Managing Flash Media Server
Trademarks 1 Step RoboPDF, ActiveEdit, ActiveTest, Authorware, Blue Sky Software, Blue Sky, Breeze, Breezo, Captivate, Central, ColdFusion, Contribute, Database Explorer, Director, Dreamweaver, Fireworks, Flash, FlashCast, FlashHelp, Flash Lite, FlashPaper, Flash Video Encoder, Flex, Flex Builder, Fontographer, FreeHand, Generator, HomeSite, JRun, MacRecorder, Macromedia, MXML, RoboEngine, RoboHelp, RoboInfo, RoboPDF, Roundtrip, Roundtrip HTML, Shockwave, SoundEdit, Studio MX, UltraDev, and WebHelp are eith
Contents About This Manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Intended audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 About the Flash Media Server documentation . . . . . . . . . . . . . . . . . . . . . 8 Typographical conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Flash Media Server on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Starting the Flash Media Admin Service in Windows. . . . . . . . . . . . 58 Starting the Flash Media Admin Service on Linux . . . . . . . . . . . . . . 58 Using the fmsmgr utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Chapter 2: Deploying Flash Media Server. . . . . . . . . . . . . . . . . . . 61 Typical configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adaptor.xml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Summary of Adaptor. xml tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148 Description of Adaptor.xml tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150 Vhost.xml file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162 Summary of Vhost.xml tags. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
About This Manual Macromedia Flash Media Server 2 enables one-to-one, one-to-many, many-to-one, and many-to-many communication in real time between applications created in Macromedia Flash 8. Developers create these applications using ActionScript, a scripting language based on the same standard used by the JavaScript language.
System requirements Flash Media Server can be deployed on the following systems: ■ Microsoft Windows 2000 Server or Windows 2003 Server - Standard Edition running on a Pentium III 1-GHz processor or faster (Dual Pentium 4 or faster recommended). Windows XP is acceptable for developing and testing applications. ■ Linux Red Hat Enterprise Version 3.0 and Linux Red Hat Enterprise Version 4.0 running on a Pentium III 1-GHz processor or faster (Dual Pentium 4 or faster recommended).
Typographical conventions The following typographical conventions are used in this book: indicates ActionScript statements, XML tag and attribute names, and literal text used in examples. ■ Code font ■ Italic indicates placeholder elements in code or paths. For example, /settings/myPrinter/ means that you should specify your own location for myPrinter. ■ Directory paths are written with backslashes (\) for servers running on Microsoft Windows systems.
About This Manual
1 CHAPTER 1 Managing the Server As a Flash Media Server administrator, you’ll need to perform several administrative tasks after the server is installed. This chapter describes how Macromedia Flash Media Server is configured when you first install it, how to set up additional administrators, and how to monitor the server’s activity. For many of these tasks, you’ll use the management console that was installed with the server. This chapter describes the management console in detail.
You can configure Flash Media Server 2 as an origin or edge server, configure adaptors and virtual hosts and change the location of the applications directory by editing the server’s configuration files and creating directories in the server’s conf directory. For more information, see Chapter 2, “Deploying Flash Media Server.” The default server administrator has the user name and password you chose during the Flash Media Server installation, and is defined in the Users.xml configuration file.
To edit the tag in the Vhost.xml file: 1. Locate the Vhost.xml file for the virtual host you are working with. 2. Open the file in a text editor. 3. Replace the path inside the AppsDir tag with the path of your choice, such as C:\Server Files\applications. Do not use quotation marks. To specify multiple directories, delimit each directory path with a semicolon. 4. Save the Vhost.xml file. You must restart the server in order for this change to take effect.
Deploying server-side scripts In developing applications for Flash Media Server, you may decide to use server-side scripts to implement some of the functionality. To deploy server-side scripts, you can store them in your registered application directory for the application that uses them or in a scripts directory (which you create) within your application directory. Server-side scripts should always reside on the computer where Flash Media Server 2 is installed. For example, you could store the main.
4. In the Services list, scroll down and select Flash Media Server. 5. Click the Stop button at the top of the control panel. The server shuts down. To restart the server in the Services control panel: 1. Open the Services control panel. 2. Select Flash Media Server. 3. Click the Start button at the top of the control panel. The server starts up. Starting and stopping the server on Linux On Linux systems, Flash Media Server is installed as a service.
Using the management console The management console for the Flash Media Server 2 release has been redesigned to ease the workflow for administrators. It is also enhanced with many new features. From the graphical user interface, you can administer servers running Flash Media Server, monitor their processes, and debug their applications. For example, a designer debugging an application wants to view the content of a particular stream.
■ View application logs. ■ View logs of server connections and other server events. ■ View streams and inspect shared object data. ■ View and update the server’s license key and its bandwidth and connection limits. As a security feature, when you connect to the server with the management console, it actually connects to a separate Admin service that runs in parallel with the server service. The Admin service then communicates with the server to perform its administration functions.
2. Enter the name and address of the server or virtual host you want to connect to. ■ ■ ■ 3. You can enter localhost, which will refer to the computer that the management console is running on. If you are connecting remotely by running the management console on another computer, enter the server’s name (FMS.myCompany.com) or the IP address and port number of the server you want to connect to (12.34.56.78:1112).
Setting the refresh rate The management console provides live performance data on the server. You can use the Refresh Rate pop-up menu to control how often the information displayed on the management console is updated. The default rate is five seconds. You can also use the pop-up menu to pause refreshing the information. Accessing Flash Media Server resources and help Near the top of every screen of the management console you will find two icons.
■ A user debugging another application now desires to see the contents of a shared object that they have implemented in their application. Specifically they would like to examine the properties in this shared object. Now the user logs into the management console and selects their application. After the application is selected, the user moves to the Shared Objects tab and select the shared object of choice. The object's properties are now displayed for examination in the adjoining window.
Creating a new application instance In the View Applications section of the management console, you can create a new application instance by selecting the New Instance button. This action creates a new application instance within the application list. The management console adds a default instance suffix _definst_, which can be edited. Press Enter to submit the name and start the application instance. To cancel, press Escape+Shift.
Viewing the Live [Application] log file Each application creates an associated log file. The Live [Application] log pane displays the log messages. The application administrator can use the Find box on the bottom margin of the pane to search for partial strings in the log messages. Pressing the Clear Log button clears the log view.
Viewing active clients This pane lists all client connections including debugging connections to the selected application. The management console displays the following information for each client: ■ Client ID ■ Connection protocol ■ Number of bytes in the connection request and the information returned ■ Connection time ■ Number of messages in and out of the application ■ Dropped messages The management console displays the same information in the Manage Servers section.
Viewing active shared objects This pane lists the active shared objects for an application. The management console displays their name, type (persistent or volatile), and connections (number of users subscribed to this shared object). Select a shared object to view its data values. The information on this pane is helpful when debugging the application.
Viewing active streams This pane lists all the active streams in the selected application. The management console displays their names and type. Select a stream to view its properties. To play back a stream, select it and click the Play Stream button on the bottom margin of the pane. The Play Stream button appears if a debug connection is possible. If debugging is not allowed, the Play Stream button does not show.
Viewing application performance This pane displays the live information for this application. Application and server administrators can review the following data: ■ Client information: total number of clients, how many connections are active, how many connection requests were rejected. ■ Life span of the application: indicating the time the application was started and how long it has been running continuously. ■ Number of messages in and out of the application.
Managing the administrative users In this section of the management console you control Flash Media Server users with administrative permissions. You can perform the following actions: ■ Add new server and virtual host administrators. ■ Delete administrators. ■ Reset administrators’ passwords. The Users pane occupies the left side of the Manage Users section of the management console. The right pane provides detailed information when you select an administrator in the left pane.
Managing the servers The Server pane occupies the left side of the Manage Server section of the management console. This pane lists the servers and virtual hosts that the administrator can access and manage. This pane allows the administrator to select an individual server or a group of servers for viewing information. Servers are grouped into a tree structure. The sample shows the presence of the server (stlee10) and five virtual hosts.
Clicking one of the buttons lets the administrator perform one of the following administrative actions on a selected server: ■ Add a server to the administrator’s list. ■ Edit the login information for a server. ■ Delete a server on the administrator’s list.
Clicking the buttons lets the administrator perform the following actions: ■ Review the performance statistics for the computer where the applications are running. ■ Review detailed information on the connections to the server. ■ Review detailed information about the applications located on the server or virtual host. ■ Review the server’s license keys and files. ■ Review the server’s Access log file as it records connections.
Viewing connection details This pane lists all client connections to the selected server. The management console displays the following information for each client accessing the server or virtual host: ■ Client ID. ■ Connection protocol. ■ Number of bytes in the connection request and the information returned. ■ Connection time. ■ Number of messages in and out of the application. ■ Number of messages dropped.
Viewing application details This pane displays detailed information for all the applications running on the selected server or virtual host. This panel displays current information about the application instances that are running on the server.
Viewing license files This pane displays detailed information for all license files authorizing you to run Flash Media Server on the selected server or virtual host. On this panel the management console displays the detailed information for your Flash Media Server license. Select an individual license to display its details in the lower frame. For each serial key, the management console displays the following information: ■ Authorized peak number of client connections. ■ Current bandwidth cap.
Viewing the server log file This panel displays the trace messages being recorded in the server log file. The log messages report errors as well as normal operations. The server administrator can use the Find box on the bottom margin of the pane to search for partial strings in the log messages. Clicking the Clear Log button clears the screen.
Access log file Flash Media Server 2 maintains an access log that includes statistics about client connections and stream activity. Flash Media Server 2 also maintains application logs for application activities and application logs for diagnostic logs. The application and diagnostic logs are an addition to operating system logs that log error and informational messages about Flash Media Server 2 operations.
Event Category Description pause application Client pauses playing a stream. unpause application Client resumes playing a stream. seek application Client jumps to a new location within a recorded stream. stop application Client stops playing a recorded or live stream or stops publishing a live stream. record application Client begins the recording of a stream. recordstop application Client stops the recording of a stream. server-start application Server has started.
Field Event(s) Description x-appinst application Application instance names. c-ip application Client IP address. c-proto application Connection protocol: RTMP or RTMPT. s-uri application URI of the Flash Media Server 2 application. c-referrer application URI of the referrer. c-user-agent application User agent. c-client-id application Client ID. cs-bytes application This field shows the number of bytes transferred from the client to the server.
Field Event(s) Description x-sname-query application Query portion of stream URI specified in play or publish. x-file-name application Full path of the file representing x-sname stream. x-file-ext application Stream type (currently this can be flv or mp3). s-ip application IP address or addresses of the server. x-duration application Duration of a stream or session event. x-suri-query application Same as x-sname-query.
Field Status Code Description play 200 Successful. 400 Bad request (invalid arguments). 401 Access denied by application. 403 Play forbidden by stream module. 404 Stream not found. 415 Unsupported media type. 500 Server internal error. 200 Successful. 400 Bad request (invalid arguments). 401 Access denied by application. 409 Stream is already being published 415 Unsupported media type. 500 Server internal error. 200 Successful. 408 Stream stopped because client disconnected.
Field Event(s) Description x-pid all Server process ID. x-status all Status code: the code is a 10-character string that represents the severity, category and message ID. The first 3 characters represent severity. This is always in a letter format. The letters are as follows: (w) = warning (e) = error (i) = information (d) = debug (s) = trace from server-side script (_) = unknown The next 3 characters represent category. All categories are listed in the “Status” table below for the diagnostic logs.
The following table lists the fields in the diagnostic logs. Field Event(s) Description date all Date on which the event occurred. time all Time at which event occurred. x-pid all Server process ID. x-status all Status code: the code is a 10-character string that represents the severity, category and message ID. The first 3 characters represent severity. Always in a format of (letter).
Category Description 264 Javascript 265 TCApplication 266 TCConnector 267 Admin 268 SharedObject 269 Configuration 270 VirtualHost 271 SSL The following table lists the status message IDs in the diagnostic logs. Flash Media Server 2 uses the symbols %1$S, %2$S and %3$S as substitution strings in the status messages. Message ID Description 1000 Received termination signal; server shutdown in progress. 1001 Received interrupt signal; server shutdown in progress.
Message ID Description 1018 The call method failed, invalid parameters: call(methodName[, resultObj, p1, pn]). 1019 Dropping application (%1$S) message. Clients not allowed to broadcast message. 1020 Response object not found (%1$S). 1021 Missing unlock for shared object %1$S, lock count %2$S. 1022 Nested lock for shared object %1$S, lock count %2$S. 1023 Unlock called without matching lock for shared object %1$S. 1024 Invalid application; rejecting message (%1$S).
Message ID Description 1046 Reserved property (%1$S). 1047 Admin request received from an invalid admin server. 1048 Administrator login failed for user %1$S. 1049 Failed to start server. 1050 Write access denied for shared object %1$S. 1051 Read access denied for shared object %1$S. 1052 Write access denied for stream %1$S. 1053 Read access denied for stream %1$S. 1054 Virtual host %1$S is not available. 1055 Invalid parameters to %1$S method. 1056 Alive 1057 NetConnection.Call.
Message ID Description 1074 Stopped recording %1$S. 1075 Stream %1$S has been idling for %2$S second(s). 1076 Playing and resetting %1$S. 1077 Pausing %1$S. 1078 Unpausing %1$S. 1079 Started playing %1$S. 1080 Stopped playing %1$S. 1081 Recording %1$S. 1082 Failed to record %1$S. 1083 New NetStream created (stream ID: %1$S). 1084 NetStream deleted (stream ID: %1$S). 1085 Publishing %1$S. 1086 Failed to publish %1$S. 1087 Failed to restart virtual host (%1$S).
Message ID Description 1104 Invalid method name (%1$S). 1105 (%2$S, %3$S): Invalid application name (%1$S). 1106 Connection succeeded. 1107 Connection failed. 1108 Invalid shared object (%1$S). 1109 Unknown exception caught in %1$S. 1110 Invalid stream name (%1$S). 1111 Server started (%1$S). 1112 JavaScript runtime is out of memory; server shutting down instance (Adaptor: %1$S, VHost: %2$S, App: %3$S). Check the JavaScript runtime size for this application in the configuration file.
Message ID Description 1131 (%2$S, %3$S): Resource limit violation. Unable to load new application: %1$S. 1132 (%2$S, %3$S): Resource limit violation. Unable to create new application instance: %1$S. 1133 (%2$S, %3$S): Resource limit violation. Rejecting connection to: %1$S. 1134 Failed to load admin application. 1135 Preload application aborted. 1136 (%2$S, %3$S): Application (%1$S) is currently offline. 1137 Admin command setApplicationState failed for %1$S. 1138 Command Successful.
Message ID Description 1157 (%2$S, %3$S/%1$S): Current server bandwidth usage exceeds license limit set. Rejecting connection. 1158 (%2$S, %3$S/%1$S): Current virtual host bandwidth usage exceeds max limit set. Rejecting connection. 1159 Multiprocessor support available only in enterprise edition. 1160 Trial run expires Server shutting down. 1161 License key has expired. 1162 Invalid shared object name (%1$S).
Message ID Description 1184 Invalid cryptographic accelerator: %1$S. 1185 Failed to initialize cryptographic accelerator: %1$S. 1186 Failed to seed the pseudo-random number generator. 1187 Application directory does not exist: %1$S 1188 Using default application directory: %1$S 1189 Application instance is not loaded: %1$S 1190 Error: command message sent before client connection has been accepted. 1191 Failed to play %1$S; adaptor not found: %2$S.
Message ID Description 1207 Shared object %1$S has changed and is not being saved as auto commit is set to false. Current version %2$S, Last saved version %3$S. 1208 %1$S failed. Invalid argument %2$S. 1209 File operation %1$S failed. %2$S 1210 File operation %1$S failed. File is in closed state (%2$S). 1211 File operation %1$S failed. Object is not a file (%2$S). 1212 File object creation failed (%1$S). 1213 Connection rejected by server. Reason: %1$S.
Message ID Description 1235 Core (%1$S) connection to admin failed. 1236 Core (%1$S) received close command from admin. 1237 Starting admin app on core (%1$S). 1238 Core (%1$S) connecting to admin. 1239 Core (%1$S): Failed to initiate connection to admin. 1240 Core (%1$S) shutdown failed. 1241 Connection to admin received. 1242 Core (%1$S) disconnected: %2$S. 1243 Connection from core %1$S received. 1244 Connection from core %1$S accepted.
Configuring logging Flash Media Server logging is configured through the Server.xml and Logger.xml configuration files. Server.xml contains a Logging section that controls the overall logging behavior. This section includes an Enable tag that determines whether logging takes place, and a Scope tag that determines whether Flash Media Server writes separate log files for each virtual host or one file for the entire server. The following is an excerpt of the Logging section of the Server.
For a more complete listing of all tags, see “Logger.xml file” on page 134. Logger.xml file example The Logger.xml file contains the following XML: ${LOGGER.
session --> stream --> stream --> stream --> stream --> stream --> stream --> stream --> server --> server --> vhost --> vhost --> as a semi-colon separated list -- >
disable 00:00 5 N OT E Log file rotation cannot be disabled. To effectively turn off rotation, however, you can choose a large maximum size and a long maximum duration.
Managing Flash Media Server on Linux On all supported Linux platforms, Flash Media Server 2 is installed as a service and includes a command-line utility, the fmsmgr utility, to perform certain administration tasks. You must be a root user to install the server and manage it using the fmsmgr utility; for more information, see “Using the fmsmgr utility” on page 58. The default ports for the server and the Admin service are, respectively, 1935 and 1111.
The following table describes the commands for the fmsmgr utility. Command Description fmsmgr server adminserver Starts, stops, restarts, or aborts the Flash Admin Service. start|stop|abort|restart fmsmgr server clearautostart Sets the Flash Admin Service to be started manually. This command affects only the server service; Admin services cannot be started automatically. fmsmgr server fms getadmin Gets the name of the Flash Admin Service and indicates whether or not that service is running.
Command Description fmsmgr setadmin service_name Changes the default Admin service. service_name is the name of the server you selected during installation. The Admin service name is the same as the Flash Media Server 2 service name. Any installed Admin service can be used to administer one or more servers. Only one Admin service can be running at a time. fmsmgr setautostart Sets the Flash Media Server service to start automatically when the system is started.
CHAPTER 2 2 Deploying Flash Media Server This chapter describes the various strategies for deploying Macromedia Flash Media Server 2, including the use of edge and origin servers. Flash Media Server has been designed to accommodate many types of media applications. After installation, the server’s configuration files contain only simple, generic settings. You’ll need to make some decisions about how to configure the server to best suit your organization’s requirements.
Configuration for development and testing While developing and testing your applications, you may choose to install a web server, Flash Media Server, and Flash on the same computer. The web root directory in this scenario would contain all the Flash Media Server elements of your applications, such as its FLA, SWF, HTML, script, stream, and shared object files.
Deploying on two computers with authentication through Flash Media Server Some scenarios may require authentication of users who want to access information on an application server. In this case you may want to use a separate computer for Flash Media Server, and another for the web server and application server. Your Flash Media Server can perform the authentication and then retrieve data from the web/application server.
This XML tag specifies that Flash Media Server will listen on any interface on ports 1935, 80, and 443, where 443 is designated as a secure port that will receive only RTMPS connections. An RTMPS connection attempt to ports 1935 or 80 will fail: the client will attempt to perform an SSL handshake that the server will fail to complete. Similarly, a regular RTMP connection to port 443 will fail because the server will try to perform an SSL handshake that the client will fail to complete.
Creating multiple certificates for an adaptor You can configure Flash Media Server to return multiple certificates on a given adaptor by configuring a certificate for each edge server: ■ Configure each HostPort tag in the Adaptor.xml file with a name attribute. ■ Configure each HostPort tag to return its own certificate by specifying an Edge tag under the SSL tag with a name attribute. ■ Match the value for this name attribute to the name attribute of the HostPort tag for this certificate.
Configuring independent virtual hosts for SSL application You can configure the different virtual hosts in Flash Media Server to manage its remote SSL connections independently. For example, you can disable certificate checking in one virtual host, use a different certificate in another store for its trusted root Certificate Authority (CA) certificates, and implement a different set of ciphers in a third virtual host.
The default directory structure installed with the server looks like this: The directory structure includes three subdirectories: conf, _defaultRoot_, and _defaultVHost_. ■ The conf subdirectory, at the top of the hierarchy, holds the configuration files for the server and the fms.ini file. This subdirectory contains the following: ■ The Server.xml file This file contains settings that relate to the server only.
If there is a second adaptor, it has its own subdirectory at the same level as the _defaultRoot_ subdirectory. ■ The _defaultVHost_ subdirectory is the default virtual host subdirectory for the adaptor. It contains the Application.xml file, which contains default settings for the client applications that will connect to the server; the Vhost.xml file, which contains the settings for the virtual host; and the Users.
Each adaptor directory must contain a _defaultVHost_ directory. Adding adaptors and virtual hosts To add an adaptor to the server, you must add a complete adaptor directory structure to the server’s conf directory. Each adaptor directory must contain an Adaptor.xml file and at least one virtual host directory, called _defaultVHost_. Any virtual hosts must be in addition to _defaultVHost_.
To create a new virtual host, create a new virtual host directory inside the /conf/adaptor_name directory in the Flash Media Server directory, for the adaptor you want to use for the new virtual host: /conf/adaptor_name/virtual_host_name. This directory must include the following items: ■ A Vhost.xml file ■ An Application.xml file ■ A Users.xml file, if you are defining administrators for this virtual host A typical customized server conf directory might look like this: conf Server.xml Users.
The conf directory illustrated here contains two adaptor subdirectories: the _defaultRoot_ subdirectory and the Adaptor2 subdirectory. ■ The _defaultRoot_ subdirectory contains the Adaptor.xml file and the _defaultVHost_ subdirectory and another virtual host subdirectory named www.macromedia.com. Each of these virtual host subdirectories contains an application subdirectory. The application subdirectory for www.macromedia.com contains directories for the applications testApplication and videoConference.
For example, the following URL passes a ping command to the server: http://myFlashMediaServer:1111/admin/ping?auser=somename&apswd=somepassword The server sends the results back to the browser in XML format. error Admin.Server.Disconnect 10/22/2003 05:31:01 PM FMS server down.
The following is the XML result: status NetConnection.Call.
Field name Description huge_allocated Total number of huge (greater than 16K) messages allocated. huge_released Total number of huge messages released, in bytes. reallocated Total number of messages that have been reallocated. released Total number of messages released back to the heap. reused Total number of messages reused. size Total number of messages in the global and per-thread pool free lists. thread_count Total number of per-thread pools in use.
When you use the server management API over HTTP, the arguments for each command must be named. This is different from ActionScript, where the arguments are not named because the meaning of each argument is determined by the order in which it is passed to the command. For instance, the syntax for the addAdmin command is as follows: :/admin/ addAdmin?auser=adminname&apswd=adminpassword&username="joe"&password=" axbycz"&vhost="_defaultRoot_/foo.myCompany.
Command Required Optional Sample URL arguments arguments disconnectUsers appInst, clients n/a /admin/ disconnectUsers?appInst="simp sons/ game1"&clients=["13794136", "13799720"] gc n/a n/a /admin/gc getActiveInstances n/a n/a /admin/getActiveInstances getAdaptors n/a n/a /admin/getAdaptors getAdminContext n/a n/a /admin/getAdminContext getApps n/a n/a /admin/getApps getAppStats appName n/a /admin/ getAppStats?appName="foo" getConfig2 key scope /admin/ getConfig2?key="Admin/
Command Required Optional Sample URL arguments arguments getNetStreams appInst n/a /admin/ getNetStreams?appInst="foo" getNetStreamStats appInst, streamids n/a /admin/ getInstanceStats?appInst="reco rderApp/ _definst_"&streamids=[1,2] getRecordedStreams appInst n/a /admin/ getRecordedStreams?appInst=" foo" getRecordedStreamsStats appInst, stream n/a /admin/ getRecordedStreamStats?appI nst="foo"&stream="on2key?flv:r ec1" getScriptStats appInst n/a /admin/ getScriptStats?appInst="foo" ge
Command Required Optional Sample URL arguments arguments reloadApp appInst n/a /admin/ reloadApp?appInst="foo" removeAdmin userName scope /admin/ removeAdmin?userName="foo" &scope="server" removeApp appName n/a /admin/ removeApp?appName="foo" removeVHostAlias vhost/ vhostName, alias/ aliasName, persist n/a /admin/ removeVHostAlias?vhost="_def aultVHost_"&alias="www.somea lias.com" restartVHost n/a scope /admin/ restartVHost?scope="_defaultR oot_/foo.macromedia.
Symbolic text substitutions Flash Media Server supports the use of symbolic text substitutions in all tags in the server’s XML configuration files. When you specify a symbol in any configuration tag, Flash Media Server will substitute the string you have mapped to that symbol when it reads the configuration file.
Once you have defined such a mapping, you can use the symbol in one of the XML configuration files. To use a symbol in place of a normal string in a configuration file, specify the symbol name, with the characters ${ before the symbol name, and } after the symbol name. Whenever the server finds something of the form ${SYMBOL}, it performs a lookup to see if the symbol is mapped to a string. If no mapping is found, then ${SYMBOL} is not substituted, and is taken literally. Otherwise, it is substituted.
Mapping environment variables You can also specify symbols that resolve to environment variables. To refer to an environment variable in one of the XML configuration files, use the name of the environment variable within percent (%) characters. The % characters indicate to the server that the symbol refers to an environment variable, and not to a user-defined string. The syntax for specifying an environment variable as a symbol is ${%ENV_VAR_NAME%}.
Building the symbol map You may use a symbol anywhere, such as in the substitution.xml file, or any of the external configuration files, as long as it has been defined before the server encounters it. The server builds the symbol map in the following order: 1. The predefined symbols ROOT and CONF are evaluated first. 2. The fms.ini file is evaluated next. 3. If the substitution.xml file exists, the server looks for the Symbols tag and processes the child tags in the order in which they appear. 4.
For example, given the previous XML fragment, the following trace() statements are valid: trace("I am " + application.config.user_name + " and I work in the " + application.config.dept_name + " department."); trace("I am " + application.config["user_name"] + " and I work in the " + application.config["dept_name"] + " department."); The output from either statement would be as follows: I am jdoe and I work in the engineering department.
Deploying Flash Media Server
3 CHAPTER 3 Configuration Files This chapter describes the XML files that define the Flash Media Server configuration. It presents their file structures, a summary of the tags in each file, and detailed information about the tags in the configuration files. Macromedia Flash Media Server 2 accommodates a wide range of applications. After installation, the server’s configuration files contain generic settings.
Server.xml file The Server.xml file is located at the root level of the conf directory and contains the tags and information used to configure Flash Media Server 2. You can edit the Server.xml file to add or remove configuration information. The Server.xml file contains the following tag structure.
1 20 60 5 40 60 5 0 0 -1 0 32 0
-1 30 0 0 -1 -1 1024 100 2048 100 2048 100
1000000 1024 0.5 4096 100 16 0.125 0.4 1000000 1024 0.
Server.xml tag Description Admin Container tag; contains the tags that configure the RTMP protocols for the FMSAdmin.exe process. AdminServer Container tag; contains tags to configure the Flash Media Admin Service. Allow Specifies which automatic proxy discovery messages Flash Media Server responds to. AllowZones Specifies which clients this proxy server will respond to with the Autodiscovery message.
Server.xml tag Description Deny Specifies which automatic proxy discovery messages not to respond to. Diagnostic Container tag; contains tag to enable the diagnostic log file. ECCP Container tag; contains tags to configure the edge core communication protocol. Edge Container tag; contains tags to configure the RTMP protocol for FMSEdge.exe process. EdgeCore Container tag; these tags control the IPC message queues used by edge and core processes to communicate with each other.
Server.xml tag Description LargeMemPool Container tag; contains tags to configure the large memory pool. LocalHost Specifies the Flash Media Server IP loopback address. Logging Container tag; contains tags to perform the overall logging configuration. Mask Contains a three-digit octal value used by the Linux umask (user permissions mask) command to set a file creation mask. Master Container tag; contains tags to configure the resource limits for the master server.
Server.xml tag Description MyZone Specifies the zone that the edge server belongs to when it broadcasts FPAD messages. NumCRThreads Specifies the number of completion routine threads for edge server I/O processing on WIndows 32-byte systems. Order Specifies whether the Allow or Deny tag is evaluated first. Process Container tag: contains the ID tags for all server processes on Linux. Protocol Container tag; contains tags to configure protocols and their reception.
Server.xml tag Description SocketOverflowBuckets Specifies the number of overflow buckets if all slots in socket table are in use. SocketTableSize Specifies the size of the direct access socket table for quick lookup. SSL Container tag; contains tags to configure Flash Media Server as an SSL-enabled client for secure communications. SSLCACertificateFile Specifies the name of a file that contains one or more CA certificates in PEM encryption format.
Description of Server.xml tags The following alphabetical list of Server.xml tags contains additional information, including cross references to associated tags, syntax, and examples. Access Container tag. Description The tags nested within the Access container configure the Access log settings. Contained tags Enable (Access), Scope ACCP Container tag. Description The tags nested within the ACCP container configure the Admin Core Communication Protocol (ACCP).
Contained tags MinIOThreads, MaxIOThreads, SocketOverflowBuckets, SocketTableSize See also ACCP, Core, ECCP, Edge, HTTP, RTMP (Protocol) containers AdminServer Container tag. Description The tags nested within the AdminServer container configure the Flash Media Admin Service. Contained tags HostPort, SocketGC, Process, UID, GID Allow This tag identifies those computers that broadcast automatic proxy discovery messages that the Flash Media Server responds to.
Description This tag is a comma-delimited list of zones that the sole origin server or the edge servers in a cluster will service. While the Allow and Deny tags restrict access based on IP address or host name, the AllowZones tag allows access based on the zone where the client is located. A zone is a number, and a client is assigned as belonging to a particular zone by setting the property in the NetConnection.connect() API. NetConnection.fpadZone By default, clients belong to zone 0.
Description The tags nested within the AutoDiscovery container set up and configure a single, or a cluster of, edge or proxy servers. Contained tags Allow, AllowZones, BindInfo, BroadcastAddress, BroadcastPort, ClusterMonitorInterval, Deny, Enable (AutoDiscovery), MyZone, Order, ProxyInfo, SecureProxyInfo, TTL BindInfo This tag identifies the IP and port number that Flash Media Server listens on for proxy autodiscovery messages.
DHCP is a protocol for assigning dynamic IP addresses to devices on a network. DHCP supports a mix of static and dynamic IP addresses. ClusterMonitorInterval This tag specifies in seconds how often to check for stale edges. Description Stale edges are those edges that have not sent the FADP a keep-alive message within the specified time limit. The default value is 60 seconds. See also TTL Connector Container tag.
See also ACCP, Admin, ECCP, Edge, HTTP, RTMP (Protocol) containers CoreGC This tag specifies how often to check for and remove idle or unused cores. Description The default is 300 seconds. CoreTimeout This tag specifies the timeout value for detecting unresponsive cores. Description The default timeout is 30 seconds. A value of 0 disables the timeout check. CoreExitDelay This tag specifies how much wait time an idle core is given to exit on its own before it is removed from the server.
Deny This tag specifies which automatic proxy discovery messages Flash Media Server does not respond to. Description This tag is a comma-delimited list of host names, domain names, and full or partial IP address, as well as the keyword all. This tag works in conjunction with the Allow and Order tags to determine which automatic proxy discovery messages Flash Media Server responds to. Examples x.foo.com, foo.com, 10.60.1.133, 10.
Contained tags MinIOThreads, MaxIOThreads, SocketOverflowBuckets, SocketTableSize See also ACCP, Admin, Core, ECCP, HTTP, RTMP (Protocol) containers EdgeCore Container tag. Description The tags nested within the EdgeCore container control the IPC (interprocess communication) message queue used by edge and core processes to communicate with each other. Contained tags HeapSize, MaxCacheSize Enable (Access) Server.
Enable (AutoDiscovery) Server.xml uses four tags named Enable: the Enable tag in the AutoDiscovery container and the Enable tags in the Access, Application, and Diagnostic subdirectories in the Logging container. Description This tag enables or disables the Flash Media Server automatic proxy discovery process. A value of true enables the process; false disables the process. If the Enable tag is left unspecified, the automatic proxy discovery process is disabled. Enable (Diagnostic) Server.
See also FreeRatio FreeRatio Located in the LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers. Description This tag specifies the percentage of the message cache to be consumed by the free list on a per-thread basis. The range of this setting lies between 0 (0 percent) and 1 (100 percent). The default setting is 0.125 (12.5 percent). When more free memory is available to a thread than the specified ratio, the freed memory will return to the global pool.
GlobalRatio Located in the LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers. Description This tag specifies the percentage of the message cache to be consumed by the free list on a global basis. When more free memory is available to a thread than the specified ratio, the freed memory will return to the operating system. The range of this setting lies between 0 (0 percent) and 1 (100 percent). The default setting is 0.4 (40 percent).
Syntax [][:] HTTP Container tag. Description The tags nested within the HTTP container configure the HTTP connector, which is used by remote Flash Player sites to access Flash Media Server. The following reference table gives the default values for all thread configurations. . Default Value Description 0 Allocates the default number of threads. >0 Allocates the exact number of threads specified. >0 Associates the default value with the number (N) of processors.
Description The tags nested within the LargeMemPool container configure the large memory pool, which caches large chunks of memory within Flash Media Server to increase performance of large allocations. Contained tags FreeMemRatio, FreeRatio, GlobalRatio, MaxAge, MaxCacheSize, MaxUnitSize, UpdateInterval See also MessageCache, SegmentsPool, SmallMemPool containers LocalHost Specifies the Flash Media Server IP loopback address. Description Flash Media Server must reference itself locally.
Mask A three-digit octal value used by the Linux umask (user permissions mask) command to set a file creation mask. The user must enter the mask in a three-digit octal format. The default setting for this tag is 017 in octal. Description This tag is applicable for Flash Media Server running Linux systems only. This tag controls who has read/write access to shared object and stream files in the server.
Description This tag defines the maximum size of the cache in megabytes. The default is 100 MB. See also MaxCacheUnits MaxCacheUnits Located in the LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers. Description This tag defines the maximum number of free units in the cache. Keep in mind that the number of free units may be less than maximum if the value of the MaxCacheSize limit is reached. The default is 4096 units.
MaxIOThreads Located in the ACCP, Admin, Core, ECCP, Edge, HTTP, and RTMP (Connector) containers. Description This tag specifies the maximum number of threads that can be created for I/O processing. Use the following information to configure all I/O and connection threads processing: ■ A value of 0 allocates the default number of threads (10). ■ A value greater than 0 allocates the exact number of threads specified.
MaxUnitSize Located in the LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers. Description This tag specifies the threshold of the maximum message size to get back into the cache. The size is specified in kilobytes. The default size is 16K. MaxWaitTime Description This tag defines the maximum time in milliseconds that the client should wait for additional FPAD responses from the proxy servers.
Description This tag specifies the minimum number of threads in the pool for I/O operations. The default is 1 times the number of processors. To use the default, specify the value 0. See also MaxConnectionThreads MinIOThreads This tag is located in the ACCP, Admin, Core, ECCP, Edge, HTTP, and RTMP (Connector) containers. The tag specifies the minimum number of threads that can be created for I/O operations. Description Flash Media Server can receive connections on various protocols.
MyZone This tag specifies the zone that the edge or proxy server belongs to when it broadcasts a FPAD message. The message includes the cluster ID that the proxy or edge server belongs to. Description Other edge servers in the cluster will add this edge when its zone is one of their allowed zones. Proxies respond only to other proxies with the same cluster ID. If this tag is empty, it is assumed that the server belongs to cluster 0.
Examples foo.macromedia.com,10.41.1.55 all Deny,Allow This example instructs Flash Media Server not to process any requests except for those from the computer named foo.macromedia.com and the computer with the IP address 10.41.1.55: all 10.41 Allow,Deny This example specifies that server will accept and process all requests except those coming from computers that match the IP address 10.41.x.
Contained tags ACCP, ECCP, RTMP (Protocol) containers ProxyInfo This tag specifies the host (or IP) and port to return to the client in the response to a FPAD message. Description The value for this tag must match the value for one of the HostPort tags in the Adaptor.xml file. The server must be listening on this IP address and port for the client to be able to connect to it. If the tag is undefined when the Flash Proxy Auto-Discovery process is enabled, a warning is written to the system log.
RTMP (Connector) Flash Media Server uses two container tags named RTMP: one nested within the Connector container, and the other nested within the Protocol container. Container tag located in the Connector container. Description This container holds the tags that configure RTMP (Real-Time Messaging Protocol). RTMP is the protocol used for communication between users (typically Flash Player users) and Flash Media Server. The following reference table lists the default values for all thread configurations. .
See also RTMP (Connector) in Connector container. Scope This tag determines whether to write a separate log file for each virtual host or to write one log file for the server. Description The value for this tag is server or vhost. The default is server, which enables logging for all processes on the server. SecureProxyInfo This tag specifies the host (or IP address) and port number to return to the client in the FPAD response for clients wishing to make a secure connection.
Contained tags AdminServer, AutoDiscovery, Logging, Mask, Process, ResourceLimits, and SSL containers ServerDomain This tag specifies the host name (with the domain) of the server computer. Description You set this tag in the referrer header tag when a connection is established with a remote server using NetConnection. Set this tag to the server’s domain name so that it can pass the domain name to any application servers it connects to.
SocketGC Description This tag specifies in seconds how often Flash Media Server checks for and removes inactive sockets. The default value is 60 seconds. Located in the AdminServer and ResourceLimits containers. SocketOverflowBuckets This tag specifies the number of overflow buckets if all slots in the socket table are in use. Description The default number of buckets is 16. Use -1 for the default value.
The following is a quick-start to enable SSL connections with Flash Media Server. ■ Specify the location of the certificate in the SSLCertificateFile tag. ■ If the private key file is encrypted, specify the passphrase to use for decrypting the private key file in the SSLPassPhrase tag. ■ Save the modified Server.xml file. Contained tags SSLClientCtx container and the SSLRandomSeed, SSLRandomSeed, and tags.
To import these certificates, run FMSmaster > Console > Initialize [directory]. This action imports all current certificates into a certs directory in the Flash Media Server installation directory. When verifying a certificate, Flash Media Server will look for trusted root certificates in the file specified by the SSLCACertificateFile tag or in the directory specified by the SSLCACertificatePath tag.
The cipher list consists of one or more cipher strings separated by colons. Commas or spaces are also acceptable separators but colons are normally used. The string of ciphers string can take several different forms. ■ It can consist of a single cipher suite such as RC4-SHA. ■ It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type.
These cipher strings instruct Flash Media Server to accept only RSA key exchange, and refuse export or null encryption. The server evaluates both strings as equivalent. ALL:+HIGH:+MEDIUM:+LOW:+EXP:+NULL This cipher list instructs the server to accept all ciphers, but order them in order of decreasing strength. This sequencing allows clients to negotiate for the strongest cipher that both they and the server can accept.
Encryption Methods Description IDEA IDEA encoding NULL No encryption EXP All export ciphers (40 bit encryption) LOW Low-strength ciphers (no export, DES) MEDIUM 128-bit encryption HIGH Triple-DES encoding Digest Types Description MD5 MD5 hash function SHA1 SHA1 hash function SHA SHA hash function Additional Aliases Description All All ciphers SSLv2 All SSL version 2.0 ciphers SSLv3 All SSL version 3.
SSLRandomSeed This tag specifies the number of bytes of entropy to use for seeding the pseudo-random number generator (PRNG). Description Entropy is a measure of randomness. The more entropy, the more random are the numbers that the PRNG will generate. The default number of bytes to specify for this tag is 16. Specifying a larger number for this tag provides improved randomness and therefore better security, but the larger number may noticeably affect the server’s performance.
Description Certificate verification is enabled by default. To disable certificate verification, set the value for this tag to “false”. false W A R N I NG Disabling certificate verification can result in a security hazard. See also SSLVerifyDepth SSLVerifyDepth This tag specifies the maximum depth in the certificate chain from which Flash Media Server will accept certificates.
TTL This tag specifies in seconds how often to broadcast a keep-alive message to other edges in the cluster, and how often another edge should expect to receive a keep-alive message from this edge. The default value is one second. Description If the other edges do not receive the keep-alive message within the specified TTL limit, the FADP assumes that this edge server is not operating and removes it from the cluster. See also ClusterMonitorInterval UID This tag contains the server process user ID.
Example bar This result for this subtag displays the following property: NetConnection.proxyInfo.foo = "bar". Users.xml file Users.xml is the configuration file for the Flash Media Admin Service users and is located at the root level of the conf directory. It contains the tags and information used to identify the Flash Media Server administrators and their access permissions. You edit the Users.
Users.xml tag Description Allow (Users) Defines the list of specific hosts from which the administrator can connect to Flash Media Admin Service. Deny (HTTPCommands) Lists the Flash Media Admin Service commands denied access via HTTP. Deny (User) Lists the specific hosts from which the administrator cannot connect to the Flash Media Admin Service. Enable Enables or disables using HTTP requests to execute admin commands.
Allow (HTTPCommands) Flash Media Server uses two tags named Allow: the Allow tag in the User container, and the Allow tag in the HTTPCommands container. Description This tag lists the Flash Media Admin Service commands that the administrator can access using HTTP. You can authorize an administrator to use multiple HTTP commands for access by creating a comma-separated list of the commands. Using the value “All” for the Allow tag authorizes the administrator to use all HTTP commands.
Deny (HTTPCommands) Flash Media Server uses two tags named Deny: the Deny tag in the User container, and the Deny tag in the HTTPCommands container. Description This Deny tag lists the Flash Media Admin Service commands that an administrator cannot use via HTTP. You can deny an administrator the use of multiple HTTP commands to access the Admin Service by creating a comma-separated list of those HTTP commands. See also Allow (HTTPCommands) in the HTTPCommands container; Deny (User) in the User container.
Syntax on or HTTPCommands Container tag. Description This section contains the settings for those Flash Media Admin Service commands that can be accessed through HTTP. Contained tags Allow (HTTPCommands), Deny (HTTPCommands), Enable, Order (HTTPCommands) Order (HTTPCommands) Flash Media Server uses two Order tags: one in the HTTPCommands container, and the other in the User container. Description This tag specifies the order for evaluating the Deny and Allow commands.
Description This tag specifies the sequence in which Flash Media Server evaluates the Allow and Deny tags for an administrator.
Description You can identify multiple administrators for a virtual host by creating a profile for each administrator with the User, Password, Allow (Users), Deny (User), and Order (User) tags. Example Use the name attribute to identify the login name of a Flash Media Server administrator: UserList Container tag. Description The UserList tag defines the access permissions for administrators that use the Flash Media Admin Service.
The Logger.xml file contains the following tag structure. 100 ${LOGGER.LOGDIR} access.[NN].
Summary of Logger.xml tags This table lists alphabetically the tags in the Flash Media Server Logger.xml configuration file. By default, the log files are located in the logs directory in the server installation directory. Logger.xml tag Description Access Container tag; contains tags to configure the Access log file settings. Application Container tag; contains tags to configure the Application log file settings. Delimiter Specifies which delimiter to use when separating the fields in the log file.
Description of Logger.xml tags The following alphabetical list of Logger.xml tags contains additional information, including cross references to associated tags, syntax, and examples. Access Container tag. Description The tags nested within this container configure the Access log settings. Contained tags Delimiter, EscapeFields, Events, Fields, FileName, LogServer, QuoteFields, Rotation, Time Application Container tag.
See also Directory, EscapeFields, QuoteFields Diagnostic Container tag. Description The tags in this section configure the diagnostic log file. Contained tags Directory, Rotation. Time Directory This tag specifies the directory where the log files are located. Description By default, the log files are located in the logs directory in the server installation directory. Located in Access, Application, Diagnostic containers DisplayFieldsHeader Formatting tag.
The unsafe characters are as follows: the space character; open or closed angle brackets (< >); a double quotation mark ("); the pound sign (#); the percent sign (%); open or closed curly braces ({ }); bars (|); carat (^); tilde (~); square brackets ([ ]); and apostrophe (`). See also Delimiter, Directory, QuoteFields Events Events are written to the log file. Description The following table lists the events recorded in the Access log file. Events are logged in a semicolon-separated list.
Event Category Description vhost-start application A virtual host has started. vhost-stop application A virtual host has stopped. The following events display a status code. Field Status Code Description connect-pending 100 Waiting for the application to authenticate. connect 200 Successful connection. 302 Application currently unavailable. 400 Bad request; client connected to server using an unknown protocol. 401 Connection rejected by the application script.
Field Status Code Description publish 200 Successful. 400 Bad request (invalid arguments). 401 Access denied by application. 409 Stream is already being published 415 Unsupported media type. 500 Server internal error. 200 Successful. 408 Stream stopped because client disconnected. stop See also Fields Fields This tag specifies which fields for an event are logged in the Access log file. Description Fields are associated with the events found in the Access log file.
Field Event(s) Description x-mem-load application Memory usage (as reported by the getServerStats() method). x-adaptor application Adaptor name. x-vhost application Vhost name. x-app application Application names. x-appinst application Application instance names. c-ip application Client IP address. c-proto application Connection protocol: RTMP or RTMPT. s-uri application URI of the Flash Media Server application. c-referrer application URI of the referrer.
Field Event(s) Description sc-stream-bytes application This field shows the number of bytes transferred from the server to the client per stream. To calculate the bandwidth usage per stream, subtract the ‘sc-stream-bytes’ in the ‘play’ event by the ‘scstream-bytes’ in the ‘stop’ event. cs-uri-stem application Stem portion of s-uri (omitting query) field. cs-uri-query application Query portion of s-uri. x-sname-query application Query portion of stream URI specified in play or publish.
Syntax access.[YYYYMMDDNN].log Example access.2005103043.log This example identifies version 43 of the access log file for October 10, 2005. History This tag specifies the maximum number of log files to keep. Description The files are named as access.01.log, access.02.log, access.03.log, and so on. The default number of files to retain is 5. HostPort This tag specifies the IP and port of the log server. Syntax [IP]:[port] Example xxx.xxx.xxx.xxx:1234 Logger Root tag.
See also ServerID MaxSize This tag specifies the maximum log file size in bytes. The default file size is 10240Kb, or approximately 1 Mb. Example 10240 See also Schedule QuoteFields Formatting tag. Specifies whether or not to use quotation marks to surround those fields in the log file that include a space. Description This tag can be set to enable or disable. By default, it is set to disable. See also Delimiter, EscapeFields Rotation Container tag.
Description There are two types of scheduling: daily rotation and rotation that occurs when the log exceeds a specified length. Examples If the type attribute is daily, Flash Media Server rotates the log files every 24 hours. If the type attribute is hh:mm, the timestamp 00:00 causes the file to rotate every midnight.
Adaptor.xml file The Adaptor.xml file is the configuration file for individual network adaptors in Flash Media Server. It determines the number of threads that can be used by the adaptor, the communications ports that adaptor binds to, and the IP addresses or domains from which the adaptor can accept connections. You can also implement SSL with the Adaptor.xml file, if you want to use different digital certificates for different adaptors.
100 5 Summary of Adaptor. xml tags This table lists alphabetically the tags in the Flash Media Server Adaptor.xml configuration file. Adaptor.xml tag Description Adaptor Root tag; contains all the other adaptor configuration tags. Allow Identifies the specific hosts from which clients can connect to the server.
Adaptor.xml tag Description MimeType Specifies the default MIME type header sent on tunnel responses. NeedClose Specifies whether HTTP 1.0 non-keepalive connections are to be closed once the response is written. NodeID Specifies a unique node identification to support the implementation of load balancers. Order Specifies the order in which to evaluate the Allow and Deny tags. Path Specifies the location of the UserInfo directory where the user-defined XML files are stored.
Description of Adaptor.xml tags The following alphabetical list of Adaptor.xml tags contains additional information, including cross references to associated tags, syntax, and examples. Adaptor Root tag. Description The Adaptor tag contains all the tags in the Adaptor.xml file Allow This tag identifies the specific hosts from which clients can connect to the server. Description The Allow tag is a comma-delimited list of host names or domain names, and/or full or partial IP addresses. Example foo.
Description The following table identifies the attributes for the Enable tag and describes their effect. Value Description true Allow all HTTP tunneling connections. false Disallow all HTTP tunneling connections. http1.1only Allow only HTTP 1.1 tunneling connections. keepalive Allow HTTP 1.1 or HTTP 1.0 keepalive connections. W A R N I NG Although you can assign any port number for HTTP tunneling, there is a risk of conflict with another application that may be assigned to the same port.
You can also bind to any IP by not specifying anything in front of the colon. This string instructs the adaptor to bind to any IP on ports 1935, 80, and 443. 127.0.0.1 If no colon is found in the HostPort string, the data is assumed to be an IP address and will bind to port 1935 as the default. The following string instructs the adaptor to bind to IP 127.0.0.1 on port 1935. 127.0.0.
HTTPIdent This tag configures the server to respond to or reject an HTTP identification request from a client. Example When the enable attribute is set to “true,” all tags within the HTTPIdent section are returned as a response. The entire response will be enclosed in tags, which are added by the server. If the HTTPIdent function is enabled but no content is specified, the response is returned without content.
HttpUserInfo This tag specifies the physical location where the user-defined XML file is stored in the server. Description By default the XML files are placed in the uInfo directory in the server installation directory. When the enable attribute is set to “true”, Flash Media Server responds to the HTTP request and returns the content of the XML file in the uInfo directory. The default setting for the enable attribute is “false”. Users can specify any XML file in the uInfo folder.
IdlePostInterval This tag specifies in milliseconds the interval at which the client sends idle posts to the server to indicate that Flash Player has no data to send. Description The default settings for the IdleAckInterval and IdlePostInterval tags provide medium latency and are set to 512/512 milliseconds. Low values reduce the latency but increase the network bandwidth overhead.
Description Anomalous connections are closed after the specified wait time. The default wait time is 40 seconds.
Description If the NodeID tag is used, a following string of up to 9 characters is prefixed to the tunnel session IDs and can be used by the load balancers to uniquely identify each node in the cluster. The ID must contain URL safe characters except for '.' and '/', which are replaced by '_' and '-' respectively. Order This tag specifies the sequence in which Flash Media Server evaluates the Allow and Deny tags.
See also MaxFailures Redirect This tag specifies whether or not the adaptor redirects unknown requests to an external server. NO TE For redirection to work, HTTP tunneling must be enabled. Description An unknown request may connect only when it is the first request on a newly accepted connection. At any other time the request is considered an error and the connection is closed.
Description Cookies are required when using load balancers to ensure that requests corresponding to one network connection are always sent to the same server. Keep in mind that the cookie adds to the HTTP header size and increases the bandwidth overhead. SSL Container tag. Description The tags in this section configure the incoming connections via the Secure Sockets Layer protocol, known as SSL. The SSL tags in Adaptor.
SSLCACertificateKeyFile This specifies the location of the private key file that corresponds to the public key in the certificate specified in SSLCertificateFile tag. Description If this file is encrypted, a password must be specified for decrypting, and placed in the SSLPassPhrase tag described below. If an absolute path to the key file is not specified, it is assumed to be relative to the adaptor directory.
To prevent plain text passwords appearing in the configuration file, this can be specified by doing a base64 encoding on the password and setting the encrypt attribute to "true". Example dGluY2Fu The encrypted password is equivalent to the plaintext format: tincan or tincan Even though the tag attribute is named "encrypt", it is not a true encryption.
UpdateInterval This specifies how frequently the server checks the cache and updates its contents if the XML files have changed. Description The default update interval is 5 seconds. WriteBufferSize This tag specifies in kilobytes the size of the write buffer. Description The default size is 16KBs. Vhost.xml file The Vhost.xml configuration file defines an individual virtual host in Flash Media Server. Each virtual host directory on the server contains its own Vhost.xml file. The Vhost.
-1 -1 20 4096 100 16 0.125 0.4 1000000 1024 0.
true 9 ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH Summary of Vhost.
Vhost.xml tag Description LargeMemPool Container tag; the tags in this section configure the small memory pool. LocalAddress Specifies a local IP Address for a proxy’s outgoing connection. MaxAge Specifies the maximum reuse count before freeing the cache unit. MaxAppInstances Specifies the maximum number of application instances that can be loaded onto the virtual host. MaxCacheSize Specifies the maximum size of the cache. MaxCacheUnits Specifies the maximum number of free units in the cache.
Vhost.xml tag Description SSL Container tag; the tags in this section configure this virtual host for secure communications. SSLCACertificateFile Specifies the name of a file that contains one or more CA certificates in PEM encryption format. SSLCACertificatePath Specifies the name of the directory containing one or more CA certificates. SSLCipherSuite Specifies the encryption ciphers for secure communications.
Description of Vhost.xml tags The following alphabetical list of Vhost.xml tags contains additional information, including cross references to associated tags, syntax, and examples. Alias The Alias tag specifies the assumed name(s) of the virtual host. Description an alternative short name to use when connecting to the virtual host. The tag lets you specify additional names to connect to this virtual host.
Allow This tag is a comma-delimited list of domains that are allowed to connect to this virtual host. Description If the Allow tag is left empty, the only connections allowed are those coming from the same domain. Examples macromedia.com,yourcompany.com This example allows only connections from the macromedia.com and yourcompany.com domains. localhost This example allows localhost connections only. all This example allows connections from all domains.
■ The routing information in the URI for a chain of explicit proxies specifically identifies the sequence of edge servers in the chain. ■ The URI for a chain of explicit proxies directs all clients’ connection requests through a specific sequence of edge servers before making the connection to the origin server. ■ The explicit proxy modifies the routing information in the URI by stripping off its token or identifier in the URI before passing the URI on to the next server in the chain.
You can also specify multiple applications directories by separating locations with a semicolon (;). You can specify two locations, each of which contains application subdirectories. If you change the default location of the AppsDir tag, be sure to include a directory named admin in each directory. This ensures that the management console (fmsconsole.swf ) will be able to connect to the virtual host.
FreeMemRatio Located in LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers. This tag specifies the maximum percentage of total memory that the total pool size may occupy. Description This tag’s setting ranges between 0 and 1. The default setting is 0.5. See also FreeRatio, GlobalRatio FreeRatio Located in LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers. This tag specifies the percentage of the message cache to be consumed by the free list on a per-thread basis.
LargeMemPool Container tag. Description The Large Memory Pool caches large chunks of memory within Flash Media Server to increase performance of large allocations. Contained tags FreeMemRatio, FreeRatio, GlobalRatio, MaxAge, MaxCacheSize, MaxCacheUnits, MaxUnitSize, UpdateInterval LocalAddress This tag binds a proxy's outgoing connection to a specific local IP address. Description The LocalAddress tag lets you allocate incoming and outgoing connections to different network interfaces.
A Flash SWF file defines which application instance it is connecting to by the parameters it includes with its ActionScript connect call. MaxCacheSize Located in LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers. This tag specifies the size of the cache in megabytes. Description The default cache size is 100 megabytes. See also MaxCacheUnits MaxCacheUnits Located in LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers.
MaxStreams This tag specifies the maximum number of streams that can be created. Description The default number of streams is 250000. MaxUnitSize Located in LargeMemPool, MessageCache, SegmentsPool, and SmallMemPool containers. This tag specifies the size threshold for messages that can be returned to the cache. Description The threshold is specified in kilobytes. The default threshold size is 16 kilobytes. MessageCache Container tag.
■ If the Mode tag is undefined, the virtual host is evaluated as an alias for the default virtual host and assumes its configuration. Syntax local See also Anonymous, Proxy Proxy Container tag. Description The tags nested in this section configure this virtual host as a proxy server that can forward connection requests from applications running on one remote server to another remote server.
RouteEntry This tag contains the routing information that instructs the proxy to forward the connection request to one server’s IP address and port number [host:port] to a different host:port. Syntax :;: The syntax instructs a Flash Media Server proxy where to route the connection to host1:port1 to host2:port2. Description Proxies or edge servers are configured with the RouteEntry tag to direct connections to another destination.
The example instructs Flash Media Server to use the values for host and port on the left side as the values for host and port on the right side, and to route connections destined for any host on any port to the same host on port 80. foo:80;null The example instructs Flash Media Server to route a host:port combination to null. Its effect is to reject all connections destined for foo:80. See also Proxy container, Anonymous, Mode, RouteTable tags RouteTable Container tag.
You can override the security status for a connection mapping by specifying a protocol attribute in a RouteEntry tag. By default, Flash Media Server applies the protocol configured in the RouteTable list unless the mapping for a particular RouteEntry tag overrides it. Contained tag RouteEntry SegmentsPool Container tag.
Description If a virtual host is running in remote mode as a proxy or edge server and you want to configure the properties of an outgoing SSL connection to an upstream server, then you must enable this section and configure its SSL tags appropriately. When Flash Media Server acts as a client to make an outgoing SSL connection, the following sequence of events takes place: ■ The SSL tags in the Vhost.xml file are evaluated first. ■ If the SSL tags in the Vhost.
This example maps all streams whose names begin with foo/ to the physical directory c:\data. The stream named foo/bar would map to the physical file c:\data\bar.flv. If there is a stream named foo/bar/x then Flash Media Server first tries to find a virtual directory mapping for foo/bar. If there is no virtual directory for foo/bar, Flash Media Server then checks for a virtual directory mapping for foo. Since a virtual directory mapping does exist for foo, the stream foo.bar maps to the file c:\data\bar\x.
For instance, the application developer might locate a stream encoded with the On2 codec in one folder and create a different folder for the same stream encoded with the Sorenson codec. Both streams have the same content, but each is tailored to replay on specific versions of Flash Player. You specify more than one virtual directory mapping by adding multiple Streams tags.
If you are mapping a virtual directory to a drive on another computer, make sure that the computer running Flash Media Server has the right permissions to access the other computer. Syntax key-value;virtual path;directory You specify a virtual directory by mapping the client's virtual key to the resource’s actual key.
VirtualKeys This tag sets the virtual key mappings for the different versions of Flash Player connecting to Flash Media Server. This tag and the VirtualDirectory tag implement the custom stream delivery feature in Flash Media Server 2. Description When the Flash Player running on a client connects to Flash Media Server, it receives a virtual key. This tag sets up which Flash Player versions are mapped to a particular key.
Each virtual host can contain multiple Application.xml files. The Application.xml file in the virtual host directory configures the default settings for applications within the virtual host. If you want to have different settings for a particular application, create a specific Application.xml file in the application’s registered application directory (for example, ../ applications/app_name) with the settings you want.
false 1000
Summary of Application.
Application.xml tag Description Bandwidth Container tag; contains tags to configure the bandwidth settings for server-client communications. BandwidthCap Container tag; contains tags that specify the maximum bandwidth values that a user can set. Bits Contains the settings for different versions of Flash Player on the Windows and Macintosh platforms. CachePrefix Specifies the cache prefix that is passed from the origin server to the proxy server.
Application.xml tag Description HTTP1_0 Allows or disallows use of the HTTP 1.0 protocol. HTTPTunnel Container tag; contains tags to configure HTTP tunneling. IdleAckInterval Specifies the wait time before Flash Media Server responds to an idle post sent to it. IdlePostInterval Specifies the wait time before Flash Player sends an idle post message to Flash Media Server. Interface Specifies the name to use as the outgoing network interface.
Application.xml tag Description MimeType Specifies the default MIME-type header sent on tunnel responses. NotifyAudioStop Specifies whether Flash Media Server is notified when an audio transmission ending on a stream is encountered. Password Specifies the password for connections to the proxy. Port Specifies the proxy port to connect to if not specified. Process Container tag; contains tags to configure the process and recovery settings for applications.
Application.xml tag Description Tunnel Specifies whether or not to tunnel all operations through a given HTTP proxy. Type Specifies the type of proxy being connected to. UnrestrictedAuth Allows or disallows sending username/password with each HTTP redirection. UserAgent Specifies the version dependency settings for clients that use different versions of Flash Player or platform. Username Specifies the username for connections to the proxy.
AllowHTTPTunnel The tag configures Flash Media Server to allow HTTP tunneling connections into this application. Description By default, Flash Player communicates with Flash Media Server using the RTMP protocol over port 1935. If that fails, it will try again over ports 443 and 80 in an attempt to get around firewall settings, which prevents TCP/IP connections over non-standard ports.
AutoCommit Shared Objects are automatically committed when they have been changed. Description Setting this tag to false disables the Flash Player function for all shared objects within this instance. NO T E If the AutoCommit function is disabled, the server-side script has to call the save function or the SharedObject.commit command for the shared object to persist; otherwise, all data will be lost when the application is shut down. Bandwidth Container tag.
See also Bandwidth Bits This tag contains the settings for Flash Player on the Windows and Macintosh platforms. Examples 0x01 0x01 See also UserAgent CachePrefix This tag specifies the cache prefix that is passed from the origin server to the proxy server. Description This tag is set on the origin server.
By default, the prefix is set to ?IP? Cache prefix Actual name ?IP? IP address of the server ?APP? Application name ?APPINST? Application instance ?VHOST? vhost name You can include the IP address in the prefix to avoid file collision. For example, the proxy server might be connecting to two different origin servers with the same file in c:\data\foo.flv. Adding the IP to the prefix for these files points each file to the appropriate server.
Client Container tag. Description The tags nested within this container configure the client. Description By default, the Client tag includes an override="no" parameter. Individual applications cannot override how the tags in the Client section are configured. Contained tags Access, Bandwidth, BandwidthCap, HTTPTunnel, UserAgent ClientToServer (Bandwidth) This is one of two tags named ClientToServer in the Application.xml file. Located in Bandwidth container.
CombineSamples Container tag. Description Flash Media Server conserves system resources by combining sound samples. This strategy saves the CPU and bandwidth overhead when transmitting individual audio packets only. NO T E Use this strategy of combining sound sample advisedly during periods of high CPU usage as it can induce latency. Contained tags LoCPU, HiCPU, MaxSamples, Subscribers Connections Container tag. Description The tags in this section configure the HTTP connections for this application.
DuplicateDir (StreamsManager) This is one of two tags named DuplicateDir in the Application.xml file. Located in StreamManager container. This tag specifies the physical location where copies of recorded stream files are stored. Description This location serves as a backup for stream files. This location must already exist before a stream can be stored. By default, when a stream is copied to this location, it is categorized by instance name.
FileObject Container tag. Description The VirtualDirectory tag nested within this container configures the JSEngine file object settings. Contained tags VirtualDirectory FolderAccess This tag configures folder-level permissions for the readAccess and writeAccess functions in the Access Module. Description By default, folder-level permission in the Access Module is set to false, which allows access permissions to be set at the single-file level.
Example myserver:8080 To specify the port number in this string, add :[port] to the end of the host name. The port number can also be specified in the Port tag. See also Port HTTP Container tag. Description The tags in this section configure the HTTP connection settings for this application. Contained tags Connections and Proxy containers; HTTP1_0 and Verbose tags HTTP1_0 This tag determines whether or not Flash Media Server can use the HTTP 1.0 protocol.
The Application.xml configuration file offers three representative settings for these parameters. These settings recommend that you set the intervals to correspond to low, medium, or high latency. The following table presents these settings.
The interval for an idle post ranges from 0 to 4064 milliseconds. If the IdlePostInterval tag is set to a value that lies outside of this range, the default value of 512 milliseconds is used. NO T E At times the server will not be able to send any data to the client for the selected duration. See also HTTPTunnel, IdleAckInterval Interface This tag defines the name to use as the outgoing network interface. Description The name can be an interface name, an IP address, or a host name.
KeyFrameInterval This tag defines how often to generate and save keyframes in an FLV file. Description Setting this tag to a higher value than the default reduces the number of keyframes added to the FLV file and thus reduces the file size. Setting a higher value for the interval, however, reduces the seeking accuracy. The value for this tag is defined in milliseconds. The default value is 1000.
Description Having an application instance loaded at server startup saves time when the first client connects to that application. The default value is false. If you set this tag to true, an instance of each application on the server will be loaded at startup. LockTimeout This tag specifies the timeout value before automatically unlocking a shared object if there is a client waiting for an update. Description The time-out value is specified in seconds.
MaxCores The value for this tag determines how many core processes can exist for an application. Description By default, the MaxCores functionality is disabled. The default value is zero. See also LifeTime, RollOver MaxFailures The value for this tag determines the maximum number of process failures that can occur before a core process is disabled. Description Once the core processes are disabled, Flash Media Server does not launch a core process until some minimum recovery time has elapsed.
Description This tag defines the maximum time for a transfer to be completed. The default time is 60 seconds. Operations such as DNS lookups may take more time. If the setting for this tag is set too low a value, the risk of aborting correctly functioning operations increases. See also MaxTimeOut (JSEngine) in the JSEngine container MaxTimeOut (JSEngine) This is one of two tags named MaxTimeOut in the Application.xml file. Located in the JSEngine container.
NotifyAudioStop Container tag. Description The Duration tag nested within this container determines whether or not Flash Media Server is notified when an audio transmission ending on a stream is encountered. Example Contained tag Duration Password This tag specifies the password for connecting to the proxy. See also Username Port This tag specifies the proxy port to connect to if it is not specified as part of the host in the Host tag.
Proxy Container tag. Description The tags nested within this container configure the HTTP Proxy settings. Contained tags Host, Password, Port, Tunnel, Type, Username RecoveryTime This tag specifies the recovery time for a core. Description Flash Media Server will not launch a core process until some minimum recovery time has elapsed. The time lag for recovery can avoid a Denial of Service action, which happens when a faulty core consumes all CPU time by repeatedly launching itself.
ResyncDepth This tag instructs Flash Media Server to resynchronize a shared object file. Description The shared object is resynchronized when its version number is greater than the head version minus the current version. The default value s -1 sends a resynchronized version of the file with every connection. Reuse This tag configures whether or not Flash Media Server explicitly closes the HTTP connection after each transfer. Description The default is to reuse connections.
Description The default size is 1024 kilobytes, which is the equivalent of 1 megabyte. The lower and upper limits on the size of the JavaScript engine are 10 kilobytes and 51200 kilobytes, which is the equivalent of 50 megabytes. The default value applies when the engine size lies outside of these limits. If your application consumes a significant amount of memory, you must increase the engine size.
SendSilence Container tag. Description The Interval tag nested within this container configures the settings for sending silent messages. Contained tag Interval ServerToClient (Bandwidth) This is one of two tags named ServerToClient in the Application.xml file. Located in the Bandwidth container. This tag specifies the maximum bandwidth the server can use for sending data downstream to the client.
SharedObjManager Container tag. Description The tags nested within this container configure the Shared Object Manager setting of an application. Contained tags AutoCommit, DuplicateDir (StreamsManager), LockTimeout, ResyncDepth, StorageDir (StreamManager) StorageDir (SharedObjManager) There are two tags named StorageDir in the Application.xml file; this one is in the SharedObjManager container. This tag specifies the physical location where shared objects are stored.
Set this tag only when the files for recorded streams must be stored in a location other than the application directory. See also DuplicateDir (StreamsManager) StreamManager Container tag. Description The tags in this section configure the Stream Manager settings for this application.
UnrestrictedAuth This tag determines whether or not to allow sending the username/password combination with each HTTP redirect. Description Sending the username/password combination is useful only if the Allow tag permits redirections. The default setting is true. UserAgent Container tag. Description The settings for clients vary according to whether the Flash Player platform is Windows or Macintosh. Setting the value 0x01 will configure the player and platform for silence messages.
Syntax ; WriteBuffSize This tag specifies in kilobytes the size of the write buffer. Description The default size is 16KB.
4 CHAPTER 4 Flash Media Server Security Macromedia Flash Media Server 2 will typically be used in a network environment where many users will have access to it; by changing its configuration, you can make the server accessible from within a private network, from the public Internet, or both. When deploying any server technology, you should consider the implications to both the security of your internal network and the accessibility of the server’s host computer.
Edit the security tags in the configuration files Utilize the limits that can be set in the server’s configuration files. Use the following tags in the configuration files to enhance the server’s security: ■ Server.xml file The HostPort tag nested in AdminServer container allows you to specify the port of your choice for connecting to the Admin service with the management console. This allows you to use a port that will work with your firewall configuration. The default is port 1111.
The MaxAppInstances tag nested in the ResourceLimits container lets you limit the number of application instances that can exist simultaneously on the virtual host. This can help prevent denial-of-service attacks. The default is -1, which allows unlimited application instances. The MaxStreams tag nested in the ResourceLimits container lets you specify the maximum number of streams that can exist simultaneously on the virtual host. This can help prevent denial-of-service attacks.
About authentication and authorization To authenticate (validate) administrators, Flash Media Server employs several layers of hostbased user security. (Host-based security refers to security measures that are implemented in the server software itself.) When a user tries to connect to the management console with an administrator user name and password, the server uses the layers of settings in its configuration files to determine whether the connection should be allowed.
By default, only the management console performs user authorization. When developing your own media applications, you can decide whether to implement user authorization; some kinds of applications need this capability while others do not. For example, when developing a simple chat application, you might choose to create two different versions of your Macromedia Flash client application.
Secure script loading The Flash Media Server script security model enables one to limit the exposure to potentially malicious or buggy third-party code that may be included on the server side. An example would be an extensible application where users could download third-party plug-ins or components, then load or evaluate them in the application. If you are concerned that such plug-ins or components may compromise the system, you can apply the script security model to restrict them.
// available globally as idGen. global.idGen = protectObject( idgen ); // Make idGen non-enumerable, read-only and permanent setAttributes( global, "idGen", false, true, true ); When normal script loading begins idGen will be available as a global object, that cannot be compromised by any script loaded directly or indirectly from main.asc. Example //main.asc trace( "Loading main.asc" ); trace( "idGen = " + idGen ); idGen = 50; trace( "idGen = " + idGen ); Here’s the output for main.
Permissions levels Flash Media Server does not use explicit levels of privileges, but provides a way for the application developer to implement system objects that the application code can not compromise. Privileged access is simply the capability to directly access these special objects. These system objects could be compromised if a system call explicitly evaluates randomly accessed code on the caller's behalf. This should never be permitted.
Asynchronous system calls In Flash Media Server, application developers can implement asynchronous system calls, where the caller is unprivileged and relies on a system call to set up and complete the call. The callback must remain unprivileged. This coding is useful when a system object is trying to wrap and hide a network connection. // in secure.asc ... sysobj.remoteCall = function(func, responder, arg1, arg2, ...) { // validate/modify args ... var sysResponder = {}; sysResponder.
Choosing passwords When choosing passwords, remember to make them as secure as possible. The following guidelines can help you create more secure passwords: ■ The minimum length of a password should be 7 characters. ■ Passwords should not contain your user name or any part of it (for example: Jane, Doe, Jdoe).
Access DLL is the libconnect.dll file (this module is named the libconnect.so file in Linux installations) stored within the modules/access subdirectory of the root Flash Media Server installation. When a connection is attempted, Flash Media Server first determines whether or not Access DLL exists. ■ If the Access module is available, the module is initialized on server startup with a context pointer. The module also provides an adaptor interface to the server.
Access DLL APIs Access DLL provides the following AccessAdaptor APIs: API name Description getVersion Returns the version of the Access module. getDescription Returns a description of the Access module. onAccess Callback; this API is activated when a connection is attempted to Flash Media Server. OnAccess is responsible for accepting or rejecting a connection.
API name Description setReadAccess Sets the read access for a client. The Access string is configured as JavaScript's client.readAccess. The second parameter is a Boolean value with its default as true. This Boolean value, if true, will block user scripts from changing this value. If false, user scripts will be allowed to change this value. setWriteAccess Sets the write access for a client. The Access string is configured as JavaScript's client.writeAccess.
Sample Adaptor.cpp file Here is an excerpt from the Adaptor.cpp file that you can modify to fit your local authentication profile. Adaptor.cpp is a C++ file that contains the code for the Access DLL module. The corresponding file on Linux systems is called Makefile.access.
} default: // We really shouldn't get here! fprintf( stderr, "SampleAdaptor: Unknown access event!\n" ); } //pAccess->reject("why not"); pAccess->accept(); } Developing secure applications If you develop Flash Media Server applications, you can use SSL (Secure Sockets Layer) and other secure development practices to ensure the security of your applications and the data they use. Using SSL To use SSL in your applications, you need to configure both your applications and Flash Media Server settings.
Configure the adaptor to listen on a secure port. If you need a secure connection, configure the adaptor for the application to listen on a secure port by setting the secure attribute to true in the HostPort tag in the Adaptor.xml file. Be aware that you can assign only one virtual host to an adaptor that listens on a secure port, and you must specify the IP address of that virtual host in Adaptor.xml.
Send sensitive data via HTTPS If you need to send sensitive data such as credit card information, you can use HTTPS to communicate simultaneously between your Flash client application and a separate application server that processes the data. To do this, use the ActionScript getURL command. (For more information, see the ActionScript 2.0 Language Reference.) About privacy The technology in Flash Media Server enables the capture of client audio and video streams.
If the Flash Media Server and an application server are both behind a firewall, they can communicate with each other and no outside party can eavesdrop on the data to gain access to private information. You can also configure a firewall to provide additional protection against outside attacks. For example, if the server is being flooded by a particular IP or range of IP addresses, you can configure the firewall to ignore messages from those IP addresses.
Index A Access DLL 224–229 APIs 226–227 configuring 225 examining the connection request 225 modifying 227 sample Adaptor.cpp file 228 access logs 35–39 events 35–36 fields 36–38 status codes 38–39 Adaptor.xml file 147–162 configuration tags 230 description of tags 150–162 file structure 147–148 security tags 216 summary of tags 148–149 Adaptor.
Application.
configuration files 85–214 Adaptor.xml 147–162 Application.xml 183–214 Logger.xml 134–146 protecting 217 security tags 215–217 Server.xml 86–128 SSL support 64 Users.xml 128–134 Vhost.xml 162–183 connections data 31 restricting 216, 230 console. See management console D diagnostic logs 40–51 status categories 41–42 status message IDs 42–51 DLLs. See Access DLL E event viewer, Windows 57 F fcsmgr utility 58 firewalls 62, 231 H help, online 19 hosts, virtual.
viewing application log file 22 viewing connection data 31 viewing license files 33 viewing performance statistics of an application 26 viewing server log file 34 viewing server performance data 30 viewing the application log file 23 O object properties, configurable objects, protecting 221 override attribute 184 P passwords 224 performance statistics of applications 26 of server 30 permission levels 222 platforms, supported 8 ports, secure 63 privacy 231 R refresh rate (management console) 19 registerin
FreeMemRatio 103 FreeRatio 104 GID 104 GlobalQueue 104 GlobalRatio 105 HeapSize 105 HostPort 105 HTTP 106 IPCQueues 106 LargeMemPool 106 LocalHost 107 Logging 107 Mask 108 Master 108 MaxAge 108 MaxCacheSize 108 MaxCacheUnits 109 MaxConnectionQueueSize 109 MaxConnectionThreads 109 MaxIOThreads 110 MaxQueueSize 110 MaxUnitSize 111 MaxWaitTime 111 MessageCache 111 MinConnectionThreads 111 MinIOThreads 112 MinPoolGC 112 MyZone 113 NumCRThreads 113 Order 113 Process 114 Protocol 114 ProxyInfo 115 ResourceLimits
Users.xml tags AdminServer 129 Allow (HTTPCommands) 130 Allow (User) 130 Deny (HTTPCommands) 131 Deny (User) 131 Enable 131 HTTPCommands 132 Order (HTTPCommands) 132 Order (User) 132 Password 133 Root 133 User 133 UserList 134 RouteTable 177 SegmentsPool 178 SmallMemPool 178 SSL 178 Streams 179 UpdateInterval 181 VirtualDirectory 181 VirtualHost 182 VirtualKeys 183 virtual hosts adding 69 administrators 12 configuring 11, 13, 66, 69 managing 28 V W Vhost.
