[infinispan-dev] Multi tenancy support for Infinispan
Sebastian Laskawiec
slaskawi at redhat.com
Mon May 9 07:52:56 EDT 2016
Hey Radim!
Comments inlined.
Thanks
Sebastian
On Mon, May 9, 2016 at 12:55 PM, Radim Vansa <rvansa at redhat.com> wrote:
> As for the questions:
> * Is SSL required for SNI? I can imagine that multi-tenancy would make
> sense even in situations when the connection does not need to be
> encrypted. Moreover, if we plan to eventually have HR clients with async
> API (and using async I/O), SSL is even more PITA. Btw., do we have any
> numbers how much SSL affects perf? (that's a question for QA, though)
>
Unfortunately no. SNI is an extension of TLS [2] which is an upgrade of
SSL. In Java SNI Host names are specified in SSLParameters [3].
Of course SSL slows things down a bit, that's why we also need a
"switch-to-tenant" command which would be used by the clients who do not
want SSL. However if someone uses SNI and SSL (and only then) we can switch
him to proper tenant automatically (because we have enough information at
that point).
>
> * I don't think that dynamic switching of tenants would make sense,
> since that would require to invalidate all RemoteCache instances, near
> caches, connection pools, everything. So it's the same as starting from
> scratch.
>
Frankly I also have a mixed feelings about this feature. I think it would
be much nicer if we switched to another tenant by doing disconnect/connect
sequence (and not switching dynamically).
>
> R.
>
>
>
>
>
> On 04/29/2016 05:29 PM, Sebastian Laskawiec wrote:
> > Dear Community,
> >
> > Please have a look at the design of Multi tenancy support for
> > Infinispan [1]. I would be more than happy to get some feedback from you.
> >
> > Highlights:
> >
> > * The implementation will be based on a Router (which will be built
> > based on Netty)
> > * Multiple Hot Rod and REST servers will be attached to the router
> > which in turn will be attached to the endpoint
> > * The router will operate on a binary protocol when using Hot Rod
> > clients and path-based routing when using REST
> > * Memcached will be out of scope
> > * The router will support SSL+SNI
> >
> > Thanks
> > Sebastian
> >
> > [1]
> >
> https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server
[2] https://tools.ietf.org/html/rfc6066#page-6
[3]
https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#getServerNames--
>
> >
> >
> > _______________________________________________
> > infinispan-dev mailing list
> > infinispan-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/infinispan-dev
>
>
> --
> Radim Vansa <rvansa at redhat.com>
> JBoss Performance Team
>
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/infinispan-dev/attachments/20160509/5568d4c4/attachment.html
More information about the infinispan-dev
mailing list