2,683 research outputs found
A solution for secure use of Kibana and Elasticsearch in multi-user environment
Monitoring is indispensable to check status, activities, or resource usage of
IT services. A combination of Kibana and Elasticsearch is used for monitoring
in many places such as KEK, CC-IN2P3, CERN, and also non-HEP communities.
Kibana provides a web interface for rich visualization, and Elasticsearch is a
scalable distributed search engine. However, these tools do not support
authentication and authorization features by default. In the case of single
Kibana and Elasticsearch services shared among many users, any user who can
access Kibana can retrieve other's information from Elasticsearch. In
multi-user environment, in order to protect own data from others or share part
of data among a group, fine-grained access control is necessary.
The CERN cloud service group had provided cloud utilization dashboard to each
user by Elasticsearch and Kibana. They had deployed a homemade Elasticsearch
plugin to restrict data access based on a user authenticated by the CERN Single
Sign On system. It enabled each user to have a separated Kibana dashboard for
cloud usage, and the user could not access to other's one. Based on the
solution, we propose an alternative one which enables user/group based
Elasticsearch access control and Kibana objects separation. It is more flexible
and can be applied to not only the cloud service but also the other various
situations. We confirmed our solution works fine in CC-IN2P3. Moreover, a
pre-production platform for CC-IN2P3 has been under construction.
We will describe our solution for the secure use of Kibana and Elasticsearch
including integration of Kerberos authentication, development of a Kibana
plugin which allows Kibana objects to be separated based on user/group, and
contribution to Search Guard which is an Elasticsearch plugin enabling
user/group based access control. We will also describe the effect on
performance from using Search Guard.Comment: International Symposium on Grids and Clouds 2017 (ISGC 2017
Active architecture for pervasive contextual services
International Workshop on Middleware for Pervasive and Ad-hoc Computing MPAC 2003), ACM/IFIP/USENIX International Middleware Conference (Middleware 2003), Rio de Janeiro, Brazil This work was supported by the FP5 Gloss project IST2000-26070, with partners at Trinity College Dublin and Université Joseph Fourier, and by EPSRC grants GR/M78403/GR/M76225, Supporting Internet Computation in Arbitrary Geographical Locations, and GR/R45154, Bulk Storage of XML Documents.Pervasive services may be defined as services that are available "to any client (anytime, anywhere)". Here we focus on the software and network infrastructure required to support pervasive contextual services operating over a wide area. One of the key requirements is a matching service capable of as-similating and filtering information from various sources and determining matches relevant to those services. We consider some of the challenges in engineering a globally distributed matching service that is scalable, manageable, and able to evolve incrementally as usage patterns, data formats, services, network topologies and deployment technologies change. We outline an approach based on the use of a peer-to-peer architecture to distribute user events and data, and to support the deployment and evolution of the infrastructure itself.Peer reviewe
Active architecture for pervasive contextual services
Pervasive services may be defined as services that are available to any client (anytime, anywhere). Here we focus on the software and network infrastructure required to support pervasive contextual services operating over a wide area. One of the key requirements is a matching service capable of assimilating and filtering information from various sources and determining matches relevant to those services. We consider some of the challenges in engineering a globally distributed matching service that is scalable, manageable, and able to evolve incrementally as usage patterns, data formats, services, network topologies and deployment technologies change. We outline an approach based on the use of a peer-to-peer architecture to distribute user events and data, and to support the deployment and evolution of the infrastructure itself
A software-defined architecture for next-generation cellular networks
In the recent years, mobile cellular networks are undergoing fundamental changes and many established concepts are being revisited. New emerging paradigms, such as Software-Defined Networking (SDN), Mobile Cloud Computing (MCC), Network Function Virtualization (NFV), Internet of Things (IoT),and Mobile Social Networking (MSN), bring challenges in the design of cellular networks architectures. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a scalable and efficient way. In this paper, first we discuss the limitations of the current LTE architecture. Second, driven by the new communication needs and by the advances in aforementioned areas, we propose a new architecture for next generation cellular networks. Some of its characteristics include support for distributed content routing, Heterogeneous Networks(HetNets) and multiple Radio Access Technologies (RATs). Finally, we present simulation results which show that significant backhaul traffic savings can be achieved by implementing caching and routing functions at the network edge
- …