# WCF services as distributed application and loading processed network traffic into a MS SQL database - Instalation - Hardware requirements - Usage - Reference ## Installation Tool is an extension to a Netfox Detective application. It is developed as part of `Netfox.Framework` project in `Develop-Netfox-Cloud` branch. Main part is in NetfoxCloud directory. Tool relies on several packages. EntityFramework package [^EntityFramework] manipulates with a database. Visual Studio downloads and install all necessary packages for every project in solution. Microsoft HPC Pack SDK provides means for connecting to scheduler or scheduling jobs on cluster. Also, offers classes for accessing statistics of cluster. Cluster has to be created and configured by this guide [^Cluster_installation]. Local computer must have local database SQLEXPRESS 2014 installed. Cluster must have access to a global datbase provided by MS SQL Server 2012 at least. ### Hardware requirements Distributed application demands a cluster. Cluster must consist of nodes (computers) with Windows 7 operating system at least. Head node has to have Windows Server 2008 OS at least. This guide [^HPCPack_installation] describes steps for deploying cluster. ## Usage Visual Studio enables to open a solution and execute any projects. Solution platform must be set to x86. Netfox Detective application is using a local database as storage for processed network communication. Distributed application is influenced by `ClusterInfo` class. Class is described in documentation. It has all the properties that defines the distributed process. Distributed process is defined in master's thesis [^MaterThesis]. Fisrt type of service is `ClientToHeadNodeService` service. Its main feature is distributing frames to `HeadNodeToNodeService` and it receives frames from client's application. Program `HeadNodeDistributor` executes the service. Program is only used in job description to execute and host the service. Program arguments of *HeadNodeDistributor* |Argument |Description | |----------------------------------------|--------------------------------------------------------------------------------| |`hn|host: ` |Service will host on this IP. | |`hc|hostClient: ` |Client's URL of CommonService. It is used for sending client URL of this service to a client. (only if the client has public IP. Not remmonded.) | |`iur|idUrlRecord:: ` |Key of record. Program sets the URL of this service on record that has the specified key. | |`ps|portSet:` |Should ports specified manually (true) or OS grants port. | |`ip|minPort: ` |Minimum number of port. | |`ap|maxPort: ` |Maximum number of port. | Second type of service is `HeadNodeToNodeService` service. Service processes the frames and stores them in a database. Program `ProcessL3L4L7` executes the service. Program is only used in job description to execute and host the service. Program arguments of *ProcessL3L4L7* |Argument |Description | |---------------------------------------------|--------------------------------------------------------------------------------| |`hh|hostofheadnodeservice: ` |URL of ClientToHeadNodeService service. This service registers on this URL. | |`ip|minPort: ` |Minimum number of port. | |`ap|maxPort: ` |Maximum number of port. | |`ps|portSet:` |Should ports be specified manually (true) or OS grants port. | |`wd|workingDirectory: ` |Capture network traffic to provided file. | Both programs must be rebuild if some property of service is changed. Project `TestClusterProcessing` serves as test project for distributed processing. Default configuration of clusterInfo is set for nesad\hvezda as user. Distributed solution is experimental and should be treated as such. Switching between local processing and cluster processing is based on `ClusterProcessing` property in a class `ControllelCaptureProcessor`. Creation of capture file for every L4 conversation is set by assingning `true` to a property `CreateCaptureL4` in a class `BulkInsertL3L4ConversationFramesContext`. There are two ways how to load frames into a database. Either during parsing of L3 and L4 conversation or during parsing L7 conversation. Based on property `IgnoreFrames` in classes `BulkInsertL3L4ConversationFramesContext` and `BulkInsertL7ConversationContext`. Both properties can not be set to a `false`, but only one property to a `false`. It is recommended to use version with loading frames during parsing l7 conversation. That is the default behaviour. ## Reference HVĚZDA, Matěj. Captured Communication Processing on Distributed System. Brno, 2016. Master’s thesis. Brno University of Technology, Faculty of Information Technology. Supervisor Pluskal Jan. [^MaterThesis]: URL: https://wis.fit.vutbr.cz/FIT/st/rp.php/rp/2015/DP/18434.pdf [^Cluster_installation]: URL: https://technet.microsoft.com/en-us/library/jj899590(v=ws.11).aspx [^HPCPack_installation]: URL: https://technet.microsoft.com/en-us/library/jj884144(v=ws.11).aspx [^EntityFramework]: URL: https://entityframework.codeplex.com/ [^BulkInsert]: URL: https://efbulkinsert.codeplex.com/