DoE99 review
Download
Report
Transcript DoE99 review
Users’ Authentication in the
VRVS System
David Collados
California Institute of Technology
November 20th, 2003
TERENA - Authentication & Authorization
What is VRVS?
The Virtual Rooms Videoconferencing System has
been developed by Caltech since 1995 to provide a
world wide videoconferencing service for education
and research communities.
VRVS is a realtime distributed system which
provide a scalable communication infrastructure for
large collaboration dispersed all over the world.
Different technologies and protocols are supported
(and mixed) and allow users to connect their
preferred videoconference.
Supports Mbone, H.323, SIP, QuickTime, Access
Grid, JMF and MPEG2.
The system is composed of 1 main server and
several reflectors spread around the world.
VRVS Web Service Design
Unified Web User Interface to schedule and join/leave
a meeting independently of any application.
Multi-platform: Windows, Linux, MacOS and Unix
Easy to use: Everybody knows how to click on a web
page today.
Virtual Room Concept, Scheduling: Create a virtual
space were people can exchange real-time information
Join or Leave a Collaborative session at anytime. No
need to know in advance how many participants and
booked ports capacity.
Full Documentation and Tutorial
Self service: No need for a technician or expert to
organize and join you into a conference.
VRVS Model Implementation
VRVS Web User Interface
(vic, vat/rat,..)
SIP
H.323
QuickTime
Player
MPEG
Minerva
QoS
VRVS Reflectors (Unicast/Multicast)
Collaborative
Applications
Mbone
Tools
Real Time Protocol (RTP/RTCP)
Network Layer (TCP/IP)
done
Partially done
Work in progress
Continuously in development
VRVS Deployment
and Usage
VRVS Reflectors Deployment
VRVS Reflector Implementation
Avoids Duplication of Streams on a given Link
Can be set to Unicast or Multicast mode or both
Connection peer-to-peer with neighbors network
servers. Connectionless (more reliable to network
breaks)
Enables Optimized Routing
Enables Bandwidth Control
Provide low latency communication
Could be use for real-time interactivity or broadcast
Provide elegant solution to cross firewall/NAT
Remote Management Features.
Compliant with IETF RTPv2 Protocol, ready for new
applications.
Monalisa: Real-Time Monitoring
Registered users and current usage
as of (16th November 2003)
Multipoint Videoconferences Scheduled
800
700
600
Number of Registered Users:
96 Countries & 6615 Users
USA
1609
2001
500
2002
400
2003
300
200
Spain
1038
Italy
450
100
0
Jan
Switzerland
405
Brazil
379
France
357
Germany
324
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Hours Scheduled of Multipoint Videoconferences
2500
2000
2001
2002
UK
260
Canada
127
Japan
123
Slovakia, Chile, Poland, Russia,
Taiwan, Greece, Netherlands, etc…
1500
2003
1000
500
0
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Machines and OS
Machines used in VRVS
VRVS supports different
Operating Systems based
on the needs and
demands of final users:
923
Windows
Linux
Macintosh
Others
136
1733
1st : Windows
2nd: Linux
3rd: Mac OS
4th: Other UNIX
Connections from Machines
11805
2045
11856
Windows
Linux
Macintosh
Others
30021
19.461 machines
(16th November 2003)
143760
Some Examples
VRVS on Mac OS X
VRVS on Windows
Example 1: 20 participants
BRAZIL (3 sites) + SWITZERLAND (CERN) + USA (Caltech)
Example 2: 17 participants
JAPAN + UK + SWITZERLAND + BRAZIL + USA (SLAC + FERMILAB)
VRVS Virtual Setup
1 dual processor PC
With special 4 outputs graphic card
6400 x 4800 pixels
Most powerful VRVS End Node
Authentication
and Authorization
- Present Status -
Users’ Site (Apache)
Database Authentication module for browsing most of the site.
One single realm for the whole site.
Caching just for the current browser session.
Authorization of Users 1/2
Each VRVS user belongs to a Community. The responsible/s for
that community will authorize (or not) bookings from that user in
their community.
Authorization of Users 2/2
Other mechanism of authorization is implemented when joining
a meeting (Virtual Room access protected with password).
Administration Site (Tomcat)
Database Authentication for the whole site.
JDBC Realm implemented for MySQL DB.
Administrators database with MD5 digest algorithm for stored
passwords.
Authorization @ Admin Site
Different roles defined in the DB attached to the users.
The Call Detail Record example. Oriented to roles.
Authentication
and Authorization
- Future -
AA in the VRVS Future
AA independent of our system and distributed.
Internet2 initiative: Shibboleth.
RedIRIS initiative: PAPI.
Grid Security Infrastructure (GSI): public key
encryption, X.509 certificates, SSL + extensions for
delegation and single sign-on.
What do we integrate and how?
WWW.VRVS.ORG
[email protected]
[email protected]