Disaster Relief by the PoundCS5260 Semester ProjectUniversity of Colorado at Colorado Springs
By Robin Kimzey and Cliff McCullough02 May 2011
Disaster Relief Information Collection and Distribution Research Group
DRINCDR Main Page. February 15, 2011. http://gandalf.uccs.edu/drincdr/index.php/Main_Page (accessed April 23, 2011).
02 May 2011 2Robin Kimzey and Cliff McCullough
MashupCombines data and functionality
from more than one sourceLayered content
◦ Each layer of content comes from different servers in the cloud
◦ Some layers are classified, others are not
Pound acts as a functional smoke screen providing one point of contact for users
02 May 2011 3Robin Kimzey and Cliff McCullough
Implementation
02 May 2011 4Robin Kimzey and Cliff McCullough
Easy MaintenanceNo hardware purchasesNo HVACNo rack space
02 May 2011 5Robin Kimzey and Cliff McCullough
Remain DormantAmazon EC2: Turn on instances
once a month for updates and patches
When a disaster occurs, turn on more backend servers as demand increases
02 May 2011 6Robin Kimzey and Cliff McCullough
DisadvantagesComputing services must be
geographically dispersedMust trust the security of the
commercial provider
02 May 2011 7Robin Kimzey and Cliff McCullough
Pound Reverse Proxy
02 May 2011 8Robin Kimzey and Cliff McCullough
Pound: FeaturesNot a serverSeparate layers of service
◦allows for isolated secure and un-secure backend servers
Backend server of any typeVirtual Host ServiceTracks backend servers that are
downFiltering
02 May 2011 9Robin Kimzey and Cliff McCullough
SecurityPound requires minimal, initial
access with the hard-disk◦reads the configuration file◦reads the certificate◦reads error messages◦writes log entries
Normal operating activities are all in memory
02 May 2011 10Robin Kimzey and Cliff McCullough
Pound ConfigurationListenHTTP
Address128.198.0.1Port 80Service
BackendAddress172.20.80.81Port 80
EndBackend
Address172.20.80.82Port 80
EndEnd
End02 May 2011 11Robin Kimzey and Cliff McCullough
Configure SSLListenHTTPS
Address128.198.0.1Port 443Cert "/etc/pound/pound.pem"Service
BackendAddress172.20.43.81Port 443
EndEnd
End
02 May 2011 12Robin Kimzey and Cliff McCullough
FilteringCheckURL "(^\/|\.html|\.jpg|\.png)$"Service
BackendAddress 172.20.80.81Port 80URL "(^\/|\.html|\.png)$"
EndBackend
Address 172.20.80.82Port 80URL "(^\/|\.html|\.jpg)$"
EndEnd
02 May 2011 13Robin Kimzey and Cliff McCullough
Virtual HostService
HeadRequire "Host: .*www.drincdr.org.*"Backend
Address 172.20.72.72Port 80
EndEnd
02 May 2011 14Robin Kimzey and Cliff McCullough
Session AwareService
. . .Session
Type IPTTL 300
EndBackend
. . .End
End
02 May 2011 15Robin Kimzey and Cliff McCullough
Demonstration
02 May 2011 16Robin Kimzey and Cliff McCullough
Future WorkProperly evaluate customer
requirementsCompare Reverse Proxy Servers
◦Pound◦Apache◦Nginx
Backend network is plain textSingle point of failure
02 May 2011 17Robin Kimzey and Cliff McCullough
Questions
02 May 2011 18Robin Kimzey and Cliff McCullough
