Home | Q&A | Learning Center | Documentation | Members | Download | Related Products | Site Map | Search | Contact Us

WebKeystone Answers

How easy is WebKeystone to administer?

  • WebKeystone is provided with a web-based maintenance package that includes the ability to set up and remove users. Administrative functions are performed over the web using this application through a secure login system. It supports the ability to add fine-grained access privileges to individual users for both built-in and added modules.

  • All maintenance of users and user privileges can be made over the web using standard browsers, keeping the maintenance of WebKeystone simple and browser neutral.

  • WebKeystone has a built-in accounting system which allows for control, tracking, and billing of resource usage

  • WebKeystone modules, or packages, are maintained with dependency information, so that when a major package (such as the shopping cart) is added to a user's account, all the sub-packages needed to make to make the major package work are also added. When a major package is deleted, sub-packages needed by other applications are retained. Package dependencies and user privileges are maintained in XML so that they can be changed and viewed with standard XML products as well as with WebKeystone.

How secure is WebKeystone?

  • WebKeystone's program and data spaces are insulated from the web server's program and data spaces.

  • WebKeystone restricts access to safe system resources.

  • With Webkeystone, each user is granted permissions rather than storing the permissions with each piece of code or object. Thus a user cannot accidentally set the permissions on a file or piece of code so that it can be executed or retrieved by anyone.

  • WebKeystone supports long password protected accounts and highly granular privileges.

  • WebKeystone forms may be registered to prevent hostile applications from copying the site and adding or removing fields to probe the site for weaknesses.

  • WebKeystone has a method for verifying the identity of a user without using cookies. The validation is typically used by drop-in modules or any other applications that require additional security. (Note that WebKeystone also allows the use of cookies.)

  • Developers and administrators access WebKeystone from private, clickable web forms on their desktop computers. Passwords are contained in those forms and therefore, do not have to be memorized and may be non-mnemonic and long. As with all computer systems, the security of the system depends upon the security of the file on the user's desktop machine. Typed in passwords may also be used.

  • Web pages may be stored on machines that reside behind a firewall, and access to these files by a site owner from the web is easy and secure.

How does WebKeystone scale with load?

The architecture of WebKeystone is designed to scale with load. The front end can direct WebKeystone requests to the local host or to other hosts on the network. Load balancing is not included in the beta version. In addition, databases, logging, and accounting may be run on different hosts on the network.

Load balancing may also be accomplished in hardware using persistent or 'sticky' connections.

A related topic is failover or the passing of live traffic from a failed WebKeystone server to a functioning server. WebKeystone's initial failover solution will make use of iSCSI when that IEEE standard is formalized.

How does WebKeystone handle complex applications?

WebKeystone is designed to manage simple through complex applications.

  • WebKeystone scripts may be used to increase functionality. The scripting language is a complete procedural universal scripting language with many object oriented and functional features. The language is designed to serve web pages and is based upon the Python programming language.

  • The addition of shared applications also increases functionality. Other shared applications are anticipated in the future.

  • The addition of loadable Python modules also increases functionality. These packages may be written by trusted programmers and can be used to link to other external languages and devices and provide extended capabilities.

How fast is WebKeystone?

Although WebKeystone's design allows load balancing, we have not yet run it in that configuration. The statistics below are based on running WebKeystone on a Linux Red Hat system running on a 700 Mhz Pentium III with 10,000 RPM fast, wide, SCSI disks with 100 Mb bus. Logging and accounting data are stored on a separate server.

What is WebKeystone's foundation?

There are several key technologies used in WebKeystone. WebKeystone is written in Python, the highly productive scripting language. A second technology is XML which is used to maintain documents. Internal to WebKeystone, all error codes, user privileges, and package dependencies. Site-owners and programmers can access XML functionality through imported components.

WebKeystone uses a client-server technology to achieve its highly distributable architecture. To communicate with other systems, WebKeystone supports SOAP as well as its own Object Publisher protocol. The Object Publisher technology is made available to purchasers of WebKeystone for use in custom modules and likely will be put into the Open Source domain.

How thoroughly is WebKeystone tested?

WebKeystone has been running in production mode servers for nearly three years. The current known bugs are Because WebKeystone uses the Python open source language for its core, it takes advantage of the exhaustive testing provided by the Python community. A regression test framework is in place and awaits the submission of modules.

How portable is WebKeystone?

  • WebKeystone will be installed on Linux, Unix, Windows platforms. It currently runs on Red Hat Linux. The program is designed to be web server neutral. To date, it has been tested only on Linux running under the Apache web server.

    • The only web server currently directly supported is Apache. WebKeystone can be easily modified by a skilled programmer to run under other web server systems.

  • Once installed, WebKeystone may moved on the host machine as system administration needs change.

How does WebKeystone communicate with other servers?

  • WebKeystone communicates with other parts of itself over Unix or TCP/IP sockets. TCP/IP is used between machines and Unix sockets are used on a single machine. These sockets use the Object Publisher that has the following features:
    1. Security layer is easy to separate so that different security schemes can be used.
    2. Publishes objects without extensive specification by user.

  • WebKeystone can communicate with other systems through the use of imported components and drop-in-modules. In the Shopping Cart drop-in-module, the credit card verification system CVS, is contacted through such a module. Modules have the advantage not only that they can access the outside world, but also that they can be allowed for only particular users so that non-authorized users on the same system as the Shopping Cart can not access the CVS system. On the other hand, imported components must be written by trusted programmers.

What are the interfaces to WebKeystone?

What databases does WebKeystone support?

WebKeystone is designed to support relational databases that have a Python interface. The database connects to WebKeystone with a wrapper that passes data and monitors usage. Traffic to the database is accounted for by the SQL commands and traffic from the database is accounted for because it is returned in uniform rows and columns. The database's personality is reflected in its SQL commands, which are passed through the wrapper.

WebKeystone can support multiple databases on one or more hosts.

What debugging tools are available?

What is WebKeystone's history?

During the spring of 1997, it became apparent that existing web tools were lacking in security and scaled poorly for development of large sites. WebKeystone was built to address those deficiencies. First used in production in the fall of 1997, WebKeystone has been under development since then. The WebKeystone trademark was issued in the summer of 2000.

What's next for WebKeystone?

  • Universal file server to allow the emulation of file systems on databases or across the network.
  • Test multiple front ends for load balancing and fine tuned performance.
  • Failover using iSCSI disk storage
  • Speed enhancements including precompiled applications. A fast server that may be distributed with product.
  • A new, currently experimental persistency model that allows for a more natural programming paradigm.
  • An array of drop-in application modules that handle particular tasks. Some of these (calendars, employee tracking system, mailing lists, and an improved shopping cart) are being created by customers now with custom code but will be available to everyone when completed.
  • Command-line administration of WebKeystone, which is made possible by its underlying XML structures.
  • Future plans to enhance scaleability with load call for:
    1. A separable/configurable file system and file system drivers, so that all pages can be served directly from databases and avoid all local file systems, if desired.
    2. Multiple front ends to provide more load balancing options. Since the WebKeystone server(s) are separate from the web server this is easily achievable. WebKeystone is built in a distributed manner with multiple servers and clients.
    3. An optional native web server.
  • Python wrappers for Oracle and DB2.
  • Enumerate speed optimizations.

Home | Q&A | Learning Center | Documentation | Members | Download | Related Products | Site Map | Search | Contact Us

WebKeystone is a product of Townsend Software, Inc. ©1998 - 2006 Townsend Software, Inc. All rights reserved.