When users of Smart Connection for InDesign log in to Enterprise Server from a remote location, it is important that the transfer times for processing tasks such as check-out, check-in, article preview generation and so on, is kept as low as possible.
For this purpose, Enterprise ProxyForSC can be used: a toolbox for setting up a tunnel between a remote office and an Enterprise Server.
Depending on the configuration the payload can be send over by using 3rd-party software such as Aspera or BBCP and/or the SOAP communication can be compressed. Depending on the distance between the server and the remote office, the file size to transfer, network connection and protocol, the check-in/check-out process is up to 2–5 times faster.
How it works
On the Smart Connection side, communication with Enterprise Server is done through a Proxy Server, typically within the same LAN.
A typical workflow is as follows:
- A remote InDesign user requests to open a layout file.
- Smart Connection for InDesign sends a SOAP request to the Proxy Server.
- The Proxy Server compresses (deflates) the SOAP request and saves it in the Proxy Cache folder.
- The Proxy Server copies over the file to the Proxy Transfer folder of the Proxy Stub with the help of Aspera or BBCP.
- The Proxy Server sends over the original request headers to the Proxy Stub (a small data package over HTTP) along with a file descriptor.
- The Proxy Stub decompresses (inflates) the local file (as found in the Proxy Transfer folder) and recomposes the original SOAP request, combines it with the original request headers and sends it to Enterprise Server.
- Enterprise Server processes the SOAP request and returns a DIME message that contains the response and the layout file.
- The Proxy Stub compresses the DIME response and saves it in a local file.
- The Proxy Stub returns the original HTTP header of the DIME request and provides a descriptor of the local file (this is the response on step #5).
- The Proxy Server copies over the local file to the Proxy Cache folder with the help of Aspera or BBCP.
- The Proxy Server decompresses the local file and recomposes the DIME response, combines it with the original request headers and returns it to Enterprise Server (this is the response on step #2).
Figure: A schematic overview of the setup for running ProxyForSC.
Download
The ProxyForSC tool can be downloaded from the Enterprise Server Software page.
Requirements
This feature requires the following:
- The ProxyForSC package that is shipped with the Enterprise Server version that is used. Using a ProxyForSC package that is shipped with a different Enterprise Server version is not supported.
- The versions of Linux, Apache, and PHP that are compatible with the Enterprise Server version that is used. See the Compatibility Matrix for details.
Installation and configuration
The Enterprise ProxyForSC tool should be installed on the remote location on a server machine and at the head office location on another server machine (or on an Enterprise Server machine). They automatically take their role, but need slightly different configuration steps.
Take note of the following:
- The Proxy Server and Proxy Stub may work on Windows and MacOS; however, Linux is tested and recommended.
- The installation and configuration instructions in this article are written for demo purposes; the instructions apply to MacOS only.
- In the examples, the following system setup is used:
- System A: a remote Client
- System B: a remote Proxy
- System C: a local head office
The following examples show how to set up the ProxyForSC tool in Aspera and BBCP.
Step 1. On the Remote Client machine (A), Install InDesign and Smart Connection in the usual manner.
Step 2. On the local head office machine (C), install Enterprise Server in the usual manner.
Step 3. On the Remote Proxy machine (B) and the local head office machine (C), extract the Enterprise ProxyForSC archive in the web root folder.
Step 4. To have the Remote Proxy Server machine (B) take on the role of Proxy Server, remove the following sub folders:
- ProxyForSC/proxystub
- ProxyForSC/speedtest
Step 5. To have the local head office machine (C) take on the role of Proxy Stub, remove the following sub folders:
- ProxyForSC/proxyserver
- ProxyForSC/speedtest
Note: In the following steps, the following IP addresses are used as an example:
|
Step 6. On the Remote Client machine (A), open the WWSettings.xml file and configure the URL of the Proxy Server between the <SCEnt:Servers>
and </SCEnt:Servers>
tags:
MacOS
- /Library/Application Support/WoodWing
Windows
- c:\ProgramData\WoodWing
Note: This folder is hidden by default. To display this folder, change the folder options. (See the Windows Help file.)
Important: Make sure to validate the WWSettings.xml file for correct content. See Validating the WWSettings.xml file.
<SCEnt:Servers>
<SCEnt:ServerInfo name="Enterprise ProxyForSC" url="http://192.0.0.2/ProxyForSC/proxyserver/index.php"/>
</SCEnt:Servers>
Step 7. On the Remote Proxy machine (B), create a file transfer folder in the root and give the "internet" user read/write/delete access:
mkdir /ProxyServer
chmod 0777 /ProxyServer
Step 8. On the Remote Proxy machine (B), open the ProxyForSC/proxyserver/config.php file and do the following:
Step 8a. Copy over the values from the Enterprise/config/configserver.php file for the following options:
define ('OUTPUTDIRECTORY', ...);
define ('DEBUGLEVELS', ...);
define ('LOGFILE_FORMAT', ...);
define ('PROFILELEVEL', ...);
Step 8b. Make sure that the URLs and folders match your environment:
define ('PROXYSTUB_URL', 'http://192.0.0.3/ProxyForSC/'); // => available for proxyserver only
define ('ENTERPRISE_URL', 'http://192.0.0.3/Enterprise/');
define ('PROXYSERVER_TRANSFER_PATH', '/ProxyServer/'); // => available for proxyserver only
define ('PROXYSTUB_TRANSFER_PATH', '/ProxyStub/');
Step 8c. Set the following options to these values:
define( 'ENTERPRISEPROXY_TIMEOUT', 3600 );
define( 'ENTERPRISEPROXY_COMPRESSION', false );
define( 'ENTERPRISEPROXY_USEPROXYSTUB', 'always' );
Step 9. On the local head office machine (C), open the ProxyForSC/proxystub/config.php file and repeat the previous step (including all substeps).
Step 10. On the Remote Proxy machine (B), open the ProxyForSC/proxyserver/config.php file and set the following option to this value:
define( 'ENTERPRISEPROXY_TRANSFER_PROTOCOL', 'ascp' );
Step 11. On the local head office machine (C), open the ProxyForSC/proxystub/config.php file and repeat the previous step (including all substeps).
Step 12. On the Remote Proxy machine (B), install the Aspera Client.
Step 13. On the local head office machine (C) install the Aspera Server.
Step 14. On the Remote Proxy machine (B), open the ProxyForSC/proxyserver/config.php file and adjust the following Aspera options:
define( 'ASPERA_USER', '...' );
define( 'ASPERA_CERTIFICATE', '...' );
define( 'ASPERA_SERVER', '127.0.0.3' );
define( 'ASPERA_OPTIONS', '-P 33001 -T -q --policy=high -l 100m -m 0 --ignore-host-key ' );
Step 13. Open port 33001 in your firewall.
Step 14. Run the Health Check by accessing the following URL in a Web browser. It should show a page with the results for the Proxy Server and Proxy Stub. There should be no errors reported:
http://192.0.0.2/ProxyForSC/proxyserver/apps/healthcheck.php
Step 10. On the Remote Proxy machine (B), open the ProxyForSC/proxyserver/config.php file and set the following option to this value:
define( 'ENTERPRISEPROXY_TRANSFER_PROTOCOL', 'bbcp' );
Step 11. On the local head office machine (C), open the ProxyForSC/proxystub/config.php file and repeat the previous step (including all substeps).
Step 12. On the local head office machine (C), do the following:
Step 12a. Access System Preferences > Users and User Groups and add a user named 'stubuser', set up a password for that user and make it a member of the 'www' group.
Step 12b. Access System Preferences > Sharing and enable the "Remote Login" option, set it to "Only these users" and add the "stubuser" user.
Step 13. On the Remote Proxy machine (B), and on the local head office machine (C), install Homebrew.
Step 14. On the Remote Proxy machine (B), and on the local head office machine (C), install bbcp:
brew update
brew install bbcp
bbcp
You should now see usage instructions.
which bbcp
You should now see the installation path: /usr/local/bin/bbcp
Note: When the path differs, adjust the BBCP_COPYTO_CMD and BBCP_COPYFROM_CMD settings in the config.php file accordingly.
Step 15. On the Remote Proxy machine (B), enable ssh over localhost:
Step 15a. Access System Preferences > Users and User Groups and add a user named 'proxyuser', set up a password for that user and make it a member of the 'www' group.
Step 15b. Access System Preferences > Sharing and enable the 'Remote Login' option, set it to 'Only these users' and add the 'proxyuser' user.
Step 16. Give the 'proxyuser' on Remote Proxy machine (B) access to local head office machine (C) by running the following commands:
su proxyuser
ssh-keygen -t rsa -b 4096
Note: Do not fill in the 'passphrase', just press Enter.
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
ssh stubuser@stubhost mkdir -p ~/.ssh
cat ~/.ssh/id_rsa.pub | ssh stubuser@stubhost 'cat >> ~/.ssh/authorized_keys'
ssh stubuser@stubhost
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
exit
ssh stubuser@stubhost
Note: This should not ask for a password anymore.
Step 17. To make sure that when running the bbcp command on Remote Proxy machine (B) the bbcp command on local head office machine (C) can be found, run the following commands:
ssh stubuser@stubhost set | grep PATH
Note: Most likely, the path of bbcp is NOT listed. (If it does already, skip the commands below.)
ssh stubuser@stubhost
vi ~/.bashrc
Add this line:
export PATH=$PATH:/usr/local/bin
Press Shift+Z+Z to save and exit
exit
ssh stubuser@stubhost set | grep PATH
The bbcp path should now be listed.
Step 18. On the Remote Proxy machine (B), open the ProxyForSC/proxyserver/config.php file and do the following:
Step 18a. Fill in the proxy server connection:
define( 'SSH_PROXY_HOST', '192.0.0.2' );
define( 'SSH_PROXY_USERNAME', 'proxyuser' );
define( 'SSH_PROXY_PASSWORD', '<fill in the password of proxyuser>' );
Step 18b. (Optional, only when the installation path differs) Adjust the installation path of bbcp:
define( 'BBCP_COPYTO_CMD', '/usr/local/bin/bbcp -s 8 %sourcefile '.SSH_STUB_USERNAME.'@'.SSH_STUB_HOST.':%targetfile' );
define( 'BBCP_COPYFROM_CMD', '/usr/local/bin/bbcp -s 8 '.SSH_STUB_USERNAME.'@'.SSH_STUB_HOST.':%sourcefile %targetfile' );
Step 19. Run the Health Check by accessing the following URL in a Web browser. It should show a page with the results for the Proxy Server and Proxy Stub. There should be no errors reported:
http://192.0.0.2/ProxyForSC/proxyserver/apps/healthcheck.php
ProxyForSC and performance
It is important to know that the ProxyForSC solution is a tool which relies heavily on 3rd-party software applications such as Aspera and BBCP and that it in itself does not solve network instability problems or extreme package loss.
However, ProxyForSC does reduce the effect of high-latency: the longer the distance between the remote location and the local Enterprise Server, the more this solution could make the difference.
Note: Do not use this tool on a LAN: it will negatively effect the performance of the client-server communication.
Making your installation a success
- Consult a professional network specialist.
- Experiment with the options provided by the 3rd-party software (Aspera and BBCP) to get the best performance for your connection.
- Use the built-in Speed Test (see below) to compare the direct connection to Enterprise Server versus a connection over ProxyForSC.
- Use the built-in Profiler (see below) to identify time consuming areas such as disk access, network traffic, and compression.
- Examine the effect of having compression enabled or disabled.
- Test extensively using InDesign clients on the remote location before taking the proxy into production.
Running a speed test
The ProxyForSC package contains a Speed Test which simulates Smart Connection for InDesign performing the following operations:
# | Operation | Service called |
---|---|---|
1 | Log-in the "woodwing" user. | LogOn |
2 | Create a layout, article and image. | CreateObjects |
3 | Open the layout, article and image. | GetObjects |
4 | Save the layout, article and image. | SaveObjects |
5 | Close the layout, article and image. | UnlockObjects |
6 | Delete the layout, article and image. | DeleteObjects |
7 | Log-out the "woodwing" user. | LogOff |
For all operations the duration is measured and the average is calculated.
Configuring the speed test environment
IMPORTANT: Do not use the Speed Test on a production server.
Step 1. Open the ProxyForSC/speedtest/config.php file and check all the options.
Step 2. Open the following config files:
- ProxyForSC/speedtest/config.php
- ProxyForSC/proxyserver/config.php
- ProxyForSC/proxystub/config.php
- Enterprise/speedtest/configserver.php
Step 3. For all files, set the following options to production mode:
- Specify a folder for the
OUTPUTDIRECTORY
option. - Set the
DEBUGLEVELS
option toWARN
. - Set the
PROFILELEVEL
option to 0 (not available for ProxyForSC/speedtest/config.php)
Running the test
IMPORTANT: Do not use the Speed Test on a production server.
Step 1. Enter the following URL in a Web browser:
http://127.0.0.1/ProxyForSC/speedtest/index.php
The Speed Test page appears.
- To get a better average, choose a higher number in the "Number of runs" list.
- To by-pass the Proxy Server, choose Enterprise Server in the "Connect to" list.
- To work with smaller or larger files:
- Create a folder under ProxyForSC/speedtest/testdata.
- Create 3 files in that folder, named as follows:
- article.wcml
- layout.indd
- image.jpg
- Refresh the Speed Test page and choose the folder in the "Test data" list.
Step 2. Click Start Test.
Wait until a report appears.
Figure: An example of a ProxyForSC report.
The client waiting times are shown in the "Average" column. Note that the actual waiting times in InDesign will be slightly higher since Smart Connection for InDesign also does some data processing which is not simulated (not taken into account).
Profiling time consuming areas
A profiler can be used to identify time consuming areas such as disk access, network traffic, and compression. The Profiler that is built into Enterprise Server is also built into the Proxy Server and Proxy Stub.
Configuration
Step 1. Open the following config files:
- ProxyForSC/proxyserver/config.php
- ProxyForSC/proxystub/config.php
- Enterprise/config/configserver.php
Step 2. For all files, set the following options into profiler mode:
- Specify a folder for the
OUTPUTDIRECTORY
option. - Set the
DEBUGLEVELS
option toINFO
. - Set the
PROFILELEVEL
option to5
.
Running a profile
Step 1. Clear the log folders for the Proxy Server, Proxy Stub and Enterprise Server.
Step 2. Run the Speed Test (see above) or perform some operations with a remotely installed Smart Connection for InDesign.
In the log folders mentioned, the following file appears:
- Proxy Server: proxyserver_profile.htm
- Proxy Stub: proxystub_profile.htm
- Enterprise Server: sce_profile.htm
Step 3. Open each file.
Figure: An example of a Profile test.
Every dark-gray line represents a service call, while the last 2 columns show the duration and percentage.
As you may notice, the sum of the percentages is much more than 100%. This is because some measurement are done over nested functions. The following tree structure shows how to read this information:
/proxyforsc/proxystub/index.php => 100% Proxy Stub entry point => 99.5% Retrieve InDesign request header info => 0.5% Uncompressing InDesign request at disk => 0.5% Call Enterprise Server (req:549 bytes, resp: 47022 bytes) => 93.9% Compressing Enterprise Server response at disk => 1.0% Return InDesign response header info => 0.2% |
When the lines marked in bold show little differences in duration, the overhead of the proxy itself is low. When the other lines show higher durations, the overhead of the proxy is higher.
Making the proxy secure
Consider the following steps to make the proxy more secure:
- Use a HTTPS connection between the Proxy Server and the Proxy Stub.
Notes:
|
- When using SSH users, make sure that those users only have access to the transfer folders, and nowhere else.
- Close HTTP access for all folders except:
- ProxyForSC/proxyserver
- ProxyForSC/proxystub
- Apps are not used during production. Close HTTP access for:
- ProxyForSC/proxyserver/apps
- ProxyForSC/proxystub/apps
Troubleshooting
I can log in to the Proxy Server but I get an error when creating or saving a layout
Check the logging on the Proxy Server and Proxy Stub for any errors. If these folders turn up empty or do not show any errors, check the apache_error_log or the php_error_log on both machines for any problems.
When trying to log in from the client I get a 404 error
Make sure that the server is reachable by pasting the server URL in a Web browser. If it is, a (very broken) login page to Enterprise Server should be shown (you cannot use this to login though). Make sure that Apache uses the default port to connect to the server.
How do I solve a fatal server error (HTTP 500) logged by the proxy?
- Check if Enterprise Server works well when Smart Connection (or the Speed Test) connects directly (not using proxy).
- When you have configured IPv4 addresses in the config.php files of the proxy:
- Check if there is no IPv6 DNS configured in System Preferences > Network > Advanced > DNS.
- Consider using network names instead of IP addresses.
- Check if the Proxy Server and Proxy Stub have the same value (true or false) set for the
ENTERPRISEPROXY_COMPRESSION
option.
- When using BBCP, start a Terminal on the Proxy Server and check the following:
ssh proxyuser@proxyserver
ls -als /ProxyServer
Notes: This folder (.) should give full access (drwxrwxrwx) for everyone. If not, enter: sudo chmod 777 /ProxyServer This folder (.) should be owned by _www:wheel. If not, enter: sudo chown www:wheel /ProxyServer This folder (.) should not contain any file. If it does, enter: rm -rf /ProxyServer/* |
ssh stubuser@proxystub
ls -als /ProxyStub
Notes: This folder (.) should give full access (drwxrwxrwx) for everyone. If not, enter: sudo chmod 777 /ProxyStub This folder (.) should be owned by _www:wheel. If not, enter: sudo chown www:wheel /ProxyStub This folder (.) should not contain any file. If it does, enter: rm -rf /ProxyStub/* |
exit
You return to the Proxy Server.
echo hello > /ProxyServer/test
/usr/local/bin/bbcp -s 8 /ProxyServer/test stubuser@proxystub:/ProxyStub/test
ssh stubuser@proxystub cat /ProxyStub/test
This should echo "hello"
SSH commands fail for an unknown reason
Try using the -v flag to make ssh verbose, for example:
ssh -v stubuser@proxystub
Have a close look at the output and Google for any reported problem.
Reporting a problem to Support
In case you run into a problem that you want to submit to Support, do the following:
Step 1. Clear the log folders for Enterprise Server, the Proxy Server and the Proxy Stub.
Step 2. Open the following config files:
- ProxyForSC/proxyserver/config.php
- ProxyForSC/proxystub/config.php
- Enterprise/config/configserver.php
Step 3. For all files, set the following options into debug mode:
- Specify a folder for the
OUTPUTDIRECTORY
option. - Set the
DEBUGLEVELS
option toDEBUG
.
Step 4. Reproduce the problematic scenario.
Step 5. Archive (ZIP) the log folders of:
- Enterprise Server
- Proxy Server
- Proxy Stub
Step 6. Restore the adjusted configuration options by setting them back to their original values.
Step 7. Send the archives to WoodWing Support along with a detailed description of the scenario.
Comment
Do you have corrections or additional information about this article? Leave a comment! Do you have a question about what is described in this article? Please contact Support.
0 comments
Please sign in to leave a comment.