ESI Extensions for Web

Download Report

Transcript ESI Extensions for Web 

ESI Extensions for
Web-based Collaboration
Merlin W. Vincent
Master’s Thesis Defense
4/28/2004
Merlin Vincent
1
Outline
Characteristics of Collaboration Systems
 Edge-Side Includes Protocol
 ESI Extensions for Collaboration
 Extended Example ESIC Application
 Performance Evaluation
 Security Issues

4/28/2004
Merlin Vincent
2
Motivation

Provide an easy-to-use framework for developers
– collaboration becoming more popular


Improve performance by offloading I/O
Decrease application complexity
– gain multicast distribution services
– gain collaboration-specific communications

Utilize existing content delivery network (CDN)
Infrastructure
– Extend edge cache server function and Edge Side Includes
protocol for collaboration

HTTP is ubiquitous and convenient
4/28/2004
Merlin Vincent
3
General Collaboration Features

Any framework should support:

Authentication
Access Controls
Awareness
Transport Security



4/28/2004




Dynamic Interaction
Unrestricted doc types
Unrestricted app types
Unrestricted messaging
Merlin Vincent
4
Communications for Collaboration

Collaboration application comm can be
– asynchronous
– synchronous

Synchronous Real-time Communications
– operation propagation

Replication of shared objects
– something must exist on user’s system
4/28/2004
Merlin Vincent
5
Approaches to Object Replication

Collaboration Awareness
– Lower bandwidth required



model
view
Collaboration Transparency
– Higher bandwidth required



4/28/2004
widget
window
screen
Merlin Vincent
6
Edge Network Cache
Servers
Mirror Site
Fast Response
Clients
Cache
Server
PSINet
Client
Cache
Cache
Server
@Home
Host Server
UUnet
QWest
Server
Mind
Spring
4/28/2004
Cache
Server
Sprint
Cache
Server
Clients
Fewer Requests
Client
Side
Cache
Server
Gloobix
Edge
Network
Cache
Server
Merlin Vincent
Mirror Site
Clients
7
Edge-Side Includes Protocol

Used to generate dynamic web pages
– based on HTTP and HTML

Involves only the proxy and server
– transparent to clients

Controlled by HTTP headers
– proxy sends Surrogate-Capabilities header
– server sends Surrogate-Control header

Implemented in markup
– in-message XML
4/28/2004
Merlin Vincent
8
Edge-Side Includes Markup
<table>
<tr><td colspan=“2”>
<esi:try>
<esi:attempt>
<esi:include
src=http://www.myxyz.com/news/top.html
onerror=“continue” />
</esi:attempt>
<esi:except>
<!- -esi
This spot is reserved for your company’s
advertising. For more info <a
href=www.myxyz.com> click here </a>
-->
</esi:except>
</esi:try>
</td></tr>
</table>
4/28/2004
Merlin Vincent
9
ESI for Collaboration (ESIC)

Collaboration framework
–
–
–
–

sessions
channels
users
addressable messaging
Extends existing ESI standard
– uses ESI extension processor

Proxies act as surrogates
– DNS returns proxy address
4/28/2004
Merlin Vincent
10
Origin Server
Homed
Channel
ESIC Architecture
Content Delivery
Network
Proxy A
Proxy C
Proxy B
Peer-to-peer
Channel
Clients
4/28/2004
Clients
Merlin Vincent
11
ESIC Protocol
Controlled by HTTP headers
 Control functions

– create/update/remove sessions, &c.
– via in-message XML markup
– involves only proxy and server

Messaging functions
– multiple channel types
4/28/2004
Merlin Vincent
12
Sessions
An on-going collaboration instance
 Consist of:

– a set of users
– a set of channels

Attributes:
– session ID
– base path, e.g.,
http://www.collabr8.com/basePath
4/28/2004
Merlin Vincent
13
Users
Collaborators
 Attributes:

– client ID
– channels that may be used
– user roles


4/28/2004
define channel access rights (rw, ro, wo)
role names defined by the application
Merlin Vincent
14
Channels
A bi-directional communications link
 Accessed via URL
 Attributes:

– access types for user roles
– activity timeout
– channel type
– URL is relative to session base path, e.g.,
http://www.collabr8.com/basePath/channelPath
4/28/2004
Merlin Vincent
15
ESIC Channel Types

Basic
– bi-directional link
– peer-to-peer, one-to-many

Homed
– all requests forwarded to server

Monitored
– copy of all requests sent to monitor

Ordered
– all requests sent through single proxy
4/28/2004
Merlin Vincent
16
Extended Example: drawboard

Modified open source applet & server
– converted applet to application
 issue: couldn’t simulate DNS lookup
– added use of HTTP messages (non-ESIC version)
– added use of ESIC framework
4/28/2004
Merlin Vincent
17
Initial Client Login


DNS => proxy IP address
Client logs in to application
– proxy passes messages not
bound for channel URL



Server response contains
markup creating the session
Proxy A broadcasts info on
new session
Server informs client of
collaboration channel URLs
4/28/2004
Merlin Vincent
18
Initial Client Login Request

Drawboard login consists of GET request
– the /drawServer URL is not a collaboration channel

Msg 4: Proxy adds Surrogate-Capabilities header
GET/drawServer HTTP/1.1
User-Agent: DrawboardClient/1.0
Accept: text/xml,application/x.HttpDrawboard,application/xml...
Accept-Language: en-us,en;q= 0.5
Accept-Encoding:
Accept-Charset: ISO-8859-1,utf-8;q= 0.7,* ;q= 0.7
Proxy-Connection: keep-alive
Host: blanca.uccs.edu:8064
Via: 1.1 sanluis
Surrogate-Capability: sanluis= "ESI/1.0 ESIC/0.1"
4/28/2004
Merlin Vincent
19
Initial Client Login Response


Server accepts login, assigns session & client ID
Msg 5: Initial server response creates session
HTTP/1.1 200 OK
Surrogate-Control: content= "ESIC/0.1"
Set-Cookie: esicClient= "client1"
Set-Cookie: esicSession= "draw1234"
Content-Type: application/x.drawboard.ConxStarter
Content-Length: 232
[ ...ESIC XML markup...]
[ ...serialized ConxStarter object... ]
4/28/2004
Merlin Vincent
20
Proxy Control: XML Markup


ESIC Proxy controlled by in-message XML
General structure of markup:
<esicSession id="abc123">
<sessionControl>
session control elements
</sessionControl>
<channelTraffic>
channel addressing elements
</channelTraffic>
</esicSession>
4/28/2004
Merlin Vincent
21
< esic Session id= "draw1234">
< sessionControl ac tion= "c reate">
< basePath> /drawServer < /basePath>
< c lientList>
Server XML creating
< c lient ac tion= "c reate">
the session
< id> c lient1 < /id>
< ac c essList>
< c hannelAc c ess path= "/drawboard" role= "partic ipant"/>
< /ac c essList>
< /c lient>
< /c lientList>
< c hannelList>
< c hannel ac tion= "c reate">
< path> /drawboard < /path>
< type> homed < /type>
< ac c essControl>
< ac c ess role= "partic ipant"> readwrite < /ac c ess>
< /ac c essControl>
< /c hannel>
< /c hannelList>
< /sessionControl>
< /esic Session>
4/28/2004
Merlin Vincent
22
Initial Client Channel Connection


Client must connect to
collaboration channel
Msg 8 includes ID headers
GET/drawServer/drawboard HTTP/1.1
Cookie: esicSession= ”draw1234”
Cookie: esicClient= ”client1”
[ ...other headers... ]

Msgs 10, 11 are
application specific
– Pinger
– Archive (latecomer support)
4/28/2004
Merlin Vincent
23
Additional Client Logins


New clients may login
via another proxy
Client login messaging
is identical
– server assigns client ID
and role
– response XML adds
client to session

Proxy B broadcasts
update to session
4/28/2004
Merlin Vincent
24
HTTP/1.1 200 OK
Surrogate-Control: c ontent= "ESIC/0.1"
Set-Cookie: esicClient= "client2"
Set-Cookie: esicSession= "draw1234"
Content-Type: application/x.drawboard.ConxStarter
Content-Length: 232
Server
response
with XML
updating
the session
< esic Session id= "draw1234">
< sessionControl ac tion= "update">
< c lientList>
< client ac tion= "c reate">
< id> c lient2 < /id>
< ac c essList>
< c hannelAcc ess path= "/drawboard" role= "partic ipant"/>
< /ac c essList>
< /client>
< /clientList>
< /sessionControl>
< /esicSession>
[ ...serialized ConxStarter object... ]
4/28/2004
Merlin Vincent
25
Using a Channel

Client receives assigned IDs
– Set-Cookie headers in initial response


esicSession=“abc123”, esicClient=“def456”
Client receives channel URLs
– mechanism is application-specific (ConxStarter)


Client connects to channels
Client may now send data to the channel
– via GET/POST/PUT requests

Sender must provide address information
4/28/2004
Merlin Vincent
26
Channel Addressing

Sender provides an address
–
–
–
–

recipient’s client ID, or ‘*’ for broadcast
homed channel: server is implied
monitored channel: monitor is implied in addition
mechanism differs for client & server
Client addresses in method or header
Cookie: esicToList=”def456,ghi789”
- or -
http://a.b.com/base/ch1?esicToList=def456,ghi789
4/28/2004
Merlin Vincent
27
Server Channel Addressing

Server addresses are in message XML
– message body contains address list
< esicSession id= "draw1234">
< channelTraffic>
< path> /drawboard < /path>
< toList>
< client id= "* "/>
< /toList>
< /channelTraffic>
< /sessionControl>
< /esicSession>
4/28/2004
Merlin Vincent
28
Proxy Actions

Upon receiving a request to a channel:
– ESIC proxy intercepts the message


recognizes client requests to channel URLs
server responses will contain control header
– Routes messages appropriately




verifies client role allows write access
extracts address list
channel type considered
forward to other proxies if necessary
– proxies comprise multicast group
– routing table maps client to proxy connection
4/28/2004
Merlin Vincent
29
Sending Collaboration Data
10. Client2 issues POST request
Origin Server
11. Homed channel goes to server
with Surrogate-Capability header
12. Response with ‘*’ address in XML
and Surrogate-Control header
11
12
Proxy A
Proxy B
13
15
14
10
13. Forwarded to client1 proxy
14,15. Delivery to addressees
4/28/2004
Client2
Merlin Vincent
Client1
30
POST request
POST/drawServer/drawboard HTTP/1.1
from client2
Cookie: esicClient= "client2"
Cookie: esicSession= "draw1234"
User-Agent: DrawboardClient/1.0)
Accept: text/xml,application/x.HttpDrawboard,application/xml...
Accept-Language: en-us,en;q= 0.5
Accept-Encoding:
Accept-Charset: ISO-8859-1,utf-8;q= 0.7,*;q= 0.7
Proxy-Connection: keep-alive
Content-Type: application/x.drawboard.Freehand
Content-Length: 1160
Host: blanca.uccs.edu:8064
Via: 1.1 sanluis
Surrogate-Capability: sanluis= "ESI/1.0 ESIC/0.1"
[ ...serialized Freehand object... ]
4/28/2004
Merlin Vincent
31
Server Broadcasts Data to Users
HTTP/1.1 200 OK
Surrogate-Control: c ontent= "ESIC/0.1"
Content-Type: applic ation/x.drawboard.Freehand
Content-Length: 1160
< esic Session id= "draw1234">
< c hannelTraffic >
< path> /drawboard < /path>
< toList>
< c lient id= "* "/>
< /toList>
< /c hannelTraffic >
< /sessionControl>
< /esic Session>
[ ...serialized FreeHand objec t... ]
4/28/2004
Merlin Vincent
32
Performance Evaluation

Test configuration
– drawboard server on blanca
– two ESIC proxies, sanluis & crestone
– multiple drawboard instances



4/28/2004
running on Windows workstations
evenly distributed between the proxies
repeat the last generated drawing object
at rate of 1 msg/sec
Merlin Vincent
33
Non-ESIC Test Rig

blanca: dual 933MHz PIII,
1.5GB RAM, Redhat 9, Java
1.4.1

Windows PCs: one
Blanca
933MHz PIII, 512MB RAM,
Java 1.4.1

n clients => n2+n msg/sec
– 1640 msg/sec maximum
From 2 to 40 c lients
Odd-numbered clients
4/28/2004
Merlin Vincent
Even-numbered clients
34
ESIC Test Rig

Crestone: same as
Blanca
Blanca

Sanluis: same except
has dual 1.64GHz PIII

n clients => 2n msg/sec
Crestone
Sanluis
– 80 msg/sec maximum

JDOM XML adds a lot of
overhead
– turnaround time: 4.415
mSec to 11.578 mSec
4/28/2004
From 2 to 40 clients
Odd-numbered clients
Merlin Vincent
Even-numbered clients
35
CPU Utilization
100
90
80
70
60
50
40
30
20
10
0
2
4
6
8
10
12
14
16
18
20
22
24
26
28
30
32
34
36
38
40
Number of Clients (each sending 1 msg/sec)
Non-ESIC Results
ESIC Results
4/28/2004
Merlin Vincent
36
Message Latency
260
240
220
200
180
160
140
120
100
80
60
40
20
0
2
4
6
8
10
12
14
16
18
20
22
24
26
28
30
32
34
36
38
40
Number of Clients
Non-ESIC Latency
ESIC Latency
4/28/2004
Merlin Vincent
37
ESIC Security

Complex issue
– proxy must have access to msg contents
– server response messages



ESI is still allowed
markup may be anywhere within the message
markup controls the proxy
– client request messages

4/28/2004
addresses are in the HTTP headers
Merlin Vincent
38
ESIC Security, cont.

Proxy is a surrogate for the server
– tightly integrated
– server is client of Content Delivery Network

Proxy/Server Connection
– SSL, with client authentication

Client/Proxy Connection
– SSL, proxy uses subscriber’s certificate
– similar approach used for virtual hosting
4/28/2004
Merlin Vincent
39
Future Work

Improve efficiency
– connection pooling to origin server
– extend multicast group to clients

Experiment with virtual clusters
– avoid the Java applet security issue

Address caching issues
– optional channel attribute
4/28/2004
Merlin Vincent
40
Conclusion
Presented a design based on analysis of
collaboration requirements
 Implemented a prototype to
demonstrate usability
 Evaluated performance

4/28/2004
Merlin Vincent
41