HTTP Server listening on multiple IP/Port

[zsleo]

I have implemented an RTC-based secure messaging application that is operating as a non-repudiated messaging protocol.

This has been working in for some years now and more and more of my government clients are requiring VPN connections where they are dictating the end-to-end IP address and port to be used.

The only way I have been able to cater for this is to run a new EXE instance for each VPN-connect with IP address & port for each.

What I am looking for is a routing or other method to have one RTC HTTP server app listen on multiple IP address/port combinations.

TIA

ZSL

[D.Tkalcec (RTC)]

Hi Zane,

"TRtcDualDataServerLink" component is there for this purpose.

For more info, please read THIS post.

Best Regards,
Danijel Tkalcec

[zsleo]

Danijel

Thanks I am aware of the "dual" components. The issue I have with this method is that I don't know how many individual connections will be needed.

It will require me to build a new app with extended "tree" when another connection is required.

What effect does this method have on throughput when the tree gets deep?

Zane

[D.Tkalcec (RTC)]

The purpose of the "TRtcDualDataServerLink" is to make it possible to link a single "tree" of components implementing request processing (TRtcDataServerLink, TRtcDataRequest, TRtcServerModule, TRtcFunctionGrounp, TRtcFunction) to more than one Server port, so you can use multiple ports with the same functionality or make the same content accessible through HTTP and HTTPS (HTTP over SSL).

If your customers require secure communication, you should use SSL encryption. If you are unfamiliar with SSL encryption, please contact StreamSec or Eldos for more information (depending on which components you prefer).

Using "TRtcDualDataServerLink" will have minimal impact on performance, but you should NOT modify a "tree" or link a new TRtcHttpServer component when you have a listening TRtcHttpServer connected to the "tree". That way, a single Server can listen on several Ports to make the same functionality accessible to a number of Clients.

Building a new app for every connections is pointless. There is absolutely NO gain in using a different Port for each Client. None. Whether all Clients connect to the Server through a single Port or each Client uses a different Port is completely irrelevant to the Server and the Client and does NOT add to Security in any way.

If your customers want to use VPN instead of SSL for securing the communication, and they want to use a different incoming Port number for each Client, all you have to do is place your Server on a Port blocked by the Firewall so that no Client can connect to it directly, then your customers need to configure their VPN forwarding. If some technician at a government organisation came up with the idea to use a separate incoming Port for every Client, I am sure he will know how to set up their VPN software to forward Clients connecting to different incoming Ports on their VPN Server to route all communication to your Server sitting behind a firewall. But setting up VNP tunneling is NOT a job of your Server.

Best Regards,
Danijel Tkalcec

[zsleo]

The issue is not every RTC client on a different port. It is that each new government customer want their own isolated VPN connection where they each specify the terminating IP segment / sub-segment addressing in my network.

For example:

Customer 1 wants all their RTC clients to connect to 10.75.82.45 in my network;
Customer 2 wants all their RTC clients to connect to 10.0.3.24 in my network;
Customer 3 wants all their RTC clients to connect to 172.24.16.10 in my network;
Customer 4 wants all their RTC clients to connect to 192.186.2.3 in my network;
etc.,
etc.

Each customer site (hospitals, pathology labs, etc)  operate their own independent networks.

I do use the Eldos suite but as you can see, neither this layer nor HTTP/HTTPS are the issues.

Regards

Zane

[D.Tkalcec (RTC)]

Ok, I thought a single customer wanted to use different Ports for their clients. But from what you say now it is your Server which your customers are using and you are hosting their applications. If that is the case, if you are hosting different Servers for different customers inside your own network and your customers want a separate VPN connection for their Clients, I don't see any other way to achieve this but to physically separate Servers or use separate instances of Server process for each customer.

Best Regards,
Danijel Tkalcec

[Peter M.]

Zane,

Out of curiosity, do all of your clients share a common database?

For example, if one client is a hospital, another client is a lab, and another is a doctor; if the doctor submitted a patient's blood test to the lab, then would all three clients have access to the results of the blood-test?

TIA,
-Peter

[zsleo]

Danijel and Peter

I hope this will answer both replies.

There is a centralised DB environment in my network with multiple, geographically redundant, synchronised DB’s - but seen by the end-user as a single DB.

I have a single Central Server (RTC based) executable that is deployed on one or multiple physical servers at data centres.

At every customer my Site Server is deployed - only one per site. The Site Server is a (RTC) client to my Central Server as well as a (RTC) server to the many Site Clients deployed on user workstations.

Every Site Server is aware of the status / loading of all Central Servers.

Peter, the system can operate as you describe but there are, in most OECD countries, huge commercial risk with that model. Our environment must comply with PKI (Public Key Infrastructure) legislation that fundamentally requires secured, signed Sender-to-only-Receiver(s) message interchange – another subject altogether.

So in short I described a secure store and forward messaging system. At least for health care, in PKI environments (as in Australia) email is usually banned.

At a functional level the product suite does VERY much more than this.

Danijel, it is one "store and forward server system" that all user sites communicate with. The government and other large end users in Australia have finally come to realise the huge commercial risk of operating in a PKI environment and are now looking for "sole path for transmission" and auditing that VPN provides - again a subject for another time.

Peter, if you want more info then contact me off-line.

Regards,

Zane

[D.Tkalcec (RTC)]

Hi Zane,

even if all your Clients are using a single Database, you can still have multiple instances of your Server application spread inside your LAN, if you do NOT like the idea for using "TRtcDualDataServerLink" components to have the Server listening on multiple Ports.

What you can NOT DO, is use "TRtcDualDataServerLink" components (or something else) to dynamically add and remote Server listeners on a running Server. All changes in configuration (for example, connecting a new TRtcHttpServer to a TRtcDualDataServerLink component) have to be done BEFORE your Server goes Live.

Best Regards,
Danijel Tkalcec

[zsleo]

Danijel

Maybe we are getting off track but I do understand what you say and this is the design right now.

As for controlling the service(s), I have a Win32/RTC control centre app that can interrogate and control the service(s) while the are alive.

Maybe we should leave it at that.

I will be prototyping the use of TRTCDualDataServerLinks in the coming months.

Zane

[D.Tkalcec (RTC)]

Ok. Let me know how it goes or if you need more info.

Best Regards,
Danijel Tkalcec