MultiTenancy - an Introduction for Techies Timothy D. Kuehn Senior OpenEdge Consultant TDK Consulting Services Inc

Slides:



Advertisements
Similar presentations
The VeriTrak Enterprise Application Created for The Verification Company By CTO Source, Inc. This presentation provides an overview of the system and links.
Advertisements

Client Principal in the wild
Introduction to the ABAP Data Dictionary
OpenEdge ABL Multi-Tenancy ABL Multi-Tenant Programming Mary Szekely OpenEdge Fellow June 2011.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
Authenticating REST/Mobile clients using LDAP and OERealm
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Databases & Data Warehouses Chapter 3 Database Processing.
Overview What is SQL Server? Creating databases Administration Security Backup.
Web Development Challenges and How They are Solved in ps:eScript Matt Verrinder Progress Software UK Internet & Integration Technologies.
Coding with Identity Management & Security Part 2 of Identity Management with OpenEdge Peter Judge OpenEdge Development
DB-19: OpenEdge® Authentication Without the _User Table
Identity Management Basics Part 1 of Identity Management with OpenEdge Peter Judge OpenEdge Development
Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.
Module 3: Table Selection
Session 5: Working with MySQL iNET Academy Open Source Web Development.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
ASP.NET Programming with C# and SQL Server First Edition
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
DAY 15: ACCESS CHAPTER 2 Larry Reaves October 7,
MOVE-14: Migrating Your 4GL Authentication System to OpenEdge® 10
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
1 INTRODUCTION TO DATABASE MANAGEMENT SYSTEM L E C T U R E
MOVE-9: Audit enable your Application the Easy Way Anthony D Swindells Engineering Fellow.
A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.
Americas PUG Challenge OpenEdge ABL Multi-tenancy Mary Székely OpenEdge Fellow May 2012.
Chapter 7 Working with Databases and MySQL PHP Programming with MySQL 2 nd Edition.
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
SEC835 Practical aspects of security implementation Part 1.
Identity on Force.com & Benefits of SSO Nick Simha.
PowerPoint Presentation for Dennis, Wixom, & Tegarden Systems Analysis and Design with UML, 4th Edition Copyright © 2009 John Wiley & Sons, Inc. All rights.
Module 11: Programming Across Multiple Servers. Overview Introducing Distributed Queries Setting Up a Linked Server Environment Working with Linked Servers.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment Michael Jacobs Development Architect.
Kirkwood Center for Continuing Education Introduction to PHP and MySQL By Fred McClurg, Copyright © 2015, Fred McClurg, All Rights.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.
Managing users and security Akhtar Ali. Aims Understand and manage profiles Understand and manage users Understand and manage privileges Understand and.
Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Chapter 9 Database Systems © 2007 Pearson Addison-Wesley. All rights reserved.
Progress Software Identity Management 101 Sarah Marshall OpenEdge QA Architect May 2012.
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Search Overview Search Features: WSS and Office Search Architecture Content Sources and.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
ARCH-08 A Common Business Service Approach to Application Development Anthony Swindells Progress Fellow.
Constraints Lesson 8. Skills Matrix Constraints Domain Integrity: A domain refers to a column in a table. Domain integrity includes data types, rules,
Session 1 Module 1: Introduction to Data Integrity
DEV-8: AppServer ™ Mode Case Studies Simon Epps Solutions Engineer.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.
PowerPoint Presentation for Dennis, Wixom, & Tegarden Systems Analysis and Design with UML, 5th Edition Copyright © 2015 John Wiley & Sons, Inc. All rights.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
19 Copyright © 2008, Oracle. All rights reserved. Security.
562: Power of Single Sign-On in OpenEdge
CollegeSource Security Application &
Cisco Data Virtualization
The System Catalog Describing the Data Copyright © Curt Hill
OpenEdge Multi-Tenancy
Chapter 8 Working with Databases and MySQL
Computer Science Projects Database Theory / Prototypes
Presentation transcript:

MultiTenancy - an Introduction for Techies Timothy D. Kuehn Senior OpenEdge Consultant TDK Consulting Services Inc Ph Cell:

MultiTenancy For Developers Storage Area Structures Type I: Inventory Data Inventory Index Order Data Order Data Order Index Inventory Index Inventory Data Type II: Inventory Data Inventory Index Inventory BLOB Cluster TDK Consulting Services Inc

MultiTenancy For Developers Storage Structures MultiTenant Table in Type II Storage Area Tenant: Coyote Inventory Data Cluster Inventory Index Cluster Inventory BLOB Cluster Tenant: Road Runner Inventory Data Cluster Inventory Index Cluster Inventory BLOB Cluster Tenant: Balto Inventory Data Cluster Inventory Index Cluster Inventory BLOB Cluster TDK Consulting Services Inc

MultiTenancy For Developers Storage Structures MultiTenant Groups All tenants have their own distinct “inventory” table partition Viewers Since Balto is not a group member, he gets his own “viewers” partition. Viewers What happens when a group has no tenant members…. Tenant: Coyote Tenant: Road Runner Inventory Viewers Tenants in a group share access to a single data partition of the “viewers” table Tenant: Balto Inventory TDK Consulting Services Inc

MultiTenancy For Developers Storage Structures Shared Tables Tenant: Coyote Tenant: Road Runner Inventory Viewers Tenant: Balto InventoryViewers Geographic Information System Data Everyone sees and updates the same table at the same time MultiTenant Tables Shared Tables TDK Consulting Services Inc

“Global Shared Sequence” -> Same as current sequence, all tenant users see the same value “MultiTenant Sequence” -> Each tenant gets their own sequence MultiTenancy For Developers Database Sequences TDK Consulting Services Inc

MultiTenancy For Developers Database Sequences Tenant: Coyote Tenant: Road Runner Inventory ID Global Shared Sequence Inventory ID MT Sequence Viewer ID All other Tenants: Inventory ID ….. The counter increments at the same time and has the same value for all tenants Each tenant gets their own counter. Each tenant’s counter increments independent of all other tenant’s counters TDK Consulting Services Inc

Domains - Are collections of users within a tenant Determines which tenant’s data a user has access to Determines how users are authenticated Controls user access MultiTenancy For Developers (Security) Domains TDK Consulting Services Inc

Domain Rules: Must be associated with a database tenant Must be unique across all database tenants Must have an authentication configuration The “” (blank) domain is the ‘default’ domain Names can be up to 64 chars long MultiTenancy For Developers (Security) Domains TDK Consulting Services Inc

MultiTenancy For Developers Domains Inventory Viewer Inventory Sequence research.coyote.com fabrication.coyote.com research.roadrunner.com tactics.roadrunner.com Domains Inventory Sequence Tenant: Coyote Tenant: Road Runner TDK Consulting Services Inc

MultiTenancy For Developers Users User Rules - Are identified within a domain Must be unique within domain Can have the same name in multiple domains (even within the same tenant) Best Practices: Match development login user tenant with the type of user who’ll be using the data TDK Consulting Services Inc

MultiTenancy For Developers Users Inventory Viewer Inventory Sequence Inventory Sequence Tenant: Coyote Tenant: Road Runner TDK Consulting Services Inc

Authentication is the process performed by an authentication system to validate a user's asserted identity and determine their abilities and rights to access data sources. Authentication process is defined at the domain level. _oeusertable: Authenticate using the _user table (-U –P) _oslocal: Authenticate using the OS _extsso: External Single Sign-on {userdefined}: > same as _extsso, 11.1: SSO & ABL Notes: _user can be configured for access by SQL92 only _oslocal executes whever the AVM session runs MultiTenancy For Developers Authentication TDK Consulting Services Inc

Authentication layers _oslocal _oeusertable OE SQLOE ABL OE MT DB proutil OS How does the AVM know when a session has been authenticated? Can authenticate using the OS identity or the _user table MultiTenancy For Developers Authentication TDK Consulting Services Inc

Client-Principal: A security token containing trusted user credentials that establish user identity for an ABL session and database connection(s). Types of CP objects: MultiTenancy For Developers Client-Principal TypeDescription UnsealedThe CP object information has not been authenticated and can be changed. (See the “LOGIN-STATE” attribute for more details) SealedCP object values have been set to authenticate access to the tenant, then converted to a tamper- proof token that can’t be changed. TDK Consulting Services Inc

MultiTenancy For Developers Establishing a Session Receive login information Authenticate Create sealed CP object Store CP object in a safe place Create session token Return session token TDK Consulting Services Inc

MultiTenancy For Developers Session Service Call Pass session token to service Validate session token Get session’s CP object Assert identity Perform work Return results to caller TDK Consulting Services Inc

MultiTenancy For Developers Remote Session Server Call Pass session token to service Validate session token Get session’s CP object Assert identityPerform work Return results to caller Pass CP to remote server TDK Consulting Services Inc

MultiTenancy For Developers Using Client-Principal to Establish Tenancy RUN Authenticate.p(user-id, domain, userpassword, OUTPUT is-ok). IF NOT is-ok THEN LEAVE. CREATE CLIENT-PRINCIPAL hCP. hCP:INITIALIZE(user-id + + domain). hCP:SEAL(DomainAccessCode). IF is-remote THEN op-raw = hCP:EXPORT-PRINCIPAL(). IF is-local THEN SET-DB-CLIENT(hCP). For more on the CP object, see “OE Getting Started: Core Business Services” page 4-9ff See _Domain._Domain-Access-Code TDK Consulting Services Inc

MultiTenancy For Developers What happens on identity switch? Tenant: W.E. CoyoteTenant: RoadRunner TDK Consulting Services Inc

MultiTenancy For Developers What happens on identity switch? Tenant: W.E. Coyote Tenant: RoadRunner Tenant Tables and Sequences Viewers Geographic Information System Data TDK Consulting Services Inc

MultiTenancy For Developers What happens on identity switch? Geographic Information System Data Viewers Tenant Tables and Sequences Tenant: Balto TDK Consulting Services Inc

Other things remember: All database buffers and queries are invalidated Prodatasets, temp tables, variables, and shared variables retain their state Prodatasets, temp-tables, and variables do NOT track tenant identity MultiTenancy For Developers What happens on identity switch? TDK Consulting Services Inc

MultiTenancy For Developers the story continues… TDK Consulting Services Inc

MultiTenancy For Developers How can tenants share data? Tenant: Balto InventoryViewers Tenant: Coyote Tenant: Road Runner Inventory Viewers The Riddler has a riddle for you… TDK Consulting Services Inc

MultiTenancy For Developers Introducing the Supertenant TDK Consulting Services Inc

MultiTenancy For Developers Finding the Supertenant Tenant: Balto InventoryViewers Tenant: Coyote Tenant: Road Runner Inventory Viewers Tenant: Super Effective Id defaults to “default” tenant on login Tenant: Default InventoryViewers TDK Consulting Services Inc

MultiTenancy For Developers Creating and Using the Supertenant 1.Create a “Super” Tenant 2.Create a security domain in the super tenant 3.Create a user in the super tenant domain 4.Login and do work TDK Consulting Services Inc

MultiTenancy For Developers Being the Supertenant: VSTs FieldDescr _Tenant-NameUnique name for tenant _TenantIDSystem applied ID. Super Tenant, = 0 -> Default Tenant, > 0 -> Regular Tenant _Tenant-DescriptionUser entered description _Tenant-TypeInternal Use _Tenant-Attributes[64]PSC Used Flags _Tenant-Data-Area-DefaultDefault storage area for data _Tenant-Index-Area-DefaultDefault storage area for indexes _Tenant-Lob-Area-DefaultDefault storage area for LOBs _Tenant-Sequence-BlockStorage area for sequences Table: _Tenant TDK Consulting Services Inc

MultiTenancy For Developers Being the Supertenant: VSTs FieldDescr _Domain-NameName of the security domain _Domain-TypeInternal Use _Domain-EnabledIs domain enabled for user access? _Auditing-ContextUser supplied information recorded in the auditing’s _auditing-context field _Domain-Access-CodeUsed to validate the CP authenticity “seal” before it will be used and used to verify that the CP has access to the current domain _Tenant-NameSame as _Tenant._Tenant-Name Table: _sec-Authentication-Domain TDK Consulting Services Inc

MultiTenancy For Developers Being the Supertenant: VSTs FieldDescr _UserIDSystem assigned ID _Domain-NameName of the Domain this user belongs to _User-NameName of the user _PasswordUser’s Password _TenantIDSame as _Tenant._TenantID Table: _User Note: _user’s primary index has changed to _userid + _domain_name TDK Consulting Services Inc

MultiTenancy For Developers Being the Supertenant: VSTs FieldDescr _Domain-NameName of domain that uses this system _Domain-TypeUsed internally to link _sec-authentication-domain to _sec-authentication-system _PAM-Module-NameDesignates the authentication system that supports authentication to user accounts using external user account software _PAM_Callback_ProcedurePath to the ABL procedure to run when OE performs user authentication / SSO inside of SET-DB-CLIENT() and SECURITY-POLICY:SET-CLIENT() Table: _sec-Authentication-System TDK Consulting Services Inc

MultiTenancy For Developers Being the Supertenant: VST Relationships _Tenant_Domain _Tenant-Name _sec-Authentication-System _Domain-Name _User _Domain-Name MultiTenant Schema Table Relationships _TenantID Reserved for use by PSC TDK Consulting Services Inc Also: _partition-set and _partition-set-detail – See MT Abl pg 213

MultiTenancy For Developers Being the Supertenant: Language Additions See Chapter 3: MultiTenant OE Development Programming Interfaces TDK Consulting Services Inc Language ElementTypeNotes IS-DB-MULTI-TENANT()Function IS-MULTI-TENANTProperty SET-EFFECTIVE-TENANT()FunctionDoes not invalidate current buffers, Undo does not reset EFF TNT GET-EFFECTIVE-TENANT-ID()Function GET-EFFECTIVE-TENANT- NAME() Function TENANT-NAME-TO-ID()FunctionConvert Tenant Name to an ID TENANT-ID()FunctionDB connection tenant ID TENANT-NAME()FunctionDB connection tenant Name CREATE … FOR TENANTStatementCreate record for specific tenant BUFFER-CREATEMethodCreate record for specific Tenant

MultiTenancy For Developers Being the Supertenant: Language Additions See Chapter 3: MultiTenant OE Development Programming Interfaces TDK Consulting Services Inc Language ElementTypeNotes BUFFER-TENANT-IDAttributeAssociated with a buffer BUFFER-TENANT-ID()FunctionAssociated with a buffer BUFFER-TENANT-NAMEAttributeAssociated with a buffer BUFFER-TENANT-NAME()FunctionAssociated with a buffer REPOSITION qrynme TO ROWID AttributeCan reposition a query to a rowID in a tenant table REPOSITION query TO ROWID() MethodCan reposition a query to a rowID in a tenant table TENANT-WHEREClauseUsed in a FOR EACH to read records from multiple tenants SKIP-GROUP-DUPLICATESClauseProcess a GROUP table once

MultiTenancy For Developers Being the Supertenant: MakingThingsEasier TDK Consulting Services Inc MT API

MultiTenancy For Developers Being the Supertenant: Things to Remember! Things to remember: 1.Each tenant’s partition is distinct, so table key values will be unique for a tenant/group and a table only 2.ROWID’s are unique to a tenant and area only. 3.Each record of a MT table has an identifier can be used to link it to a tenant via a BUFFER-TENANT-* call/reference 4.Tenant ID, like ROWID and RECID, is not guaranteed to remain the same across a D&L or tenant migration, and should only be used within a single AVM session. TDK Consulting Services Inc

MultiTenancy For Developers MT and Super Tenant Gotcha’s TDK Consulting Services Inc

MultiTenancy For Developers MT and Super Tenant Gotcha’s Requires ability to map single application structures to meta-application structures Tenant: Coyote Tenant: Road Runner Inventory Viewers Geographic Information System Data Viewers Tenant: Balto Inventory TDK Consulting Services Inc

MultiTenancy For Developers MT and Super Tenant Gotcha’s! External file, directory, and service collision avoidance /tmp Tenant: Coyote Tenant: Road Runner Inventory Viewers TDK Consulting Services Inc

MultiTenancy For Developers The Riddler Says: Questions Anyone? Questions…? TDK Consulting Services Inc

MultiTenancy For Developers Thank you for your time! TDK Consulting Services Inc This presentation brought to you by: Tim Kuehn Senior OpenEdge Consultant TDK Consulting Services Inc

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.