Users’ Authentication in the VRVS System

Users’ Authentication in the VRVS System

David ColladosCalifornia Institute of Technology

November 20th, 2003 TERENA - Authentication & Authorization

What is VRVS?What is VRVS?

The Virtual Rooms Videoconferencing System has been developed by Caltech since 1995 to provide a world wide videoconferencing service for education and research communities.

VRVS is a realtime distributed system which provide a scalable communication infrastructure for large collaboration dispersed all over the world.

Different technologies and protocols are supported (and mixed) and allow users to connect their preferred videoconference.

Supports Mbone, H.323, SIP, QuickTime, Access Grid, JMF and MPEG2.

The system is composed of 1 main server and several reflectors spread around the world.

VRVS Web Service DesignVRVS Web Service Design

Unified Web User Interface to schedule and join/leave a meeting independently of any application.

Multi-platform: Windows, Linux, MacOS and Unix Easy to use: Everybody knows how to click on a web

page today.

Virtual Room Concept, Scheduling: Create a virtual space were people can exchange real-time information

Join or Leave a Collaborative session at anytime. No need to know in advance how many participants and booked ports capacity.

Full Documentation and Tutorial Self service: No need for a technician or expert to

organize and join you into a conference.

Mbone Mbone ToolsTools

(vic, vat/rat,..)(vic, vat/rat,..)

VRVS Model ImplementationVRVS Model Implementation

donedone Partially donePartially done Work in progressWork in progress Continuously in development

Qo

SQ

oS

VRVS Reflectors (Unicast/Multicast)VRVS Reflectors (Unicast/Multicast)

Real Time Protocol (RTP/RTCP)Real Time Protocol (RTP/RTCP)

SIPSIP

Network Layer (TCP/IP)Network Layer (TCP/IP)

H.323H.323 QuickTimeQuickTimePlayerPlayer

MPEGMPEGMinervaMinerva

Co

llabo

rativ

e

Co

llabo

rativ

e

Ap

plic

atio

ns

Ap

plic

atio

ns

VRVS Web User InterfaceVRVS Web User Interface

VRVS Deployment VRVS Deployment and Usageand Usage

VRVS Reflectors DeploymentVRVS Reflectors Deployment

VRVS Reflector ImplementationVRVS Reflector Implementation Avoids Duplication of Streams on a given Link Can be set to Unicast or Multicast mode or both Connection peer-to-peer with neighbors network servers. Connectionless (more reliable to network breaks) Enables Optimized Routing Enables Bandwidth Control Provide low latency communication Could be use for real-time interactivity or broadcast Provide elegant solution to cross firewall/NAT Remote Management Features. Compliant with IETF RTPv2 Protocol, ready for new applications.

Monalisa: Real-Time MonitoringMonalisa: Real-Time Monitoring

Registered users and current usageRegistered users and current usageas of (16as of (16thth November 2003) November 2003)

USA 1609

Spain 1038

Italy 450

Switzerland 405

Brazil 379

France 357

Germany 324

UK 260

Canada 127

Japan 123

Multipoint Videoconferences Scheduled

0

100

200

300

400

500

600

700

800

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

2001

2002

2003

Slovakia, Chile, Poland, Russia, Taiwan, Greece, Netherlands, etc…

Number of Registered Users: 96 Countries & 6615 Users

Hours Scheduled of Multipoint Videoconferences

0

500

1000

1500

2000

2500

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

2001

2002

2003

Machines and OSMachines and OS

VRVS supports different

Operating Systems based

on the needs and

demands of final users:

1st : Windows

2nd: Linux

3rd: Mac OS

4th: Other UNIX

19.461 machines

(16th November 2003)

Machines used in VRVS

11856

1733923 136

WindowsLinuxMacintoshOthers

Connections from Machines

143760

30021

11805 2045

WindowsLinuxMacintoshOthers

Some Examples Some Examples

VRVS on Mac OS XVRVS on Mac OS X

VRVS on WindowsVRVS on Windows

Example 1: Example 1: 20 participants20 participantsBRAZIL (3 sites) + SWITZERLAND (CERN) + USA (Caltech)BRAZIL (3 sites) + SWITZERLAND (CERN) + USA (Caltech)

Example 2: Example 2: 17 participants17 participantsJAPAN + UK + SWITZERLAND + BRAZIL + USA (SLAC + FERMILAB)JAPAN + UK + SWITZERLAND + BRAZIL + USA (SLAC + FERMILAB)

VRVS Virtual SetupVRVS Virtual Setup

1 dual processor PC

With special 4 outputs graphic card

6400 x 4800 pixels

Most powerful VRVS End Node

Authentication and Authentication and AuthorizationAuthorization

- Present Status -- Present Status -

Users’ Site (Apache)Users’ Site (Apache)

Database Authentication module for browsing most of the site.One single realm for the whole site.Caching just for the current browser session.

Authorization of Users 1/2Authorization of Users 1/2

Each VRVS user belongs to a Community. The responsible/s for that community will authorize (or not) bookings from that user in their community.

Authorization of Users 2/2Authorization of Users 2/2

Other mechanism of authorization is implemented when joining a meeting (Virtual Room access protected with password).

Administration Site (Tomcat)Administration Site (Tomcat)

Database Authentication for the whole site.JDBC Realm implemented for MySQL DB.Administrators database with MD5 digest algorithm for stored

passwords.

Authorization @ Admin SiteAuthorization @ Admin Site

Different roles defined in the DB attached to the users.The Call Detail Record example. Oriented to roles.

Authentication and Authentication and AuthorizationAuthorization

- Future -- Future -

AA in the VRVS FutureAA in the VRVS Future

AA independent of our system and distributed. Internet2 initiative: Shibboleth. RedIRIS initiative: PAPI. Grid Security Infrastructure (GSI): public key

encryption, X.509 certificates, SSL + extensions for delegation and single sign-on.

What do we integrate and how?

WWW.VRVS.ORGWWW.VRVS.ORG

Contact@VRVS.org

Support@VRVS.org