Difference between revisions of "Lingoport Suite Product Security"

From Lingoport Wiki
Jump to: navigation, search
(Jenkins (not a Lingoport program))
(Installation data path requirements)
Line 72: Line 72:
 
* Web application
 
* Web application
   
== Installation data path requirements==
+
== Installation data path requirements for the Continuous Globalization Server==
 
* Ability to install/update programs via 'yum'.
 
* Ability to install/update programs via 'yum'.
* Ability to download installer from lingoport.net via sftp
+
* Ability to download installer .zip file from lingoport.net via sftp
* Download does not have to be directly to the target machine. It can be downloaded by another machine and then transferred.
+
* The download does not have to be directly to the target machine. It can be downloaded by another machine and then transferred.
* Jenkins within Customer's firewall for Linux system (Jenkins)
+
* The Jenkins application should be within Customer's firewall
* Dashboard accessible within Customer's firewall for Linux system (Dashboard)
+
* The Lingoport Dashboard should be accessible within Customer's firewall
* Linux system access to https://globalyzer.com
+
* The Continuous Globalization system needs access to https://globalyzer.com
   
 
===Recommended, but not required===
 
===Recommended, but not required===

Revision as of 19:05, 19 July 2019

Here is general information about the security setup for the Lingoport Suite. This covers a description of the different Lingoport Suite components, and the data path between them.

Component

Globalyzer

Scans code and detects internationalization (i18n) issues

  • Globalyzer Server:
    • Stores regex pattern-based 'rule sets' used to detect i18n issues and filter out false positives.
    • The Globalyzer server can either be hosted by Lingoport at Globalyzer.com or run by the customer.
  • Globalyzer Clients:
    • Connects to the Globalyzer server and logs in.
    • Downloads rule sets from server.
    • Uses rule set to scan code (no code is sent to the server!).
    • May push rule set changes.
    • Display i18n issues.
    • Can run on developer machines in Integrated Development Environment
    • Also runs on the Continuous Globalyzation System - these results are displayed on Lingoport Dashboard (see Data Path)

Resource Manager

Manages translation resource files.

  • Detects issues in resource files (duplicate or missing keys, parameter mismatch in text for different languages, etc.)
  • Detects changes to Chinese resource files. Then sends relevant changes out to the translation vendor for translation into other languages.
  • Automatically retrieves translations from translation vendors and checks those changes into the source control repository.
  • Runs on Continous Globalization System to populate the Lingoport Dashboard.

Lingoport Dashboard

  • Displays the overview and details of Globalyzer and Resource Manager status
  • Users may view Globalyzer/Resource Manager issues in context within the source code
  • Runs on the Continuous Globalization System

Jenkins (not a Lingoport program)

Lingoport uses Jenkins to automate running of Globalyzer Client, Resource Manager and updating of the Lingoport Dashboard for all projects. It also has a number of helper jobs used throughout the process.

  • Runs on the Continuous Globalization System.

Data Path

Lingoport Access

It's most convenient if Lingoport can have SSH access to the Linux system where Lingoport suite is configured. Otherwise, a Lingoport employee can guide an customer's employee through the setup using a videoconferencing program such as WebEx or GoToMeeting.

Globalyzer

Rule sets (regex data) are transferred between Globalyzer Server and Globalyzer Clients; It requires username/password based login.

Server at Globalyzer.com

  • Generates xml reports that will be read by the Lingoport Dashboard.
  • Clients are run on Lingoport Suite Linux system.
  • Clients are run on developer machines.

Resource Manager

Translation resource file updates sent to translation vendor, typically over SFTP. Resource file updates received from translation vendor, also typically over SFTP. Updates are checked for consistency (various in-depth checks), and then committed to source control if the checks pass.

  • Emails are sent to a list of email contacts defined in a configuration file.
  • Notifications for sent / received resource files
  • Error notifications
  • Translation status weekly email
  • Stores data in MySQL database
  • Run on linux system (light-blue box at bottom of graphic)
  • Generates xml reports that will be read by the Lingoport Dashboard.

Lingoport Dashboard

  • Resource Manager and Globalyzer are run on a server internal to Customer's network. Each generates an XML report.
  • Dashboard Client reads source code, and these XML reports.
  • Dashboard Client processes this data, and sends it to the Dashboard Server
  • Data sent over HTTP/HTTPS.
  • Most often, the Dashboard Client and Dashboard Server are hosted on the same machine (light-blue box at bottom of graphic), so network communication is internal to this machine.
  • Requires a either a username/password or a user token, which will be stored in configuration files.
  • Stores data in MySQL database
  • Dashboard Server is a web application

Jenkins (not a Lingoport program)

  • Used to automate running of Globalyzer Client, Resource Manager and updating of the Lingoport Dashboard
  • Various security options available, username/password is most common. LDAP is another option.
  • Run on Linux system (light-blue box at bottom of graphic)
  • Web application

Installation data path requirements for the Continuous Globalization Server

  • Ability to install/update programs via 'yum'.
  • Ability to download installer .zip file from lingoport.net via sftp
  • The download does not have to be directly to the target machine. It can be downloaded by another machine and then transferred.
  • The Jenkins application should be within Customer's firewall
  • The Lingoport Dashboard should be accessible within Customer's firewall
  • The Continuous Globalization system needs access to https://globalyzer.com

Recommended, but not required

Linux system access to: