idrbt project: application development in java for public key cryptography
DESCRIPTION
Intrnship project over: 1.building an easy to use application for public key cryptography using openSSL Libraries 2.Deployment of OX App Suite over Intranet and CloudTRANSCRIPT
0|P a g e
BUILDINGANEASYTOUSEAPPLICATIONFORPUBLICKEYCRYPTOYSTEMUSINGOPENSSLLIBRARY
&
DEPLOYMENTOFOXAPPSUITEOVERREDHATSERVERSYSTEMFORIDRBTINTRANETANDCLOUD
Submitted To:
INSTITUTE OF DEVELOPMENT AND RESEARCH IN BANKING TECHNOLOGY
ROAD NO. 1, CASTLE HILLS, MASAB TANK,
HYDERABAD-500057
Project Guide:
By:
Dr.N.P.Dhavale Shivashish Kumar
Deputy General Manager, Part‐III,
IDRBT,Hyderabad Mathematics and Computing
IIT(BHU),Varanasi
PROJECTREPORT:
1|P a g e
InstituteofDevelopmentandResearchinBankingTechnology
RoadNo.1,CastleHills,MasabTank,
Hyderabad‐500057
CERTIFICATE
Mr. Shivashish Kumar, student of Integrated M.Tech course at IIT(BHU),Varanasi in the
Department of Applied Mathematics was assigned the projects 1.”Building an easy to use
application for public key cryptosystem using openSSl libraries” 2.”Installation of OX AppSuite
over red hat server system for IDRBT intranet and cloud” under the guidance of INFINET
department of IDRBT. During the course of the project he has undertaken a study of Public Key
Infrastructure (PKI), Java Libraries and Networking Systems.
This is to certify that he has successfully completed the projects assigned to him as an intern at
Institute for Development and Research in Banking Technology, Hyderabad from May 13, 2013
to July 12, 2013.
Dr. N.P.Dhavale
(Project Guide)
Deputy General Manager
IDRBT, Hyderabad
2|P a g e
ACKNOWLEDGEMENT
Summer project is a golden opportunity for learning and self‐development. I consider myself very lucky and honored to have so many wonderful people lead me through in completion of this project.
I would like to express my sincere gratitude to the Institute for Development and Research in Banking Technology (IDRBT) and particularly Dr.N.P.Dhavale Sir, who was my guide during the course of the project. . I would not hesitate to add that this short span of time in IDRBT has added a different facet to my life as this is a unique organization being a combination of academics, research, technology, communication services, crucial applications etc. and at the same time performing roles as an arm of regulation, spread of technology, facilitator for implementing technology in banking and non‐banking system.
I am really grateful to Dr.N.P.Dhavale Sir who in spite of being extraordinarily busy with his duties, took time out to hear, guide and keep me on the correct path and allowing me to carry out my industrial project work at the organization and extending during the training. He helped all time when we needed and he gave right direction toward completion of project. I am also thankful to Mahesh Sir,Srihari Sir and Anuradha Madam with whom I worked throughout my stint at IDRBT and this project was possible only with their cooperation I am thankful to the staff of INFINET department at IDRBT for helping me to get familiar with the applications. They gave me a chance to study the application and its impact from different perspective. I am also thankful to my college, for giving me this Opportunity to work in a high‐end research institute like IDRBT. Lastly I will like to thank my family and friends for their support and all others who made this project successful either directly or indirectly Shivashish Kumar Project trainee
IDRBT, Hyderabad
3|P a g e
ABSTRACT
Project 1.”Building an easy to use application for public key cryptosystem using openSSl library” The project is about an application for public key cryptosystem using OpenSSL library. It consists of various functionality offered by the application, associated features, platforms used and methodology followed by the application. The report also has class diagram and sequence diagram to emphasize further about the application have actually been built and a way forward to summarize the task to be done further for this. Project 2.”Installation of OX AppSuite over red hat server system for IDRBT intranet and cloud”. The Project is about deployment of OX App Suite over IDRBT intranet .It discusses about OX App Suite, Its significance in IDRBT environment, and the stepwise instruction followed during the course of the project for its deployment. It also highlights about the steps required for moving to the cloud and the difficulties associated with it.
4|P a g e
TABLE OF CONTENT
Project I
1. Introduction................................................................................................................................ 7
2Project Description......................................................................................................................... 7-10
2.1 Application Software........................................................................................................... 7
2.2 Cryptography..................................................................................................................... 7-8
2.3 Cryptography Terms…………………………………………………………………
2.4 openSSL ……………………………...............................................................................
9-10
10
3. Objective....................................................................................................................................... 10
4 Functionality...............................................................................................................................
5. Platform...................................................................................................................................
6. Overview………………………………………………………………………………………..
7. Requirements.................................................................................................................................
8. Significance…………………………………………………………………………………
9. Methodology……………………………………………………………………………………
9.1 Sequence Diagram………………………………………………………………………..
9.2 Operating Instructions……………………………………………………………………
9.3 Class Diagram……………………………………………………………………………
10/Features………………………………………………………………………………………….
11. Way Forward……………………………………………………………………………………
Summary……………………………………………………………………………………………
References…………………………………………………………………………………………..
11
11
11-12
12
13
14-28
14
15-20
21-28
29-30
30
31
32
5|P a g e
Project II
1. Introduction................................................................................................................................ 34
2 Objectives.................................................................................................................................. 34
3. Definitions................................................................................................................................ 34-35
4 Platform………………………................................................................................................ 35
5. Requirements…………………………………………………………………………………
6. OX App Suite at
IDRBT……………………………………………………………………….
7. Installation and deployment…………………………………………………………………
5.1 OX App Suite over Intranet............................................................................................
5.2 OX App Suite over Cloud ………………........................................................................
Summary........................................................................................................................................
.
35
36
36-39
36-38
39
40
References...................................................................................................................................... 41
6|P a g e
PROJECT1
BUILDINGANEASYTOUSEAPPLICATIONFORPUBLICKEYCRYPTOSYSTEMUSINGOPENSSLLIBRARY
7|P a g e
1.INTRODUCTION
This project mainly concentrates about developing a Java based application which will let the
user perform different cryptographic instruction in GUI (Graphic user Interface) mode. The
developed application is a desktop application which on receiving various cryptographic
requests from the user will process and execute them accordingly. All the digital features of
Public key Infrastructure like key generation, certificates, message digest, encryption and
signatures have been combined with the application itself to make it a standalone application
2.ProjectDescription
2.1 Application software is all the computer software that causes a computer to perform useful tasks beyond the running of the computer itself. A specific instance of such software is called a software application or easy to use application
2.2Cryptography
Cryptography or cryptology is the practice and study of techniques for secure communication
in the presence of third parties
In modern era, there are 2 ways of cryptography:
1. Symmetric key cryptography
2. Public key cryptography
Symmetric‐key cryptography refers to encryption methods in which both the sender and
receiver share the same key. This method have historically been susceptible to known‐plaintext
attacks, chosen plaintext attacks, differential cryptanalysis and linear cryptanalysis.
Public‐key cryptography refers to a cryptographic system requiring two separate keys, one of
which is secret and one of which is public. Although different, the two parts of the key pair are
mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or
decrypts the cipher text.
There are two main uses for public‐key cryptography:
Public‐key encryption, in which a message is encrypted with a recipient's public key. The message cannot be decrypted by anyone who does not possess the matching secret key,
8|P a g e
who is thus presumed to be the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality.
Digital signatures, in which a message is signed with the sender's secret key and can be verified by anyone who has access to the sender's public key. This ensures that the message has not been tampered, as any manipulation of the message will result in changes to the encoded message digest, which otherwise remains unchanged between the sender and receiver.
This entire process of using public‐ key cryptography is public key cryptosystem
I image source gdp.globus.org
A public‐key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain.
Image source: ei4africa.eu
Fig2:PKISystem
Fig1:Publickeycryptography
9|P a g e
2.3CryptographyTerms:
2.3.1 Symmetric Key: Key that is used with the operations of a symmetric encryption scheme is
the symmetric key
2.3.2 Digital Certificate: In cryptography, a public key certificate or digital certificate is an electronic document that uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth.
2.3.3 Key Pair: Every digital certificate has a pair of associated cryptographic keys. This pair of keys consists of a private key and a public key. A public key is part of the owner's digital certificate and is available for anyone to use. A private key, however, is protected by and available only to the owner of the key.
2.3.4 Root Certificate: A root certificate is either an unsigned public key certificate or a self‐signed certificate that identifies the Root Certificate Authority (CA).
2.3.5 Certification Authority (CA): It is an entity that issues digital certificates
2.3.6Certification request: a certificate signing request (also CSR or certification request) is a message sent from an applicant to a certificate authority in order to apply for a digital certificate
2.3.7 Certificate signing: A CA issues digital certificates that contain a public key and the identity of the owner. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates.
2.3.8 PKCS#12 Certificate: PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.
2.3.9 Digital Signature: It is a mathematical scheme for demonstrating the authenticity of a digital message or document.
2.3.10 Message Digest: A cryptographic hash function is algorithm that takes an arbitrary block of data and returns a fixed‐size bit string, the (cryptographic) hash value, the data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply digests.
2.3.11 Encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.
10|P a g e
2.3.12 Decryption: The process of decoding data that has been encrypted into a secret format. Decryption requires a secret key (private or symmetric)
2.3.13 Cipher: a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well‐defined steps that can be followed as a procedure.
2.3.14 Base64 encoding: Base64 is a group of similar binary‐to‐text encoding schemes that represent binary data in an ASCII string format by translating it into a radix‐64 representation.
2.3.15 Crypto Token: A security token (or sometimes a hardware token, authentication token, USB token) may be a physical device that an authorized user of computer services is given to ease authentication
2.4 OpenSSL is an open‐source implementation of the SSL and TLS protocols. The
core library, written in the C programming language, implements the
basic cryptographic functions and provides various utility functions.
3.Objective
3.1Userfriendlyapplicationforsecuretransmission.
Basicaimistodevelopauserfriendlyapplicationsothatusercansecurelytransmitdataorinformation with limited knowledge about cryptographic algorithms. Any individual ororganizationcanrelyonthisapplicationforconfidentialityandauthenticityofresources
3.2Easyimplementationofcryptographicfunction
Cryptographic libraries are based on command line tools and are difficult to be used. ItrequiressequentialinstructiontobeprovidedmanuallythroughDOS.Thisapplicationwillmaketheuseofcryptofunction(openSSL)easythroughinterface.
3.3Combinationofdifferentfunctionalities
Application reduces the effort of executing commands one after another enabling user to view,
control, and manipulate multiple things simultaneously. Also application executes multiple
tasks to be performed in one step.
11|P a g e
4.Functionality
4.1 Generation of key pair and associated certificates including self‐signed root certificate.
4.2 Signature and verification of signature
4.3 Encryption and decryption
4.4 Combination of signature and encryption
5.Platform
5.1 Java using swing and awt packages 5.2 OpenSSL crypto libraries 5.3 Support for FIPS 140 label 2* complying crypto tokens.
6.Overview
The application has been developed in Java using different packages and libraries. Application has nine buttons in its homepage where each of the button performs a specific task it has been assigned with. With the click of the user, application executes the request for further processing. With each of the request, application asks for the input file and processes them using openSSL instructions to execute the output
* -> security standards
Fig3:screenshotofapplication’shomepage
12|P a g e
Buttons
6.1 Generate Key: This button generates private, public or key‐pair with specific number of bits and secure it with passphrase (if provided) using RSA algorithm
6.2 Generate Certificate: It provides the option to generate certificate request, to create a self‐signed root certificate for the system/Server with the mentioned validity period and name or to sign a certificate request using root CA account
6.3 Export PKCS#12 Certificate: It exports the certificate in .pfx format so as to be imported to the browser or other platforms.
6.4 Generate Digest: This button lets user create a digest for a given file, add digital signature for a message or to verify a signature
6.5 Encrypt/Decrypt: Encrypts a particular file using cipher through passphrase and similarly decrypts a file. It provides user with the option of base 64 encoding.
6.6 Generate Signature: This option lets user generate their digital signature for a message through signing certificate.
6.7 Sign & Encrypt: This button will create a compressed file containing encrypted form of the message along with the user’s signature, its certificate as well as the encrypted passphrase.
6.8 Verify Signature: This Command verifies the signature of the sender with the actual message sent
6.9 Decrypt & Verify: It decrypts the message received as well as verifies the signature to ensure authenticity of the message by selecting the files sent by the sender.
Default hashing algorithm: SHA1
Default Cipher: aes‐192‐cbc
7.Requirements
Java development kit(6.0 and above) Microsoft Windows Operating system 7‐Zip OpenSSL library (0.9.81 and above) FIPS 140 label 2 crypto tokens
13|P a g e
8.SignificanceatIDRBT
8.1CurrentScenario
IDRBT CA uses an application build by TCS for public key infrastructure requirement including signing certificates. It requires high end servers and huge database from oracle. Also IDRBT do not have its own application to provide assistance to banks for PKI on demand
8.2Drawback
Huge expenditure of money
Not complete utilization of huge resources due to small scale usage
8.3ProposedSystem
The application developed during this project requires a minimal cost for its usage and
will work properly in a small level organization such as IDRBT CA. Expenditure of small
amount of money for ensuring security of the application will be the only cost and the
application to serve the same purpose.
Different banks run multiple level of application which requires security like structured
financial messaging system (SFMS), National electronic Fund Transfer (NEFT) which must
be secured. This application will let IDRBT provide banks with public key cryptography
facilities on their request for enabling PKI facilities in their application.
14|P a g e
9.Methodology
9.1SequenceDiagram
Figure4:workflowmodel
15|P a g e
9.2OperatingInstruction
9.2.1GenerateKey
Click on generate key button from home page. Another frame will open up where user will have to select the path where key is to be stored. This is done using JFileChooser class of javax.swing package. User will also have to provide specific number of bits and passphrase (optional) User will finally select the choice to generate public key, private key or key pair. In case of key pair, application will first generate private key and then will itself write public key in the same file 9.2.2GenerateCertificate Click on Generate certificate button An option frame will open up to select for one of the provided option.
Fig5:Screenshotofkeygeneration
Fig6:Screenshotof certificateframe
16|P a g e
9.2.2.1 for certificate request, click on first button.
Another frame will open up asking user to provide with the instructions like validity and certificate name. After the instruction are provided, Certificate will be generated in .pem format 9.2.2.2 To generate self‐signed root CA account, user will need to click to second button.
Firstly, Root CA account have to be configured in the system by clicking on configure button. It will create a folder with the entire CA configuration files so that root certificate and keys get stored there Root certificate name and validity period have to be provided to generate the certificate. 9.2.2.3 To sign a certificate using root account, third option will be selected were CA admin will have to input its signing certificate It will ask for the root password through pop up box and if correct will sign the certificate
The message box is displayed using JOptionPane class of the javax.swing package
Fig7:Screenshotofcertificaterequest
Fig8:screenshotforRootCertificate
Fig9:screenshotforcertificatesigning
17|P a g e
9.2.3ExportPKCS#12certificate User will have to select the certificate file to be exported using JFileChooser class and the name of the certificate.
A click on export button will export the certificate in .pfx format in the selected location 9.2.4GenerateDigest Click on Generate Digest Button Another frame will open up asking user to input the message file .Also user will have the option to select the digest method from the dropdown menu (Optional) Digest of the method will be created in the same directory as inputfile_out.extension file
Fig10:screenshotforPKCS#12export
Fig11:screenshotforfileselection
Fig12:screenshotforgeneratingdigest
18|P a g e
9.2.5Encrypt/Decrypt* User will click on the Encrypt/Decrypt button and then encrypt or decrypt option Another Frame will open up asking user to provide the message file and passphrase (symmetric key) to be selected in GUI mode using JFileChooser class User can also select base 64 encoding option and cipher (optional). In case of encryption, it will then encrypt the file as inputfile_enc.extension in the same directory and similarly for decryption, it will decrypt the file as inputfile_dec.extension in same directory 9.2.6GenerateSignature User will click on the Generate Signature Button Another Frame will open up where users have to provide the input file for which signature has to be done and the signing certificate Application will extract the private key from the certificate in the backend and will then create the signature for the file using default/selected hashing algorithm as inputfile_sign extension in same directory
*‐>basedonsymmetrickeyalgorithm
Fig13:screenshotfordecryption*
Fig14:screenshotforsignatureframe
19|P a g e
A pop up window will display providing user the option to compress the message file with
signature. If selected, a .zip file will be created with the required document in selected folder
9.2.7VerifySignature: User will click on the verify Signature Button In the next frame User will provide the sender’s certificate, signature file and the actual message file. Application will extract the public key from the certificate to create digest from signature and then will check it with the digest of the message file If both will be equal, message box will display with “verified OK” or else “verification failed”.
9.2.8Sign&Encrypt
Fig14:Screenshotformessagebox
Fig15:Screenshotforverification
Fig16:Screenshotforsignature Fig17:Screenshotforencryption
20|P a g e
Click on Sign & Encrypt button.
Another Frame will open up where user will provide the required instruction for signing
Application will generate the signature by executing the provided inputs.
Further inputs will be asked in another frame for encryption like receiver’s certificate and
passphrase.
Actual text file will then be encrypted using selected/default algorithm and the passphrase will
be encrypted using public key of the receiver.
All these required documents will now be zipped in a single file created at the desktop.
92.9Decrypt&Verify User Will Click on the Decrypt & verify button Another frame will open up where user will have to select the compressed .zip file with the entire required file. Application will uncompressed the file and extract all the required documents. It will then decrypt the message file by first decrypting the symmetric key using the private key of the receiver and then using that symmetric key to decrypt the actual message file. Further, the digest of the actual message file is compared with the signature file to ensure the authenticity of the message
Fig18:Screenshotformessagebox
Fig19:screenshotfordecrypt&verify
21|P a g e
9.3ClassDiagrams
9.3.1Homepage
Figure20:Defaultpackage
22|P a g e
9.3.2KeyGeneration
Figure21:testpackage
23|P a g e
9.3.3Certificates
Fig22:Certificatepackage
24|P a g e
9.3.4Digest
Figure23:DigestPackage
25|P a g e
9.3.5 Encrypt/Decrypt
Figure24:encryptpackage
26|P a g e
9.3.6Signature
9.3.7VerifySignature
Figure25:signpackage
Figure26:verifypackage
27|P a g e
9.3.8Sign&Encrypt
Figure27:signencryptpackage
28|P a g e
9.3.9Decrypt&Verify
Figure28:userdecryptpackage
29|P a g e
10.Features
10.1EnhancedSecurity The application will ensures security of the keys by supporting crypto token reducing considerably the chances of any of its misuse.Compatilibity has been maintained between application and token so that keys and certificate generated will get stored in the token itself and the application will prompt the selection of certificate from there only.
Image source: blog.cryptographyengineering.com
10.2SelectionofAlgorithm:Facilitates the user to continue with the default ciphers and hashing algorithms or provide it themselves to ensure further security. A user based on his knowledge can either select suitable algorithms or can rely on the application to do it for them.
10.3AttachedLogfile An embedded Log File that is an excel file is associated with the application for complete record of files with performed operation. An administrator or owner of the system/organization Can always have a look regarding different operations and certificates used with the application
Fig29:cryptotokens
Fig30:Screenshotforlogfile
30|P a g e
10.4DataIntegrity
Access forces user to enter a value for a value in each column. User will not be able to leave
that field blank since a message will pop up to let a user know that they need to enter a value
for those fields
10.5Useofpassphrase
Application encourage the use of passphrase while generating keys/certificate which is always
advisable in cryptographic functions
11.Way Forward
11.1Complete reliance of the application with crypto token
Crypto tokens or USB tokens are the essential requirements for an public key cryptography
application to be complete. Application need to be completely relied on all sorts of USB tokens,
So that a user can feel safe and assured
11.2AttachedUserDirectory
A user directory or help file with step by step instruction should be clipped with the application for easy usage of application for the end‐user
11.3DeploymentoverIDRBTIntranetandcloud
Once the application is fully complete and tested, it can be installed in a server system as well
as to cloud to facilitate its usage for all the concerned staff
Fig31:Screenshotformessageboxforinputpath
31|P a g e
Summary
The application which was developed during the course of the project will have a tremendous impact at the end‐user level. The application will let user transfer data and information digitally in a much simplified way. At an organization like IDRBT, it will enable Public key infrastructure usage in a concise and easy manner .The application reduces the trouble of relying over multiple applications for different cryptographic function as it provides entire set of public key cryptosystem functionality and also enhanced security through its in‐built support for crypto tokens.
This project will also help IDRBT CA to cut off their expenditure as it provides a much easy and simplified way of signing certificate and will also help associated banks and concerned services for securely running their application. Application also has enhanced security features and support for lot many ciphers and hashing algorithms which will ensure that from a beginner to a professional user, it can be accessed by anyone. Administrator privileges have been ensured to reduce the chances of any misuse of application and certificates.
32|P a g e
References
Links http://www.openssl.org/
http://www.madboa.com/geek/openssl/
http://viralpatel.net/blogs/how‐to‐execute‐command‐prompt‐command‐view‐output‐
java/
http://www.fortystones.com/event‐handlers‐java/
http://stackoverflow.com/questions/17341944/how‐to‐store‐a‐file‐in‐java‐which‐is‐
generated‐on‐execution‐of‐a‐exe‐file
http://idrbtca.org.in/
http://www.eclipse.org/
http://en.wikipedia.org/
http://www.homeport.org/~adam/crypto/
http://www.watchdata.com/en/bank/
www.cgi.com/cgi/pdf/cgi_whpr_35_pki_e.pdf
citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.127...pdf
WatchSAFE ND 3.4 Std‐Briefing of the support for CryptAPI2.0.pdf WatchSAFE ND 3.4 Std‐Briefing of the support for PKCS.pdf java_2_complete_reference_(5th_ed)Herbert_Schildt
33|P a g e
PROJECT2
DEPLOYMENTOFOXAPPSUITEOVERREDHATSEVERSYSTEMFORIDRBTINTRANETANDCLOUD
image source:www.ox.io
Fig32:OXAppSuiteModel
34|P a g e
1.INTRODUCTION
OX App Suite provides a centralized cloud environment in which users can access email,
contacts, and calendar or address book without flipping back and forth between applications.
OX App Suite let user control all their digital activities from a single platform including managing
appointments, viewing and storing attachments.
To facilitates its usage for the IDRBT employees, it need to be installed over the network
through a server system and further over the cloud
2.Objective
Resolving compatilibity issues of OX AppSuite with private cloud
Deployment of OX app suite over Intranet
Configuration of the mail server and testing other functionality of the application
Study of IDRBT cloud and its feature and deployment of OX App Suite over meghdoot
stack( IDRBT Cloud)
3.Terminology
3.1 OX APP Suite: A centralized cloud environment that lets your users manage their digital lives. 3.2 Red Hat Enterprise Network(RHEL): It is a commercially supported derivative of Fedora tailored to meet the requirements of enterprise customers. It is a commercial product from Red Hat which also sponsors Fedora as a community project 3.3 Apache Web Server : The Apache HTTP Server, commonly referred to as Apache is a web
server software program. Apache supports a variety of features, many implemented
as compiled modules which extend the core functionality
3.4 Open Exchange Server: Open‐Xchange Server is a partially open source project sponsored
by Open‐Xchange, Inc. It is used for developing collaboration software such as email and
calendars.
3.5 MySQL: MySQL is an open source relational database management system (RDBMS) that runs as a server providing multi‐user access to a number of databases.
35|P a g e
3.6 Mail server: A mail server is a computer that serves as an electronic post office for email. Mail exchanged across networks is passed between mail servers that run specially designed software. 3.7 Intranet: An intranet is a computer network that uses Internet Protocol technology to share information, operational systems, or computing services within an organization. 3.8 Cloud Computing: It is a colloquial expression used to describe a variety of different computing concepts that involve a large number of computers that are connected through a real‐time communication network. 3.9 Image: cloud users install operating‐system images and their application software on the
cloud infrastructure. In this model, the cloud user patches and maintains the operating systems
and the application software
3.10 Virtual Machine: A virtual machine (VM) is a software implemented abstraction of the
underlying hardware, which is presented to the application layer of the system. It is a software
implementation of a machine (i.e. a computer) that executes programs like a physical machine.
3.11 Security Group: A security group acts as a firewall that controls the traffic allowed to reach one or more instances. When cloud administrator launches a VM it is assigned with one or more security groups.
4.Platform
4.1 Red Hat Enterprise Linux(RHEL) OS/CentOS operating system
4.2 Apache Webserver
4.3 MySql
4.4 OXAppSuite
4.5 Open Exchange Server
5.Requirements
5.1 Windows/linux/mac Operating system
5.2 Idrbt Intranet
5.3 OX user account in the server system
36|P a g e
6.OXAppSuiteatIDRBT
6.1GoverningCouncilInstructions Directive from the governing council of IDRBT to test the application in our own environment to
look for the functionality it offers.
6.2Advantageous Application will have tremendous effect on the day to day working of employees helping them
to store attachments, maintain appointment and contacts digitally
6.3Security Though this application can run over OX cloud but its deployment over intranet will ensure
security of the data as everything will be within the premises and better management
7.InstallationandDeployment
7.1OXAppSuiteoverIDRBTIntranet 7.1.1Methodology 7.1.1.1RHELOperatingSystem
OX App Suite is supported only on Linux based Servers, so a Red Hat enterprise Linux operating
system is installed over Windows OS using Virtual box.
7.1.1.2AddOpen‐XchangeRepository
Open‐Xchange maintains public available software repositories for different platforms, such as
RHEL. This repository was added to the RHEL installation to enable simple installation and
updates.
7.1.1.3Updatingrepositoriesandinstallingpackages
RHEL operating system was updated and following packages were downloaded using the
instruction:
37|P a g e
yum install mysql‐server open‐xchange open‐xchange‐authentication‐database\
open‐xchange‐ajp open‐xchange‐cluster‐discovery‐static open‐xchange‐admin open‐xchange‐
appsuite \
open‐xchange‐appsuite‐backend open‐xchange‐appsuite‐manifest
7.1.1.4Open‐Xchangeconfiguration
Open Xchange database is initialized and a connection is established between the local server
and the database
7.1.1.5Configurationofservices
Apache webserver files are configured properly to access the groupware frontend.
Mod_proxy_ajp module was configured by creating a new Apache configuration file.
Default website settings were modified to display the Open‐Xchange Graphic User
interface(GUI)
7.1.1.6Addingservicestorunlevels
The new services were installed and configured, but to make them start up on a server boot,
some run levels were added
$ chkconfig ‐‐level 345 mysqld on
$ chkconfig ‐‐level 345 httpd on
$ chkconfig ‐‐level 345 open‐xchange on
Fig33:ScreenshotforOXAppSuitelogin
38|P a g e
7.1.1.7Creatingcontextsandusers
After the whole setup is complete and we got a login screen when accessing the server with a
web browser, a context and default user account is created and various functionality of the
application is tested.
7.1.2Result:
Open Xchange Application is running over the Intranet and can be accessed at IP
172.16.0.22.End user accounts were created and all the functionality were checked. Mail server
was configured and attachments were uploaded and stored using the account and were also
viewed digitally. Multiple numbers of accounts were created with different set of data and log
out and deletions of account feature were also tested.
Fig34:ScreenshotforAppSuiteUserHomepage
39|P a g e
7.2OXappsuiteoverCloud*
7.2.1Methodology
OX App Suite is supported only on Linux based operating system, so a centos/red hat
image need to be created in the private cloud
Once the image is created ,application need to be deployed over the virtual machine
with described image
A new security group will be created with all authorized systems(who have the access
right to OX App Suite) and the defined virtual machine will be made accessible to it
7.2.2Advantages
Better management of accounts with effective performance and maximum coverage.
Scalability and sustainability
Effective performance and coverage
All time support irrespective of server system
7.2.3Technicaldifficulty
As of now, there is no virtual machine with Linux based image in the cloud. So an image needs
to be created in the cloud. It requires a virtual drive of the OS which is not available in the
organization.
*‐>IDRBTprivatecloud
40|P a g e
Summary
OX App Suite is a cloud based application which manages the digital life of the user through a
single platform. The deployment of the application requires execution of some
technical/nontechnical step which was performed and effectively we have OX App Suite
running over the Intranet. It will have to be maintained by the administrator of the server
system and a user over IDRBT network can utilize its features
Application need to be moved to the private cloud of IDRBT which is very essential for
performance and security purposes and working for this have been started already. There are
some technical difficulties but once it will be solved application can be moved to the easily to
the cloud by performing the steps.
41|P a g e
References
http://oxpedia.org/wiki/index.php?title=AppSuite:Open‐
Xchange_Installation_Guide_for_RHEL6
https://www.ox.io/
http://www.redhat.com/products/enterprise‐linux/
http://www.mysql.com/
https://en.wikipedia.org
http://httpd.apache.org/
http://www.rackspace.com/knowledge_center/article/creating‐a‐new‐cloud‐server‐
cloning‐from‐a‐saved‐image
http://stackoverflow.com/
http://www.south.cattelecom.com/Technologies/CloudComputing/0071626948_chap0
1.pdf