esi extensions for web-based collaboration

4/28/2004 Merlin Vincent 1

ESI Extensions for ESI Extensions for Web-based CollaborationWeb-based Collaboration

Merlin W. VincentMerlin W. VincentMaster’s Thesis DefenseMaster’s Thesis Defense


OutlineOutline

Characteristics of Collaboration Characteristics of Collaboration SystemsSystems

Edge-Side Includes ProtocolEdge-Side Includes Protocol ESI Extensions for CollaborationESI Extensions for Collaboration Extended Example ESIC ApplicationExtended Example ESIC Application Performance EvaluationPerformance Evaluation Security IssuesSecurity Issues


MotivationMotivation

Provide an easy-to-use framework for Provide an easy-to-use framework for developersdevelopers– collaboration becoming more popularcollaboration becoming more popular

Improve performance by offloading I/OImprove performance by offloading I/O Decrease application complexityDecrease application complexity

– gain multicast distribution servicesgain multicast distribution services– gain collaboration-specific communicationsgain collaboration-specific communications

Utilize existing content delivery network (CDN) Utilize existing content delivery network (CDN) InfrastructureInfrastructure– Extend edge cache server function and Edge Side Extend edge cache server function and Edge Side

Includes protocol for collaborationIncludes protocol for collaboration HTTP is ubiquitous and convenientHTTP is ubiquitous and convenient


General Collaboration FeaturesGeneral Collaboration Features

Dynamic InteractionDynamic Interaction Unrestricted doc Unrestricted doc

typestypes Unrestricted app Unrestricted app

typestypes Unrestricted Unrestricted

messagingmessaging

Any framework should support:Any framework should support:

AuthenticationAuthentication Access ControlsAccess Controls Awareness Awareness Transport SecurityTransport Security


Communications for Communications for CollaborationCollaboration

Collaboration application comm can Collaboration application comm can bebe– asynchronousasynchronous– synchronoussynchronous

Synchronous Real-time Synchronous Real-time CommunicationsCommunications– operation propagationoperation propagation

Replication of shared objectsReplication of shared objects– something must exist on user’s systemsomething must exist on user’s system


Approaches to Object Approaches to Object ReplicationReplication

Collaboration AwarenessCollaboration Awareness– Lower bandwidth requiredLower bandwidth required

modelmodel viewview

Collaboration Collaboration TransparencyTransparency– Higher bandwidth requiredHigher bandwidth required

widgetwidget windowwindow screenscreen


Edge Network Cache ServersEdge Network Cache Servers

Host Server

MindSpring

PSINetSprint

Gloobix

QWest

@Home

UUnet

Fewer Requests

Server

Fast Response

Clients

ClientsClients

ClientCache

Mirror Site

Mirror SiteEdgeNetworkCacheServer

CacheServer

CacheServer

CacheServer

CacheServer

ClientSideCacheServer


Edge-Side Includes ProtocolEdge-Side Includes Protocol

Used to generate dynamic web pagesUsed to generate dynamic web pages– based on HTTP and HTMLbased on HTTP and HTML

Involves only the proxy and serverInvolves only the proxy and server– transparent to clientstransparent to clients

Controlled by HTTP headersControlled by HTTP headers– proxy sends Surrogate-Capabilities headerproxy sends Surrogate-Capabilities header– server sends Surrogate-Control headerserver sends Surrogate-Control header

Implemented in markupImplemented in markup– in-message XMLin-message XML


Edge-Side Includes MarkupEdge-Side Includes Markup

<table><tr><td colspan=“2”><esi:try> <esi:attempt> <esi:include src=http://www.myxyz.com/news/top.html onerror=“continue” /> </esi:attempt> <esi:except> <!- -esi This spot is reserved for your company’s advertising. For more info <a href=www.myxyz.com> click here </a> - - > </esi:except></esi:try></td></tr></table>


ESI for Collaboration (ESIC)ESI for Collaboration (ESIC)

Collaboration frameworkCollaboration framework– sessionssessions– channelschannels– usersusers– addressable messagingaddressable messaging

Extends existing ESI standardExtends existing ESI standard– uses ESI extension processoruses ESI extension processor

Proxies act as surrogatesProxies act as surrogates– DNS returns proxy addressDNS returns proxy address


Content Delivery Network

Pro xy A

Pro xy B Pro xy C

O rig in Se rve r

C lie ntsC lie nts

HomedChannel

Peer-to-peer Channel

ESIC ArchitectureESIC Architecture


ESIC ProtocolESIC Protocol

Controlled by HTTP headersControlled by HTTP headers Control functionsControl functions

– create/update/remove sessions, &c.create/update/remove sessions, &c.– via in-message XML markup via in-message XML markup – involves only proxy and serverinvolves only proxy and server

Messaging functionsMessaging functions– multiple channel typesmultiple channel types


SessionsSessions

An on-going collaboration instanceAn on-going collaboration instance Consist of:Consist of:

– a set of usersa set of users– a set of channelsa set of channels

Attributes:Attributes:– session IDsession ID– base path, e.g.,base path, e.g.,

http://www.collabr8.com/basePath


UsersUsers

CollaboratorsCollaborators Attributes:Attributes:

– client IDclient ID– channels that may be usedchannels that may be used– user rolesuser roles

define channel access rights (rw, ro, wo)define channel access rights (rw, ro, wo) role names defined by the applicationrole names defined by the application


ChannelsChannels

A bi-directional communications A bi-directional communications linklink

Accessed via URLAccessed via URL Attributes:Attributes:

– access types for user rolesaccess types for user roles– activity timeoutactivity timeout– channel typechannel type

– URL is relative to session base path, e.g.,URL is relative to session base path, e.g., http://www.collabr8.com/basePath/channelPath


ESIC Channel TypesESIC Channel Types

BasicBasic– bi-directional linkbi-directional link– peer-to-peer, one-to-manypeer-to-peer, one-to-many

HomedHomed– all requests forwarded to serverall requests forwarded to server

MonitoredMonitored– copy of all requests sent to monitorcopy of all requests sent to monitor

OrderedOrdered– all requests sent through single proxyall requests sent through single proxy


Extended Example: drawboardExtended Example: drawboard

Modified open source applet & Modified open source applet & serverserver– converted applet to applicationconverted applet to application

issue: couldn’t simulate DNS lookupissue: couldn’t simulate DNS lookup– added use of HTTP messages (non-ESIC added use of HTTP messages (non-ESIC

version)version)– added use of ESIC frameworkadded use of ESIC framework


Initial Client LoginInitial Client Login

DNS => proxy IP addressDNS => proxy IP address Client logs in to applicationClient logs in to application

– proxy passes messages not proxy passes messages not bound for channel URLbound for channel URL

Server response contains Server response contains markup creating the markup creating the sessionsession

Proxy A broadcasts info on Proxy A broadcasts info on new sessionnew session

Server informs client of Server informs client of collaboration channel URLscollaboration channel URLs


Initial Client Login RequestInitial Client Login Request

Drawboard login consists of GET requestDrawboard login consists of GET request– the /drawServer URL is not a collaboration channelthe /drawServer URL is not a collaboration channel

Msg 4: Proxy adds Surrogate-Capabilities Msg 4: Proxy adds Surrogate-Capabilities headerheader G ET /d ra wSe rve r HTTP/1.1

Use r-Ag e nt: Dra wb o a rd C lie nt/1.0 Ac c e p t: te xt/xm l,a p p lic a tio n/x.Http Dra wb o a rd ,a p p lic a tio n/xm l... Ac c e p t-La ng ua g e : e n-us,e n;q = 0.5 Ac c e p t-Enc o d ing : Ac c e p t-C ha rse t: ISO -8859-1,utf-8;q = 0.7,* ;q = 0.7 Pro xy-C o nne c tio n: ke e p -a live Ho st: b la nc a .uc c s.e d u:8064 Via : 1.1 sa nluis Surro g a te -C a p a b ility: sa nluis= "ESI/1.0 ESIC /0.1"


Initial Client Login ResponseInitial Client Login Response

Server accepts login, assigns session & client Server accepts login, assigns session & client IDID

Msg 5: Initial server response creates sessionMsg 5: Initial server response creates session HTTP/1.1 200 O K Surro g a te -C o ntro l: c o nte nt= "ESIC /0.1" Se t-C o o kie : e sic C lie nt= "c lie nt1" Se t-C o o kie : e sic Se ssio n= "d ra w1234" C o nte nt-Typ e : a p p lic a tio n/x.d ra wb o a rd .C o nxSta rte r C o nte nt-Le ng th: 232

[ ...ESIC XM L m a rkup ...] [ ...se ria lize d C o nxSta rte r o b je c t... ]


Proxy Control: XML MarkupProxy Control: XML Markup

ESIC Proxy controlled by in-message XMLESIC Proxy controlled by in-message XML General structure of markup:General structure of markup:

<esicSession id="abc123"> <sessionControl> session control elements </sessionControl> <channelTraffic> channel addressing elements </channelTraffic></esicSession>


< e sic Se ssio n id = "d ra w1234"> < se ssio nC o ntro l a c tio n= "c re a te "> < b a se Pa th> /d ra wSe rve r < /b a se Pa th> < c lie ntList> < c lie nt a c tio n= "c re a te "> < id > c lie nt1 < /id > < a c c e ssList> < c ha nne lAc c e ss p a th= "/d ra wb o a rd " ro le = "p a rtic ip a nt"/> < /a c c e ssList> < /c lie nt> < /c lie ntList> < c ha nne lList> < c ha nne l a c tio n= "c re a te "> < p a th> /d ra wb o a rd < /p a th> < typ e > ho m e d < /typ e > < a c c e ssC o ntro l> < a c c e ss ro le = "p a rtic ip a nt"> re a d write < /a c c e ss> < /a c c e ssC o ntro l> < /c ha nne l> < /c ha nne lList> < /se ssio nC o ntro l> < /e sic Se ssio n>

Server XML creating the session


Initial Client Channel ConnectionInitial Client Channel Connection

Client must connect to Client must connect to collaboration channelcollaboration channel

Msg 8 includes ID headersMsg 8 includes ID headers

Msgs 10, 11 are Msgs 10, 11 are application specificapplication specific– PingerPinger– Archive (latecomer support)Archive (latecomer support)

G ET /d ra wSe rve r/d ra wb o a rd HTTP/1.1 C o o kie : e sic Se ssio n= ”d ra w1234” C o o kie : e sic C lie nt= ”c lie nt1” [ ...o the r he a d e rs... ]


Additional Client LoginsAdditional Client Logins

New clients may login New clients may login via another proxyvia another proxy

Client login Client login messaging is messaging is identicalidentical– server assigns client server assigns client

ID and roleID and role– response XML adds response XML adds

client to sessionclient to session Proxy B broadcasts Proxy B broadcasts

update to sessionupdate to session


Server response with XML updating the session

HTTP/1.1 200 O K Surro g a te -C o ntro l: c o nte nt= "ESIC /0.1" Se t-C o o kie : e sic C lie nt= "c lie nt2" Se t-C o o kie : e sic Se ssio n= "d ra w1234" C o nte nt-Typ e : a p p lic a tio n/x.d ra wb o a rd .C o nxSta rte r C o nte nt-Le ng th: 232

< e sic Se ssio n id = "d ra w1234"> < se ssio nC o ntro l a c tio n= "up d a te "> < c lie ntList> < c lie nt a c tio n= "c re a te "> < id > c lie nt2 < /id > < a c c e ssList> < c ha nne lAc c e ss p a th= "/d ra wb o a rd " ro le = "p a rtic ip a nt"/> < /a c c e ssList> < /c lie nt> < /c lie ntList> < /se ssio nC o ntro l> < /e sic Se ssio n> [ ...se ria lize d C o nxSta rte r o b je c t... ]


Using a ChannelUsing a Channel

Client receives assigned IDsClient receives assigned IDs– Set-Cookie headers in initial responseSet-Cookie headers in initial response

esicSession=“abc123”, esicClient=“def456”esicSession=“abc123”, esicClient=“def456”

Client receives channel URLsClient receives channel URLs– mechanism is application-specific mechanism is application-specific

(ConxStarter)(ConxStarter) Client connects to channelsClient connects to channels Client may now send data to the channelClient may now send data to the channel

– via GET/POST/PUT requestsvia GET/POST/PUT requests Sender must provide address informationSender must provide address information


Channel AddressingChannel Addressing

Sender provides an addressSender provides an address– recipient’s client ID, or ‘*’ for broadcastrecipient’s client ID, or ‘*’ for broadcast– homed channel: server is impliedhomed channel: server is implied– monitored channel: monitor is implied in monitored channel: monitor is implied in

additionaddition– mechanism differs for client & servermechanism differs for client & server

Client addresses in method or Client addresses in method or headerheader

Cookie: esicToList=”def456,ghi789”

- or -

http://a.b.com/base/ch1?esicToList=def456,ghi789


Server Channel AddressingServer Channel Addressing

Server addresses are in message Server addresses are in message XMLXML– message body contains address listmessage body contains address list < e sic Se ssio n id = "d ra w1234">

< c ha nne lTra ffic > < p a th> /d ra wb o a rd < /p a th> < to List> < c lie nt id = "* "/> < /to List> < /c ha nne lTra ffic > < /se ssio nC o ntro l> < /e sic Se ssio n>


Proxy ActionsProxy Actions

Upon receiving a request to a channel:Upon receiving a request to a channel:– ESIC proxy intercepts the messageESIC proxy intercepts the message

recognizes client requests to channel URLsrecognizes client requests to channel URLs server responses will contain control headerserver responses will contain control header

– Routes messages appropriatelyRoutes messages appropriately verifies client role allows write accessverifies client role allows write access extracts address listextracts address list channel type consideredchannel type considered forward to other proxies if necessaryforward to other proxies if necessary

– proxies comprise multicast groupproxies comprise multicast group– routing table maps client to proxy connectionrouting table maps client to proxy connection


Sending Collaboration DataSending Collaboration Data

10. Client2 issues POST request10. Client2 issues POST request

11. Homed channel goes to server11. Homed channel goes to server

with Surrogate-Capability with Surrogate-Capability headerheader

12. Response with ‘*’ address in 12. Response with ‘*’ address in XML XML

and Surrogate-Control headerand Surrogate-Control header

13. Forwarded to client1 proxy13. Forwarded to client1 proxy

14,15. Delivery to addressees14,15. Delivery to addressees

Pro xy B Pro xy A

O rig in Se rve r

C lie nt2 C lie nt1

1112

141510

13


PO ST /d ra wSe rve r/d ra wb o a rd HTTP/1.1 C o o kie : e sic C lie nt= "c lie nt2" C o o kie : e sic Se ssio n= "d ra w1234" Use r-Ag e nt: Dra wb o a rd C lie nt/1.0) Ac c e p t: te xt/xm l,a p p lic a tio n/x.Http Dra wb o a rd ,a p p lic a tio n/xm l... Ac c e p t-La ng ua g e : e n-us,e n;q = 0.5 Ac c e p t-Enc o d ing : Ac c e p t-C ha rse t: ISO -8859-1,utf-8;q = 0.7,* ;q = 0.7 Pro xy-C o nne c tio n: ke e p -a live C o nte nt-Le ng th: 1160 Ho st: b la nc a .uc c s.e d u:8064 Via : 1.1 sa nluis Surro g a te -C a p a b ility: sa nluis= "ESI/1.0 ESIC /0.1"

[ ...se ria lize d Fre e ha nd o b je c t... ]

C o nte nt-Typ e : a p p lic a tio n/x.d ra wb o a rd .Fre e ha nd

POST request from client2


Server Broadcasts Data to Server Broadcasts Data to UsersUsers

HTTP/1.1 200 O K Surro g a te -C o ntro l: c o nte nt= "ESIC /0.1" C o nte nt-Typ e : a p p lic a tio n/x.d ra wb o a rd .Fre e ha nd C o nte nt-Le ng th: 1160

< e sic Se ssio n id = "d ra w1234"> < c ha nne lTra ffic > < p a th> /d ra wb o a rd < /p a th> < to List> < c lie nt id = "* "/> < /to List> < /c ha nne lTra ffic > < /se ssio nC o ntro l> < /e sic Se ssio n> [ ...se ria lize d Fre e Ha nd o b je c t... ]


Performance EvaluationPerformance Evaluation

Test configurationTest configuration– drawboard server on blancadrawboard server on blanca– two ESIC proxies, sanluis & crestonetwo ESIC proxies, sanluis & crestone– multiple drawboard instancesmultiple drawboard instances

running on Windows workstationsrunning on Windows workstations evenly distributed between the proxiesevenly distributed between the proxies repeat the last generated drawing object repeat the last generated drawing object

at rate of 1 msg/secat rate of 1 msg/sec


Non-ESIC Test RigNon-ESIC Test Rig

blanca: blanca: dual 933MHz dual 933MHz PIII, 1.5GB RAM, Redhat PIII, 1.5GB RAM, Redhat 9, Java 1.4.19, Java 1.4.1

Windows PCs: Windows PCs: one one 933MHz PIII, 512MB 933MHz PIII, 512MB RAM, Java 1.4.1RAM, Java 1.4.1

n clients => nn clients => n22+n +n msg/secmsg/sec– 1640 msg/sec maximum1640 msg/sec maximum

Bla nc a

O d d -num b e re d c lie nts

Fro m 2 to 40 c lie nts

Eve n-num b e re d c lie nts


ESIC Test RigESIC Test Rig

Crestone: Crestone: same as same as BlancaBlanca

Sanluis: Sanluis: same same except has dual except has dual 1.64GHz PIII1.64GHz PIII

n clients => 2n msg/secn clients => 2n msg/sec– 80 msg/sec maximum80 msg/sec maximum

JDOM XML adds a lot of JDOM XML adds a lot of overheadoverhead– turnaround time: turnaround time: 4.415

mSec to 11.578 mSec

Sa nluis C re sto ne

Bla nc a

O d d -num b e re d c lie nts

Fro m 2 to 40 c lie nts

Eve n-num b e re d c lie nts


2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40

10

20

30

40

50

60

70

80

90

100

0

Per

cent

age

CP

U U

tili

zati

on

Number of Clients (each sending 1 msg/sec)

Non-ESIC Results

ESIC Results

CPU UtilizationCPU Utilization


2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40

20

40

60

80

100

120

140

160

180

200

220

240

260

0

Mes

sage

Lat

ency

(m

Sec

)

Number of Clients

Non-ESIC Latency

ESIC Latency

Message LatencyMessage Latency


ESIC SecurityESIC Security

Complex issueComplex issue– proxy must have access to msg proxy must have access to msg

contentscontents– server response messagesserver response messages

ESI is still allowedESI is still allowed markup may be anywhere within the markup may be anywhere within the

messagemessage markup controls the proxymarkup controls the proxy

– client request messagesclient request messages addresses are in the HTTP headersaddresses are in the HTTP headers


ESIC Security, cont.ESIC Security, cont.

Proxy is a surrogate for the serverProxy is a surrogate for the server– tightly integratedtightly integrated– server is client of Content Delivery Networkserver is client of Content Delivery Network

Proxy/Server ConnectionProxy/Server Connection– SSL, with client authenticationSSL, with client authentication

Client/Proxy ConnectionClient/Proxy Connection– SSL, proxy uses subscriber’s certificateSSL, proxy uses subscriber’s certificate– similar approach used for virtual hostingsimilar approach used for virtual hosting


Future WorkFuture Work

Improve efficiencyImprove efficiency– connection pooling to origin serverconnection pooling to origin server– extend multicast group to clientsextend multicast group to clients

Experiment with virtual clustersExperiment with virtual clusters– avoid the Java applet security issueavoid the Java applet security issue

Address caching issuesAddress caching issues– optional channel attributeoptional channel attribute


ConclusionConclusion

Presented a design based on Presented a design based on analysis of collaboration analysis of collaboration requirementsrequirements

Implemented a prototype to Implemented a prototype to demonstrate usabilitydemonstrate usability

Evaluated performanceEvaluated performance

esi extensions for web-based collaboration

Documents

http headersproxy

monitororderedall requests

manyhomedall requests

channel access rights

session base path

message xml markup

session idbase path

easytouse framework