KnowledgeBase 00078: Public and Private Servers

Last updated: 17 Feb 2017 Applies to: All versions

Search   Top level index       Full Index Search Tips Previous article     Next article

This article was originally published as a Tip of the Week.

Remote Servers

QM allows access to files on other QM servers by using an extended form of a Q-pointer

   1: Q 
   2: Account name or pathname 
   3: VOC record name in target account 
   4: Server name 

or, if enabled with the FILERULE configuration parameter, by an extended file name syntax

   server:account:filename

When using these file references, the file is opened via QMNet which starts a server process on the remote system. There is a separate server process for each QM user opening a remote file but a single process may handle access to multiple files from the one QM session.

The server process runs with the authentication credentials (user name and password) set when the server is defined on the local system. All aspects of security such as file permissions and access to encryption keys is controlled by the server user name. In its simplest usage, all users of the local QM system run the server process using a single user name. For enhanced security, different user names can be used on the remote system for each local user (or group of users).

The SET.SERVER Command

A QMNet server can be defined by a user with administrator rights using the SET.SERVER command

   SET.SERVER name addr username password

where

• name is the name to be used to reference the remote server.
• addr is the network name or ip address of the server.
• username is the remote server user name.
• password is the corresponding password.

See the QM Reference Manual for how to set a non-default port number and for other command options.

The SET.SERVER command is executed on the local (client) system and creates a reference to a remote QM server that has files that an application may wish to access. All of the authentication details in the command relate to the process that will be created on the remote system when a local QM session attempts to open a file on that server.

A QMNet server defined in this way remains defined until is is explicitly deleted (DELETE.SERVER) and is available to all users on the local system. Because security is determined by the remote user name which is the same for all local users, there are potential security risks with this method in some situations.

The SET.PRIVATE.SERVER Command

The SET.PRIVATE.SERVER command, available to all users, defines a server that is accessible only to the process in which the command is executed.

   SET.PRIVATE.SERVER name addr username password

This command can be used from the command prompt or from within an application to set connection parameters that are specific to the local user and hence offers increased security control.

QMNet Server Administration

For complete control, the ADMIN.SERVER command can be used to create a set of server definitions that can be applied to individual users or groups of users. Different local users connecting to the same remote server can use different user names. This offers the highest level of QMNet security.

Remote Server Security

All of the security mechanisms discussed above are on the local client side of the connection. Additional security can be imposed on the remote server.

An incoming QMNet connection is only allowed if this facility has been enabled via the NETFILES configuration parameter.

Related Articles

00062: Extended Filename Syntaxes

Please tell us if this article was helpful

Very     Slightly     Not at all

Comments

Email (optional)