Remote Workers and Cradle – Network Address Translation

Your company is using Cradle, but you’re a remote worker – how do you connect to the Cradle Database Server (CDS)?

With Network Address Translation – the IT administrator, where the CDS is located, can modify their firewall to redirect specific external ports to a local server.

Make a note of the internal IP address of the CDS – we’ll use CDS_IPADDR later in this post to reference this address. (In this test environment it is 192.168.11.168).

Cradle Configuration Changes

As an example of a small Cradle system with 6 users, we can configure the ports file as such.  We’re setting ports for each possible user (6) and an extra – so thats 7 ports in each range. To make it easier setting the firewall rules – so we have less rules to setup, we’ve got all the ports in UDP and TCP specific consecutive blocks, which is different to how we have them in the Cradle Help – https://www.threesl.com/cradle/help/

CDS_UDP_PORT_NUMBER = 23960
TOOL_UDP_PORT_NUMBER = 23961
PRJMAN_UDP_PORT_NUMBER = 23962

CDS_TCP_TOOL_PORT_NUMBER   = 16161
CDS_TCP_PRJMAN_PORT_NUMBER = 16162
UTILITIES_TCP_PORT_NUMBER   = 16163-16169
WBENCH_TCP_PORT_NUMBER      = 16170-16176
PRJMAN_TCP_PORT_NUMBER      = 16177

This ports file needs to be copied to all the clients using this CDS.

Firewall Config Changes

The IT administrator can now edit their firewall rules to redirect the external IP ports to the internal CDS.  As part of these rules they can set it so that only specific remote IP addresses are permitted to access these redirected ports.

I’m using pfSense as the example firewall in this case, and adding separate rules for each Cradle Port.
pfSense Cradle NAT Rules

Through the application of Network Address Translation, the remote worker now uses their locally installed Cradle client installation and talks to the Cradle Database Server, as if it is on the Cradle site’s external IP address – which they need to configure as their CRADLE_CDS_HOST address.

Article Updated

28/06/2021 – Use of port ranges in firewall rules.

Related Articles

Remote Workers and Cradle – how do they communicate?

How do I manage my Linux Cradle server when I have no GUI?

Managing your Cradle server via Command Line

Quite often you may find that the server machine you install the CDS and CWS on may not have a graphic user interface, in this case you can manage your Cradle server via a command line

How to Install a Security Code

The c_config command allows you to update a Cradle Security Code

Format
c_config -i code
Example
c-config -i BWEr-DSWe...

How to Start/Stop/Restart the Cradle Database Servers

The c_start command allows you to start, stop, restart or test the Cradle Database Server (CDS) and/or Cradle Web Server (CWS).

Format
c_start {start | stop | restart | test} {cds | cws | all}
Example
c_start start cds
Variations
Command Result
c_start start start cds + cws
c_start start cds start cds only
c_start start cws start cws only
c_start start all start cds + cws
c_start stop stop cds + cws
c_start stop cds stop cds only
c_start stop cws stop cws only
c_start stop all stop cds + cws
c_start restart restart cds + cws
c_start restart cds restart cds only
c_start restart cws restart cws only
c_start restart all restart cds + cws
c_start test give process numb of cds + cws
c_start test cds only give process numb of cds
c_start test cws only give process numb of cws
c_start test all give process numb of cds + cws

How to Manage Cradle Projects

The c_prj command is used to create, delete, lock and unlock Cradle projects.

Format
c_prj.exe [-create
              -code <projcode>
              -title <project title>
              -path <project location>
              [-pid <project PID>]
              [-schema <schema name>]]
          [-delete
              -code <projcode>
              -password <MANAGER password>
              [-method {all | pdb | reg_only}]]
          [-lock
              -auth <user>,<password>,<projcode>
              [-allow_user <user>]]
          [-unlock
              -auth <user>,<password>,<projcode>]
Examples
c_prj.exe -create -code TEST -title "Test Project" -path /home/apps/temp/projects/test -pid TEST01 -schema empty

Will create a project with a project code of TEST, a title of Test Project in the /home/apps/temp/projects location with a PID of TEST01 using the empty schema.

c_prj.exe -delete -code TEST -password MANAGER PASSWORD -method all

Will delete the TEST project along with the registry entry, database files and directories.

 

Backups – Keep Your Data Safe!

Backups are an essential part of implementing any tool, and particularly Cradle. There are two types of backups that you should consider, each with its own strengths.

What Needs to Be Backed-Up?

A Cradle system can contain many databases. Each database is stored in a single directory. Naturally, you will want to backup all, or at least most, of these database directories.

The project register held in the files proj_reg.* in the root of your Cradle installation:

  • Linux: $CRADLEHOME
  • Windows: %CRADLEHOME%

reference all of your databases. If you lose these files, or if they are damaged, you will not be able to login to any of your databases. If this ever happens, contact 3SL as we can rebuild these files for you!).

All information related to a database is stored in that database’s directory. But there is some information that is specific to each Windows/Linux user. This information includes the users’ preferences, and any Personal scope definitions (queries, views, forms and so on) that they may have created.

The users’ personal information is stored in:

  • Linux: $CRADLEHOME/admin/definitions/personal
  • Windows: %CRADLEHOME%\admin\definitions\personal

You should consider backing these up.

Finally, you may have changed some of the configuration files to configure Cradle for your IT environment. For example:

  • Cradle startup file, cradle.ini, or .cradlerc on Linux
  • CDS and CWS configuration files in the ‘admin’ directory in the Cradle installation on the server: cds_hosts, cds_users, cws_config
  • External Command Interface configuration file, eci_config
  • LDAP and tracing configuration and options files, help in directories called ldap and trace

You may decide that it is easiest to simply backup the entire admin directory and the Cradle startup file in the executables directory.

You should backup all of these files. If you ever need to re-install all of Cradle, then it is easy to use the backup of these files to restore all your configuration work.

Types of Database Backup

There are two types of database backup:

  • Image backups, that simply backup the database’s directory, containing all of the database tables and definition files
  • Export backups, that perform a full Cradle export on the database, exporting every piece of information into Cradle format. All Cradle versions are guaranteed to be backwards-compatible such that any version of Cradle can import an export file produced by the current version of Cradle, and also any earlier version of Cradle.

We recommend that you run both types of backup.

Image Backups

Image backups are a backup of all of the files and directories in a database.

It is easy to backup your databases if all of the databases have a common root directory. For example, you could store your databases in directories such as:

  • /Databases/Active/Test
  • /Databases/Active/Production
  • /Databases/Active/New-Product

In this case, you could also backup /Databases/Active to backup all of the databases at the same time.

You will already backup information on your servers. So it should be easy to add the Cradle database directories to your existing backup system.

If you want to backup databases directly, then we recommend using tar and gzip on Linux (they are also available for Windows) or either WinZIP or 7-zip on Windows. On Linux, you would use commands such as:

cd /Databases/Active
tar cf test.tar ./Test
gzip test.tar

You may find your system can combine these utilities into one command.

Characteristics

The advantage of an image backup is that it is quick.

The disadvantages of an image backup are that it is impossible to restore an individual item or cross reference from the backup. An image backup contains entire database tables. So the smallest thing that you can recover from an image backup is an individual database table, not an item of information (which is a rows in one or several tables).

Export Backups

Cradle includes a utility called c_io that can perform exports and imports of any, some or all of the data in a database.

For example, the following c_io command will export all of the data in the demonstration database DEMO that is part of all Cradle systems:

c_io -login MANAGER,MANAGER,DEMO -export /tmp/export.exp -type all

You can perform incremental exports using options:

  • -from yyyymmdd
  • -to yyyymmdd

You can also use the -log option to produce a log file that summarises everything that has been written into the export file.

Characteristics

The disadvantage of an export backup is that it is slow.

The advantage of an export backup is that you can restore any single item or cross reference or definition file from the export.

Resilience and Data Integrity

Of course, you should ensure that your backups are stored on a different server to the server that runs Cradle. Ideally, you should have off-site backups as well.

For those of you who trust your data to third parties, you can store it on a remote server… there are many so-called ‘cloud’ services available.

If you decide to use a third party, please check their terms and conditions. For example, DropBox claims intellectual property rights over everything that you deposit with them. This is not a good idea for your company’s private data!

Backup Frequency

We recommend that you run:

  • Image backups twice each day. Take the first backup at lunchtime, to capture the work that everyone has done in the morning. Take the second backup in the evening, to capture the work that everyone has done in the afternoon.
  • Export backups once each day. You can run the export backup in the evening when no-one will be working.
  • Image backups of the administration files every day, or every week. They are small and the backup will run very quickly.
Related articles:

Safeguarding Against Unintended Data Loss

How do I fix CDS connection errors?

Diagnosing CDS connection Errors

If you receive a CDS connection error when starting a Cradle tool, the following steps will help you diagnose the most common CDS connection errors and show you how to resolve them. These errors are highlighting a communication problem between the client tool (e.g. WorkBench, Document Loader or Document Publisher) and the Cradle Database Server (CDS). There are four main possible causes ;

Error message saying Could not connect to CDS
Can not connect to CDS error dialog

1 – The CDS is not running.

  1. The CDS is on the same machine as the client, (e.g. Single user products or Cytrix installations) . Run Project Manager to see if the CDS is running or look in the process list (Task Manager on Windows, or ps Process List on Linux)  for  crsvr.exe.
  2. The CDS is running on another machine
    1. In the same TCP/IP subnet (e.g. usual client/server Enterprise installation) . Start Project Manager and look for the CDS.
    2. Another subnet. Login to that machine and look for it in the process list or contact the administrator of that other machine.

Solution – Start the CDS on the machine where it is to run,  by starting Project Manager and starting the CDS. Or at a Linux command prompt

c_start start

If the CDS will not start and is not returning any messages then open a command prompt and perform the following dependant on platform

Windows

Type the following in a command prompt

cd %CRADLEHOME%\bin\exe\windows
crsvr.exe

Linux

Type the following in a command prompt on Linux 32 bit;

cd $CRADLEHOME/bin/exe/linux-ia32/
./crsvr

Type the following in a command prompt on Linux 64 bit;

cd $CRADLEHOME/bin/exe/linux-x86_64/
./crsvr

2 – CDS is running but the Cradle tool is not communicating with it.

Check the CDS is running on a different PC but your Cradle system is set to standalone.

Look for an environment variable called CRADLE_STANDALONE and if it exists either delete it or set its value to false.

Then look in the startup file for the variable STANDALONE and ensure that it is set to false.

3 – The Cradle tool is trying to communicate with the CDS, but its communications do not reach the CDS.

Check that there is evidence that the Cradle tool’s messages are reaching the CDS. To do this, look at the file cds_access.log on the machine running the CDS. There is one multi-line entry in this file for every connection attempt that the CDS receives. If the Cradle tool’s attempt to connect to the CDS reaches the CDS, it will be in this file. Make a note of the last entry in the file, then close it and attempt  to start the Cradle tool. Look at the cds_access.log file again and see if a new entry has appeared at the bottom of it. If not, then the Cradle client’s attempts to connect to the CDS are not being received by the CDS.

If the CDS runs on a machine in another TCP/IP subnet to the PC where the tool is being run, define an environment variable called CRADLE_CDS_HOST whose value is the TCP/IP address or hostname of the machine running the CDS. Run the tool again and look for an entry appearing at the bottom of the cds_access.log file. If the CDS runs on a machine in the same TCP/IP subnet to the PC where the tool is being run, look for the CRADLE_CDS_HOST environment variable and check that its contents are correct. You can delete the variable if this CDS is the only CDS running in the subnet.

Ensure the correct ports are opened on your firewall, the specific ports can be edited from the ports file.

4 – The Cradle tool can communicate with the CDS, but the CDS is ignoring it.

On the machine running the CDS check the cds_hosts file. This file has to either be empty ( all clients are allowed to be connected to the CDS) or it contains a list of IP address / machine names allowed/disallowed to connect to the CDS.

Cradle Database Server – CDS Status to 3SL Support

How do I provide CDS status to 3SL support?

If you need to provide information about your Cradle Database Server CDS status to 3SL support you can generate a report from within WorkBench.

If asked to provide information about your current client or server installation, this can be obtained through the The Cradle 'about' or extra information icon ‘About’ button. The resulting screen gives a lot of information about the running system. Additional information for the current ‘Resources’ being consumed by the client or ‘CDS status’ are produced with the buttons at the bottom of the dialog.

Triggering the cds status report
CDS status report

Cradle the Requirements Management and Systems Engineering tool of choice provides full support* to all our Enterprise customers under their maintenance agreement.

Other support options include a large collection of online resources or search the blog’s hints and tips or faq sections.

To contact support, find your local distributor or contact 3SL UK

*Installation support is provided for all our single user configurations. Out of maintenance support must be discussed with our sales team.

Safeguarding Against Unintended Data Loss

Your project’s data is important and obviously you do not want to lose or damage any of it.

We recommend the following steps to help guard against accidental deletions of, or damage to, your project data:

  1. Turn on the ‘Enable recovery of deleted items’ option in your schema. Doing so ensures that items are only marked ‘recoverable’ when you delete them. So they can be restored if their deletion was a mistake.
  2. Enable change histories for items wherever possible. Doing so ensures that when cross references are deleted. The items at both ends of the link will have entries added to their change histories recording the deletion of the link between them.
  3. Do not grant BASELINE_RW or ACCESS_BYPASS privilege to any user unless it is absolutely necessary. In general, it is preferable to use the user profile MANAGER for operations where these privileges are needed, rather than to give them to a user who can use them at any time.
  4. Avoid using the MANAGER login account whenever possible. This user profile has all privileges and maximum security clearance. Therefore, you can ANYTHING when logged-in with this user profile, including deleting everything in your database!
  5. Create a separate administrative account, perhaps called MGR, ADMIN or ROOT, and give this account all privileges except ACCESS_BYPASS and BASELINE_RW
  6. We recommend not giving the delete privilege to every user

Safeguarding Against Unintended Data Loss

Article updated 05/12/2018 – Added recommendation to not give every user delete priv

Contents of a Cradle database

Each Cradle database contains different sets of information. These can be imagined as layers, where each layer uses the data in the layers below it. For example, cross references cannot exist until the items exist whose relationships are shown by the cross reference. These layers are, highest to lowest:

1. Cross references – the links between the data
2. Items – the data
3. Definitions – how to find, view and report the data
4. User profiles – who can own and access the data
5. Schema – the structure of the data
Cradle database layers
You can export/import each layer individually, or in any combination, or all layers. You should only import a layer of information if the lower layers already exist in the database (unless you know that it is safe).

To initialise a new database from an existing database, you need as a minimum:

– The schema
– Definitions

User profiles are needed to use a database and may be needed for some parts of the schema (such as workflows and alerts) and definitions (user and personal scopes).