After spending some time on Nuxeo Desktop Synchronization (Drive) and before switching to the Cloud project, I had the opportunity to work on a project which ties in these two projects: Nuxeo Edge Cache. Let’s discuss it in detail in this blog.
While Drive allows you to synchronize the documents from a Nuxeo server to your computer, Nuxeo Cloud, our Cloud Content Management system allows you to store your documents in the cloud without having to worry about how to operate or scale the solution.
Imagine a situation where you are using both these solutions and hundreds of your users download the lastest perfect commercial released by your Marketing team. Your internet connection will become slow for sometime and we don’t want that to happen! This is where Nuxeo Edge Cache comes into picture. It removes the need to download the same file again and again when several users want to access it.
While your main Nuxeo server is in the cloud, you install a local server to cache the binaries. You can think of it as an AWS CloudFront, but running directly in your local network so that no more bandwidth is used.
When you link an Edge Cache you also define a TTL. So if Edge Cache is not sending any sign of life to the Nuxeo server within this interval then Edge Cache will be considered offline.
Of course, we don’t want your Nuxeo Edge Cache administrator to be able to access all the documents, so Edge Cache downloads and stores the files after encryption from the server. It will only decrypt them through a token passed by the user when accessing Edge Cache. This token is generated by the Nuxeo server and contains the secret to decrypt the file.
We use AES-256 to encrypt the data with a generated salted key for each binary on the Nuxeo Server, which is not known from the Edge Cache server. The token sent to the Edge Cache through an HTTP redirect is generated by the Nuxeo server and contains the target binary encryption key. The token itself is encrypted with a common salted secret shared between the Nuxeo server and the Edge Cache server.
1. User requests a binary from the Nuxeo server
2. The Nuxeo server verifies if an Edge Cache is registered on this IP
3. The Nuxeo server redirects to the Edge Cache registered with this IP
4. Edge Cache receives the redirect request with the token
5. Edge Cache extracts the encryption key from the token
6. If Edge Cache has the binary stored and decrypted with the key, it is sent to the user else Edge Cache downloads the encrypted binary from the Nuxeo server and stores it while decrypting and sending it to the user
What it Looks Like
Based on the work we have done on Nuxeo Drive, Edge Cache shares most of its architecture and you will easily recognize the HTML5/Webkit screens. Like Nuxeo Drive, Nuxeo Edge Cache can cache several Nuxeo servers.
What Can be Configured
Public IPs or a range of IPs: You can set up a range of IPs or a list of IPs that the Edge Cache is serving. The Nuxeo server will use the list of range or address to redirect to the required Edge Cache.
Edge Cache DNS or IP: You can configure the redirect URL so either an IP or the internal DNS of your Edge Cache Server.
Maximum size of cache: You can limit the size of cache that an Edge Cache can store.
Edge Cache TTL: You can define after how many seconds the Edge Cache server will be considered offline if it hasn’t contacted the Nuxeo server
The Nuxeo Edge Cache will be released later this year. It will be installable on Mac, Windows, Linux. A Docker version will also be released so you can deploy easily on differents types of hardware.