Secure Remote Cache Administration

Purpose

This tutorial shows you how to securely access the TimesTen Cache Administrator 7.x web application remotely via a browser.


Time to Complete

Approximately 10 minutes


Topics

This tutorial covers the following topics:

Overview
Scenario
Prerequisites
The challenge of remote HTTP access to Cache Administrator
Configure SSH port forwarding to remotely access Cache Administrator

Configure VNC to remotely access Cache Administrator
Summary

Viewing Screenshots

Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: This action loads all screenshots simultaneously, so response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.


Overview

This tutorial shows you how to securely access the Cache Administrator 7.x web application remotely via a browser.
For security reasons, the TimesTen Cache Administrator 7.x only allows HTTP connections from the localhost.
SSH [HTTP] port forwarding and VNC enable the Cache Administrator to be used from another machine.

Back to Topic List

Scenario

The TimesTen Cache Administrator is running on a Linux server (dhoodpc64 in this lab) and you want to access it via a browser from another machine (eg a Windows laptop). This lab shows how to configure both SSH port forwarding and VNC to enable remote access to the TimesTen Cache Administrator web application. Either SSH port forwarding or VNC will work, choose the technique most appropriate for your environment.

NoteIf the TimesTen Server is on Windows XP or 2003 you can also use the 'VNC like' Microsoft Windows utility feature called Remote Desktop Connection. This document does not cover how to use Remote Desktop Connection.

Back to Topic List

Prerequisites

Before starting this tutorial, you should:

1.

Have a Linux/Unix/Windows server with the following software installed and running:

  • Oracle TimesTen 7.0 with the Cache Connect to Oracle option.
  • An SSH server (eg OpenSSH sshd for Linux/Unix/Windows), use this for the secure shell access technique.
  • A VNC server (eg RealVNC or TightVNC for Linux/Unix/Windows), use this for the VNC remote access technique.

2.

Have a second Linux/Unix/Windows computer with the following software installed:

  • A web browser (eg Firefox 1.5+ or IE 6+), use this with [HTTP] port forwarding for the secure shell access technique.
  • An SSH client (eg OpenSSH ssh for Linux/Unix or PuTTY for Windows), use this for the secure shell access technique.
  • A VNC client (eg RealVNC or TightVNC for Linux/Unix/Windows), use this for the VNC remote access technique.

Back to Topic List

The challenge of remote HTTP access to Cache Administrator

The Cache Administrator Web Application will only accept connections from the localhost. As a result attempting to do an HTTP connection will result in the following error.

Your can satisfy the 'only connect via the local host' requirement by either forwarding the HTTP requests via a localhost port (eg using SSH port forwarding) or using the local browser controlled remotely via VNC.

Back to Topic List

Configure SSH port forwarding to remotely access Cache Administrator

Most SSH clients enable port forwarding (also known as SSH tunneling) as a means to securely enable network connections for TCP/IP protocols to remote machines. As TimesTen Cache Administrator is a Web Application, the HTTP requests from your browser need to be forwarded to the machine where Cache Administrator resides so the forwarded HTTP requests effectively come from Cache Administrator's localhost.

This labs show how to configure the Windows SSH client PuTTY.exe for port forwarding. The concepts are the same for configuring port forwarding on other SSH clients but the configuration will be slightly different.

1.

Determine the TCP port which Cache Administrator is listening on.

Use the ttStatus utility to find the current listening port:

On this machine, the Cache Administrator is listening on TCP port 17005.

If the Cache Administrator is not running it can be started with the command $ttDaemonAdmin -startwebserver.

 

2.

Start the PuTTY.exe SSH client. eg "C:\Program Files\PuTTY\PUTTY.EXE".

 

3.

Select the Connections | SSH | Tunnels category.

 

4.

Define the Source port (17005) and destination (localhost:17005).

 

5.

Add the port forwarding configuration.

Now that the forwarding port has been defined, your need to open an SSH session with this configuration.

 

6.

Select the Session category.

 

7.

Open a session on the server with TimesTen Cache Administrator (eg dhoodpc64).

 

8.

Login to the session on the server with TimesTen Cache Administrator (eg dhoodpc64).

 

9.

Enter the localhost URL (eg http://localhost:17005/cache) in a browser.

 

10.

The localhost URL (eg http://localhost:17005/cache) should now connect to Cache Administrator.

 

11.

Notes on the port forwarding configuration.

  • The destination (localhost:port) must be the port which Cache Administrator is listening on.
  • The Source port can be any free port. Making the destination and source ports the same can make it easier to remember.
  • You can save the TCP forwarding configuration so you don't need to configre it each time.
  • You define multiple TCP forwarding configurations, just make sure that the Source ports are unique.
  • The OpenSSH ssh client can define SSH port forwarding from the command line or from a config file.
  • The SSH and/or VNC network protocol ports are usually allowed through firewalls.

 

Back to Topic List

Configure VNC to remotely access Cache Administrator

VNC allows you to see and control the graphical desktop of a remote computer.

This labs shows how to configure the RealVNC VNC Server on Linux and the RealVNC VNC Viewer on Windows.

1.

Start the VNC Server.

Some important points when starting the VNC Server:

  • The first time the VNC Server is started a password needs to be set.
  • The VNC desktop runs as user oracle and defaults to VNC display number 1.

 

2.

From the remote computer (eg your Windows Laptop) start the VNC Client and connect to the server's VNC display (eg dhoodpc64:1)

 

3.

Enter the password for the VNC server

 

4.

Once attached to the Cache Administrator's desktop, start a browser (eg Firefox).

 

5.

Enter the Cache Administrator's localhost URL (eg http://localhost:17005/cache)

 

11.

Notes on the VNC configuration.

  • The local browser on the TimesTen Cache Administrator server is being used.
  • VNC allows you to use the Cache Administrator's local browser without physically being at the console.

 

Back to Topic

Back to Topic List

Summary

In this lesson, you learned how to:

Use PuTTY to configure port forwarding for remote browser access to Cache Administrator
Use VNC to remotely access the Cache Administrator server's graphical desktop browser

SSH port forwarding and VNC are two techniques to enable the secure remote use of TimesTen Cache Administrator.

Back to Topic List

Place the cursor over this icon to hide all screenshots.