Exocomm 
Technologies
LOGIN
e-mail
password
Don't have an account? Register now!
software
services
library
news
contact

Exocomm software

Exocomm Server

device management

The Exocomm cloud management area allows you to easily and efficiently manage the nodes on your network. Cloud management is accessed via the cloud option on the navigation menu. A node is any device connected to your network; nodes are basically equivalent to hosts in standard UNIX terminology; except that there is no requirement for a node to offer services (a node can be a client as well as a server). A node can be a physical or virtual server, a printer, a switch, PDA, firewall or any other independent network entity. A list of registered nodes will be presented. You can select specific groups or classes of node to filter the node list accordingly. The action selector allows you to perform various action against a list of selected nodes for example start, stop, or reset. Select the desired action and click the continue button to proceed.

A device (computer, phone, tag, vehicle or any type of host) has one or more network interfaces, identified by their MAC addresses. A device is considered a node only if it is managed by the Exocomm Server. A device is owned by a contact (user).

To create a new node, select the NEW NODE option from the navigation menu. To edit the details of a node, click the node's name in the list.

A node's class identifies it's overall hardware type for example virtual machine, server, or PDA. Some functionality is restricted to specific node classes for example a virtual machine can only be created on a server.

The node group selector allows you to define group membership, for administrative and access control purposes. When a node is included in a group, any user who is a member of that group is allowed access to any node belonging to that group. Groups can be used flexibly to arrange your network resources in whatever way suits you by client, project, geographic location or any other criteria.

If a proxy is selected, all operations performed against a node will execute via that proxy. For example, if you have a node deep within a secure network which is not accessible from the internet, you can use a firewall or router as a proxy. When creating a virtual machine, the proxy defines the parent server which will host the virtual machine. When creating a virtual machine, you can leave the proxy unselected to have Exocomm automatically select the first available server to host the VM, based on available resources.

The OS template selector defines the type of operating system the node runs. Exocomm uses this to fine-tune it's management functions for different versions of Linux, BSD, Solaris or Windows. You can create various templates to suit your needs for example you could have WINDOWS TEST BOX, LAMP SERVER or EXECUTIVE LAPTOP. The selected template is then used as a skeleton when creating new virtual machines, minimizing the effort required to deploy nodes to suit various functional roles.

The next five items are resource quotas, used to restrict the utilization of virtual machines. Exocomm is the only solution which allows you to place arbitrary limits on the five critical resource types that a node can consume processor, memory, storage, storage I/O, and network. VMWare can only limit three of these values, and OpenVZ can only manage two. Because of these flaws, it is possible for a misbehaving virtual machine to abuse one or more resource types in order to degrade the performance of an entire server or network. The processor quota limits the CPU performance to the specified clock speed in megahertz. The memory quota controls the maximum amount of memory the node can allocate. The storage quota limits the amount of data storage available to the node. The storage I/O quota limits the storage read and write performance, measured in megabytes per second. The network quota specifies the network bandwidth available to the node, measured in megabits per second.

The alerts selector enables you to enable or disable monitoring alerts for that particular node.

A PXE provisioning server belongs in just about every rack/cabinet. The ghetto way involves CD/DVD drives, forgotten or scratched install media, endless man-hours watching progress bars and answering yes/no questions, servers running many different versions and patch levels of software etc.

Instead of messing around with CDs or USB SSD drives, you can simply boot via PXE into your installation/recovery environment over the network. Connect a KVM console, hit escape, select BOOT FROM NETWORK. You'll get a boot loader prompt with a bunch of different operating systems to choose from say CENTOS 5.4 64 BIT RECOVERY, with options for repair media and fresh installation (in many cases the same media provide both functions).

Distributions such as CENTOS are quite quick to install, but consider Debian (with 26 CD-ROMs!) or Gentoo (which requires the user to compile kernels this can take hours on poor hardware!).

All of the recovery options are left as-is. We're storing all of the installation ISOs right on this server. For the new install options, sometimes you'll want to have modified slipstream or seeded installers which, for example install particular networking configurations, particular software package selections etc. all without any user input at all.

In some cases an administrator could rack up a server, boot the seeded installer and walk away. When it reboots, it boots up a freshly installed copy of the selected operating system along with any desired patches, customizations etc.

Some functionality is restricted to specific node classes for example a virtual machine can only be created on a server. The node group selector allows you to define group membership, for administrative and access control purposes. When a node is included in a group, any user who is a member of that group is allowed access to any node belonging to that group. Groups can be used flexibly to arrange your network resources in whatever way suits you by client, project, geographic location or any other criteria. If a proxy is selected, all operations performed against a node will execute via that proxy. For example, if you have a node deep within a secure network which is not accessible from the internet, you can use a firewall or router as a proxy. When creating a virtual machine, the proxy defines the parent server which will host the virtual machine. When creating a virtual machine, you can leave the proxy unselected to have Exocomm automatically select the first available server to host the VM, based on available resources.

The OS template selector defines the type of operating system the node runs. Exocomm uses this to fine-tune it's management functions for different versions of Linux, BSD, Solaris or Windows. You can create various templates to suit your needs for example you could have WINDOWS TEST BOX, LAMP SERVER or EXECUTIVE LAPTOP. The selected template is then used as a skeleton when creating new virtual machines, minimizing the effort required to deploy nodes to suit various functional roles.

The next five items are resource quotas, used to restrict the utilization of virtual machines. Exocomm is the only solution which allows you to place arbitrary limits on the five critical resource types that a node can consume processor, memory, storage, storage I/O, and network. VMWare can only limit three of these values, and OpenVZ can only manage two. Because of these flaws, it is possible for a misbehaving virtual machine to abuse one or more resource types in order to degrade the performance of an entire server or network. The processor quota limits the CPU performance to the specified clock speed in megahertz. The memory quota controls the maximum amount of memory the node can allocate. The storage quota limits the amount of data storage available to the node. The storage I/O quota limits the storage read and write performance, measured in megabytes per second. The network quota specifies the network bandwidth available to the node, measured in megabits per second.

Bandwidth management functionality includes rate-limiting, traffic shaping and QoS. This helps control costs, mitigate malicious activity on the network and optimize performance.

Using our easy bandwidth management tool, you can establish maximum upload and download speeds for any IP address assigned to a server. It is possible to get incredibly complex for example you can have the limits apply only when the pipe is fully saturated, or have higher-priority traffic classes borrow bandwidth from lower-priority classes. Rates can be established based on many different factors, including source/destination ports, protocol type and even the payload of individual packets. For example, if you wanted to control encrypted bittorrent traffic but keep HTTP traffic nice and fast, you could have the packets classified based on the presence or absence of HTTP headers.

wireless access point service

For authenticating your users and controlling access to your wireless network, the Exocomm Server now supports three variants of WPA authentication. For a small business that just wants to provide secure wifi for it's staff, it's easy to get confused by all the terminology and complicated components involved in maintaining a properly secured wireless network. The simple password protection provided by a cheap router from Best Buy might be okay for home use, but no serious business can operate a secured network without using more advanced tools. Exocomm software takes the complexity and cost out of the equation, so our users can support the same fancy authentication systems used by expensive proproprietary hardware like Cisco or Aruba. Why spend thousands on each of your wifi routers -- and then spend more for ongoing license fees -- when you can have the same enterprise-grade security for FREE?

OPEN connectivity (the lack of any authentication at all) should never, ever, EVER be used. Connecting to any open network likely exposes your devices to SERIOUS security threats -- and we're not just talking "they can monitor your traffic" here; connecting open networks can cause your devices to be COMPLETELY OWNED -- EVEN LONG AFTER YOU'VE LEFT THE NETWORK! Do NOT connect to open networks, ever. The Exocomm Server does not support any form of unsecured access point.

WPA-PSK is the simplest authentication method, using a shared key (derived from a shared password). This is what you'll find on most non-enterprise networks. It's easy to set up -- simply choose a password and hand it out to users. However, this method is also less secure. Any particular user on your network can (potentially) intercept traffic from any other user -- with the right tools, your receptionist can read the president's e-mails, and vice-versa. If one of your users leaves the company, you'll have to change the password and redistribute it to everyone (causing chaos and mayhem on the network). And you can't reliably track what individual users are doing on the network -- for example, controlling how much bandwidth they use.

WPA-EAP allows extensions to WPA to support more flexible (and hopefully more secure) authentication methods. PEAP adds a "first layer" of encryption to WPA-EAP, which secures the traffic from interception by third parties. Once the "first layer" or "outer tunnel" of encryption is established, the "second layer" or "inner tunnel" is where actual authentication occurs.

WPA-PEAP-PAP adds INDIVIDUAL USER AUTHENTICATION. Each user has his/her own password. This is the minimum level of security required in most enterprise networks. Users cannot (easily) read other user's traffic. To deny access to a particular user, only that account needs disabled -- no one else is disturbed. And you can enforce access control policies on a PER-USER basis -- for example which VLANs they have access to, how much bandwidth they can consume, and so on. The Microsoft variant, MSCHAPv2, is supported by all Windows computers.

WPA-PEAP-TLS introduces CRYPTOGRAPHIC CERTIFICATES. Rather than user-names and passwords, a cryptographic (SSL) certificate is presented for authentication. The certificate may be stored on a smart-card or other secure storage device, to support multi-factor authentication (for example, requiring a fingerprint or passphrase to unlock the certificate). The RADIUS Server (Microsoft calls this the Network Policy Server) is the Certificate Authority or CA -- and this CA signs certificates for each user or device.

Multiple tiers may be supported by WPA-PEAP-TLS. In some cases the RADIUS server has a certificate which is SIGNED BY the CA; this is common in Enterprise Microsoft environments in which the Certificate Authority systems are kept "locked in a vault" for security purposes). For example, Acme Corporation keeps it's Certificate Authority machine kept locked in a vault at it's head office. That CA signs keys for each of the branch offices around the world. When logging on to the network via a Network Access Provider (NAP -- the router or service you are connecting to at the branch office) verifies that the user certificate is valid, and also that the RADIUS authentication server has a valid key, signed by the CA. There may be multiple tiers of cryptographic trust involved.

There's another aspect to WPA-PEAP-TLS that is not well understood. Because support of this authentication method requires a ROOT CA CERTIFICATE to be installed on a Client device, there is a potential security hole. If the user device trusts this CA certificate for anything other than it's intended purpose (connecting to wifi), then it's possible for whoever runs the CA to sign spoofed certificates for other entities -- say Google or Facebook. This may allow the operator of the CA to intercept sensitive information from any user of the network. This potential vulnerability is not the fault of WPA-PEAP-TLS per se, but rather the user device's behavior (trusting the keys used for wifi, to sign certificates used for web connections). To be secure, the user device must use the root/CA certificate *ONLY* for wifi authentication, and no other purpose, lest it become vulnerable at the cryptographic/SSL layer (the CA used to signed user certificates is also trusted to sign certificates for Google or Facebook, for example).

# description price quantity  
GNU
Linux
Terms of Service
|
contact Exocomm
|
Exocomm library
|
Exocomm software
Exocomm Technologies | (647) 830-6035 | 643 Bay Street #27, Toronto, Ontario, Canada
Copyright © 2017 by Exocomm Technologies. All rights reserved.