Gluu Technical Overview

1
GluuTechnical Overview

• Michael Schwartz
• Founder
• Gluu Project

2
Technology Stack

• Built on Open Source wherever possible
• Linux
• OpenSSO
• OpenDS
• MySQL
• JBoss 5 Application Server
• JBoss Seam
• JBoss Drools
• Radiant Logic (commercial product)

3
Gluu HA Cloud Deployment

• Cloud Infrastructure
• thePlanet.com
• SSL
• Between all servers
• High Availability
• All components OpenSSO
• VDS
• JBoss
• MySQL Sun MQ Apache

4
Gluu Virtual Appliance

• Easy to deploy, ready to configure
• Backend connections are local
• Fedlet for SAML test or OpenSSO for Managed Domain

5
VDS Design

• Support any customer backend datasource
• Create custom LDAP View of LDAP, RDBMS, SOA
• Scales horizontally Efficient use of cloud
  computing resources
• Outbound DSML via HTTPS simplifies security

6
Gluu Portal Use Case Diagram
7
VDS Benchmark

• 1 GB memory ______ Users
• LDAP Auths / Second ________
• LDAP Reads / Second _______
• LDAP Writes / Second _______
• Cache Refresh _________

users processed per second
Benchmark in progress More details to follow.
8
Gluu Virtual DIT

• Flat Design
• Groups 3 Levels
• Users 4 Levels
• One dc per organization
• Consistent user and group DN
• uidfoo,oupeople,dcdomain,dcgluu
• cngroupN,ougroups,dcgluu
• Global Groups
• Use of attributes versus DIT to convey context

9
Cache Refresh Design
uidfoo,oupeople,dccusta,dcfc-10351 uidjoe,ou
people,dccusta,dcfc22329 uidbob,oupeople,dc
custa,dcfc5446 . . .
Hash value of current snapshot

• Snapshots ____ minutes
• Customer configurable
• Default is daily
• Detects Changes
• Issues commands to VDS to refresh cache
• Very fast, low memory footprint

10
Gluu DB Schema
11
Group Referential Integrity
FOO GETS FIRED ! ! !
dn cngroup1,ougroups,dcgluu member
uidfoo,oupeople,dccusta,dcgluu member
uidjoe,oupeople,dccusta,dcgluu member
uidbob,oupeople,dccusta,dcgluu

• Deleted Users are removed from groups
• Groups owned by user are removed

12
Gluu Federation Trust Network

• Gluu Federation Trust Network is global.

13
Custom Trust Networks

• Trust Network
• Specifies What user attributes are published
• Created by organization
• Trust Agreements
• Binds Organization and Trust Network
• Specifies Who is included in the trust network
• One or more groups

14
Rules Based Authorization

• Drools
• Open Source Java Rete Algorithm based development
  API and framework.
• n of rules very scalable
• Enable business users to dynamically make rules
  based on user, group, and organizational
  attributes

ltrule name"CanUserSeeGroup" gt
ltjavaconditiongtgroup.getGroupVisibility.equals("
PUBLIC")lt/javaconditiongt ltjavaconditiongtgrou
p.getOwnerUserDN.equals(user.getDN())lt/javacondit
iongt ltjavaconditiongtgroupFacade.isMember(gr
oup.getManagerGroupId(), user.getUid())lt/javacond
itiongt ltjavaconditiongtgroupFacade.isMember(
group.getOwnerGroupId(), user.getUid())lt/javacond
itiongt ltjavaconditiongtgroup.getGroupType().eq
uals("COMMUNITY") group.hasMember(user)lt/javaco
nditiongt ltjavaconditiongtgroup.getGroupVisib
ility.equals("ORGANIZATION") user.getOrganizatio
n().equals(organization.getName())lt/javacondition
gt ltjavaconditiongtgroup.getGroupVisibility.equ
als("BUSINESS_CATEGORY") user.getBusinessCategor
y().equals(group.getBusinessCategory())lt/javacond
itiongt
lt/rule gt
15
Short Term Roadmap

• Appliance Installation Wizard
• Rule Based Groups
• Dynamic Group Schema Extension
• Dynamic Rule creation
• Better reporting