Upload File

[draft] joola.io workshop - system and security

34
joola.io Workshops System and Security Workshop Details and Instructions

Upload: itay-weinberger

Post on 15-Jun-2015

263 views

Category:

Technology


1 download

Report

Tags:

DESCRIPTION

This workshop focuses on system and security aspects of the joola.io framework. For a complete breakdown of the Workshop itself, refer to the project's wiki @ http://github.com/joola/joola.io/wiki/workshops

TRANSCRIPT

Page 1: [DRAFT] joola.io workshop - System and Security

joola.ioWorkshopsSystemandSecurity

WorkshopDetailsandInstructions

Page 2: [DRAFT] joola.io workshop - System and Security

AbouttheworkshopForsystemandsecurityengineers

Thisisahands-onworkshop

Labmaterialsareavailableforthisworkshop

ThisworkshopandmaterialsareavailableonourGitHubrepo

Page 3: [DRAFT] joola.io workshop - System and Security

WorkshopGoalsUnderstandjoola.ioonallofitscomponents

Deployandconfigurejoola.io

Controlandmonitorjoola.io

Defineworkspaces,rolesandusers

Monitorsecurityviolations

Page 4: [DRAFT] joola.io workshop - System and Security

LabDetailsDuringthisworkshopwe'llbeaccessinganonlinelab

PleaseSSHwiththefollowing

[email protected]

Password:password

*accesstotheabovelabiswhitelisted

Page 5: [DRAFT] joola.io workshop - System and Security

Understandingjoola.io

Page 6: [DRAFT] joola.io workshop - System and Security

Whatisjoola.io?$npminstalljoola.io

DataAnalyticsandVisualizationFramework

Scalabletodealwithhighvolumesofdataandqueries

Secureandmulti-tenant

Embedandintegratedatavisualizationsintoexistingsites

OpenSource

Page 7: [DRAFT] joola.io workshop - System and Security

ScalabilityandAvailabilityWritteninNode.JS

UsesRedisandMongoDB(bydefault)asunderlyingstores

Masterlessnode/gridbasedapproach

$nodejoola.io

EasilyscriptedusingPuppetorChefforVMdeployments

Page 8: [DRAFT] joola.io workshop - System and Security

ASecureSystemMulti-tenancy

Allactionsareexecutedwithinacontext

Rolebasedpermissions

Cascadingsecurityfilters

Granularpermissionsoncontentanddata

$joola.io.cli-e"joolaio.users.list()"

Page 9: [DRAFT] joola.io workshop - System and Security

RoleBasedPermissionsRolesaremappedtopermissions

Canvases,DimensionsandMetricsaremappedtoroles

UsersaremappedtoRoles

RolescanhaveFilters

Page 10: [DRAFT] joola.io workshop - System and Security

DataIntegrationDataispushedusingRESTAPI

Multipledatastoretypesaresupported

Pushingisroleandpermissionsbased

Oncedataispushedin,it'simmediatelyavailable

Guaranteedwriteoperation

Scalabletosupportincreaseinwriteops

Page 11: [DRAFT] joola.io workshop - System and Security

WebsiteIntegrationBundledJavascriptSDK

Copy-pasteVisualizations

Richdocumentationandexamples

AllAPIactionsaresupportedbySDK(CLIusesSDK)

RoleandPermissionsbased

Page 12: [DRAFT] joola.io workshop - System and Security

DeployandConfigure

Page 13: [DRAFT] joola.io workshop - System and Security

InstallandRunjoola.ioBeforeinstallingyouneedtohavenode,MongoDBandRedisinstalled.

$npminstalljoola.io-g

Torunjoola.io

$nodejoola.io

joola.ioisnowrunningandavailableonhttps://localhost:8080

Page 14: [DRAFT] joola.io workshop - System and Security

Connecttojoola.ioConnecttojoola.ioeitherusingthewebinterface@https://localhost:8080

orusetheCLI

$npminstalljoola.io.cli-g$joola.io.cli

Page 15: [DRAFT] joola.io workshop - System and Security

TheGridjoola.ioisgridbased,eachnodeispartofthehive

Master-less

Actionsarecarriedoverthegrid

Nothingiscommittedlocallytoasinglenode

$joola.io.cli

joola.io#admin@localhost:8080>joolaio.system.listnodes();

Connecttoasinglenodeandyou'reconnectedtotheentiregrid

Page 16: [DRAFT] joola.io workshop - System and Security

ConfigurationBaseconfigurationstoredatconfig/baseline.json

Assumesredisisrunningonlocalhost

//getconfigvaluejoolaio.config.get('store');

//setconfigvaluejoolaio.config.set('store:cache:mongo:host','mymongoserver');

Overrideconfigsettingsby$joola.io--store:cache:redis:hostmyredishost

Page 17: [DRAFT] joola.io workshop - System and Security

Authentication

Page 18: [DRAFT] joola.io workshop - System and Security

SecurityContextBuilt-inAuthenticationStoreorSingleSignOn(SSO)

Supportsusername/passwordand/orAPITokens

Eachrequestisvalidatedforpermissions

Contentendpointsvalidatecontentpermissions

Dispatchedmessagescontainsecuritycontext

Page 19: [DRAFT] joola.io workshop - System and Security

AuthenticationMethods//usingAPITokenjoolaio.init({APIToken:'apitoken'});

//usingusername/passwordjoolaio.users.authenticate('workspace','user','password',function(err,user){console.log(user);});

//server-sidejoolaio.users.authenticate('workspace','user','password',function(err,user){console.log('passthistoclientas_token',user.token);});//client-sidejoolaio.init({token:_token});

Page 20: [DRAFT] joola.io workshop - System and Security

SingleSignOnUseAPItogeneratesecuritycontextandtokenandPassgeneratedtokentoSDK

//server-sidevaruser={username:'user',name:'DisplayName',_roles:['user'],_filter:['tag','eq','tagvalue']};joolaio.users.generateToken('workspace',user,function(err,token){//passtoken._downtotheSDK});//client-sidejoolaio.init({token:_token});

Page 21: [DRAFT] joola.io workshop - System and Security

ControlandMonitor

Page 22: [DRAFT] joola.io workshop - System and Security

Controllingjoola.ioStarting/Stopping

$joola.io#start$joola.io.cli-e"joolaio.system.terminate('nodeuid')"#stop

StopGrid$joola.io.cli-e"joolaio.system.shutdown()"

StatusReport$joola.io.cli-e"joolaio.system.nodelist()"

Page 23: [DRAFT] joola.io workshop - System and Security

Daemonizing(PM2)WeusePM2fordaemonizingnode.jsprocesses

Arriveswithafullsuiteoftoolsandmonitors

Utilizesmulti-corestoallowverticalscaling

$npminstall-gpm2$pm2startjoola.io-imax

Thiswillstartjoola.ioonallavailablecores

Page 24: [DRAFT] joola.io workshop - System and Security

LoggingEachnodehasthreeloggingchannels:localfs,MongoDB(bydefault)andin-memoryring-buffer.

Fornodespecificlogs,use`pm2logs`onthenodemachineorreviewlocalfs.

Foracentralizedlog,usethewebinterfaceorCLI.

$joola.io.cli-e"joolaio.logger.fetch()"

Thiswillprintoutthelast1,000loggedevents.

Page 25: [DRAFT] joola.io workshop - System and Security

HealthMonitorDonebysamplingAPIendpoints

Dedicatedendpointsforsystem/nodestatus

Asimplenagiosforcheckinggeneralhealthdefineservice{usegeneric-servicehost_namehost.name.comservice_descriptionHTTPcheck_commandcheck_http!--port=8080check_interval1max_check_attempts3first_notification_delay0notifications_enabled1}

Page 26: [DRAFT] joola.io workshop - System and Security

Workspaces,RolesandUsers

Page 27: [DRAFT] joola.io workshop - System and Security

Multi-TenancySecureaccesswithdatafencing

[workspaces]|--[rootworkspace]|--[customworkspace]|--[roles]|--[users]|--[collections]|--[dimensions]|--[metrics]|--[canvases]|--[reports]|--[dashboards]|--[custom2workspace]

Page 28: [DRAFT] joola.io workshop - System and Security

AddaWorkspaceWorkspaceisthetop-levelentity

varworkspace={id:'sampleWorkspace',name:'Thisisasampleworkspace'};

joolaio.workspaces.add(workspace,function(err,result){console.log(result);});

Nowthatwehaveaworkspace,wecancreaterolesandusers

Page 29: [DRAFT] joola.io workshop - System and Security

AddaBeaconRole&UserTheBeaconuserwillpushdataintojoola.io

varrole={name:'beacon',permissions:['access_system','collections_stats','beacon_insert']};varuser={username:'beacon',_password:'beacon',_roles:['beacon'],workspace:'sampleWorkspace',APIToken:'apitoken-beacon'};joolaio.roles.add('sampleWorkspace',role);joolaio.users.add('sampleWorkspace',user);

Page 30: [DRAFT] joola.io workshop - System and Security

AddaReaderRoleandUserTheReaderuserwillqueryandvisualizedata

varrole={name:'reader',permissions:['access_system','query_fetch']};varuser={username:'reader',_password:'reader',_roles:['reader'],workspace:'sampleWorkspace',APIToken:'apitoken-reader'};joolaio.roles.add('sampleWorkspace',role);joolaio.users.add('sampleWorkspace',user);

Page 31: [DRAFT] joola.io workshop - System and Security

PushSomeDataSwitchtoBeaconuserandpushdata

joolaio.set('APIToken','apitoken-beacon');vardoc={timestamp:newDate(),machine:{hostname:'myhost',os:'centos6.5',uptime:123}open_files:123,no_of_logged_in_users};joolaio.beacon.insert('sampleCollection',doc);joolaio.collections.stats('sampleCollection')

Page 32: [DRAFT] joola.io workshop - System and Security

SecurityAlertsandEvents

Page 33: [DRAFT] joola.io workshop - System and Security

EventScreeningWescreenlogsforrelevanteventsusingCLI

$joola.io.cli-e"joolaio.logger.fetch({category:'security'})"

{time:'2014-03-04T19:05:42.605Z',msg:'Token[fFlzoNklT]isvalidforuser[root].',hostname:'lab01',pid:922,level:20,category:'security',req:{start_ts:'2014-03-04T19:05:42.590Z',remoteaddr:'127.0.0.1',params:{resource:'users',action:'verifyAPIToken',APIToken:'apitoken-root'},url:'api/users/verifyAPIToken',headers:{'joolaio-apitoken':'apitoken-root'}}}

Page 34: [DRAFT] joola.io workshop - System and Security

SecurityAlerts$joola.io.cli-e"joolaio.alerts.add({key:'failed_login',endpoint:{type:'email',target:'[email protected]'},query:{timeframe:'last_minute',dimensions:['username','password','token','APIToken','remoteaddr'],metrics:['failed_logins'],filter:[['event','eq','failed_login']]}});"


Network Security Fundamentals · Network Security Fundamentals Network Security Workshop 30 May 2015 2.0-draft. Overview ... common to disguise one’s address and conceal the identity

Draft Report-ETSI QoS QoE Workshop

Working Draft – 05/08/2019 Workshop draft text for public ...€¦ · Working Draft – 05/08/2019 Workshop draft text for public review & comment . 2 . Control Measure including

Hasgeek meteor workshop Draft

Sap Security Workshop

DRAFT Harmonized Seed Security Project Planning Workshop ... · DRAFT Harmonized Seed Security Project Planning Workshop ... Aligning national legislation and practice with SADC Seed

Draft National Food Security Bill

Draft Food Security Bill

Routing Security Workshop

Draft 1.1 Workshop 1/2

SLQ Wikipedia workshop: creating a draft

Working Draft – 05/08/2019 Workshop draft text for public review … · 2019. 5. 9. · Working Draft – 05/08/2019 Workshop draft text for public review & comment . 1 . DRAFT

Food Security Workshop

Formal Draft Workshop Presentation - Washington · Formal Draft Workshop Presentation Sand & Gravel General Draft Permit Language Carrie Graul Sand & Gravel General Permit Writer

NSR Workshop Manual (DRAFT October 1990)

Barista Workshop Report Draft 1

DRAFT CYBER SECURITY AUDIT PROGRAM

Energy Security Workshop Paper

Security Draft Asset Management Strategy

Gunadarma workshop security

Personal Narrative Draft #1Writing Workshop

DRAFT WORKSHOP OUTCOMES Agritourism Policy Setting

Workshop „Information Security“ Protecting information efficiently€¦ · ABB ABILITY™ CYBER SECURITY SERVICES Workshop „Information Security“ Protecting information efficiently

Energy bus workshop draft 1

Public Workshop on Draft Proposal to Reduce Emissions from ... · Public Workshop on Draft Proposal to Reduce ... Public Workshop on Draft Proposal to Reduce Emissions from Ship Auxiliary

Cyber Security[4 JAN] Draft

Thailand food security and nutrition case study … · Thailand food security and nutrition case study Successes and next steps Draft report for South-South Learning Workshop to Accelerate

Php Security Workshop

CARE Workshop 1 (draft)

TREES FOR FOOD SECURITY: ACIAR Inception Workshop, 6 … draft Ethiopia... · TREES FOR FOOD SECURITY: ACIAR Inception Workshop, 6-7 August 2012, Addis Ababa, Ethiopia Workshop Report

Workshop Program - DRAFT II- Feb 21

Peer Workshop Draft - Assignment 1

Seminar1 Seminar 1 - JICASeminar1 Seminar1 Workshop Workshop Workshop Workshop Photo Album (7/7) Draft Final Report (Explanation / Discussion) Draft Final Report (Explanation

Workshop Security Basics - tuebix.github.io

Computer Security Workshop