public_namespace:neurolog_middleware_prototype
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
public_namespace:neurolog_middleware_prototype [2008/03/12 16:19] – created montagnat | public_namespace:neurolog_middleware_prototype [2009/01/09 14:35] (current) – gaignard | ||
---|---|---|---|
Line 2: | Line 2: | ||
This page describes the current status of the NeuroLOG middleware prototype. It gives installation and configuration instructions. | This page describes the current status of the NeuroLOG middleware prototype. It gives installation and configuration instructions. | ||
+ | |||
+ | |||
Line 7: | Line 9: | ||
The software is distributed in the following archive: | The software is distributed in the following archive: | ||
- | * [[http:// | + | * [[http:// |
+ | This version was tested under linux only. | ||
The archive unpacks in two sub directories: | The archive unpacks in two sub directories: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | |||
+ | |||
+ | The archive is meant to be unpacked in the HOME directory of a regular user under whom ID the NeuroLOG services will execute. It is recommended, | ||
+ | |||
+ | |||
+ | The software is currently composed of 3 main services: | ||
+ | * The **NeuroLOG Registry service** is meant to be deployed on a single site (root site). It ensures coordination between participating sites. | ||
+ | * The **NeuroLOG Site Server** is meant to be deployed on each participating site. | ||
+ | * The **NeuroLOG Client** is meant to be deployed on each user client machine. | ||
+ | The '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | Note that if the '' | ||
+ | |||
+ | |||
===== Installation ===== | ===== Installation ===== | ||
+ | You need to install 1, 2 or the 3 components depending on who you are. The components self-configure on the first execution. | ||
+ | |||
+ | === Prerequisites === | ||
+ | |||
+ | The software requires: | ||
+ | * The [[http:// | ||
+ | The NeuroLOG Registry and Site Server also depend on: | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * java keytool (this should be part of the JRE) | ||
+ | |||
+ | Check that your MySQL server is started before installing the Registry or a Site Server. | ||
+ | |||
+ | === If you are installing a complete platform === | ||
+ | |||
+ | You first need to deploy a single **NeuroLOG Registry** service. Run the '' | ||
+ | |||
+ | The registry exposes 3 ports to which the other services will connect. The port numbers are configurable during the installation. Your firewall need to authorize incoming connections to these ports to ensure proper functioning of the platform. The default ports configuration is: | ||
+ | - port **63876**: Java RMI registry service | ||
+ | - port **63877**: Registry secured interface, used for all communication but initialization | ||
+ | - port **63878**: Registry unsecured interfaced, only used for new site requests initialization | ||
+ | |||
+ | The NeuroLOG registry includes two separate programs: a daemon server and a graphical interface for the administrator. Upon successful installation, | ||
+ | |||
+ | |||
+ | === If you are a system administrator === | ||
+ | |||
+ | You need to deploy a single **NeuroLOG Site Server** per participating site. Run the '' | ||
+ | * host fully qualified name: '' | ||
+ | * RMI port: 63876 | ||
+ | * Secured interface port: 63877 | ||
+ | * Unsecured interface port: 63878 | ||
+ | |||
+ | The installation procedure is a two steps process. On the first run, a CA certificate request is generated and sent to the Registry CA administrator. The process then normally exits, waiting for the Registry CA administrator to sign the request. You will be notified by phone or email when your request is ready to be retrieved. You can then restart the program to proceed with the second step. During the second step, the signed CA certificate is retrieved. The root CA certificate is then imported. The site administrator is requested to validate the root CA certificate fingerprint as follows: | ||
+ | |||
+ | {{public_namespace: | ||
+ | |||
+ | **Carefully check the fingerprint value of the certificate you are importing as the complete trust chain depends on it**. If you are connecting to the official NeuroLOG project Registry service, the finger print should exactly match: | ||
+ | |||
+ | 6B: | ||
+ | |||
+ | If you are connecting to a different service, the fingerprint will be different. Check its value with your Registry administrator. | ||
+ | |||
+ | Once done, a Registry server certificate will be created. You will be asked to sign the server certificate using a given openssl command to be executed in a shell. | ||
+ | |||
+ | The server exposes 3 ports to which the Registry and clients will connect. The port numbers are configurable during the installation. Your firewall need to authorize incoming connections to these ports to ensure proper functioning of the platform. The default ports configuration is: | ||
+ | - port **63876**: Java RMI registry service | ||
+ | - port **63878**: Server secured interface, used for all communication but clients initialization | ||
+ | - port **63880**: Server unsecured interfaced, only used for new client requests initialization | ||
+ | |||
+ | The NeuroLOG Site Server includes two separate programs: a daemon server and a graphical interface for the administrator. Upon successful installation, | ||
+ | |||
+ | === If you are a user === | ||
+ | |||
+ | The **NeuroLOG Client** can be installed on personal user machines. Run the '' | ||
+ | * RMI port: 63876 | ||
+ | * Secured interface port: 63879 | ||
+ | * Unsecured interface port: 63880 | ||
+ | |||
+ | The installation procedure is a two steps process. On the first run, a user certificate request is generated and sent to the site CA administrator. The process then normally exits, waiting for the site administrator to sign the request. You will be notified by phone or email when your request is ready to be retrieved. You can then restart the program to proceed with the second step. During the second step, the signed user certificate is retrieved. The site CA certificate is then imported. You are requested to validate the site CA certificate fingerprint. **Carefully check the fingerprint value of the certificate you are importing as the complete trust chain depends on it**. Contact your site administrator to verify its value. | ||
+ | |||
+ | On completion, the client graphical interface will start. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Normal runs ===== | ||
+ | |||
+ | On the first run, the NeuroLOG Registry service and the NeuroLOG Site Server will fork a daemon process executing in background even if the administator interface is terminated. On subsequent runs, the program auto-detects if a daemon is running. If a daemon is found, only the administrator interface is started and it is reconnected to the daemon. If no daemon can be found, a new daemon is forked. The administrator interface can be used to terminate a running daemon through the '' | ||
===== Configuration ===== | ===== Configuration ===== | ||
+ | The services are normally self-configured during the installation process. If you need to change some configuration parameters later, the text configuration files can be edited. Configuration changes require an application restart to be taken into account. | ||
+ | |||
+ | The default configuration files are located in '' | ||
+ | - '' | ||
+ | - '' | ||
+ | - '' | ||
+ | |||
+ | Note that the default configuration file location can be overriden by the '' | ||
===== Sources ====== | ===== Sources ====== | ||
+ | |||
+ | The source files are available through the [[http:// | ||
+ | |||
+ | |||
+ | |||
+ | ===== Troubleshooting ===== | ||
+ | |||
+ | The services logs are written to a file. The exact file name is configured during the services installation phase. By default it is located in the '' | ||
+ | |||
===== TODO ===== | ===== TODO ===== | ||
+ | The prototype only provides basic distribution facilities and data importation capability currently. Most components still need to be integrated. The data importation prototype available is not secured in the sense that images are not anonymized and files are not encrypted. |
public_namespace/neurolog_middleware_prototype.1205338756.txt.gz · Last modified: 2008/03/12 16:19 by montagnat