WMO Guide on Internet Practice

The Commission for Basic Systems (CBS) agreed at its extraordinary session (Karlsruhe, Germany, 1998) that a Guide on Internet Practices should be developed to provide guidance for NMHSs to use in developing and implementing Internet services in support of their mission to provide information to the public and to promote the NMHSs. The Commission suggested the guide should include advice on what data to put on servers, how the data should be named or described, how it should be accessed, and how the server and the data it contained could be protected from unauthorised use.

Accordingly, the first version of this document was finalized in May 2000. CBS, at its twelfth session Geneva, November 2000) agreed that the Guide should be published in HTML format on the Internet, and that regular updates should be done. This current version has been updated in October 2003.

The Internet, a public telecommunications service, was established as a cooperative effort providing worldwide networking services among educational institutions, government agencies and various commercial and non-profit organizations. High-speed networking technologies and developments have made the Internet desirable for information dissemination and communications. The Internet also includes functions such as those for electronic mail (e-mail), file delivery using (FTP), World Wide Web (Web) and newsgroups.

Global access to and the use of the Internet have grown exponentially. The dramatic increase in use of these communication capabilities makes it necessary to establish guidance regarding the proper and efficient use of the Internet.

The Internet is considered to be a public fundamental communications tool that may be used to support the mission of NMHSs by expanding information dissemination methods and connectivity through current supporting technologies. This guide is meant to outline the incorporative use of the Internet to enhance services provided by NMHSs. The Internet can provide added communication capability for the exchange of data and products among NMHSs. It can be used for disseminating meteorological, hydrological, and environmental products and services to anyone with Internet access. This document is directed at NMHS information services accessible to the Internet and servers as sources of information and not on the mechanics of the entire Internet itself.

The information contained in this guide is relevant to the exchange or dissemination of data, products and information for all WMO and related international programmes, including oceanography. Due to the subject matter, this document uses many technical terms. This can not be avoidable and an attempt to define the terms has been made to make it as readable as possible. However, the guide is not intended to serve as a technical reference manual on the Internet. Rather, it is intended to provide the basic background information needed by directors/decision makers in their investigation on using the Internet as a communication mechanism. Technical personnel responsible for implementation of Internet services would require more detailed technical information than can be provided in this guide. This additional information can be downloaded from servers on the Internet, purchased from bookstores, or found in technical libraries.

Another WMO document, the Guide on use of the Internet communication protocol called TCP/IP was developed for GTS use. This guide is targeted at a more technical audience with knowledge of networks and provides guidance needed to actually implement operational data exchange on networks using TCP/IP protocols on the dedicated GTS network. Although the Internet and dedicated GTS network protocols are the same, the Internet implementation is based on rules of the open public use of the TCP/IP protocol stack and routers and their configurations.

Computers that have access to the Internet provide a connectivity between distantly separated resources. This permits everyone, anywhere, to exchange, retrieve, and to view information among connected computer services. Each NMHS has the experience and background to know what types of information should be made available from their NMHS. Therefore, they should focus on determining the audience that they want to reach through the establishment of appropriate information content on the NMHS server services connected to the Internet using Content developers .

National - If the NMHS Web site is expected to have a strictly national focus, it should provide information and services suitable for a national audience. A subject of concern would be the geographical area and the ability of its national users to gain access to the Internet to be able to reach the server site. The local connection speed to the Internet that is supported by the local telecommunication provider and Internet Service Providers (ISPs) will determine the content subject matter and the style and format for the NMHS's information that is made available for the audience. The NMHS should consider the common access speeds supported by local ISPs to the client audience. There can be a wide range of connectivity speed depending on whether the target audience is the general public or a specific user community that uses higher connection speeds and computer technology not available to the general public. These issues will directly impact download time for both HyperText Transfer Protocol (HTTP) and File Transfer Protocol (FTP) services. These protocols are the basic protocols used by computer software firms in their software products today and ISP service speeds could limit the size of files and/or graphics the NMHS might like to include on its server. As the local Internet services spread and grow in capacity the NMHS server content can change to take advantage through enhanced services such as interactive retreival, information on demand, and complex request-reply.

International - The information should has a global audience focus on the NMHS Internet-accessible server . The structure and page format will have a different structure and the site contents will cover a broader subject matter and a different focus with topics such as global aviation and climate issues. Options for providing multi-lingual support for the web pages should be considered. An international audience will be much larger and will have widely varying technological capabilities such as high access speeds and support many different browser software versions. The server user load will be high and will place heavy loading on the NMHS's LAN and the data providing server. As the web site grows in popularity, heavier demands will force system upgrades. The software market is in constant change and continual growth, therefore, considerations to provide more and better capabilities will be required, such as security functional enhancements and system performance tools. New software and hardware client capabilities are not utilized uniformaly around the globe. A global service data provider must maintain both older software functions and implement new server capabilities to service all technical levels of customer capabilities.

In simple terms, the Internet is a collection of various commercial telecommunication networks connected together in which all computers communicate with each other using a basic common protocol called TCP/IP. This protocol is provided by all network supporting software packages. A connection to the Internet can be of two types. The first type is a non-permanent session normally called dail-up hich will connect to a local ISP. The second type is a contenuous permanent session to the ISP using a dedicated local line. The two major categories of access will vary in cost to the NMHS. The first normally uses the public telephone lines and the cost is based upon connect time. The second is a perminate paid local dedicated circuit and is higher in cost. The first type is normally slower in speed than the second type. The first type is a popular one for the customer seeking information for short periods. The second type is used for the data provider, for example the NMHS offering forecasts and general meteorlogical data for Internet accessed customers on a continual accessible bases.

To provide information services on the Internet, the information must be stored on a computer server that is connected permanently to the Internet. There are two major options that NMHSs can consider for hosting their Web pages: operate it on their own computers or contract with another government agency or with a commercial service provider.

To host its own Web pages an NMHS would provide a dedicated computer. This service does not have to be costly, for example, a PC would be sufficient for a small NMHS and could be purchased ready to use. The NMHS would have to purchase a permanent dedicated connection to the Internet. The NMHS would require a small staff of experts in writing web pages using the (Hypertext Mark-up Language) HTML language editor and a standard database for storage of the data to be provided. The most important issues to be considered when evaluating this option is cost and local support staff. Furthermore, when hosting a server there are many security issues, which are discussed in more detail in section 5 of this Guide.

Contracting with another agency or a commercial service provider to host your Web server is another option. Many service providers rent space on their computers at a specified rate. The NMHS would use a dial-up link to the Internet to update the content on the server. The commercial service will already address security for its servers. The information would still be updated electronically by the NMHS from its own computer. Instead of a commercial service, an NMHS might be able to use the Web server of a sister agency, such as the environmental ministry, university, etc. Finally, an NMHS can consider placing its web site on servers outside its own country either on a service provider’s or on the server of another, larger NMHS. This option, however, could be more costly for updating, as location for the dial-up connection may include long distance charges.

Most commercial ISPs will provide server space but require you to manage your own content. Some ISPs will provide Web page generation services using your input and a few will even provide the entire page construction from your own documentation. Of course, the price varies with the level of service provided. Additionally, if you rely upon an ISP to develop and maintain your pages, updates would normally not be completely under your control nor as current as you would like.

When considering which ISP to use an NMHS should keep in mind that the Internet is a global communication service and many ISPs operate internationally. This could be a factor in a selection of an ISP, if you should choose to use one, as an ISPs Internet backbone connectivity is an important part of the selection process. This server location can determine global availability to the NMHS Web pages. It is also possible to work through a local university to house an NMHS web site, as their connectivity to the Internet normally uses a very high bandwidth communications connection and they often run the same ISP service capability as a commercial company. If the NMHS requires 24 hour 7-day a week service then it should ensure its ISP provides this level of support. All of these options should be carefully evaluated by either a consultant firm or your own staff, if you possess the necessary expertise. It may be possible to use another sister agancies experts. The NMHS locality has a significant impact on services and cost.

You should coordinate Internet access and Internet services with the appropriate commerical telecommunications network management and program management officials within your NMHS or government as appropriate. The following discussion will be somewhat technicial. This is necessary as the subject matter covers low level configuration issues. This coordination would normally include, as a minimum:

Once your NMHS has decided to make products available on the Internet, your server would need an address and a name to identify itself. On the Internet every computer has an address (IP address), which is a quadruplet of integers each with a value in the range (0 - 255) separated by dots: for example 193.135.216.2. Since the numeric Internet addresses are primarily used for network routing and difficult to work with, servers on the Internet are given names constructed by adding a designation to the front of a domain name. The server names are made up of text labels you can remember separated by dots, for example: www.mysite.net. The name is stored locally in a DNS server for translation by the network software to obtain the real numeric address of the server. The www and mysite is the server name and the .net would be the domain name. The names are organized in a hierarchical structure. Each computer on the Internet belongs to a group (domain) which may belong to another higher-level domain. The leftmost part of the name, therefore, is specific to the computer while the rightmost portion is the top-level domain. An example of this domain level structure is www.cma.gov.cn where the ".gov" is a sub-domain in ".cn" the country of China. The following top-level domain names are defined for the Internet for all countries/geographical areas (others are now being added). Two additional top-level domain names are used exclusively in the USA: gov (government) and mil (military).

The Internet servers of NMHSs are normally named under the country or geographical top domain. An ISP should be able to provide assistance in obtaining an Internet address and registration of a domain name. The registration of domain names may require a cost charged to the requestor. This service is provided by the InterNIC a servicing company for the Internet. This process of registration also requires the designation of a Domain Name translation service (or DNS server) to handle the translation between the character name and network IP address. During the configuration of your PC for network use, a DNS translation is required and an IP address of a local DNS server is a part of the installation of your network driver.

Standard names are often used for servers. Normally Web servers use www while FTP servers use ftp. However, these names are used only by convention and are not required. What is required is the server port address designation which is either "http" or "ftp". This directs the routing to the IP interface address to either the port 80 for web server applications software entry or to the file server software application which are ports 20/21. An example of server URL name construction therefore would be http://www.meteo.fr for web services and ftp://ftp.meteo.fr for ftp or file transfer applications. Note: the ftp takes you to a sub-directory only and both sites are located in France.

Having set up its Internet access, an NMHSs should advertise its presence on the Internet by registration of its server with the WMO list of NMHS Internet home page addresses and with Internet search engines. Links to the NMHS server from other related web sites can also help to promote the server name visibility.

Web servers, FTP servers, electronic mailing lists and Internet newsgroups are excellent tools for information exchange, especially when people have to communicate over long distances. However, each technology has its own advantages and disadvantages depending upon what is required. For example, Web servers are good at delivering general information to the public while they are not as effective in delivering volatile information to a limited number of persons. Electronic mailing lists or forums are more effective in that case. Utilising a combination of technologies, using each where it is most appropriate, can provide the best services. For example, an NMHS might provide general information and request users to specify their requirements for data on a Web page, deliver the data via FTP and confirm requests via e-mail.

Most Internet services are designed as client-server applications. In general, servers deliver data and clients receive it.

The relationship between Internet services and protocols and software that supports them can be confusing. The following table illustrates the relationships between the most commonly provided services, protocols and software.

Service	Protocol	Examples of Software
Service	Protocol	Server	Client
e-mail	Server side: SMTP + MIME Client side: IMAP or POP	Sendmail	Outlook, Netscape communicator, Eudora.
Web	HTTP	Apache, Netscape, Internet Information Server	Netscape, Internet Explorer, Opera, WebTV
FTP	FTP	BeroFTPD, proFTPD, WU-FTP	All browsers, WS-FTP
Newsgroups	NNTP	Listserve	Netscape, Outlook

Purposes for which the various Internet technologies are most suited are outlined below and summarised in Table 2.2.

The Web (commonly labelled as the WWW) is a presentation-page-based service supported by HTTP application software. It is the single most significant contributor to the Internet phenomenon. Web documents, which users retrieve from servers using a browser , which is provided with all Windows operating systems, (the client) can contain text, images, movie clips, sound files and hyperlinks (Uniform Resource Locators [URLs]) which are addresses to other documents. This action is simple With a mouse click on a link, the user can go from one point of the document to another and from one document to another, which may be stored on the same or a different server. This capability makes access to information on the Internet extremely powerful and easy to use.

In the Web, text documents are formatted with a tagging language known as HyperText Mark-up Language (HTML). The HTML documents usually have file extensions such as "html" or "htm". The tagging language specifies the format of the document, inclusion of graphics or multimedia files and the hyperlink information. There is a newer, more dynamic form, of HyperText coming into use. That is XML which allows for new commands within the Mark-up fields of the language. As its popularity grows, it may have application in the environmental science

An advantage of the HTML is that it enables the embedding of objects in the documents. The objects may be computer programs or multimedia files. When the object is received by the browser it causes the client computer to execute the embedded computer program or to launch another computer program residing on the client to process the embedded information. For example it might initiate the playing of a movie clip or a sound file. In the former case the programs are often Java applets or JavaScripts. In the latter case, the programs are called plug-ins, which are developed independent of the browser and can be called by the browser as necessary. An example of this would be the ending of an object name in "doc" which will cause the browser to call the Microsoft application MSWord. This open architecture enables the flourishing development of embedded object types for the Internet.

Web servers are very good at providing multimedia information (graphics, pictures, video, sound, music, text, etc.). They provide an excellent tool to deliver commercial products in electronic form and even support the possibility of on-line payment. They can provide a good level of security and encryption. With the use of user names and passwords, certain information can be restricted to certain users. Web sites can be updated automatically although usually they contain textual information that is updated manually. Automation of updates would usually require substantial software development. However, it is routine for operating systems, such as Windows 2000/XP and it is common for virus software applications to have updating done on schedules in the client computers.

Web sites offer the best capability for access to databases over the Internet, including query-type access. Most commercial data base management systems (DBMS) now provide Web support, easing development of Web applications with these systems.

FTP is a common service supported by many servers on the Internet. The protocol supports the transfer of both text and binary files between the server and client computers or other servers. After logging on to the server the clients can navigate through the directories on the server and can download/upload files to/from a client. The files that users are allowed to access are controlled by the configuration of the FTP server. The server can also allow access to the general public through anonymous FTP where users log in with a user name "anonymous" and can use anything for the password.

FTP sites are best suited for exchange of large files. These normally consist of data that are not usually intended for display by Web browsers. Examples of files that are normally distributed via FTP are software and large files intended for special applications programs. FTP can offer a good level of security by requiring users to provide a user name and password before granting a connection. FTP sites are one of the best solutions for the exchange of forecast model data and large sets of metadata information between NMHS automated systems.

E-mail is best used for regular delivery of data, products and information to a limited audience (subscriptions, bulletins) provided that the volume of information to be delivered is not too large. For large files e-mail is often used to notify users that the file is available while the file itself is placed on an FTP server.

E-mail is an excellent tool for communicating with users and for receiving feedback. Various levels of security can be provided. Information can easily be sent automatically through an electronic mailing list. This can be very useful for certain applications. E-mail can also be used for exchanging information between automated systems.

Newsgroups are a very good tool for exchanging information that is intended for a limited audience and that changes rapidly. The information is updated piece by piece by the people participating in the newsgroup. Each participant has a limited role within the newsgroup and thus does not have to spend a lot of time updating their information.

A moderator may be assigned responsibility for the newsgroup. The moderator monitors the messages posted on the newsgroup and enforces agreed rules and procedures.

Newsgroups are usually limited to a community with a specific interest and information can be restricted to certain members via user name/password control. It is also possible to open newsgroups to a large community for read-only access while allowing write access to only certain members.

Newsgroups can be a useful tool for obtaining feedback from users although e-mail is more commonly used for this purpose. They are best suited to active information exchange among a small community of dedicated persons.

Table 2.2 - Summary of the advantages and disadvantages of Internet technologies

Hydrological and meteorological data can be placed on servers as well as documentation about the data or other hydrometeorological subjects. Documentation is normally written in HTML scripted page format to permit display using Web browsers. This permits the browsers to display all kinds of text and graphical information. The hydrological and meteorological data can be coded into HTML, with explanatory text as appropriate, or can be coded as simple text files. Most browsers have the ability to access and display both HTML and text pages using either HTTP or FTP protocols.

Access to HTML pages can be limited to specific users with identification and password controls. This control can be accomplished at the URL level, which connects one HTML page to another. FTP also provides the capability to control access to files via password protection.

At this poiint it is time to dicuss a need to investigate a development of a standard for files of information about these various contents for ease of exchange between centers. As the variety and volume of data increases, the need for describing those data by “Metadata” in an unambiguous way and through a standard approach becomes essential. CBS, at its Extraordinary session (Cairns, Australia, December 2002) agreed that the ISO standard for geographic metadata (ISO DIS 19115) was suitable for use within WMO as the WMO Core metadata standard. CBS also recommended that XML be reviewed as possible form to be adopted as the common language (or format) for metadata exchange. Several further developments are required and are being carried out by CBS and other WMO Technical Commissions. Currently there are also other evolving forms being developed by the commercial industry, such as XUL.

Information about your NMHS and your mission and organization is best presented via the Web. Short descriptions of your organization and its programs should be presented in an attractive way so that Internet users immediately know whether they have reached the site they were looking for. This information might include the vision, mission and history of your NMHS as well as information on how users can contact your NMHS. Contact information commonly includes street and postal addresses, telephone and fax numbers, e-mail addresses, etc. The organizational structure of your service could also be presented along with a directory of staff, in accordance with local regulations. A note of significance, your customer is a short e-mail away. Your NMHS now needs the ability to respond and quickly in this electronic environment. Your responses are a statement of policy, like any written correspondence from your NMHS. A prosess needs to be established internally to handle this new workload. This is part of the advantages to making your agency known. If you are popular to your customers you provide support for your NMHS, an excellent advertisement.

Many NMHSs also provide information on training opportunities and job openings within their organization and guidance manuals of all types.

This is the core of your web site. In deciding what information to put on the NMHS Web server, a decision should first be made as to what will be provided freely to the public and what will be restricted to special users. In general, current practice for many NMHSs is that forecasts less than 24 hours duration and that provide basic information to the public for everyday activities are made freely available. This usually includes safety information (such as severe weather watches) when and where necessary, for example safety at sea and aviation/marine search and rescue.

Policies concerning additional or value added services vary from service to service and should be determined locally. The NMHS should consider whether or not to charge for services that provide media exposure and therefore free publicity.

With the above in mind, it is possible to evaluate each product to determine if it should be provided through open or controlled access.

One of the best ways for NMHSs to use this technology is to provide text information for public access. The local forecast offices of the NMHS produce many products and making them available to the general public or other NMHSs via the Internet can greatly enhance the prominence of the NMHS. This can also supplement current dissemination systems.

Text or graphical forecasts and warnings provided via the Web might contain, for example:

Land and ship surface data and upper air data are often made available, usually in the original code transmitted for World Weather Watch exchange. Upper air station reports can be made available via FTP, as most users would like to either display soundings or ingest the data into software modelling applications.

d. Climate information
The web as a means for providing this information is excellent. The graphics and color capability plus the normal nature of climate forecasts having long time period coverage makes this an easy means of communicating these products to your customer public as well as providing a means of exchange between NMHS producers and NMHS users. Examples of products are:

Information about the science of meteorology, hydrology and the environment are often made available via the Web. This might include a cloud atlas, information on meteorological instruments or weather phenomena and a glossary of terms. Definition or background on information in the headlines such as general information on El Niño might also be provided.

Information that is new or considered important for the viewer to see should be highlighted in some fashion. Normally this can be accomplished by placement on the page, linked from the homepage or placed on the home page, or by using blinking HyperText. The types of information to be presented are up to the NMHS. However, subjects such as the latest warnings, new products available or NMHS events (e.g. conferences) could be items for this area.

Links to other Web sites are easy to produce with HTML through hyperlinks. Care must be taken to ensure that links are related to the subject of the page they are linked from. Other government, commercial or university sites may provide additional information to enhance topics of discussion. Each linked site should be reviewed carefully prior to linking to ensure suitability of content. Also, remember the customer many not know they have left your web site. A notification to the user of going to a new site should be included. This can be accomplished with a "Jump page" containing the statement that you are leaving your web site and also a short time out to execute the jump. Jump pages are accomplished with server side code. Another way is to build a re-direct web page that contains the statement of leaving your web site and than sending them to the target web site on a timer in the re-direct web page. This requires no server-side demmon code, but it uses JavaScript code in the re-direct web page. The object is to tell your web page reader that he/she is leaving your web site with an expaination.

Some services provide access to experimental products via their Web servers. These might include monthly and seasonal outlooks, ENSO advisories, etc. These products should be clearly labelled with their intent for use. It should be stated that they could be removed at any time and there is no commitment to maintain them for future use.

Almost any kind of digital information can be placed on FTP servers. As noted in section, 2.3.2, FTP is best used for very large files targeted at specific audiences. It is commonly used for dissemination of raw data and product files in ASCII or WMO binary representation forms. It is also widely used to distribute software. The concern here is to control the amount of bytes that can be downloaded per unit time. A site and local network can become overloaded and access denied to others if the request is for too much at one time.

Subscriptions, regular bulletins, announcements, press releases, etc. are suitable for dissemination via e-mail. E-mail could also be used for the dissemination of advisories and warnings for specific users. However, its use for this purpose must be regarded with caution since timely delivery is not guaranteed.

Frequently Asked Questions (FAQ) and answers are usually placed on newsgroups. Newsgroups also allow users to ask questions while expecting other users to reply so that all participants can benefit from the question and its answer.

NMHSs may wish to use the Internet for the exchange of data and products. However, this is not recommended for time critical operational data and products since the dedicated Global Telecommunications System (GTS) and the NMCs store-and-forward message switching systems were designed and developed for that purpose. The Internet is a public communications network shared by many users. Therefore, performance and access between NMHSs can vary greatly at different times of day and at present the Internet service is not as reliable as international dedicated lines in certain parts of the world. However, it is also recognized that the Internet may be the only way to exchange certain products. Some types of data, image products, climate products, large files or graphic maps with colour may not be obtainable on some links of the GTS. The use of the Internet between NMHS systems can supplement the GTS for the exchange of these types of data and products. To reduce exposure to the public of your data exchanges over the Internet you can establish "virtual private networks" (or VPNs for short) over the public Internet. Assuming you want to exchange between two NMHSs, both must establish this connection in coordination with the network service carriers. As this is a encryption process, encryption and decryption routers at both ends must be configured. See details of VPN in the GTS Word79 documentation. [This document may take a few minutes to download into your word software.]

The exchange of data and products between NMHSs can be accomplished with file transfers using standard FTP. The exchange of files requires that both ends of the exchange understand the directory and file name structure used at both NMHS servers. A good way to accomplish this is for each NMHS to document in Web pages the IP addresses of their servers and their file and directory structure and describe the file naming structure they are using. Some directories on a file server may be subject to access control while others may be open for access through anonymous FTP. At the command level, the FTP exchange is accomplished with either a "PUT" or "GET"command. These comands are contained within the FTP applications, such as WuFTPD on the client and WsFTPD on the server. The PUT command is used to place files on a server and the GET command is used to retrieve files from a server. There is a commonly used FTP command that permits a client to see what files are available on a server. This is the list (ls) command. The server will responed with a list of all of the files in the specified directory, much like your computer does on your "C:" drive. Most all server FTP applications will list the files and it is very resource intensive. Repeated requests for a directory filelist can act like a denial of service attack on a server. It is best to not permit automated software applications to list files. The two data exchange processes are described below.

The PUT command (or write) sends a file from your site to the server at the remote site. This process allows the sending server to control when the exchange is to take place. The benefit is that no action occurs until there is a file to move. The server at the receiving end must, however, keep checking their server to find out when the transfer has taken place. There are many ways to help minimize this effort such as notifying the remote server that the transfer has been made. An agreed procedure must be arranged between the two sites.

Typically before transferring a file verification of the connection is made. If a connection can not be established the sending system can attempt to send at a later time, when the server can be reached.

The GET command (or read) retrieves files from a remote server. This process allows you to control when to retrieve a file from another FTP server. A limitation with this approach is you may not know when a file you want is available. Many users attempt to retrieve files before they are available. This can overload the server and prevent other users from retrieving files. Therefore, care should be taken not to determine file availability using a rapid cycle of connecting and reading. Two NMHSs that are exchanging data should determine the process they will use for notification of file availability. There are several approaches, but all include timers and status files so that the recipient can control when the files are to be read. The FTP is a passive process and most FTP servers will set timeouts for sessions to clean out old processes, as a retriever (or read) can leave a process up (or open) tying up limited server threads for FTP sessions.

The format of files, directory tree structures, and names of files are all relevant to exchange of data and products for NMHSs. These must be addressed while arranging exchange procedures between two NMHSs. Descriptions of directory trees and data contents should be available to all NMHSs, either locally on Web servers or through published documentation. At present there is no established mechanism exchange of this information.

More details on the exchange of files using FTP can be found in the Recommended Practices and Procedures for the Implementation, Use and Application of TCP/IP on the GTS (Word97, pdf). The procedures described in that guide are of course applicable to the Internet as well as the GTS.

There is currently no WMO standard for file names. After careful consideration it has been recognized that different solutions are needed for particular purposes or local system configurations. Some standards are best for automatic processing while others are more suitable for human readability. It should be noted that CBS, at its Extraordinary session (Cairns, Australia, December 2002) agreed upon a file naming convention for operational routeing and distribution of information between NMHSs. To facilitate a smooth transition from the current GTS message headers, CBS recognized that a transition period would be required and it was requested that a maximum of 5 years be provided to implement this new recommended practice, and that detailed complementary procedures were still required.

Documentation describing data and products should be placed on Web sites for interactive access. It is recommended that NMHSs use HTML pages to describe the construction and content (including subdirectory and file names) of the information placed on their server.

Directory structure and filenames on FTP servers need to be made available to the users of the service. For files accessed via FTP, documentation defining the file naming procedure should be made available by the NMHS. The directory structure, subdirectory tree and file names and data availability frequency should be part of the documentation. Also, users should be informed of the times that the files are written or updated. All of this information is often made available in a text file named readme.txt

It is recommended that each NMHS develop a convention for construction of e-mail addresses of its employees. This makes it easier for outside users to determine e-mail addresses of staff they might wish to locate. Many Services use an address consisting of the FirstName.FamilyName@ServiceDomain, for example, Jean.Picard@meteo.fr

As an alternative or in addition to a naming convention, many, especially large, NMHSs also provide an interactive directory of their staff, which allows users to search for staff members by name or department and determine their e-mail addresses, telephone and fax numbers (in accordance with local regulations).

The Internet provides access to many search engine sites operated commercially by companies. These sites provide links to all types of topics accessible via the Internet. They permit you to find any server that could contain information related to particular areas of interest.

To utilize search engines, you link to them through popular URL addresses. You can then enter queries or key words to find the URL location of sites containing information you are interested in. There are over 100 search engines currently available on the Internet. A few of the more popular sites with global coverage are listed below. (Click the back icon arrow on your browser to return.)

Web search engines sites are very useful as means of notifying the Internet world at large that an NMHS Web site is available. To permit your NMHS's Web presence to be included on search engines requires notifying them through hyperlinks provided on their homepages. There are also commercial sites that notify the major search engines at a small cost.

The ability to be linked from a major search engine site requires that you build your pages (especially your homepage) with the appropriate HTML "metatags" at the top of your Web pages. Metatags that are imprtant for search engines are the "KEYWORDS", "DESCRIPTION" and "TITLE" tags, as most search engines will key on their text for inclusion in their directories. Some of the engines use the words contained in the "TITLE" tag for the link description in their page. There are companies that will review your pages for content and rate the site as to the type of information it contains. This can be important, as without this information in a metatag some search engines will not include your site in their directories.

Please note that this chapter is not intended to be used as technical reference material and does not provide practical solutions, but only outlines issues NMHSs should consider when determining their own solutions. It focuses on server security and not network security.

It is necessary to consider at least the following issues before placing a server online. For example, The British Standards Institute has published a list of ten key controls for checking if basic security is implemented. They are:

A DMZ (De-Militarised Zone) is the term for a no-man's land between the Internet and the internal network. This zone is NOT in the internal network, but is NOT widely open on the Internet. A firewall or a router with IP address filters applied usually protects this zone with network traffic filtering capabilities. It is also good practice to put FTP servers within the DMZ, thus requiring FTP-port (21) and FTP-data-port (20) to be accessible.

It is recommended all software and protocols that are not needed on the host be removed. For example, sendmail (which is the most common e-mail server available on Unix platform) is particularly susceptible to attack. Every week or so, a bug is discovered. Updating sendmail is an endless task so removing it from the server is often the best solution.

This is true for all cases but is especially important for servers connected to the Internet.

Security weaknesses are regularly discovered. For those relevant to your type of host and servers (FTP or Web) you should install software updates (patches) whenever they are made available. It is a good practice to install them on a backup system to check for non-desirable effects.

If access to your FTP or Web server were to be done via an unsecured connection, all information typed might be seen by unauthorized eyes. This is particularly dangerous for system administration.

To prevent the above risk, if, for example, you must administer your system remotely, use secure shell (a system where all information exchanged between client and server are encrypted). The two last points are probably not very easy to follow. If there is no other solution, it is very important to minimize risks. If you have to telnet to access your FTP or Web server, you should install a tool like tcp_wrapper. To our knowledge, this only exists for Unix hosts, and is not available, at least under that name for Windows NT. This software, before allowing access via telnet, determines if the calling IP address is allowed or not. Section 6.4 discusses IP and DNS security.

As above, it is advised to create a limited access space to keep anonymous FTP out of the Web server tree. In some configurations, FTP servers rely upon files to be kept secret (password lists, etc.). Otherwise, if the Web server shares the same directory tree, it might be possible to read files via http, and then compromise the FTP server. However, this is server and operating system dependent.

The method is always the same. The simpler the server, the more secure it is. Therefore, all unnecessary files should be removed. The example above concerning "PHF" is especially instructive. With the first release of the NCSA http server, this PHF tool was provided and installed by default. Nobody really noticed it, except some hackers, who used a weakness in this tool to gain unauthorised access to systems.

Whatever the efforts being made to protect your hosts, you should know what is happening on your server. The usual way to do so is to log important information. Nonetheless, it can be difficult to locate critical information within a large log file. Commercial software is available to assist in this effort.

It might be necessary to open security holes between the DMZ and the internal network to collect logging information. For example, some monitoring tools require access across the firewalls in order to operate.

Hackers might try to erase the evidence of their activities from the log files. Keeping the log files inaccessible (encrypted or on a remote system) is therefore essential to be aware of attacks.

To gain unauthorised access to a system, or to use it for inappropriate purposes, it is often necessary to modify critical files. That is why tools like "tripwire" can be used to calculate checksums on the files. Any changes in the checksums indicate that the files have been modified.

SSH (Secure Shell) and SSL (Secure Socket Layer) are two common solutions for encryption between hosts.

ISS (Internet Security Scanner) is a commercial tool that can be used to monitor security on the host.

As described above, security is an unending story. One can limit the risks by following all of the advice given above. However, some of the recommendations might be difficult to implement and many NMHSs will probably implement a subset. There is no minimal subset that is applicable to everyone to provide a sufficient level of security. NMHSs must determine what risks are acceptable in their particular situation.

Once the server is configured it is necessary to determine access control policies. That is, who is allowed access to what information. By default clients can read every file put under the directory tree of the Web server via http; however, NMHSs may wish to restrict access to certain information.

When a client connects to a server, the client address is the first information received by the server. Based on predefined rules, access can be granted or denied. It is recommended to use IP addresses instead of names. Using IP addresses is a better solution for two reasons: the server is not required to look up an address, which can slow response times; and it is quite easy to fake host names. Nonetheless, faking IP addresses is also possible (albeit more difficult) so this mechanism should not be used without clearly understanding its limitations.

As usual, when logging into systems, the user must authenticate himself with user name/password. The main problem with the default configuration is that passwords are sent on the Web in clear form (i.e. not encrypted). Tools used to monitor the exchange of traffic between hosts ("sniffers") can read the information.

For FTP servers, depending upon the operating system and the server itself, only a subset of the control available for Web servers might be possible. The two most recent FTP servers with access control are BeroFTPD and ProFTPD. Both are free software available on the Internet. However, because they are free, attackers can get them aslo and find ways to break into your systems.

Access to e-mail and newsgroup servers is controlled by only the general mechanisms that protect the host. There are no additional standard protections available for e-mail server software. These services are sacrifical and you must keep backup copies if the systems for complete replacement when needed,

When designing your Local Area Network (LAN) within the NMHS to handle both GTS data connectivity and Internet connectivity, you must separate the two networks either physically or through the use of firewalls. There must never be any ability to allow Internet traffic onto the GTS via the routers. A design that controls IP traffic through sub-network address screening must be a part of internal NMHS LAN design.

The design should follow levels of security such as a simple design router and firewall protection from outside attacks. Again, review http://www.boran.com/security/webserver_practices.html above. The best way is to use a combination of router network controls and firewall traffic checking. Protocols such as HTTP, telnet, SMTP and FTP protocols must be blocked from entry to the secure side. Allowing controlled FTP to pass through the firewall to the open server resources is a way to deny public access to the critical systems and at the same time make data, documentation and forecast products available on Internet accessible servers. The firewalls can act as flow control and IP sub-network address level entry control. What this means is to allow only known internal LAN network addresses through a firewall.

The LAN network configuration diagram provided here is an example of a LAN based NMHS MSS complex that will control GTS access to the central core switching system resources.

This sample design protects the Message Switching System (MSS) file server data base from the open Internet. The design will allow for file transfers from a file server containing the original operational files out to a file server that is accessible to the Internet. The Internet file servers would be accessible for TCP/IP FTP file exchange for other NMHSs as well. The NMHSs could exchange files of metadata or files of forecast products in GRIB or BUFR. All Web (HTTP) and File (FTP) services are open to Internet access for those sub-directories designated as open and they would contain information available to the public. The Internet accessible servers would be the staging of received products (into sub-directories under password control) from other NMHSs and the server would move the files back to the production system file systems through the firewall system. The servers used for Internet access must also contain limited server port access control. For example allowing only HTTP and FTP ports to be open, without account and password control. This permits telnet access to a limited number of people, for example, to support server maintenance of files. For security reasons, never use the File server for e-mail. The architecture for a National Meteorological Centre can be much more complex. However, illustrations of such designs are not the purpose of this guide.

1 The U.S. Department of Energy (DOE) has a Computer Incident Advisory Committee (CIAC, http://www.ciac.org/ciac/) which is one of the oldest and most reliable security references available on the Web. It is internationally recognized for its contribution to the Internet community. CIAC is a founding member of FIRST(Forum of Incident Response and Security Teams), a global organization established to foster cooperation and coordination among computer security teams world wide.

Web Sites should ensure that their presence on the Internet fulfils mission requirements in a professional manner. They should also ensure that information that they make available via the Internet is accurate, relevant, up-to-date, and is professionally presented.

NMHSs should take adequate precautions when processing data or storing data on computers connected to the Internet and when transmitting data to others over the OPEN Internet. Given the extreme vulnerability to viruses and other malicious software, the NMHS should ensure that processes and procedures to minimize risk are in place.

It is important to note that, aside from some common-law restrictions in individual countries, the Internet as a whole is essentially a non-regulated global ensemble of a myriad of component networks owned by various communication carriers. There is no code of ethics and practices applicable to the particular interests of the meteorological community. However, there are areas where some form of voluntary self-regulation may be desirable, as with the recognition and accreditation of the sources of data or products posted on another Member's Web page. The same applies to the use of pointers and hyperlinks to the sites of other organizations: the visitor should be made aware that the information he is accessing is actually located elsewhere. Resolution 40 (Cg-XII) and Resolution 25 (Cg-XIII) apply to any exchange of relevant data and products and thus data and products placed on Members' servers should be consistent with these provisions.

Although advertising is not currently a widespread practice on NMHS Web pages, it is foreseeable that some Services may decide to include advertising for third-party products, perhaps in the form of banners or buttons on their pages. Care should then be exercised, as the apparent endorsement of some these products may compromise the credibility of a NMHS, or that of another link-related NMHS.

Members should always promote the NMHSs of other countries, as the prime source of information for those countries. This can be done quite simply by providing links to the Web sites of other NMHSs and, most easily, through the corresponding page on the WMO server (English version page).

Web pages often include material, such as graphical illustrations, that is protected by international copyright and care should be exercised when "adapting" such artistic elements for self use. When using any trademarks or service marks, it is recommended that the (TM) or ® (R) symbols be used, as appropriate. By definition, trademarks are used to identify tangible goods, while service marks are used to identify services.

Posting complex products intended for interpretation by professionals on Web pages may pose a problem whenever they can be readily accessed by inexperienced users as these users may easily misinterpret them and use them to make wrong decisions. Thus, it becomes particularly important to publish adequate disclaimers on main pages. These disclaimers should be drafted with considerable care with regard to local legislation, preferably with the assistance of national lawyers.

As an example of copyright and disclaimer text, the USA National Weather Service (NWS) uses the following, which with some modifications for local law and conditions, could be used by other NMHSs.

HTML allows the browser window to be split into smaller sub-windows or frames. The use of frames makes it possible for a Web site to appear to include pages from other sites within its own page. This can cause problems, for both the referenced and referencing pages. If your own pages are included within another site's frames it appears as if your page is theirs and information around the frame could be embarrassing to your site, as inappropriate banners can be displayed around your Web pages.

HTML provides the capability to prevent a page from being included within a frame. It is recommended that you include the appropriate commands within your own home page to prevent this possibility (see the source code of http://www.nws.noaa.gov/ for an example). Furthermore, if you are using frames within your own site you should seek the permission of any other sites before including remote pages within your own frames. In general, it is recommended that you remove your own frames when linking to other sites.

Since it is very common for hyperlinks to point to pages outside the local server, users can sometimes become confused as to who is responsible for the page they are currently viewing. This can create problems if users believe a page is an "official" NMHS page when it is in fact a page at another site. "Jump pages" are pages that are used at a site to inform the user that they are following a hyperlink and that they are leaving your site. Jump pages normally contain the name of the site you are going to and a notification that the user is leaving your own site. These pages can use timers to execute the jump after a brief period to permit the viewer time to read the notice. It is recommended that all NMHSs use this capability, as users do not normally know when they are switching from one Web server to another.

Web documents can include graphics, sound and movies as well as text. Graphics are usually provided in GIF or JPEG format. GIF is generally preferred for artwork while JPEG is better for photographic images. The GIF format also supports the storage of multiple frames of graphics in one file and the animation of these frames. Most popular browsers can display all GIF, animated GIF and JPEG files.

When including images in Web pages it is recommended that the pages include alternative text to be displayed if the user is unable or unwilling to download the image. Normally the reason is connectivity speed to the Internet from the client. The download time can be very long on large graphics. There is a common pratice of providing a "thumbnail" image with the opton to retrieve the full picture. This includes the byte count (size) of the original graphic. A "thumbnail" is a smaller version of the original.

Static and streaming audio and video can be included in Web documents in a number of formats but browsers often require additional software to play them. Static clips can only be played when the whole file has been downloaded while the streaming media can be played while the clip is being downloaded. Audio and video requires high network bandwidth and are not very often found in NMHS sites and are not recommended to be included on front pages

It is recommended that the name and logo representing the NMHS and a hyperlink to the starting page of the site be placed on every Web document. Thus users who may have reached the site following a hyperlink from elsewhere can find and view other documents made available on the server.

Frames can be used to assist navigation. It is a common practice to dedicate a narrow frame at the margin of the browser window for a menu of hyperlinks to facilitate navigation within a site.

Another navigation tool used in Web documents is the image-map. This is a graphic that has a number of "hot spots" on it. Each of the hot spots maps to a URL. When a hot spot is clicked, the URL is triggered. Depending on the implementation of the server and client software, the look-up of coordinates on the image to URLs can be done by the client or the server.

With the navigation tools described above the user is given a menu of documents to choose from. The number of menu items is limited in order to keep the menu manageable and usable by the user. There are however techniques which enable more effective interactions between user and server.

HTML supports the inclusion of forms in the Web document. Input windows, check boxes and menus can be created in the form. The user can enter data on the form and "submit" it to the server by clicking a button on the document. The server then collects the data and returns customised products, which are generated in real time, to the browser. The processing of the input data and generation of products are usually done by CGI (Common Gateway Interface) scripts which reside on the server. The script can be written in any programming language supported by the server system. Besides, forms may also be used to collect other user information such as user feed back or profiles of the user community.

Variables can be inserted in HTML documents using the Server Side Include command. When a document with a Server Side Include variable is requested from the server, the server may insert in the document at the point of the command date/time, the content of another document or output of another program it launches.

Dynamic documents can also be created by embedding in the documents programs written in Java or JavaScript. These programs, executed on the client, can perform a variety of functions. For example, they could process data entered by the user or downloaded from the server to generate variable content on demand. However, it should be realized that these tools, although powerful, may deny part of your public from viewing your pages correctly, as older versions of the current browsers do not support Java or JavaScript. It should be noted that despite their similar names, Java and JavaScript are two separate languages.

The implementation of a Web site must consider the services to be offered (whether to include both FTP and HTTP services), whether or not to monitor use, reliability of the servers, arrangements for backup, staff resources, response to feedback from the user community, etc. NMHSs should be aware that the Internet is a very complex network and reliability and response times are often beyond the control of their Service. Therefore, users should be informed that even though the NMHS server is maintained operationally and is running without significant load, it might sometimes be difficult to connect or retrieve pages due to network congestion or other external problems.

The following areas concerning Web site resource requirements need to be addressed:

Your Internet server should provide knowledge, or improve the way users/clients can accomplish an important task through the use of weather information, be it a forecast or climate data, etc. The information should be interesting to the clients and they should be able to learn something from it.

Relevant, high-quality content is paramount on a Web site. Everything else is less important, including look, ease of use, uniqueness to the medium and promotion. It is therefore important that information posted on your Web server be kept up to date. Outdated or obsolete information discourages users and can damage the reputation or image of your NMHS.

All pages, starting with the homepage, should be constructed according to a common style so that users will recognize pages from your server, even if they have "bookmarked" pages from lower in your page hierarchy. This is particularly important if your NMHS maintains more than one Web site on the Internet.

All pages should be dated, and a group name or page author name should be included to permit routing of inquires from feedback by users.

Page design should consider the level of technology used by your audience. For example, in the USA in 1999 most users were running Windows/95, which was delivered with Internet Explorer 3.0 and a default screen resolution of 640 X 480 which can cause page wrap and font and printing problems if you use frames and problems if you utilise Java or JavaScripts.

Web design groups and HTML style guide recommendations are accessible on the World Wide Web. It is recommended that designers go to the major search engine Web sites and search on desired topics.

Web Site Usability addresses the way Web pages are constructed, including hyperlinks to other parts of the same page, other pages on the site, or to other Web sites. The links need to clearly indicate what the user should expect to find if he/she moves to that URL. There are books on the design of a site with "usability" as a key element of consideration. These design guidelines allow users to find what they want quickly and easily. Aspects of usability include placement of text on a page, bold fonts, "alt tags" in graphics, and path design to meet logical thought. It should be stated here that web page presentations are like publishing a newspaper or book. Knowledge of good techniques on how to present your subject matter along with the HperText functionality of an HTML document can be a powerful presentation. Doing it right leads the view through a complex and unformiliar subject area quickly and allows the audience to find things easily. As network connect time carries a cost for client users, quick page loadings may keep a customer where slow page loads can lose customers. There are many new books on the market that addresses this new presentation subject. For example a book titled: "Web Site Usability: A Designer's Guide" originally written in 1997 and updated in November 1998 by Jared M. Spool is an excellent starting place on the subject, even though it is somewhat dated in this industry. A search on the Internet using a major search site (like Google.com) can lead you to many discussions on this growing scientific and psychological subject.

It should be easy for users to quickly and easily obtain the information they seek. Graphics slow down access and should be used sparingly. Animation and audio have their uses, but should be used only where necessary. The key in all cases is that page size and image content control download times and 30 seconds or less at commonly used connection speeds is a good measure of an acceptable size for an HTML page.

If graphics must be used, such as for climate data, they must be easily read. If the reader must read instructions on how to interpret the graphics, interest is lost.

It is often useful to provide a search tool to allow users to rapidly find information that is not easily retrieved by browsing through the Web site menu and sub-menu items. You should ensure the search is limited to files present on the local Web server. It is also useful to provide a Web site directory or index. This would provide a synoptic view of the Web site content with topics and sub-topics indicated on a single page.

Simple language and terminology should be used. It is best to avoid colloquial, or idiomatic language or expressions. For a national audience, national requirements dictate the languages to be used. For an international audience, it is recommended that sites provide pages in multiple languages or consider use of a translation service.

The most exciting, or newest content, should be boldly promoted. For example, a press release on the latest weather event or a forecast of significant weather expected should be highlighted.

Pages should not be too long. Ideally pages should fit on a display screen with minimal scrolling required. Otherwise, a table of contents with links to subsections should be provided at the beginning.

Different forecasts, climate data, etc, should be on separate pages. That is, the user clicks on an icon for a forecast, reads it and then returns to the selection page.

Weather reports and forecasts can be presented simply as text in Web documents. Images can be used to depict the weather conditions. For weather reports or forecasts over more than one location, maps showing the distribution of meteorological parameters such as air temperature and weather conditions are commonly used. If there are large number of different locations to be presented, an image map or a form may be used to assist the user in selecting the location or data of interest.

Warnings for hazardous weather can be presented as text in HTML documents. Animated GIF labels can be added to attract attention. Unlike other perishable media such as radio or television, in providing warnings on the Web operational arrangements should be made to remove the document when the warnings are cancelled (when the weather improves). Since there is usually no fixed schedule for warning dissemination, the user will need to access the relevant document from time to time to check the warning status.

Weather maps are usually provided in GIF and JPEG format. When using graphics, attention should be given to the size of the image and of the file. Bearing in mind the typical hardware being used by users, the image should, as far as possible, fit into the display without scrolling and should not take too long to download.

To present the variation of parameters such as air temperatures, rainfall amounts etc. over time, line graphs and histograms are often used. The graphics can either be produced on the server at regular intervals when the data series are updated, generated on demand, or generated on the client using the data download from the server. The choice may be made based on the comparison of the download time.

If your NMHS produces material for television weather programs, the video clips can be made available on the Web server in the form of streaming video or static video files. Special video production facilities are required to generate these files. If streaming video is provided, streaming server software is required on the server.

ANNEX 1 - Internet Glossary

EC/AGE - Executive Council Advisory Group on the Exchange of Meteorological and Related Data and Products

ANNEX 3

Information and Assistance

Questions and corrections to this guide may be directed to the "Expert Team on Enhanced Utilisation of Data Communication System" members.

OR send you comments directly to the WMO Secretariat in care of the "Senior Scientific Officer" of the Data Management Office of the World Weather Watch:

	Web	FTP	E-mail	Newsgroups
Multimedia/ graphical information	Excellent	Delivery only	Can be used to deliver small multimedia files	Can be used to deliver small multimedia files
Regular or operational information	Near real-time delivery is poor	Good if automated delivery possible	Good for small data volumes	Poor
Ad hoc requests	Excellent	Good with a Web front-end	Acceptable for simple request	Good for soliciting opinions or information
Security level	Password access and encryption	Password access	Electronic signatures	Password access and management of privileges
Target audience for dissemination	Wide	Wide	Small	Limited
Automatic exchange	Poor	Excellent	Good	Poor
Assurance of delivery	None	Via "PUT" only	Acknowledgement of receipt possible	Automatic notification possible
Feed-back from users	Good (via forms or e-mail)	Poor (via e-mail only)	Good	Good
Dialogue between users	No	No	Good	Excellent
DBMS access	Excellent	No	No	No
Volume of information possible	High	Very high	Small	Medium

com	Commercial organization
net	Networking organization
edu	School
int	International organization
org	Other organization