Tag Archive for 'security'

New Webinar Replay: The Future of Big Data for the Enterprise

You may have heard that we’ve just launched the world’s first production-ready Apache Hadoop 2 distro. This WANdisco Distro (WDD) is a fully tested, production-ready version of Apache Hadoop, based on the most recent Hadoop release. We’re particularly excited, as the release of WDD lays the foundation for our upcoming enterprise Hadoop solutions. If you want to find out more about WANdisco’s plans for big data, the replay of our ‘The Future of Big Data for the Enterprise’ webinar is now available.

This webinar is led by WANdisco’s Chief Architect of Big Data, Dr. Konstantin Shvachko, and Jagane Sundar, our Chief Technology Officer and Vice President of Engineering for Big Data. Jagane and Konstantin were part of the original Apache Hadoop team, and have unparalleled expertise in Big Data.

This 30 minute webinar replay covers:

  • The cross-industry growth of Hadoop in the enterprise.
  • The new “Active-Active Architecture” for Apache Hadoop that improves performance.
  • Solving the fundamental issues of Hadoop: usability, high availability, HDFS’s single-point of failure and disaster recovery.
  • How WANdisco’s active-active replication technology will alleviate these issues by adding high-availability, data replication and data security to Hadoop, taking a fundamentally different approach to Big Data.

You can watch the full ‘The Future of Big Data for the Enterprise’ replay, along with our other webinars, at our Webinar Replays page.

Top Five Features of SmartSVN 7.5

Earlier this week, WANdisco announced the release of SmartSVN 7.5, the popular, cross-platform graphical client for Apache Subversion. This release introduces plenty of new features and brings major updates to existing SmartSVN functionality.

In this post, we cover five of the top new features in SmartSVN 7.5.

1) New GUI

In this release, SmartSVN moves from Swing to a SWT GUI platform, bringing the user improved responsiveness and a native look and feel.

2) Increased Security

SmartSVN 7.5 introduces plugin security improvements, including support for safe password storage with the Plugin-API. Other Plugin-API improvements include higher grade encryption, and the option to validate that the plugin is the same for everyone, by applying a password (note, this is an admin only feature.) These security updates ensure that SmartSVN 7.5 is safer and easier to extend than ever before.

3) Improved User Experience

The relaxation of master password means that SmartSVN 7.5 remembers your password for more activities, cutting down on unnecessary interruptions and allowing you to focus on the tasks that matter to you. Other changes that are designed to improve the overall user experience, include:

  • The option to edit properties directly in the Repository Browser
  • Remove, Move and Copy now operate on multiple selected directories

4) Full Support for Working Offline

Need to continue working on your repositories, even when you don’t have access to the internet? SmartSVN 7.5 supports working offline, with the following functionality automatically available as soon as you disconnect from the internet:

  • Communication streams disconnect when offline mode is detected
  • Remote states and Transactions are no longer refreshed
  • Logs and Revision Graph are performed on the Log Cache only

5) Completely Overhauled Revision Graph

SmartSVN’s Revision Graph displays the hierarchical history of a file or directory, and has similar functionality to that of the Log command (for example, comparing two revisions of a certain file) but with a greater level of detail.

The Revision Graph allows you to instantly see:

  • which changes happened in which branch
  • which revision represents which tag
  • when a file was moved, renamed or copied along with its history

The Revision Graph UI has been completely reworked in SmartSVN 7.5:

Other major updates include highlighting ‘mergable’ revisions even if no mergeinfo is loaded. The ‘Export’ option also exports HTML files with a lot of small graphic files, instead of one large file, leading to performance and loading improvements.

Users will also notice:

  • New menu item for selecting shown branches
  • Tag symbols are now displayed for all copies that are tags (according to the tag-and-branch layout)
  • Preferences option to skip initial configuration dialog after install
  • Bug fixes for the switch View options and Revision Info tool window

Want to find out more about SmartSVN 7.5? The full list of what’s new and noteworthy, can be found at the Changelog. If you haven’t already tried SmartSVN, you can claim your free 30 day trial of SmartSVN Professional now.

Configuring Jenkins: Security

The Jenkins continuous integration system doesn’t perform any security checks by default. While this may not be a problem in certain situations, if your installation is going to be exposed to the internet (or any other untrusted environment) it’s a good idea to implement some security checks. In this example, we’ll walk you through a common setup: allowing Jenkins to maintain its own user database, and then show you how to grant a specified user with full administrative privileges.

Note, this tutorial uses Jenkins and uberSVN. uberSVN is free to download and free to use, simply visit http://www.wandisco.com/ubersvn to get started.

1) Open the ‘Jenkins’ tab in your uberSVN installation and select the ‘Manage Jenkins’ option.

2) Select the ‘Configure Systems’ option.

3) Select the ‘Enable security’ option. This will bring up some additional options.

4) Select ‘Jenkins’s own user database’ under the ‘Security Realm’ heading, and ensure the ‘Allow users to sign up’ checkbox is ticked.

5) Under ‘Authorization,’ select ‘Matrix-based security.’ This will bring up a new table.

6) In the table select ‘Overall – Read’ for anonymous users.

7) Type your username into the ‘User/group to add” box and click ‘add.’ Your username will now appear in the table.

8) Make sure every permission for your username is ticked, to give yourself full access.

9) Select the ‘Save’ button at the bottom of the page. You have now configured Jenkins’ security settings!

Need more Subversion know-how? After getting a great response from the Apache Subversion community in 2011, Subversion Live is back for 2012, bringing the Subversion community sessions covering everything from Subversion’s future, to expert-led best practices workshops, as well as the unique opportunity to meet the core Subversion committers.

Apache Subversion: Access Control Options

Subversion Access Control is a security solution for Apache Subversion that goes well beyond what SVN can provide on its own. To fully understand the benefits of Subversion Access Control, we’ll first look at the fundamental technical differences between Subversion’s built-in security functionality, and WANdisco’s Subversion Access Control product.

Apache Subversion…….

In Apache Subversion, user authentication is performed either through a local passwd file or from an LDAP or Active Directory server. Apache also provides an Authorization Layer for defining more granular control of repository objects, but managing text based rules through the Authz file can become difficult as the number of users and repositories inevitably increases.

…..v.s Subversion Access Control

Subversion Access Control is implemented as a proxy from the local Subversion server. It works directly with your LDAP or Active Directory, meaning you can keep your existing setup.

But what can Subversion Access Control offer you? Here are our ten top features of Subversion Access Control:

1) Easy to install, with no retraining required! Subversion Access Control requires no changes to clients or backend servers, meaning that you can continue to use the Subversion technology you’re familiar with.

2) Easy to use, point and click interface.

3) Access control made easy! The ability to implement and maintain complex security policies with minimal effort.

4) Audit capabilities – every repository access attempt down to the file level is reported, showing user ID, Subversion command, date and time, IP address of the client machine used, and whether access was allowed or denied

5) Unlimited access control – Subversion Access Control can support any size of development organization with any number of repositories and access control rules.

6) Delegated admin – this option allows the root administrator to create teams and delegate admin authority to team leaders.

7) Automatic LDAP synchronization – Subversion Access Control automatically picks up LDAP user and group membership changes and assigns new users to the Subversion team that corresponds to their LDAP group.

8) Instant alerts – your security administrators receive immediate alerts for any access violations.

9) Integrated seamlessly with Subversion MultiSite – Subversion Access Control can be implemented standalone, or in combination with Subversion MultiSite for distributed development teams. With Subversion MultiSite, security policy changes made at one location are immediately replicated to every other to enforce consistency across all sites.

10) Available for uberSVN! – uberSVN is the free, open ALM platform for Apache Subversion that has won a string of industry awards and received an overwhelmingly positive response from the Subversion community. For those who want to combine this award winning platform with a fully functional security solution, Access Control is available through the uberAPPS store.

Here’s just some of the benefits of deploying this enterprise-level Access Control functionality with uberSVN:

  • Full authorization/authentication
  • Define Access Control rules through a simple point-and-click interface
  • Delegated admin control
  • Define control within each Team/sub-Team to a granular level
  • Assign Team Leaders
  • Audit capabilities
  • Support for ecosystems without internet access

Interested in finding out more about access control options? We’ll be running a free Subversion training webinar on November 15th that covers the pros and cons of the following methods of access control:

  • Apache Subversion access control
  • Hook scripts
  • uberSVN
  • Subversion Access Control from WANdisco

Visit the ‘Access Control Options with Subversion’ webinar page now to register. Remember that spaces are limited, so register now to avoid missing out.

WANdisco Announces Free Webinars for SVN Community

We hope you’re enjoying our bi-weekly free Subversion webinars! Thank you to everyone who has attended and sent us feedback on what they enjoyed, and what they’d like to see more of. Based on your feedback, we’ve devised another set of free training webinars for the Subversion community.

Here’s what’s coming up over the next couple of months (don’t forget, it’s free to register for any of our Apache Subversion webinars):

1) Hidden Subversion – get ahead of the game, as we share some tricks and techniques that many Subversion users aren’t even aware of.

2) Locking – we cover the Subversion Lock command in detail, including:

  • What is a lock?
  • How do you lock and unlock files?
  • Best practices for avoiding lock conflicts

3) Using Repository Browsers – drill down into the functionality of the Repo Browser, in this one-hour course.

4) Subversion Difference Command – get an overview of the various ways Subversion can compare files and generate meaningful reports.

5) Hook Scripts – these server-side executables can be used for a variety of tasks, including:

  • Automatic email notifications
  • Checkin content validation
  • Automatic backup
  • Specific access control

6) Introduction to uberSVN – an introductory webinar for uberSVN, the open ALM platform for Apache Subversion that’s easy to install, easy to use and easy to extend. This webinar will cover uberSVN’s core capabilities, including:

  • Installation and setup
  • Simplified repository creation and management
  • Team and user administration
  • Social coding capabilities
  • Extendibility with your favorite ALM tools

7) Access Control option with Subversion – need to control access to Apache Subversion repo information, but not sure which option is right for you? This session will weigh up the pros and cons of:

  • Subversion Access Control
  • Hook Scripts
  • uberSVN
  • …and more!

8 ) Branching and Merging – get an intro to the basic concepts of branching and merging, including when to perform a merge and create a branch, the different merge types, and some all-important best practices.

9) Subversion Properties – everything you need to know about SVN Properties! This one hour course will cover:

  • Defining properties
  • Property and “Standards and Procedures”
  • Property name rules
  • Automatic Properties
  • Recursively defining properties
  • ….and more!

Places are limited, so register now to avoid disappointment! And don’t forget to Contact Us if you have any comments, questions or suggestions for future webinars!

Subversion Access Control comes to uberSVN

It’s been a great first year for uberSVN, the open ALM platform for Apache Subversion. Not only has this unique, SVN-based product been awarded the Made in Sheffield mark and Business IT Innovation of the Year medal, it’s also received a positive response from the community, and some fantastic reviews by the IT media. However, we’ve also received requests from large development organizations that want to deploy uberSVN enterprise-wide, but need a fully functional security solution first. That’s why we’re excited to announce an update that combines the full authentication, authorization and audit capabilities of our enterprise-class Subversion Access Control product with uberSVN’s social coding capabilities, easy-to-use interface and uberAPPS store.

Here’s a summary of what the uberSVN Access Control uberAPP adds to uberSVN:

  • An easy-to-use, point-and-click interface that enables you to implement and maintain the most complex security policies with minimal effort.
  • Delegated administration features that allow team administrators to configure access control policy for their team’s members.
  • LDAP integration.
  • Audit capabilities that track every user access attempt at a granular level.
  • Support for environments without internet access.

uberSVN Access Control is available through uberAPPS. Simply click on the uberAPPS tab within your installation to request your uberSVN Access Control free trial license and we’ll help you get started.

Not yet using uberSVN? It’s free to download and free to use, simply visit http://www.ubersvn.com/download to get started.

WANdisco Addresses Community’s Source Code Security Concerns

You may have heard that we’ve just announced a substantial update to our Enterprise Subversion Product, Subversion Access Control. Subversion Access Control 4.1 places an emphasis on security by providing full audit, authorization and access control capabilities that go well beyond what Subversion can offer on its own. Subversion Access Control’s underlying architecture protects against the sort of security holes that have resulted in a number of recent high-profile source code thefts from Perforce’s source code management (including the leaking of Norton AntiVirus source code.) With Perforce, the client completely trusts the server, which means the server has complete control over the client user’s account – leaving Perforce users vulnerable to source code thefts.

Understandably, this has left many Perforce customers concerned – and with good reason: in the software industry, source code is the most valuable intellectual property there is. With this current wave of source code management thefts, we think there’s never been a better time to look into source code management solutions that offer built-in security features. Subversion Access Control’s security functionality includes:

  • Support for SSL to securely encrypt all client server communication, ensuring that all data is protected at all levels.
  • A simple graphical interface to manage the three A’s of security (Authentication, Access and Audit!) Users are organized into teams and rules are setup for each team that defines their level of access to one or more repositories or to within a path inside a repository. Administrators can easily setup sophisticated security rules to the system and all user activity is recorded and can be stored in a relational database.

The Complete Solution Stack from WANdisco

Globally distributed teams are at an even greater risk of source code theft. For teams who need that extra security, it is possible to implement Subversion Access Control in combination with our Subversion MultiSite product. This ensures consistent enforcement across all sites by replicating the Subversion Access Control configuration, with centralized management and no performance degradation, by forcing everyone to go through a central server.

Availability

Want to try before you buy? We have a free download of the just-released Subversion Access Control 4.1 and Subversion MultiSite 4.1, ready for evaluation. Just complete the online form, and you’ll be able to trial both of our security products for free. Need more info on how to keep your source code safe from hackers? WANdisco will be hosting a free hour-long ‘Introducing Subversion Access Control 4.1’ webinar on April 12th. Or, if you would like to speak to us directly about your options for source code security, please do not hesitate to contact us.

WANdisco Updates Subversion Access Control

We’re pleased to announce a substantial update to our complete authorization, audit and access control solution for Enterprise Subversion, Subversion Access Control.

Subversion Access Control 4.1 is an innovative security solution for Apache Subversion that provides full audit, authorization and access control capabilities that go well beyond what Subversion offers on its own. Some of the key benefits to employing Access Control include:

  • Delegated administration option that allows the root administrator to create teams and delegate administration authority to team leaders.
  • Automatic synchronization of Subversion Access Control with LDAP user and group configuration. Subversion Access Control automatically picks up LDAP user and group membership changes and assigns new users to the Subversion team that corresponds to their LDAP group.
  • Comprehensive audit capabilities that report every repository access attempt down to the file level, showing user, Subversion command, date and time and whether access was allowed or denied. Security administrators receive immediate alerts for any access violations.
  • Can be implemented standalone or in combination with Subversion MultiSite 4.1 for distributed development teams. With Subversion MultiSite, security policy changes made at one location are immediately replicated to every other to enforce consistency across all sites.

Subversion Access Control 4.1 is a substantial update for the product, not only adding a list of new functionality, but completely overhauling the underlying access model. The access control lists previously required to maintain complex security policies, have been replaced by an all-new, streamlined approach that applies access rules to hierarchical teams. For more information on what’s new and noteworthy in this update, see the Release Notes.

WANdisco will be hosting a free hour-long ‘Introducing Subversion Access Control 4.1’ webinar on April 12th. Early registration is recommended, as space is limited.