Date post: | 16-Jan-2016 |
Category: |
Documents |
Upload: | kelly-goodman |
View: | 215 times |
Download: | 0 times |
Users’ Authentication in the VRVS System
Users’ Authentication in the VRVS System
David ColladosCalifornia Institute of Technology
November 20th, 2003 TERENA - Authentication & Authorization
What is VRVS?What is VRVS?
The Virtual Rooms Videoconferencing System has been developed by Caltech since 1995 to provide a world wide videoconferencing service for education and research communities.
VRVS is a realtime distributed system which provide a scalable communication infrastructure for large collaboration dispersed all over the world.
Different technologies and protocols are supported (and mixed) and allow users to connect their preferred videoconference.
Supports Mbone, H.323, SIP, QuickTime, Access Grid, JMF and MPEG2.
The system is composed of 1 main server and several reflectors spread around the world.
VRVS Web Service DesignVRVS Web Service Design
Unified Web User Interface to schedule and join/leave a meeting independently of any application.
Multi-platform: Windows, Linux, MacOS and Unix Easy to use: Everybody knows how to click on a web
page today.
Virtual Room Concept, Scheduling: Create a virtual space were people can exchange real-time information
Join or Leave a Collaborative session at anytime. No need to know in advance how many participants and booked ports capacity.
Full Documentation and Tutorial Self service: No need for a technician or expert to
organize and join you into a conference.
Mbone Mbone ToolsTools
(vic, vat/rat,..)(vic, vat/rat,..)
VRVS Model ImplementationVRVS Model Implementation
donedone Partially donePartially done Work in progressWork in progress Continuously in development
Qo
SQ
oS
VRVS Reflectors (Unicast/Multicast)VRVS Reflectors (Unicast/Multicast)
Real Time Protocol (RTP/RTCP)Real Time Protocol (RTP/RTCP)
SIPSIP
Network Layer (TCP/IP)Network Layer (TCP/IP)
H.323H.323 QuickTimeQuickTimePlayerPlayer
MPEGMPEGMinervaMinerva
Co
llabo
rativ
e
Co
llabo
rativ
e
Ap
plic
atio
ns
Ap
plic
atio
ns
VRVS Web User InterfaceVRVS Web User Interface
VRVS Deployment VRVS Deployment and Usageand Usage
VRVS Reflectors DeploymentVRVS Reflectors Deployment
VRVS Reflector ImplementationVRVS Reflector Implementation Avoids Duplication of Streams on a given Link Can be set to Unicast or Multicast mode or both Connection peer-to-peer with neighbors network servers. Connectionless (more reliable to network breaks) Enables Optimized Routing Enables Bandwidth Control Provide low latency communication Could be use for real-time interactivity or broadcast Provide elegant solution to cross firewall/NAT Remote Management Features. Compliant with IETF RTPv2 Protocol, ready for new applications.
Monalisa: Real-Time MonitoringMonalisa: Real-Time Monitoring
Registered users and current usageRegistered users and current usageas of (16as of (16thth November 2003) November 2003)
USA 1609
Spain 1038
Italy 450
Switzerland 405
Brazil 379
France 357
Germany 324
UK 260
Canada 127
Japan 123
Multipoint Videoconferences Scheduled
0
100
200
300
400
500
600
700
800
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2001
2002
2003
Slovakia, Chile, Poland, Russia, Taiwan, Greece, Netherlands, etc…
Number of Registered Users: 96 Countries & 6615 Users
Hours Scheduled of Multipoint Videoconferences
0
500
1000
1500
2000
2500
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2001
2002
2003
Machines and OSMachines and OS
VRVS supports different
Operating Systems based
on the needs and
demands of final users:
1st : Windows
2nd: Linux
3rd: Mac OS
4th: Other UNIX
19.461 machines
(16th November 2003)
Machines used in VRVS
11856
1733923 136
WindowsLinuxMacintoshOthers
Connections from Machines
143760
30021
11805 2045
WindowsLinuxMacintoshOthers
Some Examples Some Examples
VRVS on Mac OS XVRVS on Mac OS X
VRVS on WindowsVRVS on Windows
Example 1: Example 1: 20 participants20 participantsBRAZIL (3 sites) + SWITZERLAND (CERN) + USA (Caltech)BRAZIL (3 sites) + SWITZERLAND (CERN) + USA (Caltech)
Example 2: Example 2: 17 participants17 participantsJAPAN + UK + SWITZERLAND + BRAZIL + USA (SLAC + FERMILAB)JAPAN + UK + SWITZERLAND + BRAZIL + USA (SLAC + FERMILAB)
VRVS Virtual SetupVRVS Virtual Setup
1 dual processor PC
With special 4 outputs graphic card
6400 x 4800 pixels
Most powerful VRVS End Node
Authentication and Authentication and AuthorizationAuthorization
- Present Status -- Present Status -
Users’ Site (Apache)Users’ Site (Apache)
Database Authentication module for browsing most of the site.One single realm for the whole site.Caching just for the current browser session.
Authorization of Users 1/2Authorization of Users 1/2
Each VRVS user belongs to a Community. The responsible/s for that community will authorize (or not) bookings from that user in their community.
Authorization of Users 2/2Authorization of Users 2/2
Other mechanism of authorization is implemented when joining a meeting (Virtual Room access protected with password).
Administration Site (Tomcat)Administration Site (Tomcat)
Database Authentication for the whole site.JDBC Realm implemented for MySQL DB.Administrators database with MD5 digest algorithm for stored
passwords.
Authorization @ Admin SiteAuthorization @ Admin Site
Different roles defined in the DB attached to the users.The Call Detail Record example. Oriented to roles.
Authentication and Authentication and AuthorizationAuthorization
- Future -- Future -
AA in the VRVS FutureAA in the VRVS Future
AA independent of our system and distributed. Internet2 initiative: Shibboleth. RedIRIS initiative: PAPI. Grid Security Infrastructure (GSI): public key
encryption, X.509 certificates, SSL + extensions for delegation and single sign-on.
What do we integrate and how?