WWDC2004 Session 616

Transcript

Kind: captions
Language: en
and welcome section 6 16 so what we're
going to talk about today well we do
this session every year and we typically
talk about three or four different
technology areas in depth we talk about
how they work how developers can take
advantage of them and so on and every
year the server team has a real
difficult time seeking those topics it's
not because we don't have anything to
talk about but because we have so many
different technology areas to pick from
as many of you know we have tens of
different services and component in my
question server and for each dds for
each feature each service with it
perhaps three or five new features so
it's pretty challenging but unluckily
some of these major areas such as open
directory exclude ACL coveralls we have
our own dedicated session so that makes
it a little bit easier then anyway this
year we pick these four areas to talk
about and we talked about all these
areas in ESS marketing server update
session but today we're going to double
click on them and then top step of 12 of
them is more in detail so we're going to
start off by talking about the managed
network browsing so a brand new Tiger
client-server feature will make it much
easier for people to browse especially
in a large organization then we're going
to talk about the sharing locks between
different file services the real good
toys and geek geeky technolon technology
area and fell over in high availability
we have this feature since Jaguar server
but we made some significant
improvements industries in Tiger server
we're going to be talking about this and
also we're going to talk about how
developers can take advantage of this
and extend this capability and the last
but not least we're going to talk about
the certificate management feature it's
again brand new feature in Tiger server
so let's jump right into management work
browsing so we introduced network
browsing in Panzer the feature where a
user can browse for file services and
connect to them directly in the Finder
window and management work browsing is
built on top of the functionality it's
incremental enhancement to make it even
easier to use but before we talk about
that let's take a look at how it works
behind the scene for a panther to get
these features work we actually have
three different processes involved at
the top level course we have the finder
and to finder it over this network down
then file servers actually shows up as
folders and files and that's done by all
manner which in turn talks to nsl or the
network service location API do it into
the system to find out all these
observers in zone and itself talk to
directory services so that many of you
know the directory services have
different plugins for accessing
different directory system such as
elders and active directory in addition
it has number of service discovery
plugins and one for each bottle and then
the other ones that actually responsible
for finding those servers on the network
and deporting back up so that's how it
works today very simple and this feature
works very well for consumers and small
work groups but it doesn't work too well
in large organizations especially with
large network so on look something like
this there are just too much information
you have too many network zones you have
too many servers in each of them and a
lot of these zones and service comes and
goes so it's somewhat unpredictable
unstable and also in most cases on these
zones are organized by physical network
infrastructure so usually by buildings
rather than by more logical grouping
such as by corporate or cars or by
projects so these are the problems that
we wanted to solve so manage network
network browsing is the feature where
you the network admins can customize the
view of what you see inside finder when
they both click on the network icon so
instead of looking something like this
where the bunch of road network data you
can create something like this let's
leave it more organized for your
organization so let's look at some of
the sub features
you can create arbitrary neighborhoods
the neighborhoods are those folders that
you see here and you can miss them so it
doesn't happy a flat list so for example
may be inside the engineering further
you may have server engineering find the
engineering application engineering and
so on you can also mix and match dynamic
and static content meaning for each
folder you can say i want each server so
i'm going to specify to show up or you
can say for this folder i want to show
all the servers that are discovered at
runtime on the client machine in these
networks own and you can mix and match
them you can also define multiple views
so you don't have to have a single view
for everybody you can create five or ten
different views and ensure it to
different set of people and the last
thing you can be praised or obtained
through the existing view that user
would see today in answer so the
screenshot here is the depressed version
of that if you'd like instead you can do
something like this so what you've
defined shows up on the top and then
below it you see the road network arm
zone so let's do a quick demo so you can
see friend talking about
okay so we have a pencil client here and
if you click on the network you see a
bunch of zones what we did here was
we're running a special tool that does a
fake registration a bunch of different
zones and server so we can really
simulate the large corporation or
institution so if you click content into
different servers and so on and what
we're going to do is we're going to
create a custom view and appraise this
and to do that we're going to launch
work good manager is where we
implemented a feature so if you notice
we have a new iphone here for network go
here and then that's where you can
construct the view and then preview them
so we're going to just wait and use a
default view and let's add couple
neighborhoods if you want call trails
run cold marketing and another one cause
over group and now we're going to start
adding some servers into this
neighborhood and there are three
different ways that you can add static
servers to each of these are
neighborhood one way is if you haven't
already have a computer record for that
particular server or servers you can
open up the drawer and you can just drag
them in ego so that's one way another
way is you can just go and drive
directly from finder so if you could get
the arm QA folder see our server
struggling that's another way and now
let's actually create on listed
neighborhood let's call this team
members to point to all the servers are
on bubbles to the server engineers and
the third which creates them is by hand
manually so let's say if I have an
employee named Bob with working from
Hawaii and we want to add a pointer to
his personal washing machine you can
just name it something Bob
and then just type in the URL target
added in here and then absolute computer
report automatically gets created for
that server for future and everything
we've added to your sofa or the static
servers if these or informations or
stored in directory services but you can
also add some dynamic content to that
you just select this one and I happen to
know that all the server guys are
sitting on the fourth row of the
undersea reading in a north and south
zone so what we're going to do is go
here and then select the under three
force and north in south and add so what
we are telling on management work
browsing is when this neighborhood is
click in the client machine chaussures
embossed machine but as well as
everything else that was discovered
runtime in these two different our
network zones so this looks good I'm
going to go to settings and then set it
to the place and save let's go back to
finder you go to the network now you see
the first on the custom view that we
just created
okay so now if you look at here you see
everything that we've added and you can
connect them or you can go in here you
see searching boss machine here but you
see all other servers that are
discovered in those Network zones we
actually mix and matching the data
making static content and if you'd like
you can also go back here and then set
it to add and save there you go so now
you see both arm what you be defined on
top and then fats on when a network at
the bottom and we have made changes to
find that yet so we couldn't actually
distinguish between these custom views
and then put on our network so we did a
video hack and then right now week with
a new dash in the front so that she
shows up on the top but by time we ship
it should be a little bit that are
looking alright so that was a demo
thanks right so now let's look at how
this works behind the scene but we did
was in Tiger we made the NFL little bit
smarter so now knows how to talk to
directory services and then get the view
configuration information and behave
differently based on that information
and of course we also made changes to
the workgroup manager so if you can
actually create and edit those
configuration information and store them
in directory services and by the way
this technology this feature works in
any directory system so it doesn't have
to be held up it could be update
directly with some schema changes or it
could even be local net input on if you
want to test it and that's actually how
I just see the demo to just keep it
simple we had all these three things
running on a frame machine tip now stick
look at web it's actually stored in a
directory when we do it all this
configuration editing there are three
different report types that too involved
we're interested in the network through
labor food and computer code types so at
the top we have network view record and
it basically just contains information
such as should i append what it plays
and then pointers the top level
neighborhoods that you've created
something like this and the network
neighborhood records contain basically
pointers to all its content so it points
to other neighborhood record if it's
nested or two different computer records
if you have a bunch of different server
space slide or references to network
zones if you have a dynamic content so
what we then just demoed here would look
something like this inside the directly
if you wanted to eat a clerk at that
system and again you can create multiple
views that will happy just one view so
you can create five or ten of these
things or 50 of those things and that
gets us to next topic and that is how
does in itself a view when you have
multiple different view records in
directory system it seems to follow set
of rules for it does is it first look at
the directory and see if there's a
computer records for the client machine
that is running or not the server
computer code but the crime computer
record and he finds one it checks to see
if there is a preferred view record
specified in that and if there is one
use it it's not it looks at the local
preference file and see if there is a
preferred view that should be using it
not equals back to the directory and it
looks for view food record name at if
the mac address of the machine this NSO
is running on it doesn't find one it
looked for IP address match it doesn't
find one look for the subnet match and
if all about sales it's just quoting
uses the default view which we've
actually used and if there is no default
view or if the focus turns off then it
just goes back to the default answer
behavior so it's sunrise with this
feature you have complete control over
what your users would see in finder when
they click on that network icon you can
easily create edit and then preview them
in work with manager the tool you
already know you can mix and match both
static and dynamic content you can
depress up and so you through the more
flexibility there and you also can
create different views for different set
of users
and all the configurations stored in
directory which means when you create
that it automatically gets propagated to
all the replicas when directory system
replicates and also you can use
directory services command line tools
for editing them from remote machine
from SSH on even on the Linux machines
and works with any directory system and
lastly there is no pint-sized
configuration change necessary or you
have to make sure is that client
machines bound to the right directory
system and it should just work and you
can even automate that portion by using
option 95 each of DHCP so that's
actually what i had for the management
or browsing and i would like to
introduce rusty tougher we're going to
tell us about file services locking
thank you good morning locking in file
services is an important part of any
file system or file services especially
so in mecco attend server where we have
such a variety of different file
services serving a variety of different
clients so today we're going to start by
taking an overview and review how
locking works today for windows / sm b
four carbon clients / AFP and unix
clients over NFS then we'll take a look
at how we're enhancing this file locking
interoperability on our platform and for
tiger finally then we'll wrap up with
some notes for cross-platform developers
can use to to develop collaborative
applications i'm using this technology
so we'll start with file locking in a fe
and SMB fortunately the two protocols
provide very very similar semantics in
file locking both are using opens with
deny modes so they can open files
read-only with shared access read-write
with shared access that would be a
read/write with no not denying a read
other readers or writers
and the most common case of read/write
with exclusive access which is what most
applications do after opening a file
read write with shared access
collaborative applications will then
ensure concurrency and serialized access
to the files using range locks on for
the ranges that they want to read or
write in a FB and SMB these locks are
our mandatory locks so that you it's
just that other users are prevented from
opening the files they don't have to
test locks and so on so in UNIX file
locking in contrast it's an opt-in
policy so the locks are advisory you
need to test for the presence of lock
before opening a file and you can use
using the S lock API to do so you can
take out an exclusive or shared lock for
on the full file but if you want to do
range locking you would use the f
control API and there again it's an
advisory lock that you would test for
both exclusive or shared access thiet
there's both the advisory and mandatory
schemes work I'm sorry Oh on the wrong
back to slides thank you ok we all have
a demo for locking like as I was saying
both advisory and mandatory schemes work
very well it's both but in both cases
the applications have to agree on a
scheme that they're going to use to
ensure collaborative access to the files
in the UNIX using unix locking you
applications must choose whether they're
going to use the F lock to guarantee for
concurrency or F control it can't use
both they're basically exclusive one or
the other which leads us to the way that
samba an AFP mapped they open and deny
and locks onto UNIX onto the eunuch
semantics standard zombie uses the f
control the map is range locks to the f
control so in this case it's not taking
it's not mapping any locks when it takes
an open or deny AFP on the other hand
maps its hope and denies to the f lock
and you can see here and this is
basically the standard architecture for
that so in tiger we want to enhance this
and really unify the way that AF en s
and B provide locking to their clients
and doing this will provide it be able
to support concurrent access not just
ensure consistency but be able to have
concurrent access over from the two
platforms on a given file to where I'd
shared editing for collaborative
applications and working with NFS
because we don't have a perfect mapping
between the semantics of the AFP NS and
be locking with the UNIX file locking
will favor data integrity over
concurrent access with NFS and then
finally because we had underlying the
servers we need to take out the UNIX
locks will have to use strict locking to
emulate the mandatory nature of the lot
says provided
see those two the clients on the Windows
to Mac platforms all this will be
delegated to a new system framework for
range locking and so back to the
architectural diagram as we see we'll
have again AFP and Sabah talking to
POSIX and carbon layer and between the
two of them will be a range locking
framework to negotiate access to files
with the proper semantics so
double-click on some details on how this
is actually implemented in the framework
as with AFP we're going to map the open
deny calls to an F lock and you can see
according to this chart we have
basically three different options to do
from the S lock we can take no luck at
all we can take an exclusive block or a
shared lock and so this is not doesn't
provide the full match to the semantics
provided by the opens and I calls so
where the locking will give us concur
give a consistency with NFS will use
internally Maps the consistency between
the opened and I calls within the
framework so by train flocking will be
fully enforced by the framework will
won't be taking an F control because it
won't be possible we already have the up
law f lock on the file and the reason
for doing this is that the the bite
range locks are really more transitory
in nature whereas the f lock persists
for the entire time that the file is
open giving us a better story around
consistency with other applications NFS
the lock database is memory mapped for
better performance and will emulate the
mandatory nature of the locks by testing
within the framework and AFP and SMB for
the presence of both the rain flocks and
denies before we open files or perform
read and write operations
so a few notes for developers that want
to take advantage of this and in
collaborative applications on the mac
platform you'll want to use the carbon
api's to access this capability and
first test towards the capability on the
file system by testing for the opened
and I've in a Mac os10 provides support
for many different file systems each of
them have a variety of capabilities and
not all support open deny or range
locking finally when you have found that
that capability exists use the pph open
that I think all and in this case
specify I'll read write with shared
access PP open that I think also has
variations that allow for acen
carnations and also operations on the
resource fork and then finally use PB
lock rains think and there's also
anything variation of this to gain
exclusive access to a range of bytes
that you want to either read or write
from the Windows platform you want to
use to create file API and here the
default is that you'll gain exclusive
access so you want to define provide
especially I should say that you want
read/write shared access and then
finally use the lock file API or lock
file extended to gain exclusive access
to the range of bytes you want to read
or write from your application locking
is just one of the many areas that
application developers can take
advantage of on the Mac OS 10 platform
will be there's a session later on today
best practices for application
developers that session 108 today at
five o'clock you can gain more
information around performance and other
AP is that are available to file system
developers and there's a number of
online resources that you can use to use
to your advantage as well
and with that like to introduce Chris
Shelburne who will provide some
information on the failover and high
availability okay when we were working
on the slides for this stuff it is
something that failover
high-availability has actually been in
the server product for quite some time
but it seems like not a lot of people
know about it our sales engineers when
they go out they they try to talk about
some of the extra features that Mac os10
has mac OS 10 server and they'll they'll
mention this and mostly customers like
really so I think the first thing to
talk about is is what is failover first
of all it's part of a high availability
solution Apple has a lot of different
components to tell a story now about
high availability and some that are
hardware and some that are software
failover is a software piece and it
provides the transparency of
availability for short-lived protocols
primarily Datagram or which are best
known as UDP based protocols and certain
short-lived tcp protocol such as HTTP
where you know you connect to the web
service and you download a document and
then continue making connections and the
basic premise behind it is that when the
primary node fails the backup will take
over that primary IPS publicly
accessible IP address and then offer the
same services that were on the primary
and it's typically backed by a raid or a
sand file system for extra data
integrity on the file system level so
here's a typical hardware setup on the
top you'll see that I've put a DNS
server and the idea here is just the
notion that you'll have the two servers
your active server in your backup server
but there needs to be something else out
there that has some information that
the clients are going to reference and
the easiest thing to point out as a DNS
server that's the thing that will
resolve the IP addresses for the primary
and the secondary and again we've
demonstrated the the back up with the
raid available to both machines one
thing that's been omitted from this
picture for simplicity is the fibre
channel which is a stuff in blue often
will have a special fiber fiber channel
switch wired up in there so that both
servers can access both sides of the
raid it just has to do with a hardware
configuration another thing to point out
is that the private network which is on
the right side of the diagram can either
be Ethernet or firewire with the IP over
firewire you can actually use that as
your private network and it's a cheaper
option by just kind of daisy chaining
firewire between your servers without
having to have an extra network network
switch or hub and add additional
reliability because you don't need that
extra hub there so I think the first
thing to point out is that failover and
high availability have been around since
Jaguar there was a failover product that
we ship with that however the philosophy
that we had when designing that was that
no two sites are alike anytime that we
tried to figure out well gee what would
be a useful solution for customers what
would be a typical scenario we couldn't
come up with any and when we asked the
sales engineers they were telling us oh
well you know this customer needs quick
time and this customer needs websites
and this customer needs home directories
so what we thought the easiest thing to
do was well how about we just kind of
provide the infrastructure and not the
complete solution because everybody's
not have to customize it everybody's
flights going to be a little bit
different and all we did for the
infrastructure then was just to manage
the state of the peers the primary and
the secondary and then do the failover
the IP address and email notifications
and then ran executables which is the
customized part of the site that the
administrators would have to do
themselves and we define it in docking
so they could do so in the way that
would meet their own individual
requirements but there wasn't a lot of
deployment from our customers because it
was too difficult to set up and in
particular the additional network
interface and the previous releases had
to be very carefully set up and most of
the times when we would go to look at
what had happened in a site that wasn't
working it was related to the network
setup and furthers not having a user
interface really seemed to scare a lot
of people away because it required
fairly significant network knowledge
about how the IP layer works and that
they'd have to like use VI to edit the
etc hosts config which seems to scare a
lot of folks and lastly even though
we're saying oh you need to customize
everything we didn't provide any really
useful sample scripts for them to start
with because we had just assumed that
these were all you know unix system
administrators who knew all of you all
this stuff so for tiger we decided that
we were going to change that and focus
on what customers were requesting and
most customers were requesting automatic
failover of file services so for home
directories and that sort of thing and
they also didn't like the automatic fail
fail back so when the primary came back
up in previous releases the secondary
would immediately relinquish the address
and it would go back to the primary and
often what happened was that if the
primary went down it usually went down
because it had a problem so if it came
back up and got the IP address it would
usually go back down again so we were
getting this ping-pong effect where in
certain sites if there really was
something physically wrong with the
primary say it's the IP address feedback
bounce back and forth so customer said
you know when it goes down I want to
look at it and when everything is okay
at that point I want to be able to say
yes it's okay now to fail back so that's
what we're doing for tiger it's now
going to be manual failback provided
through the user interface and we've
also simplified the setup by providing
the user interface and more sample
scripts for
other services other than file services
and we've removed the manual
configuration of the private network and
that was primarily by leveraging the
ipv6 stuff that's now built in and with
that the daemon can actually auto
configure as much as possible on the
system so it'll the daemon comes up
tries to figure out where it is in the
world and then Auto configures what it
can auto configure for the private
network and be able to communicate sort
of auto discovers what's going on and
then we'll start the heartbeat between
the two nodes the one thing that people
did seem to like where the external
scripts that allowed customization so
we're definitely keeping that in this
release and we're improving the
documentation and again providing some
more samples for that and the real
reason for this change is to build the
foundation for future directions that we
can go with once we have these to
damon's that are sitting there to talk
to each other about the real I
reliability of hardware and the step
that we took for that was to expand and
secure the communication model so the
daimons are actually now talking over
ipsec so that the authenticated IPSec
for those who actually know much about
IP seconds with the learning experience
for me so that when one node talked to
the other they know that yeah it's okay
that's that's coming from somebody that
I can trust and that allows additional
communication like one node to actually
tell the other node to shut down
generally you don't want to do that
unless you can trust where it's coming
from and so those future directions are
require this kind of secure
communication model and we're on to the
next there we go so the other thing to
talk about is what's not in Tiger
there's something known as instant or
live failover this is a very very
difficult thing to accomplish which
means that as soon as the primary node
is offline the secondary takes over as
if nothing happened it has the complete
state of information and and that's a
it's a
very sophisticated problem and again
we're building the foundation for the
for the future this is our first step
and this is not something that we can
accomplish in the tiger time frame load
balancing load balancing is often solved
with other devices existing hardware
there's some open source software to
actually be dealing with that again
we're building a foundation so load
balancing is not in Tiger the other
things that we we added a restriction
that the file services can only be
running on one note at a time on the
primary and not on the secondary other
services can be running on the secondary
but the file services the blocking stuff
that they added and the file system
itself underneath we were worried that
there might be some issues about
concurrent access and stuff like that so
to be safe we wanted to make sure that
data integrity was primary as was
mentioned earlier so for this release
the file services can only run into
primary when it fails over it'll switch
the secondary and then be handed back on
the manual fail back again we're
building a foundation and we hope to
improve on that in the future the other
thing is there are no multi-node access
to the raid and again this is kind of a
sort of the reason of the side effect
for that file services only on one node
if you want multi-node access to the
raids there's a product called X and and
there's a lot of sessions about it here
you're welcome to go those sessions can
get more information so here's the user
interface that we propose you'll notice
it's actually fairly simple up at the
top is what I've been calling the public
node and we're still trying to come up
with a better name for that that's
basically just the DNS name for the
primary node that's where everything is
keyed off so you enter that in and
that's what the secondary machine will
babysit we've added additional email
addresses in the previous release we
could only have one so now you can have
as many as you want and then the
all-important failover now and fail back
which will change the fail back now to
do the manual fail back
and the status window inside sir Redmond
will show you the status of where you
are with some explanatory text to help
guide you through it also we tried to
provide some explanatory text to help
you set it up again it's somewhat of a
complicated scenario but we're trying to
simplify it as much as possible for our
customers so in Tiger we currently have
a single Damon process and previous
releases we actually had to we had one
that was sort of broadcasting another
one that was listening so we've combined
them into one to simplify the
communication model and help with the
enrichment of the communication model it
runs over authenticated IPSec for our
security and it uses standard key lists
for communication so it's a you know a
command sequence with arguments and
passes data and you know something that
looks like notifications and and
commands and stuff like that and it's
all based on plist and then for the
private network we use ipv6 which is
automatically set up so that means that
the customers don't have to set up a
whole other private network and give 10
addresses or anything to their firewire
address or their their private Ethernet
address and then the daemon Auto
configures from the DNS name as I
mentioned on the previous slide we've
enhanced some of the helper scripts that
were where they are previously they were
notify failover and process failover and
we've added some the site-specific
scripts sorry that the customized stuff
that customers would use that's in the
same location so if someone actually
managed to set up IP failover in the
previous releases and got exactly what
doing exactly the way that they wanted
to do it when they upgrade to Tiger they
won't lose that customization and it
will still function for them as it did
previous with the exception of the
manual fail back so how do you enable
your service for failover well first of
all when possible don't be tied to
specific IP addresses because much like
in a mobile environment where you've got
your laptop that's going
ethernet and airport and different
airport zones when you're dealing with
failover IP addresses will come and go
so if you're tied to a specific IP
address and that IP address goes out
from under view then your service
generally is going to be a little
confused so one of the ways to get
around that is to use the system
configuration framework and become
Network aware there's actually another
session I think it's tomorrow on how to
write your app to be network aware and
that it applies to the server product
which is generally a much more static
environment than a desktop particularly
laptop but it's still important for
dealing with failover the other thing is
that you need you should be able to
gracefully handle the mounting or
unmounting of file systems in a failover
case we're dealing with file services
generally that means the home
directories are going to come up on the
secondary machine and in the fail back
case those home directories are going to
go away so that means that if you're
depending on stuff in the file system
they may come and go on you and when
possible don't keep open references to
those files on the file system because
it could go away and the other thing is
you might want to consider if you're
writing a a client side of this is to
consider automatic reconnect so when
that service is lost temporarily you can
automatically reconnect if you've got
contentious or if you're using the
single sign-on technology just to be
able to reconnect to the server once the
secondary takes over and the other thing
you might want to consider for future
directions is an automatic redirection
of clients so if there is a bank of
servers like in the case of the primary
and the secondary or perhaps more if the
customers have set that up that way when
you connect to the first one the service
could respond to the client you know I'm
sorry I'm really busy right now please
try this this other site instead so
that's something else to consider that
is just an enhancement on top of the
failover that would that we think would
be beneficial to customers
ok so for services that can't be
modified so for things that are open
source you know things like Apache or
you know an open source ftp that isn't
really designed to have a lot of
customization just for mac OS 10 you can
use these customized scripts that i
talked about before and there's a well
defined sequence of what happens when an
IP address is to be acquired or released
and it will process the directory in
library IP failover each directory will
have as its name the IP address that
will be acquired or released so first it
runs a test script to determine whether
or not it should acquire or release the
address and if it fails if it returns a
non-zero status then it will abort the
acquisition or the release this is much
less important in tiger and previous
releases this was the way to prevent
automatic failover or automatic fail
back if you just wanted to be able to be
a notification mechanism you could have
the test script do this but with this
feature added a little more control for
the users this script in particular
becomes much less useful however the
other scripts which are the post
acquisition of sorry pre-acquisition and
pre-release scripts in addition to that
the peers which are the post acquisition
and culturally scripts are that we're
all the meat happens in terms of dealing
with those services that aren't failover
ready so the in the case of an
acquisition will run the test scripts
will run the all of the pre-acquisition
scripts so all the scripts that begin
with this pre acq and then it will
actually acquire the address using
ifconfig and then run the post
acquisition scripts so in the release
case it's very similar but it's clearly
using the release version of the scripts
so this is a case where let's say the
primary is running the web service and
on failover you want the web service to
be running well you wouldn't do anything
in the pre acquisition but in the post
acquisition you would start off your
website
service and then the release you want to
shut it down before you get rid of the
IP address so you would shut down Apache
in the pre-release script so that's
something that will be one of the
samples just to demonstrate so in
previous releases we didn't pass any
arguments to the script we figured there
was enough information that the scripts
are executables could figure it out
however to simplify some of the logic so
that all of the scripts and executables
are doing the same thing we've changed
the invocation a little bit to pass in
whether or not we're acquiring or
releasing and exactly which IP address
that were operating on so to summarize
about failover we currently offer a
bunch of components for high
availability there are some that are
software like watchdog and launch d
launch d is actually we'll have another
session later in the week failover which
I've talked about there's also automatic
hardware reboot which if the machine
freezes I think is actually how the user
interface specifies it it will reboot
after some period of time which is
typically five minutes and we also have
some hardware solutions like X an and an
extra braid one of the things about
failover and tiger compared to the
previous versions it's going to be a lot
easier so we hope that a lot of
customers will be using it but that also
means that your services could be
affected so where possible design your
services would fail over in mind and
generally that doesn't require a lot
first it means to be network agnostic to
be aware of changes in the network in
the file system and to be fault tolerant
and which I know is a really broad word
but it just generally means that you
know when you go to open a file it it
may fail and you just need to be able to
to handle that kind of stuff gracefully
and for those services that can't be
modified you can leverage the failover
scripts and provide sample scripts to
your customers to ensure that your
services stay up or come back up on the
secondary when a failover does in fact
happen so the second topic that we'll be
talking about today is certificate
management
I'm having a little problem of the
clicker so certificate management there
was some stuff and Panther there were a
lot of different services that could
actually make use of certificates most
of them were based on open source
projects open directory although that
was our creation makes use of some
certificates primarily in the ldap for
ldap over ssl male host fix and IMAP can
actually use ssl certificates there as
well VPN uses certificates for its l2tp
protocol and web of course the original
ssl however the configuration was very
inconsistent across them and required a
lot of manual setup you needed to
generate the keys by hand and needed to
enter in the appropriate information in
the user interface and the services
often couldn't share certificates you
had to create a certificate for each
service instead of having sort of one
global for the machine there we go so
for tiger we've changed that and we've
centralized certificate management and
the certificates tab in the server
settings so there'll be some UI
screenshots and I'll show you what I
mean by that but the idea is that all
the certificates to create you do so in
a central location and then you get
alinta great in with a certificate
authority website so we actually have
the means to take a certificate signing
request and you can either paste it in
their website or email it to a
certificate authority and we leverage
the new certificate assistant that's in
tiger so you can actually email those
certificates to the local CA for signing
and inside each service that could
actually leverage the certificates we
present a list of those available
certificates rather than the previous
see why so here's the new certificates
tab you'll notice that we have a list
here we show when it was created and the
date of expiration and these are
currently only self signed because after
all their examples but this UI is very
similar to you know most of the table
views where you can add it
delete stuff you'll also notice that
it's on the top level it's actually a
server a global setting for the server
so the general tab has things like the
server name and the serial number and
the certificates are just a peer of that
so this is how you would actually create
a certificate standard stuff for setting
stuff and once you actually creates a
self-signed certificate we have a couple
of buttons to to request a signed
certificate from a CA and then once you
get that result back to paste it in and
these are what the dialogues look like
it's fairly simple it can actually email
it directly from the admin app so you
don't even have to cut and paste
anything it'll just generate the email
and send it off or you can drag that
little icon over there it'll actually
drag a clipping with the certificate and
then once you get the result back you
just paste it in click OK and you have a
bona fide signed certificate so that
centralized list will really simplify
the user experience and the following
services hi I'm sorry I didn't mean to
say it like that we do have a bunch of
services that actually use the the new
API and the user interface again it's
the same ones that you've seen from
previous releases but we're leveraging
it with this new interface so just to
show you an example this is what
configuring SSL for open directory was
like in previous releases so you could
turn it on but then you had to specify
each of the different files and all that
stuff well in Tiger I think the
battery's dying on our clicker here in
tiger it looks like this it's just a
pop-up you pick one of them and we do
all of the stuff behind the scenes
necessary to activate that certificate
for ldap over ssl
thank you I'll pass the word alone
likewise here's a the old web UI same
kind of thing all these multi lines and
you know clearly when you ask the
customer hey make sure you spell that
right well that's the new UI so greatly
simplified they just pick one out of the
list if it needs to be exported because
the web server only you know understands
openssl again we do that in the
background so it's automatically
activated for that particular service so
what can you do to take advantage of
certificate management and tiger well
there's two command line tools there's
one that's was available in Panther
server admin and we've added a new one
search admin to simplify your use of
certificates so if you wanted to see all
of the certificates on the system and
get it as a plist because you're abusing
foundation or core foundation and you
want to be able to parse it and get all
the parameters you can execute this
command go ahead i'll let you all copy
down and that will actually generate a
large p list with all all of the
certificates in it and all of the
different settings associated with it
most of the stuff that came from that
settings panel did the creation panel
you know about the site name and and the
csr and all that stuff so this is a very
rich output however if you wanted to put
this in New York your UI well that's a
lot of parsing so we've provided a more
simplified tool and that's the cert
admin tool and if you just say cert
admin list it just spits out the the
name so you can populate that pop up
just like we do and if you need to
export the certificates to openssl
because the service you're using only
does openssl instead of using apple
security framework then we have a fairly
simple command to export it and you just
give it a the certificate name
so we've tried to provide tools to
really simplify your ability to leverage
this what we hope will be a very cool
new feature for users to increase the
security of their product and hopefully
these tools will allow you to to
leverage that as well so why do we care
about this well because we all know that
certificates are important tool for
securing data SSL is a key thing and
more protocols today or have SSL
extensions and maybe your protocol wants
to do that as well with tiger server
we've really simplified and centralized
the certificate management and provided
tools for you to leverage that and to be
able to integrate them into your own
service and that's it for certificate
man I'm sorry I really think the
batteries are dying here clicking out on
me so hopefully you'll be able to
leverage certificate management in your
products as well so for more information
on all the things that we've talked
about today there's a lot of different
stuff available on the DVDs there's some
documentation and release notes and as
additional draft come available those
will show up through the developer
websites and you know we have man pages
on on the stuff on the DVD and we're
adding more every day so a lot of
different resources on the web and a lot
of different sessions as well to be able
to get some additional information about
some of the things we talked about like
Network awareness and the best practices
for file systems and things like that