vtxnetd and vtxnet2 programs

WTSupported in traditional Synergy on Windows
WNSupported in Synergy .NET on Windows
USupported on UNIX
VSupported on OpenVMS

Vtxnetd and vtxnet2 are service programs that implement SQL OpenNet. Vtxnet2 is available only on Windows. See Understanding SQL OpenNet on Windows for information on the differences between these programs.

Note the following operating system-specific information:

If the SQL OpenNet service fails to start, an error will be written to the tcm_pid.log file if you are using vtxnetd/vtxnet2 logging. There will be no other indication that the service failed to start, except that SQL OpenNet connections will fail.

vtxnetd [option] [...]

or

vtxnet2 [option] [...]

-a[L]

Use the operating system to validate the username and password in connect strings. On Windows, you can use -a with the L option (that is, -aL; L must be capitalized) to log authorization errors to the Windows Event Viewer. See Starting the service manager with a password (-a[L]) below.

-e crt key [p]

Use SSL data packet encryption. Crt is the name and location of the SSL certificate file, key is the name and location of the key file, and p (optional) specifies supported protocols (TLS levels). See Encrypting data packets (-e) below.

-ffilename

Use the specified file to check inbound service requests or preload DLLs. See Rejecting unspecified service requests or preloading DLLs (-f) below. (Windows, UNIX only)

-h

Display a list of options.

-kn

Encrypt usernames and passwords in connect strings; n specifies the key for the encryption algorithm. See Encrypting usernames and passwords (-k) below.

log

Output a connection log. See Using a log file (log, log2) below.

log2

Output a connection log that does not include vtxping events. See Using a log file (log, log2) below.

-pnnnn

Listen for requests on port nnnn. See Specifying a port number (-p) below.

-sn

Specify thread stack size for vtxnetd in kilobytes. See Specifying the amount of memory used by vtxnetd on Windows (-s) below. (Windows only)

-v6

Specify that the port allows IPv6 connections. Default is IPv4. If the OS supports IPv4 and IPv6 connections on the same port, specifying -v6 means both IPv4 and IPv6 are supported. If the OS does not support IPv4 and IPv6 on the same port, specifying -v6 results in only IPv6 support. (Currently, only Solaris and HP-UX do not offer this support.) (Windows, UNIX only)

-wn

Terminate existing connections when vtxnetd is shut down. There is a delay of up to n seconds after the shut down is requested for underlying operations to complete. The default is 10 seconds. See Shutting down vtxnetd on Windows (-w) below. (Windows only)

Starting the service manager with a password (-a[L])

By default, no system-level remote user authentication occurs. This behavior can be overridden with the -a option. When -a is used, the username and password for the host must be passed in the connect string from the client machine (in addition to any database username and password). The host username and password could be an account on the server machine or (on Windows) on a domain controller.

The service manager validates the username and password using operating system security validation. Assuming the username and password are valid, the service manager creates a new process or thread for the connection using the persona of the username that was passed to it. Note the following operating system restrictions for using the -a option:

On Windows, by including “L” with the -a option (that is, -aL), you can log authorization errors in the Windows application event log, which can be viewed with the Windows Event Viewer. If the authentication fails, this log will contain information that may be helpful in troubleshooting.

See Building connect strings and Setting up access with DSNs for more details on connection strings and specifying the optional username and password.

Encrypting data packets (-e)

By default, no data packet encryption (SSL encryption) occurs for SQL OpenNet. To enable SSL encryption for SQL OpenNet, use the -e option:

-e crt key [p]

This option invokes SSL encryption functionality supplied by a third-party library, OpenSSL. Crt specifies the name and location of the SSL certificate file, and key specifies the name and location of the key file. These can include a full path or logical.

The optional p argument enables you to specify which TLS levels are allowed for SQL OpenNet connections. TLS level 1.1 and 1.2 are supported. By default, both levels are allowed for SQL OpenNet. Current security best practices require TLS 1.2.

vtxnetd -e c:\ssl\crt.txt c:\ssl\key.txt 1.1,1.2 

See Using data packet encryption for SQL OpenNet for information on installing and setting up SSL for SQL OpenNet.

For information on default SSL client settings for SQL OpenNet, see Setting SQL OpenNet client options in net.ini. For information on setting connection-specific client settings for SSL encryption, see %SSC_CMD (for SQL Connection) and Setting up access with DSNs (for xfODBC).

Rejecting unspecified service requests or preloading DLLs (-f)

Important

The -f option is included on the command line for vtxnetd in the distributed opennet.srv file on Windows. Do not add, change, or remove this command line option or the distributed synpreload.config file it references.

The -f option is supported on Windows and UNIX and is automatically used for vtxnetd on Windows. Its function depends on the platform and program (vtxnetd or vtxnet2) in use. The -f option takes a text file (filename) as a parameter. If filename does not include a path, vtxnetd or vtxnet2 attempts to find the specified file in the lib directory in the location specified by VORTEX_HOME. Lines in the specified text file that begin with the pound sign (#) are comments.

With vtxnetd on UNIX and vtxnet2 on Windows, the -f option instructs the SQL OpenNet service to reject requests for services that aren’t listed in the specified text file. This protects the SQL OpenNet service from being used to run harmful processes. If the text file includes a database driver specification exactly as it appears in connect strings (including any path information), requests for that database driver service will be accepted. All others will be ignored. For example, if the file includes only the following line:

/usr2/synergyde/connect/VTX0

only a connection request with exactly the following in the connect string will be accepted:

!/usr2/synergyde/connect/VTX0

The database driver specification can appear by itself on a line of this file, or it can be prefixed with “service:”. For example:

service:/usr2/synergyde/connect/VTX0

With vtxnetd on Windows, the -f option instructs the SQL OpenNet service to preload specified DLLs to prevent memory leaks in third-party software. It is automatically set to the following:

-fsynpreload.config

The distributed opennet.srv and opennet_base.srv files on Windows include this setting (which preloads DLLs specified in the synpreload.config file in the /synergyde/connect directory). If opennet.srv does not have this setting, sqld automatically adds it when it spawns vtxnetd on Windows.

As distributed, the synpreload.config file specifies all DLLs that should be preloaded, so do not make changes to this file. DLLs specified in this file must be prefixed with “preload:” (without the quotation marks). For example:

preload:VTX12_SQLNATIVE

Encrypting usernames and passwords (-k)

By default, the -k option is included on the command line in the start-up file. This option encrypts both the database username and password and the host username and password being sent across the wire.

The key n can be any number between 1 and 2,147,483,647. It must be set to the same value on both the server and the client or you will get the error “Invalid connect syntax (uid/pwd/datasource).” On the client, set it in the net.ini file in the connect\synodbc\lib directory. See Setting connect string defaults and encryption in net.ini.

Important

We strongly recommend that you change the n value because the default setting is common knowledge and is not secure.

Using a log file (log, log2)

Use the log option to produce a log file that contains error information and connection requests, including vtxping events, such as occur when sqld polls vtxnetd/vtxnet2.

Use the log2 option to produce a log file that contains error information and connection requests, without the vtxping events. Using log2 produces a smaller log file.

Note

The log or log2 option must be the last option on the vtxnetd or vtxnet2 command line. Otherwise the log file will not be generated.

The log file will be located in the directory that the service manager was started in and is named tcm_pid.log, where pid is the current process ID.

Note

The log file will be truncated to the last 10 MB once it reaches 20 MB.

Be sure to manage log files. Turn off logging when it is no longer needed, and clean up unneeded log files.

Other types of logging are available; see SQL Connection troubleshooting and error logging. For information on xfODBC logging, see Error logging for xfODBC.

Specifying a port number (-p)

Use the -p option to specify the port that SQL OpenNet will use on the server. On OpenVMS, the port number must be specified using -p (in the NET.COM file), unless you want SQL OpenNet to use port 1958 (the default). On Windows and UNIX, you can specify a default port in the services file, but this it is not recommended; a port number setting in the services file is used only when -p is not used. (See Specifying the port number and Configuring SQL OpenNet for SQL Connection.)

Important

Make sure the port you specify for SQL OpenNet isn't used by another program on the system.

Make sure the port number that clients use for SQL OpenNet matches the port number used by vtxnetd/vtxnet2. For SQL Connection, see Configuring SQL Connection (client) (Windows); SQL Connection: configuring client or stand-alone access (UNIX); or SQL Connection: configuring and testing client or stand-alone access (OpenVMS). For xfODBC, see Setting up access with DSNs.

Specifying the amount of memory used by vtxnetd on Windows (-s)

By default, vtxnetd uses 512K of memory on Windows. You can change this with the -s option, which determines how much memory vtxnetd will use by limiting the thread stack size allocated to it. Reducing the amount of memory used may enable vtxnetd to support more concurrent users.

For example, to reduce the amount of memory used by vtxnetd to 256K, you would use the following:

vtxnetd -s256
Important

Database drivers have minimum requirements for thread stack size. If you set the thread stack size to a value that is less than the minimum required by your database driver, vtxnetd will likely fail or generate random errors.

Shutting down vtxnetd on Windows (-w)

By default, the -w option is included on the command line in the opennet.srv file. When -w is specified, shutting down SQL OpenNet will disable new connections and terminate existing ones, resulting in a “Network connection lost” (10054) error on the client. There is a delay of up to n seconds before existing connections are terminated, allowing underlying operations to complete. The default is 10 seconds, but you can change this value by editing the -w option on the vtxnetd command line in opennet.srv. If you set it to 0 (zero), all connections will be terminated immediately.

If -w is not specified, new connections are disabled, but existing connections are not terminated, and vtxnetd does not completely shut down until all child processes have terminated. Only the third-party applications that are connected to the Synergy data can stop existing processes in this case.

See Stopping and removing SQL OpenNet for details on the various ways to stop the service.

Note

The -w option was introduced in version 10.3 and is included on the vtxnetd command line in the opennet.srv and opennet_base.srv files for 10.3 and higher. The opennet.srv file is not overwritten on an upgrade, however, so if you are upgrading from a previous version and want client connections to be terminated when vtxnetd is shut down, you will need to edit opennet.srv to add -wn to the command line. For example,

vtxnetd.exe -k67834 -p1958 -s512 -w10 log2

Running multiple SQL OpenNet servers

You can run multiple SQL OpenNet servers by specifying multiple start-up lines, with a different port number for each server. For example:

vtxnetd.exe -p1960
nohup vtxnetd -p1960 &
$ VTXNETD -p1960