Global Site
Displaying present location in the site.
July 12th, 2023
Machine translation is used partially for this article. See the Japanese version for the original article.
Introduction
We have released EXPRESSCLUSTER X 5.1, the latest version of EXPRESSCLUSTER X, on April 27th, 2023.
In EXPRESSCLUSTER X 5.1, we have enhanced many functions such as expanded functionality for the cloud, making it easier to build and operate, security enhancements, and support for new OS and platforms. For other enhancements of EXPRESSCLUSTER X 5.1, please refer to 
EXPRESSCLUSTER X 5.1 New Enhancement document.
One of the security enhancements in EXPRESSCLUSTER X 5.1 is support for SMTPS and STARTTLS in the mail report function (Alert Service) of EXPRESSCLUSTER. As a result, by using an email delivery service that supports SMTPS/STARTTLS, it is now possible to send mails more safely even in a cloud environment, etc. In addition, since OpenSSL 1.1.1 will be end of support in September 2023, EXPRESSCLUSTER X 5.1 is also supporting OpenSSL 3.0, the successor version.
In this article, we tried email reporting using STARTTLS, and will introduce it with a setting example using OpenSSL 3.0.
Contents
1. What is EXPRESSCLUSTER X Alert Service?
EXPRESSCLUSTER X Alert Service (hereinafter called "Alert Service") is a (paid) optional product of EXPRESSCLUSTER X that provides mail report and warning light report functions.
[Reference]
Documentation - Product Introduction(Presentation)
Documentation - Product Introduction(Presentation)- EXPRESSCLUSTER X Product Introduction for Windows/Linux
- -> 3. Other Functions / Features
- -> EXPRESSCLUSTER X Alert Function
Important events such as server stop processing and monitoring errors that occur on the server where EXPRESSCLUSTER X is installed, can be reported by email. By registering the email address of a mobile device as a report recipient, it is possible to receive reports by email from a remote location. When using this service, it is necessary to set the mail server information, the mail address of the report destination, and the SMTP authentication of the mail server as necessary.
For the list of messages sent by mail report function, please refer to the reference guide below.
Messages marked with a "o" mark in the [Mail Report] column are the messages that are reported by default by the Alert Service's mail report function, and it is possible to change the message to be reported as necessary.
[Reference]
Documentation - Manuals
Documentation - Manuals- EXPRESSCLUSTER X 5.1 > EXPRESSCLUSTER X 5.1 for Windows > Reference Guide
- -> 11 Error messages
- -> 11.3 Messages reported by event log and alert
- EXPRESSCLUSTER X 5.1 > EXPRESSCLUSTER X 5.1 for Linux > Reference Guide
- -> 11 Error messages
- -> 11.2 Messages reported by syslog, alert, mail, SNMP trap, and Message Topic
2. Points When Using SMTPS/STARTTLS
This time, as one of the security enhancements, the Alert Service now supports SMTPS and STARTTLS, enabling mail report with SSL(TLS) encrypted communications. In general, cloud-based mail services require the use of SSL(TLS), this new support enables the use of cloud-based mail services on EXPRESSCLUSTER X.
SMTPS/STARTTLS is a combination of SMTP, which is a protocol used for sending mails, and SSL(TLS), which encrypts the contents of communication.
Both SMTPS and STARTTLS can send mails securely by encrypting the communication, but while SMTPS uses SSL(TLS) encryption from the beginning, STARTTLS switches to SSL(TLS) communication after checking whether the destination supports STARTTLS. Therefore, in order to send encrypted mail using STARTTLS, it is necessary to note that the communication destination must also support STARTTLS. In EXPRESSCLUSTER, when using STARTTLS, if the communication destination does not support STARTTLS, an error will occur and mail cannot be sent.
3. Building an Environment for Using Mail Report Function
In this article, we used the Email Delivery service of Oracle Cloud Infrastructure (hereinafter called "OCI"), which requires TLS support, to try the email report function using STARTTLS.
[Reference]
Overview of the Email Delivery Service
Overview of the Email Delivery Service OCI's Email Delivery service is a service that makes it easy to send mails in bulk to recipients.
The use of TLS is necessary in order to set up SMTP authentication and send emails using OCI's Email Delivery service.
By using STARTTLS for mail report, you can encrypt the communication between EXPRESSCLUSTER and OCI's Email Delivery service and send mails safely.
3.1 Advance Preparation for Sending Mail
In order to send mail using OCI's Email Delivery service, configure settings such as "Creating SMTP Credentials" and "Creating an Approved Sender" in advance.
The following is a Japanese page, but a tutorial is available on how to send mail using the Email Delivery service on OCI.
- * Please use the translation function as appropriate and refer to it.
[Reference]
Email Deliveryを利用した外部へのメール送信(基礎編)
Email Deliveryを利用した外部へのメール送信(基礎編) Also, in this article, we will build an HA cluster using a load balancer in the Ashburn region. Please refer to the guide following for details.
[Reference]
Documentation - Setup Guides
Documentation - Setup Guides- Windows > Cloud > Oracle Cloud Infrastructure > EXPRESSCLUSTER X 5.1 HA Cluster Configuration Guide for Oracle Cloud Infrastructure (Windows)
- -> 4 Mirror Disk Type Cluster Creation Procedure
- Linux > Cloud > Oracle Cloud Infrastructure > EXPRESSCLUSTER X 5.1 HA Cluster Configuration Guide for Oracle Cloud Infrastructure (Linux)
- -> 4 Mirror Disk Type Cluster Creation Procedure
3.2 Installing OpenSSL
To enable SSL(TLS) in Alert Service, OpenSSL is required, so install OpenSSL on all servers for the HA cluster. In Linux environment, OpenSSL provided by the distribution can be used, but since OpenSSL 1.x is installed on some OS versions, so if you want to use OpenSSL 3.x must be installed separately. In Windows environment, OpenSSL must be downloaded and installed separately.
This time, we will introduce the Windows environment as an example. Download and use the latest version "Win64 OpenSSL v3.0.9 Light" of OpenSSL 3.0, which is the LTS version, published on the following reference site. Although there are differences in the library path to be set in the Cluster WebUI between OpenSSL 1.x and OpenSSL 3.x, the setting procedure is basically the same. When running the Win64 OpenSSL installer, the installation destination is "C:\Program Files\OpenSSL-Win64" with the default setting.
In addition, select "/bin" to store the OpenSSL DLL under the installation destination.
[Reference]
Win32/Win64 OpenSSL Installer for Windows
Win32/Win64 OpenSSL Installer for Windows
- * Please refer to the guide following for the supporting OpenSSL version.
[Reference]
Documentation - Manuals
Documentation - Manuals- EXPRESSCLUSTER X 5.1 > EXPRESSCLUSTER X 5.1 for Windows > Getting Started Guide
- -> 4 Installation requirements for EXPRESSCLUSTER
- -> 4.2 System requirements for the EXPRESSCLUSTER Server
- -> 4.2.20 Operation environment for enabling encryption in mail reporting function
- EXPRESSCLUSTER X 5.1 > EXPRESSCLUSTER X 5.1 for Linux > Getting Started Guide
- -> 4 Installation requirements for EXPRESSCLUSTER
- -> 4.2 Software
- -> 4.2.18 Operation environment for enabling encryption in mail reporting function
3.3 EXPRESSCLUSTER Settings
Configure the settings for using the mail report function with Alert Service.
Start the Cluster WebUI and select the "Alert Service" tab in the "Cluster properties" from "Config mode". Enter the "E-mail Address" and "Subject" of the report destination, and configure the SMTP settings from "SMTP Settings". The screens below are for the Windows version, but you can also configure the settings from the same location for the Linux version.
On the "SMTP Settings" screen, set the "Mail Charset", and click the "Add" button.
Set each item on the "Enter the SMTP Server" screen.
- SMTP Server:
Configure an "SMTP Connection Endpoint".
From the OCI Console, click "Developer Services" > "Email Delivery" > "Configuration" and set the "Public Endpoint" shown in the "SMTP Sending Information". - Sender Address:
Set the "Approved Sender" created in "3.1 Advance Preparation for Sending Mail". - User Name and Password:
Set the user name (user's OCID) and password for SMTP transmission that will be displayed when executing "Creating SMTP Credentials" in "3.1 Advance Preparation for Sending Mail".
The "SMTP Connection Endpoint" can also be confirmed from the following.
[Reference]
Configuring SMTP Connection
Configuring SMTP Connection Next, select the "Encryption" tab in "Cluster properties" and set the path of the SSL library, etc.
- ・SSL Library: C:\Program Files\OpenSSL-Win64\libssl-3-x64.dll
- ・Crypto Library: C:\Program Files\OpenSSL-Win64\libcrypto-3-x64.dll
After completing the settings, execute "Apply the Configuration File" on the Cluster WebUI to apply the settings to the HA cluster.
4. Checking the Operation
Stop the application on the active server to cause a failure, and send an mail report from the Alert Service. It is successful if the following message arrives at the mail address set as the report destination.
Conclusion
This time, we introduced the SMTPS/STARTTLS support of the mail report function(Alert Service) and the support for OpenSSL 3.0, which are security enhancement points of EXPRESSCLUSTER X 5.1. On cloud environments, etc., it is now possible to send mails more safely by using an email delivery services that supports SMTPS/STARTTLS.
If you consider introducing the configuration described in this article, you can perform a validation with the trial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.