Meshcentral High Level Architecture
Download 0.87 Mb. View original pdf
|
| 5. AJAX Server The AJAX server was built to provide web applications on Meshcentral live two way communication. An interactive web page is loaded from IIS and the Javascript then connects back to the AJAX server with longstanding requests that wait until data is available. When a web application first contacts the AJAX server, the server will keep state about this browser along with a data queue. When the data queue fills up with information for the browser, it is kept until Javascript makes the next request for data. If no data is in the queue, the browser High Level Architecture MeshCentral.com 8 session is kept waiting until data is put into the queue. This system allows Meshcentral to offer usages such a remote desktop, remote command prompt, list chat and remote file management. The AJAX port 8084 is TLS secured using the same certificate used by IIS. In fact, IIS is the underlining HTTP session handler for the AJAX server. To setup the AJAX server, we must run the following commands on the server // Setup the certificate netsh http add sslcert ipport=0.0.0.0:8084 certhash=xxxxxxxxxxxxxxxxxx appid={8bf83834-1594-4051-b4a7-5693561b257a} clientcertnegotiation=enable // Setup both AJAX server mappings netsh http add urlacl url="https://+:8084/" user="Local Service" netsh http add urlacl url="https://+:443/ajax/" user="Local Service" // View the resulting settings netsh http show sslcert netsh http show urlacl These commands setup the HTTPS certificate and HTTP handlers. Note that the AJAX server can be accessed on its own port 8084, or on port 443 with the suffix “/ajax”. Because some network environments restrict communication to ports other than 443, most of the AJAX web applications will use the 443 port as much as possible. When relaying a full web page, we need control of the root path and so, port 8084 must be used. Both IIS and AJAX server should make use of a proper web certificate that is signed by an authorized certificate authority. In order to access services provided by the AJAX server, the web application must has previously obtained an authentication token. Two authentication systems exist This token is created and stored in the database once ASP.NET has authenticated the user. ASP.net embeds the token in the web application’s page. This token is passed to the AJAX server by the web browser. An AES encrypted routing cookie is first obtained by the web application, the browser then makes requests to the AJAX server using this cookie. The second authentication system was added later and has the added benefit that the cookie can be created (encrypted using AES) by a completely different server. As long as the other server has the AES encrypted key & their clocks are in sync, it can generate routing cookies as needed. Both authentication systems have an embedded timeout, generally 30 minutes. The AJAX server also hosts a WebSocket port (8085) which is anew HTML technology for live two-way data transfer over an HTTP channel. Port 8085 is also secured using TLS using the same trusted certificate that secures port 443 and 8084. More information on WebSocket can be found on Wikipedia at http://en.wikipedia.org/wiki/WebSocket . Our WebSocket implementation on port 8085 supports both “draft-ietf-hybi-thewebsocketprotocol-00” and “draft-ietf-hybi- thewebsocketprotocol- 06”. |