Administration Interface for Web Server Resources

This solution is a Tk-based administrator interface used for managing web server resources along with appropriate access permissions.

In general, the administrative interface provides an administrator-friendly enviroment that allows for X.509 certificate-based management of groups, users, access control rules, web hosts and web resources.

The project additionally involved developing special plug-in modules for both Apache and Microsoft IIS Web servers for access control to server resources based on user SSL/X.509 certificate information.

Tools & technologies used: GNU/Linux, MS IIS, Apache1.2.x, Tcl/Tk, X.509

Secure VPN for Corporate LANs

This project involved the development of a specialized software solution that provides secure access and tunnelling capabilities for various resources within Local Area Networks.

The software operates in an insecure, hostile environment such as public Internet, while ensuring safe and secure communications. The authentication and authorization of users is based on X.509 client certificates, while providing a possibility to utilize other authentication resources such as Radius, Kerberos, NIS/YP, ActiveDirectory or LDAP.

The users are be able to access a variety of resources from the internal network such as:
- Web resources
- SSH and Telnet accounts
- Windows Terminal Service (RDP) resources
- Mail servers via SMTP, POP3 and IMAP4
- Windows (SMB), FTP and NFS file repositories
- X11 Window System sessions

The maintenance personnel have access to a number of administration facilities, including:
- Transaction-based configuration control with ability to rollback
- resource list modification
- Users and groups permission management
- Configuration of the fall-back authentication services
- Basic system configuration and monitoring (date and time, system logs, active connections)
- Tunnelling configuration

Administrator-s identity is determined according to an X.509 client certificate.

Tools & technologies used: GNU/Linux, OpenSSL, X.509, Radius, Kerberos, NIS+, LDAP, Active Directory, Ruby, Java, RDP, X11, SMTP/POP/IMAP, CIFS, NFS, FTP, SSH

Network Attached Storage Appliance

This is general appliance software that offers advanced application services and management capabilities based on the Common Information Model (CIM). In its NAS incarnation it is able to perform the following functions:

- Provide seamless integration with all CIFS clients, including operation in an Active Directory-based environments, authentication with Kerberos V and other more regular CIFS authentication schemes (NT#, NTLM, NTLMSSP, etc). The Appliance can be managed from its own Java-based GUI as well as from the Microsoft Management Console.
- Provide rich NFS v.2 and v.3 access including advanced features like mapping of user ID, group, and encodings used for file and directory names. The mapping is very flexible and allows taking into account a number of parameters, including client's IP address, user ID, group, the resource accessed and other details.
- Provide access to the Appliance from a wide range of MacOS-based clients, including MacOS 8.x, 9.x and MacOS X. The features include full internationalization support with independent settings for different resources, support for Access Control Lists and enhanced CIFS interoperability.
- Provide flexible logical volume management and hot-swap capabilities based on the EVMS framework by IBM.
- Security hardening of third-party components and the whole platform.

The Appliance is built upon XFS file system and EVMS volume management software. This grants both scalability and nice performance within most environments. Judging by the user feedback, it is possible to work via CIFS with more than 300000 files per directory on >2Tb storages.

Tools & technologies used: Security-hardened GNU/Linux on IA32 and XScale hardware architectures, Sandman build environment, Samba/CIFS, NFS, AppleTalk, XFS journaled file system, Kerberos V, EVMS volume management, DM-NBD network block device driver, CIM/Jiro.

Multifunctional Firewall Appliance

The Firewall Appliance is a software package for multifunctional network devices, based on GNU/Linux technology. The Appliance provides the following services:

1. Network filter/Firewall. Based on IP Tables Linux feature, with intuitive user model available in native client administration tool. Features easy-to-use blacklists and service-based access control.
2. Mail server with support for SMTP, POP3 and IMAP protocols that handles virtual mail domains, aliases and user quotas. Based on Postfix MTA.
3. Proxy server. Provides HTTP, HTTPS and FTP access based on ACL. The Proxy supports SOCKS5 protocol based on Squid and Dante packages.
4. Name server based on Bind that handles private and external DNS zones.
5. Web server that permits device users to publish their personal web pages.
6. Anonymous FTP server based on vsftpd.
7. Statistics subsystem that gathers and displays statistics on firewall rules, network interfaces usage, HTTP/FTP traffic and so on.
8. File server based on Samba that hosts SMB file shares for an internal network.
9. QoS support that allows to control quality of service for several categories of traffic and users.
10. Network time protocol support.
11. Configuration system. Implements transaction-based core with pluggable modules, and a web-based or Tcl/Tk front-end. Modules exist for each of the above-mentioned services, as well as for generic system settings, network interfaces, disk volumes and user management. Written in Ruby.

Tools & technologies used: Linux, IPTables, Squid, SOCKS, BIND, Ruby, HTML, Tcl/Tk.

Microsoft Outlook Connector for SUSE LINUX Openexchange

This is a special connector designed to enhance the functionality of SUSE Openexchange Server with its primary goal being to enable Microsoft Outlook users to easily team up for collaboration from the environment they are familiar with when using SUSE LINUX groupware solution.

In its current implementation the connector provides the following capabilities:

- Allows MS Outlook users to seamlessly access appointments, tasks, public folders and other collaborative tools available from SUSE Openexchange.
- Implemented as a MAPI-provider (driver), the Connector allows achieving full MS Office suite integration. For instance, MS Word can retrieve data from Outlook address book and send emails using Outlook contacts;
- Invisible to the desktop user, it serves as a Client/Server intermediary while preserving Outlook look-and-feel;

Tools & technologies used: MAPI, WinAPI, ATL, ActiveX, XML, WebDAV.