MACROMEDIA FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA... Скачать руководство пользователя страница 218 | Manualshive

Страница: 218 / 238

background image

218

Flash Media Server Security

About authentication and authorization

To authenticate (validate) administrators, Flash Media Server employs several layers of host-
based user security. (

Host-based security

refers to security measures that are implemented in the

server software itself.) When a user tries to connect to the management console with an
administrator user name and password, the server uses the layers of settings in its
configuration files to determine whether the connection should be allowed. Only
administrators who have been explicitly defined can connect to the server to use the console.

The server authenticates administrators by evaluating the contents of the XML tags in the
configuration files in the following order:

1.

Users.xml file:

Allow

and

Deny

tags. These tags indicate whether a user is allowed to

connect to the console from the current IP address. Administrators can connect only from
IP addresses you have specified with these tags.

2.

Adaptor.xml file:

Allow

and

Deny

tags. These tags indicate whether a user is allowed to

connect to the specified adaptor from the current IP address.

3.

Vhost.xml file:

Allow

and

Deny

tags. These tags indicate whether a user is allowed to

connect to the specified virtual host from the current IP address.

The server authenticates administrators by comparing their user names and passwords to
those defined in the Users.xml file. When you choose these names and passwords, make sure
they are not simple ones that can be easily guessed.

To have the server perform authentication of connecting users other than administrators, use
the

Allow

and

Deny

tags in the Adaptor.xml and Vhost.xml files. With these tags you can

prevent users from connecting from all domains other than those you specify. The server
checks incoming connections against the Adaptor.xml file and then the Vhost.xml file when
processing non-administrator connection requests.

To provide administrator

authorization

(assigning permissions), the server uses the Users.xml

file. When you define a user as a server or virtual host administrator in this file, the server
associates certain permissions with that user. Virtual host administrators can manage only a
virtual host—for example, they can reload or disconnect applications on that virtual host.
Server administrators can exercise control over all virtual hosts and perform server-level tasks,
such as restarting or shutting down the server.

«
...
216
217
218
219
220
...
»

Содержание FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA...

Страница 1: ...Managing Flash Media Server...

Страница 2: ...e link does not imply that Macromedia endorses or accepts any responsibility for the content on those third party sites Jabber is a registered trademark of the Jabber Software Foundation Sorenson Spar...

Страница 3: ...on Linux 15 Using the management console 16 Connecting to the management console 17 Managing applications 19 Creating a new application instance 21 Managing the administrative users 27 Managing the se...

Страница 4: ...65 Configuring independent virtual hosts for SSL application 66 About configuration levels 66 About the configuration hierarchy 66 Adding adaptors and virtual hosts 69 Server administration over HTTP...

Страница 5: ...Flash Media Server Security 215 Managing server security 215 About authentication and authorization 218 JavaScript security 219 Secure script loading 220 Protecting objects 221 Permissions levels 222...

Страница 6: ...6 Contents...

Страница 7: ...teract with the server to retrieve information or modify the server configuration This API is described in detail in the Server Management ActionScript Language Reference included with Flash Media Ser...

Страница 8: ...on a separate Windows or Macintosh computer to develop your Flash applications You ll also need Macromedia Flash Player for Windows or Macintosh and a web browser to run the sample applications About...

Страница 9: ...NIX system replace the backslashes with forward slashes Additional resources The Flash Media Server documentation was written before the code in the product was complete Therefore there may be discrep...

Страница 10: ...10 About This Manual...

Страница 11: ...isk of conflicting with another application that may be assigned to the same port for example if you configure the server to use port 80 to support HTTP tunneling the server might not run both a web s...

Страница 12: ...ministrator defined during installation have access to all virtual hosts Server administrators can add or delete virtual host administrators using the management console Registering client application...

Страница 13: ...client application s directory you can give that application different settings from those defined in the virtual host s Application xml file which serve as the default settings for applications on t...

Страница 14: ...t are encoded in UTF 8 format must be transferred to the server via a binary file transfer For more information about using server side scripts see Developing Media Applications Starting and stopping...

Страница 15: ...ge to the directory where the server is installed 3 Open a shell window and type the following fmsmgr server fms start To stop the server on Linux 1 Log in as a root user 2 Change to the directory whe...

Страница 16: ...s data properties in the adjoining window The management console is a Flash application fmsconsole swf that Macromedia created with public APIs application programming interfaces When you install Fla...

Страница 17: ...then communicates with the server to perform its administration functions On both Linux and Windows systems you must first explicitly start the Admin service After the Admin service is started authori...

Страница 18: ...ptor virtual host administrators must specify the name of the adaptor For example if a virtual host administrator is logging on to a virtual host on the adaptor _secondAdaptor_ the administrator JLee...

Страница 19: ...and Bugs Designer Developer Center Customer Service Clicking the question mark icon displays links to Flash Media Server online help and documentation Managing applications The View Applications pane...

Страница 20: ...istrative actions on a selected application Review the selected application s log file as it records events Monitor the clients connecting to the application View the streams and shared objects runnin...

Страница 21: ...ton This action creates a new application instance within the application list The management console adds a default instance suffix _definst_ which can be edited Press Enter to submit the name and st...

Страница 22: ...ion creates an associated log file The Live Application log pane displays the log messages The application administrator can use the Find box on the bottom margin of the pane to search for partial str...

Страница 23: ...ion The management console displays the following information for each client Client ID Connection protocol Number of bytes in the connection request and the information returned Connection time Numbe...

Страница 24: ...red object Select a shared object to view its data values The information on this pane is helpful when debugging the application When you select a shared value one of the following occurs If the share...

Страница 25: ...ebug connection is possible If debugging is not allowed the Play Stream button does not show The Viewing server performance tab pertains to the performance of this particular application The informati...

Страница 26: ...lication was started and how long it has been running continuously Number of messages in and out of the application Amount of bytes in and out of the application This pane also graphically displays th...

Страница 27: ...rvers and virtual hosts Select a server or virtual host to display its authorized administrators The right side pane lists the administrators for the server or virtual hosts Select the New User button...

Страница 28: ...can access and manage This pane allows the administrator to select an individual server or a group of servers for viewing information Servers are grouped into a tree structure The sample shows the pre...

Страница 29: ...ple servers simultaneously Ping the selected server to verify that the server is running and view its responsiveness in milliseconds Restart or start the selected server or virtual host Check for and...

Страница 30: ...o occupies the left side of the screen in this section of the management console The pane lists the servers and virtual hosts that the administrator can access and manage Viewing server details This p...

Страница 31: ...each client accessing the server or virtual host Client ID Connection protocol Number of bytes in the connection request and the information returned Connection time Number of messages in and out of t...

Страница 32: ...t are running on the server The name of each application is displayed along with the number of instances of the application that have been loaded on or unloaded from the server the number of users tha...

Страница 33: ...console displays the detailed information for your Flash Media Server license Select an individual license to display its details in the lower frame For each serial key the management console displays...

Страница 34: ...tial strings in the log messages Clicking the Clear Log button clears the screen Logging client connections and other system events Flash Media Server 2 provides a logging functionality that allows th...

Страница 35: ...ate file per vhost When logging is configured on a per vhost basis all logs for a particular vhost are found in a subdirectory within the logs directory The name of the subdirectory matches the vhost...

Страница 36: ...s field contains a space or delimiter the data is wrapped in double quotation marks The double quotation marks surrounding the data are not part of the data but are present for better parsing of the d...

Страница 37: ...used to bill customers per session To calculate the bandwidth usage per session subtract the sc bytes in the connect event by the sc bytes in the disconnect event x sname application Stream name x fil...

Страница 38: ...is is a composite field cs uri stem x sname x file ext x sname query x status application For a complete description of the x status codes and descriptions see the following table Field Status Code De...

Страница 39: ...in the matching vhost directory The xx in the filename is a 2 digit number representing the history of the application log The most recent logs can be found in application 00 log The following table l...

Страница 40: ...ult to create a diagnostic log for each type of process The xx in the file name is a 2 digit number presenting the version of the log The most recent logs can be found in version 00 log x pid all Serv...

Страница 41: ...s the severity category and message ID The first 3 characters represent severity Always in a format of letter The letter can be any of the following w warning e error i information d debug s trace fro...

Страница 42: ...ion failed service will be stopped 1003 Error during shutdown process process will be terminated 1004 Reinitializing server 1005 Failed to start the following listeners for adaptor 1 S 2 S 1006 Failed...

Страница 43: ...ation 3 S 1028 Exception while processing message 1029 Bad network data terminating connection 1 S 1030 Illegal subscriber 1 S cannot subscribe to 2 S 1031 Failed to start virtual host 1 S 1032 Failed...

Страница 44: ...1 S 1059 Invalid user ID 1 S 1060 NetConnection Admin CommandFailed 1061 Invalid parameters to 1 S method 1062 Failed to unload application 1 S 1063 Failed to load application 1 S 1064 1 S applicatio...

Страница 45: ...n to Flash Media Server 2 has been disconnected 1089 Failed to play stream ID 1 S 1090 Failed to play 1 S stream ID 2 S 1091 Play stop failed stream ID 1 S 1092 Audio receiving enabled stream ID 1 S 1...

Страница 46: ...IP 2 S and port 3 S are already in use 1116 Failed to create adaptor 1 S 1117 Failed to play 1 S stream not found 1118 Insufficient admin privileges to perform 1 S command 1119 Failed to initialize li...

Страница 47: ...Connection Call Success 1141 Unable to locate server configuration file during startup 1142 Unable to locate script file 1 S 1143 NetConnection Call AccessDenied 1144 NetConnection Call BadValue 1145...

Страница 48: ...reconnect to Flash Media Server 2 1167 Failed to remove application 1 S 1168 Exception while processing message 1 S 1169 Failed to execute admin command 1 S 1170 Unloaded application instance 1 S 117...

Страница 49: ...d Virtual host 1 S Max Allowed 2 S Current 3 S 1195 Server to client bandwidth limit exceeded Virtual host 1 S Max Allowed 2 S Current 3 S 1196 Adaptor 1 S does not exist 1197 Virtual host 1 S does no...

Страница 50: ...aborted 1218 Failed to play stream 1 S Recorded mode not supported 1219 Missing arguments to 1 S method 1220 Invalid admin stream 1 S 1221 Core 1 S started arguments 2 S 1222 Failed to start core 1 S...

Страница 51: ...248 Core 1 S failed to establish proxy to edge 1249 Core 1 S socket migration failed 1250 Edge disconnected from core 1 S 1251 Proxy to core 1 S failed 1252 Registering core 1 S 1253 Socket migration...

Страница 52: ...ess Whether access logging is enabled Enable true Enable The logging scope determines whether a log file is written out for each vhost or just one for the entire server It may be either server or vhos...

Страница 53: ...mple April in M is 4 and in MM is 04 FileName access YYYYMMDDNN log FileName The time field in a log file can be either in utc or local The setting here can be used to override the server wide configu...

Страница 54: ...ype of event 2 x category Event category 3 date Date at which the event occurred 4 time Time at which the event occurred 5 tz Time zone information 6 x ctx Event dependent context information 7 x pid...

Страница 55: ...f one or more field names The special keyword indicates that all fields are to be logged When customizing the fields to be logged it is strongly recommended to always at least log the type category da...

Страница 56: ...ype daily rotation only occurs every 24 hours and the format is hh mm for example 00 00 will rotate every midnight If type duration rotation occurs when the duration of the log exceeds a certain lengt...

Страница 57: ...ows Start menu select Settings Control Panel Administrative Tools Event Viewer 2 Select the Application panel 3 Double click an event generated by Flash Media Server to view the details of the event C...

Страница 58: ...For more information see Server xml file on page 86 Starting the Flash Media Admin Service in Windows The Flash Media Admin Service is the service that you connect to when you log on to the server th...

Страница 59: ...so removed Warning Use this command only if you want to uninstall the server you still need to manually remove the installed files fmsmgr server service_name abort Stops a running Flash Media Server s...

Страница 60: ...oot user using the fmsmgr utility before anyone can use the management console fmsmgr setadmin service_name Changes the default Admin service service_name is the name of the server you selected during...

Страница 61: ...romedia Flash that is SWF files Each application defined on the server has a corresponding directory that contains the streams and scripts used by the application Your web server is responsible for se...

Страница 62: ...other deployment scenario the server side files ASC files the audio video files Flash Video or FLV files and the source files FLA files should not reside in the web server s published directories Thes...

Страница 63: ...uses to connect to Flash Media Server The application must be designed to check for these tickets typically with server side scripts SSL support in Flash Media Server Secure Sockets Layer SSL is a pr...

Страница 64: ...the Server xml file configure Flash Media Server to act as an SSL enabled client making outgoing connections secure SSL SSLEngine SSLEngine SSLRandomSeed SSLRandomSeed SSLSessionCacheGC SSLSessionCach...

Страница 65: ...contain the following information SSL SSLServerCtx SSLCertificateFile cert pem SSLCertificateFile SSLCertificateKeyFile private pem SSLCertificateKeyFile SSLPassPhrase SSLPassPhrase SSLCipherSuite AL...

Страница 66: ...erifyDepth SSLCipherSuite SSLCipherSuite SSLClientCtx SSL About configuration levels The server is capable of hosting more than one adaptor and more than one virtual host on each adaptor Each virtual...

Страница 67: ...directory contains the following The Server xml file This file contains settings that relate to the server only The specific settings for the adaptors virtual hosts and applications are stored in sepa...

Страница 68: ...ult settings for the client applications that will connect to the server the Vhost xml file which contains the settings for the virtual host and the Users xml file which defines the administrative use...

Страница 69: ...east one virtual host directory called _defaultVHost_ Any virtual hosts must be in addition to _defaultVHost_ When you design an application in Flash that will connect to Flash Media Server you add a...

Страница 70: ...An Application xml file A Users xml file if you are defining administrators for this virtual host A typical customized server conf directory might look like this A customized conf directory containing...

Страница 71: ...ame server management application programming interface API over HTTP as you would over RTMP By passing command strings and arguments to the URL of your Flash Media Server you can interact with the se...

Страница 72: ...utf 8 result level status level code NetConnection Call Success code timestamp 11 17 2003 2 52 29 PM timestamp data bytes_in 0 bytes_in bytes_out 3284 bytes_out bw_in 0 bw_in bw_out 0 bw_out msg_in 0...

Страница 73: ...e_allocated huge_released 2 huge_released units bytes global_size 430200 global_size thread_size 210900 thread_size size 641100 size reused 1980900 reused allocated 14068504 allocated released 1618633...

Страница 74: ...e passed as comma separated values enclosed by square brackets 1 2 3 4 abcd 34 hi 10 20 31 32 40 Objects are passed as JavaScript inline object literals foo 123 bar 456 user Joe ssn 123 45 6789 huge_a...

Страница 75: ...arguments for each command Remember that the admin user name and admin password are required for every command Command Required arguments Optional arguments Sample URL addAdmin username password scop...

Страница 76: ...cheStats n a n a admin getFileCacheStats getGroupMembers appInst uid userid n a admin getGroupmembers appInst fo o groupid 63741000 getGroups appinst n a admin getGroups appInst foo getGroupStats appI...

Страница 77: ...n a n a admin getServerStats getServices n a n a admin getServices getSharedObjects appInst n a admin getUsers appInst foo getSharedObjectStats appInst sharedObject persistent n a admin getInstanceSt...

Страница 78: ...estartVHost n a scope admin restartVHost scope _defaultR oot_ foo macromedia com setConfig2 key value scope admin setConfig2 key Admin Server UserList User scott Password value foo scope startServer n...

Страница 79: ...ing mappings that you defined The Flash Media Server 2 installer also defines a few of these mappings during the installation process and it stores them in a separate file called fms ini The server lo...

Страница 80: ...Host When the server encounters the symbol it checks whether the symbol named VIR_DIR is mapped to anything It then finds that it is mapped to c streams in the substitution xml file The symbolic mappi...

Страница 81: ...ore KeyValueFile tags in the substitution xml file Each of these tags can specify the location of one external file For example the following XML specifies the file C testfiles mySymbols txt within th...

Страница 82: ...appear in each file Configurable application object properties for server side scripting Flash Media Server 2 supports configuration tags that enhance the server side application object You can now d...

Страница 83: ...t variable COMPUTERNAME is equal to jsmith01 and you have defined a symbol named HELLO in the substitution xml file as follows Root Symbols HELLO World HELLO Symbols Root In addition the following XML...

Страница 84: ...84 Deploying Flash Media Server...

Страница 85: ...contains configuration tags that relate to the server adaptor virtual host application or logging activity they are associated with To customize the functionality of the server you edit these tags The...

Страница 86: ...ClusterMonitorInterval BroadcastAddress 255 255 255 255 BroadcastAddress BroadcastPort 67 BroadcastPort MaxWaitTime 100 MaxWaitTime UserData UserData AutoDiscovery SSL SSLRandomSeed 16 SSLRandomSeed S...

Страница 87: ...ads 0 MinConnectionThreads MaxConnectionThreads 0 MaxConnectionThreads MaxConnectionQueueSize 1 MaxConnectionQueueSize RTMP Connector Protocol RTMP Edge MinIOThreads 0 MinIOThreads MaxIOThreads 0 MaxI...

Страница 88: ...s IPCQueues MessageCache MaxCacheUnits 4096 MaxCacheUnits MaxCacheSize 100 MaxCacheSize MaxUnitSize 16 MaxUnitSize FreeRatio 0 125 FreeRatio GlobalRatio 0 4 GlobalRatio MaxAge 1000000 MaxAge UpdateInt...

Страница 89: ...eExitDelay 20 CoreExitDelay Master ResourceLimits Logging Time local Time Access Enable true Enable Scope server Scope Access Diagnostic Enable true Enable Diagnostic Application Enable true Enable Ap...

Страница 90: ...matic proxy discovery messages BroadcastAddress Specifies the broadcast address to use for broadcasting FPAD messages BroadcastPort Specifies the broadcast port to use for broadcasting FPAD messages C...

Страница 91: ...Specifies the maximum size of the FLV cache FreeMemRatio Sets the maximum percentage of total memory that the total pool size may occupy FreeRatio Specifies the percentage of the message cache to be c...

Страница 92: ...pending MaxConnectionThreads Specifies the maximum number of threads used to process connection requests MaxIOThreads Specifies the maximum number of threads that can be created for I O processing Max...

Страница 93: ...tag contains tags to configure the RTMP connector RTMP Protocol Container tag contains tags to configure the RTMP protocol Scope Determines whether or not to write a log file for each virtual host or...

Страница 94: ...omSeed Specifies the number of bytes of entropy to use for seeding the pseudo random number generator PRNG SSLSessionCacheGC Specifies how often to flush expired sessions from the server side SSL sess...

Страница 95: ...rotocol is also used for collecting performance metrics and issuing administrative commands to Flash Media Server cores The Admin Service is separate from the Flash Media Server When administrators co...

Страница 96: ...proxy discovery messages that the Flash Media Server responds to Description The Allow tag is a comma delimited list of host names domain names and full or partial IP address as well as the keyword a...

Страница 97: ...ia Server services all zones When this tag is set to Zone 2 but it receives a message from a client in Zone 1 the server does not reply to this client Example AllowZones 1 3 5 AllowZones This example...

Страница 98: ...t specified by the Windows system variable INADDR_ANY By default Flash Media Server listens on any available interface on port 67 Syntax BindInfo ip port BindInfo See also ProxyInfo in this container...

Страница 99: ...efault value is 60 seconds See also TTL Connector Container tag Description The tags nested within the Connector container configure the connector subsystem Flash Media Server provides connectors that...

Страница 100: ...of 0 disables the timeout check CoreExitDelay This tag specifies how much wait time an idle core is given to exit on its own before it is removed from the server Description The default wait time is...

Страница 101: ...foo com 10 60 1 133 10 60 Deny Deny all Deny See also Allow Order tags ECCP Container tag The tags nested within the ECCP container configure ECCP Edge Server Core Server Communication Protocol Descr...

Страница 102: ...d the Enable tags in the Access Application and Diagnostic subdirectories in the Logging container Located in the Logging container Description This tag enables or disables the access logs A value of...

Страница 103: ...nd Diagnostic subdirectories in the Logging container Located in the Logging container Description This tag enables or disables the diagnostic logs A value of true enables the logging process false di...

Страница 104: ...setting is 0 125 12 5 percent When more free memory is available to a thread than the specified ratio the freed memory will return to the global pool See also FreeMemRatio GID This tag specifies the g...

Страница 105: ...g specifies the maximum size in kilobytes of the shared memory heap used for an IPC interprocess communication message queue The default value for this tag varies according to its container HostPort T...

Страница 106: ...scription The tags nested within the IPCQueues container configure the IPC queues Flash Media Server uses IPC queues to send messages from one core to another or from one process to another such as ma...

Страница 107: ...rver will use the default loopback address as the local loopback Logging Container tag Description The tags nested within the Logging container perform the overall logging configuration You set the co...

Страница 108: ...By default the creation mask is set to 017 in octal Therefore all the Flash Media Server object files are created with permission 0666 017 0660 rw rw The owner and the users who belong to the same gr...

Страница 109: ...ze limit is reached The default is 4096 units See also MaxCacheSize MaxConnectionQueueSize Located in the HTTP and RTMP Connector containers Description This tag specifies the maximum number of connec...

Страница 110: ...means 1 x N threads 2 means 2 x N threads and so on Flash Media Server can receive connections on various protocols The default value for this tag varies according to which container protocol it is ne...

Страница 111: ...onse it receives By default the maximum wait time is 100 milliseconds Example MaxWaitTime 100 MaxWaitTime MessageCache Container tag The tags nested within the MessageCache container control how the m...

Страница 112: ...tag varies according to which container protocol it is nested within See also MaxIOThreads MsgPoolGC This tag specifies how often Flash Media Server checks for and removes content in the global messag...

Страница 113: ...completion routine threads on Windows 32 bit systems for edge server I O processing Order This tag specifies the order for evaluating the Allow and Deny tags Description This tag specifies whether Fla...

Страница 114: ...iption The tags nested within the Process container contain the ID tags for all server processes These tags are applicable for Flash Media Server running on Linux systems only Contained tags GID UID P...

Страница 115: ...roxy Auto Discovery process is enabled a warning is written to the system log The IP address of this computer and port 1935 is returned to the clients See also HostPort in Adaptor xml file ResourceLim...

Страница 116: ...s MaxConnectionQueueSize MaxIOThreads MinIOThreads NumCRThreads See also RTMP Protocol in Protocol container RTMP Protocol Flash Media Server uses two container tags named RTMP one nested within the C...

Страница 117: ...response for clients wishing to make a secure connection Syntax SecureProxyInfo hostname IP port SecureProxyInfo SegmentsPool Container tag Description The tags in this section configure how the segm...

Страница 118: ...ire this information as a part of incoming connection requests If this tag is not set the host name field is not supplied in the referrer header Services Container tag Description The tags in this sec...

Страница 119: ...the default value Located in the ACCP Admin Core ECCP containers and in the RTMP Protocol container within the Protocol container See also SocketTableSize SocketTableSize This tag specifies the size o...

Страница 120: ...e of a file that contains one or more CA Certificate Authority digital certificates in PEM privacy enhanced mail encryption format See also SSLCACertificatePath SSLCACertificatePath This tag specifies...

Страница 121: ...ption This tag is a colon delimited list of encryption resources such as a key exchange algorithm authentication method encryption method digest type or one of a selected number of aliases for common...

Страница 122: ...ven if they are explicitly stated If is used then the ciphers are deleted from the list but some or all of the ciphers can be added again by later options If is used then the ciphers are moved to the...

Страница 123: ...h and medium strength encryption with the high being preferred and reject export strength versions SSLCipherSuite ALL SSLv2 SSLCipherSuite Here is the complete list of components that Flash Media Serv...

Страница 124: ...See also The SSL container IDEA IDEA encoding NULL No encryption EXP All export ciphers 40 bit encryption LOW Low strength ciphers no export DES MEDIUM 128 bit encryption HIGH Triple DES encoding Dig...

Страница 125: ...applications you should experiment to determine the best value for this tag See also SSLCipherSuite SSLRandomSeed SSLSessionCacheGC This tag specifies in minutes how often to check for and remove unus...

Страница 126: ...rtificate cannot be found within the specified depth the certification verification will fail The default depth is 9 See also SSLVerifyCertificate ThreadPoolGC This tag specifies in minutes how often...

Страница 127: ...erMonitorInterval UID This tag contains the server process user ID Description If no UID or group ID GID is specified the server will run as root This tag is applicable for Flash Media Server running...

Страница 128: ...strators or change their administrative permissions The Users xml file contains the following tag structure Root UserList User name SERVER ADMIN_USERNAME Password encrypt false SERVER ADMIN_PASSWORD P...

Страница 129: ...ash Media Admin Service Deny HTTPCommands Lists the Flash Media Admin Service commands denied access via HTTP Deny User Lists the specific hosts from which the administrator cannot connect to the Flas...

Страница 130: ...llow the Allow tag in the User container and the Allow tag in the HTTPCommands container Description This tag lists the specific hosts from which an administrator can connect to the Flash Media Admin...

Страница 131: ...in the HTTPCommands container This tag lists those hosts from which the administrator is not authorized to connect to Flash Media Admin Service You restrict the administrator s access by creating a c...

Страница 132: ...e other in the User container Description This tag specifies the order for evaluating the Deny and Allow commands Syntax Order Deny Allow Order The sequence Deny Allow means the HTTP command will be a...

Страница 133: ...n the Deny list of commands and not specified in the Allow list See also Allow Users Deny User Password This tag specifies the password for the administrator of this vhost Description Passwords cannot...

Страница 134: ...xml contains the tags and information used to configure the Flash Media Server log files You can edit this file to add or change configuration information including the location of the log files The...

Страница 135: ...category x event date time x pid c ip cs bytes sc bytes x sname sc stream bytes x file size x file length Fields Delimiter Delimiter QuoteFields disable QuoteFields EscapeFields enable EscapeFields A...

Страница 136: ...ers in the log file are escaped Events Specifies the events written to the Access log file Fields Specifies which fields for an event are logged in the Access log file FileName Specifies the name of t...

Страница 137: ...lication Container tag Description The tags nested within this container configure the Application log file settings Contained tags Directory Rotation Time Delimiter Formatting tag This tag specifies...

Страница 138: ...ctory in the server installation directory Located in Access Application Diagnostic containers DisplayFieldsHeader Formatting tag This tag specifies how many lines to write to the log file before repe...

Страница 139: ...n instance stops connect application Client connects to the server connect pending application Client connects to the server waiting for the script to authenticate disconnect application Client discon...

Страница 140: ...erver using an unknown protocol 401 Connection rejected by the application script 403 Connection rejected by access module 404 Application not found 409 Resource limit exceeded 413 License limit excee...

Страница 141: ...complete list of fields associated with events in the Access log file Not every field is associated with each event in the log file publish 200 Successful 400 Bad request invalid arguments 401 Access...

Страница 142: ...alculate the bandwidth usage per session subtract the value of cs bytes in the connect event from the value of cs bytes in the disconnect event sc bytes application This field shows the number of byte...

Страница 143: ...ate the bandwidth usage per stream subtract the sc stream bytes in the play event by the sc stream bytes in the stop event cs uri stem application Stem portion of s uri omitting query field cs uri que...

Страница 144: ...og access 02 log access 03 log and so on The default number of files to retain is 5 HostPort This tag specifies the IP and port of the log server Syntax IP port Example HostPort xxx xxx xxx xxx 1234 H...

Страница 145: ...to use quotation marks to surround those fields in the log file that include a space Description This tag can be set to enable or disable By default it is set to disable See also Delimiter EscapeFiel...

Страница 146: ...ion Schedule If the type attribute is duration rotation occurs when the duration of the log exceeds a specified length The duration is specified in minutes Located in Access Application Diagnostic con...

Страница 147: ...uded with the server at installation is named _defaultRoot_ and its directory is found in the conf directory To change an adaptor s settings you edit the tags in its Adaptor xml file The Adaptor xml f...

Страница 148: ...ort s to bind to HostPortList Contains a list of HostPort tags HTTPIdent Configures the server to respond to or reject an HTTP identification request from a client HTTPTunnel Container tag the tags in...

Страница 149: ...rver SetCookie Specified whether the adaptor sets a cookie SSL Container tag contains tags that configure Flash Media Server to act as SSL enabled server for secure communications SSLCACertificateFile...

Страница 150: ...Allow tag is a comma delimited list of host names or domain names and or full or partial IP addresses Example Allow foo yourcompany com macromedia com 10 60 1 133 10 60 Allow See also Deny Order Deny...

Страница 151: ...80 will result in a failure to connect The client will attempt to perform an SSL handshake that the server will fail to complete Similarly a regular RTMP connection to port 443 will fail because the s...

Страница 152: ...onflict the first adaptor to bind to the specified HostPort wins Flash Media Server logs a warning in the Access log file indicating that the specified IP port is in use Although you can assign any po...

Страница 153: ...e Example http localhost 1935 fms ident This command sends an HTTP get request GET fms ident HTTP 1 1 Accept Accept Language en us Accept Encoding gzip deflate User Agent Mozilla 4 0 compatible MSIE 6...

Страница 154: ...ait before it sends back an ack acknowledgement code for a client idle post Ack is shorthand for acknowledgement code a transmission control character used to indicate that a transmitted message was r...

Страница 155: ...ilures This tag specifies the maximum number of failures an edge server may incur before it restarts Description Default number of failures is 2 MaxSize This tag specifies the maximum number of XML fi...

Страница 156: ...s sample code as a template for configuring each edge server MimeType This tag specifies the default MIME Multipurpose Internet Mail Extensions type header sent on tunnel responses Description The ser...

Страница 157: ...ied unless it is specified in the Allow tag Order Deny Allow Order The alternative sequence Deny Allow indicates that access to a server is allowed unless specified in the Deny tag and not specified i...

Страница 158: ...example configures the Redirect tag to forward the request to a specific host depending upon which port the request arrived on Redirect enable false maxbuf 16384 The maxbuf attribute determines how b...

Страница 159: ...yourself with a product such as OpenSSL you then use the SSL tags to configure Flash Media Server for SSL The following is a quick start to allowing SSL enabled connections to Flash Media Server Go to...

Страница 160: ...stract Syntax Notation 1 The default is PEM See also SSLPassPhrase SSLCipherSuite This tag specifies the suite of encryption ciphers that Flash Media Server uses to secure incoming connections Descrip...

Страница 161: ...n control the SSL configuration for this adaptor Contained tags SSLCACertificateFile SSLCACertificateKeyFile SSLCipherSuite SSLPassPhrase SSLSessionTimeout SSLSessionTimeout This tag specifies in minu...

Страница 162: ...must have its own directory inside the adaptor directory The name of the directory must be the actual name of the virtual host such as streaming macromedia com Each defined virtual host must be mappe...

Страница 163: ...axAge 1000000 MaxAge UpdateInterval 1024 UpdateInterval FreeMemRatio 0 5 FreeMemRatio SmallMemPool LargeMemPool MaxCacheUnits 4096 MaxCacheUnits MaxCacheSize 100 MaxCacheSize MaxUnitSize 16 MaxUnitSiz...

Страница 164: ...st Container tag contains the list of Alias tags Allow Specifies the domains that can connect to this virtual host Anonymous Determines whether or not this virtual host runs as an anonymous proxy AppI...

Страница 165: ...old for messages that can be returned to the cache MessageCache Container tag tags in this section configure how messages are kept for reuse by Flash Media Server Mode Configures this virtual host to...

Страница 166: ...the number of bytes of entropy to use for seeding the pseudo random number generator PRNG SSLSessionCacheGC Specifies how often to flush expired sessions from the server side SSL session cache SSLVer...

Страница 167: ...as name alias1 Alias Example Alias name abc abc macromedia com Alias If the name of this virtual host is abc macromedia com but you wish to connect by simply specifying abc then specify the alias abc...

Страница 168: ...xy Description Both anonymous and explicit proxies intercept and aggregate the clients requests to connect to the origin server Here are some key differences between anonymous and explicit proxies The...

Страница 169: ...g this tag to true creates an implicit proxy to intercept the incoming URIs See also Mode AppInstanceGC This tag specifies how often to check for and remove unused resources for application instances...

Страница 170: ...hing behavior Description The contents of the cache are volatile This tag controls whether the cached streams will be written to disk in addition to being cached in the proxy server s memory The proxy...

Страница 171: ...ist on a per thread basis Description This tag s setting ranges between 0 and 1 The default setting is 0 125 When more free memory is available to a thread than the specified ratio the freed memory wi...

Страница 172: ...proxy to either transparently pass on or intercept requests and responses If the LocalAddress tag is not specified then outgoing connections bind to the value of the INADDR_ANY Windows system variabl...

Страница 173: ...he maximum number of free units in the cache Description The default number of free units is 4096 Note the number of free units may be less if the size limit specified by the MaxCacheSize tag is reach...

Страница 174: ...he messages in memory for reuse instead of returning them and repeatedly requesting them from the operating system Messages are the essential communication units of Flash Media Server and recycling th...

Страница 175: ...operties of an outgoing SSL connection to an upstream server the SSL connection to upstream servers will use the default configuration specified in the SSL section of the Server xml file For more info...

Страница 176: ...l is specified however Flash Media Server applies the protocol specified in the RouteTable tag Implicit proxies hide the routing information from the clients The connection syntax for this tag is flex...

Страница 177: ...tags to route connections to the desired destination The RouteTable tag can be left empty or it can contain one or more RouteEntry tags The protocol attribute specifies the protocol to use for the out...

Страница 178: ...Video files within Flash Media Server to increase performance of FLV streaming and keep frequently used FLV files available in memory Contained tags FreeMemRatio FreeRatio GlobalRatio MaxAge MaxCacheS...

Страница 179: ...connection If the SSL tags in a proxy s Vhost xml file are not present Flash Media Server uses the default values specified in the SSL section of Server xml to configure the SSL connection to upstrea...

Страница 180: ...ne is added by the server Any application that refers to a stream whose path begins with common will access the item in C FlashMediaServer myApplications shared resources regardless of the application...

Страница 181: ...table client virtualKey property Flash Player 8 and Flash Player 9 are assigned Key A earlier versions of the player get Key B When the client plays a stream it will use the appropriate key The replay...

Страница 182: ...n the original Streams tag Example VirtualDirectory Streams alphaKey foo c goodStreams Streams Streams betaKey foo c evenBetterStreams Streams VirtualDirectory You create a stream switching scenario b...

Страница 183: ...rtualKeys This example shows how the key can be set by the administrator as a client property in the server side script If the client has key A the Key attribute will map to on2 and if it has key B it...

Страница 184: ...the values for the ClientToServer and ServerToClient tags nested in these sections to be overridden The Client tag in this XML files includes an override no attribute by default Here are the rules Fla...

Страница 185: ...ObjManager StorageDir StorageDir DuplicateDir DuplicateDir ResyncDepth ResyncDepth LockTimeOut LockTimeOut AutoCommit AutoCommit SharedObjManager AllowHTTPTunnel AllowHTTPTunnel Client Bandwidth Serve...

Страница 186: ...s the tags in the Application xml configuration file Application xml tag Description Access Container tag contains tag that controls the permission levels in the Access Module the libconnect dll file...

Страница 187: ...tions that can be set by the user CombineSamples Container tag contains tags to configure how Flash Media Server uses sound sampling Connections Container tag contains tags to configure settings for H...

Страница 188: ...rocesses LoadOnStartup Specifies whether or not to load this application when the server starts LockTimeout Specifies the time out value before unlocking a shared object file LoCPU Specifies the lower...

Страница 189: ...ngth a core process is in use RuntimeSize Specifies the maximum size for the script engine Scope Specifies the process scope in which the application runs ScriptLibPath Contains a list of paths the Ja...

Страница 190: ...This tag specifies whether or not to allow the following and Location header that is sent with redirection of an HTTP header Description The default is true allowing HTTP redirects Tunnel Specifies wh...

Страница 191: ...server or use the HTTP protocol to transmit RTMP packets called HTTP tunneling if there is a firewall that allows only HTTP content to be sent out to public servers The values for this tag are describ...

Страница 192: ...nested in this section to be overridden too Contained tags ClientToServer Bandwidth ServerToClient Bandwidth See also BandwidthCap BandwidthCap Container tag Description The tags in this section spec...

Страница 193: ...ache file defined in the CacheDir tag The type attribute provides additional specification for the cache prefix The type attribute can be set to path or sname The default is path Examples CachePrefix...

Страница 194: ...fix creates a relative path in the proxy s CacheDir All parameters are separated by or CachePrefix type path c fms flvs foo flv data IP CacheDir resolves to data xxx xxx xxx xxx c fms flvs foo flv Cac...

Страница 195: ...e maximum bandwidth the client can use for sending data upstream to the server The default bandwidth is 250000 bytes per second See also ServerToClient Bandwidth in this container ServerToClient Bandw...

Страница 196: ...tags named DuplicateDir in the Application xml file Located in SharedObjManager container This tag specifies the physical location where duplicate copies of shared objects are stored Description This...

Страница 197: ...ppName attribute to true See also StorageDir StreamManager Duration This tag instructs Flash Media Server how long to wait before it notifies the client when the audio has stopped in the middle of a l...

Страница 198: ...he Access Module is set to false which allows access permissions to be set at the single file level When the value of this tag is set to true you cannot configure individual files for read or write ac...

Страница 199: ...se disallowing the use of the HTTP 1 0 protocol HTTPTunnel Container tag Description The tags nested within this container configure the parameters for HTTP tunneling sending RTMP packets through HTTP...

Страница 200: ...d back to the client or if some other client is being blocked by the current idle request This interval implies that the client may not be able to reach the server for the selected duration The interv...

Страница 201: ...is being published to a live stream Description Silence messages are used to support older versions of Flash Player Flash Media Server will only send the silence message to clients which are specified...

Страница 202: ...he KeyFrameInterval tag is set to 5000 which is an increase of 13 KB or 17 The same video has a size of 109 KB with the KeyFrameInterval tag set to 1000 which is an increase of 33 KB or 43 See also En...

Страница 203: ...to wait for an indefinite time LoCPU This tag instructs Flash Media Server to stop combining samples when the CPU utilization is lower than the specified percentage of the CPU resource Description De...

Страница 204: ...er does not launch a core process until some minimum recovery time has elapsed Having a time lag for recovery avoids a Denial of Service action which can happen when a faulty core consumes all CPU res...

Страница 205: ...valuated as a runaway script and its execution is terminated Setting a maximum time to execute a script prevents infinite looping in scripts The default value is 0 and no checks are performed to detec...

Страница 206: ...ed tag Duration Password This tag specifies the password for connecting to the proxy See also Username Port This tag specifies the proxy port to connect to if it is not specified as part of the host i...

Страница 207: ...time lag for recovery can avoid a Denial of Service action which happens when a faulty core consumes all CPU time by repeatedly launching itself The recovery time for a core process is specified in se...

Страница 208: ...lt is to reuse connections Set this to false to use a new connection after every transfer RollOver This tag specifies how long a core process can be in use before Flash Media Server creates a new core...

Страница 209: ...ver runs this application Description Set this tag to app to run an application and all its instances as a single process or to inst to run each instance in a separate process The default setting is a...

Страница 210: ...ta downstream to the client Description The default bandwidth is 250000 bytes per second See also ClientToServer Bandwidth ServerToClient BandwidthCap in the BandwidthCap container ServerToClient Band...

Страница 211: ...ation is not set Set this tag only if the files for shared objects must be stored in a location other than the application directory By default this tag is not set as it remaps the location where file...

Страница 212: ...al DuplicateDir StreamsManager EnhancedSeek KeyFrameInterval StorageDir StreamManager tags Subscribers This tag instructs Flash Media Server to combine sound samples only if there are more than the de...

Страница 213: ...ll configure the player and platform for silence messages Contained tag Bits See also Interval Username This tag specifies the username for connecting to the proxy See also Password Verbose This tag d...

Страница 214: ...214 Configuration Files Syntax VirtualDirectory virtual dir actual dir VirtualDirectory WriteBuffSize This tag specifies in kilobytes the size of the write buffer Description The default size is 16KB...

Страница 215: ...Flash Media Server Support Center at www macromedia com go flashmediaserver_support_en Managing server security Flash Media Server uses a high speed TCP IP protocol called Real Time Messaging Protocol...

Страница 216: ...from domains that are not permitted with these tags If you are running the server on a Linux system remember to allow connections from the domains where administrators will use the console to manage a...

Страница 217: ...ou specify the locations for storing streams and shared objects You can store them in locations outside the applications directory in the Macromedia Flash Media Server directory if you wish The Bandwi...

Страница 218: ...ess 3 Vhost xml file Allow and Deny tags These tags indicate whether a user is allowed to connect to the specified virtual host from the current IP address The server authenticates administrators by c...

Страница 219: ...ion tasks JavaScript security This release of Flash Media Server adds support for custom third party pods Pods are essentially a combination of user interface elements that along with client and serve...

Страница 220: ...ion is started it first looks for and loads the file secure asc During this period of time it makes the APIs protectObject and getGlobals available These may be used to manipulate global functions cla...

Страница 221: ...protectObject userObj takes an object and returns the wrapper object Any user defined object that has been protected with this proObj function becomes a wrapper object whose methods may be considered...

Страница 222: ...oring them as a protected object which will make it available only through a wrapper This technique for creating protected objects allows application developers to hide built in global functions or im...

Страница 223: ...ivileged funcs Remove any access to system object this sysobj null delete this sysobj Pass on the result to the user callback this userResponder onResult res this _nc call func sysResponder arg1 arg2...

Страница 224: ...le to control settings of the client connection or to access relevant server statistics such as the number of connections The Access DLL module is initialized upon Flash Media Server startup Flash Med...

Страница 225: ...s for the server s resources When the connection request from a client is first attempted the Access module intercepts the request before sending it to the server The Access DLL module calls upon its...

Страница 226: ...er to the Access module getDescription Returns a description of the Access module getStats Returns a selected server statistic such as number connected API name Description getType Returns the type of...

Страница 227: ...pt s client writeAccess The second parameter is a Boolean value with its default as true This Boolean value if true will lock user scripts from changing this value If false user scripts will be allowe...

Страница 228: ...lue c user agent fprintf stderr SampleAdaptor Connect client ip s n safestr pAccess getValue c ip char strValue char malloc STRING_VALUE_BUFFER_LEN memset void strValue 0 STRING_VALUE_BUFFER_LEN m_pCt...

Страница 229: ...eavesdropping by unauthorized third parties Because secure connections require extra processing power and might affect the server s performance use RTMPS only for applications that require a higher l...

Страница 230: ...t be overridden in Adaptor xml Using other secure development practices You might not want to use SSL in all your applications because of the additional processing time required to encrypt data over a...

Страница 231: ...dition to the precautions taken during the application development process you should deploy your media applications in a firewall protected environment Firewalls provide port based protection for you...

Страница 232: ...also configure a firewall to control the ports users inside and outside your network can connect to Log file precautions A log file is a file that contains information about events that have occurred...

Страница 233: ...157 Redirect 158 ResourceLimits 158 SetCookie 158 SSL 159 SSLCACertificateFile 159 SSLCACertificateKeyFile 160 SSLCipherSuite 160 SSLPassPhrase 160 SSLServerCtx 161 SSLSessionTimeout 161 UpdateInterv...

Страница 234: ...Password 206 Port 206 Process 206 Proxy 207 RecoveryTime 207 Redirect 207 ResyncDepth 208 Reuse 208 RollOver 208 RuntimeSize 208 Scope 209 ScriptLibPath 209 SendSilence 210 ServerToClient Bandwidth 21...

Страница 235: ...arting the server 15 log files 22 23 34 51 232 Logger xml file 134 146 description of tags 137 146 file structure 135 summary of tags 136 Logger xml tags Access 137 Application 137 Delimiter 137 Diagn...

Страница 236: ...ipt 219 log files 232 passwords 224 permission levels 222 ports 63 privacy 231 protecting configuration files 217 protecting objects 221 restricting connections 216 230 script loading 220 server side...

Страница 237: ...uckets 119 SocketTableSize 119 SSL 119 SSLCACertificateFile 120 SSLCACertificatePath 120 SSLCipherSuite 121 124 SSLClientCtx 124 SSLRandomSeed 125 SSLSessionCacheGC 125 SSLVerifyCertificate 125 SSLVer...

Страница 238: ...ous 168 AppInstanceGC 169 AppsDIr 169 CacheDir 170 DNSSuffix 170 FreeMemRatio 171 FreeRatio 171 GlobalRatio 171 LargeMemPool 172 LocalAddress 172 MaxAge 172 MaxAppInstances 172 MaxCacheSize 173 MaxCac...

Отзывы:

Нет отзывов

Похожие инструкции для FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA...

Бренд: Canon Страницы: 90

Бренд: Canon Страницы: 2

System Storage DS3000

Бренд: IBM Страницы: 38

Бренд: Sun Microsystems Страницы: 38

Бренд: Epson Страницы: 6

Stylus Color 600Q

Бренд: Epson Страницы: 1

Stylus Pro - Stylus Color Pro Ink Jet Printer

Бренд: Epson Страницы: 14

Software Film Factory

Бренд: Epson Страницы: 73

Stylus Pro - Stylus Color Pro Ink Jet Printer

Бренд: Epson Страницы: 98

Stylus Color 600Q

Бренд: Epson Страницы: 95

Бренд: Epson Страницы: 209

PowerLite D6150

Бренд: Epson Страницы: 196

Бренд: Siemens Страницы: 11

Бренд: Siemens Страницы: 28

Бренд: Siemens Страницы: 32

OpenScape Xpressions PhoneMail

Бренд: Siemens Страницы: 110

ALTIRIS SECURITY EXPRESSIONS

Бренд: Symantec Страницы: 4

ALTIRIS IT MANAGEMENT SUITE 7.0 MR1 - S V1.0

Бренд: Symantec Страницы: 13

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды