Other Features

• GIT Integration
• API Gateway
• Protocol Buffer (ProtoBuf)
• gRPC Protocol
• Date Header in Response
• Content-Encoding: Compression of Response Files
• Generate SAN Certificate
• Access Control (Refer: https://www.cavisson.com/product-resources/netstorm-resources/access-control/)

GIT Integration

Git is used to manage a project or a set of files as they change over time. It stores this information in a data structure called a Git repository. A Git repository is the directory where all of your project files and the related metadata resides.

To configure Git settings, perform the following operations:

1. Go to Admin > GIT Configurations.

2. This displays the Git Configuration window.

3. Provide the following details:

• • Use GIT for Version Control: To use Git for version control, select this check box otherwise Cavisson Version Control System is used.
  • Protocol: The protocols used for Git, such as HTTP, HTTPS, or SSH.
  • Repository IP / Domain Name: The IP of the machine where the files are stored.
  • Repository Port: Port of the machine.
  • Repository Path: The path of the machine where the files are stored.
  • User Name: Git user name.
  • Password: Password of the Git user.
  • Pass Phrase: A pass phrase is a sequence of words or other text used to control access to a computer system, program, or data. A passphrase is similar to a password in usage but is generally longer for added security.

4. After entering all repository information, click Once these settings are enabled, the following options are displayed in Manage Services window:

Git Clone

It performs a clone from the specified repository. On successful processing, a message is displayed – Cloning is done successfully.

GIT Commit

This is used to commit the changes from the local server to a specified repository. Select a record and click the GIT Commit option.

GIT Pull

It is used to pull the latest commits from the specified repository to a local server. Select a record and click the GIT Pull button.

History

Here, the user can view the version logs of a record. To view all versions, select a record and click the History button. This displays the History window:

To view the files modified during commit, click the Commit ID.

Version Revert

This is used to revert a commit version. Select at least one commit ID. After reverting the same, results is displayed on the pop-up followed by it.

Version Difference

Select two commit IDs and click Diff button to see the difference between two commit points.

Version Deletion

To delete the commit version.

API Gateway

Cavisson API provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. Cavisson API products and services deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment.

Accessing API Gateway UI

You can add the headers and run the API gateway from the UI.

1. To access the API Gateway UI, go to Admin > API Gateway.
2. This displays the following window with some default tabs, such as – backend CavService, defaults, backend CavUI, frontend api_gateway, and global.

Adding a Configuration

1. Click the Configure This displays the HAProxy Configure window.

2. Enter the following details:

1. • Name: This is the Source name and is displayed as a tab. It must start with an alphabet.
   • Header: Name of the header. It must start with an alphabet and should be in a proper format.
   • Value: Value of the header.

3. Click Add and then Save. A confirmation message is displayed for successful configuration.

Editing a Configuration

To edit a configuration, just click over the required tab. The details of the configuration are displayed in the text area. Then, make the required changes and click the Save button. The details are saved with the latest changes.

Protocol Buffer (Protobuf)

Protocol buffer, usually referred to as Protobuf, is a protocol to allow serialization and deserialization of structured data. It provides a better way, compared to XML, to make systems communicate.

NetOcean provides support for Protobuf with the following features:

Features

• Support to convert a response into Protobuf format if Content-Type is set to application/x-protobuf OR x-application/protobuf.
• Support to convert the request body from Protobuf format to XML format.
• Support to parameterize the response body.
• Support of CAVREPEAT block for the response body.
• Command line tool from protobuf conversion to XML or vice – versa.

Usage

1. Go to Services > Manage > Normal Mode.

2. This displays the Services window. Select a service from the list.

3. This displays the Template window. Select a template from the list.

4. In the Content – Type section, select the header from the drop-down list either application/x-protobuf or x-application/protobuf.

5. Click the Protobuf Settings This displays the Protobuf Settings window.

6. There are two sections: Request and Response. Provide the following details and click Save.

1. • Enable Protobuf: Select this check box to enable Protobuf.
   • Upload Proto File: Select the Proto file by using the Choose button or paste the file content in the body section.
     • Request Proto file: To get the content in the encoded format as passed in the request.
     • Response Proto file: To get the response in encoded format from the server.
   • Proto File Name: Provide the name of the proto file.
   • Message Type: This contains the schema of the proto file. This displays the parsed message types from the uploaded proto file. If the content of the proto file is modified, the ‘Message Type’ drop-down is automatically be refreshed.

Note: All the fields in the ‘Request’ and ‘Response’ sections are mandatory if enabled.

7. When you hit a service from NetOcean, the data is sent in the encoded format.

gRPC Protocol

gRPC is a lightweight communication protocol that allows you to communicate with other applications using Remote procedure calls (RPCs). You can now record gRPC services API by NetOcean. It uses HTTP/2 for transport and most typically use Protocol Buffers to define a message schema. It provides features such as authentication, bidirectional streaming, and blocking or non-blocking bindings. It is possible to generate cross-platform client and server code for many languages.

NetOcean supports gRPC protocol with the following features.

Features

• You can create a gRPC service to make the gRPCs.
• You can create SSL/Non-SSL gRPC service.
• You can send/receive any type of data defined using supported formats (e.g. protobuf, json) over that gRPC

Usage

1. Go to Services > Manage > Normal Mode.

2. This displays the Services window. Select a service from the list.

3. This displays the Template window. Select a template from the list.

4. In the Content – Type section, select the header from the drop-down list either application/x-protobuf or x-application/protobuf.

5. Click the Protobuf Settings This displays the Protobuf Settings window.

6. There are two sections: Request and Response. Provide the following details and click Save.

1. • Enable Protobuf: Select this check box to enable Protobuf.
   • Upload Proto File: Select the Proto file by using the Choose button or paste the file content in the body section.
     • Request Proto file: To get the content in the encoded format as passed in the request.
     • Response Proto file: To get the response in encoded format from the server.
   • Proto File Name: Provide the name of the proto file.
   • Message Type: This contains the schema of the proto file. This displays the parsed message types from the uploaded proto file. If the content of the proto file is modified, the ‘Message Type’ drop-down is automatically be refreshed.

Note: All the fields in the ‘Request’ and ‘Response’ sections are mandatory if enabled.

7. When you hit a service from NetOcean, the data is sent in the encoded format.

Date Header in Response

The date header is used to display the current date and time in the response template. These settings are applicable at three levels – Global level, Service level, and Template level.

Global Level: The date header is applied to all the services. To set the date header at the global level:

1. Go to NetOcean Home Page > Configuration > Normal Mode.

2. Expand the HTTP Settings section and select Enable Date Header.

3. Click Save to save the changes and restart the server by clicking the Click to Activate NetOcean Services  button on the top panel.

4. Go to Services > Manage > Normal Mode / RTC mode.

5. This displays the NetOcean Manage Services screen with service name.

6. Select any service name and click Test at the bottom of the screen.

7. This displays a Test Service screen, click Test. It opens the response template with applied date and time.

Service Level: The date header is applied to a specific service. To set the date header at the service level:

1. Go to NetOcean Home Screen > Services > Manage > Normal Mode / RTC Mode.

2. Click any service to Enable Date Header.

3. On the next screen, go to Service Setting screen, and select Enable Date Header and click Save to save the changes.

4. Restart the server by clicking Click to Activate NetOcean Services () button on the top of the screen.

5. Click Manage button on the top of the screen. Select the specific service on which enable date header is applied and click Test at the bottom of the screen.

6. This displays a Test Service screen, click Test. It opens the response template of the service with applied date and time.

Template Level: The date header is applied at a specific template, in case of more than one template, available within a service. To set the date header at the template level:

1. Go to NetOcean Home page and open list of services.
2. Click on one service, which contains multiple templates to Enable Date Header at the template level.

3. This displays a template screen, click on the template name to apply the date header.

4. Select Enable Date Header and click Save to save the changes.

5. Restart the server by clicking Click to Activate NetOcean Services  button on the top of the screen.

6. On successful save, the date header is applied on the specific template of a service.

7. Click Manage button on the top of the screen. Select specific service on which enable date header is applied to a specific template and click Test at the bottom of the screen.

8. This displays a Test Service screen, select that specific template from Template Name drop down, and click Test. Open specific response template of the service with applied date and time.

Content Encoding: Compression of Response Files

A user can compress the response by using the following compression types – Deflate, Gzip and BR. It is supported at three levels – Template level, Service level, and Global level.

• Gzip or Deflate: Gzip (or Deflate) compresses the webpages and CSS files before sending them to the browser. This operation drastically reduces transfer time since the files are much smaller. In terms of cost versus benefit, gzip compression should be near the top of your page speed optimizations if you don’t have it setup already.

Gzip is actually a very simple idea that has extremely power (when put to good use of course). Gzip locates similar strings within a text file (in our case this is commonly CSS and HTML codes) and replaces those strings temporarily with some placeholders to make the overall file size smaller.

• Brotli (BR): Brotli compression ensures better space utilization and faster page loads with smaller compressed size and it is far better than gzip compression mechanism.  While Gzip compression uses a fixed window of 32KB but Brotli uses a sliding window of 1KB to 16MB. In NetOcean, Brotli technique is applicable for Correlated Services as well as Static Services.

• • Brotli is independent of CPU type, operating system, file system, and character set.
  • It can produce a compression ratio that is comparable to the best compression methods currently available and most importantly is considerably better than Gzip.
  • It decompresses much faster than current LZMA implementation.

These are supported at three levels – Template level, Service level, and Global level

Template Level: The compression type is applied at a specific template available within a service. To set the compression type at the template level:

1. Go to NetOcean Home page.
2. Click Manage on the top of the screen. This displays the screen with all the services.
3. Click on any service to set the compression type at the template level.

4. This opens a template screen, click on any template name to apply the compression type.

5. Select any compression type to apply.

6. Click Save to save the changes.

7. Restart the server by clicking Click to Activate NetOcean Services  button on the top of the screen.

8. A success message “Template updated successfully” is displayed on the screen.

9. Selected compression type format is displayed under the Response Template.

Service Level: The compression type is applied at a specific service level. To set the compression type at the service level:

1. Go to NetOcean Home page.
2. Click Manage on the top of the screen. This displays the screen with all the services.
3. Click on any service to set the compression type. 

4. On next screen, go to Service Settings > HTTP Settings.

5. Go to Service Settings > HTTP Settings. Select any compression type to apply.

6. Click Save to save the changes. Restart the server by clicking Click to Activate NetOcean Services  button on the top of the screen.

7. Selected compression type format is displayed under the Response Template.

Global Level: The compression type is applied at all the service levels. To set the compression type at the global level:

1. Go to Configuration button > Configuration > Normal Mode. 

2. On the next screen, go to HTTP Settings, and select any compression type.

3. Click Save to save the changes.
4. Restart the server by clicking Click to Activate NetOcean Services button on the top of the screen.
5. The selected compression type is applied to all the service levels.

Generate SAN Certificate

Below are the steps to generate SAN certificate with multiple IPs added in “Subject Alternative Name”. When application server tries to make a secure connection with NetOcean and NetOcean having multiple IPs virtual IPs assigned to it. When client is sending request to NO with IP:

1. Generate self-signed CA certificate (root-ca.pem). This will be installed on application. It will be added in trusted certificate list on application server to certify SAN certificate.
2. Generate SAN certificate that is signed with root-ca.pem. This will be used in NetOcean (NetOcean_SAN.pem).
   This certificate will be accepted by client for all the virtual IPs provided in SAN.

Step 1:  Generate private key (root-ca.pem) and CA certificate (root-ca.key)

Command:

openssl req -x509 -nodes -extensions v3_ca -days 3650 -newkey rsa:2048 -keyout  root-ca.key -set_serial  01 -out root-ca.pem

This is an example, provide the values according to requirements:

Step 2: Make a config file or fetch from /usr/lib/ssl/openssl.cnf update and use it. In config file (Eg. openssl.cnf), make entry for all secondary IPs or virtual IPs.

Step 3: Generate private key for SAN certificate (NOSAN.key):

Command:

openssl req -new -nodes -config openssl.cnf -subj “/C=US/ST=<state name>/L=<locality>/O=<organization name>/OU=QA/CN=<Common name / host name>/emailAddress=<email ID>” -days 3650 -newkey rsa:2048 -keyout NOSAN.key -set_serial 02 -out NOSAN.csr.pem

Output (Example):

Step 4: Generate SAN certificate where all virtual IPs are involved with help of self-signed cert and private key (root-ca.pem & root-ca.key):

Command:

openssl ca -config openssl.cnf -out NOSAN.pem -cert root-ca.pem -keyfile root-ca.key -days 3650 -batch -infiles NOSAN.csr.pem

Example:

Step 5: Append the SAN private key (NOSAN.key) and SAN certificate (NOSAN.pem) in a single certificate:

cat NOSAN.key >  NetOcean_SAN.pem

cat NOSAN.pem >>  NetOcean_SAN.pem

Installation of Self-Signed Root Certificate (Root-Ca.Pem) on Application Server

Generate Keystore from PEM file

1. Convert root-ca.pem to root-ca.crt

Command:

openssl x509 -outform der -in <fileName> -out <fileName>

Example:

openssl x509 -outform der -in root-ca.pem -out root-ca.crt

2. Upload root-ca.crt on application server in some location(/tmp).

3. Login to server with user having required permission (Eg. nzomsr).

4. Our application read certificate from :

Djavax.net.ssl.trustStore=/xxxxx/file/of/security/cacerts

Note: Certificate / trust store settings are different for different type of servers. User needs to find the server type, which he/she is using, and certificate settings for that server.

Add root certificate in existing Keystore

1. Import root-ca.crt by using the below command:

Command:

keytool -import -keystore <existing key store> -file /tmp/root-ca.crt -alias <alias name>

Example:

keytool -import -keystore /xxxx/file/of/security/cacerts -file /tmp/root-ca.crt -alias info@xxxxx.com

2. Enter keystore password: <password> Example: “changeit”

3. Enter “Yes” when system prompts for trust this certificate.

Example: Trust this certificate? [no]:  yes