Difference between revisions of "Lingoport Suite Product Security"
(Created page with "Here is general information about the security setup for the Lingoport Suite. This covers a description of the different Lingoport Suite components, and the data path between...") |
(→Resource Manager) |
||
| (22 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
Here is general information about the security setup for the Lingoport Suite. This covers a description of the different Lingoport Suite components, and the data path between them. |
Here is general information about the security setup for the Lingoport Suite. This covers a description of the different Lingoport Suite components, and the data path between them. |
||
| − | == |
+ | ==Components== |
=== Globalyzer=== |
=== Globalyzer=== |
||
| − | + | Scans code and detects internationalization (i18n) issues |
|
| + | * '''Globalyzer Server''': |
||
| − | * Globalyzer Server: Store regex pattern based 'rule sets' used to detect i18n issues and filter out false positives. |
||
| + | **Stores regex pattern-based 'rule sets' used to detect i18n issues and filter out false positives. |
||
| − | Server at Globalyzer.com |
||
| + | **The Globalyzer server can either be hosted by Lingoport at Globalyzer.com or run by the customer. |
||
| − | * Globalyzer Clients: Connects to server and logs in. Downloads rule set from server. Uses rule set to scan code (no code is sent to the server!). May push rule set changes. Display i18n issues. |
||
| + | **The Globalyzer server can be eliminated and the rulesets can be located in the repo or on the Continuous Globalization Server. |
||
| − | ** Run on developer machines |
||
| + | * '''Globalyzer Clients''': |
||
| − | ** Run on Linux system (light-blue box at bottom of graphic) - results displayed on Lingoport Dashboard (see data path) |
||
| + | ** Connects to the Globalyzer server and logs in. |
||
| + | ** Downloads rule sets from server, or uses local rulesets. |
||
| + | ** Uses rule set to scan code (no code is sent to the server!). |
||
| + | ** May push rule set changes to the server. |
||
| + | ** Displays the i18n issues. |
||
| + | ** Can run on developer machines in an Integrated Development Environment |
||
| + | ** Also runs on the Continuous Globalyzation System - these results are displayed on Lingoport Dashboard (see Data Path) |
||
===Resource Manager=== |
===Resource Manager=== |
||
| − | Manages |
+ | Manages resource files as they are sent to and returned from the translation management system. |
| − | Detects issues in resource files (duplicate or missing keys, parameter mismatch in text for different languages, etc.) |
+ | * Detects issues in resource files (duplicate or missing keys, parameter mismatch in text for different languages, etc.) |
| − | Detects changes to |
+ | * Detects changes to base resource files. Then sends relevant changes out to the translation vendor for translation into other languages. |
| − | Automatically retrieves translations from |
+ | * Automatically retrieves translations from translation vendors and checks those changes into the source control repository. |
| + | * Runs on Continous Globalization System to populate the Lingoport Dashboard. |
||
| − | Run on linux system (light-blue box at bottom of graphic) |
||
| + | |||
| − | Lingoport Dashboard |
||
| + | ===Lingoport Dashboard=== |
||
| − | Displays overview of Globalyzer and Resource Manager status |
||
| + | * Displays the overview and details of Globalyzer scans and the Resource Manager translation status |
||
| − | Users may view Globalyzer/Resource Manager issues in context within source code |
||
| + | * Users may view Globalyzer and Resource Manager issues in context within the source code. |
||
| − | Run on linux system (light-blue box at bottom of graphic) |
||
| + | * Runs on the Continuous Globalization System |
||
| − | Jenkins (not a Lingoport program) |
||
| + | |||
| − | Used to automate running of Globalyzer Client, Resource Manager and updating of the Lingoport Dashboard |
||
| + | ===Jenkins (not a Lingoport program)=== |
||
| − | Run on linux system (light-blue box at bottom of graphic) |
||
| + | Lingoport uses Jenkins to automate running of Globalyzer scan, Resource Manager operations and reports, and updating of the Lingoport Dashboard for all projects. It also has a number of helper jobs used throughout the process. |
||
| − | Data Path |
||
| + | * Runs on the Continuous Globalization System. |
||
| − | Lingoport Access |
||
| + | |||
| + | ==Data Path== |
||
| + | |||
| + | ===Lingoport Access=== |
||
It's most convenient if Lingoport can have SSH access to the Linux system where Lingoport suite is configured. |
It's most convenient if Lingoport can have SSH access to the Linux system where Lingoport suite is configured. |
||
Otherwise, a Lingoport employee can guide an customer's employee through the setup using a videoconferencing program such as WebEx or GoToMeeting. |
Otherwise, a Lingoport employee can guide an customer's employee through the setup using a videoconferencing program such as WebEx or GoToMeeting. |
||
| − | ==Globalyzer== |
+ | ===Globalyzer=== |
Rule sets (regex data) are transferred between Globalyzer Server and Globalyzer Clients; It requires username/password based login. |
Rule sets (regex data) are transferred between Globalyzer Server and Globalyzer Clients; It requires username/password based login. |
||
| − | ===Server at Globalyzer.com=== |
+ | ====Server at Globalyzer.com==== |
* Generates xml reports that will be read by the Lingoport Dashboard. |
* Generates xml reports that will be read by the Lingoport Dashboard. |
||
* Clients are run on Lingoport Suite Linux system. |
* Clients are run on Lingoport Suite Linux system. |
||
* Clients are run on developer machines. |
* Clients are run on developer machines. |
||
| − | ==Resource Manager== |
+ | ===Resource Manager=== |
Translation resource file updates sent to translation vendor, typically over SFTP. Resource file updates received from translation vendor, also typically over SFTP. Updates are checked for consistency (various in-depth checks), and then committed to source control if the checks pass. |
Translation resource file updates sent to translation vendor, typically over SFTP. Resource file updates received from translation vendor, also typically over SFTP. Updates are checked for consistency (various in-depth checks), and then committed to source control if the checks pass. |
||
| − | Emails are sent to a list of email contacts defined in a configuration file. |
+ | * Emails are sent to a list of email contacts defined in a configuration file. |
| − | Notifications for sent / received resource files |
+ | * Notifications for sent / received resource files |
| − | Error notifications |
+ | * Error notifications |
| − | Translation status weekly email |
+ | * Translation status weekly email |
| − | Stores data in MySQL database |
+ | * Stores data in MySQL database |
| − | Run on linux system (light-blue box at bottom of graphic) |
+ | * Run on linux system (light-blue box at bottom of graphic) |
| − | Generates xml reports that will be read by the Lingoport Dashboard. |
+ | * Generates xml reports that will be read by the Lingoport Dashboard. |
| + | |||
| − | Lingoport Dashboard |
||
| + | ===Lingoport Dashboard=== |
||
| − | Resource Manager and Globalyzer are run on a server internal to VISAs network. Each generates an xml report. |
||
| + | * Resource Manager and Globalyzer are run on a server internal to Customer's network. Each generates an XML report. |
||
| − | Dashboard Client reads source code, and these xml reports. |
||
| − | Dashboard Client |
+ | * Dashboard Client reads source code, and these XML reports. |
| + | * Dashboard Client processes this data, and sends it to the Dashboard Server |
||
| − | Data sent over http/https. |
||
| + | * Data sent over HTTP/HTTPS. |
||
| − | Most often, the Dashboard Client and Dashboard Server are hosted on the same machine (light-blue box at bottom of graphic), so network communication is internal to this machine. |
||
| + | * Most often, the Dashboard Client and Dashboard Server are hosted on the same machine (light-blue box at bottom of graphic), so network communication is internal to this machine. |
||
| − | Requires a either a username/password or a user token, which will be stored in configuration files. |
||
| + | * Requires a either a username/password or a user token, which will be stored in configuration files. |
||
| − | Stores data in MySQL database |
||
| + | * Stores data in MySQL database |
||
| − | Dashboard Server is a web application, hosted on port 9000 by default. |
||
| + | * Dashboard Server is a web application |
||
| − | Jenkins (not a Lingoport program) |
||
| + | |||
| − | Used to automate running of Globalyzer Client, Resource Manager and updating of the Lingoport Dashboard |
||
| + | ===Jenkins (not a Lingoport program)=== |
||
| − | Various security options available, username/password is most common. LDAP is another option. |
||
| + | * Used to automate running of Globalyzer Client, Resource Manager and updating of the Lingoport Dashboard |
||
| − | Run on linux system (light-blue box at bottom of graphic) |
||
| + | * Various security options available, username/password is most common. LDAP is another option. |
||
| − | Web application, hosted on port 8080 by default. |
||
| + | * Run on Linux system (light-blue box at bottom of graphic) |
||
| − | Installation data path requirements: |
||
| + | * Web application |
||
| − | Ability to install/update programs via 'yum'. |
||
| + | |||
| − | Ability to download installer from lingoport.net via sftp |
||
| + | == Installation data path requirements for the Continuous Globalization Server== |
||
| − | Download does not have to be directly to the target machine. It can be downloaded by another machine and then transferred. |
||
| + | * Ability to install/update programs via 'yum'. |
||
| − | Port 8080 accessible within Customer's firewall for Linux system (Jenkins) |
||
| + | * Ability to download installer .zip file from lingoport.net via sftp |
||
| − | Port 9000 accessible within Customer's firewall for Linux system (Dashboard) |
||
| + | * The download does not have to be directly to the target machine. It can be downloaded by another machine and then transferred. |
||
| − | Linux system access to https://globalyzer.com |
||
| + | * The Jenkins application should be within Customer's firewall |
||
| + | * The Lingoport Dashboard should be accessible within Customer's firewall |
||
| + | * The Continuous Globalization system needs access to https://globalyzer.com |
||
===Recommended, but not required=== |
===Recommended, but not required=== |
||
Linux system access to: |
Linux system access to: |
||
* https://updates.jenkins-ci.org |
* https://updates.jenkins-ci.org |
||
| − | * https://update.sonarsource.org |
||
* https://repo.mysql.com |
* https://repo.mysql.com |
||
* http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo |
* http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo |
||
Latest revision as of 20:20, 9 December 2019
Here is general information about the security setup for the Lingoport Suite. This covers a description of the different Lingoport Suite components, and the data path between them.
Contents
Components
Globalyzer
Scans code and detects internationalization (i18n) issues
- Globalyzer Server:
- Stores regex pattern-based 'rule sets' used to detect i18n issues and filter out false positives.
- The Globalyzer server can either be hosted by Lingoport at Globalyzer.com or run by the customer.
- The Globalyzer server can be eliminated and the rulesets can be located in the repo or on the Continuous Globalization Server.
- Globalyzer Clients:
- Connects to the Globalyzer server and logs in.
- Downloads rule sets from server, or uses local rulesets.
- Uses rule set to scan code (no code is sent to the server!).
- May push rule set changes to the server.
- Displays the i18n issues.
- Can run on developer machines in an Integrated Development Environment
- Also runs on the Continuous Globalyzation System - these results are displayed on Lingoport Dashboard (see Data Path)
Resource Manager
Manages resource files as they are sent to and returned from the translation management system.
- Detects issues in resource files (duplicate or missing keys, parameter mismatch in text for different languages, etc.)
- Detects changes to base resource files. Then sends relevant changes out to the translation vendor for translation into other languages.
- Automatically retrieves translations from translation vendors and checks those changes into the source control repository.
- Runs on Continous Globalization System to populate the Lingoport Dashboard.
Lingoport Dashboard
- Displays the overview and details of Globalyzer scans and the Resource Manager translation status
- Users may view Globalyzer and Resource Manager issues in context within the source code.
- Runs on the Continuous Globalization System
Jenkins (not a Lingoport program)
Lingoport uses Jenkins to automate running of Globalyzer scan, Resource Manager operations and reports, and updating of the Lingoport Dashboard for all projects. It also has a number of helper jobs used throughout the process.
- Runs on the Continuous Globalization System.
Data Path
Lingoport Access
It's most convenient if Lingoport can have SSH access to the Linux system where Lingoport suite is configured. Otherwise, a Lingoport employee can guide an customer's employee through the setup using a videoconferencing program such as WebEx or GoToMeeting.
Globalyzer
Rule sets (regex data) are transferred between Globalyzer Server and Globalyzer Clients; It requires username/password based login.
Server at Globalyzer.com
- Generates xml reports that will be read by the Lingoport Dashboard.
- Clients are run on Lingoport Suite Linux system.
- Clients are run on developer machines.
Resource Manager
Translation resource file updates sent to translation vendor, typically over SFTP. Resource file updates received from translation vendor, also typically over SFTP. Updates are checked for consistency (various in-depth checks), and then committed to source control if the checks pass.
- Emails are sent to a list of email contacts defined in a configuration file.
- Notifications for sent / received resource files
- Error notifications
- Translation status weekly email
- Stores data in MySQL database
- Run on linux system (light-blue box at bottom of graphic)
- Generates xml reports that will be read by the Lingoport Dashboard.
Lingoport Dashboard
- Resource Manager and Globalyzer are run on a server internal to Customer's network. Each generates an XML report.
- Dashboard Client reads source code, and these XML reports.
- Dashboard Client processes this data, and sends it to the Dashboard Server
- Data sent over HTTP/HTTPS.
- Most often, the Dashboard Client and Dashboard Server are hosted on the same machine (light-blue box at bottom of graphic), so network communication is internal to this machine.
- Requires a either a username/password or a user token, which will be stored in configuration files.
- Stores data in MySQL database
- Dashboard Server is a web application
Jenkins (not a Lingoport program)
- Used to automate running of Globalyzer Client, Resource Manager and updating of the Lingoport Dashboard
- Various security options available, username/password is most common. LDAP is another option.
- Run on Linux system (light-blue box at bottom of graphic)
- Web application
Installation data path requirements for the Continuous Globalization Server
- Ability to install/update programs via 'yum'.
- Ability to download installer .zip file from lingoport.net via sftp
- The download does not have to be directly to the target machine. It can be downloaded by another machine and then transferred.
- The Jenkins application should be within Customer's firewall
- The Lingoport Dashboard should be accessible within Customer's firewall
- The Continuous Globalization system needs access to https://globalyzer.com
Recommended, but not required
Linux system access to:
- https://updates.jenkins-ci.org
- https://repo.mysql.com
- http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo
- https://jenkins-ci.org/redhat/jenkins-ci.org.key
- SMTP account to enable LRM Notification Emails
