Access Control Lists

1
Access Control Lists

• Set of extension to regular file permissions
• extended access information about a file/program
  to different users
• A Sample ACL

databasediscover readrajeev, vincent writerajee
v host accesslocal,remote option
2
Access Control Lists

• Why am I Talking about ACLs??
• Discover has different privilege levels for
  different users (view only (1), request view (2),
  issue commands (3))
• ACLs are maintained per application in a central
  database.
• The client is authenticated based upon his ACL
  and is presented with an interface which has only
  those components to which he has access to.

3
Access Control Lists

• How are ACLs implemented in Discover
• Numeric privilege levels stored in a table which
  is sorted on 2 fields (UserID and Application)

4
Distributed Servers

• Improved perfomance through
• Load Balancing
• Fault Tolerance
• incremental scalability
• cluster based servers help in load balance
• geographically distributed servers help reduce
  network congestion

5
Round Robin DNS

• Domain Name server at server responds to
  translation requests with IP numbers of different
  hosts in a round robin fashion.
• Drawbacks
• random load balancing doesnt work well for
  requests having wide variance in processing time
  (for dynamic content as in Discover).
• Intermediate name servers and clients cache
  name-to-IP mappings resulting in significant load
  imbalance.

6
HTTP Redirection

• URL redirection through HTTP code 302. New
  location given by Location Header.
• Drawbacks
• additional network traffic, increased latency,
  single point of failure, bottleneck due to
  servicing redirects, only for HTTP.

Client
Request
1
Busy, go to 2
2
Redirected Request
7
Magic Routers

• Magic Router modified router on a different
  subnet from machines implementing a service
• inspects and modifies all IP packets
• load balancing and fault transparency by mapping
  a logical IP address to multiple server machines.
• Drawbacks
• router machine can become bottleneck
• require special network topology

8
Client Side load balancing

• Approaches Smart Clients and WebSeAl
• Smart Clients Web browser downloads applets
  which perform request redirection decisions at
  client side.
• Stress here is on legacy services.

Applet Request
Service Request
Host 1
Host 2
Applet Reply
Client Interface Applet
Director Applet
Host 3
Host 4
Lazy/Eager Updates
9
WebSeAl

• Server modules and client modules which operate
  in tandem with existing web servers and web
  browsers respectively.
• The content is replicated on distributed servers.
• Client agent
• intercepts the requests generated by the local
  client.
• Has address information about the individual
  servers
• collects dynamic perfomance data
• makes redirect deisions based on this information
• frewaerds request to the selected server,
  receives the response and delivers it to the
  client.

10
Distributed Servers in Discover

• HTTP Redirect seems to be the way to go provided
  the traffic remains only HTTP.
• Different applications connect to different
  servers and each server has information about all
  the current applications.
• Request redirection is relatively simpler as it
  is done only at the beginning of a session.

11
Different Strategy for Dynamic Content ?

• All approaches for distributed servers seem to
  consider only static content ie files.
• Different treatment for dynamic content as these
  are programs or scripts running and generating
  output.
• Random Load balancing techniques might not apply
  here as sessions have to be maintained.

12
A Better (??) Approach

• Use a combination of Round Rtobin DNS with HTTP
  Redirect with profiling

Client
DNS
HTTP Redirect
Request
Workstations/Clutser