BSDI Internet Server 3.0: Features and Improvements

System administration:

Version 3.0 of the BSDI Internet Server has features requested by new-to-the-Internet administrators and old hands as well. Without a doubt 3.0 is the easiest to administer release of BSDI's already easy to administer product.

GUI system administration interface
Using a familiar web browser based interface the MaxIM Internet Manager takes the steep learning curve out of installing an Internet or intranet server while maintaining the configuration files that are familiar to old hands. A modular, script-driven, design makes it easy to add new components.
NIS client support
For those adding a BSDI server to a Sun or other NIS environment NIS client support allows them the convenience of using NIS.
Getty Daemon
Modem management and PPP dial-out are simplified. Design and implementation of programs that use modems is much easier. Control of programs that dial out is increased.

Web Tools:

Netscape FastTrack Server
Netscape's quick and easy approach to setting up a web server. An HTML management interface takes the pain out of server management. SSL security lets you conduct business on the web.
Netscape Navigator Gold 3.0
The latest version of Netscape's popular web browser with Java support and integrated HTML authoring tools.
Apache httpd 1.1.1
The latest version of the popular high performance HTTP server offers even better performance with support for HTTP/1.1 keep-alives and runtime DNS configuration. Status and server information modules simplify the task of server maintenance and monitoring.
Squid Caching HTTP and FTP Proxy 1.1.beta16
Caching HTTP and FTP proxies conserve network bandwidth and allow control of Internet and intranet access. Frequently accessed files and documents are served to users from a local or nearby cache providing them with dramatic performance improvements while easing the burden on WAN links. Squid can also run "in front of" a local HTTP server where it can offer dramatic performance improvements by caching frequently requested pages.
htmlscript
A CGI pre-processor that embeds a powerful server and browser independent scripting language in your web pages.
gd - GIF drawing library
The gd library and the GD perl module are tools for manipulating GIF images on the fly. Use these to add visual interest to your web pages.

Authentication and Security:

BSDI's flexible authentication scheme has been extended to include full RADIUS support. Kerberos authentication support is now included in both the US and international distributions.

Fully Integrated RADIUS Support
RADIUS server and client daemons are fully integrated with BSDI's flexible authentication scheme. The Remote Authentication Dial-In User Service (RADIUS) protocol, originally developed by Livingston Enterprises, provides a standard method for communication user authentication and accounting information between servers. A BSDI system can function as both a RADIUS server responding to requests from RADIUS clients running on terminal servers or other client machines or as a RADIUS client communicating with a server running on any platform with RADIUS support. The BSDI RADIUS server allows users to authenticate themselves with any of the authentication methods supported by BSDI; including one time passwords and authentication tokens.
Integrated Kerberos Support
Kerberos distributed authentication support is now fully integrated with both the US and international distributions. The encryption functions of Kerberos (including rlogin and telnet) still fall under export controls and are not available from BSDI outside of US and Canada.
System time is harder to forge
One of the ways of attempting to cover up a computer break-in is to reset the system clock to hide the real time when events occurred. In this release the system clock may not be set backwards using the settimeofday(2) call. Fast clocks may still be corrected (by xntpd(8) for example) by slowing the advance of time with the adjtime(2) call. The date(1) and ntpdate(8) commands may be used to set the clock forward while multiuser (security level of 1 or higher) or in either direction while single user.

Upgrade to 4.4BSD-Lite2

The final release from the Computer Science Research Group at UC Berkeley, 4.4BSD-Lite2 includes a number of bug fixes and enhancements -- especially in the area of filesystem support -- that have been incorporated into version 3.0.

Filesystem Support

Among the benefits of the update to the 4.4BSD-Lite2 code base are a number of enhancements to the available filesystem support. Including:

NFS Version 3
The latest version of the widely used Network File System developed by Sun Microsystems, NFS Version 3 includes: The NFS Version 3 specification is available as RFC 1813.
Vnode Driver
Allows an plain file to be mounted as a file system. System administrators will find this useful as it allows swap space to be increased on the fly. Users will take advantage of this to access DOS filesystems without having to dedicate disk to a DOS partition.
Filesystem Clean Flag
Allows filesystems to be marked "clean" as they are unmounted eliminating the need for performing an fsck when remounting after a clean shutdown. This will speed routine maintenance of the system.
Union Mounts (like translucent filesystems)
Enables a system administrator to present a view of a filesystem that is the union of two filesystems. The can be used, for example, to provide an up-to-date view of a dataset that is distributed on CD-ROM. The read-only CD-ROM data would be mounted and then updates would be mounted "on top" of the CD-ROM using a hard disk or another CD-ROM. Users would see an up-to-date view of the data created by the union of the two disks.
`noaccesstime' mount option
A major performance enhancement for busy filesystems holding short-lived read-only data (for example, Usenet News), this mount option allows turning off the updating of file access times on a per filesystem basis.
Long File Name Support for DOS File Systems

Drivers:

Version 3.0 of the BSDI Internet Server adds support for a number of devices that will prove very useful to those setting up Internet and intranet servers.

Enhanced SCSI support enables BSD/OS to deliver high sustained throughput from modern SCSI devices.

Laptop support is greatly enhanced with the inclusion of PCMCIA and power management drivers.

Fast and Wide SCSI support
All capable SCSI host adapters now offer Fast and Wide support.
SCSI support for tagged queuing
With the addition of support for tagged queuing host adapters are now able to have multiple outstanding commands issued against a single device. This results in faster performance for RAID devices and write-caching disks.
SCSI "generic" device driver.
The SCSI generic device driver serves as a "catch-all" driver for units not claimed by device specific SCSI drivers. The existence of the generic device driver simplifies the support of devices like scanners and the management interfaces of RAID controllers for which a specific driver does not already exist. In many cases the support of these devices can be implemented entirely in user mode though the generic device driver.
Disk "splicing" driver
The splice driver and its associated configuration command allow multiple physical disks to be striped or concatenated together to create very large disks. This driver allows more operations per second than a single large disk. This is good for news where lots of small operations are going on at once. With news two 4 GB disks will give you better performance than on 8 GD disk. With the splicing driver you get the performance benefits of multiple drives with the ease of administration that comes from a single drive. With this driver "virtual" disks of up to 512 GB can be supported. Note that this is not "software RAID," no redundancy is provided.
Dynamically-loadable keyboard map
The keyboard map may now be loaded dynamically. This feature will be useful to OEMs and others supporting systems that make use of international keyboard support. Note that multi-byte character sets are not yet supported.
PCMCIA and power management support
Laptop PCMCIA controllers and power management facilities are now supported. Laptops running BSD/OS are now much more functional and can take advantage of the higher performance Ethernet adapters available on PCMCIA cards. This should prove very useful to those requiring a portable BSDI workstation as well as for on-the-road demos and for high performance network troubleshooting tools.
BusLogic FlashPoint SCSI Host Adapters
Improved DEC 10/100 MB Ethernet support
DPT SCSI RAID Controllers
Intel EtherExpress Pro/100B
SDL Communications N2pci
Stallion multi-port serial cards
Quick-Cam

Programming support:

Java Development Kit (JDK) ported to BSD/OS Available soon
Java is the popular C++ like language invented by Sun Microsystems for the development of machine independent "applets" that can be run by common web browsers, including the Netscape Navigator. The JDK enables web programmers to develop their own platform independent Java applets on BSDI. The licensing terms imposed by Sun do not allow the distribution of the JDK on physical media. The JDK port done by BSDI will be available to BSDI customers via ftp in the near future.
POSIX Threads Support
In 3.0 we've added our first release of support for user level POSIX.1c threads (pthreads), including a thread safe C library.
Electric Fence 2.0.5 malloc() Debugger
Debugging "leaks" and other memory allocation errors can be a very time consuming part of the program development cycle. Long lived servers often bring memory allocation problems to a head. Electric Fence takes advantage of your system's virtual memory hardware to trap errors making it easy to find the problem with your debugger.
Latest Development Tools
Including: GCC 2.7.2.1; GDB 4.16; Perl 5.003_02; and more.
read()/write() and mmap() now coherent
Programs such as INN can now take advantage of mmap() without fear of running afoul of programs that use read() and/or write() to modify mmap()'d files.

Network:

Version 3.0 brings a number of significant performance and security improvements to BSDI's already strong networking facilities. In addition to the performance enhancements released in version 2.1 with the "Web Performance Kit" version 3.0 offers:

Improved defenses for denial-of-service attacks
BSD/OS has been hardened against common denial-of-service attacks, such as the well known SYN-flood attack. Servers running on BSD/OS are capable of riding out significant attacks while continuing to provide service to legitimate users.
Kernel level packet filter
Since the real solution to many common attacks on TCP/IP based servers is to deny the attacker the ability to forge the source IP address BSDI has added a filtering mechanism to the kernel to detect and stop potential attacks at the source. The filter works by blocking packets that are received on an interface that is different from the interface that would be used to return packets for the source IP address. This strategy is particularly effective when employed "close" to the attacker, for instance on the ISP's side of the attacker's dial-up link.
Additional TCP performance improvements
In addition to the performance enhancements introduced with our "Web Performance Kit" version 3.0 incorporates further enhancements based on our ongoing efforts to provide the best possible TCP performance. Compared to a stock 2.1 system 3.0 provides up to a 5 times improvement in HTTP performance.
TCP path MTU discovery
Allows version 3.0 systems to use the largest possible packets for a given route increasing network throughput while decreasing network overhead.
PAP and CHAP authentication support for PPP
An RFC 1994 compliant PAP and CHAP authentication support enables ISPs to streamline support for customers with PAP or CHAP enabled PPP (such as Windows 95) by eliminating the need to go through a login dialogue. CHAP authentication can offer enhanced security for dialup and mobile users.
PPP Multilink Protocol
PPP traffic can now be "stripped" across multiple links to systems supporting the PPP Multilink Protocol (RFC 1990).
TCP tunnel driver
The basic building block of a Virtual Private Network, the tunnel driver (tun(4)) allows a privileged process to enable a network interface and exchange packets with the kernel packet forwarding facilities.
Improved virtual hosting
Virtual host support has been enhanced to include Telnet and FTP as well as Web servers.
Improved SNMP support
Tools have been added to facilitate SNMP management (scotty, tkined, tknm).
Automatic media type detection on network interfaces
Improved network statistics

Utilities:

The BSDI core and contributed utilities packages have been gone through. We've installed the latest versions, incorporated bug fixes and added many useful programs to the distribution.

New contributed software packages
Including: psutils 1.16, tools for manipulating PostScript documents; xpdf 0.5, Adobe PDF file viewer (Acrobat clone); and more.
Updated versions of many system and utility programs
Including: emacs 19.34; gated; hylafax 4.0; perl 5.003_02; qpopper 2.2; and more.
Many bug fixes and enhancements

Miscellaneous:

Break on Serial Consoles
For systems with serial consoles the break key can be used in a manner analogous to Control-Alt-Delete on the standard console.
ISO 9660 Tools
Tools for building ISO 9660 file systems (with Rock Ridge Extensions) and writing CD-ROMs are now included.
Longer Argument List
Command arguments may now be up to 256 KB long.


Copyright © 1997 BSDI, Inc.