Configuring your Microsoft Proxy Server 2.0 to work with AWS Software

AWS has an installed network of over 2700 weather stations across the US and across the world. Many of these units are connected to the Internet, allowing high speed, real-time transmission of the observed weather conditions. In order for your school’s weather data to be accessible on the web and to other Internet schools, the computer connected to the weather station must run a "weather server" program. This program constantly grabs data from the Master Control Unit, or data logger, and stores it on your hard drive. When the server program receives an external request for the current weather information, it sends a small reply packet of about 100 characters. Data packets are sent and received using the TCP/IP protocol. Requests originate from the listening port (usually 95, but any port can be assigned).

The security concerns surrounding this application are minimal. We understand and appreciate that there is an increasing trend is towards tighter and tighter network security. AWS has been working with network administrators to work around conventional firewalls for several years. The usual solution is to open port 95 outbound and inbound. Network administrators could enable packet filtering to reject packets not originating from AWS or the local TV Station.

The following instructions are intended to serve as an example of how to configure a proxy server to work with our product. The methods described below have been successfully tested by AWS technicians. The example uses a Microsoft Proxy Server, but the same principles can be applied to any proxy server and even certain types of firewalls on both Windows NT and UNIX networks.

BASICS: Open TCP Port 95 Outbound for the workstations using AirWatch/MacMet.

In order for the users of AWS software to get data from remote sites over the Internet, TCP/IP must be installed and Port 95 must be accessible outbound. To do this in Microsoft Proxy Server, you need to have the WinSock Proxy service installed and running, as shown in the next screen shot. You also need to make sure you have installed the WinSock Proxy client software on all the machines that will run AWS software (consult the documentation on your Microsoft Proxy Server CD-ROM for more information).

You can use the Microsoft Internet Service Manager to configure your Proxy Server’s WinSock client once you have it installed. Double click on the computer name next to WinSock Proxy and go to the Protocols tab.

The WinSock client allows you to configure your network so that users on your LAN can use applications such as RealAudio, ICQ or AOL Instant Messenger. By opening the appropriate ports, you can make these non-HTTP applications work behind the proxy. This is done by creating a protocol definition for the application.

The screen shots below show how to configure a protocol definition for AWS’s client software (called AirWatch or MacMet).

You need to create this definition to allow teachers and students in your school to access weather data at other schools real-time via the Internet. Our software does not work unless TCP/IP packets can be exchanged with remote sites.

Don’t forget to give the proper users access to your new definition. This is done under the Permissions tab in the WinSock Proxy Services window (the previous screen shot). Depending on how your network is setup, you could limit the ability to contact remote sites to teachers.

The Weather Server program must run on the computer physically attached to the weather station. In most cases, this will be a computer behind the proxy server assigned an internal IP address (ex. 10.10.45.3). You will need to setup your Proxy Server to listen for weather data requests on behalf of the internal computer. One program that has been used successfully by several schools and AWS is called Surrogate Socket, a product of Educational Technology, L.L.C. Though not tested by AWS, one of our existing customers has submitted an alternate, free method of configuring for inbound communications.

Surrogate Socket Website: http://www.edu-tec.com/surrogatesocket/

A 30 day evaluation version can be downloaded from: http://www.edu-tec.com/files/surrogatesocket.exe

Surrogate Socket is very easy to configure. It runs as a Windows NT Service on the machine running MS Proxy Server. A screen shot of the main configuration window is shown below:

In the example above, the proxy server is located at 198.6.6.15. The proxy is listening on port 95 for weather data requests. If one is received, it is passed along to the computer on the LAN running weather server at 172.22.66.40 on its port 95. The last column allows you to filter which IP’s requests will be accepted from. You could use this feature to limit accepted incoming requests to AWS and TV Station computers. Since you also have the option to choose your listening port on the proxy, you could select a very high address to tighten security even more.

On the client machine (the one running Weather Server) create a file called wspcfg.ini in your gwxserv directory: Type in the following content:

On the Proxy Server, you will need to enable Packet Filtering, and set it to dynamic. On your WinSock client, add a Protocol Definition to allow for both Inbound and Outbound transfers on Port 95.

By default, Weather Server listens on Port 95. If you choose a custom listening port on the internal machine, you must change the port under Setup | Weather Server, or edit the c:\windows\awspcmet.ini in the [Server] section at InternetPort=xx.

If you would like to test your connection, you need to telnet into your proxy server on port 95 (or your custom port) from outside your network. You might use your home ISP account or a local university UNIX account to do this. After connecting, strike enter a few times and see if you can get the word ERROR to appear. If you can do this, then there you can confirm that server is listening on Port 95 and that you have routed yourself to the appropriate internal computer