Patent Application
20050278723
The field of invention relates generally to a system and method for remote administration and management of computers running the Linux operating system from a management interface running on a computer running the Windows operating system. More specifically, the invention relates to software processes and methods that are used in the management client software, the management server software, and the communications protocols required for the client and one or more servers to interact.
It can be appreciated that for many years, computers have been used to store data. Similarly, computer printers have been attached to such computers to allow such data to be printed to paper. To make it possible to share data, printers, and other resources, computer networks evolved. A common design of networks is a server computer that is accessed by one or more client computers. In this way, the server computer is a shared resource, providing access to data stored on it, as well as to other resources such as printers that are attached to it either directly, by a network, or other means. It will be recognized that the network referred to could be a wire-based network such as an Ethernet network, a wireless network, or some other kind of network. Another aspect of such networks is that the server computers authenticate access to themselves and the resources they provide. Much as a person must display his or her credentials when passing through a security checkpoint to, for example, enter a building, a user on a computer network requiring authentication must provide security credentials to gain access to a specified resource. One example of the aforementioned authentication scheme is the Domain Controller system implemented by the Microsoft Windows family of operating systems, in which a particular server runs as a Domain Controller, authenticating users to access particular network resources.
To store data and provide access to resources, the server computers described typically run an operating system, which is a piece of software that controls the basic functions of the server. The operating system, by itself, or in conjunction with additional modules installed on top of it, provides functions such as file and print sharing, as well as the authentication services described above. One such operating system is the Microsoft Windows operating family of operating systems, including products such as Microsoft Windows NT, Microsoft Windows Server 2000, and others. Another such operating system is the Linux operating system, distributed by companies such as Red Hat, Novell, and others. A third such operating system is the FreeBSD operating system. There also exist implementations in which the entire system, including functions typically provided by the operating system, is implemented in hardware, for example in a single chip, such as the BCM47MMC80 chip from Broadcom.
Similarly, client machines run an operating system and other modules or programs to gain access to data and resources stored on the server. One example of a client operating system is the Microsoft family of operating systems, including Windows 95, Windows 98, Windows 2000, Windows XP, and others. For the clients and servers to communicate with each other, they must transfer data over a common protocol, similar to the way that two people must speak the same language to communicate with each other. One common protocol is the Server Message Block protocol, or SMB. SMB is a protocol used for sharing files, printers, serial ports, and other types of communications resources. One skilled in the art will recognize that SMB can operate on top of multiple underlying network protocols, such as the TCP/IP protocol. One implementation of SMB is the Common Internet File System (CIFS).
Authentication also requires a common protocol between client and server. One such protocol is called NTLM (NT LanMan (LAN Manager)). NTLM is implemented by a number of operating systems, such as the Microsoft Windows family of operating systems. NTLM is also implemented by the Samba program, a program that runs on the Linux operating system, among others, and provides the SMB/CIFS and NTLM protocols to servers running Linux, allowing these servers to provide access to their resources to clients running the same protocol, such as clients running a member of the Microsoft Windows family of operating systems.
In addition to file, print and authentication services, servers provide other services such as networking services like the Domain Name Service (DNS), a name lookup service, the Dynamic Host Configuration Protocol (DHCP), which allows an Internet Protocol (IP) address to be assigned to a client computer dynamically, and others. Additional services may include the ability to back up data, scan for viruses, and other functions.
As such, a server is a complex device to operate. A system administrator, the person responsible for setting up a server and for its on-going operation, must configure all the services properly, ensure that hardware is correctly installed, configure the file shares to be made accessible to clients, configure permissions that determine who will be authenticated for what resources, and so on. This is a very complex, time-consuming, and error-prone process. System Administrators often require years of training before they become experts. For a given server operating system, the interface and services, while providing similar capabilities to clients (because they support the same protocol), are often configured through very different user interfaces. This means that an administrator skilled in the operation of a Windows Server might find it difficult or impossible to configure a server running the Linux operating system without significant training.
Windows administrators, for example, are typically familiar with the widely used Microsoft Management Console (MMC), a program used to manage Windows Servers. The Microsoft Management Console is a management framework program, meaning that it supports a number of snap-ins, e.g. additional modules, developed by Microsoft or by third parties. Such snap-ins present their user interface within the MMC, and are built and developed as libraries that are loaded by the MMC.
A Linux administrator, however, is more likely to use the command line and to edit configuration files by hand. Thus, administrators who would like to run the Linux operating system on their server but who are only familiar with administering a server running the Windows operating system find it difficult or impossible to deploy a server running the Linux operating system because they cannot configure and operate it using a familiar interface.
It will be recognized that server computers may be administered using a keyboard, mouse, and monitor directly attached to the server. But more often than not, such administration is done remotely, e.g. over a network connection. While the protocols for sharing resources and authenticating users are well-documented, those for remotely administering a particular server operating system are not.
Traditionally, administrators had little desire to run mixed environments, in which a server would run the Linux operating system while a client would run a Windows operating system. More recently, however, administrators have, for a variety of reasons, desired to run the Linux operating system to serve clients running the Windows operating system. As described above, however, such administrators face the difficult problem of having to learn a different user interface to configure and operate the server. The present invention addresses this problem by making it possible for these administrators to administer one or more Linux servers from a Windows client, and more specifically, in other words, through an interface with which they are familiar and comfortable, reducing to almost zero their learning curve, and increasing their ability to deploy their operating system of choice on the server, without having to worry about what interface they will use to administer it.
In accordance with aspects of the present invention, embodiments of systems and methods for remote administration and management of computers running the Linux operating system from a management interface running on a computer running the Windows operating system are disclosed. More specifically, the embodiments relate to a number of software modules, communications protocols, and processes for this remote administration. By enabling system administrators, e.g. those who manage computer systems, to manage one or more servers running the Linux operating system from a system running Windows, the invention provides a unique and novel way for administrators to manage these servers.
In one aspect, a remote management snap-in (a programmatic library) is installed on a machine running a member of the Windows family of operating systems and operates in the Microsoft Management Console (MMC), a general framework program used for managing computer systems. The snap-in provides an administrator with a user interface to view information about and to configure a remote server. The snap-in communicates with a daemon (a software program) running on the server, to send commands to and receive commands from the server. Settings viewable and configurable by the user via the snap-in include file shares available, users that can access them, printer resources, network settings and services, hardware configuration information, and other configuration settings. One skilled in the art will recognize that the settings described here are not exhaustive and may include but are not limited to the ability to start and stop services, to view and edit a print queue, to configure authentication and directory services, and the like. One skilled in the art will also recognize that the snap-in may be running on a Windows computer connected by a network link to the server, or it may be running on the server itself, either inside a virtual machine running the Windows operating system, or on top of a compatibility library that allows Windows programs to run on a machine running the Linux operating system.
In another aspect of the present invention, a communication protocol is used to allow the client and server to communicate, such that the client can send commands to the server, and the server can send information to the client, to alert the client to changes to the system, and so on.
In another aspect of the present invention, the commands sent and received are described using the Extensible Markup Language (XML), a language used to describe information. XML is a simple, flexible text format originally designed to meet the challenges of large-scale electronic publishing, but adapted, for the present invention, to describe commands and results for server management. It will be recognized that other description languages could be used, such as raw text or programmatic structures. The XML can be sent as text or compiled into binary form to take up the least space possible during transmission. The XML commands are described by a schema that indicates the types of data and commands that the snap-in and remote management daemon/configuration module can process.
In another aspect of the present invention, the commands are sent over a secure link. In the particular implementation, the link is a secure shell (SSH) link, but it will be recognized that any of a number of secure link mechanisms can be used, including Secure Sockets Layer (SSL), among others. Commands and data can be sent over an unencrypted, non-secure link. However, it is important that servers be managed in a secure fashion so that people without rights to access the server or malicious programs such as computer viruses do not gain access to the server and alter its operation.
The foregoing aspects and many of the attendant advantages of this invention will become more readily appreciated as the same becomes better understood by reference to the following detailed description, when taken in conjunction with the accompanying drawings, wherein like reference numerals refer to like parts throughout the various views unless otherwise specified:
Embodiments of method and apparatus for remote management of a server running a version of the Linux or UNIX operating system from a client computer running a version of the Windows operating system are described herein. In the following description, numerous specific details are set forth (such as the C and C++ programming languages indicated as the language in which the software described is implemented) to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention can be practiced without one or more of the specific details, or with other methods, components, materials, etc. In other instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the invention.
Reference throughout this specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
During a typical remote management operation, remote management snap-in 104 sends commands over communication link 116 to remote management daemon 112. In another embodiment, a computer emulation environment, such as “Microsoft Virtual PC” or “VMWare Workstation” runs on computer 102. A version of the Linux operating system is installed inside the emulation environment, and server 108 resides as a virtual machine inside the emulation environment. In this embodiment, commands are routed to the computer emulation environment running on computer 102.
In one embodiment, commands are written in the Extensible Markup Language (XML); an exemplary XML command format is shown in
Remote management snap-in 104 is implemented with a number of programmatic functions. In particular, initialization functions 806 are called by MMC 818 to load the snap-in. In one embodiment, a DLLMain function loads remote management snap-in 104, while a QueryInterface function call returns the interfaces, e.g. other functions, supported by snap-in 104, and a CreateInstance function call creates instances of the classes supported by the snap-in.
Remote management snap-in 104 includes various user interface functions 810 that display information to the user and receive input from the user. In one embodiment, a function OnShow in class SharesFolder creates columns in the user interface and adds the names and descriptions of shared folders to the user interface. Function OnExpand of class PropertiesFolder expands the contents of the treeview containing properties of a computer that the remote management snap-in is managing. In addition to the aspects of remote management snap-in illustrated in
Remote management snap-in 104 further includes an XML Parser 814, which parses XML data returned from remote management daemon 112, such as the exemplary fragment shown in
Remote management snap-in also includes various network functions 812, which are responsible for sending data to and receiving data from the remote management daemon. For example, function RecvData of class DataThread receives data using TCP/IP socket functions, while function SendData of class DataThread sends data, such as the XML fragment shown in
Processing functions 808 interact with the functions and mechanisms described above to perform the processing work of remote management snap-in 104. Function GetShares of class Core interacts with network functions 812 and XML Generator 816 to get the names and descriptions of shares from remote management daemon 112. Function ConfigureDomainController of class Core interacts with the aforementioned functions to configure a target server as a domain controller. Function CreateFileServer of class Core interacts with the aforementioned functions to create and configure a file server, that is, to send the appropriate commands to remote management daemon 112 so that server 108 is configured as a file server.
In an innovative technique, the present invention displays a series of screens making up a wizard to the user through the interface running on Windows client 102, but the result of these wizards, such as modifications to server configuration, occur on the remote server (e.g., server 108) running the Linux operating system or a UNIX-based OS.
For example, operations and logic performed during a domain controller configuration process are shown in
If the necessary software modules are already installed, or once they are installed in block 714, configuration module 110 modifies the server configuration in a block 716. Remote management daemon 112 then returns updated status information to remote management snap-in 104 in a block 718, with the status information being displayed in MMC 106 running on windows client 02. It will be recognized that the updated information may or may not be displayed immediately; rather it might be available to the user through other user interface options, through voice commands, or other means.
The GetShares command shown in
Furthermore, data may be sent from remote management daemon 112 to Windows client 102 even without the client requesting information from the server; for example, when a user connects to a share on the server and the user connection count increases for the specified share, the server sends a notification message to the client, indicating the increased connection count for the specified share. Other notification messages are possible.
If remote management snap-in 104 successfully connects to remote management daemon 112, the process proceeds to a block 608, wherein the snap-in queries remote management daemon 112 for status information, including, but not limited to, directories that are shared on the server. Remote management daemon 112 sends the status information back to Windows client 102, and remote management snap-in 104 displays the status information in a block 610. While remote management snap-in 104 is running, the user interacts with the snap-in to change configuration settings in a block 612. In one embodiment, the user creates a new file share via remote management snap-in 104. In a block 614, the configuration changes are sent over the network to remote management daemon 112. In response, remote management daemon 112 interacts with configuration module 110 SO that the server configuration is modified, as depicted in a block 616. After the configuration modification completes, status is returned to snap-in 104 in a block 618 to complete the process.
It will be recognized that communication that occurs between remote management snap-in 104 and remote management daemon 112 can occur in a variety of ways. In one embodiment, the connection is established and maintained between remote management snap-in 104 and daemon server 112. In another embodiment, the connection is created and terminated for each communication between remote management snap-in 104 and remote management daemon 112. In yet another embodiment, no connection is established; messages are sent via the connectionless User Datagram Protocol (UDP).
As discussed above, the remote management functions are implemented via execution of software components on a Windows client and the remote server(s) being managed. Thus, embodiments of this invention may be used as or to support a software program executed upon some form of processing core (such as the CPU of a computer) or otherwise implemented or realized upon or within a machine-readable medium. A machine-readable medium includes any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer). For example, a machine-readable medium can include such as a read only memory (ROM); a random access memory (RAM); a magnetic disk storage media; an optical storage media; and a flash memory device, etc. In addition, a machine-readable medium can include propagated signals such as electrical, optical, acoustical or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.).
A monitor 914 is included for displaying graphics and text generated by firmware, software programs and program modules that are run by computer system 900, such as system information presented during system boot. A mouse 916 (or other pointing device) may be connected to a serial port, USB (Universal Serial Bus) port, or other like bus port communicatively coupled to processor 912. A keyboard 918 is communicatively coupled to motherboard 908 in a similar manner as mouse 916 for user entry of text and commands. In one embodiment, computer system 900 also includes a network interface card (NIC) or built-in NIC interface (not shown) for connecting computer system 900 to a computer network 930, such as a local area network (LAN), wide area network (WAN), or the Internet.
Computer system 900 may also optionally include a compact disk-read only memory (“CD-ROM”) drive 922 into which a CD-ROM disk may be inserted so that executable files, such as an operating system, remote management snap-in, remote management daemon, and data on the disk can be read or transferred into memory 910 and/or hard disk 906. Other mass memory storage devices may be included in computer system 900.
The above description of illustrated embodiments of the invention, including what is described in the Abstract, is not intended to be exhaustive or to limit the invention to the precise forms disclosed. While specific embodiments of, and examples for, the invention are described herein for illustrative purposes, various equivalent modifications are possible within the scope of the invention, as those skilled in the relevant art will recognize.
These modifications can be made to the invention in light of the above detailed description. The terms used in the following claims should not be construed to limit the invention to the specific embodiments disclosed in the specification and the claims. Rather, the scope of the invention is to be determined entirely by the following claims, which are to be construed in accordance with established doctrines of claim interpretation.
