[steering-discuss] connecting external services to our domain

Hello,

I received a request to connect an external Alfresco site to one of our domain names. Apart from the concern that the workflow hadn't been defined (why now Alfresco?), I'm a bit sceptical to connecting external servers to our domain name, because they are associated with us and thus cause liability issues.

My "policy" would be:

  * hosted services (like the blog, or probably Google Apps) should can be connected at LibO or TDF domain names if they are from trustworthy sources

  * self-hosted servers can only be connected if they are in our infrastructure management and fit our security requirements

Thoughts on that?

Florian

Hi Florian,

Hello,

I received a request to connect an external Alfresco site to one of our
domain names. Apart from the concern that the workflow hadn't been defined
(why now Alfresco?), I'm a bit sceptical to connecting external servers to
our domain name, because they are associated with us and thus cause
liability issues.

My "policy" would be:

       * hosted services (like the blog, or probably Google Apps) should
can be connected at LibO or TDF domain names if they are from trustworthy
sources

       * self-hosted servers can only be connected if they are in our
infrastructure management and fit our security requirements

Thoughts on that?

I agree.

Having some clear rules for these procedures doesn't mean restricting, you
are only provide security for the TDF.

David

I second your concerns on this. Are there guidelines set down in regards to self hosted servers?

Sorry, I'm not part of the Steering committee, but I'm very interested in
understanding the principles. I would prefer Open Source solutions like
Alfresco over Google Apps for Document Management System. Obviously with the
respective security requirements. If it's in an internal network or on
Amazon, I don't really see the difference, why does this concern you? or
does this really concern you? I mean if it's in the home of someone, that
will concern me, but if it's running on Amazon or some other Cloud provider,
what is the problem? Wouldn't you prefer to use an OSS solution than Google
Apps?

I am all for OSS, i'm starting my business with nothing but open source software. I think in my case as well as for the document foundation, the concerns are how secure are the services provided by 3rd parties.

There are no real policies written down as of now, as questions like these rarely occured :slight_smile:

Hi,

Sorry, I'm not part of the Steering committee, but I'm very interested in
understanding the principles. I would prefer Open Source solutions like
Alfresco over Google Apps for Document Management System. Obviously with the
respective security requirements. If it's in an internal network or on
Amazon, I don't really see the difference, why does this concern you? or
does this really concern you? I mean if it's in the home of someone, that
will concern me, but if it's running on Amazon or some other Cloud provider,
what is the problem? Wouldn't you prefer to use an OSS solution than Google
Apps?

as soon as some service is hosted at the LibO or TDF domain or is otherwise linked, anything bad that happens will be reflected on us (and might even cause liability issues). So, I'd like to have some stable security provided...

Florian

I think its best guide lines for 3rd party servers and mirrors. Once things are well established I think it would be hard to change the guidelines for those 3rd parties that were established prior to the guidelines existing.

I'm all for security and stability, but I would expect that OSS is prefered
over Proprietary services like Google Apps.

Sure, Google Apps was just an example.

Hi, :slight_smile:

The situation is that the workflow can already be considered to be 80%
or 90% complete, and the next step will be some pilot testing with
actual work on documentation content, which could start later this
week.

In parallel, I'd also been planning to throw open an invite to i18n
people who might be interested in Alfresco as a tool for their work.
That might require the development of a separate workflow, depending
on what usage was envisioned.

But what seems to be the active core of the documentation team does
not seem to be at all averse to adopting Alfresco for documentation
work.

Personally, I'm perfectly happy to operate the Alfresco site on my
server, and to grant all appropriate access to relevant TDF SC members
at OS level. I had suggested alfresco.libreoffice.org for the
sub-domain.

However, I will - of course - cooperate fully with whatever decision
the SC takes.

The main need would be to take a decision fairy soon, before the
number of user accounts, the sophistication of the workflow and the
mass of data and content reach a point at which migration becomes a
bigger task.

You would probably find it useful to know that installing and
setting-up Alfresco is a not-inconsiderable process, and that you want
a minimum of 1 Gigabyte of memory, with 2 to 3 being recommended to me
for a busier system.

My server has excellent 24/7 technical support.

Thoughts?

David Nelson

What do you mean by "My server has excellent 24/7 technical support."? Is
your server @ Amazon or other amazon like Company?

For a Document Management System DMS, I will definitely suggest to use
Alfresco in a secure place which guarantees 24/7 up time and support, but
definitely not a home server. I really don't think there is any OSS solution
better than Alfresco out there for DMS. And even if for some reason you need
to migrate from one Alfresco server to another, it's not so difficult. So
I'll propose to define Alfresco as DMS and now we need to find a secure,
stable and reliable server, with mirrors, etc.

Cheers!

Jaime

Hi, :slight_smile:

but
definitely not a home server

FYI, I am definitely not running a "home server". :wink:

It's located in a proper, secure data center in the UK, with regular
backups and 24/7 professional technical support. It implements the
same kind of approaches to security as TDF's own servers.

Just 2 cents of facts for consideration by the SC. :wink:

David Nelson

Hi Florian, :slight_smile:

* self-hosted servers can only be connected if they are in our
infrastructure management and fit our security requirements

Actually, I only just properly read your original post....

Is there a way I can satisfy this constraint, or should we just set
this idea aside?

If you don't want to assign the subdomain 'alfresco.libreoffice.org'
and if the docs team seems interested in using the site on my server,
what would be your thoughts if I renamed the domain to
'libreoffice.myserver.com'?

David Nelson

Hi Florian, :slight_smile:

Ah! Now I understand why you kept me waiting for 2 weeks for any kind
of reply to my request! :smiley:

http://nabble.documentfoundation.org/ODFAuthors-Site-with-workflow-tp2282617p2282617.html

David Nelson

Hi David,

Hi Florian, :slight_smile:

Ah! Now I understand why you kept me waiting for 2 weeks for any kind
of reply to my request! :smiley:

http://nabble.documentfoundation.org/ODFAuthors-Site-with-workflow-tp228261
7p2282617.html

please be fair. Florian explained the reason, why he don't want to connect external
services to LO. This has nothing to do with the new ODFAuthors site.

If you think that Alfresco is the best fitting CMS for documentation writing inside
the LO-Team then ask Florian for a resource of TDF.

I did so with Jean a longer time ago and started the work just in front of Christmas.
The ODFAuthors site is only a offering to the authors of LO documentation. You have
not to accept it. It is used by the authors of the current OOoAuthors group anyway.

Regards,
Andreas

Hi, :slight_smile:

My request for the alfresco.libreoffice.org sub-domain still holds.

I am willing to offer Christian/Florian full root access to the
system, if necessary, and to comply with all feasible requirements to
satisfy TDF.

Would it be appropriate to request consideration of this at the next SC meeting?

Or is the refusal firm and non-negotiable?

David Nelson

Hi,

please be fair. Florian explained the reason, why he don't want to connect external
services to LO. This has nothing to do with the new ODFAuthors site.

sorry for the delay, David - not on purpose, and has nothing to do with ODFAuthors. Was just on vacation until 10th, then instantly got ill, so am still behind my Inbox. Sorry if you get the wrong impression... :slight_smile:

Will try to follow-up soon.

Florian

Hi David,

My request for the alfresco.libreoffice.org sub-domain still holds.

I am willing to offer Christian/Florian full root access to the
system, if necessary, and to comply with all feasible requirements to
satisfy TDF.

Would it be appropriate to request consideration of this at the next SC meeting?

Or is the refusal firm and non-negotiable?

no, there's no refusal in general, don't worry. :slight_smile: I'm just looking on how we can keep the infrastructure constant. We've just reached a rather stable and security state, and I would like to keep what we have achieved. For sure, we will have to look for external offers and options, I do not want to have everything in control, neither do I have the time for that. It's just that we didn't come up with policies for that yet. :slight_smile:

So, don't take this as a refusal, but just a question for the ease of use: Would theoretically hosting Alfresco on one of our servers also be an option to consider, or do you see huge advantages of having it on yours?

And, as a side question: Is there anyone who actually uses Alfresco? I didn't follow the documentation list closely, but I want avoid the same "what tool do we need" discussion we have for the website. So, have the requirements and the possible tools already been discussed or is this basically a one man show?

Sorry for the direct questions, but I guess you know what I mean. I just want to avoid a group of people working on a tool they like, when there are issues with actually using it right now...

Thanks for your work!
Florian

Hi Davi, *

Von: Florian Effenberger <floeff@documentfoundation.org>

> My request for the alfresco.libreoffice.org sub-domain still holds.
>
> I am willing to offer Christian/Florian full root access to the
> system, if necessary, and to comply with all feasible requirements to
> satisfy TDF.
>
> Would it be appropriate to request consideration of this at the next SC
meeting?
>
> Or is the refusal firm and non-negotiable?

no, there's no refusal in general, don't worry. :slight_smile: I'm just looking on
how we can keep the infrastructure constant.

I agree with Florian here, but another thought:
Can you give some reason for having alfresco? E.g. which team will use
the tool for what purpose. A brief summary or just a link to such a
summary would be helpfull (and sorry, If this is already available
and I missed it :frowning: ).

regards,

André