Released in May as part of the VMware vFabric Suite 5.1, the latest version of VMware vFabric Web Server, VMware’s commercial web server (based on the popular Apache HTTP Server project), includes a number of improvements in the areas of manageability and security. July heralds an incremental update version 5.1.1, with enhancements to security, mod_ssl and other components.
There are a number of improvements in the area of manageability, including RPMs for Linux in addition to traditional self-extracting zip packages, which support rollback and parallel installation. A number of new platforms are supported in addition to Windows and Linux, most notably Solaris on both Intel/AMD and Sparc hardware.
Improving Manageability with mod_bmx
The most interesting new development for vFabric Web Server is that it is the first Apache HTTPD-based web server shipped with mod_bmx to support monitoring and management.
Mod_bmx is a new module that leverages a new Apache HTTPD framework called BMX, an open source project created by the Hyperic engineering team to expose detailed internal runtime information (such as performance metrics, status, configuration, and current capacity) to external monitoring systems, including Hyperic. Previously, to manage vFabric Web Server or Apache HTTPD, users relied on mod_status and/or mod_snmp in order to get high-level indications for the overall health and performance of the web server itself. Now, with mod_bmx, administrators can query detailed history on the web server and vhost statuses, such as version information and uptime history in order to triangulate when problems or changes occurred more quickly.
Mod_bmx includes 3 Apache HTTPD modules (mod_bmx, mod_bmx_status, and mod_bmx_vhost), which compliment mod_status and expose HTTPD server monitoring information and virtual host specific data through an HTTP endpoint in an automation friendly format. Monitoring applications can monitor the health of vFabric Web Server instances by issuing HTTP queries to mod_bmx, and the resulting key value pair output data can then be easily parsed and consumed. While formatted for automation tools, the output from mod_bmx remains human readable without using additional tools, unlike snmp and similar protocols.
- mod_bmx is the core BMX module that provides the base functionality for query and response on web server runtime information. Mod_bmx works with other modules, commonly referred to as plugins, that actually expose the metrics to be queried.
- mod_bmx_status is one of the two data providers in the group. It outputs the server status summary, similar to the familiar mod_status, including runtime statistics about the overall health of the Apache-based server and its children.
- mod_bmx_vhost is the other data provider in the group, and it outputs information on the virtual hosts running within Apache-based web servers, such as per-page counts, byte counts, error counts, etc. Data is stored and collected for each vhost, and also across 3 different time ranges, including the time since Apache was last started, the time since the Apache-based web server was last restarted, and also for all time.
Unlike mod_status, individual beans may be queried from the module; rather than the entire result of a mod_status query, it is possible to request only specific data points. This can significantly improve performance as monitoring tools can query the server more frequently for specific status details.
Additionally, as announced last month, vFabric Hyperic 4.6.6 is the first monitoring application that leverages mod_bmx to monitor the health of vFabric Web Server. To take advantage of mod_bmx, download either the open source Hyperic or vFabric Hyperic 4.6.6.
In version 5.1, vFabric Web Server makes a major leap to OpenSSL 1.0.1 adding TLS versions 1.1 and 1.2 support for protocols and ciphers, which addresses a number of the vulnerabilities and exploits found in SSL 2 and 3. To learn how to utilize OpenSSL with the Apache Web Server, users should go to http://HTTPD.apache.org/docs/2.0/ssl/ssl_howto.html.
The incremental release version 5.1.1, now available, further enhances the SSLProtocol directive to allow the user to toggle TLSv1.1 and TLSv1.2 independently, and introduces the newly validated FIPS 140-2 operating mode provided by OpenSSL/FIPS 2.0 with the ‘SSLFIPS On’ directive. Information about this validated module is available at http://openssl.org/docs/fips/UserGuide-2.0.pdf
About this release
vFabric Web Server 5.1 is built on Apache HTTPD version 2.2.22 and will continue to incorporate 2.2 updates in future vFabric Web Server 5.1.x releases. vFabric Web Server improvements will continue to focus on improving security and manageability.
For more details on the vFabric Web Server 5.1 release, see the release notes. To try out vFabric Web Server, which is available as a standalone product or part of the vFabric Suite, go to www.vfabric.co/try for a free 60 day trial.