<div dir="ltr">Hey Emmanuel!<div><br></div><div>Comments inlined.</div><div><br></div><div>There is one more thing to discuss - how SNI [1] for Hotrod server fits into the Router design. Obviously there is some overlap and the for SSL+SNI needs to be also implemented in the Router [2] (it potentially needs to decrypt an encrypted "switch-to-tenant" command). Moreover, if the client sends his SNI Host Name with the request - we can connect him to proper CacheContainer even without sending "switch-to-tenant" command. Of course there is some overhead here as well - if someone has only one Hot Rod server and he want's to use SNI - he would need to configure a Router, which would always send everything to a single server. </div><div><br></div><div>Thanks</div><div>Sebastian</div><div><br></div><div>[1] <a href="https://github.com/infinispan/infinispan/pull/4279">https://github.com/infinispan/infinispan/pull/4279</a></div><div>[2] <a href="https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server#implementation-details">https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server#implementation-details</a></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 6, 2016 at 8:37 PM, Emmanuel Bernard <span dir="ltr"><<a href="mailto:emmanuel@hibernate.org" target="_blank">emmanuel@hibernate.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="auto"><div></div><div>Is the router a software component of all nodes in the cluster ?</div></div></blockquote><div><br></div><div>Yes</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="auto"><div>Does the router then redirect all request to the same cache-container for all tenant? How is the isolation done then?</div></div></blockquote><div><br></div><div>Each tenant have its own Cache Container, so they are fully isolated. As the matter of fact this is how it is done now - you can run multiple Hot Rod server in one node (but each of them is attached to different port). The router takes this concept one step further and offers "one entry point" for all embedded Hot Rod servers.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="auto"><div>Or does each tenant have effectively different cache containers and thus be "physically" isolated?</div><div>Or is that config dependent (from a endpoint to the cache-container) and some tenants could share the same cache container. In which case will they see the same data ?</div></div></blockquote><div><br></div><div>All tenants operate of their own Cache Containers, so there will not see each other's data. However if you create 2 CacheContainers with the same cluster name (//subsystem/cache-container/transport/@cluster) they should see each other's data. I think this should be a recommended way for handling this kind of things. </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="auto"><div><br></div><div>Finally I think the design should allow for "dynamic" tenant configuration. Meaning that I don't have to change the config manually when I add a new customer / tenant. </div></div></blockquote><div><br></div><div>I totally agree. @Tristan - could you please tell me how dynamic reconfiguration via CLI works? I probably should fit into that with router configuration (I assume all existing Protocol Server and Endpoint configuration support it).</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="auto"><div><br></div><div>That's all, and sorry for the naive questions :)</div></div></blockquote><div><br></div><div>No problem - they were very good questions.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="auto"><div><div class="h5"><div><br>On 29 avr. 2016, at 17:29, Sebastian Laskawiec <<a href="mailto:slaskawi@redhat.com" target="_blank">slaskawi@redhat.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Dear Community,<div><br></div><div>Please have a look at the design of Multi tenancy support for Infinispan [1]. I would be more than happy to get some feedback from you.</div><div><br></div><div>Highlights:</div><div><ul><li>The implementation will be based on a Router (which will be built based on Netty)</li><li>Multiple Hot Rod and REST servers will be attached to the router which in turn will be attached to the endpoint</li><li>The router will operate on a binary protocol when using Hot Rod clients and path-based routing when using REST</li><li>Memcached will be out of scope</li><li>The router will support SSL+SNI</li></ul><div>Thanks</div></div><div>Sebastian</div><div><br></div><div>[1] <a href="https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server" target="_blank">https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server</a></div></div>
</div></blockquote></div></div><blockquote type="cite"><div><span>_______________________________________________</span><br><span>infinispan-dev mailing list</span><br><span><a href="mailto:infinispan-dev@lists.jboss.org" target="_blank">infinispan-dev@lists.jboss.org</a></span><br><span><a href="https://lists.jboss.org/mailman/listinfo/infinispan-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/infinispan-dev</a></span></div></blockquote></div><br>_______________________________________________<br>
infinispan-dev mailing list<br>
<a href="mailto:infinispan-dev@lists.jboss.org">infinispan-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/infinispan-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/infinispan-dev</a><br></blockquote></div><br></div></div>