SpringSource ERS FAQ

What is Enterprise Ready Server (ERS)?
ERS is the SpringSource binary distribution of Apache HTTP and Tomcat servers. ERS contains Apache HTTP and a number of extensions including OpenSSL, Perl, PHP, OpenLDAP, FTP, and others, as well as Apache Tomcat and Sun JVM. ERS is provided to greatly ease maintenance of the web tier for companies who wish to deploy Apache and Tomcat while having access to binary bugfixes ands security updates.

Is ERS some kind of proprietary server?
No, ERS is not a proprietary server. It is our certified, indemnified distribution of ASF Apache and Tomcat. We use the same Apache Software Foundation (ASF) source code, and the engineers who compile ERS Apache and ERS Tomcat are some of the same engineers who compile the ASF distributions you can get at apache.org. We guarantee that applications that run on ASF Apache and Tomcat will also run on ERS Apache and Tomcat.

How is ERS different from ASF Apache or Tomcat?
ERS differs from ASF Apache and Tomcat in two major ways. First, SpringSource provides binary patches and bug fixes for ERS Apache and Tomcat. The ASF tends to not create patches for existing versions, but instead will roll bug and security fixes into new versions. This means that to get a fix you need to wait for the next version to be released, and then you must upgrade your entire server. SpringSource provides value by backporting these fixes and compiling them into binary patches that can be dropped into an existing installation, fixing only the issues and not requiring a full version upgrade. The second major difference is that ERS supports multiple instances of Apache and/or Tomcat with a single installation. This means a single set of binaries can run any number of Apache and Tomcat instances on a single operating system. This provides value in a number of ways, from allowing administrators to test new configuration changes without touching current system configuration, to allowing multiple instances of Tomcat and Apache running on the same box at the same time. ERS is also QA-tested and includes indemnification from liability.

Is SpringSource Enterprise Ready Server available worldwide?
Yes, except in those countries that are subject to U.S. export controls such as Iran, Iraq, Libya, Syria, Sudan, North Korea, and Cuba. What Versions of Apache and Tomcat are available in ERS? The current release, ERS 4, provides three different versions of Apache (2.2.9, 2.0.63, 1.3.41) and three different versions of Tomcat (6.0.18, 5.5.27, and 4.1.37). You can download any one or all six versions.

What platforms and operating systems are supported in ERS?
ERS is provided on five major operating system families: Linux, Solaris, Windows, AIX, and HPUX. ERS supports both 32 and 64-bit operating systems and supports different chip architectures such as SPARC, IBM Power, Intel x86/ AMD Opteron, and others. Contact sales for a detailed support matrix. What extensions to Apache are provided? For example in our Apache 2.2.9 package we include mod_jk 1.2.26, Perl 5.8.8, PHP 5.2.6, OpenSSL 0.9.8h, and OpenLDAP 2.3.39. Support for all of these is included.

What is on the roadmap for ERS this year?
This year we plan to extend PERL with libxml2, libxslt, openssl, openldap, and zlib compression support. We will also be enhancing both PERL and PHP packages by including libgd/png/jpeg support, and including clients for BerkeleyDB, Oracle, SQLite and PostgreSQL and MySQL databases. What PHP modules and extensions are included in ERS PHP 5.2 in ERS 4 includes support for libxml2, libxslt, openssl, openldap, libiconv, zlib compression and zts threading support for Apache HTTP worker MPM.

What if the PHP extension I need is not included in ERS PHP?
The PHP provided in ERS does not include every known PHP extension. If the extension you need is not included, SpringSource supports your ability to add those extensions into PHP. We provide knowledge base articles and technical support to walk you through the process. SpringSource also provides professional services to customize PHP on request if you would prefer we add the extension on your behalf.

How does Enterprise Ready Server benefit a Java/Tomcat user?
You have the option to install three different versions of Apache Tomcat when you install the Enterprise Ready Server – version 4.1.x, 5.5.x or 6.0.x. Tomcat is the reference implementation of the Java Server Pages (JSP) and Java Servlet specifications.ERS Tomcat also includes three different versions of the Sun Java 2 Standard edition (J2SE).

What is the DAV module?
The DAV module implements the standard WebDAV protocol, allowing distributed Web authoring tools to interact with the Apache Web server. If your company is an ISP, and you would like to give your customers a way to update the content on their site without giving them access to your server, DAV is a structured way to manage content through the Web server, rather than the standard FTP protocol to upload and download files.

What is mod_perl?
Mod_perl (written by a former SpringSource employee) enables PERL applications to be run natively in Apache HTTP. PERL is one of the most widely used languages for CGI scripts. Mod_perl improves the performance and security of Perl CGIs by bringing them inside Apache.

How does Enterprise Ready Server work with the MySQL database management system?
SpringSource Enterprise Ready Server provides PHP with MySQL support. Contact SpringSource Support if you require further details.

TLS support is mentioned for SpringSource SSL. What is TLS support, and what are the benefits?
Transport Layer Security (TLS) is the third incarnation of Secure Socket Layer (SSL) protocol. Since SpringSource SSL supports both SSL and TLS, you can support a wider variety of secure connections.

Does SpringSource SSL support Global Server IDs?
Yes. The SpringSource SSL module supports the use of Global Server IDs (GSID), which upgrade standard 40-bit browsers to use full 128-bit security. GSID server certificates are issued to those organizations which meet U.S. government criteria.

Is a trusted third party the same thing as a Certificate Authority?
Yes, a Certificate Authority (CA) is a trusted third party that certifies specific claims about public keys.

Are all Certificate Authorities the same?
No. Well-established companies such as VeriSign, Equifax, Thawte, GTE Cybertrust, and Entrust are regarded as the most commonly trusted CAs. If your certificate is signed by a relatively unknown company your customers may not trust your Web site's reliability.

Does each virtual host need a separate certificate?
Yes, usually. Browsers verify that the server name in the server's digital certificate matches the server name in the URL being accessed. If they do not match, it may indicate a security problem, so the browser will warn the user. Some Web hosting sites have worked around this by getting one certificate for the main site, and serving all secure Web pages from that site. In most cases, this is harmless; however, it may be disconcerting to users who are expecting a secure transaction with one site, but are presented with a certificate for a different site. So if you want to use virtual hosts with SpringSource SSL, it's best to have a certificate for each virtual host serving secure pages. SpringSource SSL fully supports per-virtual-host certificates.

Why should I pay money to get a digital certificate for my server?
While your digital certificate can be issued by any Certificate Authority (CA), most Web browsers contain a list of trusted CAs, such as VeriSign or GTE CyberTrust. If your certificate is not signed by one of those trusted authorities, your users will get a security popup and may avoid your site.

How can I get a digital certificate?
ERS includes the portions of OpenSSL that are used to generate a Certificate Signing Request (CSR). Submit the CSR to the CA of your choice for signing.

What Certificate Authorities does SpringSource support?
SpringSource SSL supports almost all CAs, and has relationships with VeriSign, Thawte, Entrust, and Equifax.

Does ERS FTP allow files to be transferred securely?
Yes. SpringSource FTP provides SSL encryption, and is compatible with both SSL and TLS (Transport Layer Security, the third incarnation of Secure Socket Layer (SSL) protocol), in order to support a wider variety of secure connections.

Does ERS FTP encrypt the data channel or the command channel?
Both. SpringSource Enterprise FTP Server supports encryption of user IDs, passwords, and FTP commands as well as the data that is being transferred.

Does ERS FTP support Implicit or Explicit SSL?
ERS FTP provides two methods of implementing SSL: Implicit SSL and Explicit SSL. The decision to use Implicit SSL or Explicit SSL is a policy choice dictated by the enterprise. ERS FTP provides support for both.

What is Implicit SSL?
Administrators select Implicit SSL if they require FTP clients to be "SSL enabled." With Implicit SSL, the socket is setup immediately for secure communication and no clear text is passed between the client and server. These servers usually run on port 990. With this mode of operation, only clients that support SSL will be permitted access. Also no AUTH command is needed when using Implicit SSL, since all control and data connections are secure.

What is Explicit SSL?
Administrators implement Explicit SSL when they want to provide access to a mixture of FTP clients. With Explicit SSL, the user connects like standard FTP (i.e., without any security required). When a user requests sensitive data, the server can then require the client to upgrade to a secure connection. The advantage of Explicit SSL is that SSL is not required of the client, so older clients will be able to access the server.

What is the advantage of transferring files via FTP rather than HTTP?
With bandwidth management and data flow control, FTP is the most efficient and reliable protocol to transfer large files over a TCP/IP network. FTP is simple to implement, reliable, and commonly available.

How does ERS FTP provide additional security?
SpringSource Enterprise FTP Server takes advantage of the filtering capabilities of Apache HTTP to enable FTP to be used with SSL. Both FTP and SSL are simply modules within the Apache framework, and the ability of Apache to cascade filters allows FTP to incorporate SSL. This enables IDs and passwords to be encrypted, as well as encryption of the transmitted data itself. And since SSL supports digital certificates, so, then, does FTP. Along the same lines, you can enforce client authorization on a per request basis.

How does ERS FTP increase integration with my existing infrastructure?
Securing FTP transmissions have typically involved cumbersome workarounds that increase infrastructure complexity. Because SpringSource Enterprise FTP is incorporated within the same Apache server that is serving HTTP, workarounds and FTP-dedicated infrastructure elements can be eliminated. And because SpringSource Enterprise FTP is incorporated within the same Apache server that is serving HTTP, the same configuration syntax can be shared for both FTP and HTTP, for example the same LDAP directory can be used to authentication users requesting Web pages and files.

How does ERS FTP improve performance?
It can take advantage of the performance-tuning capabilities of the underlying Apache 2.0 structure. You can choose the balance between performance and scalability by picking the desired Apache processing module (pre-fork, threaded, hybrid). Requests are handled from a pool of workers instead of starting a process for each request. How are Apache HTTP and Tomcat integrated in ERS? Integration between Apache and Tomcat is provided in ERS. In older versions of Apache mod_jk was the most common method of forwarding requests to Tomcat from Apache. With Apcahe 2.2 the mod_proxy family of modules has become the recommended choice due to its simplicity and ease of troubleshooting. SpringSource provides both mod_proxy and mod_jk and supports both methods.

Does ERS support LDAP authentication? How about Microsoft Active Directory?
Yes ERS includes mod_auth_ldap built on OpenLDAP which enables authentication via LDAP servers. Server support includes OpenLDAP as well as Microsoft Active Directory Server and others. ERS also supports LDAP authentication over SSL.

What FTP clients will work with ERS FTP's SSL capabilities?
The clients in the following list have been tested by SpringSource. Please check back periodically for updates.

• bsdftpd-ssl (http://bsdftpd-ssl.sc.ru/)
• CuteFTP PRO 2.0 (http://www.globalscape.com/products/cuteftppro/index.asp)
• Glub Tech Secure FTP (http://www.glub.com/products/secureftp)
• WS_FTP Pro (http://www.ipswitch.com/Products/WS_FTP/index.html)
• FTP Voyager (http://www.ftpvoyager.com/)
• LFTP (http://lftp.yar.ru/)