iTSS Extranet

Internet Software

Since its beginnings (Possibly beginning with the TCP/IP stack in BSD Unix ? ) the Internet's development has been closely tied up with the UNIX Operating System and they have grown together. The "reference" implementations of all the key Internet services were developed on UNIX systems and even today only a few are available on other Operating Systems. The availability of these "free" and highly reliable implementations of these servers still provides UNIX platforms with a head start over other platforms when it comes to building Internet servers. Much of this software is "bundled" on the "vendor" CDs, other is downloaded from WWW sites of organisations such as the Internet Software Consortium

We have had some considerable experience with all of the following which together make up the "nuts and bolts" of a TCP/IP network. Some of these are part of the "NERC Internet infrastructure" and their lack of visibility to the user community is a measure of their success. Others, such as Apache, have a higher user visibility. Either way, if you feel you have a special need , please contact us at to discuss details of your requirements.

Apache WWW server

Squid WWW cache

FTP servers

Internet Mail Servers

DNS Servers

News (Usenet) Server

Secure Shell (ssh)

Other Added Value Software

Probably the "glittering prize" (besides the linux operating system) of the Open Source movement, the Apache WWW server runs on around 60 % of the worlds WWW servers. In combination with the xBSD unixes, it is the "standard"; WWW server for ISPs and the like. Obviously, this WWW site ( ) runs on an Apache server - it shares a SUN ULTRA 5 with the NERC news server. Apache is designed with a fast, simple core implementing the basic functionality and lots of modules to provide additional functionality. For more details, see

Squid is the "standard" WWW cache on the Internet. For more information see

We have a scheme which involves using the JANET Web Cache Service as a second level cache for overseas pages. Pages within the .uk domain are cached in the local (ie on-site) SQUID and local pages ( ie on-site WWW servers) are not cached at all. We find that the larger NERC sites achieve a Cache Hit Rate of around 30% with this set-up. This is a significant reduction in network traffic but, the improvement in visible response time is probably more significant for most sites. Our installation service includes liasing with UKERNA and arranging for various, necessary DNS aliases to be set up.

Anonymous and Restricted FTP servers

Installation and configuring of anonymous and restricted ftp server. We use the Open Source FTP server software from Washington University which has signicantly enhanced logging and such-like facilities compared with the standard FTP server. This should mean it is a better product in vulnerable positions such as an external (outside the firewall) server . We have experience of setting this up in a secure manner. Be warned that setting up anonymous and restricted ftp servers securely is not as easy as you might think - we strongly urge people to get us to do this one for them.

For many years, we have been configuring and running SMTP mail servers using the sendmail software from

Sendmail on unix has been the definitive "reference" email server for the Internet since the 1980s. It acquired a very bad reputation for security vulnerabilities in the early 1990s. However, a great deal of work was done on the program and recent versions (8.9 and 8.10) have not suffered from such problems. With hindsight, many of the old problems (worms, buffer overruns,..) seem strikingly similar to those currently being faced by newer, less mature email server software today? Sendmail offers very complete support for ESMTP, MIME and so on but for details (RFC nos and so on) you will have to study the actual documentation.

Our current version is based on a configuration developed for the NERC mail relays. This uses m4 macros to generate the infamous configuration files and is much more "standard" than our earlier version which was derived from a sendmail configuration supplied by Sun Microsystems with SunOS. This is in line with strong recomendations from the suppliers and should make it much easier to upgrade and maintain in future.
There are numerous enhancements eg to prevent third-party message relaying, allow addressing by user's names as well as userid and provide fancy bounce messages. It also has support for the NERC CURD user database which is maintained by the IT Core Group in Swindon. (For details of the CURD, see ). Most of these run on Solaris 2.x but a few run on other UNIXes and the sendmail software has in fact been ported to every unix (or unix-like) system I have ever heard of !.

We can also provide POP and IMAP servers which can be used with PC mail software such as Eudora, Pegasus, Netscape Navigator and Microsoft Exchange.

DNS Servers

DNS name servers. These are based on the BIND software as supplied by the UNIX vendors. However, the responsibility for BIND lies with the Internet Software Consortium

News (Usenet) Server

News is sometimes described as the most important elective protocol on the Internet. It is certainly an important part of any Internet service.

iTSS run a news server for NERC at Wallingford. It can be found at This uses a software package called DNEWS which is slightly unusual in being a "sucking feed" server. What this means is that news articles are fetched from the upstream newsfeed on request (and then cached on disk for future requests) instead of having an overnight batch download. This seems to be appropriate for a relatively small community such as NERC - the articles which we have on disk are those which NERC users actually request and the saving on disk space is considerable. It does mean, however, that you have to wait a few minutes, on occasion, for an article to be fetched.

Secure Shell (ssh)

ssh is a replacement for programs like rsh, rlogin, rcp and telnet. It provides secure communications over local and wide area networks between hosts. It is one of the very few cases, we have seen, of a "secure" program being easier to use than the "ordinary" version ! For further details see the Secure Shell (SSH) FAQ and

Last updated: 25/07/2007