Designing FTP Service

In this section, FTP related things to design the service are considered.

FTP Solutions

On the view of risk management within the recent Internet world, it is indispensable to adopt countermeasures against new risks continuously to keep the server secure after the operation. Fundamentals of security issues should be referred to the "WMO Guidance on Information Technology Security at WWW Centres" (being developed).
 Generally, clustering and duplication of the serving system and multi-access circuits preparing for physical troubles are effective to improve availability, although it should be noted that their implementation range and details influence installation and recurrent costs.
Considering human resource and cost for security and appropriate availability, self-management of the server is not always the sole solution. It might be worth to study the use of outsourcing services from ASP (Application Service Provider) / ISP (Internet Service Provider) such as hosting or housing services.
Figure 3-1. FTP Solutions

It is important to examine requirements in operation and management of the server and then to find an appropriate solution within possible conditions in human resource and cost for outsourcing, access circuits and security.

Requirements

On establishing an FTP service with satisfying performance and stability, there are inevitable issues to be considered. High stability and reliability is a fundamental of establishing services. To establish such services, clearly define the goal and itemize the basic requirements is essential. For FTP service, such as:

(1) Number of Simultaneous Users

Maximum number of users who transfer files simultaneously is a important parameter to the memory requirement and speed of disk access. In case of allow multiple FTP sessions to one user for efficient use of circuits should be counted.

(2) Data amount and time limit of transfer

The transfer of specified amount of data should be completed within the specified time. This limits the lowest speed of transfer. The bottleneck of speed mainly comes from speed of circuit and/or network, or disk access speed in case of heavy loaded servers.

(3) Frequency of the Transfer

A frequency of transfer is defined by time span of transfer or number of transfers per day. Generally, a transfer starts after previous transfer completed. So, frequency of transfer has similar meaning as time limit of transfer in previous item.

(4) Retention period of data

The disk space is a limited resource. Sum of data amount multiplied by retention period declares the requirement of storage capacity for the data.

(5) Reliability and Availability

Those requirements could be expressed as inverse number of the probability of happening a trouble that cause to stop the service, and the time to recover the service after trouble happened respectively. No matter how high your system's reliability becomes, with investment for expensive parts, a trouble may happen. To maximize the availability of service is the point of design.

Performance

Operational file service should support Users operational data transfer for their services within the specified time and data amount. The first thing to do is to design the system which satisfy the performance required for the service.

(1) Bandwidth of Circuit/Network

Requirement of peak or average performance define the requirement of the bandwidth of circuit. If the requirement of service is time critical, peak performance, otherwise, average performance should be concerned. Generally, single FTP transfer consumes approximately a half of the bandwidth of the circuit. The bandwidth of a circuit shall be more than twice of the required performance.
To use a circuit efficiently, the use of multiple FTP session should be concerned. Practically, the use of two or three simultaneous sessions in a circuit is most effective. The increase of sessions more than three may decrease the performance and cause delay of transfer due to allocation of memory space that may cause swapping and decrease the bandwidth of each session due to limited bandwidth of circuit.
Additionally, total bandwidth of disk access shall be greater than the total bandwidth of circuits in simultaneous transfers, should be concerned.

(2) Disk Capacity

The maximum size of total data in a moment is required for data storage. Not only for data but for system files, logging files, and files for housekeeping should be accounted. Generally, a disk drive sometimes be separated into some logical drives, namely partitions. By making partitions to make size of logical drives small, the efficiency of disk usage increases especially for small files. Additionally, Linux/Unix requires additional swap partition. Each partition should have enough capacity for their purposes or system fails.

(3) Unit of transfer

The efficiency of FTP varies according to the amount of data transfer in a time. The efficiency increases when transfer small number of big files, than transfer small pieces of files with totally same amount. So, it is not desirable to transfer bulletin that have some kilobytes in size individually.
Each of FTP service requires memory. Recent operating systems have capability of virtual memory that could provide huge memory space than real memory for each process. Virtual memory space is allocated on the disk, and its partitions are swapped in to the real memory when a process requires and swapped out when the memory area is allocated for other data. As the speed of disk access is some thousand times slower than that of memory, the performance of the service extremely slows down when swapping happened. The number of FTP processes shall be limited within the range of the system doesn't starts swapping.

Reliability

To keep the service stably, there are some issued to be concerned.

(1) Maintain of data

The most important element when recovering a broken computer is data. Any broken part of computer can be repaired by replacing it with the new one, except data that are stored on the disk or cache memory.  Generally, storage devices tender to fault, or they will fault within several years, as it has mechanical parts that will be worn away. Worse more, storage device couldn't be simply repaired by replacing it with a new one. To recover the service, all of the data have to be restored. Keeping a backup copy of the whole disk or important files required to recover the services are minimum measure for the server management.
To avoid losing service from storage device fault, you might introduce a redundant or fault tolerant disk system, e.g., Redundancy Array of Inexpensive Disks (RAID) system. A RAID doesn't lose data on single fault, because data are stored in multiple disks redundantly. The data stored in a disk could be recovered by the information of other disks. A disk drive in a RAID could be removed and replaced with a new one without interruption of function (namely "hot swapping"). The new disk is automatically mounted on the RAID and data are automatically recovered.

(2) Maintaining of backup server

Once a failure happens to stop the computer, the service is down until the failure is removed and data are recovered. To make down time shorter, maintaining a backup hardware is effective. When the working server fails, software and data are restored to the backup hardware and recover the service.
By the backup hardware, service will be recovered within hours after failure happens.

(3) Tolerance to faults

To avoid service down on failure, redundant system such as Hot Standby system or Lord sharing system may be introduced. The traditional Hot Standby system is constructed from two computers for the purpose. The Main works for operation and Standby has a role of checking Main’s health. If the Standby found Main's fault or hang-up, the Standby raise warning alarm, kill Main server, then the Standby becomes Main by itself to take over the function. The most important issue of the system is handover of data and/or schedule when Standby takes over the Main, and the cost increase for the point, e.g., special software for the mutual surveillance and handover.
 Figure 3-2. Hot Standby System

Although Hot Standby system is complex and expensive on its configuration, the frigidness time still exists. Recently, load-sharing system is popular for the purpose than Hot Standby system. The load-sharing system constructed from multiple ordinary servers and a load-balancer. The load-balancer watches the load of each server and distributes accesses to the servers evenly. If one of the servers fails, load-balancer cut off the server and continues the service using remaining servers without interruption.
Also the integrity of data among servers is important issue for load-sharing system. Sometimes, redundant back-end common storage, say Network Attached Storage (NAS), is used for the purpose.
Figure 3-3. Load-sharing System

(4) Memory

Shorting of memory space leads the instability of platforms and/or decrease of performance, when load increases, caused by increase of swapping. To make the service stable, install as much memory as you could.

(5) Power Source

The quality and stability of commercial power source depends on the cite location and commercial suppliers. To keep service stable and reliable, the quality of electrical power is important. Commercial power source could be interrupted by troubles or thunder storms even if the cite is located in urban area. The period of power outage varies from milliseconds to days. It may happen nothing by outage, or sometimes servers become unstable. Or, in worst case, equipment is damaged by electrical surge caused by thunder, which take long period to repair. The use of the Uninterruptible Power Supply (UPS) is strongly recommended for operational servers. The aims of the UPS are;
·         To avoid interrupting the service by outage of commercial power source.
·         To protect equipment from destroying or damaging by surge current caused by thunder.
·         To reduce the probability of conflicting/destroying the software and data that are stored in the disk.
Generally, the UPS could keep the electrical power for from several to ten minutes depend on the capacity of internal batteries and the load of equipment. Before the UPS power goes out after commercial power had lost, you must shut down the server safely to avoid damages on the disks. If you have to continue the service even in the condition of commercial power outage for long period, you have to backup the UPS by power generator before the batteries go out.
 Figure 3-4. A Model of Reliable Power Supply

(6) Environment for the Equipment

Environment for the Equipment is important issue for the stable operation. Server equipment should be located in the operational condition specified by the manufacturer. Also damaging by the briny air should be concerned in a coastal cite.

(7) Maintenance Contract

Hardware must die in someday. To minimize the recovery time, making maintenance contract with suppliers are recommended. It's costs depends on the situation, around 10 to 20 percent of introduction cost per year is a rough standard. It is recommended for operational purposes to include optional 8-hours or 24-hours on call support in the maintenance contract.
Also software support contract may help you for adapting software updates including security patches.

Security Measures

There are two aims on the security measures. One is to avoid decreasing service level, information leak, or information interpolation from wily intruders or viruses. In another word, security means keeping availability, integrity and confidentiality. The other is to avoid your system from dedicating for useful storage and/or stepping stones to further intrusions or attacks.
The first step is to decide your security policy that is described in the WMO Guide on Information Technology Security (under development). Then you should reflect it to your system as described in this Guide.

IP Address and Host Name

(1) Necessity of fixed address

Normally, servers should be configured to have fixed IP address so that Users could access them without special management. Fixed IP address shall be previously assigned to the server and announced to Users. If the server has a dynamic one that may be allocated by some DHCP server, Users could not know where the services are provided on the network.

(2) IP address for an intranet server

If a Server is installed on a closed network within your organization or at least you can control all of IP allocation and the Server has no direct communication to the outer network, allocating a private address defined by RFC1918 is the best solution. The way how to allocate the addresses is belongs to the network designing and out of this guide.

(3) IP address for an Internet server

If you are planning to put the Server on the Internet, you must allocate a global IP address to it. The global IP is to be allocated by a Regional Internet Registry (RIR) of your area, a National Internet Registry (NIR) in your country, or an Internet Service Provider (ISP) as Local Internet Registry (LIR). Generally, ISP could allocate an IP address space within the Internet Service Contract, but additional charge may be required to allocate a fixed address space.
Be careful, as those LIR addresses are ISP dependent and you must change it when you renew your Internet service contract with other ISP.

(4) IP address for a GTS server

Although the GTS seems a private network, as it is a closed network and separated from the Internet, the GTS shall be treated as Internet on the IP address to avoid IP routing confliction at GTS centres. In other words, the IP address on the GTS shall be unique on the GTS and the Internet. There are centres that have connection with both of the GTS and the Internet. Those centres couldn't decide the IP route for an address if the address exists on both of the GTS and the Internet (see Figure 3-5, 3-6).
Figure 3-5. IP Route Confliction
Figure 3-6. IP Address Duplication

The IP address on the GTS is coordinated by WMO secretariat. Many GTS centres allocate private address in their private network individually, so there are possibilities of using private address on GTS connections between a RTH and NMHCs, if those RTH and NMHCs are coordinated as a single private network. The detail of this issue is out of this guide.

(5) Domain Name & Server Name

If you hope to establish your service that could be accessed on a hostname like ftp.wmo.int, instead of IP address, by Users, you have to name the server and register it to the Domain Name System (DNS). The way how to establish and configure a DNS exceeds the range of this Guide and expected to refer to other documents.

Platforms

There are three major operating systems that could be installed on Personal Computers.

(1) Linux

Linux is the most widely used Unix like free and open source operating system you could get and install on your PC. Linux has been developed actively and updated frequently for bug fix and security countermeasures. Also many kind of free software are available on Linux.
Linux has its commercial versions, available from some companies. Those versions are pay wares and you could contract purchase/support with distributors or partner companies.

(2) FreeBSD

FreeBSD is another open source Unix operating system available freely. Also FreeBSD has been developed actively by volunteers.

(3) Windows

If you afford to pay initial cost, Windows is another solution. Although Windows is apt to be the target of attack, security updates are provided frequently, freely and automatically through Windows Updates mechanism provided by the manufacturer. So, Windows might be a solution for small centres.
The Windows Update has pros and cons on security. The Windows Updates are provided through the Internet, the platforms have to be connected to the vicious Internet. There are possibilities of getting significant attacks before security flaws are patched by the Updates. It is recommended to set up some firewall or filtering function in front of a Windows so that undesired port access could be evaded.

Previous Page NextPage

Comments

Popular posts from this blog

Linux File and Directory Permissions

How to Disable SSL for Webmin

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442