You are on page 1of 14

SwissQual®...

Media Server
Installation Manual

(ÍRKUá)
Installation Manual

Test & Measurement

6334273783 ─ 01

SwissQual will. transmitted. if necessary. QualiPoc iQTM. SwissQual has made every effort to ensure that eventual instructions contained in the document are adequate and free of errors and omissions. VQuad-HDTM are trademarks of SwissQual AG. QualiPoc FreeriderTM. QualiWatch-STM. Diversity® as well as the following logos are registered trademarks of SwissQual AG. Trade names are trademarks of the owners. Seven.com/ Printed in Germany – Subject to change – Data without tolerance limits is not binding. For information. see the "Open Source Acknowledgement" on the user documentation CD-ROM (included in delivery). SwissQual®. All rights reserved. VQuad®. KG. NiNATM. No part of this publication may be copied. Diversity RangerTM. NQTMTM. protected and privileged intellectual property. Diversity UnattendedTM. VMonTM. NQAgentTM. QPControlTM. SwissQual’s liability for any errors in the documents is limited to the correction of errors and the aforementioned advisory services. QualiPoc®.2015 SwissQual AG. transcribed. NQDITM. QualiPoc MobileTM. explain issues which may not be covered by the documents. NQWebTM. Diversity ExplorerTM.swissqual. When you refer to a SwissQual technology or product. NQViewTM. or translated into any human or computer language without the prior written permission of SwissQual AG.Five®. stored in a retrieval system.com Internet: http://www. you must acknowledge the respective text or logo trademark somewhere in your text. QPViewTM.The firmware of the instrument makes use of several valuable open source software packages. NetQual®. TestManagerTM. NiNA+TM. QualiWatch-MTM. All information in this document is regarded as commercial valuable. Confidential materials. and is provided under the terms of existing Non-Disclosure Agreements or as commercial-in-confidence material. NQCommTM. © SwissQual AG Allmendweg 8. SQuad®. 4528 Zuchwil. R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. QualiPoc StaticTM. SystemInspectorTM. distributed. . Rohde & Schwarz would like to thank the open source community for their valuable contribution to embedded computing. Copyright 2000 . Switzerland Phone: +41 32 686 65 65 Fax:+41 32 686 65 66 E-mail: info@swissqual.

................. 5 1........ 14 Installation Manual 6334273783 ─ 01 3 ............................ 5 1............................................................................................................... 10 3.......................... 11 3..........9 3.........14 6.......................................................1 Enabling Streaming Through a Firewall.............1 System Settings........................................2.......................12 5 Configuring SSL Support for FTP...................5 Managing Users.........................................................................8 3.............4 After You Configure the Media Server................ 8 3.................................14 6.................................................................................................................................................................................1.........................................................................11 3......... 6 2 Installing the Media Server...........1 SELinux...............................................................................................................................................1 Configuring Red Hat........................................................................................................................SwissQual®.......................................................................................................................................1 Physical and Virtual Network Interfaces................................2 Configuring Darwin....... 11 4 Configuring HTTPS for QualiPoc......... 13 6 About Security............................7 3 On-Site Configuration............1.............. Contents Contents 1 Introduction..................................................................3 Configuring Postfix..................................................................................................1 Configuring the Network Interfaces................8 3.........................................2 Remote Access.....

..SwissQual®. Installation Manual 6334273783 ─ 01 Contents 4 .

download the Enterprise Server Edition x64 of Red Hat 6 from http://www.com with your SwissQual login information. Introduction Configuring Red Hat 1 Introduction The following sections describe how to install and set up a SwissQual media server. 1-1: Adding the squser Installation Manual 6334273783 ─ 01 5 . This document assumes that your server has been pre-installed with the Red Hat Enterprise Linux 6 operating systems. add a user with the name squser.redhat. Select the Desktop installation option and register your installation with Red Hat before you continue to ensure that yum package management utility works properly. 1.. If the server does not have a Red Hat 6 installation.1 Configuring Red Hat When you start the server for the first time. you need to perform the following tasks: ● Configure the BIOS to reboot the server after a power failure ● Choose a strong password for root ● On the Create User page in the startup wizard.SwissQual®.. Ensure that you assign this user a strong password. Fig.

and then click "Firewall". click "Disable". For information on why you need to disable SELinux. point to "Administration". To set the host name 1. and then click "OK".yourdomain. To disable SELinux 1. Note: Do not reboot the computer or modify the firewall settings. Type the following command and then type your password at the prompt: su 3.. point to "Administration". On the "Applications" menu. On the "Applications" menu. In the "Firewall Configuration" window. and then click "Apply". "About Security". click your location on the map. On the "System" menu. On the "System" menu. Replace the SELINUX and SELINUXTYPE lines with the following lines : SELINUX=disabled SELINUXTYPE=targeted 4. and then click "Terminal". and then click "Date & Time". Change the hostname to a fully qualified domain name with the following command: hostname mediasrv001. 2. 2. on page 14. and then click "Terminal". Introduction Configuring Red Hat 1. and then click "OK". 2. Note: You need root access to disable SELinux.1. 4. On the "Time Zone" tab. type the root password. Type the following command: sudo mcedit /etc/selinnux/config 3. Save the file and quit the text editor. point to "System Tools". To disable the firewall 1. and then press ENTER. Installation Manual 6334273783 ─ 01 6 . point to "System Tools".SwissQual®. 2.1 System Settings Ensure that the system has the correct time zone setting and that SELinux is disabled. Click "Yes" to confirm the configuration change. see chapter 6. 3. At the authentication prompt. The media server installer script performs these actions.. To set the time zone 1.local Note: To view the current hostname. type hostname. Note: You need root access to disable SELinux.

3. 4. mod_python. Right-click the folder that contains the installation files and click "Open in terminal". that is. keyboard.log 2>&1 5. httpd. 2. on page 8. you need to complete the configuration on-site.. You need root access to install the media server. that is. for example. and mouse to the computer.SwissQual®. see the chapter 3. including the SwissQual daemons ● Creates a configuration file for the physical network interface ● Creates a configuration file for a virtual network interface You need this second interface if you want to tunnel the stream from Darwin through a firewall that only allows streaming through port 80. After you install the server.. dovecot. the script automatically reboots the server. At the end of the process. The installer script for the media server performs the following actions: ● Installs the mc. Type the following command: sh install. For more information. Installation Manual 6334273783 ─ 01 7 . squser. gprs01 and gprs02 You created the user for remote server administration. Installing the Media Server 2 Installing the Media Server This section describes how to install the SwissQual Media Server on a Red Hat Enterprise Linux 5 server. services that the media server does not need ● Enables the daemons that the media server needs. a CD-ROM or USB stick. and postfix packages ● Creates the user accounts that SwissQual software requires.sh > install. "On-Site Configuration". in the previous chapter. Connect a monitor. ● Installs the SwissQual UDP download server and the Darwin Streaming Server (Darwin) ● Copies the configuration settings for the media server ● Disables the daemons. that is. Log in as root and insert the media that contains the installation files. To install the media server 1.

1.. see chapter 3.a.0 ● IP address of the gateway 3. To complete the tasks in this chapter. Open a terminal and type the following command: sudo mcedit /etc/sysconfig/network-scripts/ifcfg-eth0 Note: For RedHat 6. keyboard.1 Physical and Virtual Network Interfaces If the media server is not behind a firewall or the firewall has the streaming ports open. you need to connect a monitor.b. if you intend to use the "Streaming on Port 80" option on Darwin.b. ● Two DNS names that point to the static IP addresses ● Two Domain Name Server IP addresses ● Local domain name.255.2.1 Configuring the Network Interfaces You need to obtain the following information from the local network administrator to configure the Ethernet card of the server: ● Two static IP addresses: If the media server has two Ethernet interfaces In the following sections.255. you need to assign two static IP address to the Ethernet card that connects the media server to the Internet. "Enabling Streaming Through a Firewall". and mouse to the media server.b. You also need root access to perform these tasks. 3. However. on page 10. Installation Manual 6334273783 ─ 01 8 . The second address is for the virtual network interface which the Darwin uses.1. The first address is for the physical network interface which the Apache web server uses..local ● Subnet mask or netmask for the network. You only need the second IP address if you want to use the Streaming on Port 80 option on Darwin. For more information. for example. Replace the italicized values in the following lines with the values that you received from the local network administrator. these IP addresses are represented by a.a.a and b. To configure the physical network interface 1.3 and newer type the following command: mcedit /etc/sysconfig/network-scripts/ifcfg-em1 2. On-Site Configuration Configuring the Network Interfaces 3 On-Site Configuration This section describes the configuration tasks that you need to complete on-site.SwissQual®. 255. for example. you only need to configure the physical network interface. swissqual.

you need to specify a few settings. On the "Secure Administration" page. On the "MP3 Broadcast Password" page. NETMASK=255. 3. Note: If you want to stream the server over TCP port 80. 4.b. On the "Media Folder" page. Open a terminal and type the following command: mcedit /etc/sysconfig/network-scripts/ifcfg-eth0:0 2. 6. 5. click "Log Settings". and then click "Finish". leave the "Secure Administration (SSL)" check box blank. On the "Streaming on Port 80" page.a GATEWAY=IP address of gateway DNS1=IP address of first nameserver DNS2=IP address of second nameserver 3.. Disable Access Logging. On the "Log In" page. select "Streaming on Port 80". type admin in the "User Name" and "Password" boxes. Open a browser and go to: http://localhost:1220.b. type and re-type a new password. Save the file and quit the text editor.SwissQual®. Replace the italicized values in the following lines with the values that you received from the local network administrator.255.255. Save the file and quit the text editor.0 IPADDR=b. b) Clear the "Logging" check box in the "Access Log" area. 3. and then click "Next".a. click "Next". a) In the Navigation pane on the left. 2.2 Configuring Darwin The first time you log in to Darwin. and then click "Next".b 3. To configure Darwin 1. click "Finish".a.0 IPADDR=a.. To configure the virtual network interface (if available) 1.255. 7. On-Site Configuration Configuring Darwin BOOTPROTO=none NETMASK=255.255. Installation Manual 6334273783 ─ 01 9 .

Save the file and quit the text editor... Bind the server to the IP address of the physical network interface.1 Enabling Streaming Through a Firewall If you enable the "Streaming on Port 80" option on Darwin. If you enabled the Streaming on Port 80 option.a. where a.conf 2. c) Re-type the new password and press ENTER. <PREF NAME="bind_ip_addr" >0</PREF> c) Save the file and quit the text editor. a) Open a terminal and type the following command: qtpasswd admin. Save the file and quit the text editor. Open a terminal and type the following command: mcedit /etc/streaming/streamingserver.a is the IP address of the physical network interface: Listen a.a. <PREF NAME="bind_ip_addr" >0</PREF> 3. On-Site Configuration Configuring Darwin Note: Access Logging generates large log files which can cause the admin interface of the Darwin server to become unresponsive. 127.a:80 3. Replace the Listen 80 line with the following line.xml b) Replace the 0 in the following line with the IP address of the physical network interface. Open a terminal and type the following command: mcedit /etc/httpd/conf/httpd.a.2.SwissQual®. b) Type the new password and press ENTER. 9. To configure Apache to listen on the first network interface 1.2. you need to bind the server to the virtual network interface. Installation Manual 6334273783 ─ 01 10 . 8.a. on page 10.1. Replace the 0 in the following line with the IP address of the virtual network interface. For more information.a. chapter 3. To configure Darwin to listen on the second network interface 1.a. Change the password for the admin account on Darwin.xml 2.a.0. "Enabling Streaming Through a Firewall". for example. you need to configure Apache to listen on port 80 of the physical network interface and Darwin to listen on port 80 of the virtual network interface. a) Open a terminal and then type the following command: mcedit /etc/streaming/streamingserver. a. 3.0.2.

. and mouse.domain. Remove the comment from the following line and replace host. To configure Postfix to use the correct hostname 1. keyboard.4 After You Configure the Media Server After you complete the configuration of the media server. type the password for the user. Open a terminal and type the following command: useradd username 2. Add the user to the qpuser group.tld with the Fully Qualified Domain Name (FQDN) of the media server. At the prompt. passwd username 3.SwissQual®. 3.. Open a terminal and type the following command: mcedit /etc/postfix/main.cf 2. You can now disconnect the monitor.tld Changes to: myhostname = FQDN of the media server 3. you need to reboot the machine to ensure that the daemons (services) run correctly. #myhostname = host.5 Managing Users The installation script creates the following user accounts on the media server: ● gprs01: For testing ● gprs02: For testing ● squser: For media server remote access ● QPUser: For NQComm to QualiPoc connectivity To add a new user 1.3 Configuring Postfix You need to configure the Postfix software to use the hostname of the media server. On-Site Configuration Configuring Postfix 3.domain. open a terminal and type the following command: userdel -r username Installation Manual 6334273783 ─ 01 11 . You can use SSH to remotely log in to the squser account on the media server. qpuser username ► To remove a user.

d/httpd restart Installation Manual 6334273783 ─ 01 12 . mcedit /etc/httpd/conf. Store the myserver. c) Add your values to this entry. Note: Nokia devices only accept thwate SSL certificates. Open a terminal and become root.SwissQual®. 4. Send the CSR.csr Note: Ensure that you enter your e-mail address so that the Certificate Authority (CA) can contact you. /etc/rc. Create the public key and the Certificate Signing Request (CSR) for the server. Enable HTTPS on the media server. You need this protocol if you want to use the https option in QualiPoc.conf b) Remove the comments from the <Virtualhost *:443> entry.d/swissqual.csr file to a CA to obtain a SSL certificate for the server. To configure the media server for HTTPS connections 1. 2.. go to http://www. openssl req –new –nodes –keyout myserver. contact our support center for help. 3. Configuring HTTPS for QualiPoc 4 Configuring HTTPS for QualiPoc This section describes how to install the Secure Sockets Layer (SSL) certificate to enable the HTTPS protocol on the media server. Note: This file is the public key for the HTTPS connection.key file in a folder on your media server. that is.d/init. 6.thwate..conf file in a text editor. the server.pdf document for the best method to contact us.com 5. To buy a thwate certificate. a) Open the swissqual. Please consult the Customer Support Center. Save the httpd.key –out server. Note: If you do not know how to edit this entry.conf file and type the following command to restart the server.

you might need to manually configure FTP SSL support. Configure the firewall. a) Type the following command: service firewall stop b) Copy the following file to /etc/rc.conf certificate.crt 2. Open a terminal and type the following command: service vsftpd restart 3. Log in as root and copy the following files to /etc/vsftpd/: ● ● ● vsftpd..conf vsftpdimp. look in the /etc/vsftpd/vsftpd. Installation Manual 6334273783 ─ 01 13 . To check if SSL is enabled on the server.SwissQual®.. firewall c) Type the following command: Service firewall start Note: This process opens the 11000 to 11500 ports in the firewall.conf file or attempt an FTPS connection to the server.d/. You also need to open these ports on each additional firewall in the network where you will use the server. To configure SSL support for the FTP server 1.d/init. Configuring SSL Support for FTP 5 Configuring SSL Support for FTP Depending on when you received your media server.

Otherwise. SwissQual does not support the use of SELinux since the security features of the media server provide enough protection.. About Security SELinux 6 About Security This section briefly describes the security features of the SwissQual media server. If you do need to send the password by mail. This reduced number of daemons decreases the amount of open ports and hence the number of possible vulnerabilities. If you do not think that the security is sufficient.pdf document for the best method to contact us. Instead. send an SMS with the password or use a phone to communicate the password.1 SELinux The installer script for the media server overrides the default firewall settings of the Red Hat installation and disables unnecessary daemons. you need to use the squser account to remotely access the server. 6. Installation Manual 6334273783 ─ 01 14 . provide our support center with the use case that demonstrates the actual security risks of the current setup. 6. then send the IP address and the user name in a separate mail. Avoid sending the password for the squser by e-mail.SwissQual®. you cannot remotely log in to the media server with the root account.. Please consult the Customer Support Center.2 Remote Access To reduce the chances of a brute force attack.