Enterprise Plone:(Rather) Complex Infrastructures

October 11, 2007, Plone Conference, Napoli

Duco Dokter

dokter@goldmund-wyldebeast-wunderliebe.com

1

Contents

• Existential affairs;

• High Availability;

• More existentialism;

• Single Sign-On;

• Load-balancing;

• Caching... GOTO [other talks].

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 2

A not so complex setup

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 3

You wanted it more fancy?

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 4

The enterprise market

• Usually highly demanding in terms of availability;

• not necessarily because they actually need it though...;

• mission critical applications;

• complex existing infrastructure;

• lots of (web)services, legacy.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 5

What is High Availability?

The myth of the (five) nine’s (99.999)

Your system is delivering its service to the user 99.999% of the time it isneeded. (Myth: so the downtime of your actual ‘service’ is negligable...)

Does anyone know how much time that leaves for breakdowns?

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 6

About this much

uptime downtime/yr downtime/mnth downtime/wk99.99% 52.6 min 4.32 min 1.01 min99.999% 5.26 min 25.9 sec 6.05 sec

So one broken disk in your data center:

• that takes 5 minutes to replace: 1 year used;

• sadly the data center is ten minutes away by bike: three years worth;

• and you have no spare disk and need to go to the shop first: 12 years gone;

• ... but the shop needs to order that at Fujitsu...

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 7

How?

• assert risk for components, both hardware and software;

• remove ’single-point-of-failure’ spots, id;

• calculate possibility of system failure;

• avoid complexity!

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 8

HA Cluster setup

• throw in more machines;

• throw in more Zope instances (servers);

• use heartbeat;

floating IP, and other services can be transported across nodes connect overtwo interfaces: i.e. serial and ethernet

Syncing: drbd, syncpozo, zeoraid, fs solutions

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 9

New setup, as HA cluster

Do we still have a problem? Yep: no global redundancy

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 10

Why leave your slave whithering away? Adding LB andZEO.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 11

And what about caching?

Are we happy yet?

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 12

Single Sign-On

Single Sign-On is:

• authentication process where a user presents credentials once and getsauthenticated for more than one application;

• a ‘meta’ session is created.

Web SSO: the same story, but only for web applications

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 13

Why Single Sign-On?

• user experience;

• less user separate user accounts;

• focal point in security administration.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 14

How?

• One trusted source;

• a trust relationship between the source and ‘clients’;

• a trusted & clear protocol for authentication.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 15

Plone SSO

• More plone sites within same user session;

• Plone as front-end for other apps;

• other (non-Plone) web apps in same session;

• non-web apps in same session;

• Plone login based on machine login (not in scope, but think NTLM).

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 16

CAS

• SSO server built at Yale university;

• Java Servlet/JSP technology;

• (reasonably) well documented;

• source code available;

• free licence;

• open and clear protocol.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 17

Plone & CAS

Prerequisites:

• CAS4PAS;

• PlonePAS.

Optional: PloneCASLogin

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 18

Steps: Session 1

1. http request to Plone site A;

2. inlog link kiezen naar CAS server of authenticatie redirect (CAS4PAS) over HTTPS;

3. login on CAS server;

4. CAS sets cookie;

5. redirect back to callback service with ticket;

6. validation ticket to CAS server;

7. CAS server removes ticket and gives ’ok’ + netID;

8. response (with Plone cookie).

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 19

Why the validate step?

Because of redirect to service: might not be secured.

So: a token is given, and Plone uses this to actually validate. CAS generatesthis token, and receives it to give back the user id.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 20

Steps: Session 2

1. http request to Plone site B;

2. click on login link to CAS server or receive authenticatie redirect (CAS4PAS);

3. CAS service recognizes existing session (based on cookie);

4. redirect back to service with new ticket;

5. validation with ticket;

6. CAS removes ticket, and says ’ok’ + Net ID;

7. response.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 21

Architectuur

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 22

Back end

• LDAP

• SQL

... but fully pluggable.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 23

So...

• more Plone sites, 1 account;

• Plone site as front end for other sites;

• Mix of Plone and other web systems;

• Mix of Plone and non web systems.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 24

The final result

What was that again on complexity?

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 25

Issues

• Loosing sessions: sticky sessions?

• We haven’t really finished: monitoring.

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 26

Ceterum censeo MicroSoftem esse delendam

Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 27