EMI Registry (EMIR) Service Reference Card
Functional Description
EMI Registry(EMIR) is a federated service registry aimed at discovering the services in a robust, scalable, and secure manner. The clients and external service providers can use the REST API to register and discover the service endpoints.
Daemons Running
N/A
Init Scripts And Options (start|stop|restart|...)
The EMIR server can be started/stopped through the shell scripts, which are being included in the binary and source distribution. The location of these scripts varies depending on type of to-be-installed bundle. If using the RPM distribution, the emir server can be started or stopped with "/etc/init.d/emi-emir" script.
Configuration Files Location With Example Or Template
The configuration files can be found under the "conf" directory, the files are:
- dsr.config: main configuration of the server port, acl, and scope
- certs: includes the demo server and user certificates
- log4j.properties: logging configuration
- emir.acl: contains pairs of X500 principal and the associated role
- inputfilters: containing a set of attributes which will be matched against every incoming registration request to the server, thus rejects if matched successfully
- outputfilters: containing a set of attributes, which prevents synchronization of matching service endpoint information with other registry nodes
- xacml2Policies: Containing a collection of XACML 2.0 compliant policy files,
- xacml2.config: configuration for setting up the XACML 2.0 engine
- users: Have XML files containing users' attributes
In Linux distribution, e.g. RPM or .deb, the configuration files can be located in /etc/emi/emir.
Log File Locations (And Management) And Other Useful Audit Information
The default log files can be located inside logs folder. The logs normally get appended on daily basis, however, the behavior can be controlled/changed by editing the log4j.properties file (see the previous section). In case of Linux, the logs can be found under /var/lib/emi/emir.
Open Ports
The default opened port is 54321, the property can be found and changed in dsr.config file.
Possible Unit Test Of The Service
The test run internally while building with maven, thus can be executed with "mvn test" command
Where Is Service State Held (And Can It Be Rebuilt)
The state is being maintained in
MongoDB and embedded SQL datasore. Therefore, while installing it is essential pre-requisite to setup the
MongoDB (v2.x.x), the configuration for setting up the database is mentioned in the dsr.config file
CRON Jobs
N/A
Security Information
Access Control Mechanism Description
The access control mechanism in EMIR is decentralized, implying every EMIR server node has its own access control policies. There are two alternatives to perform access control, which can be used exclusively, i.e. ACL, XACML
How To Block/Ban A User
By removing the entry (X500 principal) from acl file will prevent the client from registering the service endpoint information, though the client with valid X.509 will still be able to access the query interface.
Network Usage
EMIR requires a single port to server the client requests
Firewall Configuration
N/A
Security Recommendations
Avoid running as root user
Security Incompatibilities
N/A
List Of External Packages That Are Not Maintained By The Supported OS
N/A
Utility Scripts
N/A
--
ShirazMemon - 16-Nov-2011