All posts by BalaSundaram M

PROBESEVEN - Multi-Processing in PHP at a Glance!

php-logoFew days back had a great experience that got me rejoicing. My development IQ created a spark while working keenly on a client project. Let me introduce a useful concept for the developers to pitch through all the creations. This is all about the multi-processing in PHP.

A Quick Note:

A glance through the concepts of Multi-programming which would help to understand better the process explained in this article.

Multi-Programming

Engaging a multi-programming system, you would find one or more programs loaded in main memory which is similar to running Excel, Paint, Firefox etc.

Multi-Processing

Multi-processing refers to executing multiple processes at a same time. In fact, multiprocessing refers to the hardware not software. A computer using more than one CPU (Physical processor) at a time is called multi-processing.

Multi-Tasking

In multi-tasking, a single CPU is involved, but it switches from one task/program/job/process to another most swiftly that it gives the appearance of executing all of the programs at the same time.

Multi-Threading

Multi-threading is an execution model that allows a single process to have multiple code segments (one process is divided into sub-tasks.) run concurrently within the “context” of that process.

The need for PCNTL functions:

Any modern operation system performs Multi-tasking, which means we can run several programs at the same time. In php, we are using a single process concept and assigning all our work to one process. It will be executed one by one and ultimately takes more time for completion. If we split our one process task into a multi-process task using operating system feature ‘multi-tasking’, we can complete the process in great speed. Using ‘PCNTL’ function, we can do multi-process tasks concept in php.

Multiprocessing in PHP
  1. pcntl_fork — Forks the currently running process
  2. pcntl_waitpid — Waits on or returns the status of a forked child
  3. pcntl_wexitstatus — Returns the return code of a terminated child

The pcntl_fork() function creates a child process that differs from the parent process only in its PID. Both the parent and child process will be exactly the same up until the moment of the fork. Any variables up to that point will be exactly the same in both processes. After forking, changing a variable’s value in one process doesn’t affect the other process though.

When we call pcntl_fork(), it will return one of the three values. They are:

  • -1 - is return on failure.
  • 0 - is returned in the child’s thread of execution.
  • PID - is returned in the parent’s thread of execution.
Example 1:
<?php
$pid = pcntl_fork();

switch($pid) {
case -1:
	print "Could not fork!\n";
	exit;
case 0:
	print "In child!\n";
	break;
default:
	print "In parent!\n";
}
?>

pcntl_fork

The above script just print out a message in the both parent and child processes.
Example 2:
<?php
for ($i = 1; $i <= 5; ++$i) {
	$pid = pcntl_fork();

	if (!$pid) {
		sleep(1);
		print "In child $i\n";
		exit;
	}
}
?>
pcntl_fork_example_2In this script, we started with one process and forked it as five process. In foreach each time, we created one new child process and it did not affect the parent process. Because we exit the child process after the print the message.
Example 3:
<?php
for ($i = 1; $i <= 5; ++$i) {
	$pid = pcntl_fork();

	if (!$pid) {
		sleep(1);
		print "In child $i\n";
		exit($i);
	}
}

while (pcntl_waitpid(0, $status) != -1) {
	$status = pcntl_wexitstatus($status);
	echo "Child $status completed\n";
}
?>

pcntl_fork_example_3

In this sample, We terminate the child process using exit($i) function and then return the status of a forked child from pcntl_waitpid(). Using pcntl_wexitstatus() function, we can get the return value of child process. pcntl_wexitstatus() function returns the return code as an integer.
Attention Note:
  1. Process Control should not be enabled within a web server environment and unexpected results may happen if any Process Control functions are used within a web server environment.
  2. This extension is not available on Windows platforms.

 

PROBESEVEN - XrayVision DCV-Stunnel-Orthanc Connection

Welcome!

This document explains the process of working with XrayVision DCV software, Stunnel proxy server and Orthanc DICOM server.

Stunnel

Initially to start with the below applications need to install,

  1. Orthanc
  2. OpenSSL
  3. Stunnel
  4. XrayVision DCV

Orthanc

STEP 1: Open the orthanc ‘Configuration.json’ file.

step1

STEP 2           : You need to change the following options in ‘Configuration.json’ file. The values should be unique When you run multiple instance in same system.

s2

STEP 3: After the completion of the configuration, you are required to ‘Start’ or ‘Restart’ the orthanc services.

STEP 4: Open the browser and enter the HTTP port number with domain name. Now, you would get the login window in the pop up. You are required to enter the login credential which are  username and password that can be obtained in the ‘RegisteredUsers’ options(Configuration.json).

s3

Once you login successfully, you would get the orthanc home page with patient list.

i4

OpenSSL

STEP 5: After orthanc process completion, you need to create top level certificates like CA’s certificate, CA’s private key, CA’s TLS common file (combine both CA’s files), stunnel server certificate and private key using OpenSSL. At First Open the OpenSSL command prompt.

STEP 6: Enter the below code for CA’s private key.

genrsa -out ca_root.key 4096

i5

STEP 7: For CA’s certificate, you need to add X.509 certificate with the CA private key.

req -x509 -new -nodes -key root.key -days 1024 -out ca_root.pem

i6

STEP 8: Use the below code to create private key for Stunnel server.

genrsa -out server.key 4096

i7

STEP 9: Generate a certificate signing request (CSR) for server.key file

 req -new -key server.key -out server.csr

i8

STEP 10: Now you will need to create stunnel server certificate using server CSR certificate, CA’s certificate and CA’s private.

x509 -req -in server.csr -CA ca_root.pem -CAkey ca_root.key -CAcreateserial -out server.crt -days 1023

i9

STEP 11: Finally, you need to combine CA’s certificate and CA’s private for TLS connection from XDCV.

For Windows           :                type ca_root.pem  ca_root.key >                                                                                      ca_root_TLS.pem

For Linux                    :                cat ca_root.pem ca_root.key >                                                                                         ca_root_TLS.pem

i10

We have now successfully created some important files using OpenSSL.

Please use that files based on below instructions,

  1. ca_root.pem                                  – In Stunnel configuration
  2. server.key                                      - In Stunnel configuration
  3. server.crt                                       – In Stunnel configuration
  4. ca_root_TLS.pem                       – In XrayVision DCV configuration

STUNNEL

STEP 12: Here at first you need to create one new folder called ‘certificates’ inside the stunnel directory and add the ca_root.crt, server.key, server.crt into that folder.

i11

STEP 13: Now you need to open the stunnel.conf file. Remove all the default configuration from ‘stunnel.conf’ and update the below code.

You will now have to configure certificates path from ‘certificates’ sub directory , log path and level, TLS, stunnel listens and connect port information.

accept        -         Expecting DICOM request with given port from                                               XrayVision DCV

connect    –         Send the DICOM request to orthanc DICOM server.

cert             -         Server certificate file path

key              –         Server private key file path

CAfile        –         CA certificate file path

; File with certificate, private key and CAfile(certificate) 
;server certificate path 
cert = certificates/server.crt 

;server private key path 
key = certificates/server.key 

;CA certificate path will match with XDCV certificate 
CAfile = certificates/ca_root.pem 

; Log (1= minimal, 5=recommended, 7=all) and log file) 
debug = 7 
output = stunnel.log

; Some performance tuning 
socket = l:TCP_NODELAY=1 
socket = r:TCP_NODELAY=1 
; SSL bug options / NO SSL:v2 (SSLv3 and TLSv1 is enabled) 
options = ALL 
options = NO_SSLv2 
options = NO_SSLv3 
; Data compression algorithm: zlib or rle 
compression = zlib

; Service-level configuration 
; Stunnel listens to port 8888 (HTTPS) to any IP 
; and connects to port 4242 (HFS) on localhost 

[dicom] 
verify = 3 
client = no 
accept = 192.168.1.103:8888 
connect = 192.168.1.103:4242 
TIMEOUTclose = 0

STEP 14: Click the stunnel application icon (see the below image) to run the stunnel services based on new configuration.

i12

XrayVision DCV

STEP 15: At first, you need to open the XrayVision DCV software. Then go to the Adavanced User Tools->Preferences menu option. Now you will get a login window. Please enter the user ID and password to login.

i13

STEP 16: Click on ‘DICOM’ option from left menu, then choose the ‘Configure DICOM Servers’ options.

i14

STEP 17: Now you will get ‘DICOM Servers’ window and click on ‘Add’ button to add new DICOM server informations. You have to configure the XrayVision DCV software using stunnel and orthanc server details. See below given image for configuration.

i15

STEP 18: For TLS configuration, you need to choose the encryption type as TLS and upload the ‘ca_root_TLS.pem’ certificate file.

i16

STEP 19: Click on ‘Verify’ button to check the communication status. You will get a success message If everything was successfully configured.

i17

STEP 20: Now you need to enable the image forwarding options. When you capture the images in XrayVision DCV, it will automatically forward to orthanc DICOM server via stunnel connection.

i18

STEP 21: Finally we successfully completed all the settings. If you add any new images in XrayVision DCV software for patients, it will reflect in orthanc DICOM server.

i19

Hope this document helped providing a walk through with this concept. Thank You!

PROBESEVEN - STUNNEL – An Overview

It is quite understood that the security of the data and the application over the cloud is a reliable SSL which communicates between the clients and the services in the encrypted manner. If I have to share about a reliable tunnel, I would rather talk on STUNNEL which is a “Secure Tunnel between TCP applications.”

An Overview

STUNNEL, the Secure tunnel between TCP applications is an open source program and runs on variety of operating system . It is designed to communicate between the clients and servers over secure encrypted connections like TLS/SSL without any changes in the programs code.

Advantages of Stunnel 

  • This is an easy to use programme which is supported by large community.
  • It enables the secure SSL Connection to an existing non-SSL connection.
  • Proves to be highly reliable by enabling the mutual authentication between the two services.
  • Shows its popularity as it is available on most of the standard operating system.
  • Stunnel has an external session cache for cluster.
  • Supports secure communication in various scenarios like IMAP,POP3, SMTP etc.
  • Supports large deployments of instances.
  • Stunnel runs on both the remote and local mode.
  • In situations of authentication failure redirection options are available.
  • Adds the availability of error logging support.

 Compatible Operating System

A quick view on the compatibility of OS, Stunnel is available for most popular operating systems like

  • Linux
  • Microsoft Windows
  • Solaris
  • Mac OS X
  • IBM AIX
  • OS/2

In order to view on the updated list, you could gain an insight in this link https://www.stunnel.org/ports.html

Stunnel With SSL

At the outset and primarily, we have to install the stunnel on both the client and server. Sometimes it will be on same system. Now we have to create the SSL certificate based on public-key cryptography (X.509 digital certificates) for both client and server. Stunnel uses the OpenSSL library for creating a SSL certificate and ‘.pem’ is the standard format of OpenSSL and other library. Now stunnel service running on client and server system. Both will communicate with secure SSL connections between two SSL-unaware applications.

Non-Stunnel Scenario

Stunnel 1

Stunnel Conversations

Stunnel 2

Sample Execution

cert=/path/stunnel.pem

options = ALL

accept = [IP ADDRESS]:443

connect = 127.0.0.1:22

For this configuration, stunnel listen for connections to accept the packets on port 443. After received packets, stunnel encrypt that with TLS/SSL encryption and forward the encrypted packets to the destination IP address with port (127.0.0.1:22).

Go ahead explore in these Websites: Stunnel – https://www.stunnel.org ; OpenSSL – https://www.openssl.org/