[draft] joola.io workshop - system and security
DESCRIPTION
This workshop focuses on system and security aspects of the joola.io framework. For a complete breakdown of the Workshop itself, refer to the project's wiki @ http://github.com/joola/joola.io/wiki/workshopsTRANSCRIPT
![Page 1: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/1.jpg)
joola.ioWorkshopsSystemandSecurity
WorkshopDetailsandInstructions
![Page 2: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/2.jpg)
AbouttheworkshopForsystemandsecurityengineers
Thisisahands-onworkshop
Labmaterialsareavailableforthisworkshop
ThisworkshopandmaterialsareavailableonourGitHubrepo
![Page 3: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/3.jpg)
WorkshopGoalsUnderstandjoola.ioonallofitscomponents
Deployandconfigurejoola.io
Controlandmonitorjoola.io
Defineworkspaces,rolesandusers
Monitorsecurityviolations
![Page 4: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/4.jpg)
LabDetailsDuringthisworkshopwe'llbeaccessinganonlinelab
PleaseSSHwiththefollowing
Password:password
*accesstotheabovelabiswhitelisted
![Page 5: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/5.jpg)
Understandingjoola.io
![Page 6: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/6.jpg)
Whatisjoola.io?$npminstalljoola.io
DataAnalyticsandVisualizationFramework
Scalabletodealwithhighvolumesofdataandqueries
Secureandmulti-tenant
Embedandintegratedatavisualizationsintoexistingsites
OpenSource
![Page 7: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/7.jpg)
ScalabilityandAvailabilityWritteninNode.JS
UsesRedisandMongoDB(bydefault)asunderlyingstores
Masterlessnode/gridbasedapproach
$nodejoola.io
EasilyscriptedusingPuppetorChefforVMdeployments
![Page 8: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/8.jpg)
ASecureSystemMulti-tenancy
Allactionsareexecutedwithinacontext
Rolebasedpermissions
Cascadingsecurityfilters
Granularpermissionsoncontentanddata
$joola.io.cli-e"joolaio.users.list()"
![Page 9: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/9.jpg)
RoleBasedPermissionsRolesaremappedtopermissions
Canvases,DimensionsandMetricsaremappedtoroles
UsersaremappedtoRoles
RolescanhaveFilters
![Page 10: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/10.jpg)
DataIntegrationDataispushedusingRESTAPI
Multipledatastoretypesaresupported
Pushingisroleandpermissionsbased
Oncedataispushedin,it'simmediatelyavailable
Guaranteedwriteoperation
Scalabletosupportincreaseinwriteops
![Page 11: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/11.jpg)
WebsiteIntegrationBundledJavascriptSDK
Copy-pasteVisualizations
Richdocumentationandexamples
AllAPIactionsaresupportedbySDK(CLIusesSDK)
RoleandPermissionsbased
![Page 12: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/12.jpg)
DeployandConfigure
![Page 13: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/13.jpg)
InstallandRunjoola.ioBeforeinstallingyouneedtohavenode,MongoDBandRedisinstalled.
$npminstalljoola.io-g
Torunjoola.io
$nodejoola.io
joola.ioisnowrunningandavailableonhttps://localhost:8080
![Page 14: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/14.jpg)
Connecttojoola.ioConnecttojoola.ioeitherusingthewebinterface@https://localhost:8080
orusetheCLI
$npminstalljoola.io.cli-g$joola.io.cli
![Page 15: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/15.jpg)
TheGridjoola.ioisgridbased,eachnodeispartofthehive
Master-less
Actionsarecarriedoverthegrid
Nothingiscommittedlocallytoasinglenode
$joola.io.cli
joola.io#admin@localhost:8080>joolaio.system.listnodes();
Connecttoasinglenodeandyou'reconnectedtotheentiregrid
![Page 16: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/16.jpg)
ConfigurationBaseconfigurationstoredatconfig/baseline.json
Assumesredisisrunningonlocalhost
//getconfigvaluejoolaio.config.get('store');
//setconfigvaluejoolaio.config.set('store:cache:mongo:host','mymongoserver');
Overrideconfigsettingsby$joola.io--store:cache:redis:hostmyredishost
![Page 17: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/17.jpg)
Authentication
![Page 18: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/18.jpg)
SecurityContextBuilt-inAuthenticationStoreorSingleSignOn(SSO)
Supportsusername/passwordand/orAPITokens
Eachrequestisvalidatedforpermissions
Contentendpointsvalidatecontentpermissions
Dispatchedmessagescontainsecuritycontext
![Page 19: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/19.jpg)
AuthenticationMethods//usingAPITokenjoolaio.init({APIToken:'apitoken'});
//usingusername/passwordjoolaio.users.authenticate('workspace','user','password',function(err,user){console.log(user);});
//server-sidejoolaio.users.authenticate('workspace','user','password',function(err,user){console.log('passthistoclientas_token',user.token);});//client-sidejoolaio.init({token:_token});
![Page 20: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/20.jpg)
SingleSignOnUseAPItogeneratesecuritycontextandtokenandPassgeneratedtokentoSDK
//server-sidevaruser={username:'user',name:'DisplayName',_roles:['user'],_filter:['tag','eq','tagvalue']};joolaio.users.generateToken('workspace',user,function(err,token){//passtoken._downtotheSDK});//client-sidejoolaio.init({token:_token});
![Page 21: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/21.jpg)
ControlandMonitor
![Page 22: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/22.jpg)
Controllingjoola.ioStarting/Stopping
$joola.io#start$joola.io.cli-e"joolaio.system.terminate('nodeuid')"#stop
StopGrid$joola.io.cli-e"joolaio.system.shutdown()"
StatusReport$joola.io.cli-e"joolaio.system.nodelist()"
![Page 23: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/23.jpg)
Daemonizing(PM2)WeusePM2fordaemonizingnode.jsprocesses
Arriveswithafullsuiteoftoolsandmonitors
Utilizesmulti-corestoallowverticalscaling
$npminstall-gpm2$pm2startjoola.io-imax
Thiswillstartjoola.ioonallavailablecores
![Page 24: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/24.jpg)
LoggingEachnodehasthreeloggingchannels:localfs,MongoDB(bydefault)andin-memoryring-buffer.
Fornodespecificlogs,use`pm2logs`onthenodemachineorreviewlocalfs.
Foracentralizedlog,usethewebinterfaceorCLI.
$joola.io.cli-e"joolaio.logger.fetch()"
Thiswillprintoutthelast1,000loggedevents.
![Page 25: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/25.jpg)
HealthMonitorDonebysamplingAPIendpoints
Dedicatedendpointsforsystem/nodestatus
Asimplenagiosforcheckinggeneralhealthdefineservice{usegeneric-servicehost_namehost.name.comservice_descriptionHTTPcheck_commandcheck_http!--port=8080check_interval1max_check_attempts3first_notification_delay0notifications_enabled1}
![Page 26: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/26.jpg)
Workspaces,RolesandUsers
![Page 27: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/27.jpg)
Multi-TenancySecureaccesswithdatafencing
[workspaces]|--[rootworkspace]|--[customworkspace]|--[roles]|--[users]|--[collections]|--[dimensions]|--[metrics]|--[canvases]|--[reports]|--[dashboards]|--[custom2workspace]
![Page 28: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/28.jpg)
AddaWorkspaceWorkspaceisthetop-levelentity
varworkspace={id:'sampleWorkspace',name:'Thisisasampleworkspace'};
joolaio.workspaces.add(workspace,function(err,result){console.log(result);});
Nowthatwehaveaworkspace,wecancreaterolesandusers
![Page 29: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/29.jpg)
AddaBeaconRole&UserTheBeaconuserwillpushdataintojoola.io
varrole={name:'beacon',permissions:['access_system','collections_stats','beacon_insert']};varuser={username:'beacon',_password:'beacon',_roles:['beacon'],workspace:'sampleWorkspace',APIToken:'apitoken-beacon'};joolaio.roles.add('sampleWorkspace',role);joolaio.users.add('sampleWorkspace',user);
![Page 30: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/30.jpg)
AddaReaderRoleandUserTheReaderuserwillqueryandvisualizedata
varrole={name:'reader',permissions:['access_system','query_fetch']};varuser={username:'reader',_password:'reader',_roles:['reader'],workspace:'sampleWorkspace',APIToken:'apitoken-reader'};joolaio.roles.add('sampleWorkspace',role);joolaio.users.add('sampleWorkspace',user);
![Page 31: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/31.jpg)
PushSomeDataSwitchtoBeaconuserandpushdata
joolaio.set('APIToken','apitoken-beacon');vardoc={timestamp:newDate(),machine:{hostname:'myhost',os:'centos6.5',uptime:123}open_files:123,no_of_logged_in_users};joolaio.beacon.insert('sampleCollection',doc);joolaio.collections.stats('sampleCollection')
![Page 32: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/32.jpg)
SecurityAlertsandEvents
![Page 33: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/33.jpg)
EventScreeningWescreenlogsforrelevanteventsusingCLI
$joola.io.cli-e"joolaio.logger.fetch({category:'security'})"
{time:'2014-03-04T19:05:42.605Z',msg:'Token[fFlzoNklT]isvalidforuser[root].',hostname:'lab01',pid:922,level:20,category:'security',req:{start_ts:'2014-03-04T19:05:42.590Z',remoteaddr:'127.0.0.1',params:{resource:'users',action:'verifyAPIToken',APIToken:'apitoken-root'},url:'api/users/verifyAPIToken',headers:{'joolaio-apitoken':'apitoken-root'}}}
![Page 34: [DRAFT] joola.io workshop - System and Security](https://reader036.vdocuments.us/reader036/viewer/2022081404/557e7da2d8b42a48528b4832/html5/thumbnails/34.jpg)
SecurityAlerts$joola.io.cli-e"joolaio.alerts.add({key:'failed_login',endpoint:{type:'email',target:'[email protected]'},query:{timeframe:'last_minute',dimensions:['username','password','token','APIToken','remoteaddr'],metrics:['failed_logins'],filter:[['event','eq','failed_login']]}});"