|
aXes (Arterial XML e-business Server) for the iSeries enterprise web-enables
your iSeries applications with only 30 minutes installation required.
aXes immediately Web-enables your existing applications while providing true
browser-based (zero client) , Web-to-host connectivity with full security for
browser-based sessions. aXes Web-to-host connectivity integrates, extends and
re-engineers enterprise applications with easy to use XML enabled graphical
interfaces, eliminating client deployment costs and minimizing administration,
upgrade and training costs. aXes is real-time, automated and dynamic.
Open Internet-standards and aXes n-tier architecture provides unlimited
presentation scalability.
Features
- Fast & secure XML web connectivity
- No programmer intervention or access to source code is required
- Access via true zero-client browser
- Provides “Session parking” & shadowing
- Uses batch or interactive CPW
- Graphical application interface and customisation
- Provides centralized management and administration
- Supports advanced 5250 display features, UIM help text and IBM panels
- Additional powerful development tool set is included for creating new web-based applications
aXes is a breakthrough product that immediately web-enables iSeries (AS/400) host screens with no interactive CPW required, and no programmer intervention. With its high-performance web server, aXes serves iSeries applications to the browser at incredible speeds.
aXes is a second generation host access solution for the iSeries (AS/400) platform. It securely and efficiently provides host access from any browser based device running across the Internet, your corporate intranet or mobile network.
Using the latest World Wide Web Consortium (W3C) standards and technologies, aXes web-enables your iSeries (AS/400) enterprise applications by running on the host and sending XML formatted data to users' browsers via a web server.
aXes runs on the host system and converts data destined for any browser-based device into XML format—the Internet standard for data interchange. The XML data is then served to the browser via your existing web server or by aXesW3, the small footprint server supplied with aXes.
The browser presents the data to the user based on display instructions in a predefined stylesheet that is served at logon. The stylesheet can be defined to reflect your corporate profile, device type or country localization settings.
aXes immediately web-enables and serves your existing iSeries (AS/400) applications across the corporate intranet, mobile network or the Internet—securely, efficiently and at less cost than traditional Telnet based proprietary solutions.
Components
The aXes product is supplied as a licensed program product with a number of components.
The base component contains the aXes FastCGI adapter which allows FastCGI applications to be run under the IBM HTTP Server. FastCGI adapter support is required to run the aXesTS Terminal Server using the IBM HTTP Server. This component also contains commands to compress and decompress stream files, and common product objects.
 — Terminal Server
This component contains the aXesTS Terminal Server which provides the ability to access AS/400 applications via a supported HTTP Server.
 — Web Server
This product option contains the aXesW3 Web Server which can provide HTTP support for the aXesTS Terminal Server and also operates as a standard Web Server with additional support for data compression.
aXes is developed and licensed by
aXes in a Secure Environment
aXes is usually installed in a corporate enterprise or Service Provider environment. Levels of security in these environments can vary widely: from no firewalls installed to firewalls installed at every possible juncture.
The goal of aXes is to be flexible enough to work in whatever security environment it is installed in, with little to no change to the existing infrastructure. In some cases, the client may reside at remote sites that are not managed by the organization that controls aXes. Clients may be routed through firewalls and/or proxy servers when accessing servers over the Internet. Corporate security policies at the client site may only allow traffic to or from a specific port. The challenge is for users to be able to access their business applications over the Internet, without jeopardizing corporate security. Any software or hardware operating in an enterprise or xSP environment with Internet access must address this challenge. aXes overcomes this challenge without affecting the end user, without compromising security policies, and without disrupting the existing infrastructure or requiring costly alternatives, such as a Virtual Private Network (VPN).
aXes, Firewalls and Proxy Servers
Firewalls are usually deployed to implement security, in an enterprise or xSP environment. If the client and the aXesW3 web server are behind the same firewall, then the client may connect directly to the aXesW3 web server. This may be the case if the client is on the same LAN as the aXesW3 web server, or uses a dial-up method or an Internet access method (such as a VPN) that makes it look like a local connection.
Alternatively, the client may reside outside the aXesW3 web server site's firewall. In this case, it either connects directly over the Internet through the firewall to the aXesW3 server, or it is routed through a firewall at its own site before reaching the Internet to connect to the aXesW3 web server.
The aXesW3 web server provides any proxy server with explicit HTTP headers instructing an HTTP 1.1 proxy server not to cache aXesTS terminal server transactions. Proxy servers will not cache aXesTS terminal server transactions, as each transaction is a unique URL. Other aXesW3 web server HTTP transactions will cache normally through a proxy server.
Further Information
For more firewall and proxy server information, please visit:
aXes Ports
aXesW3 software uses a combination of HTTP or HTTPS protocols. Protocols can be encrypted or unencrypted, depending on the security settings for the user. Each of these connection types is serviced by a process listening on a port on the aXesW3 web server.
The ports used by default are:
- Port 80 HTTP
- Port 443 HTTPS
Users typically access applications via aXesW3 by typing the URL for the server in their browser, for example https://www.arterialsoftware.com/. The initial connection to the aXesW3 web server is always made via either HTTP or HTTPS. The aXesW3 web server, responds to the HTTP(S) request and presents a login screen to the user. Web traffic is then communicated as the user logs in and launches applications.
To run in a secure environment, it is desirable to encrypt web traffic. Therefore, it is likely that HTTPS would be used. If the secure aXesW3 web server (HTTPS) listens on port 443, then this port must be accessible to incoming traffic. This would require that the port be accessible through the firewall at the aXesW3 server site. If the client site also has a firewall or proxy server, traffic must be allowed through port 443.
If the client resides in a secure environment, the client side firewall and/or proxy server may allow outbound traffic only to port 443 of the destination server. In these situations, web traffic must communicate on port 443.
aXes and Telnet
aXes does not use Telnet, neither the Telnet protocol nor the AS/400 Telnet server need to be running when aXes Server is running.
Most Telnet based solutions (thick or thin clients) open two ports (port 23 and port 992) however aXesTS and aXesW3 will listen on the default port for HTTP applications (port 80) or on a user specified port
A question often asked is, “Does using Telnet or Telnet based gateway solutions for serving iSeries application to the web open security breaches to the host?” This is especially relevant when some products open a combination of ports (detailed below) for providing session access, ODBC connectivity, Java client access and/or direct sockets access to host applications and data.
The answer is "no", because even if a hacker or intruder could successfully connect to an open Telnet session (and be presented with a sign on screen), they would still need to know a user-login and password combination before accessing the host. Correct iSeries (AS/400) security procedures would then be activated to restrict the number of unsuccessful sign on attempts and track the intrusion attempt.
Telnet-based approaches to host access do however allow a hacker to determine the type of host system if they can connect to a session. This is because the session will display a host sign-on screen.
A standard security approach is to minimize the amount of information available to a potential hacker. aXes Server improves on the Telnet-based approach by:
- Not using Telnet (in fact the host Telnet server can be disabled without affecting aXes Server)
- Never displaying a host sign-on screen
- Always encrypting the user ID and password (even if SSL is not used)
- Using the HTTP ports rather than the Telnet ports
Security is an integral part of aXes Server. It was designed to protect your data and applications while making those applications available to remote users over the most easily accessible medium using the ubiquitous browser interface. As can be seen from the scenarios described previously, aXes Server supports a number of physical implementations each intended to provide different levels of scalability and performance without compromising security.
Security Considerations
aXes addresses a number of security concerns when serving applications from your iSeries (AS/400) to browser based users.
- aXes supports the existing iSeries (AS/400) security and authentication mechanisms up to and including Security Level 50.
- aXes supports log-in from specific IP address and/or device name.
- aXes supports shadowing of user sessions on the host.
- aXes Server supports both Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols which allow for secure authentication, encryption, non-repudiation and Virtual Private Network (VPN) technologies. Both SSL and VPNs prevent "eavesdroppers" from listening and easily intercepting traffic between browser and host.
- Communications traffic between the browser and aXesW3 is in a compressed format (GZIP) which gives two major benefits: traffic is harder to monitor with sniffer devices and, when using SSL or VPN technologies, the amount of data transmitted between host and browser is reduced before the SSL or VPN encryption or decryption processing takes place. This results in considerable savings in bandwidth and CPU cycles when using SSL or VPN technologies.
- User ID and Passwords are encrypted before transmission and cannot be cached in the browser.
- aXesW3 secures web pages by requiring specific read (*R) and execute (*X) authority to the underlying files. It also secures access to directories by using Access Control Lists.
Recommended aXes Security Implementations
It is recommended that when deploying aXes across an insecure network such as the Internet, all communication between a Web browser and aXes be performed using Secure Sockets Layer protocol. Using SSL ensures that all data including user IDs and passwords are strongly encrypted and thus protected from casual interception.
aXes can be implemented in a number of configurations thus providing simple installation and management at the low-end while allowing scability and performance at the high-end. One of the following scenarios is suggested.
Single iSeries (AS/400) Server environment
This straightforward solution has the aXesTS Terminal Server and the Web Server running on the same host with all traffic between the host and the client secured using the Secure Sockets Layer protocol.
An existing or new SSL certificate provided by a trusted certificate provider such as VeriSign is installed on the iSeries (AS/400) host. The certificate is loaded in the default certificate store and associated with the web serving application - in this case aXesW3, but as previously documented, any web server that supports FastCGI and SSL protocols can be used.
The aXesW3 web server, unlike other iSeries web servers, compresses the data before the SSL encryption and decryption takes place meaning less data needs to be processed, resulting in higher SSL throughput and less CPU usage.
This environment is ideal for companies that have no existing web serving platform and wish to provide web access to existing iSeries applications, or are consolidating a large server farm or distributed iSeries (AS/400) network to a single iSeries host system.
Multiple Server environments
This scenario involves running the aXesTS terminal server on the iSeries (AS/400) host and using a second host (iSeries, Unix or Windows) to provide the web serving component and SSL functionality.
The key feature in this example is the scalability and flexibility of aXes to run in an existing multi-server environment. The aXesTS terminal server is running the user's session on the iSeries host, providing the XML conversion and communicating with the web server via the FastCGI protocol over TCP/IP. The existing Web Server architecture is being used to serve the application to the browser and provide the SSL support. Please note that both Servers are behind the firewall router.
Multiple Server Environment with DMZ
This scenario involves running the aXesTS terminal server on the iSeries (AS/400) host and using a second host (iSeries, Unix or Windows) running in a Demilitarized Zone (DMZ) outside the firewall, to provide the web serving component and SSL support.
Centralized Management and Administration
aXes is centrally installed and configured by the system administrator for all users or groups of users. Centralized configuration and administration saves time, reduces costs, and increases worker and system efficiency. aXes architecture provides unlimited scalability for any size business.
Capabilities:
- Monitor the entire system remotely, determining which sessions are open and who has current access to what applications.
- Remotely manage users, groups and sessions; create a custom session login script; create a custom session key mapping.
- Restrict users to pre-configured sessions, devices and networks. Increase security by allowing users to login from predefined IP addresses only.
- Performance counters provide access to statistical logging of traffic volumes and savings. Server(s) can be monitored with logs produced enabling the administrator to effectively gauge achieved data transmission reductions over extended periods.
- Monitor and manage large or disruptive non-business data transmission.
- Deliver performance preference to selected applications.
- Manage peak transaction loads.
- Establish different bandwidth constraints for different server instances. Control the amount of bandwidth that particular requests can consume and/or the total bandwidth that a server may consume.
Access Your Host From Anywhere
aXes Terminal Server is the fast, easy, and secure way to access your host from any web browser, in real time.
- Work on your host from home
- Travel and use your host remotely
- Increase your flexibility and productivity
Overview
aXes Terminal Server (aXesTS) is an effective host access solution that is managed from a standard Web server. It offers all of the advanced features found in desktop-based solutions within the framework of a browser-based interface. aXesTS lowers your Total Cost of Ownership (TCO) for host access by exploiting the infrastructure of the Web and internet-based protocols. The aXes Terminal Server provides unprecedented control over host connectivity combined with centralized configuration, license management and security.
aXesTS is an advanced host based solution that provides access to enterprise applications via an industry standard Web browser interface in XML format over the Web or company intranet. Using a browser, users simply access a URL—eliminating the need to install software and user configurations on individual desktops. Users access their host-based applications in a variety of styles, with a click of the mouse via their Web browser. aXesTS uses open standards to ensure host access is quickly, efficiently and securely managed between browser-based client and host application, resulting in lower network traffic than native terminal protocols. This gives reduced telecommunication, administration and client management costs with decreased complexity.
With the majority of enterprise applications still running on host-based systems, terminal emulation is a pervasive technology within private and public entities. The growing requirement for true zero-client, remote and mobile access to host-based systems is governing the transition from traditional terminal emulation to browser-based Web-to-host access. Organizations are being obliged to deliver information, not just to their employees, but to suppliers, business partners and customers.
aXesTS is a browser-based Web-to-host connectivity solution that offers key benefits in the management of host-access within the enterprise. aXesTS can be administered from a centralized management interface. It offers a range of client interfaces, powerful Secure Sockets Layer (SSL) driven encryption and host session shadowing capability for remote support.
Advantages of aXesTS include:
- Serving iSeries (AS/400) enterprise applications across the Internet in XML format
- Eliminating the need for traditional desktop emulation and associated client side deployment
- Use the full batch CPW of your iSeries server in a browser environment without rewriting your valuable applications
- Eliminating the necessity for installing high end, high cost, over-engineered solutions
- Universal enterprise application access from any browser enabled device
- Easy integration with any device or system
- Centralized management and administration
- Providing secure, browser-based, Web-to-host connectivity with single point installation
- No client software required or downloaded (true zero-client)
- Next generation solutions exploiting the full power of XML and Web services
- Technology neutral architecture requiring no ActiveX or Java infrastructure on server or client
- Distributed architecture providing security, scaling, load balancing, high availability, and connections to systems that don't have Web servers
aXesTS immediately Web-enables the enterprise while providing browser-based, Web-to-host connectivity with full security for browser-based sessions. aXesTS Web-to-host connectivity integrates, extends and re-engineers enterprise applications with easy to use XML enabled graphical interfaces, eliminating client deployment costs and minimizing administration, upgrade and training costs. aXesTS is real-time, automated and dynamic.
aXesTS features single point (true zero-client) installation and centralized management, which gives the administrator a high level of control and reduces the organization’s total cost of ownership (TCO). Single point (true zero-client) installation minimizes user training and support costs. Web-to-host technology minimizes the costs associated with software distribution, installation and configuration. Open Internet-standards and aXes n-tier architecture provides unlimited presentation scalability.
Webs Served Over-Easy
The aXes Web Server (aXesW3) is a fast, secure, non-blocking, multiplexing 4th generation HTTP 1.1 server for the IBM iSeries (AS/400) with integrated Website acceleration technology and FastCGI support.
Overview
aXes Web Server acceleration technology is built on the simple principle of sending less data and preserving information integrity across the network. This technique enhances existing bandwidth capacity by transmitting compressed data streams using less bandwidth and enables data to arrive faster. The aXesW3 Website acceleration technology is designed to provide affordable and flexible Website acceleration and load balancing for static and dynamic sites. By using the aXes Web Server, loads can be reduced, Web responsiveness can be improved, and site quality of service can be more easily predicted and managed. The aXes Web Server delivers a dual advantage to clients by conserving limited “bandwidth” resource while simultaneously enhancing the retention and satisfaction of Web users.
aXesW3 Features Include
- Light foot print
- Small memory utilization
- Low CPU consumption
- HTTP 1.1 support
- Compression of selected URLs
- SSL support
- P3P privacy support
- Embedded scripting
- Embedded database support
- Embedded Web site acceleration
- Throttling
- Speed
- Multiple instances
- CERN logging
- Authentication
- Simple installation and configuration
- Distributed FastCGI interface
A Web server’s role is to accept requests and issue a response. The first generation of Web servers did little more than this. These servers were unable to provide concurrent support for much more than a single user.
Second generation Web servers provided support for multiple requests by spawning child processes for each Web request. CERN and NCSA 1.3 are both examples of this type of server. These servers were found to perform poorly due to the overheads involved in process creation severely limiting the number of simultaneous connections. Some servers refined this approach by using threads, which provided some improvement.
Third generation servers such as NCSA 1.4, Apache, and Netscape provided a pre-start pool of reusable sub processes instead of starting a new sub-task for each Web request. Third generation Web servers provided vastly improved performance but introduced the problems of complexity and processing overheads in serving Web content. This resulted in high CPU and memory requirements as well as providing a new level of complexity when installing, configuring and managing Web servers.
Fourth generation servers like aXesW3, typically use non-blocking I/O, use only one process and no non-portable threads. Non-blocking I/O enables a server to send and receive multiple files concurrently, only when the client is ready to transfer data. These servers are faster (especially under high loads), use less memory, are portable, and more easily maintained.
|
