Difference between revisions of "Lingoport Suite Product Security"
(→Jenkins (not a Lingoport program)) |
(→Resource Manager) |
||
(8 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
Here is general information about the security setup for the Lingoport Suite. This covers a description of the different Lingoport Suite components, and the data path between them. |
Here is general information about the security setup for the Lingoport Suite. This covers a description of the different Lingoport Suite components, and the data path between them. |
||
− | == |
+ | ==Components== |
=== Globalyzer=== |
=== Globalyzer=== |
||
Scans code and detects internationalization (i18n) issues |
Scans code and detects internationalization (i18n) issues |
||
* '''Globalyzer Server''': |
* '''Globalyzer Server''': |
||
**Stores regex pattern-based 'rule sets' used to detect i18n issues and filter out false positives. |
**Stores regex pattern-based 'rule sets' used to detect i18n issues and filter out false positives. |
||
− | **The Globalyzer server can either be hosted by Lingoport at Globalyzer.com or run by the customer. |
+ | **The Globalyzer server can either be hosted by Lingoport at Globalyzer.com or run by the customer. |
+ | **The Globalyzer server can be eliminated and the rulesets can be located in the repo or on the Continuous Globalization Server. |
||
* '''Globalyzer Clients''': |
* '''Globalyzer Clients''': |
||
** Connects to the Globalyzer server and logs in. |
** Connects to the Globalyzer server and logs in. |
||
− | ** Downloads rule sets from server. |
+ | ** Downloads rule sets from server, or uses local rulesets. |
** Uses rule set to scan code (no code is sent to the server!). |
** Uses rule set to scan code (no code is sent to the server!). |
||
− | ** May push rule set changes. |
+ | ** May push rule set changes to the server. |
− | ** |
+ | ** Displays the i18n issues. |
− | ** Can run on developer machines in Integrated Development Environment |
+ | ** Can run on developer machines in an Integrated Development Environment |
** Also runs on the Continuous Globalyzation System - these results are displayed on Lingoport Dashboard (see Data Path) |
** Also runs on the Continuous Globalyzation System - these results are displayed on Lingoport Dashboard (see Data Path) |
||
===Resource Manager=== |
===Resource Manager=== |
||
− | Manages |
+ | Manages resource files as they are sent to and returned from the translation management system. |
* Detects issues in resource files (duplicate or missing keys, parameter mismatch in text for different languages, etc.) |
* Detects issues in resource files (duplicate or missing keys, parameter mismatch in text for different languages, etc.) |
||
− | * Detects changes to |
+ | * Detects changes to base resource files. Then sends relevant changes out to the translation vendor for translation into other languages. |
* Automatically retrieves translations from translation vendors and checks those changes into the source control repository. |
* Automatically retrieves translations from translation vendors and checks those changes into the source control repository. |
||
* Runs on Continous Globalization System to populate the Lingoport Dashboard. |
* Runs on Continous Globalization System to populate the Lingoport Dashboard. |
||
===Lingoport Dashboard=== |
===Lingoport Dashboard=== |
||
− | * Displays the overview and details of Globalyzer and Resource Manager status |
+ | * Displays the overview and details of Globalyzer scans and the Resource Manager translation status |
− | * Users may view Globalyzer |
+ | * Users may view Globalyzer and Resource Manager issues in context within the source code. |
* Runs on the Continuous Globalization System |
* Runs on the Continuous Globalization System |
||
===Jenkins (not a Lingoport program)=== |
===Jenkins (not a Lingoport program)=== |
||
− | Lingoport uses Jenkins to automate running of Globalyzer |
+ | Lingoport uses Jenkins to automate running of Globalyzer scan, Resource Manager operations and reports, and updating of the Lingoport Dashboard for all projects. It also has a number of helper jobs used throughout the process. |
* Runs on the Continuous Globalization System. |
* Runs on the Continuous Globalization System. |
||
Line 72: | Line 73: | ||
* Web application |
* Web application |
||
− | == Installation data path requirements== |
+ | == Installation data path requirements for the Continuous Globalization Server== |
* Ability to install/update programs via 'yum'. |
* Ability to install/update programs via 'yum'. |
||
− | * Ability to download installer from lingoport.net via sftp |
+ | * Ability to download installer .zip file from lingoport.net via sftp |
− | * |
+ | * The download does not have to be directly to the target machine. It can be downloaded by another machine and then transferred. |
− | * Jenkins within Customer's firewall |
+ | * The Jenkins application should be within Customer's firewall |
− | * Dashboard accessible within Customer's firewall |
+ | * The Lingoport Dashboard should be accessible within Customer's firewall |
− | * |
+ | * The Continuous Globalization system needs access to https://globalyzer.com |
===Recommended, but not required=== |
===Recommended, but not required=== |
||
Linux system access to: |
Linux system access to: |
||
* https://updates.jenkins-ci.org |
* https://updates.jenkins-ci.org |
||
− | * https://update.sonarsource.org |
||
* https://repo.mysql.com |
* https://repo.mysql.com |
||
* http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo |
* http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo |
Latest revision as of 20:20, 9 December 2019
Here is general information about the security setup for the Lingoport Suite. This covers a description of the different Lingoport Suite components, and the data path between them.
Contents
Components
Globalyzer
Scans code and detects internationalization (i18n) issues
- Globalyzer Server:
- Stores regex pattern-based 'rule sets' used to detect i18n issues and filter out false positives.
- The Globalyzer server can either be hosted by Lingoport at Globalyzer.com or run by the customer.
- The Globalyzer server can be eliminated and the rulesets can be located in the repo or on the Continuous Globalization Server.
- Globalyzer Clients:
- Connects to the Globalyzer server and logs in.
- Downloads rule sets from server, or uses local rulesets.
- Uses rule set to scan code (no code is sent to the server!).
- May push rule set changes to the server.
- Displays the i18n issues.
- Can run on developer machines in an Integrated Development Environment
- Also runs on the Continuous Globalyzation System - these results are displayed on Lingoport Dashboard (see Data Path)
Resource Manager
Manages resource files as they are sent to and returned from the translation management system.
- Detects issues in resource files (duplicate or missing keys, parameter mismatch in text for different languages, etc.)
- Detects changes to base resource files. Then sends relevant changes out to the translation vendor for translation into other languages.
- Automatically retrieves translations from translation vendors and checks those changes into the source control repository.
- Runs on Continous Globalization System to populate the Lingoport Dashboard.
Lingoport Dashboard
- Displays the overview and details of Globalyzer scans and the Resource Manager translation status
- Users may view Globalyzer and Resource Manager issues in context within the source code.
- Runs on the Continuous Globalization System
Jenkins (not a Lingoport program)
Lingoport uses Jenkins to automate running of Globalyzer scan, Resource Manager operations and reports, and updating of the Lingoport Dashboard for all projects. It also has a number of helper jobs used throughout the process.
- Runs on the Continuous Globalization System.
Data Path
Lingoport Access
It's most convenient if Lingoport can have SSH access to the Linux system where Lingoport suite is configured. Otherwise, a Lingoport employee can guide an customer's employee through the setup using a videoconferencing program such as WebEx or GoToMeeting.
Globalyzer
Rule sets (regex data) are transferred between Globalyzer Server and Globalyzer Clients; It requires username/password based login.
Server at Globalyzer.com
- Generates xml reports that will be read by the Lingoport Dashboard.
- Clients are run on Lingoport Suite Linux system.
- Clients are run on developer machines.
Resource Manager
Translation resource file updates sent to translation vendor, typically over SFTP. Resource file updates received from translation vendor, also typically over SFTP. Updates are checked for consistency (various in-depth checks), and then committed to source control if the checks pass.
- Emails are sent to a list of email contacts defined in a configuration file.
- Notifications for sent / received resource files
- Error notifications
- Translation status weekly email
- Stores data in MySQL database
- Run on linux system (light-blue box at bottom of graphic)
- Generates xml reports that will be read by the Lingoport Dashboard.
Lingoport Dashboard
- Resource Manager and Globalyzer are run on a server internal to Customer's network. Each generates an XML report.
- Dashboard Client reads source code, and these XML reports.
- Dashboard Client processes this data, and sends it to the Dashboard Server
- Data sent over HTTP/HTTPS.
- Most often, the Dashboard Client and Dashboard Server are hosted on the same machine (light-blue box at bottom of graphic), so network communication is internal to this machine.
- Requires a either a username/password or a user token, which will be stored in configuration files.
- Stores data in MySQL database
- Dashboard Server is a web application
Jenkins (not a Lingoport program)
- Used to automate running of Globalyzer Client, Resource Manager and updating of the Lingoport Dashboard
- Various security options available, username/password is most common. LDAP is another option.
- Run on Linux system (light-blue box at bottom of graphic)
- Web application
Installation data path requirements for the Continuous Globalization Server
- Ability to install/update programs via 'yum'.
- Ability to download installer .zip file from lingoport.net via sftp
- The download does not have to be directly to the target machine. It can be downloaded by another machine and then transferred.
- The Jenkins application should be within Customer's firewall
- The Lingoport Dashboard should be accessible within Customer's firewall
- The Continuous Globalization system needs access to https://globalyzer.com
Recommended, but not required
Linux system access to:
- https://updates.jenkins-ci.org
- https://repo.mysql.com
- http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo
- https://jenkins-ci.org/redhat/jenkins-ci.org.key
- SMTP account to enable LRM Notification Emails