OutsideViewWEB Installation Guide

Version 1.3

OutsideViewWEB^™ is the Java-based Web-to-host solution from Crystal Point, Inc.^® that gives your intranet and extranet users easy browser access to Compaq NonStop, IBM, UNIX, and OpenVMS host applications.

This document provides an overview of the four components in OutsideViewWeb 1.3. It also includes a summary of the OutsideViewWEB^™ system requirements, as well as installation instructions. Detailed overview and installation instructions are available in the OutsideViewWEB Installation and System Administrator Guide, provided on the CD-ROM as a .pdf file, located in the

This document includes the following information:

Overview of OutsideViewWEB Components
System Requirements
Installing the Components
- Installation Options
Starting the Administrative WebStation
Setting Up Optional Components
- Setting Up Usage Metering
- Setting Up the Security Proxy Server
Uninstalling the Components
About Info-ZIP

Overview of OutsideViewWEB Components

OutsideViewWEB consists of the following four components:

The Administrative WebStation is a self-contained web site for administrators that includes all the information and tools needed to configure OutsideViewWEB sessions and create OutsideViewWEB web pages. The WebStation also contains online tutorials that guide you through the Deployment Director--a unique set of utilities that you use to configure your OutsideViewWEB environment and create web pages. This component is required.
The OutsideViewWEB terminal emulation component includes the Java applets that you install onto your web server to deploy OutsideViewWEB terminal sessions to your users. This component is required.
(Optional) The usage metering component includes Java servlets that you install onto a web server to track and compile statistics about the number of users running OutsideViewWEB terminal sessions. This component is included with OutsideViewWEB but using it is optional; it's needed only if you plan to track terminal session usage.
(Optional) The security proxy server component includes the files that you install on a proxy server for enabling encrypted data connections to host computers from OutsideViewWEB sessions. This component is included with OutsideViewWEB but using it is optional; it's needed only if you plan to deploy encrypted terminal sessions to your users.

System Requirements

OutsideViewWEB components are typically installed to different computers--some to Web servers or other servers, and some to local computers--and the system requirements for each component varies. Detailed system requirements are provided online in the Administrative WebStation. Briefly, the requirements for each of the components are as follows:

Administrative WebStation Requirements

To run the Administrative WebStation, you need a Pentium 133 PC (or equivalent) or higher, with a minimum of 64 MB of RAM. The WebStation is designed to run in any Java 1.1- or 1.2- compliant web browser that can run trusted applets and supports JavaScript. The Administrative WebStation includes a full list of browsers supported by OutsideViewWeb and a web browser checker that helps you determine if your browser meets the these requirements.

To create terminal sessions that use encrypted host connections, additional third-party tools may be required (all of the required tools can be downloaded free of charge).

You can run the WebStation directly from the OutsideViewWEB CD-ROM or install it onto a PC or web server.

Disk space required: 20 MB
Web Server Requirements

The Web server stores the OutsideViewWEB Terminal Emulation component, plus the Web pages and configuration files that you create for deploying OutsideViewWEB terminal sessions to your users. The Web server can be any HTTP 1.0 -compliant Web server, such as Microsoft Internet Information Server (IIS), Netscape Enterprise Server, or Apache Web Server.

If you plan to use the Administrative WebStation's File Upload tool to transfer files from the administrator's machine to the Web server, you must have an FTP server running on the Web server where the terminal emulation files are installed.

Disk space required: 7MB
Terminal Emulation Requirements

The Terminal Emulation component includes the Java applets that you install onto your Web server to deploy OutsideViewWEB terminal sessions to your users. OutsideViewWEB terminal sessions for end users are designed to run in any Java 1.1- or 1.2-compliant Web browser or applet viewer. The Administrative WebStation contains a list of the supported Web browsers, and also includes a browser checker to determine if your browser can run OutsideViewWEB sessions.

In addition, a TCP/IP network connection is required, and a minimum configuration of Pentium 133 PC with 64 MB RAM or equivalent is required.

Disk space required: 2-3 MB
Usage Metering Requirements

To run the optional Usage Metering component (included with OutsideViewWEB), you need a supported Web server with a Java 1.1-compliant servlet runner, such as New Atlanta Communications' ServletExec, Apache Jserve, IBM's WebSphere, or Sun's Java Web Server.

Disk space required: 500KB
Security Proxy Server Requirements
To run the optional Security Proxy Server (included with OutsideViewWEB), you need a server containing a Java 1.1-compliant virtual machine (JVM) capable of running Java applications. For example, a Windows NT computer with Internet Explorer or the Microsoft SDK for Java installed (both of which include the JView JVM that can run applications), or a UNIX computer with Sun Microsystems' Java Development Kit (JDK) installed, which includes the Java JVM.

Disk space required: 300KB

Installing the Components

Because different OutsideViewWEB components can be installed onto different types of computers, the way that you install each component depends on the target location for the installation. The following information will help you determine where to install each component.

Administrative WebStation

You would typically install the Administrative WebStation onto a local hard drive, but you can also install the WebStation onto a web server to provide more than one administrator access to the WebStation from any location. On a Windows computer, for example, you might install this component into a new folder called C:\ovweb_webstation. See Starting the Administrative WebStation for more information.

Tip: If you received OutsideViewWEB on a CD-ROM, you can quickly test the product by running the Administrative WebStation directly from the CD; open the webstation.html page in the webstation folder of the CD.

Tip: To ensure maximum compatibility with the UNIX operating system, use only lower case letters for all your file names and folder names. Do not include any special characters.
OutsideViewWEB Terminal Emulation Component

You typically install the OutsideViewWeb terminal emulation component onto your web server. This may be a different computer than the one where you install the Administrative WebStation, or it may be the same computer. If your web server is a Windows computer, for example, you might install this component into a new folder called C:\ovweb_emulation.

Tip: For testing OutsideViewWEB, you may choose to install this component onto your local hard drive to simulate an installation onto a web server.

The Administrative WebStation contains detailed information about creating the configuration files and web pages that launch terminal sessions and transferring the files to your web server.
(Optional) Usage Metering Component

If you choose to use the optional usage metering component, you typically install it onto the same web server where you install the terminal emulation component. You can also install this component onto another web server computer. The server where you install this component must have a servlet runner installed. Some servlet runners may require you to install new servlets into a specific folder in the servlet runner’s installation location, while others may let you store servlet files in any location you choose. On a Windows computer, for example, you might install this component into a new folder called C:\ovweb_meter.

After installing the usage metering component, you must configure your servlet runner to load the usage metering classes. See Setting Up the Usage Metering Server below for more information about setting up this component.

The Administrative WebStation contains information about configuring terminal sessions for usage metering.
(Optional) Security Proxy Server Component

You typically install the security proxy server component onto a server computer that will act as a proxy for terminal sessions, routing encrypted network traffic to and from user workstations. The server where you install this component must have a Java Virtual Machine (VM) capable of running Java applications. For example, if your proxy server computer is running Windows NT, you might install this component into a folder called C:\ovweb_proxy.

To increase the security of OutsideViewWEB terminal sessions, you should ensure that there is only one known link between the computer used as the proxy server and the host computer, and that the link is well-protected from intruders. This may mean that a dedicated connection is needed between the proxy server and the host computer, so that the proxy server does not communicate with the host computer over a connection accessible by other computers on the network. Another solution is to run the proxy server directly on the host computer, if a compatible JVM is available for the host system.

If you choose to run the proxy server directly on the host computer, keep in mind that secure connections are CPU-intensive, because additional processing is required to encrypt and decrypt the data stream.

After installing the Security Proxy Server component, you must set up your proxy server files. See Setting Up the Security Proxy Server for more information about setting up this component.

The Administrative WebStation contains information about configuring terminal sessions for secure connections.

Installation Options

For each OutsideViewWEB component, there are multiple types of installers available. The installer that you use for each component depends on the Java capabilities of the computer where you're installing the component. Use Table 1 below to download the correct installer:

Table 1. Installation Options

Installation Method	Product
Installation Method	Administrative WebStation	Terminal Emulation	Usage Metering (Optional)	Security Proxy Server (Optional)
Windows EXE installer	Install	Install	Install	Install
Java applet installers	Install	Install	Install	Install
Zip archive	Unzip	Unzip	Unzip	Unzip

Now click to locate the appropriate guidelines for installing each OutsideViewWEB component:

Windows-based installers
Java applet installers (via a Web page)
Java applet installers (via JView or Java)
Compressed Zip archive installer files

Windows-Based Installers

If the computer where you're installing the component is running Microsoft Windows ME, 2000, 98, 95, or NT, use the Windows-based Java installer.

To run the Windows-based installer, click the link in the Windows EXE Installer row in
Table 1 above. The installer will attempt to locate a suitable JVM on your computer. If one is located, follow the prompts to proceed with the installation.

If the installer fails to find a suitable VM, you are given two options: visit the Sun Microsystems web site to download a free Java VM or locate a VM manually.

Notes:
- When you start the Windows-based installer, a message may appear stating that the installer is unable to locate a Virtual Machine (VM). To avoid this problem, upgrade your VM (included with Internet Explorer) to the latest version, available on Microsoft's web site at http://windowsupdate.microsoft.com. If you choose not to upgrade, use the package of Zip installers instead.
- If the installer gives an error message stating that there is not enough space on the target system, confirm that the drive for the system TEMP folder contains the required amount of free disk space. If this drive is not the target drive, either change the TEMP environment variable to the target drive where there is sufficient space or use the Java-based installer instead.
If the computer where you're installing the component is not running Microsoft Windows, or the Windows-based installer described in step 1 above cannot locate a suitable VM, try using the Java-based installer.

Java Applet Installers (Via a Web Page)

If the client browser you are using to read this page can run Java applets directly, click the link in Table 1 above to launch an InstallShield-enabled Web page that will let you choose (or install) your Java Virtual Machine (JVM) to launch the Java classes needed for installation. In the event that the InstallShield enabled pages cannot locate your JVM, you can run the Java-based installers via JView or Java directly by following the instructions in the next section.

Java-Based Installers (Via JView or Java)

If the computer where you're installing the component is not running Microsoft Windows or the Windows-based installer cannot locate a suitable JVM, try using a Java-based installer.

To use the Java-based installer, you must have a JVM installed on your computer, such as JView, which is included with Microsoft Internet Explorer and the Microsoft SDK for Java. You can also use the Java JVM from Sun Microsystems. Your computer must have a graphical user interface (such as Microsoft Windows or an X-Window System).

To run the Java-based installer:

Open a command prompt (for example, in Windows NT, you might use a Command Prompt window), change to the folder where the Java-based installer is located, and then issue the following command:

    <java VM command> <installation class name>

For example, if you're using a Microsoft Windows computer and the Java.exe file is in your system path, you would run the Administrative WebStation installer with this command:

    java webstation

Or

    jview webstation
On a Mac OS computer, drop the installer .class file onto the JBindery application that is included with the Mac OS Runtime for Java (MRJ, available from the Apple developer Web site). Then click the Run button in JBindery.

Compressed .zip Archive Installer Files

If you don't have a suitable JVM available on the computer where you're installing the OutsideViewWEB component or if you cannot run one of the installers described above, use the compressed Zip archive file to install the component, located in the install\ folder on the CD-ROM.

To install a component using the .zip archive, transfer the archive file to the computer where you want to install the component, and then use a compatible unzip tool, such as UnZip to extract the contents.

If you have the Java jar tool (part of the Java Development Kit) on the computer where you are installing your OutsideViewWEB components, you can use the following jar command to extract the contents of the .zip archive:

jar xf <zip file name>

Note: If you extract the contents of a Zip archive to your local machine then transfer the files to a server using FTP, make sure that your FTP utility preserves the capitalization of the file names. If file name capitalization is not maintained, OutsideViewWEB components may not function correctly.

Uninstalling the Components

If you no longer need an OutsideViewWEB component on your computer and want to remove it, follow these steps:

If you used the Microsoft Windows-based Java installer with the .exe extension to install the component, use the Add/Remove Programs in the Windows Control Panel to uninstall it.
If you used the Java-based installer with the .class extension, an uninstaller file was included in the root of the component's installation folder. To run the uninstaller:
- Open a command prompt (for example, in Windows NT, you might use a Command Prompt window), change to the folder where you installed the component, and then issue the following command:
```
   <java VM command> uninstall
```
  For example, if you're using a Microsoft Windows computer and the java.exe file is in your system path, you would uninstall the Administrative WebStation with this command:
```
   java uninstall
```
- On a Mac OS computer, drop the .class file onto the JBindery application included with the Mac OS Runtime for Java (MRJ, available from the Apple developer Web site). Then click the Run button in JBindery.
If you used the .zip archive to install the component, simply delete the folder where you extracted the archive.

Starting the Administrative WebStation

To start the Administrative WebStation:

If you installed the WebStation onto your local computer, open the webstation.html page in your Web browser.

If your installation computer is running Microsoft Windows 2000, ME, 98, 95, or NT, you can also use the shortcut created in the Start menu to open the WebStation.
If you installed the WebStation onto a Web server to provide access to more than one administrator from multiple locations, open the URL for the webstation.html page in your Web browser.
If you want to run the WebStation directly from the CD, open webstation.html from the webstation folder of the CD-ROM.

Setting Up the Optional Components

Two of the OutsideViewWEB components--the Administrative WebStation and the OutsideViewWEB Terminal Emulation component--are required. To deploy terminal sessions that use the Terminal Emulation component, you use the tools in the Administrative WebStation to create configuration files and HTML files. The Administrative WebStation contains tutorial information on how to do this.

OutsideViewWEB also includes two optional components:

The Usage Metering component, which lets you track and compile statistics about the number of users running OutsideViewWEB sessions
The Security Proxy Server component, which lets you provide encrypted data connections to host computers from OutsideViewWEB terminal sessions

Both components require some additional setup before you can use them. The additional setup procedures should be completed before using the tools in the Administrative WebStation.

The Usage Metering component and the Security Proxy Server component are installed onto server computers that may be different than the Web server used to serve OutsideViewWEB terminal sessions. See Installing the OutsideViewWEB Components for more information about installing these optional components.

The following two sections explain how to set up the usage metering and security proxy server software after they are installed.

Setting Up the Usage Metering Component (Optional)

The OutsideViewWEB Usage Metering component, which lets you track and compile statistics about the number of users running OutsideViewWEB terminal sessions, requires some additional setup before you can deploy metered terminal sessions. Before you begin setting up usage metering, all of the third-party products (the Web server and servlet runner) should be installed and running on your server. In addition, the OutsideViewWEB Usage Metering files should be installed on the server. For more information, see Installing OutsideViewWEB Components.

OutsideViewWEB usage metering can run on any supported Web server with a Java 1.1-compliant servlet runner. Depending on your system, consider one of the following options:

If you do not already have a servlet runner, demo versions of New Atlanta Communications' ServletExec 2.2 servlet runner are included on the CD for a number of common Web server platforms. The demo versions are fully functional for 100 requests, and then they switch to a limited mode in which some advanced features are not available.
For more information about ServletExec, or to obtain a demo version of ServletExec for a platform not included on the OutsideViewWEB CD, visit the New Atlanta Web site at www.newatlanta.com. To install the ServletExec demo, follow the instructions provided on the CD-ROM in the folder called ServletExec_Demos. Then follow the instructions below for configuring OutsideViewWEB metering in ServletExec.
If you have a different servlet runner already installed, follow your servlet runner's instructions for installing new Java servlets. For the valid arguments, use Table 2, Usage Metering Settings.

The following instructions explain how to configure the Usage Metering component for New Atlanta Communications' ServletExec 2.2 servlet runner, running on a Windows NT 4.0 computer.

To configure OutsideViewWEB usage metering in ServletExec:

Open the ServletExec Admin Web site.
Now add the OutsideViewWEB usage metering files to the JVM classpath:
1. In the navigation panel at the left, under Advanced, click the VM Settings link.
2. Scroll down to the section that says, "Enter additional directories to add to the Java VM classpath...."
3. In separate input fields, add the following paths. Click Submit after entering each line.
  
  <OVWEB metering component path>\OVmeter.jar <OVWEB metering component path>\mail.jar <OVWEB metering component path>\activation.jar
  
  For example, if you installed the metering component into the suggested default folder, C:\ovweb_meter entries might look like this:
  
  C:\ovweb_meter\OVmeter.jar C:\ovweb_meter\mail.jar C:\ovweb_meter\activation.jar
In the left navigation panel, under Servlets, click the Configure link to set up the servlets.
Add the OutsideViewWEB metering servlet:
1. In the blank form at the top of the Configure Servlets page, enter the following values:
  
  Servlet Name: OVmeter
  Servlet Class: com.crystalpoint.meter.servlets.MeterServlet
2. In the Initialization Arguments box, add the arguments you want to use for the servlet, separating the arguments by commas. For example, your argument line might look like this:
  
  logFolder=C:\ovweb_meter\logs, perUserLimit=8, maxLogfileAge=20
  
  For the valid arguments, see the usage metering settings.
  
  Note: The value for the logFolder argument must be the same, including capitalization, for both the OVmeter and OVreport servlets.
3. Click Submit to save the settings and create a new blank form.
Add the OutsideViewWEB reporting servlet:
1. In the form at the top of the Configure Servlets page, enter the following values:
  
  Servlet Name: OVreport
  Servlet Class: com.crystalpoint.meter.servlets.ReportServlet
2. In the Initialization Arguments box, add the logFolder argument (logFolder is the only valid argument for the reporting servlet). For example, your argument line might look like this:
  
  logFolder=C:\ovweb_meter\logs
  
  Note: The value for the logFolder argument must be the same, including capitalization, for both the OVmeter and OVreport servlets.
3. Click Submit to save the settings and create a new blank form.
To enable the OutsideViewWEB metering servlets you just set up, restart your Web server. When the Web server restarts, OutsideViewWEB's usage metering feature will be started.

Use the tools in the Administrative WebStation to create Web pages that start metered sessions.

Usage Metering Settings

Following is a table of the valid arguments for OutsideViewWEB usage metering. These are the arguments that you enter in your servlet runner when configuring the usage metering servlets OVmeter and OVreport. The logFolder argument is required for both servlets, and it must be identical (including capitalization) for both. The logFolder argument is the only argument valid for the OVreport servlet; all other arguments apply only to OVmeter.

Table 2. Usage Metering Settings

Argument	Value
`logFolder` (Required)	`<folder name and path>` Specifies the path for a folder where the usage log files should be stored, for example: `C:\ovweb_meter\logs` The data saved in the log files is used to generate metering reports. The value of this argument must be the same, including capitalization, for both the `OVmeter` and `OVreport` servlets. This is the only valid argument for the `OVreport` servlet.
`maxLogfileAge`	`<number of days to save usage log files>` Specifies the number of days that usage log files should be saved. OutsideViewWEB automatically deletes usage log files that are older than the value specified for this argument. The default value is 30 days.
`licenses`	`<number of licenses>` Specifies the number of concurrent licenses your site has purchased. OutsideViewWEB license metering is based on the number of computers with host connections at one time, not on the number of connections made to hosts or the type of host contacted.
`enforcement`	`true` Enter `true` to block attempted host connections beyond the number of licenses specified in the `licenses` argument. `false` Enter `false` to allow host connections beyond the number of licenses specified in the `licenses` argument. To receive e-mail notification when additional connections are made, use the `emailAcct` and `emailHost` properties. Note: The `enforcement` argument is ignored unless the `licenses` argument is specified.
`emailAcct`	`myName@myCompany.com` Specifies the address for the e-mail account that will receive messages when host connections are made beyond the number of licenses entered. This argument must be used with the `emailHost` argument, and the `enforcement` argument must be set to `false`.
`emailHost`	`<server name>` Specifies the SMTP server for the `emailAcct` argument value. This argument must be used with the `emailAcct` argument, and the `enforcement` argument must be set to `false`.
`perUserLimit`	`<maximum number of connections per workstation>` Specifies the maximum number of connections that each workstation is allowed to make to host servers. If you specify a maximum number of connections per workstation, OutsideViewWEB blocks all additional connections from each workstation beyond the specified number. To allow an unlimited number of connections, omit this argument for the servlet.

Creating Metered Terminal Sessions

Once the usage metering servlets are configured, use the Deployment Director session in the Administrative WebStation to create web pages that start metered sessions:

Use the Metering tab in the Default Settings section of the Deployment Director to configure the settings for your usage metering server.
Use the Terminal Session section of the Deployment Director to create configuration files and web pages that launch metered sessions.

Monitoring Usage Metering Activity

To monitor usage metering activity:

In the Administrative WebStation, use the Default Settings section of the Deployment Director to configure the settings for your usage metering server.
To monitor metering activity, go to the Usage Metering Report page in the Reports section of the Administrative WebStation.

Setting Up the Security Proxy Server (Optional)

The Security Proxy Server component, which provides encrypted data connections to host computers from OutsideViewWEB terminal sessions, requires some additional setup before you can deploy encrypted sessions.

The OutsideViewWEB Security Proxy Server component consists of two Java applications: the Security Proxy Server Wizard and the Security Proxy Server.

The Security Proxy Server Wizard guides you through the steps of setting up the proxy server properties file and generating a security certificate for the server. You must run the wizard before you can create encrypted terminal sessions using the tools in the Administrative WebStation, and before running the security proxy server (described next).
The Security Proxy Server manages encrypted host connections for OutsideViewWEB terminal sessions. The proxy server uses files generated by the wizard, and cannot be run until the server is set up by the wizard.

Before you begin, the Security Proxy Server component should be installed on your server computer. See Installing OutsideViewWEB Components for installation instructions.

Overview of Deploying a Secure Session

Use the information in this section to understand how the procedures on this page fit into the overall process of deploying a secure session. Deploying a secure session can be divided into two general tasks: setting up the security proxy server and creating secure sessions in the Administrative WebStation.

Setting up the Security Proxy Server

The tasks for setting up the security proxy server are described in detail on this page.

Install the security proxy server files on your server. For more information, see Installing OutsideViewWEB Components.
Run the Security Proxy Server Wizard to configure the proxy server. For more information, see Running the Security Proxy Server Wizard.
Run the security proxy server. For more information, see Running the Security Proxy Server.

Creating Secure Sessions in the Administrative WebStation

After setting up the security proxy server, you can create secure sessions using the Administrative WebStation. The WebStation includes a tutorial that guides you through each of the following steps in detail. The tutorial is named “Creating a Secure Terminal Session” and is located in the How To section of the WebStation.

Start the Administrative WebStation.
Create a security archive, which is used to authenticate the server computer before running encrypted sessions.
Create the web pages that run an encrypted session using the Terminal Session section of the Deployment Director.
Upload the new files to the web server where the terminal emulation component is installed.
Provide users with the address of the new pages on the server.

To Provide Additional Security

To increase security even further, here are some additional steps you can take:

To increase the security of the proxy server-to-host connection, you should ensure that there is only one known link between the proxy server and the host computer, and that this link is well-protected from intruders. This may mean that a dedicated connection is needed between the proxy server and the host computer, so that the connection is not accessible by other computers on the network. Another solution is to run the proxy server software directly on the host computer, if a Java VM is available for the host system.

If you choose to run the proxy server directly on the host computer, keep in mind that secure connections are CPU intensive, because additional processing is required to encrypt and decrypt the data stream.

If you have a firewall and are providing secure connections to users outside of your intranet, set up the security proxies only on ports that you are willing to open on your firewall. You specify the proxy port for each destination host when you run the Security Proxy Server Wizard and define the security proxies.
Distribute the web page that caches the security archive file using a secure HTTP connection (HTTPS). This ensures that the connection to the web server is secure.
Use the -noAlerts option (described under Security Proxy Server Options) when starting the security proxy server to prevent the server from sending SSL alerts. This helps to obscure the protocol that the security proxy server uses.
Configure your security proxies to accept connections only from specific IP addresses, networks, and subnets. Connections not originating from the list of allowed IP addresses are rejected. The Security Proxy Server Wizard lets you easily define the allowed addresses.

Before Running the Security Proxy Software

The two security proxy server Java applications are contained in the single SecureProxyJ.jar file created by the security proxy server installer. To access the applications, you must make the files in the SecureProxyJ.jar archive available to the Java runtime environment. You do this by modifying the system classpath on the computer where you have installed the security proxy server software (the classpath tells the Java Virtual Machine where to look for class libraries).

You can modify the classpath by including the path and JAR file name as an option to the java command used to run the proxy server applications, or you can modify your system classpath permanently or temporarily. Instructions for modifying the classpath in Windows NT and UNIX are included below. For other platforms, refer to your system documentation.

Setting the Classpath in Windows NT

Note: If you set the classpath in Windows permanently, as described here, you may not be able to run secure OutsideViewWEB terminal sessions on the same computer, due to Java environment conflicts. In this case, you may want to set the classpath temporarily--using a command-line option or by creating a batch file--each time you run the proxy server software.

To set the classpath in Windows NT, making the security proxy server archive available permanently:

On the Start menu, point to Settings, and then click Control Panel.
Click the System icon to open the System Properties dialog box.
Click the Environment tab, and then select the class path from the User Variables for yourName list. (If the class path variable is not included in your list, add it by entering CLASSPATH in the Variable box.)
In the Value box, add the path for the SecureProxyJ.jar archive. Be sure to include the full path and file name; for example, C:\ ovwproxy\lib\SecureProxyJ.jar.
In the System Properties dialog box, click Set, click Apply, and then click OK.

If you want to confirm that the archive was added to the classpath, open a Command Prompt window and type SET CLASSPATH at the DOS prompt. The classpath variable should include the name and location of the SecureProxyJ.jar file.

Setting the Classpath in UNIX

To set the classpath in UNIX, making the security proxy server archive available for the current session only:

Start a Telnet session and log in as root.
At the prompt, enter the following command (the syntax may vary depending on which type of UNIX you are running):
export CLASSPATH=$CLASSPATH:/<path for SecureProxy archive>
Example:
export CLASSPATH=$CLASSPATH:/ovwproxy/lib/SecureProxyJ.jar

If you want to confirm that the archive was added to the classpath, use the env command.

Use this Telnet session when you run the Security Proxy Server Wizard and the security proxy server software. If you close the session, you may need to set the classpath again in the new Telnet session before you can continue.

Running the Security Proxy Server Wizard

Before you run the security proxy server to encrypt data connections, you must first run the Security Proxy Server Wizard on the computer where you installed the software. This wizard generates the security certificate used to authenticate the server and sets up a properties file that contains information about each security proxy connection.

To run the Security Proxy Server Wizard:

Open a command prompt (for example, using a Command Prompt window for a Windows NT server, or by opening a Telnet session for a UNIX server), and make sure that the SecureProxyJ.jar archive is available in the system classpath. For information about adding the archive to the classpath, go to Before Running the Security Proxy Software.
If you have a Windows NT computer with Microsoft Internet Explorer or the Microsoft SDK for Java installed, enter the following command at the command prompt:

jview com.crystalpoint.secwiz.Wizard

If you have the Sun Microsystems Java Development Kit or Java Runtime Environment installed, enter the following command at the command prompt:

java com.crystalpoint.secwiz.Wizard
Follow the prompts to generate a security certificate and a properties file on the server.
When you're done setting up the security proxy server files, exit the wizard, making sure to save your server properties file.

If you need to make changes to the proxy server settings later, simply rerun the wizard and follow the prompts to modify your server properties file.

After using the wizard to create the security certificate and server properties file, you can run the security proxy server to enable encrypted host connections for OutsideViewWEB terminal sessions. This is explained in the next section. To create a security certificate archive and the Web pages that launch encrypted sessions, use the tools in the Deployment Director section of the Administrative WebStation. For detailed instructions, use the tutorials in the How To section.

To Run the Security Proxy Server

After you have created a security certificate and properties file for the proxy server computer, follow these steps to run the security proxy server application and enable encrypted host connections from OutsideViewWEB terminal sessions:

Open a command prompt on the proxy server (for example, use a Command Prompt window for a Windows NT server, or open a Telnet session for a UNIX server). Make sure that the SecureProxyJ.jar archive is available in the system classpath. For information about adding the archive to the classpath, go to Before Running the Security Proxy Software.
If you have a Windows NT computer with Microsoft Internet Explorer or the Microsoft SDK for Java installed, enter the following command at the command prompt:

jview com.crystalpoint.secureproxy.SecureProxy [options] <path>\server.properties

If you have the Sun Microsystems Java Development Kit or Java Runtime Environment installed, enter the following command at the command prompt:

java com.crystalpoint.secureproxy.SecureProxy [options] <path>/server.properties

The [options] in the above commands are additional parameters you can specify to change the default behavior of the proxy server; the options are described below. The <path> in the above commands specifies the path to the folder where you store the server properties file. For example, if you used the wizard to create the server properties file in the conf folder of the security proxy server installation, your command might look like this:

java com.crystalpoint.secureproxy.SecureProxy conf/server.properties

If you have set up the security proxy server on a UNIX computer, a sample UNIX shell script is included in the <security proxy install>/etc/ folder that shows how to start the proxy server as a background process. You do not need to be a superuser to run the script; you must, however, use the same login ID that you used to create the server certificate.

Security Proxy Server Options

When you start the security proxy server (using one of the commands shown above), you can modify its behavior by including the following parameters for the [options] argument:

Parameter	Description
`-s`	Suppresses the copyright and initialization messages that appear when the security proxy server starts.
`-noAlerts`	Prevents the security proxy server from sending SSL alert messages. This can help to increase security by hiding the protocol that the server uses.
`-noResolveNames`	Disables reverse name resolution by the security proxy server. Disabling name resolution can help to increase performance by eliminating the conversion of host names to IP addresses when server information is logged or reports are requested.

Creating Secure Terminal Sessions

Once the security proxy server is configured and running, use the Deployment Director section in the Administrative WebStation to create secure terminal sessions:

Use the Default Settings section of the Deployment Director to configure the settings for your security proxy server.
Use the Security Archive section of the Deployment Director to create the security archive file that enables secure terminal sessions and provides server authentication.
Use the Terminal Session section of the Deployment Director to create configuration files and web pages that launch secure terminal sessions.
Use the File Upload section of the Deployment Director to transfer the files from your local machine to the server where the terminal emulation component is installed.

Monitoring Security Proxy Server Activity

To monitor security proxy server activity:

Use the Default Settings section of the Deployment Director in the Administrative WebStation to configure the settings for your security proxy server.
Go to the Security Proxy Server Report page in the Reports section of the Administrative WebStation to monitor proxy server activity.

Use the Security Proxy Server Report page to monitor two types of server activity:

Current activity
Shows the current connections to the security proxy server, including the IP addresses of the computers connected.
History of activity
Shows details about security proxy server events, such as when the proxy server was started and stopped, and connection attempts and the IP addresses that made them. If you experience any problems with the security proxy server, WRQ technical support may ask for information from the activity log file, to aid in troubleshooting. By default, error, warning, and informational messages are logged. You can change the types of information logged, to include more or less information, by using the Security Proxy Server Wizard.

About Info-ZIP

To extract the contents of the OutsideViewWEB Zip archives, you must have an unzip tool on the computer where you are installing the component. The unzip tool must support long file names and maintain the folder hierarchy of the archive.

If you don't have a compatible unzip tool (such as WinZip or the Java jar tool), you can download the Info-ZIP group's UnZip software. UnZip (and related utilities) is free and can be obtained as source code or executables for many different platforms (including Microsoft Windows, UNIX, and Macintosh) from various web sites, including ftp://ftp.freesoftware.com/pub/infozip/UnZip.html.