Self-Hosted Baseline Server
Self-Hosted Baseline Server

The Baseline server enables users to remotely connect to and operate Baseline irrigation controllers. Users operate their irrigation controllers through AppManager™, a web-based (browser-based) interface. The controllers are connected through web-based ports (HTML-5 standard, WebSocket Protocol).

The Baseline server is available as a self-hosted option or a virtual machine image.

The self-hosted Baseline server is a full-function Linux based server. This server is available from Baseline pre-installed on a solid state server module based on the Intel™ Next Unit of Computing™ (NUC) hardware. The self-hosted Baseline server is fully web manageable and does not require a monitor or keyboard (a keyboard, monitor, and mouse are available as an option.) The system is designed to be a low power, high reliability server unit suitable for customers who do not have an existing rack-based virtual server environment, or for customers who do not wish to install AppManager on a managed IT server.

For those who prefer to use existing managed servers, AppManager is also available as a virtual machine image suitable for installation in modern VMware® rack mount server environments. The Baseline server virtual machine requires a minimum of 4GB of RAM, 120GB of disk space, and an Intel i3 class processor or equivalent.

The self-hosted Baseline server or virtual machine server can be fully managed via the built-in secure web server.

In order to allow mobile devices to access the Baseline server, an externally accessible static IP address or hostname is required, and https web access to the Baseline server will need to be enabled.

Baseline Server — Features and Specifications

Hardware Options

The BaseManager server is a full-function Linux based server. This server is available from Baseline pre-installed on an all solid state server module based on the Intel™ Next Unit of Computing™ (NUC) hardware.  The self-hosted BaseManager server is fully web manageable and does not require a monitor or keyboard (a keyboard, monitor, and mouse are available as an option.)  The system is designed to be a low power, high reliability standalone server unit suitable for customers who do not have an existing rack-based virtual server environment, or for customers who do not wish to install BaseManager on a managed IT server.

 

See an Example of the Network Topology for the Baseline Server in a Self-Hosted Implementation.

 

For those who prefer to use existing managed servers, BaseManager is also available as a virtual machine image suitable for installation in modern VMware® rack mount server environments.  The BaseManager virtual machine requires a minimum of 4GB of RAM, 120GB of disk space, and an Intel i3 class processor or equivalent.

 

The self-hosted BaseManager server or virtual machine server can be fully managed via the built-in secure web server. The server must have access to the Internet in order to access satellite map data.

 

In order to allow mobile devices to access the BaseManager server, an externally accessible static IP address or hostname is required, and https web access to the BaseManager server will need to be enabled.

 

Basic Operation

The BaseManager server enables users to remotely connect to and operate Baseline irrigation controllers. Users operate their controllers through a web-based (browser-based) interface, and the controllers are connected through web-based ports (HTML-5 standard, WebSocket Protocol).

 

All traffic is TCP/IP with varying media types (cell, wireless, packet-radio) as needed along the route. The server routes communication, performs maintenance tasks, stores watering logs and information, and enables remote updating and configuration.

 

Networking Overview

All communication to/from clients (browsers) and controllers is done over SSL port 443. In order for controllers to work with the server, they must be able to talk to the server on that port. Clients also need to be able to be routed to the server’s Apache-httpd at that port. This approach prevents the need for opening firewall pinholes or configuring port mapping at an off-site facility. Typically most IT installations route HTTPS out-bound traffic. If an Ethernet port can get out to the Internet, no other special configuration will be required at the controller side.

 

An important part of the browser-based BaseManager client application is a map interface. The map data is loaded from a third-party. This data transfer requires general access from the server to the Internet and from the Internet back to the server. In the future, this data may be stored locally on the server, but for now, the server makes requests and downloads data over an Internet connection.

 

Security Overview

  • All IP traffic between the client and the server is SSL-encrypted.
  • All data is stored on a local database server (mySQL). Traffic is internal only to local drive. Data is NOT currently encrypted on that database server, but could be as required. There is no database access from external connections.
  • Firewall is established by Linux kernel IPTABLES (statewise). The only port essential to be opened is 443. (Although, port 22, ssh, could be useful for future updating.)
  • Standard Apache web security is employed. Further access limitations can be added via IP, network, etc. through the .htaccess facility of Apache.
  • Clients (browsers) can be allowed to remain connected indefinitely or can be logged off and dropped.
  • Controllers only access and talk to the IP address of a single assigned BaseManager server (programmable). Similarly, they only listen to the assigned server, only over the WebSocket Protocol (not HTTP) and only through encrypted traffic.
  • Controllers/clients need not respond over the same Ethernet device on the server. In some  situations, it may be preferable to have controllers on their own Internet-isolated network.
  • Webmin (web-based system configuration and management tool) is enabled by default on a specified SSL (https) port, 10001.
  • For security purposes, webmin can be disabled from external access (i.e., localhost only) or disabled entirely.

WebSocket Protocol Overview

Communication in this system is based on the WebSocket Protocol and not on web representational state transfer (REST) transactions. This approach allows for instantaneous, full-duplex communication as opposed to the polling delay traditionally associated with RESTful designs. While most current browsers support this standard, noncompliant browsers are still in use.

 

A secure version of the WebSocket protocol is implemented in the following browsers (with the listed version and higher) Firefox 6, Google Chrome 14, and Opera 12.10. 

 

Using this communication protocol means that traffic packets on the network are not always in the format of a traditional HTTPS exchange (headers, body, etc.). Using this format and ensuring SSL-only traffic has proved to ease routing woes. We have found no difficulties yet in passing this traffic, even with sophisticated routers, packet-shapers (like F5), or web filters.

 

BaseManager Server Components

The BaseManager server has been run successfully on several flavors of Linux distributions, including Fedora, RedHat, CentOS, and Ubuntu.  By default, all BaseManager servers are built on the CentOS 6 distribution unless otherwise specified.

 

The lists below specify the required and non-required packages that are included by default in the self-hosted BaseManager server and in the virtual machine server image.

 

Required Packages (Included in BaseManager distribution)

Note: The following list includes only the packages that may be required in addition to those that are included in a minimum CentOS distribution.

  • httpd-server
  • mysql-server
  • MySQL-python
  • python-devel
  • flex
  • libtool
  • make
  • rsync
  • mod_ssl
  • subversion (for checkout of pywebsocket below)
  • php
  • php-mysql
  • bind-utils (provides nslookup)
  • gcc
  • httpd-devel
  • ntp
  • ntpdat
  • php-xml

 

Required Non-Package Software (Included in AppManager distribution)

  • mod_python – May be needed to fix a line in the code
  • pyswebsocket – Required for web socket operations
  • ioncube_loaders_lin_x86-64.tar.gz
  • python Package
  • pytz  – time utilities
  • webmin.tar

 

Optional/Helpful Software (Included in AppManager distribution)

  • bind-utils – Provides nslookup
  • mlocate – Locate and update database

 

Support and Software Updates

Providing external access for Baseline Support is not required for operation and is not allowed without taking explicit steps.  However, providing access for Baseline Support may be desirable for ongoing support and software updates.

 

Software updates can be delivered via sneaker-net with a USB drive or emailed as a .tar file.

 

Spec Docs:

Technical details for the self-hosted Baseline server
General specification information for the self-hosted Baseline server in Microsoft Word format. Suitable for including in specifier's documentation.
General specification information for the self-hosted Baseline server in Microsoft Word format. This non-proprietary spec does not give the manufacturer's name or the brand name of products, which enables the irrigation designer to specify Baseline products while complying with the requirements in the bidding documents.

Support Docs:

A brief overview of the Baseline server for network administrators and other IT professionals

Install Guides:

Instructions for setting up a self-hosted Baseline server that is deployed as a virtual machine
Instructions for installing and setting up a self-hosted Baseline server

How to Specify Self-hosted Baseline Server Options

  • BL-APPMGR-VM   AppManager with BaseManager, PipeView, the FlowStation app, and AdminManager as a virtual machine
  • BL-APPMGR-COM   AppManager with BaseManager, PipeView, the FlowStation app, and AdminManager on a pre-installed server
  • BL-APPMGR-MAA   Mobile Access Advanced Plugin for self-hosted AppManager