Killer Enterprise features

Home Forums Troubleshooting Feature Requests Killer Enterprise features

This topic contains 8 replies, has 5 voices, and was last updated by Avatar of charles charles 2 months, 3 weeks ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #76360
    Avatar of alozzy
    alozzy
    Participant

    These are features that would add tremendous value to Pydio for Enterprises, IMHO:

    • 2 factor auth (Duo Security or Google Authenticator would be perfect)
    • Wizards for configuring complex plugins
    • More auditing, logging, and reporting features
    • A more robust desktop sync client for Windows and OSX
    • Better AD groups functionality
    • Built-in backup tools for backing up Pydio configuration and metadata
    • Built-in checksum calculation when uploads complete (store checksum as metadata), so uploaded files can be quickly verified at any time
    • Ability to centrally prevent mobile users from saving password, so that users must provide credentials at the beginning of each mobile session
    • Better documentation, an end user guide, more video tutorials

    For checksum, it looks like PHP has a function for both MD5 and SHA1 to calculate file checksums:

    http://ca3.php.net/manual/en/function.sha1-file.php

    http://www.php.net/manual/en/function.md5-file.php


    #76363
    Avatar of BossRoss
    BossRoss
    Participant

    Additional items of interest:
    - (FS)Previous versions support for snapshot capable file systems. ZFS and VSS come to mind.
    - (SQL)Removal of all serialized and BLOB data types in SQL.
    - (SQL)Populate owner and groupPath in child repos; do not rely on ParentUUID.
    - (NOTIFY) Configurable recipient scope options (admin|group|individuals|etc).


    #76391
    Avatar of charles
    charles
    Keymaster

    Hi guys
    globally totally agree with that, you’re writing the actual roadmap here.
    Some remarks
    . Snapshots: I have someone willing to work with LVM-based snapshots to build some kind of Time-machine interface. would it be compatible with zfs or vss ?

    . Backup tools for config and metadata, I would add data as well no?

    . Rob, can you be more specific on those ones :
    (NOTIFY) Configurable recipient scope options (admin|group|individuals|etc)
    (SQL)Populate owner and groupPath in child repos; do not rely on ParentUUID.

    . Auditing & monitoring :
    We have produced some complex SQL queries to extract some key data from a pydio db, do you want me to publish them?

    Cheers
    -c


    Charles, Pydio author - doing my best to help !
    If you like the software or want to say thanks, pay by a tweet, mention #pydio or follow us

    #76417
    Avatar of tozzi
    tozzi
    Participant

    Sorry Charles,
    which is the current situation (and roadmap) about 2 factor auth? Is the auth.serial_otp plugin working with the current (5.2.3) release with google authenticator and YubiKeY features?

    Thanks in advance
    Tozzi


    #76418
    Avatar of alozzy
    alozzy
    Participant

    For my purposes, data backup isn’t important because all of the workspaces are SAMBA based anyways. For auditing and monitoring, it would be perfect if that was integrated into the web GUI.


    #76431
    Avatar of BossRoss
    BossRoss
    Participant

    1. Snapshots – I do not know how to detect FS type in PHP, but maybe it’s doable with repo configuration options. VSS requires access to ‘vssadmin’ to iterate through versions. I think LVM snapshots would need to be mounted to access the contents. Someone else would have to chime in on this. I do believe ZFS would be the low hanging fruit here. As the snapshots are easily exposed in the underlying ZFS volume on which the repos may be defined. If the repo is defined on the root of a ZFS volume, a shell script could do it with ‘find {FIND_OPTIONS} $FS/.zfs/$FILENAME’ which should return each instance of $FILENAME with relative PATH. If it’s not the root of the volume, you would have to traverse the hierarchy looking for “.zfs”, and then execute. PS – I can provide dev images of SmartOS and Solaris if needed.

    2. Backups – I agree with @alozzy data is not required. However, a backup of critical config objects might be nice. Serial or SQL-dumped configs zipped up and stored somewhere the admin could download maybe. If data is a requirement for someone, maybe a SYNC option on the repo definition could leverage the OS using rsync or robocopy to make copies. Up to the admin to make sure the “SYNC to…” destination is truly a viable recovery target.

    3. Notify – I haven’t worked with this much lately, but I believe e-mail notifications go to admins only, and notifying all participants of a share’s activity is not possible. If this is still true, then a matrix of “who” and “when” would be nice. As in, all participants on uploads, or admins on review, or let individual participants select what actions merit notifications, etc.

    4. Repos – If I define a share in an existing repo (ver. 5.2.2), the SQL data for the new “repo” in ajxp_repo includes the ParentUUID, but not the groupPath. Likewise, the parent does not include the owner_user_id. I think this diminishes the efficacy of indices, and will probably complicate any future attempts at SQL normalization (see serialized and BLOB data, too). I think it also puts an unnecessary reliance on referential integrity. ParentUUID makes sense for bulk operations. I see a lot of opportunity in the SQL config wherein normalization would truly benefit the development or refinement of features (like notifications). This may not matter to anyone else. We’re keen on SQL around here, and schema/normalization choices can be like picking ice cream flavors. They’re usually all good. ;-)

    5. Reporting/Auditing – Generally more intel is a good thing. Borrowing from Joomla/WP, and providing “most active user”, “most popular repo or file”, etc. would be great. I would like to see an expire option for the Logging plug-in. Then maybe the scheduler could pick it up.


    #76433
    Avatar of alozzy
    alozzy
    Participant

    To add to the conversation, auditing/reporting functionality that allowed the admin (or super user for a group) to audit when files were uploaded/downloaded and by whom, when files/folders were shared and by whom, whether shares were public, whether password protection was enabled, whether a share was time limited or limited to x number of downloads, a report providing a summary of workspaces ACLs on a per user basis, etc…


    #76436
    Avatar of Vincent_de_Belgique
    Vincent_de_Belgique
    Participant

    @charles : yes please publish your sql queries, it will surely help or inspire us to make some auditings.
    Thanks in advance :-)


    #76588
    Avatar of charles
    charles
    Keymaster

    @Vincent_de_Belgique here you are :-) http://pyd.io/basic-analytics-using-sql-queries/


    Charles, Pydio author - doing my best to help !
    If you like the software or want to say thanks, pay by a tweet, mention #pydio or follow us

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.