I want to implement in my project the Intel SGX remote attestation mecanisme.
this mecanisme requires the Service Provider and a IAS server.
My problem is: what is exactly a Service Provider, is it an ordinary server in which we install an API or something else.
How to configure this SP in order to implement remote attestation mecanisme.
Thank you.
You probably have in mind Intel's RA example:
(source: intel.com)
There are three different actors involved:
Client Application, who is a host to the enclave
Service Provider, who performs remote attestation on Client's behalf
Attestation Service (IAS, Intel Attestation Service), who is a trusted third party tasked with verifying the enclave
This example implements remote attestation in a client-server architecture where the Client Application acts as a client and the Service Provider acts as a server. So yes, the Service Provider could be an ordinary server that provides Client Application with some API.
This is a useful pattern if you intend to perform RA across many applications - but it's not required. You can implement RA algorithm in Client Application instead and talk to the Attestation Service directly.
Related
There is a server application (ASP.NET Core (gRPC service)) and a client application running on another PC (WPF).
One of the functions of the gRPC service is to send screenshots to the client application, but it has to be run as a Windows service, so I can't get screenshots directly from the service to the client application.
Question: how to implement an "agent" application running on a remote computer where the service is, but in a user session to get screenshots through it and then pass them to the client?
As I understand it is possible to do it with the help of IPC, but I can't understand the details of implementation, how can I call from gRPC service to the agent to make a screenshot, return the result (as an array of bytes) to the service and it sends it to the client...
I am creating a web app. I want to create a listening service (TCP) that listens continuously and updates web page according to that.
A Windows service or a WCF service?
At the end I just want a background service that listens on a socket continuously and update data in database. and when database is updated I will use signal r to show that in my page.
Right now I am trying with WCF but I am wondering if it can be done with Windows service also. And right now this application will work on LAN. But in the future, it can also be in the cloud.
First of all, it is important to understand that a Windows service and a WCF service are not the same.
A Windows service is a specialized executable that runs in the background on Windows.
A WCF service is a specialized piece of code that exposes some functionality through a well-defined endpoint. It does not run on its own, but instead must be hosted by some parent process, like IIS, a desktop application, or even a Windows service.
In thinking about the problem you've described, I suppose the most fundamental question to ask is whether or not you have control over the data that will be received via the TCP connection. WCF is built on the notion of the ABCs (Address, Binding, and Contract), all of which have to match in order to facilitate data exchange between WCF endpoints. For example, if you wish to expose a WCF endpoint via IIS that accepts TCP connections from some remote WCF endpoint, the remote WCF endpoint needs to send data to your IIS-hosted WCF endpoint using the agreed-upon data contract. Absent that, WCF will not work. So, if you cannot define the data contract to be used between WCF endpoints, then you'll need to find another option. An option that will work is to open a TCP listener within a Windows service, process the data as it is received, update your database, and listen for more data.
================================================
By way of example, I work on a project that has a front-end desktop application that communicates with a back-end Windows service. We build both the application and the Windows service, so we have full control over the data exchange between the two processes. At one point in time, we used WCF as the mechanism for data exchange. The Windows service would host a WCF service that exposed a NetNamedPipeBinding, which we later on changed to NetTcpBinding to get around some system administration issues. The application would then create its own endpoint to communicate with the WCF service being hosted within the Windows service.
This worked fine.
As our system got more mature, we needed to start sending more and more information from the Windows service to the application. If I recall correctly, I believe we experimented with streaming within WCF and concluded that the overhead was not something we could tolerate. So, we used WCF to exchange commands and status information between the application and the Windows service, but we simultaneously used a TCP socket connection to stream the data from the Windows service to the application.
This worked fine.
When we got a chance to update the Windows service software, we decided that it would be better to have a single communication mechanism between the Windows service and the application. So, we replaced WCF altogether with a TCP socket connection that uses a homegrown messaging protocol to exchange information in both directions - application to Windows service and Windows service to application.
This works fine and is the approach we've used for a couple of years now.
HTH
I have the Service consumer and services provider on the same machine. The service consumer sends a large chunk of data to the service provider.
Can the web service provider be configured to accept this large payload through a 'local' interface, instead of relaying on the underlying network to carry the packets? I'm looking for the most efficient way to transfer this large data set from the producer to the consumer on the same host.
If it's traditional WebSphere, not Liberty, check out in-process connections, https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/rrun_inbound.html . That's for same process, not just same machine.
Every major service in OpenStack has an API service as endpoint for clients to access, eg. openstack-nova-api, openstack-glance-api etc. But for every major service, there are other minor services like openstack-nova-scheduler, openstack-nova-conductor etc. these services are suggested to be deployed on other nodes rather the node where API service is running to get some kind of isolation.
My question is how openstack-nova-api knows where the real services(openstack-nova-scheduler/openstack-nova-conductor) are running, how they communicate with other? When openstack-nova-api got a new request, how does it distribute it to the real services which can process and send back the results?
Internal communication between OpenStack modules is done through the AMQP message queue, typically managed by RabbitMQ.
Can we just use remote connections when we need to connect to remote database on remote server?
or we should use web services and what is the web service Architecture? is it differs when we use Lan or internet?
To put it simple: web service are based on remote connections (TCP-connections) between server and client. However web services use standard formats to code and transport requests and answers. There are standard libraries for every platform, taking care of the communications.
The benefit of using web service over remote connections is that you do not have to bother with sockets, coding messages into streams and all the puzzle things. Instead you concentrate on your business logic.
In case of internet, you will need to access a proxy server to access internet. Almost every organisation has proxy server for HTTP and HTTPS, they can be used for web services directly. If you use your own remote connections, you may not able to configure the proxy server to let them through.