This technical presentation will cover many aspects of what one might encounter when a plone site is to be deployed in a highly demanding environment. And for what it's worth, these are not only theoretical examples, but they have also been proven to work in real life. The following items will be presented: * High Availability architecture * Clustering with ZEO * Synchronizing Data.fs * Load Balancing * Sticky Sessions * Caching * Single Sign-On
Duco Dokter - Plone for the enterprise market: technical musing on caching, Clustering and Single Sign-On
1. Enterprise Plone:
(Rather) Complex Infrastructures
October 11, 2007, Plone Conference, Napoli
Duco Dokter
dokter@goldmund-wyldebeast-wunderliebe.com
1
2. Contents
• Existential affairs;
• High Availability;
• More existentialism;
• Single Sign-On;
• Load-balancing;
• Caching... GOTO [other talks].
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 2
3. A not so complex setup
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 3
4. You wanted it more fancy?
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 4
5. The enterprise market
• Usually highly demanding in terms of availability;
• not necessarily because they actually need it though...;
• mission critical applications;
• complex existing infrastructure;
• lots of (web)services, legacy.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 5
6. What is High Availability?
The myth of the (five) nine’s (99.999)
Your system is delivering its service to the user 99.999% of the time it is
needed. (Myth: so the downtime of your actual ‘service’ is negligable...)
Does anyone know how much time that leaves for breakdowns?
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 6
7. About this much
uptime downtime/yr downtime/mnth downtime/wk
99.99% 52.6 min 4.32 min 1.01 min
99.999% 5.26 min 25.9 sec 6.05 sec
So one broken disk in your data center:
• that takes 5 minutes to replace: 1 year used;
• sadly the data center is ten minutes away by bike: three years worth;
• and you have no spare disk and need to go to the shop first: 12 years gone;
• ... but the shop needs to order that at Fujitsu...
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 7
8. How?
• assert risk for components, both hardware and software;
• remove ’single-point-of-failure’ spots, id;
• calculate possibility of system failure;
• avoid complexity!
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 8
9. HA Cluster setup
• throw in more machines;
• throw in more Zope instances (servers);
• use heartbeat;
floating IP, and other services can be transported across nodes connect over
two interfaces: i.e. serial and ethernet
Syncing: drbd, syncpozo, zeoraid, fs solutions
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 9
10. New setup, as HA cluster
Do we still have a problem? Yep: no global redundancy
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 10
11. Why leave your slave whithering away? Adding LB and
ZEO.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 11
12. And what about caching?
Are we happy yet?
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 12
13. Single Sign-On
Single Sign-On is:
• authentication process where a user presents credentials once and gets
authenticated for more than one application;
• a ‘meta’ session is created.
Web SSO: the same story, but only for web applications
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 13
14. Why Single Sign-On?
• user experience;
• less user separate user accounts;
• focal point in security administration.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 14
15. How?
• One trusted source;
• a trust relationship between the source and ‘clients’;
• a trusted & clear protocol for authentication.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 15
16. Plone SSO
• More plone sites within same user session;
• Plone as front-end for other apps;
• other (non-Plone) web apps in same session;
• non-web apps in same session;
• Plone login based on machine login (not in scope, but think NTLM).
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 16
17. CAS
• SSO server built at Yale university;
• Java Servlet/JSP technology;
• (reasonably) well documented;
• source code available;
• free licence;
• open and clear protocol.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 17
19. Steps: Session 1
1. http request to Plone site A;
2. inlog link kiezen naar CAS server of authenticatie redirect (CAS4PAS) over HTTPS;
3. login on CAS server;
4. CAS sets cookie;
5. redirect back to callback service with ticket;
6. validation ticket to CAS server;
7. CAS server removes ticket and gives ’ok’ + netID;
8. response (with Plone cookie).
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 19
20. Why the validate step?
Because of redirect to service: might not be secured.
So: a token is given, and Plone uses this to actually validate. CAS generates
this token, and receives it to give back the user id.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 20
21. Steps: Session 2
1. http request to Plone site B;
2. click on login link to CAS server or receive authenticatie redirect (CAS4PAS);
3. CAS service recognizes existing session (based on cookie);
4. redirect back to service with new ticket;
5. validation with ticket;
6. CAS removes ticket, and says ’ok’ + Net ID;
7. response.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 21
23. Back end
• LDAP
• SQL
... but fully pluggable.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 23
24. So...
• more Plone sites, 1 account;
• Plone site as front end for other sites;
• Mix of Plone and other web systems;
• Mix of Plone and non web systems.
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 24
25. The final result
What was that again on complexity?
Duco Dokter, Goldmund, Wyldebeast & Wunderliebe, 11 october 2007 25