Break in case of Emergency

Primary tabs

You will know this label well and what's enclosed is not meant for every day's use.

I'll try to describe a situation that never can happen to you - - - - until you face it suddenly.


The scenario:
You have a bunch of servers that run Caché or IRIS with the key business applications of your company.
You are the responsible System and DB Manager to have it running with the highest possible availability.
From your home, you can connect into your company to fix whatever breaks at any time.
BUT:
Access to the servers with all your rights and passwords could be a security risk.
Hackers and spies can observe you on Internet but - often underestimated - also in Intranet.
And tools like WireShark are publicly available without limitation.

So your access requires protection. VPN is the tool of choice for your access from home.
BUT:
What to do if your bandwidth is narrow or you are not always @home if not @work.
In addition, VPN is just an extension of your Intranet. So this is just half the cake.

Direct consequence:
Your access to the servers requires HTTPS and SSH to hide your communication.
For the Webserver, this is standard with no specialty. All guides public available
And if you run WebTerminal you are well secured over the same path.
BUT:
What if your Webserver decides to stop and refuses further service ?
System managers on Linus/UNIX systems can lean back relaxed.
They run a real Server operating system with SSH included and with
csession / irissession for access without extra effort even from their Smart-Phone.
Lucky guys !

With Windows all you typically have is Remote Desktop (MSTSC) or some equivalent:
No problem within the company or over VNP. Though the access from a tablet requires
quite healthy eyes and from SmatPhone it's just not acceptable  (on my opinion).

So why not take the Linux/UNIX approach?
OpenSSH Server is available as an option on the latest releases of Win10 and WServer2019.


Putty is your friend and you connect very save over SSH to your server on any network with
an acceptable bandwidth requirement.
PuTTYgen can provide you with meaningful keys for your SSH server
And after server login, you land on the server's command prompt.  (as in Linux/UNIX) 


Next disappointment:
There is no iris session available. And for Caché no csession.exe  [until version 2018].
And cterm.exe or iristerm.exe end up in Nirwana without any visible reaction
as there is just no desktop for you to open any window.

UPDATE: thanks to @Alexey Maslov ​​@Dmitriy Maslennikov 
No TELNET is required.
simply   <installdir>\bin\cache -s .\mgr
 or       <installdir>\bin\irisdb -s .\mgr

 
 

Anyhow that's easy to fix:
You enable TELNET as an optional feature in your Win and a few restarts later you are ready.



Now you connect over SSH to the server command line. And use Telnet locally to your instance.

C:\Users\rcemper>telnet localhost
and here we go

 

It is clear that this a workaround for situations that you hopefully are never confronted with.
But you are well-advised to be at least prepared for it.

It is similar to the life jacket you have on airplanes and ships and will never use it.
And as cruise ships don't leave the port before the passengers have been trained on life jackets,
YOU should do the exercise to verify it works before you face the emergency situation.

 

Replies

With installing telnet you just opened one more door almost without any locks. You can achieve it without telnet. Just run cache.exe or irisdb.exe, with -S<mgrdir> 

Thanks for the hint.
My undocumented assumption was of course that the external telnet port is blocked already by firewall.
so it is server-internal only.

BTW: I couldn't convince my IRIS installation about -S switch. I seem to miss something.  ???

 

Hi Robert,

it should be "-s" rather than "-S". It's often used with relative directory reference, e.g.

c:\InterSystems\IRIS\bin> irisdb -s..\mgr