 103
5. How to setup WebSAMS client PC?
( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 104
5. How to setup WebSAMS client PC?
( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8
Sep 2014
Certificate Manager
Seminar on Server, Network and Security for WebSAMS
B - 105
5. How to setup WebSAMS client PC?
( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8
Sep 2014
Certificate Manager
Seminar on Server, Network and Security for WebSAMS
B - 106
5. How to setup WebSAMS client PC?
( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8
Certificate Manager
1.
3.
2.
4.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 107
5. How to setup WebSAMS client PC?
( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8
Sep 2014
Certificate Manager
Seminar on Server, Network and Security for WebSAMS
B - 108
5. How to setup WebSAMS client PC?
( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8
Sep 2014
Certificate Manager
Seminar on Server, Network and Security for WebSAMS
B - 109
5. How to setup WebSAMS client PC?
( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8
Sep 2014
Certificate Manager
Seminar on Server, Network and Security for WebSAMS
B - 110
5. How to setup WebSAMS client PC?
( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 111
6. ITED-access becomes Internet-access
Internal DNS setting
Proxy client ?
Client PC using proxy in IE ?
Trouble-shoot
Ping URL in command prompt, check what IP is resolved
It should be HTTP internal IP
In one very extreme case
The school places HTTP in DMZ
The school Internet gateway changes the source IP
Sep 2014
i.e. SNAT in Linux
Seminar on Server, Network and Security for WebSAMS
B - 112
7. WebSAMS-access becomes ITED-access
Internal DNS setting
Proxy client ?
Client PC / WebSAMS server using proxy in IE ?
Trouble-shoot
Ping URL in Command Prompt, check what IP is resolved
It should be WebSAMS server IP
2 ethernet ports in WebSAMS server:
4 ethernet ports in WebSAMS server:
Sep 2014
In Command Prompt, enter ‘ipconfig /all’. The first IP address should be the
private IP of WebSAMS server. If the first IP address is to connect the NAS,
swap the ethernet cables and setting of Internet Protocol (TCP/IP) in between
the WebSAMS interface and NAS interface.
Make sure the primary ethernet port which connects to WebSAMS segment
and it does not connect to NAS
Make sure the primary ethernet port that matches in the BIOS setup
(Motherboard setup)
Seminar on Server, Network and Security for WebSAMS
B - 113
8. Generate report problem
Checking Crystal Reports
Server
SAP BusinessObjects
Central Management
Console (CMC)
http://localhost:8080/BOE/CMC/
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 114
8. Generate report problem
Windows Control Panel > Administrative Tools >
Services > Apache Tomcat for BI4
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 115
8. Generate report problem ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 116
8. Generate report problem ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 117
8. Generate report problem ( cont’d )
Add parameters “ -ipport 1566 -reportdirectory E:\Data”
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 118
8. Generate report problem ( cont’d )
Other cases:
Check WebSAMS server computer name
Is that equal to the sub-domain name in URL ?
If the sub-domain name is websams-am.schabc.edu.hk then WebSAMS
server computer name should be “websams-am”
The report is generated from customized template
Restart JBoss
Try to generate built-in template first
Sep 2014
If succeed,
Customized template problem
If fail,
Download “Points to Note for Upgrading of WebSAMS 3.0 (Sybase
and Crystal Reports) ” from “http://cdr.websams.edb.gov.hk >主頁
> 2014 提升「網上學校行政及管理系統」參考資料”
Contact help desk for further investigation
Seminar on Server, Network and Security for WebSAMS
B - 119
8. Generate report problem ( cont’d )
Update any user-customized report in WebSAMS 3.0
Open Data Sources (ODBC)
Sep 2014
For 32bit Windows: Control Panel > Administrative Tools
For 64-bit Windows: Type “ODBC” in the search field of
Windows Start menu > ODBC Data Sources Administrator
(32-bit)
Seminar on Server, Network and Security for WebSAMS
B - 120
8. Generate report problem ( cont’d )
Input an ODBC login
account on the
WebSAMS workstation
for connecting to
WebSAMS database,
such as “genuser”,
“fmpuser” or “stfuser”
Verify database
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 121
8. Generate report problem ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 122
8. Generate report problem ( cont’d )
Remove the
User ID and
leave it blank
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 123
8. Generate report problem ( cont’d )
Sep 2014
Click “OK” several times
Seminar on Server, Network and Security for WebSAMS
B - 124
8. Generate report problem ( cont’d )
Verify the SQL syntax of the user-customized report
templates
For details, please refer to
http://cdr.websams.edb.gov.hk > 主頁 > 2014年提升「網
上學校行政及管理系統」參考資料 > Points to Note for
Upgrading of WebSAMS 3.0 (Sybase and Crystal
Reports)
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 125
9. Fonts problem
WebSAMS Server font is corrupted
Cannot display HKSCS fonts on generated report (.PDF)
If the size of “MingLiU.TTC” font file NOT = 26M
Copy the font file in Windows Safe Mode (F8):
from D:\WebSAMS3.0\batch\utilities
To
C:\Windows\Fonts
Reboot the Server
Don’t install any Government HKSCS on WebSAMS
Server
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 126
9. Fonts problem ( cont’d )
Sep 2014
Windows Vista, 7 and 8 have built-in support for HKSCS-2004
with ISO 10646/Unicode code allocation scheme.
Seminar on Server, Network and Security for WebSAMS
B - 127
10. Version Upgrade Problem
WebSAMS version <> DB version
Caused by unsuccessful WebSAMS upgrade
Solution
Sep 2014
Recover file from E:\temp\wsup1\<the latest
folder>\backup\
Contact Help Desk to get the instruction
Seminar on Server, Network and Security for WebSAMS
B - 128
10. Version Upgrade Problem ( cont’d )
If database is running, execute the
< 2. Start Database > again…
The following error will be prompted:
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 129
WebSAMS Helpdesk Scope
WebSAMS Application enquiry
Modules maintenance
General usage enquiries
WebSAMS Technical enquiry
Sep 2014
Focus on WebSAMS Application
Seminar on Server, Network and Security for WebSAMS
B - 130
Resources
WebSAMS Central Document Repository:
WebSAMS System Manual:
E:\Data\Doc\AOM
E:\Data\Doc\COPM
E:\Data\Doc\UM
WebSAMS Forum:
http://cdr.websams.edb.gov.hk
WebSAMS Central Document Repository ->主頁 > 網頁連結 > 香港教育城
校管系統討論區 or ;
http://forum.hkedcity.net/forumdisplay.php?fid=71
WebSAMS Helpdesk:
Sep 2014
Hotline: 3125-8510
Fax: 3125-8999
E-mail: [email protected]
Leave your School ID, contact person and contact number
Seminar on Server, Network and Security for WebSAMS
B - 131
WebSAMS Forum
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 132
WebSAMS Forum ( cont’d )
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 133
Other FAQ sharing
1. Unable to access WebSAMS after WebSAMS server rebooted.
Ans: Suggest accessing the WebSAMS Training System.
If it works normally, user may wrongly start WebSAMS in
“WebSAMS_T” folder. For production service, it should start
WebSAMS in “WebSAMS” folder.
If it is still unable to access, suggest user to ensure there is no
interruption on the command mode process on the server
(Apache and JBoss). E.g. The process will be stopped if the
mouse cursor has been dragged in the command window. In this
case, the service can be resumed by right-clicking the mouse in
the command window.
2. How to update the license of Trend Micro ServerProtect?
Ans: Suggest clicking “Update Information” button at left menu
"Administration > Product Registration" after logged on Trend
Micro ServerProtect web page.
Sep 2014
Seminar on Server, Network and Security for WebSAMS
B - 134
Q & A Section
The End