esi extensions for web-based collaboration
DESCRIPTION
ESI Extensions for Web-based Collaboration. Merlin W. Vincent Master’s Thesis Defense. Outline. Characteristics of Collaboration Systems Edge-Side Includes Protocol ESI Extensions for Collaboration Extended Example ESIC Application Performance Evaluation Security Issues. Motivation. - PowerPoint PPT PresentationTRANSCRIPT
4/28/2004 Merlin Vincent 1
ESI Extensions for ESI Extensions for Web-based CollaborationWeb-based Collaboration
Merlin W. VincentMerlin W. VincentMaster’s Thesis DefenseMaster’s Thesis Defense
4/28/2004 Merlin Vincent 2
OutlineOutline
Characteristics of Collaboration Characteristics of Collaboration SystemsSystems
Edge-Side Includes ProtocolEdge-Side Includes Protocol ESI Extensions for CollaborationESI Extensions for Collaboration Extended Example ESIC ApplicationExtended Example ESIC Application Performance EvaluationPerformance Evaluation Security IssuesSecurity Issues
4/28/2004 Merlin Vincent 3
MotivationMotivation
Provide an easy-to-use framework for Provide an easy-to-use framework for developersdevelopers– collaboration becoming more popularcollaboration becoming more popular
Improve performance by offloading I/OImprove performance by offloading I/O Decrease application complexityDecrease application complexity
– gain multicast distribution servicesgain multicast distribution services– gain collaboration-specific communicationsgain collaboration-specific communications
Utilize existing content delivery network (CDN) Utilize existing content delivery network (CDN) InfrastructureInfrastructure– Extend edge cache server function and Edge Side Extend edge cache server function and Edge Side
Includes protocol for collaborationIncludes protocol for collaboration HTTP is ubiquitous and convenientHTTP is ubiquitous and convenient
4/28/2004 Merlin Vincent 4
General Collaboration FeaturesGeneral Collaboration Features
Dynamic InteractionDynamic Interaction Unrestricted doc Unrestricted doc
typestypes Unrestricted app Unrestricted app
typestypes Unrestricted Unrestricted
messagingmessaging
Any framework should support:Any framework should support:
AuthenticationAuthentication Access ControlsAccess Controls Awareness Awareness Transport SecurityTransport Security
4/28/2004 Merlin Vincent 5
Communications for Communications for CollaborationCollaboration
Collaboration application comm can Collaboration application comm can bebe– asynchronousasynchronous– synchronoussynchronous
Synchronous Real-time Synchronous Real-time CommunicationsCommunications– operation propagationoperation propagation
Replication of shared objectsReplication of shared objects– something must exist on user’s systemsomething must exist on user’s system
4/28/2004 Merlin Vincent 6
Approaches to Object Approaches to Object ReplicationReplication
Collaboration AwarenessCollaboration Awareness– Lower bandwidth requiredLower bandwidth required
modelmodel viewview
Collaboration Collaboration TransparencyTransparency– Higher bandwidth requiredHigher bandwidth required
widgetwidget windowwindow screenscreen
4/28/2004 Merlin Vincent 7
Edge Network Cache ServersEdge Network Cache Servers
Host Server
MindSpring
PSINetSprint
Gloobix
QWest
@Home
UUnet
Fewer Requests
Server
Fast Response
Clients
ClientsClients
ClientCache
Mirror Site
Mirror SiteEdgeNetworkCacheServer
CacheServer
CacheServer
CacheServer
CacheServer
ClientSideCacheServer
4/28/2004 Merlin Vincent 8
Edge-Side Includes ProtocolEdge-Side Includes Protocol
Used to generate dynamic web pagesUsed to generate dynamic web pages– based on HTTP and HTMLbased on HTTP and HTML
Involves only the proxy and serverInvolves only the proxy and server– transparent to clientstransparent to clients
Controlled by HTTP headersControlled by HTTP headers– proxy sends Surrogate-Capabilities headerproxy sends Surrogate-Capabilities header– server sends Surrogate-Control headerserver sends Surrogate-Control header
Implemented in markupImplemented in markup– in-message XMLin-message XML
4/28/2004 Merlin Vincent 9
Edge-Side Includes MarkupEdge-Side Includes Markup
<table><tr><td colspan=“2”><esi:try> <esi:attempt> <esi:include src=http://www.myxyz.com/news/top.html onerror=“continue” /> </esi:attempt> <esi:except> <!- -esi This spot is reserved for your company’s advertising. For more info <a href=www.myxyz.com> click here </a> - - > </esi:except></esi:try></td></tr></table>
4/28/2004 Merlin Vincent 10
ESI for Collaboration (ESIC)ESI for Collaboration (ESIC)
Collaboration frameworkCollaboration framework– sessionssessions– channelschannels– usersusers– addressable messagingaddressable messaging
Extends existing ESI standardExtends existing ESI standard– uses ESI extension processoruses ESI extension processor
Proxies act as surrogatesProxies act as surrogates– DNS returns proxy addressDNS returns proxy address
4/28/2004 Merlin Vincent 11
Content Delivery Network
Pro xy A
Pro xy B Pro xy C
O rig in Se rve r
C lie ntsC lie nts
HomedChannel
Peer-to-peer Channel
ESIC ArchitectureESIC Architecture
4/28/2004 Merlin Vincent 12
ESIC ProtocolESIC Protocol
Controlled by HTTP headersControlled by HTTP headers Control functionsControl functions
– create/update/remove sessions, &c.create/update/remove sessions, &c.– via in-message XML markup via in-message XML markup – involves only proxy and serverinvolves only proxy and server
Messaging functionsMessaging functions– multiple channel typesmultiple channel types
4/28/2004 Merlin Vincent 13
SessionsSessions
An on-going collaboration instanceAn on-going collaboration instance Consist of:Consist of:
– a set of usersa set of users– a set of channelsa set of channels
Attributes:Attributes:– session IDsession ID– base path, e.g.,base path, e.g.,
http://www.collabr8.com/basePath
4/28/2004 Merlin Vincent 14
UsersUsers
CollaboratorsCollaborators Attributes:Attributes:
– client IDclient ID– channels that may be usedchannels that may be used– user rolesuser roles
define channel access rights (rw, ro, wo)define channel access rights (rw, ro, wo) role names defined by the applicationrole names defined by the application
4/28/2004 Merlin Vincent 15
ChannelsChannels
A bi-directional communications A bi-directional communications linklink
Accessed via URLAccessed via URL Attributes:Attributes:
– access types for user rolesaccess types for user roles– activity timeoutactivity timeout– channel typechannel type
– URL is relative to session base path, e.g.,URL is relative to session base path, e.g., http://www.collabr8.com/basePath/channelPath
4/28/2004 Merlin Vincent 16
ESIC Channel TypesESIC Channel Types
BasicBasic– bi-directional linkbi-directional link– peer-to-peer, one-to-manypeer-to-peer, one-to-many
HomedHomed– all requests forwarded to serverall requests forwarded to server
MonitoredMonitored– copy of all requests sent to monitorcopy of all requests sent to monitor
OrderedOrdered– all requests sent through single proxyall requests sent through single proxy
4/28/2004 Merlin Vincent 17
Extended Example: drawboardExtended Example: drawboard
Modified open source applet & Modified open source applet & serverserver– converted applet to applicationconverted applet to application
issue: couldn’t simulate DNS lookupissue: couldn’t simulate DNS lookup– added use of HTTP messages (non-ESIC added use of HTTP messages (non-ESIC
version)version)– added use of ESIC frameworkadded use of ESIC framework
4/28/2004 Merlin Vincent 18
Initial Client LoginInitial Client Login
DNS => proxy IP addressDNS => proxy IP address Client logs in to applicationClient logs in to application
– proxy passes messages not proxy passes messages not bound for channel URLbound for channel URL
Server response contains Server response contains markup creating the markup creating the sessionsession
Proxy A broadcasts info on Proxy A broadcasts info on new sessionnew session
Server informs client of Server informs client of collaboration channel URLscollaboration channel URLs
4/28/2004 Merlin Vincent 19
Initial Client Login RequestInitial Client Login Request
Drawboard login consists of GET requestDrawboard login consists of GET request– the /drawServer URL is not a collaboration channelthe /drawServer URL is not a collaboration channel
Msg 4: Proxy adds Surrogate-Capabilities Msg 4: Proxy adds Surrogate-Capabilities headerheader G ET /d ra wSe rve r HTTP/1.1
Use r-Ag e nt: Dra wb o a rd C lie nt/1.0 Ac c e p t: te xt/xm l,a p p lic a tio n/x.Http Dra wb o a rd ,a p p lic a tio n/xm l... Ac c e p t-La ng ua g e : e n-us,e n;q = 0.5 Ac c e p t-Enc o d ing : Ac c e p t-C ha rse t: ISO -8859-1,utf-8;q = 0.7,* ;q = 0.7 Pro xy-C o nne c tio n: ke e p -a live Ho st: b la nc a .uc c s.e d u:8064 Via : 1.1 sa nluis Surro g a te -C a p a b ility: sa nluis= "ESI/1.0 ESIC /0.1"
4/28/2004 Merlin Vincent 20
Initial Client Login ResponseInitial Client Login Response
Server accepts login, assigns session & client Server accepts login, assigns session & client IDID
Msg 5: Initial server response creates sessionMsg 5: Initial server response creates session HTTP/1.1 200 O K Surro g a te -C o ntro l: c o nte nt= "ESIC /0.1" Se t-C o o kie : e sic C lie nt= "c lie nt1" Se t-C o o kie : e sic Se ssio n= "d ra w1234" C o nte nt-Typ e : a p p lic a tio n/x.d ra wb o a rd .C o nxSta rte r C o nte nt-Le ng th: 232
[ ...ESIC XM L m a rkup ...] [ ...se ria lize d C o nxSta rte r o b je c t... ]
4/28/2004 Merlin Vincent 21
Proxy Control: XML MarkupProxy Control: XML Markup
ESIC Proxy controlled by in-message XMLESIC Proxy controlled by in-message XML General structure of markup:General structure of markup:
<esicSession id="abc123"> <sessionControl> session control elements </sessionControl> <channelTraffic> channel addressing elements </channelTraffic></esicSession>
4/28/2004 Merlin Vincent 22
< e sic Se ssio n id = "d ra w1234"> < se ssio nC o ntro l a c tio n= "c re a te "> < b a se Pa th> /d ra wSe rve r < /b a se Pa th> < c lie ntList> < c lie nt a c tio n= "c re a te "> < id > c lie nt1 < /id > < a c c e ssList> < c ha nne lAc c e ss p a th= "/d ra wb o a rd " ro le = "p a rtic ip a nt"/> < /a c c e ssList> < /c lie nt> < /c lie ntList> < c ha nne lList> < c ha nne l a c tio n= "c re a te "> < p a th> /d ra wb o a rd < /p a th> < typ e > ho m e d < /typ e > < a c c e ssC o ntro l> < a c c e ss ro le = "p a rtic ip a nt"> re a d write < /a c c e ss> < /a c c e ssC o ntro l> < /c ha nne l> < /c ha nne lList> < /se ssio nC o ntro l> < /e sic Se ssio n>
Server XML creating the session
4/28/2004 Merlin Vincent 23
Initial Client Channel ConnectionInitial Client Channel Connection
Client must connect to Client must connect to collaboration channelcollaboration channel
Msg 8 includes ID headersMsg 8 includes ID headers
Msgs 10, 11 are Msgs 10, 11 are application specificapplication specific– PingerPinger– Archive (latecomer support)Archive (latecomer support)
G ET /d ra wSe rve r/d ra wb o a rd HTTP/1.1 C o o kie : e sic Se ssio n= ”d ra w1234” C o o kie : e sic C lie nt= ”c lie nt1” [ ...o the r he a d e rs... ]
4/28/2004 Merlin Vincent 24
Additional Client LoginsAdditional Client Logins
New clients may login New clients may login via another proxyvia another proxy
Client login Client login messaging is messaging is identicalidentical– server assigns client server assigns client
ID and roleID and role– response XML adds response XML adds
client to sessionclient to session Proxy B broadcasts Proxy B broadcasts
update to sessionupdate to session
4/28/2004 Merlin Vincent 25
Server response with XML updating the session
HTTP/1.1 200 O K Surro g a te -C o ntro l: c o nte nt= "ESIC /0.1" Se t-C o o kie : e sic C lie nt= "c lie nt2" Se t-C o o kie : e sic Se ssio n= "d ra w1234" C o nte nt-Typ e : a p p lic a tio n/x.d ra wb o a rd .C o nxSta rte r C o nte nt-Le ng th: 232
< e sic Se ssio n id = "d ra w1234"> < se ssio nC o ntro l a c tio n= "up d a te "> < c lie ntList> < c lie nt a c tio n= "c re a te "> < id > c lie nt2 < /id > < a c c e ssList> < c ha nne lAc c e ss p a th= "/d ra wb o a rd " ro le = "p a rtic ip a nt"/> < /a c c e ssList> < /c lie nt> < /c lie ntList> < /se ssio nC o ntro l> < /e sic Se ssio n> [ ...se ria lize d C o nxSta rte r o b je c t... ]
4/28/2004 Merlin Vincent 26
Using a ChannelUsing a Channel
Client receives assigned IDsClient receives assigned IDs– Set-Cookie headers in initial responseSet-Cookie headers in initial response
esicSession=“abc123”, esicClient=“def456”esicSession=“abc123”, esicClient=“def456”
Client receives channel URLsClient receives channel URLs– mechanism is application-specific mechanism is application-specific
(ConxStarter)(ConxStarter) Client connects to channelsClient connects to channels Client may now send data to the channelClient may now send data to the channel
– via GET/POST/PUT requestsvia GET/POST/PUT requests Sender must provide address informationSender must provide address information
4/28/2004 Merlin Vincent 27
Channel AddressingChannel Addressing
Sender provides an addressSender provides an address– recipient’s client ID, or ‘*’ for broadcastrecipient’s client ID, or ‘*’ for broadcast– homed channel: server is impliedhomed channel: server is implied– monitored channel: monitor is implied in monitored channel: monitor is implied in
additionaddition– mechanism differs for client & servermechanism differs for client & server
Client addresses in method or Client addresses in method or headerheader
Cookie: esicToList=”def456,ghi789”
- or -
http://a.b.com/base/ch1?esicToList=def456,ghi789
4/28/2004 Merlin Vincent 28
Server Channel AddressingServer Channel Addressing
Server addresses are in message Server addresses are in message XMLXML– message body contains address listmessage body contains address list < e sic Se ssio n id = "d ra w1234">
< c ha nne lTra ffic > < p a th> /d ra wb o a rd < /p a th> < to List> < c lie nt id = "* "/> < /to List> < /c ha nne lTra ffic > < /se ssio nC o ntro l> < /e sic Se ssio n>
4/28/2004 Merlin Vincent 29
Proxy ActionsProxy Actions
Upon receiving a request to a channel:Upon receiving a request to a channel:– ESIC proxy intercepts the messageESIC proxy intercepts the message
recognizes client requests to channel URLsrecognizes client requests to channel URLs server responses will contain control headerserver responses will contain control header
– Routes messages appropriatelyRoutes messages appropriately verifies client role allows write accessverifies client role allows write access extracts address listextracts address list channel type consideredchannel type considered forward to other proxies if necessaryforward to other proxies if necessary
– proxies comprise multicast groupproxies comprise multicast group– routing table maps client to proxy connectionrouting table maps client to proxy connection
4/28/2004 Merlin Vincent 30
Sending Collaboration DataSending Collaboration Data
10. Client2 issues POST request10. Client2 issues POST request
11. Homed channel goes to server11. Homed channel goes to server
with Surrogate-Capability with Surrogate-Capability headerheader
12. Response with ‘*’ address in 12. Response with ‘*’ address in XML XML
and Surrogate-Control headerand Surrogate-Control header
13. Forwarded to client1 proxy13. Forwarded to client1 proxy
14,15. Delivery to addressees14,15. Delivery to addressees
Pro xy B Pro xy A
O rig in Se rve r
C lie nt2 C lie nt1
1112
141510
13
4/28/2004 Merlin Vincent 31
PO ST /d ra wSe rve r/d ra wb o a rd HTTP/1.1 C o o kie : e sic C lie nt= "c lie nt2" C o o kie : e sic Se ssio n= "d ra w1234" Use r-Ag e nt: Dra wb o a rd C lie nt/1.0) Ac c e p t: te xt/xm l,a p p lic a tio n/x.Http Dra wb o a rd ,a p p lic a tio n/xm l... Ac c e p t-La ng ua g e : e n-us,e n;q = 0.5 Ac c e p t-Enc o d ing : Ac c e p t-C ha rse t: ISO -8859-1,utf-8;q = 0.7,* ;q = 0.7 Pro xy-C o nne c tio n: ke e p -a live C o nte nt-Le ng th: 1160 Ho st: b la nc a .uc c s.e d u:8064 Via : 1.1 sa nluis Surro g a te -C a p a b ility: sa nluis= "ESI/1.0 ESIC /0.1"
[ ...se ria lize d Fre e ha nd o b je c t... ]
C o nte nt-Typ e : a p p lic a tio n/x.d ra wb o a rd .Fre e ha nd
POST request from client2
4/28/2004 Merlin Vincent 32
Server Broadcasts Data to Server Broadcasts Data to UsersUsers
HTTP/1.1 200 O K Surro g a te -C o ntro l: c o nte nt= "ESIC /0.1" C o nte nt-Typ e : a p p lic a tio n/x.d ra wb o a rd .Fre e ha nd C o nte nt-Le ng th: 1160
< e sic Se ssio n id = "d ra w1234"> < c ha nne lTra ffic > < p a th> /d ra wb o a rd < /p a th> < to List> < c lie nt id = "* "/> < /to List> < /c ha nne lTra ffic > < /se ssio nC o ntro l> < /e sic Se ssio n> [ ...se ria lize d Fre e Ha nd o b je c t... ]
4/28/2004 Merlin Vincent 33
Performance EvaluationPerformance Evaluation
Test configurationTest configuration– drawboard server on blancadrawboard server on blanca– two ESIC proxies, sanluis & crestonetwo ESIC proxies, sanluis & crestone– multiple drawboard instancesmultiple drawboard instances
running on Windows workstationsrunning on Windows workstations evenly distributed between the proxiesevenly distributed between the proxies repeat the last generated drawing object repeat the last generated drawing object
at rate of 1 msg/secat rate of 1 msg/sec
4/28/2004 Merlin Vincent 34
Non-ESIC Test RigNon-ESIC Test Rig
blanca: blanca: dual 933MHz dual 933MHz PIII, 1.5GB RAM, Redhat PIII, 1.5GB RAM, Redhat 9, Java 1.4.19, Java 1.4.1
Windows PCs: Windows PCs: one one 933MHz PIII, 512MB 933MHz PIII, 512MB RAM, Java 1.4.1RAM, Java 1.4.1
n clients => nn clients => n22+n +n msg/secmsg/sec– 1640 msg/sec maximum1640 msg/sec maximum
Bla nc a
O d d -num b e re d c lie nts
Fro m 2 to 40 c lie nts
Eve n-num b e re d c lie nts
4/28/2004 Merlin Vincent 35
ESIC Test RigESIC Test Rig
Crestone: Crestone: same as same as BlancaBlanca
Sanluis: Sanluis: same same except has dual except has dual 1.64GHz PIII1.64GHz PIII
n clients => 2n msg/secn clients => 2n msg/sec– 80 msg/sec maximum80 msg/sec maximum
JDOM XML adds a lot of JDOM XML adds a lot of overheadoverhead– turnaround time: turnaround time: 4.415
mSec to 11.578 mSec
Sa nluis C re sto ne
Bla nc a
O d d -num b e re d c lie nts
Fro m 2 to 40 c lie nts
Eve n-num b e re d c lie nts
4/28/2004 Merlin Vincent 36
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40
10
20
30
40
50
60
70
80
90
100
0
Per
cent
age
CP
U U
tili
zati
on
Number of Clients (each sending 1 msg/sec)
Non-ESIC Results
ESIC Results
CPU UtilizationCPU Utilization
4/28/2004 Merlin Vincent 37
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40
20
40
60
80
100
120
140
160
180
200
220
240
260
0
Mes
sage
Lat
ency
(m
Sec
)
Number of Clients
Non-ESIC Latency
ESIC Latency
Message LatencyMessage Latency
4/28/2004 Merlin Vincent 38
ESIC SecurityESIC Security
Complex issueComplex issue– proxy must have access to msg proxy must have access to msg
contentscontents– server response messagesserver response messages
ESI is still allowedESI is still allowed markup may be anywhere within the markup may be anywhere within the
messagemessage markup controls the proxymarkup controls the proxy
– client request messagesclient request messages addresses are in the HTTP headersaddresses are in the HTTP headers
4/28/2004 Merlin Vincent 39
ESIC Security, cont.ESIC Security, cont.
Proxy is a surrogate for the serverProxy is a surrogate for the server– tightly integratedtightly integrated– server is client of Content Delivery Networkserver is client of Content Delivery Network
Proxy/Server ConnectionProxy/Server Connection– SSL, with client authenticationSSL, with client authentication
Client/Proxy ConnectionClient/Proxy Connection– SSL, proxy uses subscriber’s certificateSSL, proxy uses subscriber’s certificate– similar approach used for virtual hostingsimilar approach used for virtual hosting
4/28/2004 Merlin Vincent 40
Future WorkFuture Work
Improve efficiencyImprove efficiency– connection pooling to origin serverconnection pooling to origin server– extend multicast group to clientsextend multicast group to clients
Experiment with virtual clustersExperiment with virtual clusters– avoid the Java applet security issueavoid the Java applet security issue
Address caching issuesAddress caching issues– optional channel attributeoptional channel attribute
4/28/2004 Merlin Vincent 41
ConclusionConclusion
Presented a design based on Presented a design based on analysis of collaboration analysis of collaboration requirementsrequirements
Implemented a prototype to Implemented a prototype to demonstrate usabilitydemonstrate usability
Evaluated performanceEvaluated performance