MultiXTpm Application Server
Secured Socket Layer (SSL) Support
MultiXTpm Application Server provides
SSL support using
This support is transparent to the developer, which means that no API is changed
or added to support SSL. Existing modules, even binary ones, need not even be recompiled.
SSL support is done thru configuration only.
SSL support is integrated into
the lower level of the MultiX API and specifically it is implemented in the CMultiXLink
and CMultiXL2Link class. The implementation of SSL at this level (far from the TCP/IP
socket) enables using
SSL on top of other kinds of connections if required. Currently,
the MultiX API supports only TCP/IP sockets, but if support for other transports
is developed (UDP, X25 for example), SSL integration is done automatically and transparently.
Building and using MultiX DLL with SSL Support
For MultiXTpm Application Server to support SSL, only the MultiX API DLL(MultiX project) should be compiled with SSL support.
For a successful build of the SSL support following steps must be taken:
MultiX DLL links dynamically to OpenSSL DLLs. This means that when starting an application that uses MultiX DLL that contains SSL support, that MultiX DLL will try to find the OpenSSL DLLs, if it finds them, SSL support is provided, if not, MultiX DLL write an event log record and continues to work, but with no SSL support. This means that when compiling the MultiX project, it is always better to compile it with OPENSSL_SUPPORT and not worry about the runtime environment, if there is OpenSSL support, MultiX DLL will use it, if not, MultiX DLL will just ignore the non existence of OpenSSL DLLs.
To make use of SSL support at runtime, the runtime machine must have OpenSSL runtime installed and the OpenSSL dlls must be accessible thru the standard PATH environment variable or thru the LD_LIBRARY_PATH on a linux platform.
Configuring SSL Supoort
Application level support for SSL is done thru configuration of the MultiXTpm Application Server environment. This configuration is done by modifying the TpmConfig.xml file used by MultiXTpm Application Server to start and control the entire environment.
SSL support is provided to CMultiXLink derived class, this means that for each Link defined in the configuration file, we can specify different parameters for SSL support if required at all. The SSL support for a specific Link is done thru additional element in the Link attributes called "SSLParams". The following list describes all the attributes used by the MultiX API to support SSL:
For a complete description of the OpenSSL related parameters, please refer to OpenSSL documentation.
As mentioned, SSL support is added at the lower level of the MultiX API and specifically in CMultiXLink and CMultiXL2Link Classes. This architecture implies that in a typical MultiXTpm Application Server environment, SSL handling is done in the "Front End Processes". This means that SSL handling is done in different processes then those who handle the business logic.
From a performance perspective, when implementing a system on a single machine, there is no advantage in implementing the SSL processing in a different process then the business logic one. But, when it comes to implementing an SSL based system on more then one machine, MultiXTpm Application Server has a big advantage. The fact that one can locate all "Front End Processes" on a machine(s) of their own, and all “Business Logic Processes” on different machines, frees the "Business Logic processes" machine(s) to use all resources just for the business logic. Since SSL processing is resources intensive, using MultiXTpm Application Server in SSL based systems, makes these systems more scalable and more manageable. That is because we always know where the resources go to. In systems where SSL processing is linked into the application itself, it is not easy to figure out which part is taking most of the resources, and complicated profiling is required to figure this out. In MultiXTpm Application Server environment, it is always evident which processes and which machines has the load so one can always know which machine needs an upgrade or what kind of machine should be added when the system becomes overloaded.
Download informationMultiXTpm Application Server is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
MultiXTpm Application Server is distributed in source code format and it supports: Windows OS, Linux, Solaris and HP Nonstop Server OSS.
The source code is packed in ZIP file and can be downloaded from SourceForge.net.
To Access the Download Page at SourceForge.net you may click Here
Navigate to http://sourceforge.net/projects/multixtpm
Contact informationFor more information, Bug Reports, Feature Requests, and Support Requests, please use:
SourceForge.net Project Forums
MultiXTpm group at Yahoo Groups.
you may send an email to: Moshe Shitrit