Enterprise Plone:(Rather) Complex Infrastructures
October 11, 2007, Plone Conference, Napoli
Duco Dokter
1
Contents
• Existential affairs;
• High Availability;
• More existentialism;
• Single Sign-On;
• Load-balancing;
• Caching... GOTO [other talks].
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 2
A not so complex setup
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 3
You wanted it more fancy?
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 4
The enterprise market
• Usually highly demanding in terms of availability;
• not necessarily because they actually need it though...;
• mission critical applications;
• complex existing infrastructure;
• lots of (web)services, legacy.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 5
What is High Availability?
The myth of the (five) nine’s (99.999)
Your system is delivering its service to the user 99.999% of the time it isneeded. (Myth: so the downtime of your actual ‘service’ is negligable...)
Does anyone know how much time that leaves for breakdowns?
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 6
About this much
uptime downtime/yr downtime/mnth downtime/wk99.99% 52.6 min 4.32 min 1.01 min99.999% 5.26 min 25.9 sec 6.05 sec
So one broken disk in your data center:
• that takes 5 minutes to replace: 1 year used;
• sadly the data center is ten minutes away by bike: three years worth;
• and you have no spare disk and need to go to the shop first: 12 years gone;
• ... but the shop needs to order that at Fujitsu...
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 7
How?
• assert risk for components, both hardware and software;
• remove ’single-point-of-failure’ spots, id;
• calculate possibility of system failure;
• avoid complexity!
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 8
HA Cluster setup
• throw in more machines;
• throw in more Zope instances (servers);
• use heartbeat;
floating IP, and other services can be transported across nodes connect overtwo interfaces: i.e. serial and ethernet
Syncing: drbd, syncpozo, zeoraid, fs solutions
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 9
New setup, as HA cluster
Do we still have a problem? Yep: no global redundancy
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 10
Why leave your slave whithering away? Adding LB andZEO.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 11
And what about caching?
Are we happy yet?
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 12
Single Sign-On
Single Sign-On is:
• authentication process where a user presents credentials once and getsauthenticated for more than one application;
• a ‘meta’ session is created.
Web SSO: the same story, but only for web applications
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 13
Why Single Sign-On?
• user experience;
• less user separate user accounts;
• focal point in security administration.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 14
How?
• One trusted source;
• a trust relationship between the source and ‘clients’;
• a trusted & clear protocol for authentication.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 15
Plone SSO
• More plone sites within same user session;
• Plone as front-end for other apps;
• other (non-Plone) web apps in same session;
• non-web apps in same session;
• Plone login based on machine login (not in scope, but think NTLM).
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 16
CAS
• SSO server built at Yale university;
• Java Servlet/JSP technology;
• (reasonably) well documented;
• source code available;
• free licence;
• open and clear protocol.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 17
Plone & CAS
Prerequisites:
• CAS4PAS;
• PlonePAS.
Optional: PloneCASLogin
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 18
Steps: Session 1
1. http request to Plone site A;
2. inlog link kiezen naar CAS server of authenticatie redirect (CAS4PAS) over HTTPS;
3. login on CAS server;
4. CAS sets cookie;
5. redirect back to callback service with ticket;
6. validation ticket to CAS server;
7. CAS server removes ticket and gives ’ok’ + netID;
8. response (with Plone cookie).
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 19
Why the validate step?
Because of redirect to service: might not be secured.
So: a token is given, and Plone uses this to actually validate. CAS generatesthis token, and receives it to give back the user id.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 20
Steps: Session 2
1. http request to Plone site B;
2. click on login link to CAS server or receive authenticatie redirect (CAS4PAS);
3. CAS service recognizes existing session (based on cookie);
4. redirect back to service with new ticket;
5. validation with ticket;
6. CAS removes ticket, and says ’ok’ + Net ID;
7. response.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 21
Architectuur
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 22
Back end
• LDAP
• SQL
... but fully pluggable.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 23
So...
• more Plone sites, 1 account;
• Plone site as front end for other sites;
• Mix of Plone and other web systems;
• Mix of Plone and non web systems.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 24
The final result
What was that again on complexity?
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 25
Issues
• Loosing sessions: sticky sessions?
• We haven’t really finished: monitoring.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 26
Ceterum censeo MicroSoftem esse delendam
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 27
Recommended
