Hi - Before I send this to the broader group, would you guys briefly review these and see if I've captured things accurately?
(I vote for no more two hour meetings...... :-P ) thx, ginnie Minutes from Meeting: Attendees: Sundar, Clay, Ginnie, Keith Summary 1. Keith provided an overview of the advantages and disadvantages of bittorrent. He posted his notes on the problem statement page. http://www.opensolaris.org/os/project/caiman/auto_install/WebServerProblemStatement/ 2. We discussed the options for delivering dynamic and static content. There are many options available and each has their pros and cons. We discussed Apache, Cherrypy, and Squid for serving static content, and Cherrypy, modpython, perl, and php for serving dynamic content. Currently, the static content we need to deliver includes: initial boot file, boot archive, menu.lst (x86), wanboot.conf (sparc), zlib files. For x86, the only option for delivering the initial boot file, boot archive, and menu.lst is tftp. Currently, the dynamic content we need to deliver includes: AI manifest, client criteria. The We came to a consensus that Apache would provide the static content and Cherrypy would provide the dynamic content on top of Apache. The implementation requirement associated with this decision is that we want to have one service running for everything that we serve, and from the user's point of view there will only be one web server. 3. We formulated some draft requirements -The mechanism must be modular -The mechanism must provide useful observability tools -We need to determine what users/consumers of the mechanism want to observe 4. Security We need to look into authentication further. DHCP and TFTP are not secure but we are restricted to using them. WANboot includes the ability to specify everything in eeprom. x86 doesn't have such an equivalent. For our implementation, the transport should offer end-to-end security. HTTP with SSL provides that level of security. For secure transfer: - For the client side - All info between client and server would need to be encrypted The client needs to know that the server is valid. It needs to authenticate the server - For the server side - Needs to authorize clients Need public/private keys set up Have checksums reside on the server What special setup is needed for secure transfer? - Client needs to have a key that it can then use. It could, for example, be provided in the menu.lst file. - Can specify authentication info in WANboot for sparc. What could be done for x86? - Server needs to set up keys. - The tools should set up configuration files so that the keys are delivered to the client. - Need to encrypt data on server side - Need to decrypt data on client side. - Must be able to pass checksums to client to verify data. 5. Questions We discussed the Questions to be answered on the Problem statement page. They have been updated. We determined that we will implement the mechanism as Phase 1 of the project. Phase 2 of the project will consist of implementing an observability tool. We would also like to investigate bittorrent as another module. This would provide us a proof of concept that the mechanism we've written is modular. AIs: Keith is going to take a look at how to interface Apache with Cherrypy. Sundar is going to investigate how to enable WANboot for x86 and secure PXE. For the Group: Determine if there are more requirements. An email was posted on caiman-discuss, so waiting to see what responses we get. Ginnie
