O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Asiabsdcon2017

Carregando em…3
×

Confira estes a seguir

1 de 20
1 de 20

Mais Conteúdo rRelacionado

Audiolivros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo

Asiabsdcon2017

  1. 1. FreeBSD System Administration Using SysAdm Dru Lavigne Director of Technical Documentation, iXsystems AsiaBSDCon March 11, 2017
  2. 2. What is SysAdm? BSD-licensed framework for administering local or remote FreeBSD/TrueOS systems. Built into TrueOS, available as a FreeBSD package, src is available on GitHub.
  3. 3. Features Complements FreeBSD's built-in configuration files. Provides graphical and scriptable methods for performing routine system administration tasks. Includes a notification system to alert of events that require attention.
  4. 4. Components Server: daemon to listen for connection requests. Client: graphical front-end for connecting to and interacting with the server. Bridge: experimental connection relay.
  5. 5. SysAdm Server Install and run on the system to be managed. Provides middleware to facilitate interactions between the user and the managed system.
  6. 6. SysAdm Server Supports JSON text format over two connection types: REST: single-request connection that requires user and password authentication with every request. WebSockets: long-lived connection for pure JSON input/output. Uses one-time authentication with a configurable inactivity timeout/disconnect.
  7. 7. SysAdm Server Requires TLS encryption over HTTPS or WSS. Requires username/password authentication or an SSL public/private key pair. Enforces configurable connection timeouts and blacklisting.
  8. 8. Server API Provides a set of classes for managing the system. All configuration changes are performed directly to the built-in configuration files (i.e. not to a configuration database).
  9. 9. Server API Each API class provides a list of actions to view or change the current state of a configurable element. API requests can use either a one-time (REST) or long-lived (WebSockets) connection. The SysAdm API Reference Guide describes each class, its actions, and usage examples.
  10. 10. SysAdm Client Suite of graphical utilities to provide a front-end to the SysAdm API's classes and actions. Written in Qt5 to maximize cross-platform support. Currently available for FreeBSD, Windows, and OS X.
  11. 11. SysAdm Client Integrates into the system tray in order to provide event notifications. Client utilities are listed in a graphical Control Panel. List of available utilities may vary, depending upon what is installed on the system.
  12. 12. SysAdm Client Access to remote system disabled until admin configures secure Websockets connection. Valid username/password required for first connection at which time a unique SSL key pair is created, registered, and required for subsequent connections.
  13. 13. SysAdm Client Registered certificates/keys stored on client in an encrypted file protected by a password. Encrypted client settings can be imported/exported. Graphical Connection Manager provided for generating keys and managing connections.
  14. 14. SysAdm Bridge Experimental component to manage connections to systems with dynamic addresses or which reside behind a firewall. Bridge requires a static, public IP address but can be hosted elsewhere, such as on a cloud-based virtual machine.
  15. 15. SysAdm Bridge Designed to be a completely untrusted relay. Servers and clients use a separate SSL certificate when talking to the bridge to ensure that their real certificate isn’t used to connect to an unknown system.
  16. 16. SysAdm Bridge Once connected to the bridge, the server/client sends MD5 of real SSL certificate. The bridge responds with the ID and location of any systems which list that MD5 in their configured certificate list.
  17. 17. Resources https://sysadm.us https://github.com/trueos/sysadm/ https://github.com/trueos/sysadm-ui-qt http://api.sysadm.us/
  18. 18. Questions? Contact dru@freebsd.org URL to slides http://slideshare.net/dlavigne/asiabsdcon2017

×