AppView Installation and System Administrator Guide
AppView™ is the Java-based Web-to-host solution from Crystal Point, Inc.® that can give your intranet and extranet users easy browser access to Hewlett-Packard NonStop, IBM, UNIX, and OpenVMS host applications. AppView™ is a series of Java applets that you use to revitalize your host screens. Revitalization is the process of taking a legacy host screen and transforming it into a more user-friendly appearance with a Web-like graphical user interface (GUI). These client-side 'smart screens' can also extend or enhance your legacy application without any changes to your host code.
Along with providing complete installation instructions, this document presents an overview of the main components of AppView. For a brief guide that explains how the product works, see the AppView Quick Start Guide, located in the same folder on your product CD as this installation manual.
Three types of installation methods are available for each component: Windows-based installation, Java-based installation, or .zip files. The installation method that you use depends on the Java capabilities of the computer where you're installing the component.
This document includes the following information:
- Overview of AppView Components
- System Requirements
- Installing the Components
Installation Options
- Starting the Administrative WebStation
Starting AppView
- Setting Up Optional Components
Setting Up Usage Metering
- Setting Up the Security Proxy Server
- Uninstalling the Components
- About Info-ZIP
Overview of AppView Components
AppView consists of the following four components:
The Administrative WebStation is a self-contained Web site for administrators and developers that includes the information and tools needed to configure AppView terminal sessions and generate HTML session files. This component is required.
The Administrative WebStation includes three software components:
1. The Administrator component, or Administrator, which you use to define Administrative (development) mode sessions. In Administrative mode sessions, you save host screens for future redesign, apply global formatting options, and create user and group profiles.
2. The Studio component, or Studio, which you use to redesign, or revitalize, your screens on an object level. You also need Studio for implementing most of the advanced features of AppView. Except for the initial setup that you perform in AppView Administrator, you will use the Studio component to perform most of your redesign work.
3. The Client component, also called Client mode, is a run-time or user form of the html session startup files. After design and testing are completed, the Client mode session files are copied to the Web server, so your end users can access the rejuvenated host screens. From there, end users can make minor formatting adjustments for the duration of a host session.
The AppView Terminal Emulation component is another required component that includes the Java applets you install onto your Web server to deploy AppView (Client) terminal sessions to your users. The Terminal Emulation component also provides the http/https tunneling capability that enables AppView sessions to be secured using the SSL capabilities of their browsers.
(Optional) The Usage Metering component includes Java servlets that you install onto a Web server to track and compile statistics about the number of users running AppView terminal sessions. This component is needed to track terminal session usage or to regulate licensing compliance.
(Optional) The Security Proxy Server component includes the files that you install on a server for enabling encrypted data connections to host computers from AppView terminal sessions. This component is needed only if you plan to deploy encrypted terminal sessions to your users, but cannot use the tunneling feature provided within the Terminal Emulation component.
AppView components are typically installed to different computers--some to Web servers or other servers, and some to local computers--and the system requirements for each component varies. Detailed system requirements are provided online in the Administrative WebStation. Briefly, the requirements for each of the components are as follows:
Administrative WebStation Requirements
To run the Administrative WebStation, you need a Pentium 133 PC (or equivalent) or higher, with a minimum of 64 MB of RAM. The WebStation is designed to run in any Java 1.2-compliant Web browser that can run trusted applets and supports JavaScript. To create terminal sessions that use encrypted host connections, additional tools may be required (all of the required tools can be downloaded free of charge). To install the WebStation onto your computer, you need about 17 MB of free disk space.
Web Server Requirements
The Web server stores the AppView Terminal Emulation component, plus the Web pages and configuration files that you create for deploying AppView terminal sessions to your users. The Web server can be any HTTP 1.1-compliant Web server, such as Microsoft Internet Information Server (IIS), Netscape Enterprise Server, or Apache Web Server. If you plan to use the Administrative WebStation's File Upload tool to transfer files from the administrator's machine to the Web server, you must have an FTP server running on the Web server where the terminal emulation files are installed. If you plan to use the AppView Tunneling, your Web server and deployed browsers must support SSL. To install the Web server component, the server needs about 6 MB of free disk space.
Terminal Emulation (Client) Requirements
The Terminal Emulation component includes the Java applets that you install onto your Web server to deploy AppView terminal sessions to your users. AppView terminal sessions for end users are designed to run in any Java 1.2-compliant Web browser or applet viewer. To run a basic terminal session, the client machine needs about 2-3 MB of free disk space.
In addition, a TCP/IP network connection is required, and a minimum configuration of Pentium 133 PC with 64 MB RAM or equivalent is required.
The Administrative WebStation contains a list of the supported Web browsers, and also includes a browser checker to determine if your browser can run AppView sessions.
The Terminal Emulation also provides the (optional) tunneling servlets that enable secure sessions via a browser's SSL capability. To deploy the tunneling servlets requires an SSL-capable Web server with a Java 1.2-compliant servlet runner, such as New Atlanta Communications' ServletExec, Apache Jserve, IBM's WebSphere, or Sun's Java Web Server.
Usage Metering Requirements
To run the optional Usage Metering component (included with AppView), you need a supported Web server with a Java 1.2-compliant servlet runner, such as New Atlanta Communications' ServletExec, Apache Jserve, IBM's WebSphere, or Sun's Java Web Server. To install the Usage Metering component, the server needs about 500 KB of free disk space.
Security Proxy Server Requirements
To run the optional Security Proxy Server (included with AppView), you need a server containing a Java 1.2-compliant virtual machine (JVM) capable of running trusted Java applications. For example, a Windows NT computer with Internet Explorer or the Microsoft SDK for Java installed (both of which include the JView JVM that can run applications), or a UNIX computer with Sun Microsystems' Java Development Kit (JDK) installed, which includes the Java JVM. To install the Security Proxy Server component, the server needs about 300 KB of free disk space.
Because different AppView components can be installed onto different types of computers, the way that you install each component depends on the target location for the installation. The following information will help you determine where to install each component.
Administrative WebStation
You should typically install the Administrative WebStation onto the local hard drive of your primary developer's workstation. The Administrative WebStation is licensed on an individual user basis, and it does not support concurrent screen customization activity. Product evaluation, to include session definition, screen captures and customizations can be accomplished after installing only the WebStation component.
On a Windows computer, the recommended installation path is C:\webstation. You can also run the WebStation directly from the CD-ROM. To ensure maximum compatibility with the UNIX operating system, use only lower case letters for all your file names and folder names. Do not include any special characters, including the underscore symbol (_). Keep the length of your file and folder names at eight characters or fewer, and limit your file extensions to three characters.
Note: After installing the WebStation, you need to copy the registration file called ResQNetPt.Reg from the root directory of the AppView installation CD to the following: webstation subdirectory\appview\com\attinc\resqnet. (default: C:\webstation\appview\com\attinc\resqnet)
AppView Terminal Emulation Component
You typically install the Terminal Emulation component onto your Web server.
The recommended installation location for a Windows computer is C:\InetPub\ServletExec ISAPI\classes\avterm.
The Administrative WebStation contains additional information about creating configuration files and Web pages that launch terminal sessions and transferring the files to your Web server.
Note: After installing the Terminal Emulation component, you need to copy the registration file called ResQNetPt.Reg from the root directory on the AppView installation CD to the following : C:\InetPub\ServletExec ISAPI\classes\avterm\session\com\attinc\resqnet.
(Optional) Usage Metering Component
You typically install the Usage Metering component onto the same Web server where you install the Terminal Emulation component, but you can install this component onto another Web server computer. The server where you install this component must have a servlet runner installed. Some servlet runners may require you to install new servlets into a specific folder in the servlet runner's installation location, while others may let you store servlet files in any location you choose. On a Windows computer, the suggested installation path is on the root of your hard drive at C:\avmeter.
After installing the Usage Metering component, you must configure your servlet runner to load the usage metering classes. See Setting Up the Usage Metering Component for more information about configuring this component. The Administrative WebStation contains information about configuring terminal sessions for usage metering.
(Optional) Security Proxy Server Component
If secure connections are desired, the most common implementation is to use the tunneling servlets of the Terminal Emulation component to 'piggyback' on the browser's SSL capability. This alternative secure connection methodology is more difficult to implement and has a higher likelihood of requiring firewall and other changes at the client location. However, the Security Proxy can offer higher security such as unique port (not 443) usage or support of separately-distributed client certificates.
You install the Security Proxy Server component onto a server computer that will act as a proxy for terminal sessions, permitting encrypted network traffic between the client and the security proxy server. The server where you install this component must have a Java Virtual Machine (JVM) capable of running trusted Java applications. For example, if your proxy server computer is running Windows NT, the suggested installation folder is on the root of your hard drive at C:\avproxy.
To increase the security of AppView terminal sessions, you should ensure that there is only one known link between the computer used as the proxy server and the host computer, and that the link is well-protected from intruders. This may mean that a dedicated connection is needed between the proxy server and the host computer, so that the proxy server does not communicate with the host computer over a connection accessible by other computers on the network. Another solution is to run the proxy server directly on the host computer, if a compatible JVM is available for the host system.
If you choose to run the proxy server directly on the host computer, keep in mind that secure connections are CPU-intensive, because additional processing is required to encrypt and decrypt the data stream.
After installing the Security Proxy Server component, you must set up your proxy server files. See Setting Up the Security Proxy Server for more information about setting up this component. The Administrative WebStation contains information about configuring terminal sessions for secure connections.
For each AppView component, there are multiple types of installers available. The installer that you use for each component depends on the Java capabilities of the computer where you're installing the component. Use Table 1 below to download the correct installer:
Table 1. Installation Options
Installation Method |
Product |
|||
| Administrative WebStation* |
Terminal Emulation** | Usage Metering (Optional) | Security Proxy Server (Optional) | |
| Windows EXE installer | webstation.exe | emulation.exe | meter.exe | proxy.exe |
| Java applet installers | setup_webstation.html | setup_Emulation.html | setup_meter.html | setup_proxy.html |
| Zip archive | webstation.zip | emulation.zip | meter.zip | proxy.zip |
* AppView also includes the Administrator, Studio, and Client components in the Administrative WebStation.
** AppView also includes the Client component.
Now click to locate the appropriate guidelines for installing each AppView component:
Java applet installers (vWia a eb page)
Java applet installers (via JView or Java)
Compressed Zip archive installer files
If the computer where you're installing the component is running Microsoft Windows ME, 2000, 98, 95, NT or XP, use the Windows-based executable installer.
To run the Windows-based installer, execute the Windows EXE Installer named in Table 1 above. The installer will attempt to locate a suitable JVM on your computer. If one is located, follow the prompts to proceed with the installation.
If the installer fails to find a suitable JVM, you have three options: visit the Sun Microsystems Web site to download a free JVM; locate one manually; or save the application to your computer. (The last option, saving the application to your computer, has the same effect as using one of the installers described in the next steps.)
Note: To use the Java-based installers on a Microsoft Windows computer, you must have a Temp folder on the destination volume, or you must create one.
Tip: If the installer gives an error message stating that there is not enough space on the target system, confirm that the drive for the system Temp folder contains the required amount of free disk space. If this drive is not the target drive, either change the Temp environment variable to the target drive where there is sufficient space, or use the Java-based installer instead.
Java Applet Installers (Via a Web Page)
If the client browser you are using to read this page can run Java applets directly, open the page named in Table 1 above to launch an InstallShield-enabled Web page that will let you choose (or install) your Java Virtual Machine (JVM) to launch the Java classes needed for installation. In the event that the InstallShield enabled pages cannot locate your JVM, you can run the Java-based installers via JView or Java directly by following the instructions in the next section.
Java-Based Installers (Via JView or Java)
If the computer where you're installing the component is not running Microsoft Windows or the Windows-based installer cannot locate a suitable JVM, try using a Java-based installer.
To use the Java-based installer, you must have a JVM installed on your computer, such as JView, which is included with Microsoft Internet Explorer and the Microsoft SDK for Java. You can also use the Java JVM from Sun Microsystems. Your computer must have a graphical user interface (such as Microsoft Windows or an X-Window System).
To run the Java-based installer:
Open a command prompt (for example, in Windows NT, you might use a Command Prompt window), change to the folder where the Java-based installer is located, and then issue the following command:
<java VM command> <installation class name>
For example, if you're using a Microsoft Windows computer and the Java.exe file is in your system path, you would run the Administrative WebStation installer with this command:
java webstation
Or
jview webstation
On a Mac OS computer, drop the installer .class file onto the JBindery application that is included with the Mac OS Runtime for Java (MRJ, available from the Apple developer Web site). Then click the Run button in JBindery.
Compressed .zip Archive Installer Files
If you don't have a suitable JVM available on the computer where you're installing the AppView component or if you cannot run one of the installers described above, use the compressed Zip archive file to install the component, located in the install\zip folder on the CD-ROM.
To install a component using the .zip archive, transfer the archive file to the computer where you want to install the component, and then use a compatible unzip tool, such as UnZip to extract the contents.
If you have the Java jar tool (part of the Java Development Kit) on the computer where you are installing your AppView components, you can use the following jar command to extract the contents of the .zip archive:
jar xf <zip file name>
Installing Tunneling (Windows Environment)
A 'Servlet Runner' capable of supporting web applications is required if using metering or tunneling. This function is not provided by AppView but is a pre-requisite capability. The AppView CD contains a test-use form of New Atlanta's Servlet Exec 3.1 for those who have yet to purchase and install their own servlet runner. Its usage in this test mode is limited to 3 concurrent connections. A license must be purchased from New Atlanta in order to gain full function, or for use in a production environment.
ServletExec Installation (Windows environment)
On the CD, go to \ServletExec_Demos\Microsoft_Windows folder, run the file ServletExec_ISAPI_31.exe. (Wizard will start.)
Click NEXT on each of the following:
- Welcome dialog box
- License Agreement
- Choose Destination Location on web server C:\InetPub\ServletExec ISAPI\
When completed, EXIT the Information Screen.
After installation, stop and restart IIS services via Control Panel, Services.
Tunneling connectivity presents a secure option in connecting to a host. Tunneling allows users to access the host using a Java client and standard http or https ports through firewalls (rather than opening additional TN6530/3270/5250 ports). The Telnet stream is wrapped inside HTTP(s) and sent to the Tunneling servlet. The servlet unwraps the data stream and sends the request to the host.
The next section provides step-by-step instructions to use ServletExec Admin to configure the tunneling servlets
1. Open the ServletExec Admin console.
2. Go to Start, Programs, New Atlanta, ServletExec 3.1 ISAPI, ServletExec Admin NOTE: If necessary, reset properties of file C:\InetPub\ServletExec ISAPI\ServletExec Admin to a URL of [server name] instead of localhost.
3. Click on the classpath link in the Virtual Machine group to bring up the Java Virtual Machine (VM) Classpath page
4. Enter C:\InetPub\ServletExec ISAPI\classes\avterm\session into the first empty field:
5. Click Submit button. You should see the message: !VM Classpath has been modified, Restart the web server for changes to take effect
6. Stop and restart IIS services via system Control Panel
7. Click 'configure' in the Servlets group
8. Click Add Servlet... button to bring up the Add Servlet page
9. Enter the following (case-sensitive) information Servlet Name: AVTunneling
Servlet Class: com.attinc.resqnet.servlets.RQNTunnelingServlet
codeBase: URL link that points to the Terminal Emulator e.g http://yourserver/session
servletURL: The URL that will invoke the Servlet e.g http://yourserver/Servlet/AVTunneling
rootDirectory The directory where the session folder resides e.g C:\InetPub\ServletExec ISAPI\classes\avterm\session
10. Click Submit button: *Servlet added Successfully message will be displayed
11. Click 'configure' in the Servlets group (again)
12. Click Add Servlet button to bring up the Add Servlet page
13. Enter the following (case-sensitive) information Servlet Name: AppViewTunnel
Servlet Class: com.attinc.resqnet.servlets.RQNTunnelingConnectivity
profileDirectory: Absolute path to the at2wsp directory e.g C:\InetPub\ServletExec ISAPI\classes\avterm\session\at2custom\at2wsp
userAuthentication: false
sessionTimeout: The amount of time (in seconds) AppView will wait for a response from the user before the session times-out
Debug true
14. Click Submit button, close the ServletExec Admin Console
15. Stop and Restart your web server so that all settings take affect.
Starting the Administrative WebStation
To start the Administrative WebStation:
- If you installed the WebStation onto your local computer, open the webstation.html page in your Web browser.
- If your installation computer is running Microsoft Windows XP, 2000, ME, 98, 95, or NT, you can also use the shortcut created in the Start menu to open the WebStation.
- If you installed the WebStation onto a Web server to provide access to more than one administrator from multiple locations, open the URL for the webstation.html page in your Web browser.
- If you want to run the WebStation directly from the CD, open webstation.html from the webstation folder of the CD-ROM.
- To start AppView Administrator, just double-click the Administrator component .html file that you set up and named using the Administrative WebStation. You can find it in the nameofwebstation\appview folder. It's name will be of the format rej_[name]_admin.html. This is the Administrator startup file.
- For more information on starting and using AppView, see the AppView Quick Start Guide, located in the same folder on your product CD as this installation manual.
- To start AppView Studio, you should start it from the Administrator component. On the File menu, select Customization. You may also start it via START, PROGRAMS, APPVIEW, APPVIEW STUDIO.
- Note: Do not start Studio until you have performed the preliminary work using AppView Administrator. See the Quick Start for more information.
- To start the AppView Client, double-click the Client .html file that you set up and named using the Administrative WebStation. This is located in the nameofwebstation\appview folder. It's name is of the form rej_[name].html
If you no longer need an AppView component on your computer and want to remove it, follow these steps:
If you used the Microsoft Windows-based installer with the .exe extension to install the component, use the Add/Remove Programs in the Windows Control Panel to uninstall it.
If you used the Java-based installer with the .class extension, an uninstaller file was included in the root of the component's installation folder. To run the uninstaller:
Open a command prompt (for example, in Windows NT, you might use a Command Prompt window), change to the folder where you installed the component, and then issue the following command:
<java VM command> uninstall
For example, if you're using a Microsoft Windows computer and the java.exe file is in your system path, you would uninstall the Administrative WebStation with this command:
java uninstall
On a Mac OS computer, drop the .class file onto the JBindery application included with the Mac OS Runtime for Java (MRJ, available from the Apple developer Web site). Then click the Run button in JBindery.
If you used the .zip archive to install the component, simply delete the folder where you extracted the archive.
Setting Up the Optional Components
Two of the AppView components--the Administrative WebStation and the AppView Terminal Emulation component--are required. To deploy terminal sessions that use the Terminal Emulation component, you use the tools in the Administrative WebStation to create configuration files and HTML files. The Administrative WebStation contains tutorial information on how to do this.
AppView also includes two optional components:
1. The Usage Metering component, which lets you track and compile statistics about the number of users running AppView sessions
2. The Security Proxy Server component, which lets you provide encrypted data connections to host computers from AppView terminal sessions
Both components require some additional setup before you can use them. The additional setup procedures should be completed before using the tools in the Administrative WebStation.
The Usage Metering component and the Security Proxy Server component are installed onto server computers that may be different than the Web server used to serve AppView terminal sessions. See Installing the AppView Components for more information about installing these optional components.
The following two sections explain how to set up the usage metering and security proxy server software after they are installed.
Setting Up the Usage Metering Component (Optional)
The AppView Usage Metering component, which lets you track and compile statistics about the number of users running AppView terminal sessions, requires some additional setup before you can deploy metered terminal sessions. Before you begin setting up usage metering, all of the third-party products (the Web server and servlet runner) should be installed and running on your server. In addition, the AppView Usage Metering files should be installed on the server. For more information, see Installing AppView Components.
AppView usage metering can run on any supported Web server with a Java 1.1-compliant servlet runner. Depending on your system, consider one of the following options:
If you do not already have a servlet runner, demo versions of New Atlanta Communications' ServletExec 3.1 servlet runner are included on the CD for a number of common Web server platforms. The demo version is limited to 3 concurrent connections.
For more information about ServletExec, or to obtain a product license to run in full-function mode, visit the New Atlanta Web site at www.newatlanta.com. To install the ServletExec demo, follow the instructions provided on the CD-ROM in the folder called ServletExec_Demos. Then follow the instructions below for configuring AppView metering in ServletExec.
If you have a different servlet runner already installed, follow your servlet runner's instructions for installing new Java servlets. For the valid arguments, use Table 2, Usage Metering Settings.
The following instructions explain how to configure the Usage Metering component for New Atlanta Communications' ServletExec 3.1 servlet runner, running on a Windows NT 4.0 computer.
To configure AppView usage metering in ServletExec:
1. Open the ServletExec Admin Web site.
2. Now add the AppView usage metering files to the JVM classpath:
In the navigation panel at the left, under Advanced, click the VM Settings link.
Scroll down to the section that says, "Enter additional directories to add to the Java VM classpath...."
In separate input fields, add the following paths. Click Submit after entering each line.
<AppView metering component path>\OVmeter.jar
<AppView metering component path>\mail.jar
<AppView metering component path>\activation.jar
For example, if you installed the metering component into the suggested default folder, C:\avmeter entries might look like this:
C:\avmeter\OVmeter.jar
C:\avmeter\mail.jar
C:\avmeter\activation.jar
3. In the left navigation panel, under Servlets, click the Configure link to set up the servlets.
4. Add the AppView metering servlet:
In the blank form at the top of the Configure Servlets page, enter the following values:
Servlet Name: AVmeter
Servlet Class: com.crystalpoint.meter.servlets.MeterServlet
In the Initialization Arguments box, add the arguments you want to use for the servlet, separating the arguments by commas. For example, your argument line might look like this:
logFolder=C:\avmeter\logs, perUserLimit=8, maxLogfileAge=20
For the valid arguments, see the usage metering settings.
Note: The value for the logFolder argument must be the same, including capitalization, for both the AVmeter and AVreport servlets.
Click Submit to save the settings and create a new blank form.
5. Add the AppView reporting servlet:
In the form at the top of the Configure Servlets page, enter the following values:
Servlet Name: AVreport
Servlet Class: com.crystalpoint.meter.servlets.ReportServlet
In the Initialization Arguments box, add the logFolder argument (logFolder is the only valid argument for the reporting servlet). For example, your argument line might look like this:
logFolder=C:\avmeter\logs
Note: The value for the logFolder argument must be the same, including capitalization, for both the AVmeter and AVreport servlets.
Click Submit to save the settings and create a new blank form.
6. To enable the AppView metering servlets you just set up, restart your Web server. When the Web server restarts, AppView's usage metering feature will be started.
Use the tools in the Administrative WebStation to create Web pages that start metered sessions.
Following is a table of the valid arguments for AppView usage metering. These are the arguments that you enter in your servlet runner when configuring the usage metering servlets AVmeter and AVreport. The logFolder argument is required for both servlets, and it must be identical (including capitalization) for both. The logFolder argument is the only argument valid for the AVreport servlet; all other arguments apply only to AVmeter.
Table 2. Usage Metering Settings
| Argument | Value |
|---|---|
|
<folder name and path>
|
maxLogfileAge |
<number of days to save usage log files>
|
licenses |
<number of licenses>
|
enforcement |
true
false
|
| emailAcct | myName@myCompany.com
|
| emailHost | <server name>
|
perUserLimit |
<maximum number of connections per workstation>
|
Monitoring Usage Metering Activity To monitor usage metering activity:
In the Administrative WebStation, use the Default Settings section of the Deployment Director to configure the settings for your usage metering server.
To monitor metering activity, go to the Usage Metering Report page in the Reports section of the Administrative WebStation.
Setting Up the Security Proxy Server (Optional)
The Security Proxy Server component, which provides encrypted data connections to host computers from AppView terminal sessions, requires some additional setup before you can deploy encrypted sessions.
- The AppView Security Proxy Server component consists of two Java applications: the Security Proxy Server Wizard and the Security Proxy Server.
- The Security Proxy Server Wizard guides you through the steps of setting up the proxy server properties file and generating a security certificate for the server. You must run the wizard before you can create encrypted terminal sessions using the tools in the Administrative WebStation, and before running the security proxy server (described next).
The Security Proxy Server manages encrypted host connections for AppView terminal sessions. The proxy server uses files generated by the wizard, and cannot be run until the server is set up by the wizard.
Before you begin, the Security Proxy Server component should be installed on your server computer. See Installing AppView Components for installation instructions.
Before Running the Security Proxy Software
The two security proxy server Java applications are contained in the single SecureProxyJ.jar file created by the security proxy server installer. To access the applications, you must make the files in the SecureProxyJ.jar archive available to the Java runtime environment. You do this by modifying the system classpath on the computer where you have installed the security proxy server software (the classpath tells the Java Virtual Machine where to look for class libraries).
You can modify the classpath by including the path and JAR file name as an option to the java command used to run the proxy server applications, or you can modify your system classpath permanently or temporarily. Instructions for modifying the classpath in Windows NT and UNIX are included below. For other platforms, refer to your system documentation.
Setting the Classpath in Windows NT
Note: If you set the classpath in Windows permanently, as described here, you may not be able to run secure AppView terminal sessions on the same computer, due to Java environment conflicts. In this case, you may want to set the classpath temporarily--using a command-line option or by creating a batch file--each time you run the proxy server software. To set the classpath in Windows NT, making the security proxy server archive available permanently:
- On the Start menu, point to Settings, and then click Control Panel.
- Click the System icon to open the System Properties dialog box.
- Click the Environment tab, and then select the class path from the User Variables for yourName list. (If the class path variable is not included in your list, add it by entering CLASSPATH in the Variable box.)
- In the Value box, add the path for the SecureProxyJ.jar archive. Be sure to include the full path and file name; for example, C:\avproxy\lib\SecureProxyJ.jar.
- In the System Properties dialog box, click Set, click Apply, and then click OK.
If you want to confirm that the archive was added to the classpath, open a Command Prompt window and type SET CLASSPATH at the DOS prompt. The classpath variable should include the name and location of the SecureProxyJ.jar file.
Setting the Classpath in UNIX
To set the classpath in UNIX, making the security proxy server archive available for the current session only:
1. Start a Telnet session and log in as root.
2. At the prompt, enter the following command (the syntax may vary depending on which type of UNIX you are running):
export CLASSPATH=$CLASSPATH:/<path for SecureProxy archive>
Example:
export CLASSPATH=$CLASSPATH:/avproxy/lib/SecureProxyJ.jar
If you want to confirm that the archive was added to the classpath, use the env command.
Use this Telnet session when you run the Security Proxy Server Wizard and the security proxy server software. If you close the session, you may need to set the classpath again in the new Telnet session before you can continue.
Running the Security Proxy Server Wizard
Before you run the security proxy server to encrypt data connections, you must first run the Security Proxy Server Wizard on the computer where you installed the software. This wizard generates the security certificate used to authenticate the server and sets up a properties file that contains information about each security proxy connection.
To run the Security Proxy Server Wizard:
1. Open a command prompt (for example, using a Command Prompt window for a Windows NT server, or by opening a Telnet session for a UNIX server), and make sure that the SecureProxyJ.jar archive is available in the system classpath. For information about adding the archive to the classpath, go to Before Running the Security Proxy Software.
2. If you have a Windows NT computer with Microsoft Internet Explorer or the Microsoft SDK for Java installed, enter the following command at the command prompt:
jview com.crystalpoint.secwiz.Wizard
If you have the Sun Microsystems Java Development Kit or Java Runtime Environment installed, enter the following command at the command prompt:
java com.crystalpoint.secwiz.Wizard
3. Follow the prompts to generate a security certificate and a properties file on the server.
4. When you're done setting up the security proxy server files, exit the wizard, making sure to save your server properties file.
If you need to make changes to the proxy server settings later, simply rerun the wizard and follow the prompts to modify your server properties file.
After using the wizard to create the security certificate and server properties file, you can run the security proxy server to enable encrypted host connections for AppView terminal sessions. This is explained in the next section. To create a security certificate archive and the Web pages that launch encrypted sessions, use the tools in the Deployment Director section of the Administrative WebStation. For detailed instructions, use the tutorials in the How To section.
To Run the Security Proxy Server
After you have created a security certificate and properties file for the proxy server computer, follow these steps to run the security proxy server application and enable encrypted host connections from AppView terminal sessions:
1. Open a command prompt on the proxy server (for example, use a Command Prompt window for a Windows NT server, or open a Telnet session for a UNIX server). Make sure that the SecureProxyJ.jar archive is available in the system classpath. For information about adding the archive to the classpath, go to Before Running the Security Proxy Software.
2. If you have a Windows NT computer with Microsoft Internet Explorer or the Microsoft SDK for Java installed, enter the following command at the command prompt:
jview com.crystalpoint.secureproxy.SecureProxy [options]
<path>\server.properties>
If you have the Sun Microsystems Java Development Kit or Java Runtime Environment installed, enter the following command at the command prompt:
java com.crystalpoint.secureproxy.SecureProxy [options]
<path>/server.properties
The [options] in the above commands are additional parameters you can specify to change the default behavior of the proxy server; the options are described below. The <path> in the above commands specifies the path to the folder where you store the server properties file. For example, if you used the wizard to create the server properties file in the conf folder of the security proxy server installation, your command might look like this:
java com.crystalpoint.secureproxy.SecureProxy conf/server.properties
If you have set up the security proxy server on a UNIX computer, a sample UNIX shell script is included in the <security proxy install>/etc/ folder that shows how to start the proxy server as a background process. You do not need to be a superuser to run the script; you must, however, use the same login ID that you used to create the server certificate.
Security Proxy Server Options
When you start the security proxy server (using one of the commands shown above), you can modify its behavior by including the following parameters for the [options] argument:
| Parameter | Description |
-s |
Suppresses the copyright and initialization messages that appear when the security proxy server starts. |
-noAlerts |
Prevents the security proxy server from sending SSL alert messages. This can help to increase security by hiding the protocol that the server uses. |
-noResolveNames |
Disables reverse name resolution by the security proxy server. Disabling name resolution can help to increase performance by eliminating the conversion of host names to IP addresses when server information is logged or reports are requested. |
Monitoring Security Proxy Server Activity
To monitor security proxy server activity:
1. In the Administrative WebStation, use the Default Settings section of the Deployment Director to configure the settings for your security proxy server.
2. To monitor proxy server activity, go to the Security Proxy Server Report page in the Reports section of the Administrative WebStation.
The Security Proxy Server Report page lets you monitor two types of server activity:
- Activity monitor report shows the current connections to the security proxy server, including the IP addresses of the computers connected.
- Log file report Shows details about security proxy server events, such as when the proxy server was started and stopped, connection attempts and the IP addresses that made them, and more. If you experience any problems with the security proxy server, Crystal Point, Inc. technical support may ask for information from the log file, to aid in troubleshooting. By default, error, warning, and informational messages are logged. You can change the types of information logged, to include more or less information, by using the Security Proxy Server wizard.
To extract the contents of the AppView .zip archives, you must have an unzip tool on the computer where you are installing the component that supports long file names and can maintain the folder hierarchy of the archive. If you don't have a compatible unzip tool (such as WinZip or the Java jar tool), you can download Info-ZIP's UnZip software. UnZip (and related utilities) is free and can be obtained as source code or executables for many different platforms (including Microsoft Windows, UNIX, and Macintosh) from various Web sites, including www.cdrom.com/pub/infozip/UnZip.html.