OpenBIG remote - a tool to deploy, maintain and monitor openERP servers. Clemens Rambow, openbig
-
Upload
odoo -
Category
Technology
-
view
1.899 -
download
1
Transcript of OpenBIG remote - a tool to deploy, maintain and monitor openERP servers. Clemens Rambow, openbig
Dienstag, 2. Juli 13
Clemens Rambow
A tool to deploy, maintain and monitor OpenERP-Servers
OpenERP Open Days 2013
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
2
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
3
Education § Bachelor of Science in Kommunikationsinformatik (Applied Computer Science) § Offensive Security Certified Professional
Occupation at OpenBIG § System Operations § Software Development § Implementation and Integration
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
4
Company Facts § Founded in 2000 § Central office in Cloppenburg, Germany § Main OpenERP contributor for german localization § Developer of Hibiscus and DATEV interfaces to OpenERP
Scope of business in OpenERP services: § Trainings § Implementation and migration assistance § Development services § Managed hosting and managed in-house operation
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
5
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
6
We needed access to a customer‘s in-house OpenERP-Server. The customer... § Did have a common NAT router setup § Did not have any VPN setup (and didn‘t want to have it also) § Did not have personal on disposal for confguring their routers/firewalls § Wanted also to have access to the OpenERP webclient for home office § Needed a quick solution (as always)
But the customer did have... - Unrestricted outgoing connections from the customer‘s site
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
7
SSH remote port forwarding
aka
Reverse SSH tunneling
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
8
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
9
Wouldn‘t it be great to have that
done automatically?
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
10
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
11
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
12
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
13
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
14
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
15
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
16
Key Features
§ Managed via intuitive and lightweight Webinterface
§ Automatically sets up reverse SSH tunnels
§ Integrated HTTPS reverse proxy
§ Dynamically add or remove tunnels on runtime
§ Easily deployable on clientside with deb packages
§ Add new clientservers with activation keys
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
17
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
18
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
19
More features
Benefits for system administrators § Multi user support § Logging functionalities § Health monitoring § Status of available package upgrades (via Landscape) § Email notifications about clientserver state
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
20
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
21
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
22
...even more features...
Benefits for customers § Customer restricted access to webinterface § Ticket reporting to OpenERP as backend (Project Issue) § Webinterface focused on easy usability § Prepared for localized email notifications § Access to logging functionalities § Access to health monitoring § Access to package upgrade status
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
23
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
24
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
25
...and yet some other features
§ Exposure of tunneled ports can be toggled on demand
§ Works also without SSH tunneling (e.g. for sole monitoring purposes)
§ Can be easily modified include other TCP based services
§ REST inspired interface can also be used by 3rd party software
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
26
OpenBIG-Remote-Server § Easily installable using a deb-Package § Works out-of-the-box § Configuration with simple configfiles (e.g. for external services) § Supports Ubuntu 12.04 LTS OpenBIG-Remote-Client § Easily installable using a deb-Package § Works out-of-the-box § Depends only on default linux userland tools (autossh, curl, openssl, netstat) § Registration by entering Activation key § If needed, also manually configurable with configfile § Supports any Ubuntu starting from 8.04 LTS
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
27
OpenBIG-Remote-Server Security § Webinterface access encrypted via HTTPS § User‘s passwords stored as salted hashes § Secure and simple user access and privilege management § Consequent input validation and XSS and CSRF protection § Integrated SSH Access usage auditing functionality § Runs in seperate low privilege user contexts § Additionally protected with WebApp Firewall (WAF)
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
28
OpenBIG-Remote-Client Security § Configuration and Health communication via HTTPS § Tunnels encrypted via SSH § Clientside HTTPS certificate and SSH-Fingerprint validation § Runs in low privilege user context
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
29
OpenBIG-Remote
§ Lightweight alternative to full blown VPN solutions
§ Access to in-house services without the need of network configuration
§ No additional software on the users side needed (e.g. for home office)
§ Greatly aids in remote OpenERP deployment on in-house servers
§ Greatly aids the system administrators work in general
§ Customizable for almost any TCP based service
§ OpenBIG-Remote-Client trivially portable to other linux distributions
§ Future-proof also for IPv6
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
30
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
31
OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
32
feel free to contact us at [email protected] or visit www.openbig.org