SoftTree Technologies SoftTree Technologies
Technical Support Forums
RegisterSearchFAQMemberlistUsergroupsLog in
Improving Security with 24x7 Scheduler Usage

 
Reply to topic    SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite View previous topic
View next topic
Improving Security with 24x7 Scheduler Usage
Author Message
wdsrladva



Joined: 22 Jun 2020
Posts: 5
Country: United States

Post Improving Security with 24x7 Scheduler Usage Reply with quote
Currently, I have observed that some of our servers are running as a full GUI on "locked keyboards" on Windows Servers. As you can imagine, that's not the best security practice to leave a server in this state.

Is there a means to convert how the Scheduler can operate without loss of capability of the scripts running away the GUI and as a service?
What products would we need to have besides the 1-server or site license of the Scheduler to operate successfully as a service?
What products would we need to have to consider remote management (full GUI) or web-based? Remote management would be accessed by our App dev or IT-Devops team members only.
Mon Jun 22, 2020 10:06 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
graphical desktop mode is supposed to be used on development systems only for development and debugging purpose.. Some people also use it in production to automate graphical applications. For everything else it supposed to be running as a service on all systems. It's just a run time mode, not specific to any particular license type.

Aside from that to manage and monitor jobs you would typically need the Web-based Management Console. The web based console is optional. It's included with a site license. But it can be also licensed separately
https://www.softtreetech.com/webstore3/Scheduling-and-Automation/24X7-50-WC
Tue Jun 23, 2020 12:55 am View user's profile Send private message
wdsrladva



Joined: 22 Jun 2020
Posts: 5
Country: United States

Post Reply with quote
Thank you for your fast reply and information.

Is the web-based console to be installed on a client side workstation perhaps as a set of JAR files? Or would it be installed on small footprint web server where a client would then connect to the web server to initiate the console and finally connect to the server running the scheduler service?

When NOT using a site license - we are running 6 individual licenses - can a SINGLE web console license be used to administer the 6 servers?
Tue Jun 23, 2020 12:48 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
Hello,

You would need only one console for all servers, unless you want to physically or logically separate your production servers from non-production servers in which case you would need to install multiple console instances. You can use any of the servers to run the console. On the client side you would only need a web browser. In theory you can run it on the client side too, but that's not a recommended setup. In a typical setup the console is preinstalled with all scheduler instances, it simply needs a web console specific license key to register it.

Regarding the service mode. Please be aware of 2 important differences.
1. Windows services do not have access to drive mappings created in Windows Explorer when user logged in user mode. Either you would need to convert all file references to networked files to UNC names \\server\share\folder\...file or re-establish drive mapping in each job instance run. The later method does work, but is not very reliable. We recommend using UNC.
2. Graphical programs designed to run on Windows desktops don't always run without an interactive user session. For example, if you have a job that launches an Excel file for the purpose of running a macro, it may fail when started from a service. Or Excel may show a prompt on an invisible desktop that no one would be able to see.
Tue Jun 23, 2020 1:40 pm View user's profile Send private message
wdsrladva



Joined: 22 Jun 2020
Posts: 5
Country: United States

Post Reply with quote
This is great information. Thank you.

Could I consider standing up a SINGLE NEW VM to install the web console that is separate to where the 24x7 scheduler tasks are operating? If I can do this, would the license to be purchased be ONLY the web admin console license since it wouldn't be running any 24x7 Scheduler tasks on itself. It would simply provide a platform to run the web admin console.

Here's what I am envisioning:
Dev-Ops team member using a browser on their client workstation (1) to go to the web console URL > web console server (2) > server running 24x7 scheduler and tasks (3)

When the Dev-Ops team member requests the console page, they would be prompted to enter the details of the server (3) that requires administration and review of tasks. Is this a viable approach to centralizing administration of 24x7 schedulers on different servers
Wed Jun 24, 2020 9:23 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
Correct, you can setup a dedicated VM, the web server running the console doesn't have to be on the same machine. As long as it can access the automation servers from where it is, it should be fine. And you would only need a license for that web console instance.

And you are correct on the second point too. In the web console, users enter name or IP address of the automation server they want to connect too, and their domain or local login for that server. the authentication and authorization takes place on the target server. The web console is just a management interface. In case they they need to connect to two different servers simultaneous, they can open a different tab in their web browser to connect to a different server using the same web console. The URL is the same, the connection parameters are different.
Thu Jun 25, 2020 11:16 am View user's profile Send private message
wdsrladva



Joined: 22 Jun 2020
Posts: 5
Country: United States

Post Reply with quote
Again, thanks for validating my thoughts. It's appreciated. Can we evaluate this approach before purchase? Considering a 30-60 evaluation window where at the end of the term we would either stand down the web console and go back to business as usual. Or purchase TWO licenses (non-PCI and PCI workloads).
Thu Jun 25, 2020 11:55 am View user's profile Send private message
wdsrladva



Joined: 22 Jun 2020
Posts: 5
Country: United States

Post Reply with quote
By installing the web console on a dedicated server, are there any frameworks or other dependencies that need to be met prior to installing the web console (i.e. running a LAMP stack?)
Does the web console have it's own "web server" service or daemon or does it rely on the likes of Windows IIS or Apache?
Thu Jun 25, 2020 12:01 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
It's multiplatform, you can install it on a Windows or Linux server.
If you choose to install it on a Linux server, you would need to install Apache Tomcat or Apache web server if it's not already available there, and also check that version o Java installed is 7.0 or later. Tomcat and Java are typically preinstalled on every canned Linux system. You would only need to deploy the WAR file containing web console files and it's ready to be used.
If you choose to install it on a Windows system, please use the same graphical installer you used to install the scheduler and choose the web console option. It will install everything it needs, the complete software stack and it will pre-configure it for you. It will also generate a self-signed certificate to allow HTTPS connections.

You may want to check with your IT team later if they can generate an internal SSL certificate that you can install on the server, or purchase a commercial one. The SSL certificate is needed for the server running the web console, and to avoid seeing security warnings shown in your web browser every time you go to the web console as it requires secure HTTPS mode.
Thu Jun 25, 2020 1:36 pm View user's profile Send private message
Display posts from previous:    
Reply to topic    SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite All times are GMT - 4 Hours
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

 

Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.