(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
OpenBIG remote - a tool to deploy, maintain and monitor openERP servers. Clemens Rambow, openbig
1. Dienstag, 2. Juli 13
Clemens Rambow
A tool to deploy, maintain and monitor
OpenERP-Servers
OpenERP Open Days 2013
2. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
2
3. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
3
Education
§ Bachelor of Science in Kommunikationsinformatik
(Applied Computer Science)
§ Offensive Security Certified Professional
Occupation at OpenBIG
§ System Operations
§ Software Development
§ Implementation and Integration
4. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
4
Company Facts
§ Founded in 2000
§ Central office in Cloppenburg,
Germany
§ Main OpenERP contributor for german localization
§ Developer of Hibiscus and DATEV interfaces to OpenERP
Scope of business in OpenERP services:
§ Trainings
§ Implementation and migration assistance
§ Development services
§ Managed hosting and managed in-house operation
5. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
5
6. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
6
We needed access to a customer‘s in-house OpenERP-Server.
The customer...
§ Did have a common NAT router setup
§ Did not have any VPN setup (and didn‘t want to have it also)
§ Did not have personal on disposal for confguring their routers/firewalls
§ Wanted also to have access to the OpenERP webclient for home office
§ Needed a quick solution (as always)
But the customer did have...
- Unrestricted outgoing connections from the customer‘s site
7. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
7
SSH remote port forwarding
aka
Reverse SSH tunneling
8. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
8
9. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
9
Wouldn‘t it be great to have that
done automatically?
10. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
10
11. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
11
12. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
12
13. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
13
14. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
14
15. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
15
16. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
16
Key Features
§ Managed via intuitive and lightweight Webinterface
§ Automatically sets up reverse SSH tunnels
§ Integrated HTTPS reverse proxy
§ Dynamically add or remove tunnels on runtime
§ Easily deployable on clientside with deb packages
§ Add new clientservers with activation keys
17. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
17
18. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
18
19. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
19
More features
Benefits for system administrators
§ Multi user support
§ Logging functionalities
§ Health monitoring
§ Status of available package upgrades (via Landscape)
§ Email notifications about clientserver state
20. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
20
21. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
21
22. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
22
...even more features...
Benefits for customers
§ Customer restricted access to webinterface
§ Ticket reporting to OpenERP as backend (Project Issue)
§ Webinterface focused on easy usability
§ Prepared for localized email notifications
§ Access to logging functionalities
§ Access to health monitoring
§ Access to package upgrade status
23. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
23
24. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
24
25. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
25
...and yet some other features
§ Exposure of tunneled ports can be toggled on demand
§ Works also without SSH tunneling (e.g. for sole monitoring purposes)
§ Can be easily modified include other TCP based services
§ REST inspired interface can also be used by 3rd party software
26. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
26
OpenBIG-Remote-Server
§ Easily installable using a deb-Package
§ Works out-of-the-box
§ Configuration with simple configfiles (e.g. for external services)
§ Supports Ubuntu 12.04 LTS
OpenBIG-Remote-Client
§ Easily installable using a deb-Package
§ Works out-of-the-box
§ Depends only on default linux userland tools (autossh, curl, openssl, netstat)
§ Registration by entering Activation key
§ If needed, also manually configurable with configfile
§ Supports any Ubuntu starting from 8.04 LTS
27. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
27
OpenBIG-Remote-Server Security
§ Webinterface access encrypted via HTTPS
§ User‘s passwords stored as salted hashes
§ Secure and simple user access and privilege management
§ Consequent input validation and XSS and CSRF protection
§ Integrated SSH Access usage auditing functionality
§ Runs in seperate low privilege user contexts
§ Additionally protected with WebApp Firewall (WAF)
28. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
28
OpenBIG-Remote-Client Security
§ Configuration and Health communication via HTTPS
§ Tunnels encrypted via SSH
§ Clientside HTTPS certificate and SSH-Fingerprint validation
§ Runs in low privilege user context
29. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
29
OpenBIG-Remote
§ Lightweight alternative to full blown VPN solutions
§ Access to in-house services without the need of network configuration
§ No additional software on the users side needed (e.g. for home office)
§ Greatly aids in remote OpenERP deployment on in-house servers
§ Greatly aids the system administrators work in general
§ Customizable for almost any TCP based service
§ OpenBIG-Remote-Client trivially portable to other linux distributions
§ Future-proof also for IPv6
30. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
30
31. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
31
32. OpenERP Open Days 2013 / OpenBIG-Remote (Clemens Rambow, OpenBIG.org)
Dienstag, 2. Juli 13
32
feel free to contact us at info@openbig.org
or visit www.openbig.org