Hey Radim!

Comments inlined.

Thanks
Sebastian

On Mon, May 9, 2016 at 12:55 PM, Radim Vansa <rvansa@redhat.com> wrote:
As for the questions:
* Is SSL required for SNI? I can imagine that multi-tenancy would make
sense even in situations when the connection does not need to be
encrypted. Moreover, if we plan to eventually have HR clients with async
API (and using async I/O), SSL is even more PITA. Btw., do we have any
numbers how much SSL affects perf? (that's a question for QA, though)

Unfortunately no. SNI is an extension of TLS [2] which is an upgrade of SSL. In Java SNI Host names are specified in SSLParameters [3].

Of course SSL slows things down a bit, that's why we also need a "switch-to-tenant" command which would be used by the clients who do not want SSL. However if someone uses SNI and SSL (and only then) we can switch him to proper tenant automatically (because we have enough information at that point).
 

* I don't think that dynamic switching of tenants would make sense,
since that would require to invalidate all RemoteCache instances, near
caches, connection pools, everything. So it's the same as starting from
scratch.

Frankly I also have a mixed feelings about this feature. I think it would be much nicer if we switched to another tenant by doing disconnect/connect sequence (and not switching dynamically).
 

R.





On 04/29/2016 05:29 PM, Sebastian Laskawiec wrote:
> Dear Community,
>
> Please have a look at the design of Multi tenancy support for
> Infinispan [1]. I would be more than happy to get some feedback from you.
>
> Highlights:
>
>   * The implementation will be based on a Router (which will be built
>     based on Netty)
>   * Multiple Hot Rod and REST servers will be attached to the router
>     which in turn will be attached to the endpoint
>   * The router will operate on a binary protocol when using Hot Rod
>     clients and path-based routing when using REST
>   * Memcached will be out of scope
>   * The router will support SSL+SNI
>
> Thanks
> Sebastian
>
> [1]
> https://github.com/infinispan/infinispan/wiki/Multi-tenancy-for-Hotrod-Server
[2] https://tools.ietf.org/html/rfc6066#page-6 
[3] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#getServerNames--

>
>
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev


--
Radim Vansa <rvansa@redhat.com>
JBoss Performance Team

_______________________________________________
infinispan-dev mailing list
infinispan-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/infinispan-dev