This task has completed and added to the latest git repo. And created the Jira issue for track providing way to define their own encryption mechanism for the tenants to secure their RSS-Instance credentials.
On Thu, Jul 31, 2014 at 10:21 PM, Harsha Kumara <[email protected]> wrote: > Thanks Prabath for the suggestions and feedback. I will look in to them > with this feature. > > > On Wed, Jul 30, 2014 at 10:01 AM, Prabath Abeysekera <[email protected]> > wrote: > >> Hi Harsha, >> >> One another addition to the problem statement would be to let tenant >> admins use/provision their privately held persistent storage options within >> a particular hosted environment. This sort of a feature can come in handy >> particuarly for users who want to provision their storage options via SS >> (say, in a publicly hosted environment, etc) but, are concerned about data >> policies/sensitivity. If we take WSO2 Cloud for example, we promote this >> functionality where users can provision relational storage options hosted >> within WSO2 infrastructure. This might already be a good enough option for >> the majority of the users, application developers, etc to go about their >> tasks. However, for another category of users who are concerned about data >> policy/sensitivity issues that might have triggered by the fact that the >> persistent storage is hosted within an infrastructure/country/region >> different from where the end-user is located, this can potentially be a >> problem. So, it's a valid requirement that we let users provision their own >> storage systems too via SS. >> >> +1 for the proposed solution. While you're into the implementation of >> this, you might also have to consider how the credentials of the servers to >> be provisioned, are secured. For example, you might want to use a >> tenant-specific keystore or something when securing the aforesaid >> credentials to avoid any possible chance of them being exploited by >> unauthorized parties. >> >> Cheers, >> Prabath >> >> >> On Tue, Jul 29, 2014 at 11:29 PM, Harsha Kumara <[email protected]> wrote: >> >>> Hi All, >>> >>> I have implemented the above functionality which will be added to >>> upcoming release of the Storage Server. >>> >>> *Requirement* >>> >>> Currently when adding a new database instance to SS, need to edit >>> repository/conf/etc/rss-config.xml and add the DB instance and restart the >>> server. After that that particular DB instance will be available to all >>> tenants. >>> >>> This approach will not going to scale in a multi tenant environment. >>> When SS is deployed in AWS what this means is all tenants will be using a >>> single RDS instance. Eventually as more and more apps are developed this >>> RDS instance is going to go out of resources. >>> >>> So there is a need of mechanism where the tenant admin can provision DB >>> instances >>> >>> *Implementation* >>> >>> With the current implementation, tenant can add their own RDS instances >>> and can use them to provision. Simply tenants will have a interface to add >>> RSS instances under system provided environment. Newly added RSS instances >>> will be listed under user defined RSS instances and user can select either >>> system specified RSS instances or User specified RSS instances. >>> >>> Any thoughts on improving this feature is highly appreciate. >>> >>> Thank You, >>> Harsha >>> >>> >>> Harsha Kumara >>> Software Engineer, WSO2 Inc. >>> Mobile: +94775505618 >>> Blog:harshcreationz.blogspot.com >>> >> >> >> >> -- >> Prabath Abeysekara >> Associate Technical Lead, Data TG. >> WSO2 Inc. >> Email: [email protected] >> Mobile: +94774171471 >> > > > > -- > Harsha Kumara > Software Engineer, WSO2 Inc. > Mobile: +94775505618 > Blog:harshcreationz.blogspot.com > -- Harsha Kumara Software Engineer, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
