Symbols
A
- access privilege levels
- accounting
- applications
- description
- TACACS+, configuring
- admin permission
- admin-control permission
- all permission
- announcements at system login
- APIs (application programming interfaces)
- CORBA plug-in SPI
- CORBA remote API
- description
- SAE core API 1, 2
- application programming interfaces. See APIs
- architecture
- authentication 1, See also user accounts
- configuration example
- multiple methods
- RADIUS
- shared user accounts 1, 2
- TACACS+
- TACACS+, configuring
- TACACS+, configuring with C-Web interface
- TACACS+, configuring with SRC CLI
- template accounts
- authentication order
- configuring with C-Web interface
- configuring with SRC CLI 1, 2
- overview 1, 2
- removing authentication method
- removing authentication method with SRC CLI
B
C
- C Series Controller
- C Series Controllers
- C-Web interface
- committing a configuration
- configuration options
- configuring
- HTTP access 1, 2
- HTTPS access 1, 2
- logging properties
- copying an object
- deleting an object
- editing level
- elements
- getting Help
- icons
- layout
- loading configuration values
- logging out
- moving an object
- navigating
- overview 1, 2
- password, changing
- Policies, Services, and Subscribers
- renaming an object
- reverting a configuration
- starting
- updating configuration data
- username, changing
- C2000 Controller
- C3000 Controller
- C4000 Controller
- C5000 Controller
- clear permission
- cli
- client mode, NTP
- commands
- configuration statements
- configure permission
- control permission
- conventions
- customer support 1
- cweb-password
D
- date on system
- deployment scenarios
- DES (directory eventing system)
- differentiated QoS
- digital certificates. See security
- directory
- directory connection properties
- directory eventing system
- directory server
- documentation
- draft RFCs
- dynamic webpages
E
F
G
- Gigabit Ethernet interfaces, configuring IPv4
- Gigabit Ethernet interfaces, configuring IPv6
- GRE tunnel interfaces
- group interfaces, configuring 1
H
I
J
- Java Naming and Directory Interface. See JNDI
- java-heap-size, configuring
- JNDI (Java Naming and Directory Interface)
- Juniper Networks database
- adding Juniper Networks database to community
- changing modes
- community mode
- community mode configuration
- configuration example
- configuration statements
- configuring
- data recovery
- high availability
- loading sample data
- neighbors 1, 2
- overview 1, 2
- redundancy
- roles
- changing secondary to primary, SRC CLI
- overview 1, 2
- standalone mode
- verifying configuration
- Juniper-Allow-Commands attribute (RADIUS)
- Juniper-Allow-Configuration attribute (RADIUS)
- Juniper-Deny-Commands attribute (RADIUS)
- Juniper-Deny-Configuration attribute (RADIUS)
- Juniper-Local-User-Name attribute (RADIUS)
L
- LDAP (Lightweight Directory Access Protocol). See directory; directory server
- LDAP directory. See directory
- leases for licenses. See license server
- license
- license manager
- configuration statements
- configuring
- license server
- license usage
- Lightweight Directory Access Protocol. See LDAP
- load balancing
- local password authentication
- local properties
- logging, See also system log server
- login announcements, system
- login classes
- configuration
- configuration examples
- configuration prerequisites
- configuration statements
- configuration verification
- default classes
- idle timeout values
- options
- overview
- predefined
- privilege level options
- privilege levels
M
- maintenance permission
- manuals
- messages
- MII monitor
- configuring
- Monitoring Agent
- multicast
N
- NAS ID, configuring for SAE
- network
- network information collector. See NIC
- NIC (network information collector)
- notice icons
- NTP (Network Time Protocol)
- NTP,
O
- on-demand services 1, 2
- open interfaces
- operator login class
- operators, regular expression
- OSS integration
P
- passwords
- permissions
- policies
- Policies, Services, and Subscribers CLI. See SRC CLI
- Policies, Services, and Subscribers tasks. See C-Web interface
- policy management
- ports
- predefined login classes
- primary directory
- privilege levels 1
- product features 1, 2
R
- RADIUS
- RADIUS authentication. See authentication
- RADIUS authorization. See authentication
- read-only login class
- redundancy
- references
- regular expressions
- request license import file-name command
- reset permission
- residential portal
- resolving hostnames
- retrieving directory changes
- RFCs 1, 2, 3
- root account 1
- router running Junos OS
- router running JunosE Software
- routing permission
- routing-control permission
S
- SAE (service activation engine)
- configuring groups
- deleting default configurations
- SRC CLI 1, 2
- description 1, 2
- initial properties, overview
- starting
- stopping
- verifying status
- SAE (service activation engine), configuring initial properties
- SAE (service activation engine), configuring NAS ID
- SAE (service activation engine), configuring RADIUS address
- sample data
- secondary directory
- secret permission
- secret-control permission
- security
- digital certificates 1
- clearing certificates 1, 2
- clearing requests
- prerequisites
- requesting certificates 1, 2
- requesting certificates through SCEP
- viewing certificates
- security permission
- security-control permission
- server license. See license
- service activation engine. See SAE
- service permission
- service-control permission
- services
- shared user accounts
- shell permission
- SNMP agent
- access control, configuring on C Series Controllers
- community strings 1, 2
- named views
- SNMP groups
- VACM
- configuration statements 1, 2
- configuring
- description
- directory connection parameters, configuring
- Java Runtime Environment, configuring
- local properties, configuring
- logging, configuring
- monitoring
- named views, defining
- notification targets, configuring
- starting
- stopping
- system information, configuring
- trap history, configuring
- SNMP Agent
- snmp control permission
- snmp permission
- SNMP traps
- notification targets, configuring
- snmp-named-views-cli
- snmp-security-names-cli
- snmp-statements
- software standards
- SRC ACP (SRC Admission Control Plug-In)
- SRC CLI 1
- directory connections
- overview
- Policies, Services, and Subscribers CLI
- starting
- SRC components
- SRC software
- configuration prerequisites
- configuring
- creating, virtualized instance 1
- description
- features and benefits 1, 2
- financial advantages
- OSS integration
- recovering
- services
- snapshot on C Series Controller
- upgrading
- USB Storage Device
- virtualization
- virtualization, requirement
- SSH (secure shell)
- standards 1
- static host mapping
- static routes, configuring
- Steel-Belted Radius/SPE server 1, 2
- subscriber
- subscriber permission
- subscriber-control permission
- superuser login class
- support, technical See technical support
- symmetric active mode, NTP
- system authentication. See authentication
- system log server
- configuration prerequisites
- configuration statements
- message groups
- message severity levels
- messages
- messages, file
- messages, server
- messages, user notification
- overview
- system login
- system permission
- system-control permission
T
- TACACS+ authentication. See authentication
- tariff models
- technical support
- Telnet connection to remote host
- template authentication accounts
- text conventions defined
- third-party URLs
- tunnel interfaces
- tunnel interfaces, configuring
U
- UIDs
- unauthorized login class
- unresponsive directories
- usage data
- user accounts 1, See also login classes
- authentication
- configuring passwords
- configuring SSH authentication
- root password 1, 2
- authentication method and password
- configuration
- configuration verification 1, 2
- example
- overview 1, 2, 3
- shared
- user notification messages
V
W
- Web application server
- application deployment 1, 2
- channel stack
- configuration statements
- configuring the Web application server
- installing Web applications inside
- local properties
- multicast-address
- node-id
- overview
- removing Web applications from
- restarting
- shared cluster name
- shared cluster nodes
- shared cluster properties
- starting
- stopping
- viewing cluster history
- viewing cluster status
- viewing statistics
- Web Services Gateway
Download This Guide
Web Application Server on C Series Controllers Overview
The SRC software on a C Series Controller includes a Web application server that hosts the Web Services Gateway and the Volume Tracking Application (SRC VTA). In production environments, this application server is designed to host only these applications. However, you can load your own applications into this server for testing or demonstration purposes.
By default, the SRC Web application server listens on port 8080 for HTTP connections on the eth0 interface (interface to the trusted network) and on the configured ports for HTTP and HTTPS connections on the eth1 interface (interface to the untrusted network).
You can control access to applications deployed in the Web application server by configuring virtual hosts. A virtual host contains aliases and lists of the clients that are allowed to access the virtual host.
The aliases are DNS names or IP addresses that appear in the host part of the URLs used by clients to access a Web application. When the Web application server receives a request for an application, it searches for the virtual host with the alias that matches the host in the URL. If a virtual host is found, the Web application server verifies that the application is deployed on this virtual host and the client making the request is allowed to access the virtual host. If no virtual host is found, or if access to the application or client is not allowed by the virtual host, the request is rejected and the client receives an error code.
By default, SRC applications use the virtual host eth0. You must configure this virtual host and the following aliases:
- The IP address assigned to eth0.
- The name for the SRC host configured at the [edit system host-name] and [edit system domain-name] hierarchy levels.
For this reason, if you want to access the eth0 virtual host with URLs containing the DNS name of your SRC host, you must configure your SRC hostname in your DNS server.
You configure the built-in applications, such as Dynamic Service Activator, to deploy the application to a specific virtual host. Other applications that you can load for demonstration purposes are automatically deployed on the built-in virtual host eth0.
Clustering
The SRC Web application server supports clustering, which provides reliability through failover and load balancing. The nodes in the cluster automatically discover one another on startup and automatically synchronize their state with the rest of the group. The cluster configuration is part of the shared SRC configuration and is stored in the Juniper Networks database. You can configure several Web application server clusters. However, a single SRC Web application server instance belong to only one cluster; it cannot belong to more than one cluster.
Local and Shared Configuration
If you want a Web application server instance to be part of a cluster, you need to specify the cluster name in the local configuration by using the [edit slot 0 application-server] configuration statement. This statement points to the shared configuration stored in the Juniper Networks database. The Web application shared configuration is specified using the [edit shared application-server cluster cluster-name] configuration statement.
Storing the cluster configuration in the Juniper Networks database ensures that all nodes in the cluster share the same configuration, including the unique identifier of each node, and the shared cluster name. All nodes must be specified within the same Juniper Networks database community name.
The configuration of the application server cluster lists the information about each application server node. When the application server is started, the system retrieves the shared application server cluster configuration and generates the appropriate startup script for the application server node. If no cluster is defined, the application server is started in “all” mode, but without the cluster parameters.
 | Note: If you change the shared-cluster configuration, you must restart the local Web application server. |
By default, the intra-cluster communication is done through multicasting and UDP is used as the channel stack protocol. If multicasting is not an option for deployment, you can use TCP as the channel stack. The shared cluster configuration is valid only if the following conditions are fulfilled:
- The multicast-address is configured and either the channel stack is not set (the system uses UDP by default) or the channel stack is set to UDP.
- The channel stack is set to TCP and the multicast-address is not configured.
Related Documentation
- Configuring the Web Application Server (SRC CLI)
- Configuration Statements for the Web Application Server
