collabora online: real-time collaboration on documents · regular penetration testing layered...

Collabora Productivity www.collaboraoffice.com

Collabora Productivity

Collabora Online:Real-time Collaboration on Documents

By Jan Holešovský

Development Manager at Collabora Productivity

[email protected] @JHolesovsky +holesovsky Skype: janholes

mailto:[email protected]

https://www.collaboraoffice.com/

2


Collabora Online

High fidelity, WYSIWYG rendering

● A tough problem; 20+ years of code.

Great Interoperability Support:

● DOC, DOCX, PPT, PPTX, XLS, XLSX + ODF.

● Import/View Visio, Publisher + 100 more

Easy to deploy

● No database, plain C++ binaries, no expensive dependencies

Rich Document Collaboration

● More and more features known from the desktop LibreOffice / Collabora Office

exposed with every version



Integrating with Partners ...

Collabora: no SaaS product, no EFSS, no Mail, no Video conferencing, no … simply Office.


4


CODE: Collabora Online Development Edition

CODE – grab the latestDocker image and/or packages

● http://collaboraoffice.com/code

● ~2 million Docker pulls

Richdocuments: A simple ownCloudor Nextcloud extension

● No core changes required, easy todeploy

● Reference, but it’s easy to createother integrations via WOPI protocol

http://collaboraoffice.com/code



Demo / what it looks like



Demo / what it looks like #2



New in 3.0: Dialogs from LibreOffice

Exposing advanced features

● Advanced character, paragraph and page properties

● Line, fill, cell properties, etc.

● All that collaboratively!


Deployment

9


Example Deployment

Advanced - includingan HA setup...

UsersHA balancer of

choice: ha-proxy, nginx, F5, ...

Key attribute is to ensure that all traffic related to the same document goes to the same worker – all collaborators end up in the same address space. Balancing on WOPISrc

https://

Collabora OnlineWorker NodesTalking WOPI

EFSS clustered storage

Load balancing access to EFSS

Collabora Online

Worker Nodes

Load balancing document

editing


10


Hardware Sizing – per node

Guidelines:

● 10 active documents / CPU thread

● 50Mb RAM / active user

● 100kbit/s / active user

5000 ‘users’ → diversity → 500 concurrent users

● 50 CPU threads

● 25 Gb of RAM

● 50 Mbit of bandwidth

Can setup today on a single large machine.



Under the hood



Security: The onion ...

Regular Penetration Testing

Layered approach to protecting infrastructure ...

Virtual Machine / Docker Container

Document Data Isolation into chroots

seccomp-bpf ~no bad syscalls ...

extremely sparse filesystem

chroot per document / user ...

systematic load crash testing

Industry beating coverity score.

LibreOfficeKit rendering instance


13


Security: Pixels to the people ….

Looks and feels like a local editor

Client has ~only bitmaps

● Document data stays on the server

● Lock-down options:

● disable download, copy, paste, print, etc.

● Optionalwatermarkingof each tile:


WOPI – integration & extensions ...


WOPI – the details

Protocol that you have to implement when integrating Collabora Online

● Ties together auth & I/O

● https://wopi.readthedocs.org/en/latest/

WOPI extensions

● Additional properties in CheckFileInfo for eg. avatars

● Additional authentication methods

● UI lockdown

https://wopi.readthedocs.org/en/latest/



Biggest difference: No locking

The WOPI spec. insists on file locking

● But that’s against how the EFFS usually work – people can work offline and upload the new versions of the document

Collabora Online uses timestamps instead

● When there is a conflict of versions, the user is presented with a dialog asking to resolve the conflict

● When the session is inactive, it is transparently updated after the user activates it again


Why Collabora ?

18


What you get ...

Customer Portal access

● Access to Collabora Online binaries &update channels.

● Full Technical Docs

● Setup, deployment,

● User manual

● Support ticketing system – file & fix.

Laser focus:

● Documents only!

● Not an EFSS, not E-mail,not Video Conferencing


19


Partners & Customers

Product Management interaction

● Driving our development

Responsive support & winning tenders together

Airsoft action:

CEO | CTO at Adfinis SyGroup AG


20


A Partnership with LibreOffice community

~200 million LibreOffice user-base

~1000 people helping to develop LibreOffice

300 individual committers in the last year

Vendor Neutral Berlin-based Stiftung

Product developed in public.

Ubuntu LTS RoadmapA 10k user survey.“Help Ubuntu set theDefault Apps”

https://www.slideshare.net/dustinkirkland/lets-talk-about-the-ubuntu-1804-lts-roadmap


21


Backed by a real, diverse community

2016

-08-

01

2016

-09-

01

2016

-10-

01

2016

-11-0

1

2016

-12-

01

2017

-01-

01

2017

-02-

01

2017

-03-

01

2017

-04-

01

2017

-05-

01

2017

-06-

01

2017

-07-

01

2017

-08-

010

200400600800

100012001400160018002000

Commits per month by affiliationRedHat

Collabora

Assigned

CIB

TDF

Peralex

SIL

Munich

Canonical

Apache Volunteer

Linagora

Nou & Off

SUSE

Conference 2017: Guests of the City of RomeConference 2017: Guests of the City of Rome


What we did in the last year

(since 2.0)

23


Collabora Online 2.1 ...

Upgraded to common code with Collabora Office 5.3

Performance:

● Memory reduction – reduce guidance 50% + OOM

● CPU perf. wins + anti-aliased rendering

● B/W reduction – avoiding un-changed tile updates

Collaboration:

● Client-side JSanimated commenting and change tracking


24


Collabora Online 2.1 ...

Internal re-design: simplifying threading

Security Improvements

● seccomp-bpf: pre-emptive kernel API sub-setting

● Content Security Policy / header improvements

● stronger admin password hashing

Calc

● 500k rows re-work

● Active cell reference


25


Collabora Online 2.1.x

Avatar support

Improved Admin Console

● View byusers

● Modified?


26


Collabora Online 2.1.x

Chart sub-object editing & position

New platforms

● RHEL6

● SLES11SP4

● Debian 9

Config expansion

● rlimits, memory handling, etc.



Collabora Online 3.0

Exposing advanced features via dialog tunneling

● Advanced character, paragraph and page properties

● Line, fill, cell properties, etc.

● All that collaboratively!


28


Ongoing work for 3.x & beyond

Interoperability – LibreOffice 6.0

● Lots of of file-format fixing

● New Pivot Charts feature

● Improved EMF+/EMF rendering

Latency & Bandwidth

● Much improved tile compression …

And more ...


Collabora Productivity

Summary

By Jan Holešovský@JHolesovsky +holesovsky Skype: [email protected]

● Georgeous, interoperable, easy to integrate document

collaboration

● Continuous improvement based on a deep customer & partner

discussion

● Services & Support from Collabora

● Collabora Productivity: The driving force behind LibreOffice Online.

mailto:[email protected]