Checkpoint® - User Guide

Platform-specifics: Windows

Author: Will Dickson, CCS
Version: 1.1.0
Date: 16 July 2007
<<Front Page <Service Applications Platform-specifics: Windows Platform-specifics: Linux (x86) >

Service applications on Windows

The Windows NT family (NT4, Windows 2000, Windows XP et seq). does, in fact, have a rather sophisticated security architecture - in fact, it's arguably more sophisticated than that of unix.

Unfortunately, it's complicated to work with, and little understood by most of the Windows user base. Furthermore, Windows applications cannot rely on it: even where it isn't commercially necessary to maintain compatibility with the Windows 9x line (which are essentially single-user and don't support most of the NT security architecture) the applications may be using FAT-based filesystems, which don't support file-level access control. Therefore the Windows security architecture is little used. [Exception: high-end "enterprise" applications, which can specify their required specs much more tightly than consumer-level software, and which can stipulate well-trained operators.]

The Windows NT family has a concept of "Windows services" which is compatible with Checkpoint's notion of service applications. It is thought to be possible to encapsulate Java applications (such as the Checkpoint Daemon, and Checkpoint service applications) such that they can run as Windows services.

We don't recommend running Windows on publicly-accessible servers, and we don't currently support running Checkpoint service applications as Windows services. However, we are not aware of any reasons why this shouldn't work if you want to try it.

Killing service applications

If possible, you should shut down a service application using the special mechanisms provided; these ensure a clean shutdown.

If these fail, fall back to using the techniques for killing generic applications.

Killing generic applications

In a Windows environment, most applications will have some sort of GUI; even browser-fronted applications can be configured to have a small "front panel" GUI. This can be used to shut down the application. This method is greatly to be preferred since it allows the application to shut down cleanly.

However, it can happen that an application gets "wedged" and cannot shut itself down cleanly. If this happens, you have no choice but to cut it off at the knees instead, and hope it doesn't do too much damage. (Depending on the application, you should get away with this. Usually!) To do this, open the Windows Task Manager and identify the process (executable) in question. End the process from there.

The only exception to these are Java Tasks launched from CPCC, which for whatever reason haven't launched properly; these occur as java.exe instances in the Task Manager, which isn't very informative. To get rid of these, shut down all visible applications (to make sure you're not zapping some innocent, and possibly busy, bystander) and then end the process as before.

The Checkpoint Daemon is a service application. Don't kill it until you have shut down all (other) Checkpoint applications; this ensures that it's not in use and can therefore be killed safely.

To shut down the Checkpoint Daemon, use pasistop -daemon.

 
<<Front Page <Service Applications Platform-specifics: Windows Platform-specifics: Linux (x86) >
Authored in CXD using Checkpoint Information Engineering Workbench   Copyright © Caversham Computer Services Ltd.