Self-Hosted Baseline Server
Self-Hosted Baseline Server

Self-Hosted Baseline Server

The self-hosted Baseline server enables users to remotely connect to and operate Baseline irrigation controllers. Users operate their irrigation controllers through the AppManager™ framework, a web-based (browser-based) interface. The controllers are connected through web-based ports (HTML-5 standard, WebSocket Protocol).

The Baseline server is available as a self-hosted option or a virtual machine image.

The self-hosted Baseline server is a full-function Linux based server. This server is available from Baseline pre-installed on a solid state server module based on the Intel™ Next Unit of Computing™ (NUC) hardware. The self-hosted Baseline server is fully web manageable and does not require a monitor or keyboard (a keyboard, monitor, and mouse are available as an option.) The system is designed to be a low power, high reliability server unit suitable for customers who do not have an existing rack-based virtual server environment, or for customers who do not wish to install AppManager on a managed IT server.

For those who prefer to use existing managed servers, AppManager is also available as a virtual machine image suitable for installation in modern VMware® rack mount server environments. The Baseline server virtual machine requires a minimum of 4GB of RAM, 120GB of disk space, and an Intel i3 class processor or equivalent.

The self-hosted Baseline server or virtual machine server can be fully managed via the built-in secure web server.

In order to allow mobile devices to access the Baseline server, an externally accessible static IP address or hostname is required, and https web access to the Baseline server will need to be enabled.

Self-Hosted Baseline Server — Features and Specifications

Hardware Options

The self-hosted Baseline server is a full-function Linux based server. This server is available from Baseline pre-installed on an all solid state server module based on the Intel™ Next Unit of Computing™ (NUC) hardware.  The self-hosted Baseline server is fully web manageable and does not require a monitor or keyboard (a keyboard, monitor, and mouse are available as an option.) The system is designed to be a low power, high reliability, standalone server unit suitable for customers who do not have an existing rack-based virtual server environment, or for customers who do not wish to install AppManager™ on a managed IT server.

See an Example of the Network Topology for the Baseline Server in a Self-Hosted Implementation.

For those who prefer to use existing managed servers, AppManager is also available as a virtual machine image suitable for installation in modern VMware® rack mount server environments. The virtual machine requires a minimum of 4GB of RAM, 120GB of disk space, and an Intel i3 class processor or equivalent.

Applications in AppManager use map data that is loaded from a third-party. This data transfer requires general access from the client to the Internet and from the Internet back to the client. The client makes requests and downloads data over an Internet connection.

In order to allow mobile devices to access the self-hosted Baseline server, an externally accessible static IP address or hostname is required, and https web access to the self-hosted Baseline server will need to be enabled.

 

Basic Operation

The Baseline server enables users to operate their irrigation controllers through a web-based (browser-based) interface. The irrigation controllers are connected through web-based ports (HTML-5 standard, WebSocket Protocol).

All traffic is TCP/IP with varying media types (cell, wireless, packet-radio) as needed along the route. The server routes communication, performs maintenance tasks, stores watering logs and information, and enables remote updating and configuration.

 

Security Overview

Note: Information about the specific security protocols that Baseline has implemented is available in the Baseline Security Controls Technical Specification.

  • All IP traffic between the web-browser client and the Baseline server is encrypted.
  • Firewall is established by Linux kernel IPTABLES (statewise). The only port essential to be opened is 443.
  • Clients (browsers) are allowed to remain connected indefinitely or can be logged off and dropped.
  • Controllers are able to connect to the IP address of a single assigned Baseline server (programmable).
  • All data is stored on a local database server (mySQL). Traffic is internal only to local drive. There is no database access from external connections.
  • Industry standard Apache web security is employed. Further access control is supported to manage access via IP, network, or MAC address through the .htaccess facility of Apache.
  • Controllers only listen to the assigned server, only over the WebSocket Protocol (not HTTP), and only through encrypted traffic.
  • Controllers/clients need not respond over the same Ethernet device on the server. In some situations, it may be preferable to have controllers on their own Internet-isolated network.
  • Webmin (a web-based system configuration and management tool) is enabled by default on a specified HTTPS port 10001. Webmin access can be disabled from external access (i.e., localhost only) or disabled entirely.

WebSocket Protocol Overview

Communication in this system is based on the WebSocket Protocol This approach allows for instantaneous, full-duplex communication.

Running this communication protocol on the network means that traffic packets are not always in the format of a traditional HTTPS exchange (headers, body, etc.). Using this format and ensuring TLS-only traffic has proved to ease routing woes. We have found no difficulties yet in passing this traffic, even with sophisticated routers, packet-shapers (like F5), or web filters.

A secure version of the WebSocket protocol is implemented in the most current version of the Mozilla Firefox, Google Chrome, and Safari browsers. While most current browsers support this standard, noncompliant browsers are still in use.

 

Baseline Server Components

Baseline servers are built on the CentOS Linux distribution.

 The lists below specify the required and non-required packages that are included by default in the self-hosted BaseManager server and in the virtual machine server image.

Required Packages (Included in the self-hosted Baseline server distribution)

Note: The following list includes only the packages that may be required in addition to those that are included in a minimum CentOS distribution.

  • httpd-server
  • mysql-server
  • MySQL-python
  • python-devel
  • flex
  • libtool
  • make
  • rsync
  • mod_ssl
  • subversion (for checkout of pywebsocket below)
  • php
  • php-mysql
  • bind-utils (provides nslookup)
  • gcc
  • httpd-devel
  • ntp
  • ntpdat
  • php-xml

Optional/Helpful Software (Included in the self-hosted Baseline server distribution)

  • mlocate – Locate and update database

 

Support and Software Updates

Software updates and technical support are available for a yearly fee per software package.

Remote installation support for the self-hosted Baseline server is available for a fee. Installation is limited to Baseline software only. Network configuration changes must be completed by site's network administrator.

 

Spec Docs:

Technical details for the self-hosted Baseline server
Technical details for the industry standard security controls that Baseline has implemented in products that talk to each other and to the server
General specification information for the self-hosted Baseline server in Microsoft Word format. Suitable for including in specifier's documentation.
General specification information for the self-hosted Baseline server in Microsoft Word format. This non-proprietary spec does not give the manufacturer's name or the brand name of products, which enables the irrigation designer to specify Baseline products while complying with the requirements in the bidding documents.

Support Docs:

A brief overview of the Baseline server for network administrators and other IT professionals
Instructions for updating your Baseline products to take advantage of enhanced security

Install Guides:

Instructions for setting up a self-hosted Baseline server that is deployed as a virtual machine
Instructions for installing and setting up a self-hosted Baseline server

How to Specify Self-hosted Baseline Server Options

  • BL-APPMGR-VM   AppManager with BaseManager, PipeView, the FlowStation app, and AdminManager as a virtual machine
  • BL-APPMGR-COM   AppManager with BaseManager, PipeView, the FlowStation app, and AdminManager on a pre-installed server
  • BL-APPMGR-MAA   Mobile Access Advanced Plugin for self-hosted AppManager