Storage task force Shibboleth-features and challenges in - - PowerPoint PPT Presentation

storage task force shibboleth features and challenges
SMART_READER_LITE
LIVE PREVIEW

Storage task force Shibboleth-features and challenges in - - PowerPoint PPT Presentation

Feb 26, 2024 370 likes •766 views

Storage task force Shibboleth-features and challenges in PowerFolder Sync & Share 11 FEB 2014 Roadmap for today Introduction Use cases / Installations The challenges of Sync & Share Federated AAI Large scale

slide-1
SLIDE 1

Storage task force

slide-2
SLIDE 2

Shibboleth-features and challenges in PowerFolder Sync & Share

11 FEB 2014

slide-3
SLIDE 3

Roadmap for today

  • Introduction
  • Use cases / Installations
  • The challenges of Sync & Share

– Federated AAI – Large scale distributed storage – Individualization

  • Le fin
slide-4
SLIDE 4

Background & Contact

  • PowerFolder, headquartered in Meerbusch next to Düsseldorf, Germany, develops and

provides Sync- and Share- Solutions since 2007 for Business, Education- and Research-

  • Organizations. The medium-size company serves thousands of customers worldwide,

who prefer to keep their data on own storage while profiting from the efficiency and comfort to access their data anywhere from any device.

  • Contact

– Christian Sprajc sprajc@powerfolder.com Founder and CEO +49 2132 97 92 292 – PowerFolder support@powerfolder.com Technical Support +49 2132 97 92 291 PowerFolder Niederlöricker Str. 62 40667 Meerbusch, +49 2132 97 92 290 https://www.powerfolder.com

slide-5
SLIDE 5

PowerFolder – Federated Sync and Share - easy to use, rock-solid

Mobile Sync & Access

Secure Collaboration with Externals

Client Backup Secure Collaboration Client Sync

slide-6
SLIDE 6
slide-7
SLIDE 7
  • Sync and Share cloud available to German universities

and research organizations

  • University of Göttingen, Max-Planck Society
  • 50 GB storage for members, 10 GB for students.

Optional upgrades available.

  • Login via LDAP, Database and RADIUS
  • Integration with Self-Service and Support Portal
slide-8
SLIDE 8
  • Largest EDU-Sync and Share cloud in Germany
  • 9 Universities plus ~65 higher educational institutions
  • Reach: 350.000 students, 100.000 employees
  • Funded by the Ministry of Science, Research and Art
  • PowerFolder scored with its years of experience, its

service and flexibility…

slide-9
SLIDE 9
  • Single Sign on user authentication via Shibboleth:
  • AAI Metadata + Discovery Service (WAYF)
  • Plus sharing with external users (no quota)
  • Integration with bwIDM and Web-Registration portal
  • 10 GB storage initially - optional upgrades available
  • Part of the bwLSDF project: 10 PB storage in total
slide-10
SLIDE 10

PowerFolder - Installed userbase

0,2 0,4 0,6 0,8 1 1,2 1,4 1,6 1,8 2011 2012 2013 2014

Million Users

Million Users

slide-11
SLIDE 11

Popular internet memes by PowerFolder developers

2 4 6 8 10 12 14 16 18 20 2010 2011 2012 2013

Memes

Memes

slide-12
SLIDE 12

Popular internet memes by PowerFolder developers

slide-13
SLIDE 13
  • 1. Federated AAI
  • 2. Large scale

distributed storage

  • 3. Individualization

Integration

The Challenges

slide-14
SLIDE 14
  • 1. Federated AAI

The Challenges

slide-15
SLIDE 15
  • 1. Federated AAI
  • How to provide single sign login to users
  • By ensuring the provider does not get:

– ANY credentials of the users – at ANY time

  • Throughout all ways of access…
slide-16
SLIDE 16

Web-Browser

WebDAV?

Mobile Apps

iOS & Android

Client

Win, Linux & Mac

  • 1. Federated AAI - throughout all ways of access
slide-17
SLIDE 17
  • 1. Federated AAI – Web Access

Todays AAI easily support web access…

slide-18
SLIDE 18
slide-19
SLIDE 19
slide-20
SLIDE 20
slide-21
SLIDE 21
  • 1. Federated AAI – Sync clients

For sync clients it can become tricky…

slide-22
SLIDE 22
  • 1. Federated AAI – Sync clients - Shibboleth
  • SAML V2.0 Enhanced Client or Proxy profile
  • IdP: Requires Shibboleth v2.5
  • SP: Requires Apache/mod_shib v2.5
  • Groundwork and examples are available
  • E.g. Libraries by ;)
  • But integration is the key…
slide-23
SLIDE 23
  • 1. Federated AAI – Sync clients – IdP selection
slide-24
SLIDE 24
  • WebDAV protocol does not work well with

Shibboleth / SAML

  • SAML redirect profile – redirects aren‘t

followed

  • SAML POST profile not supported

– Requires parsing of HTML Forms – Usually solved via JavaScript in Shibboleth – No HTTP Session Handling

  • 1. Federated AAI – WebDAV
slide-25
SLIDE 25
  • 1. Federated AAI – WebDAV
  • It’s a pain in the bum
  • Discovery problem
  • Workarounds may

compromise user’s security and experience

  • or break the standard!
slide-26
SLIDE 26
  • 1. Web – Solved
  • 2. Clients/Apps – Solved
  • 3. WebDAV - Hard

Conclusions - Federated Sync and Share with AAI

slide-27
SLIDE 27
  • 2. Large scale / distributed storage

The Challenges

slide-28
SLIDE 28
slide-29
SLIDE 29
  • 2. Large scale / distributed storage
  • Flexible – Service resources should scale up and

down according to current load

  • Highly available – e.g. upgrades should not affect

the service availability

  • Efficient – Utilize distributed storage locations

and network connections

slide-30
SLIDE 30
  • 2. Large scale – flexibility and high availability

PowerFolder Service Node 1 PowerFolder Service Node 2 PowerFolder Service Node N Storage Apache Apache Web Client Client

slide-31
SLIDE 31

PowerFolder Service

  • 2. Large scale – Peer-to-Peer brings efficiency

Client Replication node Client Client Client Replication node AA & File transfer AA & File transfer (fallback) P2P File transfer

slide-32
SLIDE 32
  • 1. Flexibility & HA – Solved
  • 2. P2P helps to keep to load and

traffic low – thus saves costs!

  • 3. Built-in replication available –
  • n storage level supported

Conclusions - Large scale / distributed storage

slide-33
SLIDE 33
  • 3. Individualization / Integration

The Challenges

slide-34
SLIDE 34
  • 3. Individualization / Integration
  • Legal agreement – User has to agree to the

terms and conditions of the service

  • Provisioning – Different user groups/roles

should get different quotas/permissions

  • Account lifecycle management
slide-35
SLIDE 35
  • 3. Individualization / Integration

PowerFolder Service Web- Registration Portal First time User Provisioning HTTP API calls Browser: Account activated!

slide-36
SLIDE 36

Conclusions - Individualization / Integration

Terms and conditions of the service, account provisioning and lifecycle management is an integral part of Sync & Share projects!

slide-37
SLIDE 37

Thank you Q&A

Le fin

slide-38
SLIDE 38
  • Contact us for free EDU On-Premise Trial.
  • Download: http://www.powerfolder.com
  • Wiki: http://wiki.powerfolder.com

Get in contact

Contact: Christian Sprajc sprajc@powerfolder.com Founder and CEO +49 2132 97 92 292 PowerFolder support@powerfolder.com Technical Support +49 2132 97 92 291 PowerFolder contact@powerfolder.com Niederlöricker Str. 62 40667 Meerbusch +49 2132 97 92 290 https://www.powerfolder.com