1.Total number of user login a GCP instance allow at a time?
2.How server resource get allocated among the jobs ran by concurrent user active any point of time?
3.Can we access google cloud server from any part of the world,how?If no,why?
For GCE instances, the limiting factor on concurrent connections is the OS. For Windows server, without Remote Desktop Services (and associated licenses), the limit is 2. On Linux machines, the limit is determined by the sshd_config file for MaxSessions and MaxStartups
Server resources are allocated based on the OS once again. For Linux, this can be by restricting on a per-user basis. As for Windows, there are different ways to enforce limits depending on the version you choose and how you deploy the server.
You can access the Google Cloud Platform and all the resources from almost anywhere in the world (with some exceptions) by access the external IP address of your instance, connecting to your Management console (console.cloud.google.com), or by running the Google Cloud SDK from your machine
Related
There is a private proxy server IPv4 and 1 port. It is possible to use HTTPS or SOCKS5. It will be used on multiple computers (configuration at the browser level, not a PC). DNS server shared (CloudFlare)
Since I am the owner of this proxy, I want to control and monitor it, namely to see:
the number of devices using it at the moment (online)
workload on proxy, traffic
What sites each computer runs
What of this is possible and with what tools? Is there a general solution (one tool) for all tasks?
Is VPS / VDS required for such purposes? If not, how is an addition than he can be useful?
From present:
Tinyproxy can generate static html file with you needs.
Artica Proxy has a web front end with statistics. Users and transit and sites.
From the past (not maintained):
squid: can generate static html file with your needs.
As title say i'm looking for something like Pulseway.
Basically i need to monitor 3.000 devices. And i was wondering if there is something where i can install an agent on this devices and monitor/command them securely via a web panel.
Thanks for your time
You can try to use Monitis Server/Device monitoring. They have agent for both Linux and Windows systems. We are using it for checking our internal servers performance. BTW you can install agent in one machine and monitor other devices with your internal network using internal uptime monitoring. On one agent you can setup as many monitor as you need. here is more details http://www.monitis.com/server-monitoring
I am trying to create a UCMA 4.0 application for Lync 2010. In the development phase the application will be hosted in my laptop and the lync server (on which I have no jurisdiction) will connect to my laptop and run the application. The OS in my laptop is Windows 7 SP 1 and the .Net framework is 4.5.
I am fairly new to UCMA coding and though I have studied about it, there are still some grey areas that needs to be addressed. Below are some of the questions that I have failed to get a clear answer of. Also, it is more important for me to understand the nitty gritties because the Lync server admin is a new person on the job who has, like me, never worked on UCMA applications.
I need to create an application pool. For that, the PowerShell cmdlet to be used is
New-CsTrustedApplicationPool -Identity foo.example.com -Registrar [Registrar Id] -Site [Site id] –ComputerFqdn foo.example.com
I assume this cmdlet must be run on the lync server. Since my laptop will be the only computer in the application pool in the development phase so my -ComputerFQDN and -Identity of the application pool are the same. Is this correct? Also, where will I get the Registrar ID and the Site ID? What is the difference between a manually provisioned application and an auto provisioned application?
To add a trusted application:
New-CSTrustedApplication –ApplicationId $ApplicationId -TrustedApplicationPoolFqdn $ApplicationFqdn -Port $PortNo
What exactly is application id. Is it my computer FQDN/application_name? I have assumed that the TrustedApplicationPoolFqdn is the same as my computer FQDN since there is only a single computer in the application pool. Also, will any available port no. do or should it be the one listening to my application? Since, I have not completed coding my application, getting the exact port no. is not possible. They want to setup the server before the coding is done. That is the challenge.
To create the trusted application endpoint:
New-CSTrustedApplicationEndpoint –ApplicationId $ApplicationId -TrustedApplicationPoolFqdn $ApplicationFqdn -SipAddress $ApplicationSipAddress –DisplayName
What is -SipAddress here? Where and how will I get the SIP address?
I know I have crammed a lot of questions here. But I am running low on knowledge and available resources and I am in a desperate need of some direction, given the time constraints that I am facing. Apart from the questions if anybody can help me with any heads up, you are more than welcome and appreciated to do so. All I need right now is some perspective from the stackoverflow community.
I assume this cmdlet must be run on the lync server. Since my laptop will be the only computer in the application pool in the development phase so my -ComputerFQDN and -Identity of the application pool are the same.
Is this correct?
No. It can be run from any computer that has the Lync / SfB powershell commands installed and you have enough "rights" to run the powershell commands. I run these sorts of commands from my dev machine all the time.
I normally develop with UCMA v4 (not 5) and when you install ocscore.msi from the SDK/runtime install or copy it from the Lync 2013 install. You can get the SfB powershell to install but I've found it be more of a pain than the Lync 2013 version and mostly you don't need SfB version (i.e. the Lync 2013 powershell commands work fine on a SfB server install).
Also, where will I get the Registrar ID and the Site ID?
The Registrar ID is the front end pool (the sip proxy to register with). You can get it with the powershell command:
Get-CsService -Registrar
Look at the "Identity" field and should look like:
Registrar:name.lyncdomain e.g. Registrar:myserver.company.com
You can get the Site ID from the Get-CsSite command. It should look like: Site:ID e.g. Site:MY_SITE
What is the difference between a manually provisioned application and an auto provisioned application?
This is a very big difference.
A manually provisioned application requires more code to setup and run your UCMA trusted application. You have to know all the settings and all the trusted application endpoints yourself.
A auto provisioned application requires less code to setup and run. All you need is a id and with that id you can query the UCMA API to pull all that trusted application setup and all the trusted application endpoints. This sounds great but the downside of a auto provisioned application setup means that all the computers in the application pool has to be setup as a replication point for the Lync database. To setup the computer as a replication point is a BIG pain in the pass (it takes about 1/2 hour to setup if you know what you are doing).
I suggest setting your application pool / application as a manually provisioned application as it's actually a lot simpler to setup in the long run unless you require the ability to automatically "know" what trusted application endpoints are setup to your application.
What exactly is application id.
Anything you like. It just needs to be unique (kind of) within the Lync environment. You can use Get-CsTrustedApplication command to see what other
application id's are already in use. It basically is the unique ID for your application.
Is it my computer FQDN/application_name?
It is the FQDN (fully qualified domain name) of the application pool. If should match the application pool ComputerFqdn value. It's basically telling Lync what application pool that this trusted application runs on. Trusted applications can only run on a application pool computer only.
is the same as my computer FQDN since there is only a single computer in the application pool.
In a single computer application pool, yes. In a multi-computer application pool, no. It is the ComputerFqdn of the pool.
Also, will any available port no. do or should it be the one listening to my application?
The port number has to be a available port on the pool computer. It is used by the UCMA application to listen on and is used by the Lync server (FE) to connect to the UCMA application as per the SIP RFC.
For auto provisioned application, the UCMA application will auto-load this value and use it. For manual provisioned application, you can either hard code it or load it from your own config setup (e.g. from registry?). I would recommend that you load from your own config somewhere like the registry.
What is -SipAddress here? Where and how will I get the SIP address?
It's whatever you want it to be. It needs to be a unique SIP address within the whole Lync setup. It should be in the format of sip:name#lyncdomain e.g. sip:myendpoint#company.com
It will be the primary entry point for SIP messages into your application if your application even uses / wants a sip endpoint to:
make audio calls, receive audio calls, provide presence, send/receive IM messages, etc.
If you aren't going to use a trusted application endpoint (e.g. you only want to impersonate user endpoints) then you don't need any trusted application endpoints.
I am setting up two computers to run a web application. web-host hosts a MongoDB database and NodeJS web server, while worker runs some more demanding processes and populates the database. Using an SSH tunnel from worker, web-host:27017 is accessible using localhost:9999 from worker. web-host:80 has been set up to be accessible on http://our.corporate.site/my_site/.
At the moment MongoDB has no authentication on it - anything that can contact web-host:27017 can read or write anything to the database.
With this setup, how paranoid should I be about authenticating requests to MongoDB? The answers to this question seemed to suggest not very. Considering access is only possible from localhost it seems about as secure as the local file system. In MySQL I usually have a special 'web' user with limited privileges to limit the damage of an injection attack in case I make a mistake sanitizing input, however MongoDB seems less vulnerable to injection (or at least easier to sanitize) compared with MySQL.
Here's the issue: If you do set-up Mongo authentication, you are going to need to store the keys on the machine that accesses it.
So assuming that web-host:80 is compromised, the keys are also vulnerable.
There are some mitigation processes you can use to secure your environment, but there is no silver bullet if an attacker gains root access to your environment.
First I would consider putting mongodb on a separate machine on a private internal network that can only be accessed by machines in a DMZ (the part of the network where machines can communicate with your internal network and the outside world).
Next, assuming you are running a Linux-based system, you should be able to use AppArmor or SELinux to limit which processes are allowed to make outbound network requests. In this case only your webapp process should be able to initiate network requests such as connecting to your Mongo database.
If an attacker was able to get non-root access on your machine, the SELinux/AppArmor system policy would prevent them from initiating a connection to your database from their own script.
Using this architecture, you should be more secure than simply augmenting your current architecture with authentication. In a choice between the SELinux/AppArmor, I would use SELinux, since it is was much more mature and had much more granular control the last time I checked.
We have a service that is hosted in IIS using WAS with the net.msmq binding. The service reads messages from a private transactional MSMQ queue. I need it to work by reading from a queue that is on a different machine to the service. I can get it working if the queue is on the same machine, but not if it is on a different machine.
Environment information
The servers are running Windows Web Server 2008 R2.
The servers are in a workgroup, i.e., they are not part of a domain.
MSMQ has been installed without the directory service integration feature.
I believe that the required Windows features are installed (WCF Non-Http Activation and Http Activation, Message Queuing Server, Multicasting Support, Message Queueing DCOM Proxy, Windows Process Activation Service, .NET Environment, Configuration APIs)
I have made the following registry changes on the machines:
NewRemoteReadServerAllowNoneSecurityClient = 1
NewRemoteReadServerDenyWorkgroupClient = 0
AllowNonauthenticatedRpc = 1
DTC has been enabled, with Network DTC Access, Allow Remote Clients, Allow Inbound, Allow Outbound, No Authentication Required and Enable SNA LU 6.2 Transactions all selected.
Firewall changes have been made.
Service configuration information
We are using netMsmqBinding.
The transport Security Mode of the netMsmqBinding is None.
ExactlyOnce is true
UseActiveDirectory is false
Durable is true
The queue address is net.msmq://the-host-computer-name/private/EmailAsyncService
WCF logging
There is a warning:
Cannot detect if the queue is transactional". The FormatName of the queue in the error is DIRECT=OS:the-host-computer-name\private$\EmailAsyncService
There is then an error:
An error occurred when converting the 'the-host-computer-name\private$\EmailAsyncService' > queue path name to the format name: Unrecognized error -1072824300 (0xc00e0014). All operations on the queued channel failed. Ensure that the queue address is valid. MSMQ must be installed with Active Directory integration enabled and access to it is available.
What I have tried
I can read messages from the remote queue from the machine the service is on if I manually create and use a MessageQueue instance.
I've tried hosting the service as a standalone console application. The error messages are the same.
I have tried disabling the firewalls involved.
I've tried the changes on http://msdn.microsoft.com/en-us/library/ms752246.aspx, which relate to running such services on a computer joined to a workgroup. ("both the activation service and the worker process must be run with a specific user account (must be same for both) and the queue must have ACLs for the specific user account... In workgroup, the service must also run using an unrestricted token.") The user account I'm currently using is Network Service.
Some thoughts
I don't believe that there is a firewall or permissions issue.
Despite the fact that the service configuration has UseActiveDirectory set to false, the queue address of net.msmq://the-host-computer-name/private/EmailAsyncService seems to be getting translated into the-host-computer-name\private$\EmailAsyncService, which AFAIK is a name format that requires lookup via Active Directory.
I'm a little late here, but since you have no other answers, I may still be of help.
You might want to try enabling Directory Service Integration, as I believe you need to muck with certificates to operate in Workgroup Mode.
Also, Juval Lowy's WCF book makes it clear that when you have queued services hosted in WAS you have to name the queue the exact same as the virtual path to your svc file. So if your service is actually hosted at /EmailAsyncService/EmailService.svc then that's precisely what you need to name your queue (without the first slash).