collabora online: real-time collaboration on documents · regular penetration testing layered...

Collabora Productivity www.collaboraoffice.com

Collabora Productivity

Collabora Online:Real-time Collaboration on Documents

By Jan Holešovský

Development Manager at Collabora Productivity

kendy@collabora.com @JHolesovsky +holesovsky Skype: janholes

2

Collabora Productivity www.collaboraoffice.com

Collabora Online

High fidelity, WYSIWYG rendering

● A tough problem; 20+ years of code.

Great Interoperability Support:

● DOC, DOCX, PPT, PPTX, XLS, XLSX + ODF.

● Import/View Visio, Publisher + 100 more

Easy to deploy

● No database, plain C++ binaries, no expensive dependencies

Rich Document Collaboration

● More and more features known from the desktop LibreOffice / Collabora Office

exposed with every version

Collabora Productivity www.collaboraoffice.com

Integrating with Partners ...

Collabora: no SaaS product, no EFSS, no Mail, no Video conferencing, no … simply Office.

4

Collabora Productivity www.collaboraoffice.com

CODE: Collabora Online Development Edition

CODE – grab the latestDocker image and/or packages

● http://collaboraoffice.com/code

● ~2 million Docker pulls

Richdocuments: A simple ownCloudor Nextcloud extension

● No core changes required, easy todeploy

● Reference, but it’s easy to createother integrations via WOPI protocol

Collabora Productivity www.collaboraoffice.com

Demo / what it looks like

Collabora Productivity www.collaboraoffice.com

Demo / what it looks like #2

Collabora Productivity www.collaboraoffice.com

New in 3.0: Dialogs from LibreOffice

Exposing advanced features

● Advanced character, paragraph and page properties

● Line, fill, cell properties, etc.

● All that collaboratively!

Deployment

9

Collabora Productivity www.collaboraoffice.com

Example Deployment

Advanced - includingan HA setup...

UsersHA balancer of

choice: ha-proxy, nginx, F5, ...

Key attribute is to ensure that all traffic related to the same document goes to the same worker – all collaborators end up in the same address space. Balancing on WOPISrc

https://

Collabora OnlineWorker NodesTalking WOPI

EFSS clustered storage

Load balancing access to EFSS

Collabora Online

Worker Nodes

Load balancing document

editing

10

Collabora Productivity www.collaboraoffice.com

Hardware Sizing – per node

Guidelines:

● 10 active documents / CPU thread

● 50Mb RAM / active user

● 100kbit/s / active user

5000 ‘users’ → diversity → 500 concurrent users

● 50 CPU threads

● 25 Gb of RAM

● 50 Mbit of bandwidth

Can setup today on a single large machine.

Collabora Productivity www.collaboraoffice.com

Under the hood

Collabora Productivity www.collaboraoffice.com

Security: The onion ...

Regular Penetration Testing

Layered approach to protecting infrastructure ...

Virtual Machine / Docker Container

Document Data Isolation into chroots

seccomp-bpf ~no bad syscalls ...

extremely sparse filesystem

chroot per document / user ...

systematic load crash testing

Industry beating coverity score.

LibreOfficeKit rendering instance

13

Collabora Productivity www.collaboraoffice.com

Security: Pixels to the people ….

Looks and feels like a local editor

Client has ~only bitmaps

● Document data stays on the server

● Lock-down options:

● disable download, copy, paste, print, etc.

● Optionalwatermarkingof each tile:

WOPI – integration & extensions ...

Collabora Productivity www.collaboraoffice.com

WOPI – the details

Protocol that you have to implement when integrating Collabora Online

● Ties together auth & I/O

● https://wopi.readthedocs.org/en/latest/

WOPI extensions

● Additional properties in CheckFileInfo for eg. avatars

● Additional authentication methods

● UI lockdown

Collabora Productivity www.collaboraoffice.com

Biggest difference: No locking

The WOPI spec. insists on file locking

● But that’s against how the EFFS usually work – people can work offline and upload the new versions of the document

Collabora Online uses timestamps instead

● When there is a conflict of versions, the user is presented with a dialog asking to resolve the conflict

● When the session is inactive, it is transparently updated after the user activates it again

Why Collabora ?

18

Collabora Productivity www.collaboraoffice.com

What you get ...

Customer Portal access

● Access to Collabora Online binaries &update channels.

● Full Technical Docs

● Setup, deployment,

● User manual

● Support ticketing system – file & fix.

Laser focus:

● Documents only!

● Not an EFSS, not E-mail,not Video Conferencing

19

Collabora Productivity www.collaboraoffice.com

Partners & Customers

Product Management interaction

● Driving our development

Responsive support & winning tenders together

Airsoft action:

CEO | CTO at Adfinis SyGroup AG

20

Collabora Productivity www.collaboraoffice.com

A Partnership with LibreOffice community

~200 million LibreOffice user-base

~1000 people helping to develop LibreOffice

300 individual committers in the last year

Vendor Neutral Berlin-based Stiftung

Product developed in public.

Ubuntu LTS RoadmapA 10k user survey.“Help Ubuntu set theDefault Apps”

21

Collabora Productivity www.collaboraoffice.com

Backed by a real, diverse community

2016

-08-

01

2016

-09-

01

2016

-10-

01

2016

-11-0

1

2016

-12-

01

2017

-01-

01

2017

-02-

01

2017

-03-

01

2017

-04-

01

2017

-05-

01

2017

-06-

01

2017

-07-

01

2017

-08-

010

200400600800

100012001400160018002000

Commits per month by affiliationRedHat

Collabora

Assigned

CIB

TDF

Peralex

SIL

Munich

Canonical

Apache Volunteer

Linagora

Nou & Off

SUSE

Conference 2017: Guests of the City of RomeConference 2017: Guests of the City of Rome

What we did in the last year

(since 2.0)

23

Collabora Productivity www.collaboraoffice.com

Collabora Online 2.1 ...

Upgraded to common code with Collabora Office 5.3

Performance:

● Memory reduction – reduce guidance 50% + OOM

● CPU perf. wins + anti-aliased rendering

● B/W reduction – avoiding un-changed tile updates

Collaboration:

● Client-side JSanimated commenting and change tracking

24

Collabora Productivity www.collaboraoffice.com

Collabora Online 2.1 ...

Internal re-design: simplifying threading

Security Improvements

● seccomp-bpf: pre-emptive kernel API sub-setting

● Content Security Policy / header improvements

● stronger admin password hashing

Calc

● 500k rows re-work

● Active cell reference

25

Collabora Productivity www.collaboraoffice.com

Collabora Online 2.1.x

Avatar support

Improved Admin Console

● View byusers

● Modified?

26

Collabora Productivity www.collaboraoffice.com

Collabora Online 2.1.x

Chart sub-object editing & position

New platforms

● RHEL6

● SLES11SP4

● Debian 9

Config expansion

● rlimits, memory handling, etc.

Collabora Productivity www.collaboraoffice.com

Collabora Online 3.0

Exposing advanced features via dialog tunneling

● Advanced character, paragraph and page properties

● Line, fill, cell properties, etc.

● All that collaboratively!

28

Collabora Productivity www.collaboraoffice.com

Ongoing work for 3.x & beyond

Interoperability – LibreOffice 6.0

● Lots of of file-format fixing

● New Pivot Charts feature

● Improved EMF+/EMF rendering

Latency & Bandwidth

● Much improved tile compression …

And more ...

Collabora Productivity

Summary

By Jan Holešovský@JHolesovsky +holesovsky Skype: janholeskendy@collabora.com

● Georgeous, interoperable, easy to integrate document

collaboration

● Continuous improvement based on a deep customer & partner

discussion

● Services & Support from Collabora

● Collabora Productivity: The driving force behind LibreOffice Online.