6/13/2014

ownCloud, Enterprise Edition

I have been experimenting and studying the options with an on premise DropBox "like" solution called ownCloud.

Its a PHP based, typically MySQL database backend service that provides a stable WebDAV file system sync service over http or https.



It started as an OpenSource project at ownCloud.org and its been around for about 4 years.

Recently a full service support company called ownCloud, Inc. has been started which sells consulting and support subscriptions.

What makes it similar to DropBox or Box and different from efforts like TeamDrive (another on premise WebDav sync service) is that the clients are somewhat mature and opensource as well.

The clients can be used in a remote to local sync mode to keep a local copy up to date, or vice versa. Or they can be used to browse the metadata representation of remote files and only download them on command.

Interestingly they also make it possible for the ownCloud service to proxy requests to many remote protocol accessible file systems, like FTP, SCP, SMB again without syncing to a local copy. And any file access to those remote servers maintain their users original file system permissions since to link them tothe users cloudspace they had to provide their original login credentials for that file service.

The ownCloud server is mostly a webserver providing a portal suite of a combination of a homepage and a Left side appbar populated with various ownCloud "apps" installed from an appstore for the ownCloud server.

The central view pane is effectively a mirror of the users "Cloudspace" assigned to them by the ownCloud Administrator. This is like a "Home folder" on many operating systems and acts as a mount "crossroads" for either accessing files stored in the cloud server "Cloudspace" or accessing files stored on "Remote" file server sources across differing fileserver protocol types that are "mounted" on the "Cloudspace".

Files accessible from this "Cloudspace" can be shared with users via weblinks on a time limited/ autoexpiration basis and on demand can created a private password just for that users use. And it even makes sending an email from the ownCloud server to the intended sharee simple.

ownCloud also has both generic LDAP(S) abilities to instantly use exiting domain accounts, even from Microsoft Active Directory, and can access attributes for those users and groups in that domain.

So plugging it into for example a Windows 2008r2 domain is simple.

Its also notable that a user doesn't have to have a special new cloudspace username and account, or have their Active Directory account "decorated" so that the user can use the service. They can be "self enabled" and they can claim their "Cloudspace" service simply by going to the ownCloud server and logging in with the credentials they already use, and with the password they themselves have been using all along, SSO. Facilities for other types of authentication are also available.

In doing this the service "brings" all web authentications to this server rather like a Central Authentication Service (CAS) server and performs the authentication directly against the domain, without exposing the user credentials to any third party. Reducing the attack profile exposure for MiTM vectors.

A few other things are the install for a RHEL or Red Hat system is completely YUM repository based, making upgrades and addressing CVE issues simple.

The clients all use the native installers for their operating system types, desktop or mobile, including Apples App store where necessary.

The C10K problem brought about NGINX and it works with that, as well as Apache and other legacy web servers, including IIS. But because of its nature its best supported on the Linux platform.

Of the database backends SQLite, MySQL, MSSL, Oracle and others are useable, however MySQL seems most appropriate.. and since DropBox uses MySQL for their platform its probably a good bet.

Of the MySQL variants, Drizzle, Oracle MySQL, Percona MySQL or MariaDB it appears any will work, though people will have their preferences. Though DropBox has presented at a Percona conference on MySQL and that might hint it would be a closer bet.

From my research it seems Drizzle is too restrictive in function, Oracle may be passing up some performance increases by focusing on their internal processes absorbing MySQL, Percona MySQL has always appeared performance focused and dedicated to MySQL compatibility now and in the future, while MariaDB may be a bit of a hit or miss proposition as the most "Fedora-like" option trialing new and experimental options.

The PHP options would appear to be 5.3, 5.4, 5.5 and then various ways of getting those repos into RHEL6. Zend-server is also an option.

But it seems clear later versions of PHP with their APC and Memcached options could be very important to scale.

The ownCloud Enterprise Edition feature set seems to take a backseat to stability and reliability with respect to the Community Edition (aka OpenSource Edition).. somewhat like Red Hat releases RHEL for serious use and Fedora for cutting edge use..

Other notable options are that as Windows XP and older OSX versions have been deprecated or desupported the native WebDAV redirectors built into Windows 7 or newer operating systems have gotten much better, and can now map WebDAV shares to "drives" or mount points more reliably.. so those are also viable client options, although a full dedicated client could be better in most cases.. in a temporary capacity from a non home user machine, having the convenience of an SSL mapped file share native to a workstation would be very nice.