I'm in need of some guidance on managing vijava ServiceInstance connection. I'm creating a GUI application which allows the end user to manage, create and modify VMs from vCenter. So, when the application first launches, the user enters IP address of vCenter server, username and password. I create a ServiceInstance object to create the connection. Once the connection is establish, I leave it open for the user to perform tasks until the application is closed where terminate the session by login out.
My questions is, should I establish a connection every time the user needs to perform a task that requires a connection to vCenter and then log out once the task is complete? Or just establish one connection and use that same connection to perform tasks and terminate the session when the application closes?
Establishing new connection will influence the performance. On the other hand if you will have one connection and it will stay open, you may have security issues in case password of vCenter has changed and your connection will remain open.
I think that the best solution is to use one connection, but manage the timeout of the connection. And then close it when you have timeout and reopen it.
Related
I have google'ed a lot on this question but haven't found an answer. I have a Guacamole server that connects to a local VNC session and I would like for it to disconnect the user session if it detects no activity for an hour.
What I've tried and attempted
used xprintidle to show idle time of the user, this works so will be put in a script that might be used later to terminate an idle session.
I have looked at Guacamole's api-session-timeout and set it for a minute, I had hoped it would not reconnect to the same session once the VNC server stops abruptly. It seems this did not work.
I have tried to use guacamole's user-mappings.xml to specify the parameter "autoretry" and set that to "1". Restarted and this did not work, I'm thinking its not used this way.
I have went to the guacamole postgres database and manually inserted the entry for autoretry into the parameter table. Restarted, but this did not work.
I have went to the VNC side (I use TurboVNC) and looked at the flag -idletimeout and configuration option max-idle-timeout. This terminates the TurboVNC service when there are no active connections. It is not what I am after, I'm trying to only disconnect the session when the user is idle.
I figured that the VNC side would not work because even if the VNC session is terminated Guacamole would keep on retying forever to reconnect to that session.
From some posts on the Guacamole mailing list it seems that disabling auto reconnect is not possible without a recompile from source.
Is there a way to disconnect an active session after an idle timeout period? or maybe a way to stop Guacamole from reconnecting?
Assume that I connected to the broker with "clean session=false" and started receiving events, in case of disconnection ideally my application will still receive data on connection. But if the application is crashed I want to have a fresh start and clear my session.
Can I clear my session on the MQTT broker and have a fresh start?
From the documentation I concluded that if I wanted to do that I would need to do the following:
application start
connect using "clean session=true" // this will cause any current session to be removed along with its data
every thing related to the session is purged from server
disconnect
connect using "clean session=false" and start getting the data.
I got the idea from
http://www.hivemq.com/blog/mqtt-essentials-part-3-client-broker-connection-establishment
"If clean session is set to true, the broker won’t store anything for
the client and will also purge all information from a previous
persistent session."
Is this the correct way to clear a previous session?
Yes, that is the only way to clear a session for a client.
I have an app that displays a warning to the user when they attempt to contact a server with a self-signed or otherwise untrusted SSL certificate. If they choose to proceed, we use connection:didReceiveAuthenticationChallenge to continue with the HTTPS request by creating a credential for the server trust. This is the common way that connections are made to untrusted servers on iOS.
What I'm wondering if there's a way to only create this server trust for a particular connection, or if it's possible to rescind the trust at a later time. What we've found is that the server trust lasts for as long as the app is running. We'd like to be able to prompt the user again at a later time to make sure they still want to proceed. Is this possible? Is there a way for the trust to only "last" for one connection, or to find the trust and somehow remove it so that we go through the process again for that same server?
Are you not releasing the connection after the data is received. If you are releasing it it should ask every time. Make sure the cache property for you connection is not enabled
Before I even start researching WFP I need to know one thing:
Can I detect an outbound TCP connection attempt, pause it until the user clicks Allow/Block, and then accordingly allow it to succeed or block it?
Other WFP based software such as Windows 7 Firewall Control always blocks the first connection attempt. Clicking Allow only applies to subsequent connection attempts. The first attempt always fails and the blocked application assumes there is no internet and I have to restart the application.
Is it possible to pause until Allow/Block is clicked in WFP or is my only option to write a kernel-mode driver?
I have a typical GKSessionModeServer/GKSessionModeClient setup.
When the server denies a client connection attempt with denyConnectionFromPeer:, the client's session:connectionWithPeerFailed: method is called, but then it receives a GKPeerStateConnected state change with my server's peerID. In other words the client thinks the connection succeeded while the server does not.
This seems to be at odds with common sense and the documentation for connectToPeer:withTimeout:, which says
If the connection to the remote peer is successful, the delegate’ session:peer:didChangeState: method is called for each peer it successfully connected to. If the connection fails or your application cancels the connection attempt, the session calls the delegate’s session:connectionWithPeerFailed:withError: method.
I know this doesn't say that the state change callback won't be called in the case of a connection failure, but the net result from the client's point of view is that a failed connection appears to result in a successful connection.
Clutching at straws I tried calling cancelConnectToPeer from the connectionWithPeerFailed callback, without result.
The client could work around this by ignoring the next GKPeerStateConnected, but this is kludgey and complicates reconnecting when the server starts accepting connections again.
So why can't the client session understand that it's over?
I have designed the same kind of application myself (GKSessionModeServer/GKSessionModeClient).
When you refuse the connection to a peer, it will trigger the session:peer:didChangeState: delegate, with the GKPeerConnectionState argument set to GKPeerStateDisconnected.
You just need to handle this properly in your code - I've never had any issue with that part whatsoever.