EP1374041A2 - Surveillance de serveurs - Google Patents

Surveillance de serveurs

Info

Publication number
EP1374041A2
EP1374041A2 EP01937914A EP01937914A EP1374041A2 EP 1374041 A2 EP1374041 A2 EP 1374041A2 EP 01937914 A EP01937914 A EP 01937914A EP 01937914 A EP01937914 A EP 01937914A EP 1374041 A2 EP1374041 A2 EP 1374041A2
Authority
EP
European Patent Office
Prior art keywords
plugin
computer
server
data
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01937914A
Other languages
German (de)
English (en)
Inventor
David Fischer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sysformance AG
Original Assignee
Sysformance AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sysformance AG filed Critical Sysformance AG
Publication of EP1374041A2 publication Critical patent/EP1374041A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes

Definitions

  • the present invention is in the field of network, respectively. Internet technology.
  • the object is achieved by the invention defined in the patent claims.
  • the idea of the invention disclosed here is based, inter alia, on a proxy server support of the Internet HTTP protocol for the purpose of automatic recording and the later automatic replaying of data traffic from one or more HTTP clients (eg web browsers) using an HTTP Server or HTTP proxy server communicate.
  • HTTP clients eg web browsers
  • HTTP proxy server e.g., HTTP Server or HTTP proxy server communicate.
  • referentially recorded data are stored in a form that allows the complete data traffic generated by the client and the server (requests), at a later, determinable time, automatically and as often as desired, in particular from different geographical locations and Repeat, monitor and evaluate in compliance with defined criteria. The process is usually done without the intervention of the original, generating client.
  • the response data of the server (responses) are usually also recorded in whole or in part. This makes it possible for the first time that the recorded client requests can be used later to check whether the server is supplying analog, constant data or whether it deviates from a defined standard. This plays a relevant role for the periodic monitoring of unauthorized access.
  • the information is periodically compared with secure and trustworthy reference data (from one or more remote points of view).
  • a corresponding comparison provides meaningful data with minimal effort.
  • the monitoring is advantageously carried out from different geographical locations in such a way that monitoring takes place via several channels. This also makes it possible to compare the performance and deviations of the same compare and evaluate their limit values (in particular using different methods). Corresponding alarm messages are issued if necessary.
  • the content of the data traffic via a selected protocol plays a rather minor role in the method described here, i.e. All content can be recorded and played back, even if it is e.g. Contents of higher-level protocols, e.g. JavaScript or SSL.
  • Further application examples of the method described here are e.g. recording of interactive web browser surf sessions. It is advantageous to generate a reference session from one or more sessions. An evaluation and later use of these surf sessions e.g. in the form of load test routines is used for referential monitoring and control of unauthorized access, as well as performance measurement. In particular, the availability of the server is also monitored in order to monitor hardware defects or crashes.
  • a comparison of the referenced (recorded) server response data with the data traffic generated when the same is applied to a server, in particular over several channels or paths, is preferably used as a mechanism for detecting modifications to the data content of the server and for location-dependent performance measurement. Illegal access and changes are recognized reliably and quickly.
  • proxy servers for example in the now widely used HTTP protocol, include the following: intermediate storage of data for the purpose of shortening the response times; Logging and evaluation of data traffic between client and server, with a view to controlling the surfing behavior of individual natural persons (observation and control of the person, suppression of unwanted websites etc.); Disabling the direct connection of individual computers by end users to the Internet for security reasons.
  • the invention disclosed herein is remotely based on the Functionality of a proxy server. In contrast to this, the actual main function of a conventional proxy server is not used or is used only in a minor way.
  • the invention disclosed here has the following differences from a conventional proxy server:
  • the invention has recording means. These means are controlled with specially provided interfaces ("Start Record"). In this state, all requests / responses are stored in a defined data structure so that the course of the same can be traced at a later point in time using appropriate means (for example a correspondingly programmed machine). The e.g. referential recorded data are advantageously created in an appropriate library.
  • plugins according to the invention are generated automatically or manually from the recorded data (cf. further below), which are implemented via These means, for example probes (see below), can be carried out in such a way that the same test can be carried out simultaneously from different locations. This makes it possible to monitor one server with different or several servers with special reference data.
  • the invention can be applied specifically to only one client or else to all clients. For clients with a separate record, HTTP authentication is advantageously required from the client. Each time a client requests this, it can then be used to individually manage the recording data of the individual clients.
  • the invention can also support HTTP to HTTPS (SSL) conversions or higher-level protocols.
  • SSL HTTP to HTTPS
  • the client can make unencrypted queries to the server. These unencrypted requests are then encrypted by the invention and forwarded to the server. The answer is in turn decrypted by the invention and returned to the client.
  • the SSL protocol is decrypted by the invention and not by the client first. This makes it possible to record the data exchange between client and server even when encrypted.
  • Higher-level protocols are deliberately broken up for the purpose of recording / monitoring by providing a client-server-client-server method instead of a tunneling method.
  • Plugins are known from the prior art. Plugins are typically universal programs that specialize in performing any function. A corresponding plugin interface is required to activate a plugin. In the case of Java programs, for example, this is done via a corresponding interface. It is usually the case that a plug-in is loaded due to a request or a need for a program (e.g. from a web browser). Both CORBA and RMI (Java Remote Method Invocation) in contrast to the invention disclosed here, only data or variables are exchanged, but no program code is transmitted. In contrast to the prior art, the program code is typically transmitted in the plugins according to the invention. With conventional plugins, the incentive to load a plugin always comes from the location where the plugin is also executed (from the inside). In the case of plugins according to the invention, however, this incentive comes from another location, that is to say typically from the outside.
  • CORBA and RMI Java Remote Method Invocation
  • the plugins according to the invention advantageously work as follows: at a first location (starting point) it is arranged at a certain point in time that a plugin should be executed at a second location (target location) by means of a suitable means. The plugin is then transferred to the second location (destination) with a request to execute it. The result is that a plugin is executed at the second location (destination), which for example reports a result back to the first location (starting location).
  • the only requirement at the second location (destination) is that plugins according to the invention can be received or It is not necessary that the destination knows something about the content of the plugin according to the invention.
  • a plugin according to the invention can be subject to certain restrictions that are invisible or invisible from the outside For example, it can be stipulated that a plug-in according to the invention must not exceed a certain execution time, etc. If a violation of a corresponding restriction is registered, appropriate measures are taken, for example by interrupting the execution (ie the plug-in is "killed”).
  • certain plugins are loaded as “class” at the destination “on command” using a special class loader, and an “instance” is then generated, which is then, for example, via a plugin interface is called.
  • the plugins according to the invention are generally generated automatically by means of an arrangement according to the invention.
  • a recorder according to the invention which is used, among other things, to generate plugins, advantageously has a web interface in such a way that even a technically non-experienced user can record, for example, a surfing session in order to then insert it into the central database of test arrangements or , to create this as a plugin.
  • This surf session is then available to carry out tests of any kind in periodic or arbitrary time intervals, for example by probes.
  • This deliberate end-user functionality which is designed in such a way that it can be operated without technical knowledge, offers additional advantages.
  • the invention is illustrated by the following figure. This shows schematically a network with probes and a central service.
  • FIG. 1 shows an advantageous embodiment of the invention.
  • a monitoring system 1 monitors any services from a host 4 using a central service, which is preferably operated by means of a central system 5, via a network (Internet / intranet) 2, if necessary from various points 3.1, 3.2, 3.3 becomes.
  • Test configurations, test programs, for example in the form of plugins according to the invention, and also test results are preferably stored in a database, which is located here in the area of the central system 5.
  • a program runs on the central system 5 which carries out predetermined or random test configurations periodically and or aperiodically, for example for monitoring purposes, or once in parallel over many instances / channels 10.1, 10.2, 10.3, for example as a load test.
  • the central system 5 generally does not carry out these tests itself, but rather transmits test programs and test Configurations of specially designed means, here probes (computers) 11.1, 11.2, 11.3. These are preferably located locally in a network 2, for example at providers, in a data center, etc. As a rule, the transmission takes place simultaneously to a plurality of probes (shown schematically by arrows 13.1, 13.2, 13.3). They carry out one or more tests and transmit location-dependent results to a central system. This can be the same or a different central system.
  • the central system 5 (or if necessary also one or more probes 11.1, 11.2, 11.3) analyzes and stores the results and, if necessary, initiates further reactions (eg triggering an alarm).
  • a plugin is carried out by transmitting it to at least one computer (11.1, 11.2, 11.3) via a network (2). The plugin then causes the at least one computer (11.1, 11.2, 11.3) to execute the plugin.
  • the inventive arrangement of one or more central systems 5 and one or more probes 11.1, 11.2, 11.3 can be used at different (geographic) locations on the intranet or Internet to test whether, for example, a target system / server 4 to be monitored can be reached and / or is functional or whether it has certain properties or whether a local property is present in a probe and is possibly functional.
  • a web server is checked from several probes. In particular, it tests whether the web server can be reached from the individual probes, i.e. from different geographical points. If the web server can be reached, the "content" of the web server will also be tested (behavior on HTTP requests). A load test will also be carried out if necessary. It is essential that the server not only from one point but is monitored by many.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)
  • Alarm Systems (AREA)

Abstract

L'invention concerne un procédé permettant l'exécution d'un plugin sur au moins un ordinateur, en particulier à des fins d'informations. Le plugin est transmis à au moins un ordinateur (11.1, 11.2, 11.3) par l'intermédiaire d'un réseau. Ensuite, le plugin lance le ou les ordinateurs (11.1, 11.2, 11.3) pour son exécution.
EP01937914A 2000-06-20 2001-06-15 Surveillance de serveurs Withdrawn EP1374041A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CH122200 2000-06-20
CH12222000 2000-06-20
PCT/CH2001/000373 WO2001098899A2 (fr) 2000-06-20 2001-06-15 Surveillance de serveurs

Publications (1)

Publication Number Publication Date
EP1374041A2 true EP1374041A2 (fr) 2004-01-02

Family

ID=4563795

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01937914A Withdrawn EP1374041A2 (fr) 2000-06-20 2001-06-15 Surveillance de serveurs

Country Status (4)

Country Link
US (1) US6912572B1 (fr)
EP (1) EP1374041A2 (fr)
AU (1) AU2001263701A1 (fr)
WO (1) WO2001098899A2 (fr)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346918B2 (en) 2000-12-27 2008-03-18 Z-Band, Inc. Intelligent device system and method for distribution of digital signals on a wideband signal distribution system
US7007086B2 (en) * 2002-06-14 2006-02-28 Sun Microsystems, Inc. Method and apparatus for measuring multi-connection performance of a server
FR2849704A1 (fr) * 2003-01-02 2004-07-09 Thomson Licensing Sa Dispositifs et procedes de decision conditionnelle d'execution de services recus et de constitution de messages d'informations associes a des services, et produits associes
US20040172253A1 (en) * 2003-02-28 2004-09-02 Sun Microsystems, Inc., A Delaware Corporation Capture and playback web automation tool
US20040243882A1 (en) * 2003-05-27 2004-12-02 Sun Microsystems, Inc. System and method for fault injection and monitoring
US8212805B1 (en) 2007-01-05 2012-07-03 Kenneth Banschick System and method for parametric display of modular aesthetic designs
US7827264B2 (en) 2007-02-28 2010-11-02 Caterpillar Inc Systems and methods for managing computer systems
JP4521448B2 (ja) * 2008-01-31 2010-08-11 株式会社東芝 遠隔監視・診断システム
US9547675B2 (en) * 2013-07-10 2017-01-17 Oracle International Corporation Database diagnostics interface system
US11057446B2 (en) 2015-05-14 2021-07-06 Bright Data Ltd. System and method for streaming content from multiple servers

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0784276A1 (fr) * 1995-12-22 1997-07-16 Pure Atria Corporation Dispositif et procédé de mesure de charge du travail

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5423042A (en) 1992-10-23 1995-06-06 International Business Machines Corporation Remote procedure execution
US5880740A (en) * 1996-07-12 1999-03-09 Network Sound & Light, Inc. System for manipulating graphical composite image composed of elements selected by user from sequentially displayed members of stored image sets
US5974549A (en) * 1997-03-27 1999-10-26 Soliton Ltd. Security monitor
US6006260A (en) 1997-06-03 1999-12-21 Keynote Systems, Inc. Method and apparatus for evalutating service to a user over the internet
US6073119A (en) * 1997-09-04 2000-06-06 Citicorp Development Center, Inc. Method and system for banking institution interactive center
US6421706B1 (en) * 1998-02-25 2002-07-16 Worldcom, Inc. Multicast and unicast internet protocol content distribution having a feedback mechanism for real-time and store and forward information transfer
US6233341B1 (en) * 1998-05-19 2001-05-15 Visto Corporation System and method for installing and using a temporary certificate at a remote site
US6397384B1 (en) * 1998-12-18 2002-05-28 Adobe Systems Incorporated Run-time addition of interfaces
US6611872B1 (en) * 1999-01-11 2003-08-26 Fastforward Networks, Inc. Performing multicast communication in computer networks by using overlay routing
US6397256B1 (en) * 1999-01-27 2002-05-28 International Business Machines Corporation Monitoring system for computers and internet browsers
US6453320B1 (en) * 1999-02-01 2002-09-17 Iona Technologies, Inc. Method and system for providing object references in a distributed object environment supporting object migration
US6405366B1 (en) * 1999-05-28 2002-06-11 Electronic Data Systems Corporation Multi-layered software application interface architecture
US6484276B1 (en) * 1999-10-25 2002-11-19 Lucent Technologies Inc. Method and apparatus for providing extensible object-oriented fault injection
US6529784B1 (en) * 2000-02-29 2003-03-04 Caldera Systems, Inc. Method and apparatus for monitoring computer systems and alerting users of actual or potential system errors

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0784276A1 (fr) * 1995-12-22 1997-07-16 Pure Atria Corporation Dispositif et procédé de mesure de charge du travail

Also Published As

Publication number Publication date
AU2001263701A1 (en) 2002-01-02
WO2001098899A3 (fr) 2003-10-09
WO2001098899A2 (fr) 2001-12-27
US6912572B1 (en) 2005-06-28

Similar Documents

Publication Publication Date Title
DE69818232T2 (de) Verfahren und system zur verhinderung des herunterladens und ausführens von ausführbaren objekten
DE60114999T2 (de) Überwachung von und interaktion mit netzwerkdiensten
DE10052945B4 (de) Agenten/Vollmacht-Verbindungssteuerung über eine Brandmauer
DE602005004855T2 (de) Flexibele und skalierbare Informationssicherheitsarkitectur zur industrieller Automatisierung
DE10249428B4 (de) Verfahren zum Definieren der Sicherheitsanfälligkeiten eines Computersystems
DE69832786T2 (de) Vorrichtung und verfahren zur identifizierung von klienten die an netzwer-sites zugreifen
DE10249427A1 (de) System und Verfahren zum Definieren des Sicherheitszustands eines Computersystems
EP2340485A1 (fr) Procédé de configuration d'une application
DE102005016033A1 (de) Verfahren und Systeme zum Analysieren von Netzwerkübertragungsereignissen
DE19651270A1 (de) Vorrichtung, System und Verfahren zum Bedienen eines Gerätes
DE112004000428T5 (de) Verfahren und Systeme zum Verwalten von Sicherheitsrichtlinien
DE10309246B4 (de) Verfahren für das Event Management
EP1374041A2 (fr) Surveillance de serveurs
DE102004048666A1 (de) Erweiterbarer Netzwerkagent - Verfahren, System und Architektur
EP3529967B1 (fr) Procédé de liaison d'appareils avec ce qu'il est convenu d'appeler les nuages, programme informatique impliquant une mise en oeuvre du procédé et unité de traitement destinée à exécuter le procédé
DE10024347B4 (de) Sicherheitsservice-Schicht
EP3824612B1 (fr) Procédé d'essai de pénétration, programme informatique et dispositif de traitement de données
DE102014225418A1 (de) Verfahren und Vorrichtung zur Überwachung einer Zertifizierungsstelle
WO2004028107A2 (fr) Controle de transmissions de donnees
DE10259794A1 (de) Verfahren und Vorrichtung für das Event Management
WO2021170316A1 (fr) Analyse d'une instance de conteneur d'un système d'exploitation
EP4107640B1 (fr) Procédés et systèmes de transmission des artefacts logiciels d'un réseau source vers un réseau cible
EP3339994A1 (fr) Procédé de vérification d'une attribution de mandat, produit-programme informatique et dispositif
EP3355141A1 (fr) Système d'opérateur pour un système de contrôle de processus
EP3101875B1 (fr) Modification de reglages d'une application execute par un terminal mobile

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20030117

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

17Q First examination report despatched

Effective date: 20070913

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20121122