With Purveyor, you can use the Internet to reach customers and potential customers, update product information, and solicit feedback over the Web. Because many companies already use OpenVMS, Purveyor provides an easy transition to Web publishing, using the familiar OpenVMS operating system interface. Even if you are unfamiliar with Web publishing, you can use Purveyor’s sample forms and templates, as well as the online help system, to create your own Web pages.

With the Purveyor WebServer you can:

• Publish information for Web clients in a local area network (LAN), or Intranet. This helps eliminate the costly and time-consuming task of printing new information, decreases support calls from customers, and ensures people who access the page that they have the latest information. People can use forms on your Web page to place product orders or complete survey information, contact customer service, or access documents with product information and updates.

• Use the Internet to reach customers and potential customers, update product information, and solicit feedback over the Web.

• Make an easy transition to Web publishing.

• Use Purveyor’s sample forms and templates, as well as the online help system, to create your own Web Pages.

• Use the WebSearch and WebIndex utilities to search for information contained in local Web documents. This is useful to research customer information, sales statistics, product information, and so on.

• Use provided sample HTML Web Pages and forms with the Common Gateway Interface (CGI). CGI is a mechanism that supports end-user developed applications. This means you can use your Web server to let clients send e-mail, access databases, and create forms that use a wide variety of applications.

• Write several types of CGI programs: command procedures (.COM files); executable programs (.EXE files); and dynamic link library executables (.DLL files). You can also write scripts in interpreted languages. In addition to supporting CGI, Purveyor provides sample application programs you can customize to your needs.

• Track the frequency of requests and the identities of requesters when you provide product information pages or downloadable software. The Purveyor WebServer provides full logging and report-generation facilities. The system supports transaction logging, including time, date, HTML page, and the requestor’s IP address.

• Use the WebServer as a proxy server.

• Screen users for access to the Internet based on the protocol they use. You can also use the Purveyor WebServer as a proxy server to filter requests that originate from a LAN according to the URLs and location of the person making the request.

• Cache Web documents for LAN users who use the Purveyor WebServer as a proxy server.

Purveyor’s Server Features

• Complies with latest specifications of HTTP, CGI, HTML, and SSL
• Understands HTTP HEAD, GET, and POST methods
• Supports CGI programs (CGI V1.1) and HTML forms
• Supports multiple virtual servers
• Supports proxy server-to-proxy server
• Supports directory browsing
• Supports clickable image maps
• Implements virtual paths that allow data to be served from more than one disk and root directory
• Supports server-parsed HTML (sometimes known as server-side includes)
• Supports HTTP Basic Authentication mechanism, with multiple realms
• Supports Secure Socket Layer Version 2.0 (SSL)
• Allows access control by IP address to individual files, virtual paths, and the entire server
• Supports transaction logging (customizable)
• Supports Remote Server Management (RSM)

Purveyor’s OpenVMS Features

• Available for Digital Alpha and VAX systems
• Runs as a VMS detached process for optimum response time
• Handles multiple simultaneous connections and adapts to load using static and dynamic worker processes, providing better performance in symmetrical multiprocessing (SMP) environments
• Can be configured remotely using Remote Server Management, storing the information in a configuration database
• Can be reconfigured without stopping and restarting the server
• Supports multiple IP addresses
• Optional access to user-supplied Web pages
• Supports multiple unique configurations for true multi-site hosting

Purveyor’s Architecture

The major components of Purveyor are the controller and workers. Figure 1 shows the Purveyor architecture using one controller and multiple workers.

Figure 1 Controller and Workers in Purveyor's Architecture

The controller manages the worker processes by dynamically controlling the number of workers needed as the load increases or decreases. The controller creates new workers as the load increases and requests workers exit as the load decreases. You specify the minimum and maximum number of workers. The controller accepts incoming connections and dispatches the request to a worker for processing. The controller writes the log file from information provided by the workers.

Workers process the HTTP request, serve the documents (which might require running CGI subprocesses), and implement access control (security). The controller and the workers send messages about significant events to the operator communication manager (OPCOM).

Protocol Compatibility

The Purveyor Encrypt WebServer is compatible with existing Web protocols, including HTTP. The WebServer can communicate with an existing Web browser, including a standard browser. However, a communication channel with a standard browser is not secured.

The WebServer implements the Secure Socket Layer Protocol (SSL) Version 2 protocol for transaction security at the transport level of TCP/IP. The SSL is layered beneath application protocols, such as HTTP, and layered above TCP. When SSL is in use, the communication channel is secure.

Remote Server Management

Purveyor uses Remote Server Management (RSM) to configure the WebServer. With RSM, you can

• Specify the port and address for incoming connections.
• Specify the worker’s account and worker parameters.
• Create and manage virtual servers and virtual paths.
• Manage key certificate functions, such as assigning key pairs to virtual servers.
• Set and manage access controls to files and directories.
• Monitor and manage transaction logging.
• Configure Purveyor as a proxy server and enable proxy caching.
• Select icons for use with Gopher and MIME.

The Secure Socket Layer Features

The Secure Socket Layer Protocol (SSL) provides transaction security between two communicating applications (a browser and a server). Purveyor’s SSL uses authentication and encryption technology developed by RSA Data Security, Inc.

Using SSL, the Purveyor Encrypt WebServer delivers:

• Server authentication
  
  The protocol authenticates the server and, optionally, the browser, and extends access control to files and directories on the server.

• Data encryption
  
  Data is readable only by persons who have a key to decrypt the data, ensuring privacy of information.

• Message integrity
  
  Transactions are protected against modifications by unauthorized users.

With Purveyor’s Remote Server Management configuration options you can define the server and security configuration to meet your needs, allowing you to secure directories and files so they can be transmitted only over a secure channel.

Key Management and the SSL

The Purveyor Encrypt WebServer provides for the management of multiple keys. The server stores keys locally and they are accessible through a user-specified password. On some browsers, you can select from keys of the appropriate type for a given transaction.

As the system administrator for the Purveyor Encrypt WebServer, you can

• Create private keys specifying a password.
• Create public key certificate requests that can contain the public key and the encrypted private key.
• Assign private key and public key certificates to virtual servers.

Export Restrictions

The United States Government, on the recommendation of the National Security Agency (NSA), requires that export licenses be applied for, and that software be reviewed if any export product contains cryptographic material.

In July 1992, in an agreement with the Software Publishers Association (SPA), the NSA agreed to the export of cryptography with weak session keys. The agreement covers only two proprietary ciphers: RC4 and RC2 with 40-bit key schedules.

To conform to the export requirements, the Secure Socket Layer Protocol (SSL), used by Purveyor for encryption, specifies variants of the RC4-128 and RC2-128 ciphers, which in effect use only 40-bit keys. Any implementation that conforms to the protocol can be exported provided it uses only the weakened ciphers. Process Software Corporation has two versions of the Purveyor Encrypt WebServer: one is for use only in the United States and Canada and is not for export; and the other is for use elsewhere. The two servers are identical except for the encryption strength required to comply with the Federal regulations. When you purchased your Purveyor Encrypt WebServer, you received the proper license and kit for your location.

Keys for the export-grade ciphers are actually 128 bits in length; however 88 bits of the key are sent in the clear and only 40 bits are RSA encrypted.

You cannot download, export or reexport in any manner any of the software for this product or associated information or technology unless you fully comply with all United States laws and other applicable laws and regulations. You cannot download, export, or reexport any of the software or associated software into, or to a national or resident of, specifically (but not limited to) the following countries: Cuba, Haiti, Iraq, Libya, Yugoslavia, North Korea, Iran, or Syria; nor to anyone listed on the US Treasury Department’s Specially Designated Nationals list or the US Commerce Department’s Table of Deny Orders. By accepting the software, you agree to these conditions and laws, and you represent and warrant that you are not located in or under the control of, nor a resident of any country listed here or on any such list.

Encapsulation

The Purveyor Encrypt WebServer uses encapsulation techniques compatible with known standards to convert cryptographic information into a transmittable format. The Purveyor Encrypt WebServer uses PKCS-7 or PEM encapsulation format.

Enhanced Common Gateway Interface

Your Purveyor WebServer can invoke Common Gateway Interface (CGI) programs with the

• Cryptographic status of the incoming request; for example, signed, encrypted, none, or signed and encrypted
• Signer
• Cipher information; for example, key size and type

Improving Corporate Communications

You can greatly enhance your communications to external customers and to employees alike when you use the Purveyor WebServer on a LAN. By having your own internal Web, you can create Web pages and forms, such as Annual Reports, product data sheets, customer surveys, and technical questionnaires for your customers to use. Internally, individual departments can customize their own project report forms, time sheets, and circulate corporate information among departments. Combined with Purveyor’s security features, you can be ensured that sensitive employee data, for example payroll and personnel records, remain confidential but easily accessible by authorized users only.

Purveyor’s access control features allow you to deploy existing applications over the Web by sharing files within workgroups or among particular users. You can also share confidential information and vary the degrees of access using Purveyor’s point and click security.

Network Security

Purveyor offers a flexible, secure environment for managing access to documents on the server. Purveyor is fully integrated with OpenVMS but lets you create separate user and group databases for the server. You can control access to server resources by username and group, IP address filtering, or any combination of these. You can also control access to server resources by HTTP request method type. Purveyor provides full protection against unauthorized use.

The following sections contain basic Web information you should be familiar with before using a Web server. The sections include:

• The World Wide Web
• Browsers and Servers
• Uniform Resource Locators
• HyperText Transfer Protocol
• Multipurpose Internet Mail Extensions
• Home Pages